convert remaining creole to markdown

7f3fef0d · anarcat · 9efb6165 · 7f3fef0d · 7f3fef0d
Unverified Commit 7f3fef0d authored 4 years ago by anarcat
--- a/tsa.md
+++ b/tsa.md
@@ -15,7 +15,7 @@ For a list of services and which servers they run on check

 ## source repositories

-* Look at [gitweb](https://gitweb.torproject.org/) for things under {{{admin/}}}.
+* Look at [gitweb](https://gitweb.torproject.org/) for things under `admin/`.
 * This wiki's content is in the [/project/help/wiki repository](https://gitweb.torproject.org/project/help/wiki.git).
  Feel free to send us patches to improve this resource.


--- a/tsa/doc/accounts.creole
+++ b/tsa/doc/accounts.creole
@@ -2,28 +2,28 @@

 [[!toc levels=4]]

-= torproject.org Accounts =
+# torproject.org Accounts #

 The Tor project keeps all user information in a central LDAP database which
 governs access to shell accounts, git (write) access and lets users configure
 their email forwards.

 It also stores group memberships which in turn affects which users can log into
-which [[hosts|https://db.torproject.org/machines.cgi]].
+which [hosts](https://db.torproject.org/machines.cgi).

-This document should be consistent with the [[Tor membership
-policy|https://gitweb.torproject.org/community/policies.git/plain/membership.txt]],
+This document should be consistent with the [Tor membership
+policy](https://gitweb.torproject.org/community/policies.git/plain/membership.txt),
 in case of discrepancy between the two documents, the membership
 policy overrules this document.

-== <a id="ldap-or-alias">Decision tree: LDAP account or email alias?</a> ==
+## <a id="ldap-or-alias">Decision tree: LDAP account or email alias?</a> ##

 Here is a simple decision tree to help you decide if a new contributor
 needs an LDAP account, or if an email alias will do. (All things being
 equal, it's better to set people up with only an email alias if that's all
 they need, since it reduces surface area which is better for security.)

-=== LDAP account reasons ===
+### LDAP account reasons ###

 Regardless of whether they are a Core Contributor:
 * Are they a maintainer for one of our official software projects, meaning
@@ -52,7 +52,7 @@ Are they a Core Contributor?

 See <a href="../../howto/create-a-new-user">New LDAP accounts</a> for details.

-=== Email alias reasons ===
+### Email alias reasons ###

 If none of the above cases apply:
 * Are they a Core Contributor?
@@ -62,13 +62,13 @@ If none of the above cases apply:

 See <a href="aliases">Changing email aliases</a> for details.

-== <a id="new-account">New LDAP accounts</a> ==
+## <a id="new-account">New LDAP accounts</a> ##

 New accounts have to be sponsored by somebody who already has a torproject.org
 account.  If you need an account created, please find somebody in the project
 who you are working with and ask them to request an account for you.

-=== Step 1 ===
+### Step 1 ###

 The sponsor will collect all required information:
 * name,
@@ -82,16 +82,16 @@ actually belongs to the person that they want to have access.

 The user's OpenPGP key should be available from the public keyserver network.

-The sponsor will create a ticket in [[trac|https://trac.torproject.org/projects/tor/newticket]]
-in the {{{Tor Sysadmin Team}}} component:
+The sponsor will create a ticket in [trac](https://trac.torproject.org/projects/tor/newticket)
+in the `Tor Sysadmin Team` component:
 * The ticket should include a short rationale as to why the account is
  required,
 * contain all the pieces of information listed above, and
 * should be OpenPGP signed by the sponsor using the OpenPGP key we have on
  file for them.  Please enclose the OpenPGP clearsigned blob using
-  {{{{{{}}} and {{{}}}}}}.
+  `{{{` and `}}}`.

-==== username policy ====
+#### username policy ####

 Usernames are allocated on a first-come, first-served basis. Usernames
 should be checked for conflict with commonly used adminstrative
@@ -110,16 +110,16 @@ and should be avoided:
    security
    webmaster

-That list, [[taken from the leap
-project|https://leap.se/git/leap_platform.git/blob/HEAD:/puppet/modules/site_postfix/manifests/mx/static_aliases.pp]]
+That list, [taken from the leap
+project](https://leap.se/git/leap_platform.git/blob/HEAD:/puppet/modules/site_postfix/manifests/mx/static_aliases.pp)
 is not exhaustive and your own judgement should be used to spot
 possibly problematic aliases. See also those other possible lists:

- * [[systemli|https://github.com/systemli/userli/blob/master/config/reserved_names.txt]]
- * [[LEAP|https://leap.se/git/leap_platform.git/blob/HEAD:/puppet/modules/site_postfix/manifests/mx/static_aliases.pp]]
- * [[immerda|https://git.immerda.ch/iapi/tree/lib/iapi/helpers/forbidden_aliases.rb]]
+ * [systemli](https://github.com/systemli/userli/blob/master/config/reserved_names.txt)
+ * [LEAP](https://leap.se/git/leap_platform.git/blob/HEAD:/puppet/modules/site_postfix/manifests/mx/static_aliases.pp)
+ * [immerda](https://git.immerda.ch/iapi/tree/lib/iapi/helpers/forbidden_aliases.rb)

-=== Step n+1 ===
+### Step n+1 ###

 Once the request has been filed it will be reviewed by Roger or Nick
 and either approved or rejected.
@@ -127,7 +127,7 @@ and either approved or rejected.
 If the board indicates their assent, the sysadmin team will then create the
 account as requested.

-== <a id="retiring-account">Retiring accounts</a> ==
+## <a id="retiring-account">Retiring accounts</a> ##

 If you won't be using your LDAP account for a while, it's good security
 hygiene to have it disabled. Disabling an LDAP account is a simple
@@ -143,7 +143,7 @@ are sufficient to confirm a disable request."
 and accept that email forwarding for the person will stop working too,
 or add a new line in the email alias so email keeps working.)

-== <a id="get-access">Getting added to an existing group/Getting access to a specific host</a> ==
+## <a id="get-access">Getting added to an existing group/Getting access to a specific host</a> ##

 Almost all privileges in our infrastructure, such as account on a particular
 host, sudo access to a role account, or write permissions to a specific
@@ -173,38 +173,38 @@ Then you can run:

 $ getent group

-See also: the {{{"Host specific passwords"}}} section below
+See also: the `"Host specific passwords"` section below

-== <a id="aliases">Changing email aliases</a> ==
+## <a id="aliases">Changing email aliases</a> ##

 Create a ticket specifying the alias, the new address to add, and a
 brief motivation for the change.

 For specifics, see the "The sponsor will create a ticket" section above.

-=== <a id="new-aliases">Adding a new email alias</a> ===
+### <a id="new-aliases">Adding a new email alias</a> ###

-==== Personal Email Aliases ====
+#### Personal Email Aliases ####

 Tor Project Inc can request new email aliases for staff.

 An existing Core Contributor can request new email aliases for new Core
 Contributors.

-==== Group Email Aliases ====
+#### Group Email Aliases ####

 Tor Project Inc and Core Contributors can request group email aliases for new
 functions or projects.

-=== <a id="existing-aliases">Getting added to an existing email alias</a> ===
+### <a id="existing-aliases">Getting added to an existing email alias</a> ###

 Similar to being added to an LDAP group, the right way to get added
 to an existing email alias is by getting somebody who is already on
 that alias to file a ticket asking for you to be added.

-== <a id="password-reset">Changing/Resetting your passwords</a> ==
+## <a id="password-reset">Changing/Resetting your passwords</a> ##

-=== LDAP ===
+### LDAP ###

 If you've lost your LDAP password, you can request that a new one be
 generated. This is done by sending the phrase "Please change my Debian
@@ -212,13 +212,13 @@ password" to chpasswd@db.torproject.org. The phrase is required to prevent the
 daemon from triggering on arbitrary signed email. The best way to invoke this
 feature is with

-{{{echo "Please change my Debian password" | gpg --armor --sign | mail chpasswd@db.torproject.org}}}
+    echo "Please change my Debian password" | gpg --armor --sign | mail chpasswd@db.torproject.org

 After validating the request the daemon will generate a new random password,
 set it in the directory and respond with an encrypted message containing the
 new password. This new password can then be used to
-[[login|https://db.torproject.org/login.html]] (click the {{{"Update my info"}}}
-button), and use the {{{"Change password"}}} fields to create a new LDAP
+[login](https://db.torproject.org/login.html) (click the `"Update my info"`
+button), and use the `"Change password"` fields to create a new LDAP
 password.

 Note that LDAP (and sudo passwords, below) changes are not
@@ -236,7 +236,7 @@ schedule to all hosts.

 There are also delays involved in the mail loop, of course.

-=== Host specific passwords / sudo passwords ===
+### Host specific passwords / sudo passwords ###

 Your LDAP password can *not* be used to authenticate to `sudo` on
 servers. It can only allow to log you in through SSH, but you need a
@@ -245,7 +245,7 @@ password".

 To set the sudo password:

- 1. go to the [[user management website|https://db.torproject.org/login.html]]
+ 1. go to the [user management website](https://db.torproject.org/login.html)
 2. pick "Update my info"
 3. set a new (strong) sudo password

@@ -266,25 +266,25 @@ you don't need to nor can use sudo.)
 Do mind the delays in LDAP and sudo passwords change, mentioned in the
 previous section.

-== <a id="key-rollover">Changing/Updating your OpenPGP key</a> ==
+## <a id="key-rollover">Changing/Updating your OpenPGP key</a> ##

 If you are planning on migrating to a new OpenPGP key and you also want to
 change your key in LDAP, or if you just want to update the copy of your key
 we have on file, you need to create a ticket in
-[[trac|https://trac.torproject.org/projects/tor/newticket]] in the
-{{{Tor Sysadmin Team}}} component:
+[trac](https://trac.torproject.org/projects/tor/newticket) in the
+`Tor Sysadmin Team` component:
 * The ticket should include your username, your old OpenPGP fingerprint
  and your new OpenPGP fingerprint (if you're changing keys).
 * The ticket should be OpenPGP signed with your OpenPGP key that is currently
  stored in LDAP.

-=== Revoked or lost old key ===
+### Revoked or lost old key ###

 If you already revoked or lost your old OpenPGP key and you migrated to a
 new one before updating LDAP, you need to find a sponsor to create a
 ticket for you. The sponsor should create a ticket in
-[[trac|https://trac.torproject.org/projects/tor/newticket]] in the
-{{{Tor Sysadmin Team}}} component:
+[trac](https://trac.torproject.org/projects/tor/newticket) in the
+`Tor Sysadmin Team` component:
 * The ticket should include your username, your old OpenPGP fingerprint
  and your new OpenPGP fingerprint.
 * Your OpenPGP key needs to be on a public keyserver and be signed by at