# What hosts do we have and how important are they?
## Stuff on Yaffle
* Yaffle itself, obviously
Virtual machines inside yaffle:
* inmail
* outmail0
* mail (backend)
* webmail
* ns0
* talker
* util
* services
* platypus
## Stuff in Scaleway
Services:
* DNS for linkdoku.net (easily moved if wanted)
* Linkdoku container function
* Linkdoku container registry
Servers:
* test-db (linkdoku related?)
* mx1-replacement (51.158.169.23) (Not in use)
* ns1 (163.172.160.140) (Actually in use)
## Anything else?
We have some backup space on nalanda.
Total space needed for a direct copy of everything of potential value is less
than half a terabyte. As such we should expect to take a direct rsync of
everything of potential interest directly to spoo
# Plans for shutting stuff down
Scaleway is basically vestigial at this point - if half our nameservers go away
it doesn't matter, however we could wait until we've moved pepperfish.net's
hosting over to infrafish first. At most we ought to retain ns1 on scaleway but
the rest could be purged this weekend early.
On Yaffle, we could stop the talker VM and the webmail VM. Stopping inmail should
not be done until pepperfish.net's MX is moved to infrafish.
The services VM is for the web proxy and database - we cannot kill that until near the end
as lots of things key off the database.
The util VM is munin-master and VPN core, so can go away as soon as scaleway is fully down.
Once DNS and mail is no longer mastered on yaffle, we can stop the inmail
(should leave outmail) and we can tear down listmaster, though we shouldn't stop
the mail host itself until we're ready to accept there'll be no more mail from
platypus. We can tear down the NS hosts as soon as they're no longer officially
needed for pepperfish.net.
The goal is, over the course of the weekend, to collapse pepperfish to purely
the platypus VM with as few cronjobs as possible running on it, and only the
bare minimum in terms of websites so that we don't unceremoniously kill
luausers.
Everyone who was "it's fine to turn us off as and when" is essentially turned
off at that point since we won't move their name service etc.
# Conclave notes
* djm68@fsmail.net
> fsmail.net was fastserve which is now dead?
* peter@thegraig.com
> Possibly expired in September last year - now "held" by discount-domain.com
# Accounts which survive until the last moments
* bmr
* csidwell
# People who have not completed transition
Once everyone below is done, I need to do pepperfish.net and ppfm.net
## In progress, or partially on me
* thowat (bugged, 3rd Jan, email - will check morning of 4th)
* mdrake (bugged, 3rd Jan, IRC - still waiting on gandi dance)
* luausers (poked by email, 25th, John Belmonte is working on it)
* john (My responsibility, just needs john@pepperfish.net forwarding)
* netsurf (Partially my responsibility)
Both of these poked 3rd Jan by email, but whois looking promising
* silverstonesolar (His IT bod Keith will deal in early Jan)
* narbscouts (Keith will deal with this in early Jan, not a blocker)
## Done
* cross-keys (texted, 29th)
* dkscully (just needs final poking I think)
* holly (My responsibility, waiting on 123-reg to change the nameservers)
* bmr (confirmed it can dissipate with the servers)
* rjek (at least he's doing it himself for the most part)
* dpt migrated away
* lime migrated away
* mhy done
* whippy (texted, 29th, not to migrate)
* csidwell (not migrating, leave to last minute)
* sotk
* sottens (waiting for domain xfer, ball's in Gandi's court)
* eddie - DNS transferred, ball's in his court by SMS
* diodesign (He owes me an SSH key to get his files off platypus)
* simtec (ball's in Gillian's court to check stuff, emailed 27th)
* probertson ball in his court (ficlatte.com website needs moving somehow, but it's dynamic)
* yeoldevic
* ptoboley
# System notes and todo items
## Stuff for Daniel to do
* Go through the systems and get them to stateVersion="23.11"
## Unchecked / not done yet for email system
- acl_check_mime
- need Rob to review ppf.cf stuff
- need to double-check that the statistics stuff is working
## Thoughts on other systems
- Check permissions on all secrets (eg. roundcube needs to be owned by nginx?)
- Make a call for where services1 will run and get that set up (probably scaleway?)
## Done recently
* SSL Session cache for nginx
- Need a non-core-vpn in place for people like Vince to use and for my laptop etc.
- Need to make a call on whether I run shell on portfast or hetzner.
- Have all boxes treat the others as substituters? http(s) on the vpn interfaces only?
- Move the bitwarden vault over
- Register nixpkgs into the flake registry, otherwise systems keep downloading it
- dkim support in the database and in core's email config
- SRS support so that forwards do SPF etc. properly.
- Adding redis for inmail to use, on core.
- statistics.per_user should be set to a lua string which returns a function which returns the domain of the rcpt.
- Added ppf.cf ruleset to rspamd, needs cleanups
* rblmon.com
* Upgrade to 23.11
* dkscully photos CGI eg <http://photos.geah.org/cgi-bin/frame.cgi/2003/pride/pridef02.jpg>
# Entries being kept, no questions
- dsilvers
- rjek
- holly
- dkscully
- littletank
- mdrake
- mhy (All he has is a bunch of mail frontending, he maybe needs ynic.york.ac.uk offloading?)
- root (pepperfish.net etc)
- simtec (two domains, with mail fronting, no websites, set at gift so keep gifting?)
- sotk (just mail service, no DNS etc)
- vince (DNS and mail, but needs VPN for mail delivery to jennifer)
- vivek (not sure what he uses us for any more, maybe can drop?)
# Keep but needs some adjustment (eg. mailing lists)
- yeoldevic
# Customers to think over
| Username | Real Name | DNS | Mail | Web | Notes | Decision |
| ---------- | ----------------- | --- | ---- | ------- | -------------------------------------------------------- | -------- |
| awingate | Andrew Wingate | 1 | 1 | static | |
| bmr | Bryn Reeves | 2 | 2 | | |
| cross-keys | Simon Turner | 1 | 1 | | Fuckloads of aliases |
| diodesign | Chris Williams | 3 | 2 | FCGI | Website not updated since 2019 |
| dpt | Dave Thomas | 1 | 1 | static? | Active website |
| eddie | Eddie Edwards | 3 | 1 | | |
| jamesog | James O'Gorman | 0 | 0 | | Shell only? |
| john | John Whitington | 0 | 0 | | Shell account, maybe pepperfish.net email? |
| lime | Tim Green | 2 | 2 | static | website not updated since 2016? |
| lucy | Jessica Smith | 0 | 0 | | Shell only? |
| ninja | Iain Williamson | 0 | 1 | | Just mailboxes? |
| probertson | Paul Robertson | 3 | 3 | FCGI? | Ficlatte |
| ptoboley | Mike Williams | 1 | 1 | static? | Barely updated ever |
| pyramidus | John Taylor | 2 | 2 | static | Web not updated in a decade? |
| sottens | Steven Ottens | 1 | 1 | static | Website just redirects elsewhere anyway |
| thowat | Tony Howat | 1 | 1 | | He uses POP3, he'd need to be prepared to just have IMAP |
# Customers to drop
## Special
- Baserock (maybe not even need to email this one)
- Hacman (ditto)
- netsurf
## Special and done/sent already
- lhf
- luausers
## Generic (Done/Sent already)
- mathias
- narbscouts
- silverstonesolar
- stdevel
- csidwell
- whippy
# Notes from moving digital-scurf.org
1. Migrating DNS needs care over DNSSEC
2. Migrating mailboxes, mbsync is good, but remember ppf will deliver so long as the box is physically on the system
So the mailbox must be renamed on the backend as soon as you're done with it, otherwise delivery will continue.
# Pending users
## Actually finished
* lucy - not moving
## People who should move away and haven't confirmed yet
* Mathias
* Narbeth Scouts
* SilverstoneGE / Glanrhyd farm
* STDevel
* Katy Sidwell
* Chris Whipp
## Have spoken with me in some form and need checking up on
* Pyramidus
* mhy
* John Whitington - all he uses is john@pepperfish.net -> john@coherentgraphics.co.uk
* Paul Robertson
* Tony Howat (Needs me to reach out once ready)
## I am in charge of reaching out to once I'm ready
* dkscully
* lime/spodlife
* rjek
* Michael Drake
* vince
* vivek
## Need poking at some point to remind them to move away
* Sparse.net (xyzzy)
* Bryn
* Simon (Cross-Keys)
* Chris Williams
* Davespace (Spanners)
* ptoboley
* gillian
* sotk
* steven ottens
Sign in with Wallet
Connect another wallet