mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-28 20:51:20 +02:00
f52f1db0a2
Be more explicit about selecting allowed repos because these were missed in previous onboardings.
5.0 KiB
5.0 KiB
/confidential
Onboarding an Arch Linux team member
Details
- Team member username:
- Application:
- Voting result:
- SSH public key:
- Full Name:
- Personal e-mail address:
- PGP key ID used with personal e-mail address:
- Communication e-mail address: [arch, personal]
All roles checklist
The mailing list password can be found in misc/additional-credentials.vault.
- Add new user email as per
docs/email.md
. - Create a new user in archweb. Select the appropriate group membership and allowed repos (if applicable).
- Subscribe communication e-mail address to internal staff mailing list.
- Give the user access to
#archlinux-staff
on Libera Chat. - Give the user a link to our staff services page.
- Replace the Team member username with the @-prefixed username on Gitlab.
- Remove personal information (such as Full Name and Personal e-mail address, as well as the clearsigned representation of this data), remove the description history and make the issue non-confidential.
Packager onboarding checklist
- Create issue in archlinux-keyring (choose "New Packager Key" template).
Main key onboarding checklist
- Add new user email for the
master-key.archlinux.org
subdomain as perdocs/email.md
.
- Create issue in archlinux-keyring (choose "New Main Key" template).
Developer onboarding checklist
- Add entry in
group_vars/all/archusers.yml
. - Add SSH pubkey to
pubkeys/<username>.pub
. - Run
ansible-playbook -t archusers playbooks/*.yml
. - Assign the user to the
Developers
groups on Keycloak. - Assign the user to the
Developers
group on archlinux.org. - Subscribe communication e-mail address to internal arch-dev mailing list.
- Allow sending from communication e-mail address on arch-dev-public (subscribe and/or find address and remove moderation).
TU onboarding checklist
- Add entry in
group_vars/all/archusers.yml
. - Add SSH pubkey to
pubkeys/<username>.pub
. - Run
ansible-playbook -t archusers playbooks/*.yml
. - Assign the user to the
Trusted Users
groups on Keycloak. - Assign the user to the
Trusted Users
group on archlinux.org. - Subscribe communication e-mail address to internal arch-tu mailing list.
- Allow sending from communication e-mail address on arch-dev-public (subscribe and/or find address and remove moderation).
DevOps onboarding checklist
- Add entries in
group_vars/all/root_access.yml
. - Run
ansible-playbook -t root_ssh playbooks/all-hosts-basic.yml
. - Run
ansible-playbook playbooks/hetzner_storagebox.yml playbooks/rsync.net.yml
. - Assign the user to the
DevOps
group on Keycloak. - Subscribe communication e-mail address to internal arch-devops-private mailing list.
- Add pubkey to Hetzner's key management for Dedicated server rescue system.
Wiki Administrator checklist
- Assign the user to the
Wiki Admins
group on Keycloak. - Subscribe communication e-mail address to the arch-wiki-admins mailing list.