Services managed by Tails Sysadmins

:warning: The documentation below is reasonably up-to-date, but the services described in this page have not yet been handled by the Tails/Tor merge process. Their descriptions should be updated as each service is merged, migrated, retired or kept.

[[TOC]]

Below, importance level is evaluated based on:

  • users' needs: e.g. if the APT repository is down, then the Additional Software feature is broken;
  • developers' needs: e.g. if the ISO build fails, then developers cannot work;
  • the release process' needs: we want to be able to do an emergency release at any time when critical security issues are published. Note that in order to release Tails, one needs to first build Tails, so any service that's needed to build Tails is also needed to release Tails.

APT repositories

Custom APT repository

  • purpose: host Tails-specific Debian packages
  • documentation
  • access: anyone can read, Tails core developers can write
  • tools: reprepro
  • configuration:
  • tails::profile::reprepro::custom class
  • signing keys are managed with the tails_secrets_apt Puppet module
  • importance: critical (needed by users, and to build & release Tails)

Time-based snapshots of APT repositories

  • purpose: host full snapshots of the upstream APT repositories we need, which provides the freezable APT repositories feature needed by the Tails development and QA processes
  • documentation
  • access: anyone can read, release managers have write access
  • tools: reprepro
  • configuration:
  • tails::profile::reprepro::snapshots::time_based class
  • signing keys are managed with the tails_secrets_apt Puppet module
  • importance: critical (needed to build Tails)

Tagged snapshots of APT repositories

  • purpose: host partial snapshots of the upstream APT repositories we need, for historical purposes and compliance with some licenses
  • documentation
  • access: anyone can read, release managers can create and publish new snapshots
  • tools: reprepro
  • configuration:
  • tails::profile::reprepro::snapshots::tagged class
  • signing keys are managed with the tails_secrets_apt Puppet module
  • importance: critical (needed by users and to release Tails)

BitTorrent

  • purpose: seed the new ISO image when preparing a release
  • documentation
  • access: anyone can read, Tails core developers can write
  • tools: transmission-daemon
  • configuration: done by hand (#6926)
  • importance: low

DNS

  • purpose: authoritative nameserver for the tails.net and amnesia.boum.org zones
  • documentation
  • access:
  • anyone can query this nameserver
  • members of the mirrors team control some of the content of the dl.amnesia.boum.org sub-zone
  • Tails sysadmins can edit the zones with pdnsutil edit-zone
  • tools: pdns with its MySQL backend
  • configuration:
  • tails::profile::dns::* resources
  • powerdns Puppet module
  • importance: critical (most of our other services are not available if this one is not working)

GitLab

  • purpose:
  • host Tails issues
  • host most Tails Git repositories
  • access: public + some data with more restricted access
  • operations documentation:
  • [[gitlab|tails/services/gitlab]]
  • [[gitlab-runners|tails/services/gitlab-runners]]
  • end-user documentation: GitLab
  • configuration:
  • immerda hosts our GitLab instance using this Puppet code.
  • We don't have shell access.
  • Tails system administrators have administrator credentials inside GitLab.
  • Groups, projects, and access control:
  • importance: critical (needed to release Tails)
  • Tails system administrators administrate this GitLab instance.

Gitolite

  • purpose:
  • host Git repositories used by the puppetmaster and other services
  • host mirrors of various Git repositories needed on lizard, and whose canonical copy lives on GitLab
  • access: Tails core developers only
  • tools: gitolite3
  • configuration: tails::gitolite class
  • importance: high (needed to release Tails)

git-annex

Icinga2

  • purpose: Monitor Tails online services and systems.
  • access: only Tails core developers can read-only the Icingaweb2 interface, sysadmins are RW and receive notifications by email.
  • tools: Icinga2, icingaweb2
  • configuration: not documented
  • documentation: currently none
  • importance: critical (needed to ensure that other, critical services are working)

Jenkins

  • purpose: continuous integration, e.g. build Tails ISO images from source and run test suites
  • access: only Tails core developers can see the Jenkins web interface (#6270); anyone can download the built products
  • tools: Jenkins, jenkins-job-builder
  • design and implementation documentation:
  • [[jenkins|tails/services/jenkins]]
  • [[automated-builds-in-jenkins|tails/services/jenkins/automated-builds-in-jenkins]]
  • [[automated-tests-in-jenkins|tails/services/jenkins/automated-tests-in-jenkins]]
  • importance: critical (as a key component of our development process, needed to build IUKs during a Tails release)

Mail

  • purpose: handle incoming and outgoing email for some of our [[Schleuder lists|tails/services#schleuder]]
  • documentation:
  • [[schleuder-lists-threat-model|tails/services/schleuder-lists-threat-model]]
  • access: public MTA's listening on mail.tails.net and mta.tails.net
  • tools: postfix, rspamd
  • configuration: tails::profile::mta, tails::profile::rspamd, and tails::profile::mtasts classes
  • importance: high (at least because WhisperBack bug reports go through this MTA)

Mirror pool

  • purpose: provide the HTTP and DNS mirror pools
  • documentation:
  • design documentation
  • blueprint
  • [[tails/services/mirrors]]
  • [[testing|tails/services/mirrors/testing]]
  • [[updating|tails/services/mirrors/updating]]
  • access: public
  • tools: mirrorbits
  • configuration:
  • tails::profile::mirrorbits
  • importance: critical (needed by users to download Tails)
  • responsibilities:
  • Process offers of new mirrors.
  • Identify and process broken and slow mirrors.
  • Identify general health problems.

rsync

  • purpose: provide content to the public rsync server, from which all HTTP mirrors in turn pull
  • access: read-only for those who need it, read-write for Tails core developers
  • tools: rsync
  • configuration:
  • tails::profile::rsync
  • users and credentials are managed with the tails_secrets_rsync Puppet module
  • importance: critical (needed to release Tails)

Schleuder

  • purpose: host some of our Schleuder mailing lists
  • access: anyone can send email to these lists
  • tools: schleuder
  • configuration:
  • tails::profile::schleuder class
  • tails::profile::schleuder::lists Hiera setting
  • importance: high (at least because WhisperBack bug reports go through this service)

VPN

  • purpose: flow through VPN traffic the connections between our different remote systems. Mainly used by the monitoring service.
  • documentation: [[tails/services/vpn]]
  • access: private network.
  • tools: tinc
  • configuration:
  • tails::profile::vpn::instance class
  • importance: transitively critical (as a dependency of our monitoring system)

Web server

  • purpose: serve web content for any other service that need it
  • access: depending on the service
  • tools: nginx
  • configuration:
  • tails::profile::nginx class
  • importance: transitively critical (as a dependency of Jenkins and APT repositories)

Weblate

WhisperBack relay

Other pages

  • [[backups|tails/services/backups]]
  • [[puppet-server|tails/services/puppet-server]]
  • [[website-builds-and-deployments|tails/services/website-builds-and-deployments]]
  • [[website-redundancy|tails/services/website-redundancy]]