add shell accounts service

2021-06-21 11:04:02 +01:00 · 2021-06-21 11:04:02 +01:00 · 7ba960307c
commit 7ba960307c
parent faebc5fc6c
5 changed files with 110 additions and 3 deletions
--- a/site/content/additional/maintlog/_index.md
+++ b/site/content/additional/maintlog/_index.md
@ -7,6 +7,10 @@ A log of changes to the burble.dn42 network.

 ---

+## 21st June 2021
+
+Added new [Shell Accounts](/services/shell/) service
+
 ## 19th May 2021

 [dn42regsrv](https://git.burble.dn42/burble.dn42/dn42regsrv) now supports publishing ROA in OpenBGPD format.
--- a/site/content/network/IPAM.md
+++ b/site/content/network/IPAM.md
@ -37,7 +37,8 @@ IP address tables
 |wiki.burble.dn42|172.20.129.6|fd42:4242:2601:ac81::1|DN42 Wiki Mirror|
 |rproxy.burble.dn42|172.20.129.7|fd42:4242:2601:acf0::1|Distributed NGINX Reverse Proxy|
 |whois.burble.dn42|172.20.129.8|fd42:4242:2601:ac43::1|Whois service|
-|&nbsp;|_172.20.129.10-31_|&nbsp;|_Unallocated_|
+|&nbsp;|_172.20.129.10-30_|&nbsp;|_Unallocated_|
+|shell.fr-rbx1.burble.dn42|172.20.129.31|fd42:4242:2601:1016:216:3eff:feae:51a8|fr-rbx1 shell service|

 ## burble.dn42 Nodes (DN42 Addressing)
 |DNS|IPv4|IPv6|Comment|
@ -90,4 +91,7 @@ IP address tables
 |dn42-sg-sin2.burble.com|139.99.89.157|2402:1f00:8000:800::3bc|
 |dn42-hk-hkg1.burble.com|103.73.66.189|2406:ef80:1:1a::1|

-
+|DNS|IPv4|IPv6|
+|:--|:--|:--|
+|shell.fr-rbx1.burble.com|178.33.134.8  |2001:41d0:8:127:216:3eff:feae:51a8|
+|git.dn42.dev            |142.44.255.183|2607:5300:60:3741:fc5f:3a14:838e:a7a7|
--- a/site/content/services/ca.md
+++ b/site/content/services/ca.md
@ -1,7 +1,7 @@
 ---
 title: "Certificate Authority"
 geekdocDescription: "burble.dn42 certificate authority"
-weight: 60
+weight: 70
 ---
 burble.dn42 maintains a PKI infarstructure for its services, using
 [Hashicorp Vault](/services/internal/#vaultburbledn42)
--- a/site/content/services/public.md
+++ b/site/content/services/public.md
@ -97,6 +97,12 @@ for visualisation.

 Syslogs are exported in real time to a central logging node on the internal network.

+## Shell Accounts
+
+The burble.dn42 shell service provides shell accounts for dn42 users who
+have SSH auth methods in the registry.  
+See the [Shell Accounts](/services/shell/) page.
+
 ## DNS

 |Service|Name|IP|
--- a/site/content/services/shell.md
+++ b/site/content/services/shell.md
@ -0,0 +1,93 @@
+---
+title: "Shell Accounts"
+geekdocDescription: "burble.dn42 Shell Services"
+weight: 60
+---
+burble.dn42 provides shell accounts on the following servers:
+
+- shell.fr-rbx1.burble.dn42
+
+## Accessing the Service
+
+The shell service imports user information from the dn42 registry allowing
+any MNTNER with an SSH auth method to log in to the servers. Usernames
+are constructed by lowercasing and removing the '-MNT' suffix.
+
+For example:
+
+**FOO-MNT**
+```
+mntner:             FOO-MNT
+auth:               ssh-ed25519 xxxxxxxxx
+```
+
+Log in using the key specified in the auth method:
+```
+ssh foo@shell.fr-rbx1.burble.dn42
+```
+
+Your home directory is created automatically on first access and will then
+persist across logins.
+
+## Key Services
+
+### Installed Packages
+
+A broad set of command line tools, applications and games are available;
+the aim is to provide a comprehensive environment that is useful and
+fun to tinker with.
+
+The current set of packages can be found in the shell config repo:
+
+- [https://git.dn42.dev/burble/config-shell/src/branch/main/roles/user_apps/tasks/main.yml](https://git.dn42.dev/burble/config-shell/src/branch/main/roles/user_apps/tasks/main.yml)
+
+Requests for additional packages are welcome, please raise these as
+[issues](https://git.dn42.dev/burble/config-shell/issues) in the repo.
+
+### Scratch Area
+
+A large storage area is mounted on to /scratch
+
+/home disk space is limited, so /scratch may be used for additional space
+or if you don't want to  use /home. If you want to use the scratch
+area it is recommended to create your own directory (named after your
+username) and then store all your stuff in the new directory; this will help
+prevent clutter.
+
+Note that the storage for /scratch is nfs mounted across dn42 so
+performance will be variable.
+
+### Changing Shell
+
+The registry import process currently limits the initial shell to /bin/bash
+and currently this cannot be changed. If you want to use something different,
+just exec to the new shell in your .profile or .bashrc.
+
+### Clearnet
+
+Clearnet access is provided. Rate limiting allows for a small amount of
+burst traffic, but then bandwidth is quickly limited to 10mbit/sec. In general,
+you should be better off using your own clearnet access for large downloads.
+
+### Performance Monitoring
+
+The shell servers are monitored using netdata and prometheus, with performance
+graphs available in [grafana](https://grafana.burble.dn42).
+
+## Acceptable Use
+
+The objective of the burble.dn42 shell service is to provide a free, open,
+and fun environment for dn42 users. The services are provided for your benefit so
+please be considerate in your usage and remember that abusing the service just
+spoils it for everyone else.
+
+See also the main [Abuse Policy](/network/abuse).
+
+## Source Code and Configuration
+
+Configuration for the shell servers is maintained in a git repo:
+
+- [https://git.dn42.dev/burble/config-shell](https://git.dn42.dev/burble/config-shell)
+
+The repository may be used for raising issues or requesting additional
+software to be installed.