SUCS issueshttps://projects.sucs.org/sucs/sucs/-/issues2020-12-16T18:30:06Zhttps://projects.sucs.org/sucs/sucs/-/issues/55Move Certbot challenges to DNS2020-12-16T18:30:06ZThomas LakeMove Certbot challenges to DNSUni firewall changes are restricting port 80 access to some machines (despite our previous request).
As there's little need for direct port 80 access (we just redirect to HTTPS), consider moving to dns-01 challenges for Let's Encrypt ins...Uni firewall changes are restricting port 80 access to some machines (despite our previous request).
As there's little need for direct port 80 access (we just redirect to HTTPS), consider moving to dns-01 challenges for Let's Encrypt instead of HTTP
We would need to configure BIND on Silver to accept updates, and then generate and store update keys on the relevant machines.
The BIND configuration on Silver can restrict each machine to only permit updates for it's specific challenge key.
Docs reference: https://certbot-dns-rfc2136.readthedocs.io/en/stable/Thomas LakeThomas Lakehttps://projects.sucs.org/sucs/sucs/-/issues/54guestnet fails to load login page on ethernet on firefox2020-09-28T16:08:00ZZev Cooper-bennunguestnet fails to load login page on ethernet on firefoxI resolved the issue by connecting to WiFi, opening sucs.org/guestnet, signing up with my WiFi card's MAC address, plugging in ethernet, disabling WiFi on my laptop, reloading the site, and overwriting my MAC address.
```
zev:
guestnet...I resolved the issue by connecting to WiFi, opening sucs.org/guestnet, signing up with my WiFi card's MAC address, plugging in ethernet, disabling WiFi on my laptop, reloading the site, and overwriting my MAC address.
```
zev:
guestnet ethernet works, but seems a bit dodgy to connect - the login page sent to guestnet.sucs.orgsuccess and not guestnet.sucs.org/success - I also had to log in to that site using my wifi first, and then overwrite my saved MAC address when accessing with ethernet, for whatever reason - wouldn't load any other way
when in though, works great, my laptop is likely limiting the speed somewhat
tswsl1989:
OK, well the first problem should be easy enough to fix - sounds like a missing / in the code.
Did you already have a MAC address registered? AFAIK we only allow one registered MAC per user through the website and automated tools, so that might just mean that the tool needs to handle that case more appropriately.
zev:
I didn't have a MAC address registered - the page just woudn't load with ethernet plugged in. My fix was to register my MAC address with the WiFi instead of ethernet, and then plug in the ethernet, reload the site, and overwrite the saved MAC address for (presumably) my WiFi card. There's a pretty decent chance that it was a Firefox issue tbh (there was a security warning for the site that only appeared and could be bypassed when opening with WiFi).
tswsl1989:
Might be an HTTPS issue. The site tries to do redirect to the registration page, which causes errors if the page you tried to load was a HTTPS one. Since the system was originally set up, HTTPS is a lot more common but there are also some semi-standard ways to indicate that you're on a closed network and need to log in. Some research and debugging required
(For "The site tries" read "Our networking infrastructure tries" - a lot of the heavy lifting is done by the firewall settings on gateway to redirect you to the scripts which are just served as a vhost on silver)
```https://projects.sucs.org/sucs/sucs/-/issues/53Wifi problems + improvements2020-09-28T14:28:29ZCaleb Connollykalube@sucs.orgWifi problems + improvementsCurrently (over at least the last few weeks) wifi speeds have been stuck at <20 down (on speedtest.net). We should look into the problem.
We should also re-investigate enabling 5GHz as being limited to ~60mbps down even though the netwo...Currently (over at least the last few weeks) wifi speeds have been stuck at <20 down (on speedtest.net). We should look into the problem.
We should also re-investigate enabling 5GHz as being limited to ~60mbps down even though the network is capable of 1gbps seems unnecessarily limiting.https://projects.sucs.org/sucs/sucs/-/issues/52Replace UPS battery2020-09-27T18:05:13ZCaleb Connollykalube@sucs.orgReplace UPS battery```
Product Name:CSB Battery MDS25 UPS battery kit- compatible with APC RBC25
Product Part Number:MDS25
Price:£86.99
Quantity:1
```
Server rack likes to beep sometimes....```
Product Name:CSB Battery MDS25 UPS battery kit- compatible with APC RBC25
Product Part Number:MDS25
Price:£86.99
Quantity:1
```
Server rack likes to beep sometimes....https://projects.sucs.org/sucs/sucs/-/issues/51Document and update the doorkey system2020-09-27T18:11:07ZCaleb Connollykalube@sucs.orgDocument and update the doorkey systemCurrently the doorkey PC is somewhat old, and lacking any documentation leaving it a bit of a black box.
It would be great to get some documentation down (like a simple markdown file in the docs folder in this repo) and perhaps look int...Currently the doorkey PC is somewhat old, and lacking any documentation leaving it a bit of a black box.
It would be great to get some documentation down (like a simple markdown file in the docs folder in this repo) and perhaps look into upgrading it before we get hardware failures.https://projects.sucs.org/sucs/sucs/-/issues/50Permission to delete2020-03-11T21:01:20ZBenjamin RockleyPermission to deleteCurrent exec team has permission to create new projects but not to delete a projects.Current exec team has permission to create new projects but not to delete a projects.https://projects.sucs.org/sucs/sucs/-/issues/49New logo and general design language2020-08-31T21:14:20ZCaleb Connollykalube@sucs.orgNew logo and general design languageWith the new hub we hope to build, and the new events we want to run, we would love to bring a new look to the society. We're currently designing a new logo to go along with out first event as the new execs, we would also love to create ...With the new hub we hope to build, and the new events we want to run, we would love to bring a new look to the society. We're currently designing a new logo to go along with out first event as the new execs, we would also love to create a design language to be used within the society to aid with the development of any websites, posters, etc.
We will create a repo in sucs/ group to store guidelines and colour palettes. This should also help with the development of micro-services and could also provide some useful templates for anybody planning on building one.https://projects.sucs.org/sucs/sucs/-/issues/48New members hub2020-02-27T15:42:02ZCaleb Connollykalube@sucs.orgNew members hubWe would like to develop a new hub for members, the aim is to organise many of the services within the society, centralise communication (such as news and events) and enable new services.
There is a rough outline of the goals of the pro...We would like to develop a new hub for members, the aim is to organise many of the services within the society, centralise communication (such as news and events) and enable new services.
There is a rough outline of the goals of the project in [the project design brief](https://projects.sucs.org/kalube/sucshub/blob/master/DESIGNBRIEF.md).https://projects.sucs.org/sucs/sucs/-/issues/47cgroups on silver2019-08-20T16:30:44ZImran Hussainimranh@sucs.orgcgroups on silverImplement cgroups on silver:
5% of cpu and memory capacity reserved for root owned procs.
Possibly another 5% reserved for mwserve.Implement cgroups on silver:
5% of cpu and memory capacity reserved for root owned procs.
Possibly another 5% reserved for mwserve.https://projects.sucs.org/sucs/sucs/-/issues/46Move Fedora mirror process to quick-fedora-mirror2019-04-02T10:44:23ZThomas LakeMove Fedora mirror process to quick-fedora-mirrorOur current mirror uses rsync and report_mirror to download the latest updates and files from Fedora to our local mirror, and to report that we have those versions so that clients on or 'near' campus can access them.
This is quite slow a...Our current mirror uses rsync and report_mirror to download the latest updates and files from Fedora to our local mirror, and to report that we have those versions so that clients on or 'near' campus can access them.
This is quite slow and occasionally hits connection limits upstream.
The newer tool to streamline this is quick-fedora-mirror (https://pagure.io/quick-fedora-mirror), which we should try and switch to.https://projects.sucs.org/sucs/sucs/-/issues/44Replacement for WebDAV2018-11-28T08:43:23ZImran Hussainimranh@sucs.orgReplacement for WebDAVOld webdav software we used is long gone and we shouldn't have been using for that long at all.
mod_dav doesn't let us do multiuser nicely (same issues with suexec/php-fpm)
(own|next)cloud need/want exclusive access to files so they ar...Old webdav software we used is long gone and we shouldn't have been using for that long at all.
mod_dav doesn't let us do multiuser nicely (same issues with suexec/php-fpm)
(own|next)cloud need/want exclusive access to files so they are out
Need some kind of web file manger.https://projects.sucs.org/sucs/sucs/-/issues/36Posters for the sucs room2018-02-05T17:44:04ZLaurence Sebastian Boweselbows@sucs.orgPosters for the sucs roomSUCS needs new posters for the room
specifically one on the door saying to close it **properly** and turn the light off, and another one about litteringSUCS needs new posters for the room
specifically one on the door saying to close it **properly** and turn the light off, and another one about litteringhttps://projects.sucs.org/sucs/sucs/-/issues/31Hosting other mail domains2018-02-05T17:44:04ZImran Hussainimranh@sucs.orgHosting other mail domainsWe already allow people to point their domain at us for web hosting, what about email hosting?
There are setups that can do virtual domains+users in such a way that users themselves could add their own aliases and manage their domains...We already allow people to point their domain at us for web hosting, what about email hosting?
There are setups that can do virtual domains+users in such a way that users themselves could add their own aliases and manage their domains themselves. 100 different ways of setting up exim+dovecot+roundcube+whatever to allow this, so lets argue about how to later, and whether it's a good idea/viable now.
In terms of cons, I wouldn't want us to be the home of spam, in terms of sending, would we allow people to use silver to send email from their domain or just receive?
It's something worth thinking about https://projects.sucs.org/sucs/sucs/-/issues/29Name and Shame Backup hoggers2018-02-05T17:44:04ZImran Hussainimranh@sucs.orgName and Shame Backup hoggersWrite a script to name and shame people that use loads of disk space on backup.
Like the one we have on the site but for backupWrite a script to name and shame people that use loads of disk space on backup.
Like the one we have on the site but for backuphttps://projects.sucs.org/sucs/sucs/-/issues/26Install and configure fail2ban on gw2018-02-05T17:44:04ZThomas LakeInstall and configure fail2ban on gwJudging by the logwatch emails, gateway isn't denying hosts properly.
We need to move from denyhosts to fail2ban (or another alternative) in the future anyway, so gw would be a good starting point.
- Needs to be reasonably strict at ...Judging by the logwatch emails, gateway isn't denying hosts properly.
We need to move from denyhosts to fail2ban (or another alternative) in the future anyway, so gw would be a good starting point.
- Needs to be reasonably strict at locking people out
- Exemptions for traffic from SUCS
- Exemption (or at least less trigger happy) for traffic from campus
- Some sort of reporting (feed to cacti/collectd etc, logwatch etc)https://projects.sucs.org/sucs/sucs/-/issues/20Move from LDAP auth to Kerberos2018-02-05T17:44:04ZImran Hussainimranh@sucs.orgMove from LDAP auth to KerberosThen we can do proper shit like NFSv4 user privs and stuff.
There is a redhat way of using SSSD to convert people userPassword entries to kerberos passwords, it sits on clients (silver, desktops etc...), tries kerberos, if there isn...Then we can do proper shit like NFSv4 user privs and stuff.
There is a redhat way of using SSSD to convert people userPassword entries to kerberos passwords, it sits on clients (silver, desktops etc...), tries kerberos, if there isn't a kerberos password, it'll auth against LDAP, then use that password to generate kerberos passwords and update LDAP to point to kerberos.https://projects.sucs.org/sucs/sucs/-/issues/19The constitution has grammatical errors2018-02-05T17:44:04ZImran Hussainimranh@sucs.orgThe constitution has grammatical errorsSo @hobbid has said that there are errors.
We need to go over it.So @hobbid has said that there are errors.
We need to go over it.https://projects.sucs.org/sucs/sucs/-/issues/3Website 'forgotten password' feature2020-02-27T15:18:49ZLaurence Sebastian Boweselbows@sucs.orgWebsite 'forgotten password' featureSystem for users to reset their passwords through the site.System for users to reset their passwords through the site.