Below, importance level is evaluated based on:

  • users' needs: e.g. if the APT repository is down, then the Additional Software feature is broken;

  • developers' needs: e.g. if the ISO build fails, then developers cannot work;

  • the release process' needs: we want to be able to do an emergency release at any time when critical security issues are published. Note that in order to release Tails, one needs to first build Tails, so any service that's needed to build Tails is also needed to release Tails.

APT repositories

Custom APT repository

  • purpose: host Tails-specific Debian packages

  • documentation

  • access: anyone can read, Tails core developers can write

  • tools: reprepro

  • configuration:

  • importance: critical (needed by users, and to build & release Tails)

Time-based snapshots of APT repositories

  • purpose: host full snapshots of the upstream APT repositories we need, which provides the freezable APT repositories feature needed by the Tails development and QA processes

  • documentation

  • access: anyone can read, release managers have write access

  • tools: reprepro

  • configuration:

  • importance: critical (needed to build Tails)

Tagged snapshots of APT repositories

  • purpose: host partial snapshots of the upstream APT repositories we need, for historical purposes and compliance with some licenses

  • documentation

  • access: anyone can read, release managers can create and publish new snapshots

  • tools: reprepro

  • configuration:

  • importance: critical (needed by users and to release Tails)

Bitcoind

  • purpose: handle the Tails Bitcoin wallet

  • access: Tails core developers only

  • tools: bitcoind

  • configuration: bitcoind class

  • Vcs-Git: bitcoin and libunivalue

  • importance: medium

  • To save disk space: as the bitcoin@bitcoin.lizard user, run bitcoin-cli getblockcount to get the ID of the last block, then run bitcoin-cli pruneblockchain XYZ, with XYZ being a Unix timestamp that's at least 5 months in the past.

BitTorrent

  • purpose: seed the new ISO image when preparing a release

  • documentation

  • access: anyone can read, Tails core developers can write

  • tools: transmission-daemon

  • configuration: done by hand (#6926)

  • importance: low

DNS

  • purpose: authoritative nameserver for the tails.net and amnesia.boum.org zones

  • access:

    • anyone can query this nameserver

    • members of the mirrors team control some of the content of the dl.amnesia.boum.org sub-zone

    • Tails sysadmins can edit the zones with pdnsutil edit-zone

  • tools: pdns with its MySQL backend

  • configuration:

  • importance: critical (most of our other services are not available if this one is not working)

GitLab

Gitolite

  • purpose:

    • host Git repositories used by the puppetmaster and other services

    • host mirrors of various Git repositories needed on lizard, and whose canonical copy lives on GitLab

  • access: Tails core developers only

  • tools: gitolite3

  • configuration: tails::gitolite class

  • importance: high (needed to release Tails)

git-annex

Icinga2

  • purpose: Monitor Tails online services and systems.

  • access: only Tails core developers can read-only the Icingaweb2 interface, sysadmins are RW and receive notifications by email.

  • tools: Icinga2, icingaweb2

  • configuration: not documented

  • documentation: currently none

  • importance: critical (needed to ensure that other, critical services are working)

Jenkins

  • purpose: continuous integration, e.g. build Tails ISO images from source and run test suites

  • access: only Tails core developers can see the Jenkins web interface (#6270); anyone can download the built products

  • tools: Jenkins, jenkins-job-builder

  • design and implementation documentation: Jenkins

  • importance: critical (as a key component of our development process, needed to build IUKs during a Tails release)

LimeSurvey

  • purpose: user surveys, mainly for UX purposes

  • access: sysadmins and UX members have shell access, as well as admin access to the web interface

  • tools: limesurvey

  • configuration: tails::profile::limesurvey

  • importance: low to medium

Mail

Meeting reminder

Mirror pool

  • purpose: provide the HTTP and DNS mirror pools

  • documentation: design documentation, blueprint

  • access: public

  • tools: mirrorbits

  • configuration:

  • importance: critical (needed by users to download Tails)

  • responsibilities:

    • Process offers of new mirrors.

    • Identify and process broken and slow mirrors.

    • Identify general health problems.

rsync

  • purpose: provide content to the public rsync server, from which all HTTP mirrors in turn pull

  • access: read-only for those who need it, read-write for Tails core developers

  • tools: rsync

  • configuration:

  • importance: critical (needed to release Tails)

Schleuder

  • purpose: host some of our Schleuder mailing lists

  • access: anyone can send email to these lists

  • tools: schleuder

  • configuration:

  • importance: high (at least because WhisperBack bug reports go through this service)

Tor bridge

VPN

  • purpose: flow through VPN traffic the connections between our different remote systems. Mainly used by the monitoring service.

  • access: private network.

  • tools: tinc

  • configuration:

  • importance: transitively critical (as a dependency of our monitoring system)

Web server

  • purpose: serve web content for any other service that need it

  • access: depending on the service

  • tools: nginx

  • configuration:

  • importance: transitively critical (as a dependency of Jenkins and APT repositories)

Weblate

WhisperBack relay