Opened at 2025-01-16T11:06:39Z
Last modified at 2025-05-21T07:42:01Z
#4161 new task
Move off Trac - Execution - Forgejo
| Reported by: | btlogy | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | dev-infrastructure | Version: | n/a |
| Keywords: | movofftrac | Cc: | |
| Launchpad Bug: |
Description (last modified by btlogy)
Following #4095 (MoveOffTrac - Initiation), we can now start executing the plan.
In short, the goal is to follow the principle of Infrastructure as Code as much as possible in those main steps:
- deploy and manage a new VPS server hosted by Hetzner using OpenToFu
- deploy and configure Nginx and Forgio using NixOS
- manage the DNS records to re-route web traffic to the new server using OpenToFu
- proxy/redirect out-of-scope content to the legacy server using NixOS
- migrate the data from Trac to Forgejo using trac2gitea
More details should be found in this dedicated MoveOffTrac repository.
Change History (8)
comment:1 Changed at 2025-01-16T14:56:19Z by btlogy
comment:2 Changed at 2025-01-27T15:47:10Z by btlogy
- Description modified (diff)
comment:3 Changed at 2025-02-07T08:04:36Z by btlogy
The last step described above (5) will require access to the existing server. Brian has been sent 2 new ssh keys to be authorized to access tahoe-lafs.org...
comment:4 Changed at 2025-02-07T08:17:51Z by btlogy
Heads up about the steps in the description:
- Completed via infrastructure#21.
- In progress via infrastructure#32 or infrastructure#33. The next PRs will be cherry picked from infrastructure#28
- Pending on having access to the DNS (as discussed with Brian) via #4162
- and 5. Pending on having access to the existing server (as discussed with Brian too)
comment:5 Changed at 2025-04-04T10:01:04Z by btlogy
Heads up about the steps in the description:
- Completed via infrastructure#21.
- In progress via:
- [x] infrastructure#31
- [x] infrastructure#34
- [ ] infrastructure#44
- [ ] infrastructure#45
- Still pending on having access to the DNS (as discussed with Brian) via #4162
- and 5. Still pending on having access to the existing server (as discussed with Brian too)
comment:6 Changed at 2025-04-04T10:01:24Z by btlogy
- Description modified (diff)
comment:7 Changed at 2025-05-20T20:04:17Z by btlogy
Forgejo has been provisionned for MoveOffTrac: https://forge.of.tahoe-lafs.org/
Feedback from Jeff: the home page does not show any project. Can we change that?
After a quick look at the doc, it is possible to customize the home page in 2 different ways:
- Configurations and UI settings: supported but very limited (unlikely altering the home page much).
- Serving custom resources, logos and pages (via template): with deeper impact but unsupported = future updates are likely to break changes without any warning.
A last option we have is to redirect some requests using Nginx (e.g.: / -> /tahoe-lafs), but we should be careful to not interfere too much...
comment:8 Changed at 2025-05-21T07:42:01Z by btlogy
Heads up about the steps in the description:
- Deploy and manage a new VPS server hosted by Hetzner using OpenToFu
Completed via:- [x] infrastructure#21.
- Deploy and configure Nginx and Forgio using NixOS
In progress via:- [x] infrastructure#31 Define the initial NixOS configuration of the new webforge server
- [x] infrastructure#34 Implement an automated workflow to integrate and deploy NixOS configurations
- [ ] infrastructure#44 Deploy and configure Forgejo and its requirements on webforge
- [ ] infrastructure#45 Configure webforge to host the new landing page with automatic deployment
- Manage the DNS records to re-route web traffic to the new server using OpenToFu
Partly completed in the absence of full delegation (see #4162 = infrastructure#56)- [x] infrastructure#61 Workaround the lack of support for sub-domain
- [x] infrastructure#64 Rework TF and Nix code for webforge to use of.tahoe-lafs.org sub domain
- [ ] infrastructure#49 Manage tahoe-lafs.org zone and records with OpenTofu to update the parent domain
- [ ] OR asynchronous workaround with Meejah
- Proxy/redirect out-of-scope content to the legacy server using !NixOS
Partly completed in the absence of root access:- [ ] Reconfigure legacy server with new certificate and implement redirections to legacy services
- [x] OR Implement proxy to legacy services with invalid certificate (not visible, parts in infrastructure#66)
- [ ] Reconfigure legacy server with new certificate and implement redirections to legacy services
- Migrate the data from Trac to Forgejo using trac2gitea
To do:- [ ] Extract the data and reconfigure Trac in RO via root access to the legacy server
- [ ] OR asynchronous workaround with Meejah
- [ ] Rework the redirect/proxy rules to use Forgejo instead of Trac
- [ ] Extract the data and reconfigure Trac in RO via root access to the legacy server
Declarative definition of the DNS configurations via #4162 would be a very nice to have for the step 3 in the description.
We would be able to stream the IPs assigned to the VPS during their provisioning directly to the DNS records.
This would avoid a back-and-forth and/or synchronized interaction between the contributor(s) who's going to execute the migration and the one(s) have the permissions to change the DNS configurations.
This being said, the declarative definition of the VPS can be done regardless of what will happened to #4162. So we/I should try to keep those as separated as possible.