Implement the first version of automatically opened disk encryption. Currently this is a completely manual, not-so-well-documented process. The impact of this is a much more reliable and easy to maintain server that is not critically affected for instance in the case of a power outage.
Tasks
[ ] Ensure Docker is not started automatically when server starts
[ ] Capture user's Github token on environment creation and store in a Github Secret. Change the documentation for creating this token to say that it also needs privileges to perform a repository dispatch action.
[ ] Create a new Github actions pipeline to country config that decrypts and mounts the encrypted partition via SSH. Farajaland implementation can be used as inspiration. This pipeline needs to be possible to also be triggered with a repository dispatch.
[ ] Configure all servers to make an HTTP request on boot to this pipeline. The pipeline should then kick in and decrypt the drive.
[ ] Ensure infrastructure and networking documentation instructs countries that they need to have egress from the server to Github
[ ] In pre-deployment checklist document add a new entry to test that rebooting works consistently
rikukissa
commented
4 months ago
Implement the first version of automatically opened disk encryption. Currently this is a completely manual, not-so-well-documented process. The impact of this is a much more reliable and easy to maintain server that is not critically affected for instance in the case of a power outage.
Tasks