Kosmos Wiki - User contributions [en]

Infrastructure

2022-05-11T14:34:23Z

Greg: Move our LDAP service to a VM

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

''Retired''

==== centaurus.kosmos.org ====

''retired''

==== draco.kosmos.org ====

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-4
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL master node
* zerotier-2
** Zerotier One network controller
* uploads-1
** ejabberd file uploads

==== fornax.kosmos.org ====

Host:

* Kosmos website (kosmos.org)
* Kosmos static assets (assets.kosmos.org)

VMs:

* mastodon-3
** [https://kosmos.social kosmos.social] (Mastodon)
* nodejs-4
** [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
** [https://github.com/67P/kredits-github kredits-github]
** sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* postgres-4
** PostgreSQL hot standby node
* rsk-mainnet-2
** rsk.kosmos.org (mainnet)
* rsk-testnet-3
** rsk-testnet.kosmos.org (testnet)
* gitea-2
** Gitea (gitea.kosmos.org)
* discourse-2
** Discourse (community.kosmos.org)
* drone-1
** Drone CI (drone.kosmos.org)
* ejabberd-7
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* ldap-2.kosmos.org
** ldap.kosmos.local ([[Infrastructure:LDAP]])

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]

Infrastructure

2022-03-13T12:09:48Z

Greg:

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

''Retired''

==== centaurus.kosmos.org ====

Host:

* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)
* Kosmos website (kosmos.org)
* Kosmos static assets (assets.kosmos.org)

==== draco.kosmos.org ====

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-4
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* ejabberd-6
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL master node

==== fornax.kosmos.org ====

VMs:

* mastodon-2
** [https://kosmos.social kosmos.social] (Mastodon)
* nodejs-3
** [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
** [https://github.com/67P/kredits-github kredits-github]
** sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* zerotier-2
** Zerotier One network controller
* postgres-4
** PostgreSQL hot standby node
* rsk-mainnet-1
** rsk.kosmos.org (mainnet)
* rsk-testnet-2
** rsk-testnet.kosmos.org (testnet)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure

2022-02-17T18:04:31Z

Greg: Create new VMs on fornax, general cleanup

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

''Retired''

==== centaurus.kosmos.org ====

Host:

* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)
* Kosmos website (kosmos.org)
* Kosmos static assets (assets.kosmos.org)

==== draco.kosmos.org ====

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-3
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* ejabberd-4
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL master node

==== fornax.kosmos.org ====

VMs:

* mastodon-2
** [https://kosmos.social kosmos.social] (Mastodon)
* nodejs-3
** [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
** [https://github.com/67P/kredits-github kredits-github]
* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* zerotier-2
** Zerotier One network controller
* postgres-4
** PostgreSQL hot standby node
* rsk-mainnet-1
** rsk.kosmos.org (mainnet)
* rsk-testnet-2
** rsk-testnet.kosmos.org (testnet)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure

2022-01-18T19:14:58Z

Greg: Document new ejabberd cluster currently running on draco

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

''Retired''

==== centaurus.kosmos.org ====

Host:

* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)

VMs:

* mastodon-1
** [https://kosmos.social kosmos.social] (Mastodon)
* nodejs-2
** [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
** [https://github.com/67P/kredits-github kredits-github]
* zerotier-1
** Zerotier One network controller
* postgres-3
** PostgreSQL hot standby node

==== draco.kosmos.org ====

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-3
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* ejabberd-4
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL master node

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure

2021-01-25T13:15:42Z

Greg: Update the PostgreSQL setup after replacing it with VMs https://gitea.kosmos.org/kosmos/chef/pulls/282

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* bitcoind (mainnet)
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])

==== centaurus.kosmos.org ====

Host:

* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)

VMs:

* ejabberd-2
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* mastodon-1
** [https://kosmos.social kosmos.social] (Mastodon)
* nodejs-2
** [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
** [https://github.com/67P/kredits-github kredits-github]
* zerotier-1
** Zerotier One network controller
* postgres-3
** PostgreSQL hot standby node

==== draco.kosmos.org ====

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-1
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL master node

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure

2021-01-13T13:27:41Z

Greg: Add new mastodon and postgres VMs

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* bitcoind (mainnet)
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])

==== centaurus.kosmos.org ====

Host:

* PostgreSQL hot standby node
* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)

VMs:

* ejabberd-2
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* zerotier-1
** Zerotier One network controller
* mastodon-1
** [https://kosmos.social kosmos.social] (Mastodon)

==== draco.kosmos.org ====

Host:

* PostgreSQL master node

VMs:

* bitcoin-2
** bitcoind (mainnet)
** NBXplorer
** BTCPay Server (btcpay.kosmos.org)
** LND (ln2.kosmos.org, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
** Ride The Lightning (10.1.1.163:3000)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-1
** ejabberd cluster node (kosmos.org XMPP and kosmos.chat MUC)
* akkounts-1
** Akkounts (accounts.kosmos.org)
* postgres-2
** PostgreSQL hot standby node

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure

2020-11-25T18:20:56Z

Greg: Add new services for centaurus and draco

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in ops@kosmos.chat if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* [https://kosmos.social kosmos.social] (Mastodon)
* PostgreSQL master node

==== centaurus.kosmos.org ====

Host:

* PostgreSQL hot standby node
* Gitea (gitea.kosmos.org)
* Discourse (community.kosmos.org)
* Drone (drone.kosmos.org)

VMs:

* ejabberd-2
** ejabberd cluster node

==== draco.kosmos.org ====

Host:

* PostgreSQL hot standby node

VMs:

* bitcoin-2
** bitcoind (mainnet)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* ejabberd-1
** ejabberd cluster node
* akkounts-1
** Akkounts (accounts.kosmos.org)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Infrastructure:LDAP

2020-10-06T09:29:03Z

Greg: Document resetting a user's password

== Server ==

We use [https://directory.fedoraproject.org/ 389 Directory Server], installed using [https://gitea.kosmos.org/kosmos/chef/src/branch/master/site-cookbooks/kosmos-dirsrv this Chef cookbook]. The server runs on ldap.kosmos.org. The future plan is to make the LDAP server only accessible to services that use it for authentication and authorization, as well as the upcoming [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Kosmos Accounts Web UI]

== Directory structure ==

Here is a diagram of the directory structure we use on ldap.kosmos.org:

<pre>
------------------------
| dc=kosmos,dc=org |
| (organizationalUnit) |
------------------------
| |
------------------------ | | -----------------------------
| cn=users |------| |----| cn=applications |
| (organizationalRole) | | (organizationalRole) |
------------------------ -----------------------------
| | | |
------------------------ ------------------------ ---------------------------- ------------------------
| ou=kosmos.org | | ou=customdomain.com | | ou=kosmos.org | | ou=customdomain.com |
| (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) |
------------------------ ------------------------ ---------------------------- ------------------------
| | | |
----------------------- ------------------------ ------------------------- -------------------------
| cn=example_user | | cn=example_user | | uid=xmpp | | uid=wiki |
| (account,person, | | (account,person, | | (account, | | (account, |
| extensibleObject) | | extensibleObject) | | simpleSecurityObject) | | simpleSecurityObject) |
----------------------- ------------------------ ------------------------- -------------------------

</pre>

Here is an LDIF representation of an example of what we use on ldap.kosmos.org:

== Applications ==

<pre>
# applications, kosmos.org
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, applications, kosmos.org
dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org

# account.pro, applications, kosmos.org
dn: ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Pro Account
ou: account.pro

# wiki account, used by mediawiki to search for users and change passwords
dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: secret

# # xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

# xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

</pre>

== Users ==

<pre>
# container for the organizationUnits (domains)
dn: cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, users, kosmos.org
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Kosmos
ou: kosmos.org
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)

# example user for kosmos.org
dn: cn=example_user,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_user
sn: example_user
uid: example_user
mail: example_user@example.com
xmpp: enabled
userPassword: secret

# example admin for kosmos.org
dn: cn=example_admin,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_admin
sn: example_admin
uid: example_admin
mail: example_admin@example.com
admin: true
userPassword: secret

# account.pro, users, kosmos.org
dn: ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: account
ou: account.pro
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-account-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-account-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)

# example user for account.pro
dn: cn=example_pro,ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_pro
sn: example_pro
uid: example_pro
mail: exampleaccount.pro
xmpp: enabled
userPassword: secret
</pre>

== Admin commands ==

The ''ldapsearch'' and ''ldapadd'' command-line tool are provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

This can also be done using the LDAP client library of your choice.

=== Listing accounts ===

$ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=kosmos.org,cn=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org"

=== Adding an account ===

==== Generate a hashed password ====

This example is using Ruby, but anything that can generate a salted SHA512 hash will also work.

$ ruby -r base64 -r digest -r securerandom -e 'salt = SecureRandom.hex(32); password = "random_password"; puts "{SSHA512}" + Base64.strict_encode64(Digest::SHA512.digest(password+salt) + salt)'
{SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=

==== Add the account ====

$ ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: alice
sn: alice
uid: alice
mail: alice@example.com
userPassword: {SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=
EOF

adding new entry "cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org"

=== Reset a user's password ===

This can also be used to replace any field, for example the user's email (''mail'')

$ ldapmodify -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org
changetype: modify
replace: userPassword
userPassword: {SSHA512}tJo0ttExKmR8UMbvygtvA23cJ0XD3I6zPxd4B+l9225XynaY8kACoUNSmr4SPjOxPWRqEb4mEIJ5sN8MTOvnpTZmNGRlNDViNGY5YzQwYjM4ZmY3NDBkYjJkZjVkMWE4MjVmYTIxMjk4NmZlYWY1Yjk0MjUyOGNiZDYyZWRhNWE=
EOF

modifying entry "cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org"

Infrastructure:LDAP

2020-10-06T09:22:48Z

Greg: /* Add the account */

Infrastructure:LDAP

2020-10-06T09:22:38Z

Greg: /* Listing accounts */

== Server ==

We use [https://directory.fedoraproject.org/ 389 Directory Server], installed using [https://gitea.kosmos.org/kosmos/chef/src/branch/master/site-cookbooks/kosmos-dirsrv this Chef cookbook]. The server runs on ldap.kosmos.org. The future plan is to make the LDAP server only accessible to services that use it for authentication and authorization, as well as the upcoming [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Kosmos Accounts Web UI]

== Directory structure ==

Here is a diagram of the directory structure we use on ldap.kosmos.org:

<pre>
------------------------
| dc=kosmos,dc=org |
| (organizationalUnit) |
------------------------
| |
------------------------ | | -----------------------------
| cn=users |------| |----| cn=applications |
| (organizationalRole) | | (organizationalRole) |
------------------------ -----------------------------
| | | |
------------------------ ------------------------ ---------------------------- ------------------------
| ou=kosmos.org | | ou=customdomain.com | | ou=kosmos.org | | ou=customdomain.com |
| (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) |
------------------------ ------------------------ ---------------------------- ------------------------
| | | |
----------------------- ------------------------ ------------------------- -------------------------
| cn=example_user | | cn=example_user | | uid=xmpp | | uid=wiki |
| (account,person, | | (account,person, | | (account, | | (account, |
| extensibleObject) | | extensibleObject) | | simpleSecurityObject) | | simpleSecurityObject) |
----------------------- ------------------------ ------------------------- -------------------------

</pre>

Here is an LDIF representation of an example of what we use on ldap.kosmos.org:

== Applications ==

<pre>
# applications, kosmos.org
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, applications, kosmos.org
dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org

# account.pro, applications, kosmos.org
dn: ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Pro Account
ou: account.pro

# wiki account, used by mediawiki to search for users and change passwords
dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: secret

# # xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

# xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

</pre>

== Users ==

<pre>
# container for the organizationUnits (domains)
dn: cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, users, kosmos.org
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Kosmos
ou: kosmos.org
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)

# example user for kosmos.org
dn: cn=example_user,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_user
sn: example_user
uid: example_user
mail: example_user@example.com
xmpp: enabled
userPassword: secret

# example admin for kosmos.org
dn: cn=example_admin,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_admin
sn: example_admin
uid: example_admin
mail: example_admin@example.com
admin: true
userPassword: secret

# account.pro, users, kosmos.org
dn: ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: account
ou: account.pro
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-account-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-account-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)

# example user for account.pro
dn: cn=example_pro,ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_pro
sn: example_pro
uid: example_pro
mail: exampleaccount.pro
xmpp: enabled
userPassword: secret
</pre>

== Admin commands ==

The ''ldapsearch'' and ''ldapadd'' command-line tool are provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

This can also be done using the LDAP client library of your choice.

=== Listing accounts ===

$ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=kosmos.org,cn=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org"

=== Adding an account ===

==== Generate a hashed password ====

This example is using Ruby, but anything that can generate a salted SHA512 hash will also work.

$ ruby -r base64 -r digest -r securerandom -e 'salt = SecureRandom.hex(32); password = "random_password"; puts "{SSHA512}" + Base64.strict_encode64(Digest::SHA512.digest(password+salt) + salt)'
{SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=

==== Add the account ====

ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: alice
sn: alice
uid: alice
mail: alice@example.com
userPassword: {SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=
EOF

adding new entry "cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org"

Infrastructure

2020-09-24T15:34:30Z

Greg: Move ipfs.kosmos.org to a VM running on draco

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo/Zero, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* [https://kosmos.social kosmos.social] (Mastodon)
* PostgreSQL master node

==== centaurus.kosmos.org ====

Host:

* PostgreSQL hot standby node
* Gitea

==== draco.kosmos.org ====

Host:

* PostgreSQL hot standby node

VMs:

* bitcoin-2
** bitcoind (mainnet)
* wiki-1
** wiki.kosmos.org (you're looking at it)
* ipfs-1
** ipfs.kosmos.org (IPFS node + public gateway)
*** <code>ipfs swarm connect /ip4/148.251.237.73/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
** [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP]])

Kosmos Summit 2020

2020-09-24T14:38:25Z

Greg: /* Participants */

* Location: Sambuca di Sicilia, Italy (HackerHouse/L6) + Remote (Zoom, or Jitsi Meet, or similar)
* Dates: October 2020

All core contributor hands on deck! After having drifted on the oceans for a while, we need to chart a good course and set the sails.

With all the basics for rapid feature development finally in place before this year's gathering, we'll be able to focus entirely on planning for, and hacking on, Kosmos Chat and Kosmos Services. And with our new initial budget, we can also start trialing our ideas for a sustainable, co-operative, open-source organization via Kosmos Kredits. Let's create a new roadmap and see where it takes us!

== Dates ==

Everyone is invited in October to visit Sicily and HackerHouse for a while and co-work from there (both on Kosmos and non-Kosmos stuff). In addition to the flexible long-form gathering, we will have two days or so of focused sessions, in which we will discuss and collaborate on the important topics.

Dates for the Summit: October 9/10/11 (main day on Saturday).

== Accommodations ==

There are some beds at the house itself, and also a variety of apartments in walking distance that we can use. For leisure time, there are both beaches and mountains, as well as old towns and ruins dating back to hundreds of years before the rise of Rome. Go explore!

== Getting there ==

Airports PMO and TPS are both ~1:15 hrs drive to Sambuca. PMO serves the most destinations. Please coordinate with others for sharing rental cars and/or getting picked up from the airport.

=== COVID-19 notes ===

Sambuca hasn't recorded a single case to date, and there are currently no travel restrictions in Italy for EU residents. Everything is open for business, but mask usage is currently required for shared indoor spaces other than restaurants. These notes will be kept up to date until the summit.

== Remote participation ==

Whoever cannot or does not want to participate in person, can also call in via audio/video chat for the focus sessions. We are going to upgrade the buildings's Internet connection with our provider for the Summit days, and we will organize everything needed for decent remote participation. So if you cannot or do not want to travel at the moment, it will not be necessary to do so.

Any and all help with organizing/improving remote participation is most appreciated, of course! Please join one of the upcoming weekly calls if you want to contribute to this topic.

== Agenda ==

...

== Participants ==

* raucao
* galfert (remote)
* slvrbckt (possibly in person)
* greg (remote)
* ...

== To do ==

* Set up physical remote conferencing equipment/location
* Set up video conferencing software and room(s) ([https://gitea.kosmos.org/kosmos/chef/issues/148 Jitsi Meet?])
* Set up Etherpad(s) or similar, for live collaborative docs
* Set up dedicated chatroom(s) for the summit? (look at Jitsi meet XMPP integration first)
* Create agenda with topics to discuss/work on (public or not?)
* Create session schedule (Unconf style. Just agree on session times and perhaps mods beforehand, so people can plan lunch, dinner, etc.)
* Document remote participation details (for everyone to know exactly how things will work and when)
* Grocery shopping for local participants

=== Done ===

* 🗹 Confirm dates and modes of participation

== Notes ==

* https://m.signalvnoise.com/options-not-roadmaps/

Infrastructure:LDAP

2020-09-16T09:30:42Z

Greg: Fix the suffix for the search command

== Server ==

We use [https://directory.fedoraproject.org/ 389 Directory Server], installed using [https://gitea.kosmos.org/kosmos/chef/src/branch/master/site-cookbooks/kosmos-dirsrv this Chef cookbook]. The server runs on ldap.kosmos.org. The future plan is to make the LDAP server only accessible to services that use it for authentication and authorization, as well as the upcoming [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Kosmos Accounts Web UI]

== Directory structure ==

Here is a diagram of the directory structure we use on ldap.kosmos.org:

<pre>
------------------------
| dc=kosmos,dc=org |
| (organizationalUnit) |
------------------------
| |
------------------------ | | -----------------------------
| cn=users |------| |----| cn=applications |
| (organizationalRole) | | (organizationalRole) |
------------------------ -----------------------------
| | | |
------------------------ ------------------------ ---------------------------- ------------------------
| ou=kosmos.org | | ou=customdomain.com | | ou=kosmos.org | | ou=customdomain.com |
| (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) | | (organizationalUnit) |
------------------------ ------------------------ ---------------------------- ------------------------
| | | |
----------------------- ------------------------ ------------------------- -------------------------
| cn=example_user | | cn=example_user | | uid=xmpp | | uid=wiki |
| (account,person, | | (account,person, | | (account, | | (account, |
| extensibleObject) | | extensibleObject) | | simpleSecurityObject) | | simpleSecurityObject) |
----------------------- ------------------------ ------------------------- -------------------------

</pre>

Here is an LDIF representation of an example of what we use on ldap.kosmos.org:

== Applications ==

<pre>
# applications, kosmos.org
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, applications, kosmos.org
dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org

# account.pro, applications, kosmos.org
dn: ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Pro Account
ou: account.pro

# wiki account, used by mediawiki to search for users and change passwords
dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: secret

# # xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

# xmpp account, used by ejabberd to search for users and change passwords
dn: uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: secret

</pre>

== Users ==

<pre>
# container for the organizationUnits (domains)
dn: cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users

# kosmos.org, users, kosmos.org
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: Kosmos
ou: kosmos.org
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)

# example user for kosmos.org
dn: cn=example_user,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_user
sn: example_user
uid: example_user
mail: example_user@example.com
xmpp: enabled
userPassword: secret

# example admin for kosmos.org
dn: cn=example_admin,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_admin
sn: example_admin
uid: example_admin
mail: example_admin@example.com
admin: true
userPassword: secret

# account.pro, users, kosmos.org
dn: ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: account
ou: account.pro
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-account-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=account.pro,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-account-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=account.pro,cn=applications,dc=kosmos,dc=org";)

# example user for account.pro
dn: cn=example_pro,ou=account.pro,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: example_pro
sn: example_pro
uid: example_pro
mail: exampleaccount.pro
xmpp: enabled
userPassword: secret
</pre>

== Admin commands ==

The ''ldapsearch'' and ''ldapadd'' command-line tool are provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

This can also be done using the LDAP client library of your choice.

=== Listing accounts ===

ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=kosmos.org,cn=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org"

=== Adding an account ===

==== Generate a hashed password ====

This example is using Ruby, but anything that can generate a salted SHA512 hash will also work.

$ ruby -r base64 -r digest -r securerandom -e 'salt = SecureRandom.hex(32); password = "random_password"; puts "{SSHA512}" + Base64.strict_encode64(Digest::SHA512.digest(password+salt) + salt)'
{SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=

==== Add the account ====

ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: alice
sn: alice
uid: alice
mail: alice@example.com
userPassword: {SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=
EOF

adding new entry "cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org"

Services:Accounts

2020-09-15T10:28:25Z

Greg: Document LDAP admin commands

== Unified accounts for Kosmos services ==

'''''This is work in progress!''''' For now, unified accounts are only enabled on this wiki and [[Services:XMPP|XMPP]]. We have decided to use LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref> to let users have the same credentials (username and password) across Kosmos services.

The LDAP server is running on ldap.kosmos.org<ref>[[Infrastructure#barnard.kosmos.org|Infrastructure]]</ref>.

== Admin commands ==

The ''ldapsearch'' and ''ldapadd'' command-line tool are provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

This can also be done using the LDAP client library of your choice.

=== Listing accounts ===

ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org"

=== Adding an account ===

==== Generate a hashed password ====

This example is using Ruby, but anything that can generate a salted SHA512 hash will also work.

$ ruby -r base64 -r digest -r securerandom -e 'salt = SecureRandom.hex(32); password = "random_password"; puts "{SSHA512}" + Base64.strict_encode64(Digest::SHA512.digest(password+salt) + salt)'
{SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=

==== Add the account ====

ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: alice
sn: alice
uid: alice
mail: alice@example.com
userPassword: {SSHA512}WsELiZM9MlUM004LF3jpV5OuV+qTsGoRR1RzffdtUuPpzOl57I7WmKL+S46/KR8HUtYPRh1ttmsNvGUX/agxLjBkZGI0MTczNWNiZjkxMDI0NGEzZTE2ZDBlNGJkMDQ5N2ZhMjVjMjQ1NzFlZmJlNmZmODhmNjE5OGM1YWM3Zjc=
EOF

adding new entry "cn=alice,ou=kosmos.org,cn=users,dc=kosmos,dc=org"

== Changing your password ==

Changing your password will be made possible in the upcoming [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Kosmos Accounts Web UI]. But for now, you have these two options:

=== Via XMPP client ===

You can change your Kosmos account password globally from any XMPP client, which allows you to change your XMPP password.

=== Via command-line interface ===

The ''ldappasswd'' command-line tool is provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

The following command will set your new password, if you type your current password (replace '''yourusername''' with your username):

ldappasswd -x -D cn=''''yourusername'''',ou=kosmos.org,cn=users,dc=kosmos,dc=org -W -S -H "ldaps://ldap.kosmos.org"

It will ask you the following passwords:

New password:
Re-enter new password:
Enter LDAP Password:

"New password" is the password that will be set on your LDAP account. "LDAP password" is your current password

If you need any help do not hesitate to ask for help in our [[Main_Page#Chat|chatroom]].

== References ==

<references />

Infrastructure

2020-07-30T09:25:47Z

Greg:

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)
* PostgreSQL master node

==== centaurus.kosmos.org ====

Running Ubuntu 18.04 LTS

* PostgreSQL hot standby node
* Gitea

==== draco.kosmos.org ====

Running Ubuntu 20.04 LTS

* PostgreSQL hot standby node

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP|LDAP]] using [https://directory.fedoraproject.org 389 Directory Server])

Infrastructure

2020-07-30T09:24:15Z

Greg: Remove GKE section, add draco, update centaurus section

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)
* PostgreSQL master node

==== centaurus.kosmos.org ====

Running Ubuntu 18.04 LTS

* PostgreSQL hot standby node
* Gitea

==== draco.kosmos.org ====

Running Ubuntu 20.04 LTS

* PostgreSQL hot standby node
* Gitea

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP|LDAP]] using [https://directory.fedoraproject.org 389 Directory Server])

Team

2020-03-03T15:39:20Z

Greg: Remove old user

''Please note: this page is a bit outdated.''

== The Agreement ==

The core team consists of a group of people, who have agreed with each other on several things:

* Kosmos is sorely needed an we want to use it today/asap/yesterday
* We can imagine this to be commercially successful, and we can see us founding a company for the paid/pro version and potentially working for it at some point (to whatever degree that might be)
* We will take the first step and implement the prototype MVP as a side project. Most of us will come to Chaos Communication Camp in August 2015, so we'll try to finish the MVP during our time there and then define how to proceed
* All work done until then, and (as far as possible) forever, will be published under open-source licenses. However, we want to protect the project name/ trademark, so that people using the name/trademark commercially need to ask our permission, and so that we can use the name commercially ourselves for the benefit of all contributors (incl. non-partners/employees/shareholders).

== People ==

{| class="" style="width: 100%; text-align: left"
! Name
! a.k.a.
! Involvement/expertise
! Kredit address
|-
| Ben Kero
| bkero
| SysOps, DevOps, *nix systems, infrastructure development, IRC, open-source collab/community/dev/relations, ...
|-
| David Grieshammer
| lsa, lsa232
| User experience design, interaction design, graphic/web design, audio, ...
|-
| [[User:Galfert|Garret Alfert]]
| galfert
| Software development (full-stack), Ember.js, RemoteStorage, back-end, payments, ...
| 1KLjNG9FFyTGzZdtyZjQLqhEz8VqkyKkeF
|-
| [[User:Greg|Greg Karékinian]]
| gregkare, gkarekinian
| Infrastructure development, DevOps, operations, Chef, Ruby, *nix systems ...
| 1JspMAYETsLWbB1mRaGFFo8kXb96mERFPA
|-
| Michael Bumann
| bumi, derbumi
| Fin-tech development, blockchain technologies, Bitcoin, Ruby, Java, JavaScript, crowd funding/investment, ...
| 1Dwvbv5uMxhgHBbqawDUMSxmxmzL7VJoxV
|-
| [[User:Silverbucket|Nick Jennings]]
| silverbucket, slvrbckt
| Software development (full-stack), JavaScript, Node.js, Sockethub, RemoteStorage, ...
| 19UubPU4SKymYA7gbqoyStNavQAJDrBA59
|-
| [[User:Raucao|Sebastian Kippe]]
| basti, skddc, raucao
| Software development (full-stack), front-end/UI, Ember.js, RemoteStorage / business, funding, human resources, ...
| 18mFwCsjRr1M1D6kcNwWEEumhpD5i7Amqf
|-
|}

Infrastructure:LDAP

2020-03-03T12:09:59Z

Greg: Add an example admin user

Infrastructure:LDAP

2020-02-27T10:43:45Z

Greg:

Infrastructure:LDAP

2020-02-27T10:42:47Z

Greg: Update the directory structure after the changes in https://gitea.kosmos.org/kosmos/chef/issues/140

Main Page

2020-02-27T10:21:02Z

Greg: Remove the paragraph about the anti-spam plugin

The Kosmos project is an open co-operative of people, who are developing a free, open-source, and user-centric alternative to centralized group chat platforms, based on widely used protocols and standards.

We also offer a variety of other, hosted communication and collaboration services, mostly focused on users and contributors of free and open-source software.

== Products ==

=== Kosmos Chat ===

[[Kosmos Chat]] (ex ''Codename 67P'') is a group communication application, based exclusively on open protocols, standards, and data formats. All of its components can be either self-hosted or connected to hosted services. An alpha version is already in use by developers, and a public beta version is planned for early 2020.

=== Kredits ===

[[Kredits]] are a system for tracking project contributions, enabling the fair and transparent use of project funds, as well as improving project management and governance. After a couple of years of experimentation, we finally started issuing kredits in production earlier this year. Check out the [https://kredits.kosmos.org/ public contribution dashboard] if you're interested.

== Services ==

We run a variety of public services, for which we will soon accept donations for user accounts.

{| class="wikitable"
|-
| [[Services:XMPP | XMPP]] || Instant messaging and group chat
|-
| [https://kosmos.social Mastodon] || Federated social network
|-
| [https://gitea.kosmos.org Gitea] || Code hosting and collaboration
|-
| [[Services:Accounts | Kosmos Accounts]] || Unified accounts for Kosmos services (LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref>, work in progress)
|}

== Community / Getting in touch / Getting involved ==

=== Code ===

* [https://github.com/67P/ GitHub]
* [https://gitea.kosmos.org/kosmos Gitea]

=== Chat ===

* IRC: [https://waves.kosmos.org/logs/freenode/kosmos/today #kosmos] and [https://waves.kosmos.org/logs/freenode/kosmos-dev/today #kosmos-dev] on Freenode
* XMPP: [xmpp:kosmos@kosmos.chat?join kosmos], [xmpp:kosmos-dev@kosmos.chat?join kosmos-dev], [xmpp:kredits@kosmos.chat?join kredits], and [xmpp:ops@kosmos.chat?join ops] on kosmos.chat

=== Social ===

* Fediverse (Mastodon, GNU Social, Hubzilla, etc.): [https://kosmos.social/@kosmos kosmos@kosmos.social]
* Twitter: [https://twitter.com/KosmosHQ @KosmosHQ]

=== Weekly conference calls ===

We hold weekly calls to sync our team (and whoever else is interested) on development progress. Every Thursday, 3:30pm UTC/GMT, in [https://zoom.us/j/414901303 https://zoom.us/j/414901303]. Usually 30 to 60 minutes long.

Topics:

* Kosmos Chat
* Kosmos Kredits
* Kosmos Infra/Ops

== Events ==

This is a list of events with Kosmos activities going on. Please add more, in case you're working on something related somewhere.

=== Upcoming ===

* [https://wiki.xmpp.org/web/Sprints/2020_March_Berlin XMPP Sprint] - March 26-29, Berlin, Germany

=== Past ===

* [https://hackerbeach.org/ Hacker Beach #8] - January 2020, Santa Marta, Colombia
* [[Events/DOTS 2019|DOTS]] - Dec 5-7, 2019, Nakuru, Kenya
* [https://www.thelightningconference.com The Lightning Conference] - Oct 19-20, Berlin (lio17, raucao, slvrbckt)
* [https://opt-out.hcpp.cz/ HCPP] - Oct 2019, Prague (lio17, maxsan, raucao, ...)
* [[Kosmos Hackdays 2019/1]] (August 26-31, 2019, Berlin)
* [https://en.wikipedia.org/wiki/Chaos_Communication_Camp Chaos Communication Camp 2019] (August 21-25, 2019, Mildenberg, Germany)
* [[Kredits Mini Hack Days (April 3-5, 2019, Sambuca di Sicilia, Italy)]]
* [[Kosmos Mini Hack Days (March 5-11, 2019, Chiang Saen, Thailand)]]
* [https://hackerbeach.org/ Hacker Beach #7] - Jan 2019, Coron, Philippines
* [https://neworder.hcpp.cz/ HCPP] - Oct 2018, Prague (lio17, raucao)
* [[Kosmos Hackdays 2018/1]] — Tuscany (Italy) in April (~11-end)
* [[Hacker Beach #6]] (January 2018, Petite Côte, Sénégal)
* [[SHA2017]] (August 4-8, 2017, Zeewolde, NL)
* [[Kosmos Hackdays 2017/1]] (May 2-5, 2017 | during [http://wwwtf.berlin/ WWWTF Berlin])

== Notes ==

See [[Notes]].

== Code of Conduct ==

[[Contributor Code of Conduct]]

== References ==

<references />

Services:XMPP:SASL downgrade

2020-02-20T13:27:15Z

Greg: Add caption

[[Services:XMPP|See Services:XMPP for information about the kosmos.org XMPP server]]

We are in the process of switching over the [[Services:Accounts|accounts to use LDAP]]. However, the LDAP implementation in ejabberd doesn't support SASL authentication, which we were using before. This means that some clients will refuse to connect to the server after the switch, and display a warning about it.

== Conversations for Android ==

[[File:SASL downgrade.jpg|thumb|Press accept]]

In [https://conversations.im/ Conversations], go to the account settings (the form with user address and password). After failing to connect, the 'Save' button will turn into an 'Accept' button<ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 Issue: No (obvious?) way to accept SASL downgrade]</ref>.

== References ==

<references />

Services:XMPP:SASL downgrade

2020-02-20T13:25:53Z

Greg: Add a screenshot of Conversations to accept the SASL downgrade

[[Services:XMPP|See Services:XMPP for information about the kosmos.org XMPP server]]

We are in the process of switching over the [[Services:Accounts|accounts to use LDAP]]. However, the LDAP implementation in ejabberd doesn't support SASL authentication, which we were using before. This means that some clients will refuse to connect to the server after the switch, and display a warning about it.

== Conversations for Android ==

[[File:SASL downgrade.jpg|thumb]]

In [https://conversations.im/ Conversations], go to the account settings (the form with user address and password). After failing to connect, the 'Save' button will turn into an 'Accept' button<ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 Issue: No (obvious?) way to accept SASL downgrade]</ref>.

== References ==

<references />

File:SASL downgrade.jpg

2020-02-20T13:24:12Z

Greg:

SASL downgrade screen on Conversations for Android

Services:Accounts

2020-02-20T13:23:00Z

Greg: Update the instructions for the new LDAP directory structure, add XMPP to the list of services using unified credentials

Services:XMPP:SASL downgrade

2020-02-20T11:35:51Z

Greg: Add link to the XMPP page

[[Services:XMPP|See Services:XMPP for information about the kosmos.org XMPP server]]

We are in the process of switching over the [[Services:Accounts|accounts to use LDAP]]. However, the LDAP implementation in ejabberd doesn't support SASL authentication, which we were using before. This means that some clients will refuse to connect to the server after the switch, and display a warning about it.

== Conversations for Android ==

In [https://conversations.im/ Conversations], go to the account settings (the form with user address and password). After failing to connect, the 'Save' button will turn into an 'Accept' button<ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 Issue: No (obvious?) way to accept SASL downgrade]</ref>.

== References ==

<references />

Infrastructure:LDAP

2020-02-19T17:21:52Z

Greg:

Infrastructure

2020-02-19T16:58:41Z

Greg: Add link to the LDAP infrastructure page

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org ([[Infrastructure:LDAP|LDAP]] using [https://directory.fedoraproject.org 389 Directory Server])

=== GKE ===

We started experimenting with Kubernetes recently. There's a 2-workers cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://velero.io/ Velero] (backups)

Infrastructure:LDAP

2020-02-19T16:58:09Z

Greg: Create initial Infrastructure page for LDAP

Services:XMPP:SASL downgrade

2020-02-17T16:35:21Z

Greg:

We are in the process of switching over the [[Services:Accounts|accounts to use LDAP]]. However, the LDAP implementation in ejabberd doesn't support SASL authentication, which we were using before. This means that some clients will refuse to connect to the server after the switch, and display a warning about it.

== Conversations for Android ==

In [https://conversations.im/ Conversations], go to the account settings (the form with user address and password). After failing to connect, the 'Save' button will turn into an 'Accept' button<ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 Issue: No (obvious?) way to accept SASL downgrade]</ref>.

== References ==

<references />

Services:XMPP:SASL downgrade

2020-02-17T13:31:25Z

Greg: Add a page about the SASL downgrade

We are in the process of switching over the [[Services:Accounts|accounts to use LDAP]]. This page was created in order to document a warning that will occur on some clients after we enable LDAP authentication. The LDAP implementation in ejabberd doesn't support SASL authentication.

The implication is that '''the user does not send a salted & hashed password''' to ejabberd, so the ejabberd process has access to a user's password and sends it over to the LDAP server to authenticate. This is considered <code>PLAIN</code> auth, even when both the XMPP c2s connection and the LDAP connect using TLS.

Some clients will display a warning because they detect that the auth used to be done with SASL, but not any longer. The most common one is [https://conversations.im/ Conversations, the Android client].

== How to accept the warning in Conversations ==

In Conversations you can accept the warning by pressing "Accept" in the account details, that appears where the "Save" button is normally. <ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 No (obvious?) way to accept SASL downgrade]</ref>

Services:Chat

2020-02-14T17:53:41Z

Greg: Undo revision 665 by Greg (talk)

Services:Chat

2020-02-14T17:09:34Z

Greg: Add section about SASL being disabled once we switch to auth using LDAP

== What is XMPP? ==

XMPP is an open standard for instant messages as well as voice and video chat. With XMPP, you can send and receive messages between users on thousands of different chat providers.

== How to connect ==

Usually, you only need your user address and password to configure your chat application.

Your user address is your-username@kosmos.org.

=== Details ===

For advanced users and/or troubleshooting:

;Server/host
: xmpp.kosmos.org
;C2S port
: 5222 (StartTLS), 5223 (TLS)
;S2S port
: 5269
;Bosh URL
: xmpp.kosmos.org:5443/bosh
;In-band Registration
: Closed

=== Caveats ===

==== No SASL with LDAP ====

We are going to switch over the [[Services:Accounts|accounts to use LDAP]]. This has no happened yet, you will receive an email when that happens with a unique generated password and instructions to change it.

The LDAP implementation in ejabberd doesn't support SASL authentication.

<blockquote>You can authenticate users against an LDAP directory. '''Note that current LDAP implementation does not support SASL authentication'''.<ref>[https://docs.ejabberd.im/admin/configuration/#ldap-authentication Configuring ejabberd, LDAP Authentication].</ref>:</blockquote>

The implication is that '''the user does not send a salted & hashed password''' to ejabberd, so the ejabberd process has access to a user's password and sends it over to the LDAP server to authenticate. This is considered <code>PLAIN</code> auth, even when both the XMPP c2s connection and the LDAP connect using TLS

There is an RFC, "Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets"<ref>[https://tools.ietf.org/html/rfc5803 Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted Challenge Response Authentication Mechanism (SCRAM) Secrets].</ref>).

===== Impact =====

Some clients will display a warning because they detect that the auth used to be done with SASL, but not any longer. The most common one is [https://conversations.im/ Conversations, the Android client], so we are including instructions for it.

===== How to accept the warning in Conversations =====

In Conversations you can accept the warning by pressing "Accept" in the account details, that appears where the "Save" button is normally. <ref>[https://github.com/siacs/Conversations/issues/2498#issuecomment-556071993 No (obvious?) way to accept SASL downgrade]</ref>

== Multi-user Chat (MUC) ==

The server is host to a variety of chat rooms. The server's MUC domain is kosmos.chat. Thus, room addresses look like chatroom-name@kosmos.chat. Only local users (with a kosmos.org address) are currently allowed to create chat rooms on kosmos.chat.

Come talk to us in [xmpp:kosmos@kosmos.chat?join kosmos@kosmos.chat]!

== Tor hidden service ==

You can connect to the XMPP server directly from the Tor network. The configuration is the same as for clearnet, except for the server to connect to:

;Server/host
: ht6eqe754p3m2gif.onion

<references />

Services:Chat

2020-02-14T16:38:03Z

Greg: Add the TLS port, clarify that 5222 has StartTLS enabled

Services:Accounts

2020-01-29T17:34:27Z

Greg: Add information about the LDAP server and link to the tracking issue

== Unified accounts for Kosmos services ==

'''''This is work in progress!''''' For now, unified accounts are only enabled on this wiki. We have decided to use LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref> to let users have the same credentials (username and password) across Kosmos services.

The LDAP server is running on ldap.kosmos.org (on barnard, see [[Infrastructure#barnard.kosmos.org|Infrastructure]])

You can [https://gitea.kosmos.org/kosmos/chef/issues/126 follow the status] of the switch to LDAP for the other Kosmos services

=== Changing your password ===

Changing your password will be made possible in the upcoming [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Kosmos Accounts Web UI], but for now some command-line knowledge is required to change your password.

The ''ldappasswd'' command-line tool is provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch Linux. It is already provided in a default macOS installation.

The following command will set your new password, if you type your current password (replace '''yourusername''' with your username)

ldappasswd -x -D cn=''''yourusername'''',ou=users,dc=kosmos,dc=org -W -S -H "ldaps://ldap.kosmos.org"

It will ask you the following passwords:

New password:
Re-enter new password:
Enter LDAP Password:

"New password" is the password that will be set on your LDAP account. "LDAP password" is your current password

If you need any help do not hesitate to ask for help in our [[Main_Page#Chat|ops chatroom]]

== References ==

<references />

Services:Accounts

2020-01-29T16:12:25Z

Greg:

== Unified accounts for Kosmos services ==

This is work in progress, for now unified accounts are only enabled on this wiki. We have decided to use LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref> to let users have the same credentials (username and password) for Kosmos services. If you want to learn more about LDAP you can start with this page<ref>[https://ldap.com/basic-ldap-concepts/ Basic LDAP Concepts]</ref>.

We are currently [https://gitea.kosmos.org/kosmos/chef/issues/123 planning the migration of the next service], [[Services:XMPP|XMPP]] to also use LDAP.

=== Changing your password ===

Changing your password will be made possible in [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Akkounts], but for now some command-line knowledge is required to change your password.

The ''ldappasswd'' command-line tool is provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch. It is already provided in a default macOS installation.

The following command will set your new password, if you type your current password (replace '''yourusername''' with your username)

ldappasswd -x -D cn=''''yourusername'''',ou=users,dc=kosmos,dc=org -W -S -H "ldaps://ldap.kosmos.org"

It will ask you the following passwords:

New password:
Re-enter new password:
Enter LDAP Password:

"New password" is the password that will be set on your LDAP account. "LDAP password" is your current password

If you need any help do not hesitate to ask for help in our [[Main_Page#Chat|ops chatroom]]

== References ==

<references />

Services:Accounts

2020-01-29T16:11:57Z

Greg: Initial Services:Accounts page

== Unified accounts for Kosmos services ==

This is work in progress, for now unified accounts are only enabled on this wiki. We have decided to use LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref> to let users have the same credentials (username and password) for Kosmos services. If you want to learn more about LDAP you can start with this page<ref>[https://ldap.com/basic-ldap-concepts/ Basic LDAP Concepts]</ref>.

We are currently [https://gitea.kosmos.org/kosmos/chef/issues/123 planning the migration of the next service], [[Services:XMPP|XMPP]] to also use LDAP.

=== Changing your password ===

Changing your password will be made possible in [https://gitea.kosmos.org/kosmos/akkounts-web/issues/5 Akkounts], but for now some command-line knowledge is required to change your password.

The `ldappasswd` command-line tool is provided by different packages depending on your OS. For example ''ldap-utils'' on Ubuntu, ''openldap-clients'' on Fedora, ''openldap'' on Arch. It is already provided in a default macOS installation.

The following command will set your new password, if you type your current password (replace '''yourusername''' with your username)

ldappasswd -x -D cn=''''yourusername'''',ou=users,dc=kosmos,dc=org -W -S -H "ldaps://ldap.kosmos.org"

It will ask you the following passwords:

New password:
Re-enter new password:
Enter LDAP Password:

"New password" is the password that will be set on your LDAP account. "LDAP password" is your current password

If you need any help do not hesitate to ask for help in our [[Main_Page#Chat|ops chatroom]]

== References ==

<references />

Infrastructure

2020-01-29T15:23:42Z

Greg: Remove link to LDAP PR

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org (LDAP using [https://directory.fedoraproject.org 389 Directory Server])

=== GKE ===

We started experimenting with Kubernetes recently. There's a 2-workers cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://velero.io/ Velero] (backups)

Main Page

2020-01-29T13:27:59Z

Greg: Enable references again now that the Cite extension is enabled

The Kosmos project is an open co-operative of people, who are developing a free, open-source, and user-centric alternative to centralized group chat platforms, based on widely used protocols and standards.

We also offer a variety of other, hosted communication and collaboration services, mostly focused on users and contributors of free and open-source software.

''Please note: this wiki is protected by an anti-spam service, which can be a bit overzealous in blocking registrations and edits. If your signup or edit is blocked, please contact us and we'll get you sorted! See below for various contact options.''

== Products ==

=== Kosmos Chat ===

[[Kosmos Chat]] (ex ''Codename 67P'') is a group communication application, based exclusively on open protocols, standards, and data formats. All of its components can be either self-hosted or connected to hosted services. An alpha version is already in use by developers, and a public beta version is planned for early 2020.

=== Kredits ===

[[Kredits]] are a system for tracking project contributions, enabling the fair and transparent use of project funds, as well as improving project management and governance. After a couple of years of experimentation, we finally started issuing kredits in production earlier this year. Check out the [https://kredits.kosmos.org/ public contribution dashboard] if you're interested.

== Services ==

We run a variety of public services, for which we will soon accept donations for user accounts.

{| class="wikitable"
|-
| [[Services:XMPP | XMPP]] || Instant messaging and group chat
|-
| [https://kosmos.social Mastodon] || Federated social network
|-
| [https://gitea.kosmos.org Gitea] || Code hosting and collaboration
|-
| [[Services:Accounts | Kosmos Accounts]] || Unified accounts for Kosmos services (LDAP<ref>[https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol]</ref>, work in progress)
|}

== Community / Getting in touch / Getting involved ==

=== Code ===

* [https://github.com/67P/ GitHub]
* [https://gitea.kosmos.org/kosmos Gitea]

=== Chat ===

* IRC: [https://waves.kosmos.org/logs/freenode/kosmos/today #kosmos] and [https://waves.kosmos.org/logs/freenode/kosmos-dev/today #kosmos-dev] on Freenode
* XMPP: [xmpp:kosmos@kosmos.chat?join kosmos], [xmpp:kosmos-dev@kosmos.chat?join kosmos-dev], [xmpp:kredits@kosmos.chat?join kredits], and [xmpp:ops@kosmos.chat?join ops] on kosmos.chat

=== Social ===

* Fediverse (Mastodon, GNU Social, Hubzilla, etc.): [https://kosmos.social/@kosmos kosmos@kosmos.social]
* Twitter: [https://twitter.com/KosmosHQ @KosmosHQ]

=== Weekly conference calls ===

We hold weekly calls to sync our team (and whoever else is interested) on development progress. Every Thursday, 3:30pm UTC/GMT, in [https://zoom.us/j/414901303 https://zoom.us/j/414901303]. Usually 30 to 60 minutes long.

Topics:

* Kosmos Chat
* Kosmos Kredits
* Kosmos Infra/Ops

== Events ==

This is a list of events with Kosmos activities going on. Please add more, in case you're working on something related somewhere.

=== Upcoming ===

* [https://hackerbeach.org/ Hacker Beach #8] - January 2020, Santa Marta, Colombia
* [https://wiki.xmpp.org/web/Sprints/2020_March_Berlin XMPP Sprint] - March 26-29, Berlin, Germany

=== Past ===

* [[Events/DOTS 2019|DOTS]] - Dec 5-7, 2019, Nakuru, Kenya
* [https://www.thelightningconference.com The Lightning Conference] - Oct 19-20, Berlin (lio17, raucao, slvrbckt)
* [https://opt-out.hcpp.cz/ HCPP] - Oct 2019, Prague (lio17, maxsan, raucao, ...)
* [[Kosmos Hackdays 2019/1]] (August 26-31, 2019, Berlin)
* [https://en.wikipedia.org/wiki/Chaos_Communication_Camp Chaos Communication Camp 2019] (August 21-25, 2019, Mildenberg, Germany)
* [[Kredits Mini Hack Days (April 3-5, 2019, Sambuca di Sicilia, Italy)]]
* [[Kosmos Mini Hack Days (March 5-11, 2019, Chiang Saen, Thailand)]]
* [https://hackerbeach.org/ Hacker Beach #7] - Jan 2019, Coron, Philippines
* [https://neworder.hcpp.cz/ HCPP] - Oct 2018, Prague (lio17, raucao)
* [[Kosmos Hackdays 2018/1]] — Tuscany (Italy) in April (~11-end)
* [[Hacker Beach #6]] (January 2018, Petite Côte, Sénégal)
* [[SHA2017]] (August 4-8, 2017, Zeewolde, NL)
* [[Kosmos Hackdays 2017/1]] (May 2-5, 2017 | during [http://wwwtf.berlin/ WWWTF Berlin])

== Notes ==

See [[Notes]].

== Code of Conduct ==

[[Contributor Code of Conduct]]

== References ==

<references />

Team

2020-01-28T12:25:54Z

Greg: Use the new wiki usernames

''Please note: this page is a bit outdated.''

== The Agreement ==

The core team consists of a group of people, who have agreed with each other on several things:

* Kosmos is sorely needed an we want to use it today/asap/yesterday
* We can imagine this to be commercially successful, and we can see us founding a company for the paid/pro version and potentially working for it at some point (to whatever degree that might be)
* We will take the first step and implement the prototype MVP as a side project. Most of us will come to Chaos Communication Camp in August 2015, so we'll try to finish the MVP during our time there and then define how to proceed
* All work done until then, and (as far as possible) forever, will be published under open-source licenses. However, we want to protect the project name/ trademark, so that people using the name/trademark commercially need to ask our permission, and so that we can use the name commercially ourselves for the benefit of all contributors (incl. non-partners/employees/shareholders).

== People ==

{| class="" style="width: 100%; text-align: left"
! Name
! a.k.a.
! Involvement/expertise
! Kredit address
|-
| Ben Kero
| bkero
| SysOps, DevOps, *nix systems, infrastructure development, IRC, open-source collab/community/dev/relations, ...
|-
| David Grieshammer
| lsa, lsa232
| User experience design, interaction design, graphic/web design, audio, ...
|-
| [[User:Galfert|Garret Alfert]]
| galfert
| Software development (full-stack), Ember.js, RemoteStorage, back-end, payments, ...
| 1KLjNG9FFyTGzZdtyZjQLqhEz8VqkyKkeF
|-
| [[User:Greg|Greg Karékinian]]
| gregkare, gkarekinian
| Infrastructure development, DevOps, operations, Chef, Ruby, *nix systems ...
| 1JspMAYETsLWbB1mRaGFFo8kXb96mERFPA
|-
| [[User:Jan|Jan Lelis]]
| janlelis, jan, jaaan
| Software development (full-stack), WebRTC, Ruby, Rails, JavaScript, AngularJS
| 1D98jYRnPYBFdd5zeLkMQgXoifEmeh6fmH
|-
| Michael Bumann
| bumi, derbumi
| Fin-tech development, blockchain technologies, Bitcoin, Ruby, Java, JavaScript, crowd funding/investment, ...
| 1Dwvbv5uMxhgHBbqawDUMSxmxmzL7VJoxV
|-
| [[User:Silverbucket|Nick Jennings]]
| silverbucket, slvrbckt
| Software development (full-stack), JavaScript, Node.js, Sockethub, RemoteStorage, ...
| 19UubPU4SKymYA7gbqoyStNavQAJDrBA59
|-
| [[User:Raucao|Sebastian Kippe]]
| basti, skddc, raucao
| Software development (full-stack), front-end/UI, Ember.js, RemoteStorage / business, funding, human resources, ...
| 18mFwCsjRr1M1D6kcNwWEEumhpD5i7Amqf
|-
|}

User:Slvrbckt

2020-01-27T15:03:48Z

Greg: Greg moved page User:Silverbucket to User:Slvrbckt: Automatically moved page while renaming the user "Silverbucket" to "Slvrbckt"

'''Real name:''' Nick Jennings

'''Freenode nick:''' slvrbckt

'''Personal website:''' https://silverbucket.net

'''GitHub:''' https://github.com/silverbucket

'''Twitter:''' https://twitter.com/slvrbckt

User:Silverbucket

2020-01-27T15:03:48Z

Greg: Greg moved page User:Silverbucket to User:Slvrbckt: Automatically moved page while renaming the user "Silverbucket" to "Slvrbckt"

#REDIRECT [[User:Slvrbckt]]

User:Raucao

2020-01-27T12:36:54Z

Greg: Greg moved page User:Basti to User:Raucao: Automatically moved page while merging the account "Basti" to "Raucao"

* '''Real name:''' Sebastian Kippe
* '''Freenode nick:''' raucao
* '''Personal website:''' https://sebastian.kip.pe
* '''GitHub:''' https://github.com/skddc
* '''Twitter:''' https://twitter.com/skddc

== Notes ==

=== Awesome space pictures (<3 nebulae) ===

* http://www.cieloprofundo.com/
* http://www.martinpughastrophotography.id.au/
* http://www.astroanarchy.blogspot.cz/
* https://500px.com/rafaeldefavari
* http://astro-cabinet.com
* http://lvvastro.com/wordpress/?cat=3
* http://www.esa.int/Our_Activities/Space_Science/Mars_Express
* https://500px.com/demeterderek
* https://www.flickr.com/photos/113243238@N08/

User:Greg

2020-01-24T15:46:16Z

Greg:

* '''Real name:''' Greg Karékinian
* '''Freenode nick:''' gregkare
* '''Personal website:''' https://karekinian.com
* '''GitHub:''' https://github.com/gregkare

Infrastructure

2019-12-10T14:15:31Z

Greg: Add LDAP service to barnard

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)
* ldap.kosmos.org (LDAP using [https://directory.fedoraproject.org 389 Directory Server], [https://gitea.kosmos.org/kosmos/chef/pulls/115 chef pull request])

=== GKE ===

We started experimenting with Kubernetes recently. There's a 2-workers cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://velero.io/ Velero] (backups)

Kredits

2019-12-05T16:03:00Z

Greg: Fix a few typos

Kredits are a system for tracking contributions to Kosmos projects, enabling the fair and transparent use of project funds, as well as improving project management and governance.

For now, kredits are mostly a fun experiment and gaming element, but the long-term idea is that they can be rewarded with dividends, if or when the Kosmos project/org is in a financial position that allows it to reward everybody contributing to its success.

== Current status ==

After a few years of experimentation, we finally started issuing kredits in production earlier this year (2019). We also have a functioning, usable Web UI up and running, which interacts directly with Ethereum and IPFS nodes, and which you can also use to create your contributor account: https://kredits.kosmos.org

== Concept & Architecture ==

=== Smart contracts ===

Kredits are cryptographic tokens, (currently) stored on the [https://ethereum.org/ Ethereum] blockchain, issued and managed via programs called [https://en.wikipedia.org/wiki/Smart_contract smart contracts].

We use two types of tokens:

# A non-fungible [https://eips.ethereum.org/EIPS/eip-721 ERC721] token, which represents the actual contributions. These are unique, and they cannot be sent or traded with other people. They are earned by contributing to Kosmos projects, and either one of our bots or one of our contributors propose to create them for a contribution.
# A fungible [https://eips.ethereum.org/EIPS/eip-20 ERC20] token, which represents the value of contributions. These are not unique, meaning every token represents the same value. They can be sent to other addresses using any ERC20-compatible wallet.

Every contribution token/record contains the amount of ERC20 kredits that can be claimed by the contributor. "Claiming" those tokens basically means paying them out from the Kredits smart contract to your own wallet. This is optional, and the contributor can choose to do this whenever they want.

=== Data storage ===

All non-essential data (basically everything except for pure IDs and numbers/amounts) is stored on [https://ipfs.io/ IPFS]. In order to ensure that no data is lost, and all data is available to Kredits users at all times, we run a few Kosmos IPFS nodes, as well as a public IPFS gateway. See [[Kredits:IPFS]] for more information.

=== High-level overview ===

[[File:High-level-architecture.png|960px|link=https://wiki.kosmos.org/images/c/c1/High-level-architecture.svg|frameless|caption]]

== Software ==

=== Kredits Contracts ===

[https://github.com/67P/kredits-contracts/ kredits-contracts] contains the smart contracts, written in Solidity, as well as the generated contract ABI for use with the Web3 JavaScript library (e.g. in kredits-web). It can be linked from other programs via npm.

=== Kosmos Schemas ===

[https://github.com/67P/kosmos-schemas/ kosmos-schemas] contains the JSON Schema definitions and examples for all data stored in IPFS. They can be used in the kredits-contracts JS wrapper as well as in client apps.

=== Kredits Web ===

[https://github.com/67P/kredits-web/ kredits-web] is the Web UI for the public Kredits dashboard and management UI. The app is hosted on 5apps Deploy at [https://kredits.kosmos.org/ kredits.kosmos.org].

=== Hubot Kredits ===

[https://github.com/67P/hubot-kredits hubot-kredits] is a Hubot chatbot extension, which can automatically create (unconfirmed) contribution tokens, e.g. based on GitHub contributions, Mediawiki edits, etc.. We also use it to prototype back-end behavior that is potentially needed in `kredits-web`.

=== Kredits GitHub ===

[https://github.com/67P/kredits-github kredits-github] is a very simple GitHub app, which adds a check to pull requests in org repos, ensuring that they are assigned a kredits label, which is used by hubot-kredits to determine the size of the contribution.

=== Kredits IPFS Pinner ===

[https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner kredits-ipfs-pinner] pins IPFS data of a Kredits organization on an IPFS node. Running this program turns any IPFS node into a live mirror for all Kredits-related documents.

== Democratic governance via Kredits ==

Kredits have the potential to be used for distributed governance of the Kosmos project and organization. The basic idea is that people can vote on decisions with a vote that carries a weight according to their contributions. In short: the people who do should be the ones who decide. With a limited set of basic rules, this makes for an interesting new and decentralized approach to open-source governance.

== Roadmap ==

See https://wiki.kosmos.org/Meeting_Notes:_Feb_25,_2019#Kredits_Roadmap_2019

== Ideas ==

* <del>Leaderboard for contributions/kredits, where people can choose to publish their name or not (based on actual blockchain data)</del> WIP, almost done: https://kredits.kosmos.org/
* Some way for new contributors to claim kredits sent to them via email link or similar (Update: current idea is to issue them without the need for an address, then be able to confirm address change via GitHub OAuth and admin action/proposal)
* <del>IRC bot for small transactions, so people can send each other kredits on Kosmos project channels</del> Turned out to not make sense.
* <del>Custom wallet, removing all unnecessary features and integrating custom features we'd like to have (like e.g. easy multisig transactions, linked/initiated from a Kosmos chatroom)</del> WIP, almost done: https://github.com/67P/kredits-web/ (tokens can be sent via normal ETH wallets)
* [[Contribution Dashboard]] for regular Kredit distribution as well as general project stats
* Expense management, similar to https://opencollective.com/learn-more
* Interoperability with other coops/projects/software
** https://docs.opencoopecosystem.net/
** https://www.valueflo.ws/

== Similar projects/ideas ==

* [https://medium.com/@ecsa_team/programmed-decentralised-commons-production-2b1fac7cf9a8 cDPOs (commons-oriented decentralised programmed organisations)] as frameworks to bootstrap, develop & sustain commons projects
* [https://blog.colony.io/colony-beta-product-summary-2121a357d61d?mc_cid=b1750a36c8&mc_eid=fb43075dba#.9egmfejax Colony] -- "The Colony Beta is for teams who want to create their own “Collaboration Network”—a place to work with, incentivize, and track the contributions of a network of collaborators. It combines task management with “payments” and tracking."
* [http://aragon.one/ Aragon]
* [https://github.com/ether-camp/virtual-accelerator/ ether-camp/virtual accelerator] -- "The Virtual Accelerator is a platform that allows for the promotion, testing and funding of ideas. " HackerGold is their token.
* [http://boardroom.to/ boardroom.to] -- A blockchain based governance platform.
* [https://lunyr.com/ Lunyr] -- "Lunyr is an Ethereum-based decentralized crowdsourced encyclopedia which rewards users with app tokens for peer-reviewing and contributing information."
* [https://singulardtv.com/ Singulardtv] -- "A Blockchain Entertainment Studio, Smart Contract Rights Management Platform and Video On-Demand Portal"

see also:

* [https://tokenmarket.net/ TokenMarket] -- "Trade and research 152 digital assets. Organize crowdsales."
* [https://medium.com/@ConsenSys/tokens-on-ethereum-e9e61dac9b4e#.hfxscd8yx Tokens on Ethereum] about Ethereum based tokens by ConsenSys
* [https://medium.com/@balajis/thoughts-on-tokens-436109aabcbe Thoughts on Tokens] by Balaji S. Srinivasan and Naval Ravikant
* [https://www.misthos.io/ Misthos] (multi-sig bitcoin wallet, "designed for project teams, investment partnerships and other ad hoc ventures to manage the divvying up of income (received as bitcoin) among their individual members", based on Blockstack, [https://www.coindesk.com/bitcoin-wallet-blockstack-decentralized/ Coindesk article])
* https://sourcecred.io
* [https://freecoin.dyne.org/ Freecoin]

== Similar code/inspirations/links ==

* [https://github.com/Lunyr/crowdsale-contracts/tree/master/contracts Lynyr contracts]
* [https://github.com/Giveth/minime minime contracts]
* [https://github.com/ConsenSys/gnosis-contracts/blob/master/contracts/solidity/Tokens/StandardToken.sol gnosis-contracts]
* [https://github.com/melonproject/melon/ melonproject contracts]
* Paper: [https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3243656 "Liberal Radicalism: Formal Rules for a Society Neutral Among Communities"]

== Notes ==

* [https://sideshift.ai/ Sideshift] is similar to Shapeshift, but without KYC and such. Could be used to donate to the Kredits contract using Bitcoin via LN, as well as via normal chain txs with a variety of currencies.

Infrastructure

2019-09-26T12:57:49Z

Greg: Switch the MUC server to kosmos.chat

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and kosmos.chat MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org ([https://github.com/sockethub/sockethub sockethub])
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]
* [https://gitea.kosmos.org/kosmos/wormhole wormhole] (IRC/XMPP bridge between Kosmos rooms on Freenode and kosmos.chat)

=== GKE ===

We started experimenting with Kubernetes recently. There's a 2-workers cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://velero.io/ Velero] (backups)

Services:Chat

2019-09-26T12:57:20Z

Greg: Switch the MUC server to kosmos.chat

Infrastructure

2019-08-13T08:54:53Z

Greg: Ark is now Velero, update the number of workers on GKE

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and chat.kosmos.org MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node + public gateway)
** <code>ipfs swarm connect /ip4/46.4.18.160/tcp/4001/ipfs/QmZ4Lpzhz8bafbTYvEMMCmrbrMM4JfyHDR23WbCSAd9bo7</code>
* [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner] (pinning kredits data from smart contract events)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org (Sockethub)
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + [https://gitea.kosmos.org/kosmos/kredits-ipfs-pinner/ kredits-ipfs-pinner]

=== GKE ===

We started experimenting with Kubernetes recently. There's a 2-workers cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://velero.io/ Velero] (backups)

Infrastructure

2019-05-28T10:32:12Z

Greg:

The Kosmos project is running some community IT infrastructure, currently sponsored by 5apps. Please ask in #kosmos-dev on Freenode if you need access, changes, info, or whatever else.

== Servers ==

Most things are configured via Chef Solo, based on https://gitea.kosmos.org/kosmos/chef

=== Hetzner ===

These are root servers run by Hetzner Online GmbH in German datacenters (using renewable energy).

==== andromeda.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* kosmos.org XMPP and chat.kosmos.org MUC (ejabberd)
* bitcoind (mainnet)
* lnd (mainnet, [https://www.robtex.com/lightning/node/024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946 node info])
* c-lightning (mainnet, [https://www.robtex.com/lightning/node/03e26a98ee4d1320d5775fab291580969180592db3679e6d32e360dbd147066ca3 node info])
* ipfs.kosmos.org (IPFS node)
* ipfs-cluster (to ensure kredits data is replicated)
* [https://kosmos.social kosmos.social] (Mastodon)
* wiki.kosmos.org (you're looking at it)

=== Digital Ocean ===

==== barnard.kosmos.org ====

Running Ubuntu 18.04 LTS

Currently hosting:

* sockethub.kosmos.org (Sockethub)
* Some IRC and XMPP bots (incl. botka and hal8000 on freenode)
* IPFS + ipfs-cluster (syncing with andromeda)

=== GKE ===

We started experimenting with Kubernetes recently. There's a 3-node cluster running on Google Kubernetes Engine at the moment.

* [https://gitea.kosmos.org/ gitea.kosmos.org] (Gitea, see [https://gitea.kosmos.org/kosmos/gitea.kosmos.org/ config repo])
* [https://heptio.github.io/ark/ ark] (backups)