Skip to main content

Service Provisioning Checlist

Purpose

This checklist is to ensure that all aspects of ana activenew service are decommissionedprovisioned properly, completely, and in the correct order to prevent potential failures elsewhere in the system.

Steps

  • Determine any potential impact to any other services; see things to look out for below
    • Is this service going to be running on app-01 or a different host?
    • Is it going to tie into SSO auth?
    • Is it going to need a database? Service files folder in /mnt/data/services on app-01?
  • Determine which monitoring systems need to be disabled, permanently and temporarily to prevent service outage notifications
  • If this service has a MariaDB, PostgreSQL or otherwise database, remove its entry from the nixOS borgmatic config to prevent backup failure
  • If this service is running in a Docker container, tear down its compose project. Otherwise stop the service and disable/remove its nixOS config. Push configuration change to staging branch

    • Do not push this change to main until testing that the configuration builds successfully

    • If this service is a docker-compose project, move its folder to ~/Containers/.retired-services

  • If this service is publicly exposed with a TLS cert, remove its entry from traefik's acme.json file to prevent unwanted cert renewals
  • If remaining data is unwanted, clear all relevant files from the filesystem i.e. /srv/<servicename> and any relevant databases and secrets
  • Push changes fromstaging to main 
  • If any related monitoring systems were temporarily put into maintenance mode, re-enable them in Uptime Kuma and Healthchecks

Vikunja Copy-Paste Version

  • Shutdown/disable needed monitoring services
  • Remove/disable borgmatic database backup entry from nixOS to prevent borgmatic failure
  • Teardown compose project/remove nixOS service config, push change to staging
    • If docker-compose project, move to ~/Containers/.retired-services
  • Remove service's entry from traefik's acme.json file to prevent unwanted cert renewals
  • If unneeded, clear all remaining files from the filesystem i.e. /srv/<servicename> and any relevant databases and secrets
  • Push changes fromstaging to main 
  • Re-enable monitoring systems as needed
Back to top