Skip to main content

Service Provisioning Checlist

Purpose

This checklist is to ensure that all aspects of a new service are provisioned properly, completely, and in the correct order to prevent potential failures elsewhere in the system.

Steps

  • Determine any potential impact to any other services; see things to look out for below
    • Is this service going to be running on app-01 or a different host?
    • Is it going to utilize SSO auth?
    • Is it going to need a database? Service files folder in /mnt/data/services on app-01?
    • Is it going to need any other secrets?
    • Does this service need to be monitored?
    • Exposed to the public internet?
    • Utilizing a mailserver or ntfy to send notifications?
Determine the most feasible deployment method
  • Docker container
  • nixOS module (preferred for reproducibility and programmatic configuration)

Check on repology.org to verify if the nixOS module is up to date with upstream

  • If this service has a MariaDB, PostgreSQL or otherwise database, remove its entry from the nixOS borgmatic config to prevent backup failure
If this service is running in a Docker container, tear down its compose project. Otherwise stop the service and disable/remove its nixOS config. Push configuration change to staging branch

Do not push this change to main until testing that the configuration builds successfully

If this service isuses a docker-compose project, move its folder to ~/Containers/.retired-services

database
  • IfCreate thisand servicestore isdatabase publiclysecrets exposedunder withBitwarden aSecrets TLSManager, cert, remove its entry from traefik's acme.json file to prevent unwanted cert renewals
If remaining data is unwanted, clear all relevant files fromusing the filesystemfollowing i.e.naming convention: /srv/webservices.<servicenameservice name>.db_pass and any relevant databases and secrets Push changes fromstaging to main  If any related monitoring systems were temporarily put into maintenance mode, re-enable them in Uptime Kuma and Healthchecks

Vikunja Copy-Paste Version

  • Shutdown/disable needed monitoring services
  • Remove/disable borgmatic database backup entry from nixOS to prevent borgmatic failure
  • Teardown compose project/remove nixOS service config, push change to staging
    • If docker-compose project, move to ~/Containers/.retired-services
  • Remove service's entry from traefik's acme.json file to prevent unwanted cert renewals
  • If unneeded, clear all remaining files from the filesystem i.e. /srv/<servicename> and any relevant databases and secrets
  • Push changes fromstaging to main 
  • Re-enable monitoring systems as needed
Back to top