Skip to main content

Service Provisioning Checlist

Purpose

This checklist is to ensure that all aspects of a new service are provisioned properly, completely, and in the correct order to prevent potential failures elsewhere in the system.

Steps

  • Determine any potential impact to any other services; see things to look out for below
    • Is this service going to be running on app-01 or a different host?
    • Is it going to utilize SSO auth?
    • Is it going to need a database? Service files folder in /mnt/data/services on app-01?
    • Is it going to need any other secrets?
    • Does this service need to be monitored?
    • Exposed to the public internet?
    • Utilizing a mailserver or ntfy to send notifications?
  • Determine the most feasible deployment method
    • Docker container
    • nixOS module (preferred for reproducibility and programmatic configuration)

Check on repology.org to verify if the nixOS module is up to date with upstream

  • If this service has a MariaDB, PostgreSQL or otherwise database, remove its entry from the nixOS borgmatic config to prevent backup failure
  • If this service is running in a Docker container, tear down its compose project. Otherwise stop the service and disable/remove its nixOS config. Push configuration change to staging branch

Do not push this change to main until testing that the configuration builds successfully

If this service isuses a docker-compose project, move its folder to ~/Containers/.retired-services

database
  • IfCreate thisand servicestore isdatabase publiclysecrets exposedunder withBitwarden aSecrets TLSManager, cert, remove its entry from traefik's acme.json file to prevent unwanted cert renewals
  • If remaining data is unwanted, clear all relevant files fromusing the filesystemfollowing i.e.naming convention: /srv/webservices.<servicenameservice name>.db_pass and any relevant databases and secrets
  • Push
changes fromstaging to main 
  • If any related monitoring systems were temporarily put into maintenance mode, re-enable them in Uptime Kuma and Healthchecks

    • Vikunja Copy-Paste Version

    • Shutdown/disable needed monitoring services
    • Remove/disable borgmatic database backup entry from nixOS to prevent borgmatic failure
    • Teardown compose project/remove nixOS service config, push change to staging
      • If docker-compose project, move to ~/Containers/.retired-services
    • Remove service's entry from traefik's acme.json file to prevent unwanted cert renewals
    • If unneeded, clear all remaining files from the filesystem i.e. /srv/<servicename> and any relevant databases and secrets
    • Push changes fromstaging to main 
    • Re-enable monitoring systems as needed
    Back to top