Service Provisioning Checlist
Purpose
This checklist is to ensure that all aspects of a new service are provisioned properly, completely, and in the correct order to prevent potential failures elsewhere in the system.
Steps
- Determine any potential impact to any other services; see things to look out for below
- Is this service going to be running on app-01 or a different host?
- Is it going to utilize SSO auth?
- Is it going to need a database? Service files folder in /mnt/data/services on app-01?
- Is it going to need any other secrets?
- Does this service need to be monitored?
- Exposed to the public internet?
- Utilizing a mailserver or ntfy to send notifications?
- Determine the most feasible deployment method
- Docker container
- nixOS module (preferred for reproducibility and programmatic configuration)
Check on repology.org to verify if the nixOS module is up to date with upstream before choosing to use the nixOS module
- If the service uses a database
- Create and store database secrets under Bitwarden Secrets Manager, using the following naming convention:
webservices.<service name>.db_pass
- Create and store database secrets under Bitwarden Secrets Manager, using the following naming convention:
Vikunja Copy-Paste Version
- Shutdown/disable needed monitoring services
- Remove/disable borgmatic database backup entry from nixOS to prevent borgmatic failure
- Teardown compose project/remove nixOS service config, push change to
staging- If docker-compose project, move to ~/Containers/.retired-services
- Remove service's entry from traefik's
acme.jsonfile to prevent unwanted cert renewals - If unneeded, clear all remaining files from the filesystem i.e.
/srv/<servicename>and any relevant databases and secrets - Push changes from
stagingtomain - Re-enable monitoring systems as needed