1 files changed, 45 insertions, 30 deletions
diff --git a/topics/systems/update-production-checklist.gmi b/topics/systems/update-production-checklist.gmi
index b17077b..2cb0761 100644
--- a/topics/systems/update-production-checklist.gmi
+++ b/topics/systems/update-production-checklist.gmi
@@ -1,23 +1,28 @@
 # Update production checklist
 
+Last migration round is the move to tux03 (Sept2025)!
 
 # Tasks
 
 * [X] Install underlying Debian
 * [X] Get guix going
-* [ ] Check database
-* [ ] Check gemma working
-* [ ] Check global search
-* [ ] Check authentication
-* [ ] Check sending E-mails
-* [ ] Make sure info.genenetwork.org can reach the DB
+* [X] Check database settings
+* [X] Check gemma working
+* [X] Check global search
+* [X] Check authentication
+* [X] Check sending E-mails
+* [X] Check SPARQL
+* [X] Make sure info.genenetwork.org and 'space' can reach the DB
 * [ ] Backups
 
 The following are at the system level
 
-* [ ] Make journalctl presistent
-* [ ] Update certificates in CRON
-* [ ] Run trim in CRON
+* [X] Firewalling and other security measures (sshd)
+* [X] Check tmpdirs (cleanup?)
+* [X] Make sure journalctl persistent (check for reboots)
+* [X] Update certificates in CRON (no longer if not part of Guix)
+* [X] Run trim in CRON
+* [ ] Monitors (sheepdog)
 
 # Install underlying Debian
 
@@ -27,7 +32,9 @@ For our production systems we use Debian as a base install. Once installed:
 * [X] add ttyS0 support for grub and kernel - so out-of-band works
 * [X] start ssh server and configure not to use with passwords
 * [X] start nginx and check external networking
-* [ ] set up E-mail routing
+* [X] mount old root
+* [X] Clean up /etc/profile (remove global profile.d loading)
+* [X] set up E-mail routing
 
 It may help to mount the old root if you have it. Now it is on
 
@@ -37,25 +44,30 @@ mount /dev/sdd2 /mnt/old-root/
 
 # Get Guix going
 
-* [X] Install Guix daemon
+* [X] Mount bind /gnu on a large partition
 * [X] Move /gnu/store to larger partition
-* [X] Update Guix daemon and setup in systemd
+* [X] Install Guix daemon
+* [X] Update Guix daemon and setup in systemd (if necessary)
 * [X] Make available in /usr/local/guix-profiles
-* [X] Clean up /etc/profile
 
-We can bootstrap with the Debian guix package. Next move the store to a large partion and hard mount it in /etc/fstab with
+Next move the /gnu store to a large partion and hard mount it in /etc/fstab with
 
 ```
 /export2/gnu /gnu none defaults,bind 0 0
 ```
 
+We can bootstrap with the Debian guix package (though I prefer the guix-install.sh script these days, mostly because it is more modern).
+
+=> https://guix.gnu.org/manual/en/html_node/Binary-Installation.html
+
+
 Run guix pull
 
 ```
-wrk@tux04:~$ guix pull -p ~/opt/guix-pull --url=https://codeberg.org/guix/guix-mirror.git
+guix pull --url=https://codeberg.org/guix/guix  -p ~/opt/guix-pull
 ```
 
-Use that to install guix in /usr/local/guix-profiles
+Use that also to install guix in /usr/local/guix-profiles
 
 ```
 guix package -i guix -p /usr/local/guix-profiles/guix
@@ -68,9 +80,9 @@ The Debian installer configures guix. I tend to remove the profiles from /etc/pr
 # Check database
 
 * [X] Install mariadb
-* [ ] Recover database
-* [ ] Test permissions
-* [ ] Mariadb update my.cnf
+* [X] Recover database
+* [X] Test permissions
+* [X] Mariadb update my.cnf
 
 Basically recover the database from a backup is the best start and set permissions. We usually take the default mariadb unless production is already on a newer version - so we move to guix deployment.
 
@@ -114,12 +126,12 @@ We use borg for backups. First restore the backup on the PCIe. Also a test for o
 The swaks package is quite useful to test for a valid receive host:
 
 ```
-swaks --to testing-my-server@gmail.com --server smtp.uthsc.edu
-=== Trying smtp.uthsc.edu:25...
-=== Connected to smtp.uthsc.edu.
-<-  220 mailrouter8.uthsc.edu ESMTP NO UCE
- -> EHLO tux04.uthsc.edu
-<-  250-mailrouter8.uthsc.edu
+swaks --to testing-my-server@gmail.com --server smtp.network
+=== Trying smtp.network:25...
+=== Connected to smtp.network.
+<-  220 mailrouter8.network ESMTP NO UCE
+ -> EHLO tux04.network
+<-  250-mailrouter8.network
 <-  250-PIPELINING
 <-  250-SIZE 26214400
 <-  250-VRFY
@@ -129,7 +141,7 @@ swaks --to testing-my-server@gmail.com --server smtp.uthsc.edu
 <-  250-8BITMIME
 <-  250-DSN
 <-  250 SMTPUTF8
- -> MAIL FROM:<root@tux04.uthsc.edu>
+ -> MAIL FROM:<root@tux04.network>
 <-  250 2.1.0 Ok
  -> RCPT TO:<pjotr2020@thebird.nl>
 <-  250 2.1.5 Ok
@@ -137,9 +149,9 @@ swaks --to testing-my-server@gmail.com --server smtp.uthsc.edu
 <-  354 End data with <CR><LF>.<CR><LF>
  -> Date: Thu, 06 Mar 2025 08:34:24 +0000
  -> To: pjotr2020@thebird.nl
- -> From: root@tux04.uthsc.edu
+ -> From: root@tux04.network
  -> Subject: test Thu, 06 Mar 2025 08:34:24 +0000
- -> Message-Id: <20250306083424.624509@tux04.uthsc.edu>
+ -> Message-Id: <20250306083424.624509@tux04.network>
  -> X-Mailer: swaks v20201014.0 jetmore.org/john/code/swaks/
  ->
  -> This is a test mailing
@@ -161,7 +173,7 @@ dc_readhost=''
 dc_relay_domains=''
 dc_minimaldns='false'
 dc_relay_nets=''
-dc_smarthost='smtp.uthsc.edu'
+dc_smarthost='smtp.network'
 CFILEMODE='644'
 dc_use_split_config='false'
 dc_hide_mailname='false'
@@ -172,7 +184,7 @@ dc_localdelivery='maildir_home'
 And this should work:
 
 ```
-swaks --to myemailaddress --from john@uthsc.edu --server localhost
+swaks --to myemailaddress --from john@network --server localhost
 ```
 
 # Backups
@@ -180,3 +192,6 @@ swaks --to myemailaddress --from john@uthsc.edu --server localhost
 * [ ] Create an ibackup user.
 * [ ] Install borg (usually guix version)
 * [ ] Create a borg passphrase
+
+=> topics/systems/backups-with-borg.gmi
+=> topics/systems/backup-drops.gmi