Update README.md

2022-10-07 12:35:45 +02:00
parent 52c8c98bbe
commit a7e161256e
2 changed files with 155 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -35,20 +35,170 @@ git clone https://git.fsfe.org/fsfe-system-hackers/staff-laptop.git
 Finally, execute the Ansible playbook on the target host by running:
 ```shell
-cd staff-laptop                      # Navigate to repository
+cd staff-laptop # Navigate to repository
-ansible-playbook -K -v playbook.yml  # When queried for 'BECOME password', enter user password
+```
 and then the following command:
 ```shell
 ansible-playbook -K -v playbook.yml  # When queried for 'BECOME password', enter your user password
 ```
 This installs all packages commonly used by FSFE staff. This operation will take
 a while. When it has completed successfully, reboot the computer.
-## Further configuration
+## Employee configuration
 Now that all the needed packages are installed, some further manual
 configuration is needed.
 ### E-mails with Thunderbird
 Our current email setup is somewhat involved. You **receive** emails on your
 `<username>@fsfe.org` address at the email address you specified at
 https://my.fsfe.org as your for 'Primary email'. If you are a staffer at the
 FSFE, it is likely that we already created a paid account for you at
 https://mailbox.org which is a German email provider we trust. A username and
 password will have been provided to you when you received your laptop. Please
 make sure you can login at https://mailbox.org with these credentials. Next,
 please open Thunderbird and use the same credentials to setup your email
 account. [This
 article](https://kb.mailbox.org/en/private/e-mail-article/setup-with-mozilla-thunderbird)
 might help you do that.
 If you want to be able to send mails from your `<username>@fsfe.org` email
 address from Thunderbird, you need to add a second identity.
 For this follow the steps below:
 1. Right click on your account in the sidebar on the left like
   `username@domain.de` and choose **Settings** in the dropdown.
 2. Under **Outgoing Server (SMTP)** you will find the menu for **Manage
   Identities**, click on it
 3. A new menu will open. Choose **Add**
 4. Fill out all the information required. In the field email address put in
   your fsfe-mail (`<username>@fsfe.org`). Also the
   reply-mail should be (`<username>@fsfe.org`). The
   outgoing-mailserver is `mail.fsfe.org` and the port number `587`. Connection
   security is `STARTTLS`. The username and password are the same that you use
   on https://my.fsfe.org.
 ### Matrix chat with Element
-### Password management with KeepassXC (personal) Passbolt (organisation)
+
-### File Sharing and Calendars with Nextcloud Desktop
+Matrix is an important communication channel. Element (the client we suggest you
 use to chat with the rest of us and everybody else who uses matrix) should
 already be installed on your machine. Alternatively, you can always use the web
 frontend provided at https://chat.fsfe.org. Again, you login with the same
 credentials that work on https://my.fsfe.org. Make sure that the homeserver is
 set to `matrix.fsfe.org`. Otherwise this will not work.
 ![Matrix Login Page](./img/matrix.png)
 Once you are logged in you can ping me (`@linus:fsfe.org`) or matthias
 (`@mk:fsfe.org`) so that one of us can add you to the Staff room or any other
 room that is access-restricted.
 Next, you should read the [Element User Guide](https://element.io/user-guide).
 You can skip the 'Onboarding' chapter as you have already successfully logged
 in. Please pay particular attention to the chapter 'Secure backup' and make sure
 you have a way to recover your encrypted chats should you lose your computer.
 Another thing that might help is setting up Element on another device and
 verifying this new device. Please refer to the aforementioned user guide before
 reaching out for somebody to help.
 ### Backups with Vorta
 ### Password management
 Your credetials are very important ant you should most certainly not have to
 manage all of them in your head.
 #### Passbolt (organisation)
 [Passbolt](https://passbolt.com/) is a Free Software password storage and
 management service. The FSFE's installation is on
 [pass.fsfe.org](https://pass.fsfe.org/) and available to people who are
 concerned with sensible passwords used by multiple people in various teams. It
 is a web-based service, but uses GPG in the background that encrypts all
 passwords securely.
 The basic idea is that every user creates a new GPG key upon registration, only
 used by Passbolt. The secret key will be stored within a browser add-on. Every
 password a user has access to will be encrypted with this key.
 The deployment code is [here](https://git.fsfe.org/fsfe-system-hackers/passbolt).
 ##### Initial Setup
 If you belong to the group of people who should have access to a selection of
 these passwords, you will be invited via email. Then follow these steps
 carefully, as the security of the passwords and your access depends on it:
 1. Click on the "get started" button in the e-mail you received from passbolt.
 2. You will probably be asked to install the Passbolt Extension in your browser.
   It is available for Firefox and Chromium. If you are done, reload the page.
 3. You will be asked to verify the server's data. Make sure that you see
   https://pass.fsfe.org as domain and `4E477C5EA50C5CA2DF941805C438739EE8F30B36`
   as server key. Tick the confirmation box if applicable and click "Next"
 4. You will now create your own dedicated GPG for Passbolt. You don't need to
   provide more data, just click "Next"
 5. Enter a secure passphrase for your new key. **Please store it safely**!
 6. In the next step, you have to download the generated key. This is only
   possible now, and nobody can recover it! **Download it and store it
   securely**!
 7. As an additional security layer, you can generate a token. Set a colour you
   like, and memorise it as well as its 3-character representation. It will be
   shown next to the login and other password fields. If it's different than
   what you set initially, you will know that the server is not legitimate and
   somebody is interfering. Please contact your technical contact at the FSFE
   immediately.
 8. Now you can log in with your passphrase. Next to the password field, you will
   see the security token.
 Please note that your key is saved within your browser inside the extension, so
 it is bound to this device and browser. If you ever change browsers or want to
 set up another device, it is possible to import the key you've saved earlier.
 If you're done, inform your happy technical contact at the FSFE, and ask to be
 added to the respective groups you should have access to.
 ## Usage
 To **view** a password:
 1.  Visit the service website.
 2.  Afterwards, you will see your email and be able to enter the password of
    your key (not you general FSFE password). Please check the colour/text token
    next to the password field.
 3.  You will see all passwords you have access to. You can filter via the groups
    on the left, or search for a password.
 4.  In your browser, you can also click on the Passbolt extension to search
    within it directly. This may a neat shortcut for you.
 To **add** a new password:
 1.  Click on the blue "Create" button
 2.  Enter a meaningful name, URL, user & password, and a description if
    necessary
 3.  Select this password and share it with the group it belongs to. Please set
    it as the owner ("is owner") to make the passwords not depend on individual
    users.
 As of now, there are not classical folders but only a flat list of passwords,
 separated into groups. A folder feature is in passbolt's pipeline though.
 #### KeepassXC (personal)
 If you prefer an offline password manager, this playbook installs one called
 [KeepassXC](https://keepassxc.org/docs/KeePassXC_GettingStarted.html#_interface_overview)
 including its [web
 extension](https://keepassxc.org/docs/KeePassXC_GettingStarted.html#_setup_browser_integration)
 for Firefox. The two links in the last sentence should provide all the
 information you need to setup and manage your offline password store using
 KeepassXC.
 ### Nextcloud
 #### File Sharing with Nextcloud Sync Assistant
 #### Set up calendars
--- a/img/matrix.png
+++ b/img/matrix.png