Tech Department

• Tech Department Principles
• Checklist: Staff On/Deboarding
• Checklist: Tech On/Deboarding

Tech Department Principles

🔧 Prioritize Maintainability over Hype

We select technologies, tools, and services with future maintainers in mind. Rather than chasing every new trend, we favor proven solutions that are easy for others to pick up and support. Keeping in mind that successor might be less technically knowledgable.

🌍 Embrace Open Collaboration

Wherever privacy or security allows, we release projects as open-source (or source-available). This maximizes transparency, invites community contributions, and prevents vendor lock-in.

🧑🏻‍💻 Prefered Tech Stack

We standardize on a small, well-known stack to reduce cognitive overhead and speed up onboarding. We also use a dockerized environment.

• Web framework: Laravel (PHP)
• Automation & bots: Python
• Database: MySQL
• Server OS: Ubuntu

Exceptions are possible, but we avoid proliferating languages and platforms.

🔒 Privacy by Design

We create, configure or modify services to favour privacy and compliance with European privacy regulations. This means we minimize data collection, enforce access control on need-to-know basis and have the neccesary technical protection in place to avoid data leaks.

Checklist: Staff On/Deboarding

Process description

Please notify the Director of Tech if these steps are being or have been performed by other staff or board members, so we know what has changed or not changed.

Changes in mentors and buddies don’t need to be notified unless they need more access than Discord, which is automatically granted through the Control Center.

Checklist

• External
  • Discord
  • Google Workspace
    • Email
      • Account
    • Group memberships (important!)
    • Shared Drive Access
    • E-mail forwarding
    • Remind new staff to set up 2FA within a week. Google doesn’t notify them, and they'll end up locked out if they don't.
  • GitHub Team memberships (e.g. sector file teams)

Once sorted, visit the Central Authorization Server to semi-automatically convert their group memberships into roles and permissions in the following systems, if and only if they're meant to receive authorizations in them:

• Forums
• Moodle
• Wiki (right here!)
• The Event Hub
• Booking

These systems are not fully onboarded and require manual processing:

• Control Center
• Pilot Training Center
• Umami (Analytics)

Checklist: Tech On/Deboarding

Please notify Tech Manager if these steps are done by other board members, so we know what has changed.

Note: Tech permissions are given on need-to-know basis

• VPS
  • Sudo - if applicable
  • SSH key on different users than their own
  • SQL + Firewall exception
• Access to services
  • Internal
    • Forums
    • Control Center
    • Pilot Training Center
    • Moodle
    • Booking
    • Handover
    • Portainer
    • Umami (Analytics)
  • External
    • G-suite / E-mail
      • Web Department Files on Drive
    • Cloudflare
      • User
      • Access Rules
    • Namecheap
    • GitHub
    • Grafana
    • Discord
    • Bot ownership - if applicable
    • Vatsim Connect ownership
    • Hetzner
    • vats.im ownership