You are considering creating a new collection to track terms with Open Terms Archive? Amazing!
First of all, define the metadata of the collection you would like to create.
Now that you have a clear idea what you would like to track, double-check that there are no existing federated collections that you could contribute to. If you have a doubt about whether some terms you want to track would fit a collection, reach out to the collection maintainers.
If no existing collection could be a good host for the terms you would like to track, then it is relevant to create your own.
Starting a new collection is an exciting endeavour, and would strongly benefit from the support of the community who already maintains existing collections. It is strongly recommended to share your intention to create a new collection as early as possible in the process, to get support and identify potential partners.
You can inform the community by posting on the instant messaging system, or sending an email to the core team.
Setting up and maintaining a collection over time needs fulfilling certain tasks on a regular basis. These tasks are handled through roles. To make sure that all these roles are covered, define the governance of your collection.
At any time, feel free to ask for help or partners in the community.
Collections rely on three git repositories being set up to hold the data.
The instructions below assume the usage of GitHub to host repositories. If you don’t use GitHub, try to set up the equivalent metadata in your git hosting platform. Contributions to the documentation to make it independent from GitHub are very welcome!
Create the collection declarations repository by using the demo-declarations
repository as template.
demo-declarations
repository<collection_id>-declarations
. For example: pga-declarations
.first-time-setup
GitHub action to make sure that everything ran fine.<collection_name>
. Maintained by <maintainer>
.”https://opentermsarchive.org
, or any other relevant dedicated website.terms-of-service
, terms-of-service-agreements
, terms-and-conditions
, open-terms-archive
.These settings ease the whole contribution process.
main
.validate_modified_declarations
and validate_schema
as required status checks.Issues labels will be added by the engine as problems are encountered when tracking. The default labels offered by GitHub, such as question
or wontfix
, are relevant for software development but less so for the process prescribed by Open Terms Archive.
Create the snapshots repository by using the demo-snapshots
repository as template:
demo-snapshots
repository<collection_id>-snapshots
.first-time-setup
GitHub action to make sure that everything ran fine.<collection_name>
. Maintained by <maintainer>
.”https://opentermsarchive.org
.terms-of-service
, terms-of-service-agreements
, terms-and-conditions
, open-terms-archive
.These settings aim at minimising the otherwise overwhelming amount of information and click targets.
Create the versions repository by using the demo-versions
repository as template:
demo-versions
repository<collection_id>-versions
.first-time-setup
GitHub action to make sure that everything ran fine.<collection_name>
. Maintained by <maintainer>
.”https://deploy-preview-136--open-terms-archive-docs.netlify.app/terms/how-to-navigate-history/
terms-of-service
, terms-of-service-agreements
, terms-and-conditions
, open-terms-archive
.These settings aim at minimising the otherwise overwhelming amount of information and click targets.
For collections to be included in the Open Terms Archive organisation only. For third parties, handle rights however you see fit.
<collection_name>
collection”Before proceeding with deployment, ensure that the server meets the following requirements:
Verify that the server provides an Ed25519 fingerprint for its SSH host key:
ssh-keyscan -t ed25519 <server_address>
<server_address> ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJM6fCKWkiKv+uysoHsklIAuUOH6Dpc3crzHxk7GwrD
# <server_address> SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
<server_address> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqruXk1P6vIVvN2i6ffLO6TlYCcC6lqF3oBYT7sC+nfIb5C9HYsUFWptSxohOy41wV3AbSzjHqEjxCt9MeJ4HXrLItti8Qr3fRBYgs45+L44bMZ9sA/EO+YiXQU9cQJb2qjK5EYQyFyEnGUMbh+zzRiCRQTI0A2nlnJ9zWQJr/4jIrlNJ6N0lV1GQzN/iIpCJto6ZmhbEgW5W3H+zB5qj72uKoyLlm8Lh+AF5ljtTnOuXgrh2nN6EN1hjRf52VtQZ93guIBkn5+riZ3gYYp3fl4sYbIAZRRs5rOcyFk9d/jo+kBw/Pxht4KABVHJHMPQ9cI2Fn2VbEOvZ+RrWLXc5Am3qwbUWpqYmp7n7wwdTrkYeCBMsXk7xQl5TJh+5Rkr6k0YRkcbvP+J+I1TJwob1DOyWBpRA3v9LYimEmy9eheQuKYzH5sQ/0r/7ZwhBL5/lB5kpv3kmwA7DZy1J5UbgChtSey3Du0N+6p/vgfybIgcZD5Csz8+dF3c+gZBCfRd4XpKgLoxLPZO69tM8/3z/3W0gOfXgEw6QKwJ6KoFXeBdRG9c/CCsR8dF3iIeZYWZvj+8nC/Y7hF6Dedr/6CHc0O4xwqE0GQzF3YUZI7HcqjxIIFsIsG+loUGWYB7a0HHn0FrAq79Q==
<server_address> ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLe8sKzXq4KReWp0Dz1lC8AKOcYNtPuk7GOqJRSVGkG1xRhP94gReTp7S1WnF6LgFt3vlC2k62BkSoXgryY3+8=
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
sudo systemctl restart ssh
Make sure that a non-root user has been set up on the server, if not you can create by following:
adduser <user>
. Follow the prompts to set a password for the new user and provide any additional information if required.usermod -aG sudo <user>
.Grant sudo
rights to the designated user without requiring a password prompt. To achieve this:
Open the file /etc/sudoers
for editing.
Navigate to the section titled # Allow members of group sudo to execute any command
.
Add the following line at the end of this section:
<user> ALL=(ALL) NOPASSWD:ALL
On your local machine:
<collection_id>-declarations
repositorydeployment/inventory.yml
:<host>
(example: 162.19.74.224
)ansible_user: <username>
(example: debian
)ed25519_fingerprint: <server_ssh_fingerprint>
obtained with ssh-keyscan -t ed25519 <host>
(example: AAAAC3NzaC1lZDI1ETE5AAAAIJkjE2KIbUcoClK+lKLR5ZvmdXMD/eXWghHdenFeJz4c
)<collection_name>-declarations
repositoryhttps://github.com/OpenTermsArchive/<collection_name>-declarations/settings/secrets/actions
SERVER_FINGERPRINT
secrets by using the previously obtained ed25519 fingerprintThis key will enable automated deployment via GitHub Actions.
ssh <username>@<host>
ssh-keygen -t ed25519 -q -N "" -f ~/.ssh/ota-deploy
authorized_keys
: cat ~/.ssh/ota-deploy.pub >> ~/.ssh/authorized_keys
<collection_name>-declarations
repositoryhttps://github.com/OpenTermsArchive/<collection_name>-declarations/settings/secrets/actions
SERVER_SSH_KEY
secret with the previously generated deployment private keyOn your local machine:
engine.wiki
database.kdbx
with KeePassXCCollection: <collection_name>
folderDeployment SSH key
ota-deploy.pub
and private ota-deploy
key files to the entry<collection_name>
collection”Describe why your personal access token needs access to the OpenTermsArchive organization.
<collection_name>
-declarations” and <collection_name>
-versions”On your local machine:
database.kdbx
with KeePassXCCollection: <collection_name>
folder, add an entry with the title GitHub Token
Password
fieldOn your local machine:
database.kdbx
with KeePassXCCollection: <collection_name>
folder, add an entry with the title Vault key
On your local machine:
<collection_id>-declarations
repositorydeployment
foldervault.key
file<collection_name>-declarations
repositoryhttps://github.com/OpenTermsArchive/<collection_name>-declarations/settings/secrets/actions
ANSIBLE_VAULT_KEY
secrets by using the previously generated vault keyOn your local machine:
<collection_id>-declarations
repositorydeployment
folder.env
file under the name OTA_ENGINE_GITHUB_TOKEN
.env
: ansible-vault encrypt .env
ssh-keygen -t ed25519 -C bot@opentermsarchive.org -P "" -f ./<collection_name>-key
On your local machine:
<collection_id>-declarations
repositorydeployment
foldergithub-bot-private-key
github-bot-private-key
: ansible-vault encrypt github-bot-private-key
On your local machine:
engine.wiki
database.kdbx
with KeePassXCCollection: <collection_name>
folder, add an entry with the title OTA-Bot GitHub SSH key
<collection_name>-key.pub
and private <collection_name>-key
key files to the entry<collection_name>
collection”Create an SMTP key to allow sending error notifications by email.
<collection_name>
collection”On your local machine:
engine.wiki
database.kdbx
with KeePassXCCollection: <collection_name>
folder, add an entry with the title SMTP Key
Password
fieldOn your local machine:
<collection_id>-declarations
repositorydeployment
folder.env
if necessary: ansible-vault decrypt .env
.env
file under the name OTA_ENGINE_SMTP_PASSWORD
.env
: ansible-vault encrypt .env
deploy
action ran properly on the declarations repository.To test deployment from your local machine, your SSH keys must be authorized to connect to the server.
cd <path/to/><collection_id>-declarations/deployment
ansible-galaxy collection install -r requirements.yml
ansible-playbook opentermsarchive.deployment.deploy