TSYSGroupBOD/TSYSGroupHandbook
2
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Activity

welcome to the single unified handbook... monorepo for the win

Browse Source
This commit is contained in:
Charles N Wyble - admin 2021-05-16 12:54:15 -05:00
parent 82701c1249
commit e6549eccbe
96 changed files with 5971 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
book

6
book.toml Normal file
View File

@ -0,0 +1,6 @@
[book]
authors = ["Charles Wyble"]
language = "en"
multilingual = false
src = "./src"
title = "TSYS Group Handbook"

529
src/Board/BoardOfDirectorsManual.md Normal file
View File

@ -0,0 +1,529 @@
# Introduction
As part of a shared commitment to good corporate governance, the Board of Directors (“Board”)
and Management of TSYS Group (the “Group”) have adopted these shared principles to promote
effective governance by:
* Board of Directors as a whole
* Board committees
* Management of the Group entities
The guidelines do not purport to be all encompassing.
Rather they are designed with the Groups:
* current business operations
* diverse ownership
* all stakeholders
* unique combination of non profit/for profit/registered investment company components
in mind and will continue to evolve with changing circumstances.
These Guidelines have been adopted and approved by the:
* Board of Directors
* Management of the Group entities
* members of the Group entities
The
* BoD Manual (this document)
* Bylaws
* Operating Agreements
serve as the framework for the governance of the Group.
# Organizational Documents And Information of TSYS Group
## Articles of Incorporation and Certificates of Formation
The TSYS Group (the "Group") consists of a number of entities.
ERPNext contains the complete entity chart, and each entity has it's state and federal formation documents attached to the entity in ERPNext.
## Operating Agreement and By-Laws of the TSYS Group (TSG)
The TSYS Group entities have adopted Operting Agreements (for the LLCs) and By-Laws (for the corporations) that provide governance guidelines for that
Group Entity. The Operating Agreement and By-Laws may reference the committee charter for the Board committee that oversees them. Those charters can be
found later in this manual.
The current By-Laws and Operating Agreements (minus capital tables for the For Profit entities) are availble at https://governance.turnsys.com .
You may also refer to https://git.turnsys.com/explore/repos for history or in progress work on the governing documents.
## IRS Documents
The TSYS Group consists of some non profit entities. Information regarding that can be found in ERPNext with the entity attachments.
## Financial Records
All financial records belonging to TSYS Group are open for inspection by the Board of Directors at reasonable times upon request to the
Group entities CEO/CFO.
## Fiscal Year
The fiscal year for the TSYS Group is January 1st to December 31st.
# Director Qualifications
The composition of the Board should encompass a broad range of skills, expertise, industry knowledge, backgrounds and relationships useful to the Groups mission. In choosing directors, the Group seeks individuals who have very high integrity, business savvy, stakeholder orientation and a genuine interest in the Group.
Members of the Board should have:
* the highest level of professional, business and personal integrity, ethics and values
* willingness and ability to devote the time necessary to carry out the duties and responsibilities of Board membership
* a desire to ensure that the Group operations and financial reporting are effected in a transparent manner and in compliance with
applicable laws, rules, and regulations
* a dedication to the representation of the best interests of the Group and all of it's stakeholders.
* expertise that is useful to the Group and complementary to the background and expertise of the other members of the Board;
# Director Responsibilities
The basic responsibility of the directors is to exercise their best judgment to act in what they reasonably believe to be in the
best interests of the Group and its stakeholders, and to conduct themselves in accordance with their duties of care and loyalty.
## Confidentiality
The proceedings and deliberations of the Board and its committees are confidential. Each Director has a fiduciary obligation to maintain the
confidentiality of information received in connection with his or her service as a Director.
## Participation in Meetings
Directors are expected to attend Board meetings and meetings of the committees on which they serve, and to spend the time needed to carry out
their responsibilities as directors, including meeting as frequently as necessary to properly discharge those responsibilities.
Each Director should be sufficiently familiar with the business of the Group, including its assets, liabilities, capital structure, risks and
the competition it faces, to ensure active and effective participation in the deliberations of the Board and each committee on which he or she
serves.
Directors should also study the materials provided by Management and advisors in advance of the meetings of the Board and its committees and should
arrive prepared to discuss the issues presented.
## Service on Other Boards
The Board does not have a policy limiting the number of other boards of directors upon which a Director may sit; provided, however, that sitting on
another companys board of directors should not create a conflict of interest or impair the Directors ability to devote sufficient time to carry out his or her
duties as a Director of the Group.
All Directors should consult with the Executive, Governance and Nominating Committee prior to joining the board of another entity.
The Executive, Governance, and Nominating Committee will periodically review all Directors outside board memberships.
An Independent Director will advise the Executive, Governance and Nominating Committee before accepting a position on the board, or as an officer
of any other entity.
In undertaking a new board or officer position with any other entity, each Independent Director should be guided by the principle that
the position should not:
* present a conflict for the Group or the Independent Director
* interfere with the Directors availability and services for the Group
Directors who experience a material change in their job responsibility shall offer to resign from the Board. The Executive, Governance and
Nominating Committee, after reviewing the appropriateness of continued Board service under these circumstances, and with input from the
Group Chief Executive Officers, will recommend whether the Board should accept such resignation.
# Voting for Directors
Please refer to the committee charters for specific instructions on elections to those committees , director terms, election, removal etc
and also Operating Agreement or Bylaws as referenced in the committee charters. What follows are general guidelines.
Any nominee for director in an uncontested election (i.e., an election where the number of nominees is not greater than the number of directors
to be elected) who receives a greater number of votes “withheld” from his or her election than votes “for” such election shall, promptly following
certification of the stakeholder vote, offer his or her resignation to the Board for consideration in accordance with the following procedures.
All of these procedures shall be completed within 30 days following certification of the stakeholder vote.
The Qualified Independent Directors (as defined below) shall evaluate the best interest of the Group and its stakeholders
and shall decide on behalf of the Board the action to be taken with respect to such offered resignation, which can include:
* accepting the resignation
* rejecting the resignation
* maintaining the director but addressing what the Qualified Independent Directors believe to be the underlying cause of the withhold votes in close
consultation with the stakeholders
* resolving that the director will not be re-nominated in the future for election
In reaching their decision, the Qualified Independent Directors shall consider all factors they deem relevant, including:
* any stated reasons why stakeholders withheld votes from such director
* any alternatives for curing the underlying cause of the withheld votes
* the directors tenure
* the directors qualifications
* the directors past and expected future contributions to the Group
* the overall composition of the Board, including whether accepting the resignation would cause the Group to fail to meet any applicable requirements
Following the Boards determination, the Group shall promptly disclose publicly (through the Board Secretary) the Boards decision of whether or
not to accept the resignation offer.
The disclosure shall also include an explanation of how the decision was reached, including, if applicable, the reasons for rejecting the offered resignation.
A director who is required to offer his or her resignation in accordance with this Section shall not be present during the deliberations or voting whether
to accept his or her resignation or, except as otherwise provided below, a resignation offered by any other director in accordance with this Section.
Prior to voting, the Qualified Independent Directors will afford the affected director an opportunity to provide any information or statement that he or she deems relevant.
For purposes of this Section, the term “Qualified Independent Directors” means:
(a) All directors who (1) are independent directors (as defined in accordance with the NYSE Corporate Governance Rules) and (2) are not required to
offer their resignation in accordance with this Section.
(b) If there are fewer than three independent directors then serving on the Board who are not required to offer their resignations in accordance with this
Section, then the Qualified Independent Directors shall mean all of the independent directors and each independent director who is required to offer
his or her resignation in accordance with this Section shall recuse himself or herself from the deliberations and voting only with respect to his or her
individual offer to resign.
The foregoing procedures will be summarized and disclosed each year in the Annual Report for the Groups annual meeting of stakeholders.
# Composition of the Board
![](../charts/BoD.png)
## Board Permament Committees
The Board has six permament committees:
![](../charts/committees.png)
### Group wide oversight
* Audit Committee
![](../charts/audit-committee.png)
* Executive, Governance, and Nominating Committee
![](../charts/exec-committee.png)
### Group component oversight
* ForProfit Committee
![](../charts/ForProfit.png)
* NonProfit Committee
![](../charts/NonProfit.png)
* HFNOC Committee
![](../charts/hfnoc-committee.png)
* Redwood Committee
![](../charts/Redwood.png)
You may find the respective charters of the committees later in this manual.
The Board may, from time to time, establish and maintain additional or different committees, as it deems necessary or appropriate.
# Functions of the Board
The Board has a duty to oversee the affairs of the Group. In addition to its general oversight of management, the Board also performs a number of specific functions to include the following, which will be discharged either directly by the entire Board , management or through appropriate committees:
* Selecting, supporting, and evaluating the Chief Executive Officer of Group entities
* Overseeing succession planning of the Group entities
* Providing counsel and oversight on the selection, evaluation, development and compensation of senior management across the Group entities
* Reviewing, evaluating and, approving, the Group entities major strategies, long-term plans, annual operating plans and budgets
* Overseeing Group performance against broad financial/mission objectives
* Overseeing the Groups risk policies and procedures (including market, credit and operational risks), assessing major risks facing the Group and
reviewing options for their mitigation
* Providing advice and counsel to the Chief Executive Officers and other senior management
* Overseeing the integrity of the Group's financial reporting process and the adequacy of accounting, IT, financial and internal controls
* Evaluating the overall effectiveness of the Board and its committees, as well as evaluating and recommending appropriate candidates for election as Directors
## Board Interaction with Customers, Community Members, Press, Etc.
The Board believes that Management speaks for the Group. Individual Board members may, from time to time, meet or otherwise communicate with various
constituencies that are involved with the Group, but it is expected that Board members would do this with the knowledge of management and, in most cases,
only at the request of Management.
If someone from the press contacts you, politely decline their contact and ask them to utilize the contact channels provided on the Group entity websites.
## Role of the Board and management
The roles of the Board and Management are related, but distinct.
Management proposes the Groups strategy and revises the strategy after the Boards input before presenting a final strategy for Board approval.
Management then implements the Groups strategy in the day-to-day operation of its business, reporting regularly to the Board or
its Committees on significant events, issues and risks which may materially affect the Groups financial performance or the achievement of its strategic goals and mission objectives.
The Board is elected as specified in the Group entity governing documents to oversee the long-term health and the overall success of the Group mission.
In discharging that obligation, the Directors recognize that the long-term interests of the Group are advanced by thoughtfully and responsibly addressing the concerns of all stakeholders and interested parties including:
* employees
* members
* customers
* suppliers
* government officials
* the public at large
## Terms and term limits
The Board does not believe that it is in the best interests of the Group to establish term limits for directors at this time.
Additionally, such term limits may cause the Group to lose the contribution of directors who have been able to develop,
over a period of time, increasing insight into the Group's business and therefore can provide an increasingly significant
contribution to the Board.
The Board does not have limits on the number of terms a director may serve.
The Executive, Governance and Nominating Committee is responsible for nominating directors for election or reelection.
The Board does not have any retirement or tenure policies that would limit the ability of a director to be nominated for reelection.
## Size of Board
The size of the Board should facilitate substantive discussions of the whole Board in which each Director can participate meaningfully.
The component governing documents and applicable law permit the Board to change its size to not less than three Directors.
The Board will periodically review its size as appropriate and make recommendations to the Stakeholders for any needed changes.
## Director Independence
All directors serving on the ForProfit commitee must not be members of the entities the committe oversees.
A 2/3 majority of the Directors serving on the NonProfit committee must be Independent , non executive directors.
To the extent necessary for Redwood Springs Capital Partners and affilliated entities to satisfy Section 15(f) of the 1940 Act or any other
applicable requirement,
At least 2/3 of Directors on the Redwood Committee shall be persons who are not interested persons of the Group within the meaning of Section
2(a)(19) of the 1940 Act.
## Director Access to Management and Advisors
All Directors are invited to contact the Chief Executive Officer of any Group entity at any time to discuss any aspect of the Groups business.
The Board expects that there will be frequent opportunities for Directors to meet with the Chief Executive Officer and other members of Management,
either in Board and committee meetings, or in informal events organized by the Chief Executive Officer.
In connection with the performance of their responsibilities, the Board will seek appropriate access to members of senior management and should use
sound judgment to be sure that contacts with Mmembers of Management are not distracting to the business operations of the Group.
# Board Meetings
Regular meetings of the Board shall be held quarterly. Special meetings shall be held at other times as the Board may determine is appropriate.
The Chair of the Board is responsible for establishing the agenda for each Board meeting.
Each director is free to suggest items for inclusion on the agenda.
At least once a year, the Board reviews the Groups long-term plans and the principal issues that the Group will face in the future.
At least once a year, The Board reviews the Group entities Business Plans , budgets and strategies and quarterly reviews Group entity business plans
and strategies and progress against them.
## Meeting Schedule and Agenda
The Chair of the Board will establish a quarterly and annual schedule of Board meetings.
Special Board meetings may be called at any time.
The Chair of the Board will develop the agenda for each meeting. Any Director may place an item on the Board agenda at any time.
The Chair of each committee, in consultation with the committee members and the appropriate members of Management, will establish a
schedule of monthly committee meetings. Special committee meetings may be called at any time in the manner set forth in the committee Charters.
The Chair of each committee, in consultation with the appropriate members of Management, will develop the agenda for each committee meeting.
Any Director may place an item on the agenda of any committee at any time.
## Private Sessions
Directors may meet in regularly scheduled private session (i.e., without stakeholders or members of management) to properly discharge their
responsibilities, foster relationships among Directors or any other reason. The Chair of the Board will establish a schedule of these meetings.
The attendees at a private session may invite others (as appropriate) to participate in all or part of their meetings, including outside advisors
or members of management. These private sessions may be called at the request of any Director, in addition to the regularly scheduled sessions.
Formal deliberations or decisions concerning the business and affairs of the Group shall occur only during regular or special meetings of the
Board, with stakeholders present, and not at Private Sessions.
The independent directors also shall meet in a separate private session consisting solely of independent directors at least once a year.
# Management Succession
Assuring that the Group components have the appropriate successor to their current Chief Executive Officer in the event of their death or
disability is one of the Boards primary responsibilities.
The Group does not anticipate that the Chief Executive Officers of the Group entities will retire other than due to disability.
The Chief Executive Officer of the Group entities, reports annually to the Board on executive management succession planning and makes available,
on a continuing basis, their recommendation on succession in the event they were disabled.
The Board shall regularly review succession planning across the Group and the strengths and weaknesses of certain individuals currently employed by the
Group entities who could succeed the Chief Executive Officer of the Group entities in the event of their death or disability.
# Annual Performance Evaluation
The Executive, Governance and Nominating Committee conducts an annual evaluation to determine whether the Board and its committees are
functioning effectively and reports its conclusions to the Board , management and outside stakeholders. The report is public.
Each of the
* Audit Committee
* Executive, Governance, and Nominating Committee
separately conducts an annual self evaluation of its performance relative to the requirements of its Charter and reports its conclusions to the Board,
management and outside stakeholders. The report is public.
The Board and committee performance is reviewed (at least) annually by the Group Entities management and stakeholders. The report is private.
# Public Disclosure of Corporate Governance Policies
The Group posts on its website copies of the current adopted version of :
* this manual (which includes committee charters, Code of Business Conduct and Ethics)
* HFNOC Operating Agreement
* Redwood Operating Agreement (without capital table)
* For Profit Operating Agreement (without capital table)
* Non Profit Bylaws
* the Group's Annual Report
* Group Information Security Policy
on its governance website at https://governance.turnsys.com
# Technology and Information Security
By definition a Director has access to information that could cause serious problems if it were to leave the Group. Therefore, Directors must
follow Group Information Security policies.
It is the Board's responsibility to oversee the protection of Group intellectual property in it's possession, including
data, information and systems from theft, carelessness, misuse, unauthorized access and vulnerability to cyber attack.
Directors will obtain and maintain appropriate security procedures specified by Group management.
These include cryptographic certificates, two-factor authentication, passwords and any other items the Group management deems necessary.
The Groups systems and devices are Group property. As such and to the extent allowed by applicable law,
Group Manaement reserves the right to monitor their use.
# Director and officer liability insurance
The Group does not purchase directors and officers liability insurance for its directors or officers.
# Gifts, entertainment & hospitality policy and avoiding conflicts of interest
## Conflict Of Interest
A conflict of interest arises when personal interests or divided loyalties interfere with our ability to make sound,
objective business decisions on behalf of the Group. To avoid potential conflicts or the perception of a conflict:
* Be truthful in all statements submitted to the Group
* Do not improperly use Group property, information or position for personal gain
* Refrain at all times from self-dealing, such as steering group business or opportunities to benefit you or your family members
* Use care in dealings between the Group and financial institutions. If you are involved in anyway in the relationship between the
Group and a financial institution, you must be sure not to improperly benefit from that relationship because of your position
on the Board. If you are unsure about a particular benefit being offered, you should refrain from accepting the benefit.
* Do not conduct non-Group business in such a manner as to mislead others into believing that you are representing the Group.
You must be alert to any actual or potential conflicts of interest, or any situations that might be perceived to be a conflict,
and immediately disclose such conflicts to an appropriate representative in Management.
## Gifts
Ensure gifts, entertainment and hospitality are appropriate Bona fide business gifts and
entertainment can be appropriate and instrumental in cementing good relationships with our
business partners.
Never allow gifts and hospitality to place you or the Group in a situation where your
objective judgment or compliance with the law might be questioned.
Do not provide or accept gifts or hospitality unless they have a business purpose and are
clearly appropriate in the context of a reasonable business relationship.
## Never solicit gifts or hospitality
Refuse or return any gift, even a minor one, which appears to be given for the purpose of or
with an expectation of reward or influence.
Be particularly aware of the cultural significance of particular gifts in many locations in which the Group does business.
Clearly document all Group related expenses in accordance with relevant policies and procedures.
Before giving or receiving a gift or incurring an entertainment expense, be sure to consult any policies that may apply.
Remember, you are responsible for exercising sound judgment when incurring expenses, even if the expenses
fall within defined policy limits.
# Discussion of legal matters
Speaking about Group legal matters to others, even to family members or fellow Group associates, may jeopardize the attorney-client privilege that protects
the confidentiality of such matters, possibly resulting in the loss of the Groups right to keep communications with its lawyers confidential from adversaries.
This is a very serious breach, and should be avoided under all circumstances.
Therefore, if a Group lawyer, whether employed by the Group or by an outside law firm, discusses any Group legal matters with you,
you may not speak about or tell anyone what was discussed without prior approval of the lawyers who are handling the matter.
These restrictions do not prohibit you from reporting any honest concern you may have of a violation of law to an appropriate government entity,
as long as you do not disclose information revealed to you by, in the presence of, or in communication with, a Group attorney, as such information
is covered by the attorney-client privilege.
You must be truthful and accurate when dealing with government entities or officials.
Generally speaking, if you have information that may be relevant to a Group legal matter, you should not discuss the information with any one other than
a lawyer, even if you do not consider the information confidential.
Aside from the privilege issues, repeating information to others can easily create confusion and turn otherwise, uninvolved people into witnesses.
# Insider Trading Policy
## Do not disclose or trade on inside information
Insider trading, defined as (i) buying or selling, or causing someone else to buy or sell, securities while in possession of material, non-public information
relating to the Group whose securities are being traded, (ii) disclosing or “tipping” material, non-public information to others or recommending
the purchase or sale of securities on the basis of such information, or (iii) assisting someone who is engaged in such activities, is prohibited.
Insider trading applies to trading in the securities of not just units of the TSYS Group, but of any company.
Criminal prosecutions for insider trading are commonplace and may result in fines and/or imprisonment.
Any Director or Officer who comes into possession of material, non-public information about the TSYS Group or another company must refrain from trading in
that companys securities until the information has been adequately disseminated to the public.
If a Director or Officer has any doubt about whether or not certain information is non-public or material, he or she should refrain from trading,
disclosing, or tipping the information.
## Restrictions on your immediate family and household
Insider trading restrictions apply to your family members and others living in your household. You are expected to be responsible for the compliance
of members of your immediate family or household.
# Political Activities
Directors are welcome to engage as individuals in the political process in any way allowable by law, including but not limited to donating
money to the candidates of their choice and volunteering on campaigns.
Directors may contact their elected representatives for any personal reason. It should always be clear to outside observers that these are personal
actions and not actions taken on behalf of TSYS Group or its affiliates.
It should always be abundantly clear to outside observers that these are your personal actions and not actions taken on behalf of the Group. Never
convey the impression that you speak for the TSYS Group or any of its components in any way when you engage in personal political activities.
Observe all laws governing gifts to government officials, which may include party officials, candidates for political office, as well as elected officials.
## Contributing Group assets
Do not contribute, loan, donate, reimburse or otherwise provide any corporate money, services, products or facilities to any political party,
candidate, or political committee, in any circumstance, ever.
Always keep in mind that “contribution” is defined broadly, and does not necessarily mean money. It may, under some circumstances, even include the
use of Group email to solicit donations or support.
## Lobbying
Do not engage in lobbying activities on behalf of the Group with respect to any governmental entity in the United States federal, state or local.
Do not engage in lobbying activities on behalf of the Group with respect to any non-U.S. government.
TSYS Group conducts all political contributons and lobying soley through a dedicated, independently supervised, heavily regulated, component.
All other lobbying or contributions from TSYS Group are expressely forbidden.
## Seeking public office
If you wish to seek or accept elected or appointed public office (including local council and government positions) while working at the TSYS Group
or any of its companies, you must first seek the authorization of the TSYS Board.
# Periodic Review of These Guidelines
These Guidelines will be reviewed annually by the Executive, Governance And Nominating Committee and may be amended by the Board from time to time.

224
src/Board/charters/Audit-Committee-Charter.md Normal file
View File

@ -0,0 +1,224 @@
# Audit Committee Charter
## Committee Membership:
The Audit Committee of TSYS Group (the “Group”) shall be comprised of at least three directors, each of whom the Board has determined has no
material relationship with the Group and each of whom is otherwise “independent” under the rules of the New York Stock Exchange, Inc.
and Rule 10A-3 under the Securities Exchange Act of 1934
The Board shall also determine that each member is “financially literate,” and that one member of the Audit Committee has
“accounting or related financial management expertise,” as such qualifications are interpreted by the Board of Directors in
its business judgment, and whether any member of the Audit Committee is an “audit committee financial expert,” as defined by the
rules of Securities and Exchange Commission (the “SEC”).
If the Board has determined that a member of the Audit Committee is an audit committee financial expert, it may presume that such member
has accounting or related financial management expertise.
No director may serve as a member of the Audit Committee if such director serves on the audit committees of two or more other entities.
Members shall be appointed by the Board and shall serve at the pleasure of the Board and for such term or terms as the Board may determine.
## Purpose
The purposes of the Audit Committee are to:
### assist Board oversight
Ensuring:
* the integrity of the Groups financial statements
* the Groups compliance with legal and regulatory requirements
* the independent auditors qualifications and independence
* the performance of the independent auditors and the Groups internal audit function
* assist in the preparation of the Group Annual Report
The function of the Committee is oversight of the various components of Auditing and Reporting.
Management of the Group component entities is responsible for the preparation, presentation and integrity of the Groups financial statements.
Management is responsible for maintaining appropriate accounting and financial reporting policies and internal controls and procedures that
provide for compliance with accounting standards and applicable laws and regulations.
The independent auditors are responsible for planning and carrying out a proper audit of the Groups consolidated annual financial statements,
reviews of the Groups consolidated quarterly financial statements and other procedures.
In fulfilling their responsibilities hereunder, it is recognized that members of the Committee are not fulltime employees of the Group and are not,
and do not represent themselves to be, performing the functions of auditors or Management.
As such, it is not the duty or responsibility of the Committee or its members to conduct “field work” or other types of auditing or accounting
reviews or procedures or to set auditor independence standards.
The independent auditors shall submit to the Committee annually a formal written statement (the “Auditors Statement”) describing:
* the auditors internal quality-control procedures
* any material issues raised by the most recent internal quality-control review or peer review of the auditors
* any inquiry or investigation by governmental or professional authorities, within the preceding five years, respecting one or more independent audits
carried out by the auditors and any steps taken to deal with any such issues
* all relationships between the independent auditors and the Group (in particular but not limited to any consulting agreements and accounting services)
## Committee Duties and Responsibilities
To carry out its purposes, the Audit Committee shall have the following duties and responsibilities
### with respect to the independent auditors
* to be directly responsible for the appointment, compensation, retention and oversight of the work of the independent auditors
(including the resolution of disagreements between management and the independent auditors regarding financial reporting),
who shall report directly to the Audit Committee
* to be directly responsible for the appointment, compensation, retention and oversight of the work of any public accounting firm used
by the Group, and have the right to request that such firm shall report directly to the Audit Committee if the Committee deems it necessary
* to pre-approve, or to adopt appropriate procedures to pre-approve, all audit and non-audit services to be provided by the independent auditors and
accounting firms
* to ensure that the independent auditors prepare and deliver annually an Auditors Statement (it being understood that the independent auditors are
responsible for the accuracy and completeness of this Statement), and to discuss with the independent auditors any relationships or services disclosed
in this Statement that may impact the quality of audit services or the objectivity and independence of the Groups independent auditors
* to obtain from the independent auditors in connection with any audit a timely report relating to the Groups annual audited financial statements
describing all critical accounting policies and practices used, all alternative treatments of financial information within generally accepted accounting
principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment
preferred by the independent auditors, and any material written communications between the independent auditors and management, such
as any “management” letter or schedule of unadjusted differences
* to take into account the opinions of management and the Groups director of internal audit in assessing the independent auditors
qualifications, performance and independence with respect to the internal audit function
* to review the appointment and replacement of the Groups director of internal audit
* to advise the director of internal audit that he or she is expected to provide to the Audit Committee summaries of and, as appropriate, the significant
reports resulting from audits performed by internal audit and managements responses thereto
* to annually approve the Internal Audit plan and charter with respect to financial reporting principles and policies and internal controls and
procedures
* to advise management, the director of internal audit and the independent auditors that they are expected to provide to the Audit Committee a timely
analysis of significant financial reporting issues and practices
* to consider any reports or communications (and managements and/or internal audits responses thereto) submitted to the Audit Committee by the
independent auditors required by or referred to in PCAOB Auditing Standard No. 16, as it may be modified or supplemented, including reports
and communication related to:
* deficiencies noted in the audit in the design or operation of internal controls
* consideration of fraud in a financial statement audit
* detection of illegal acts
* the independent auditors responsibility under generally accepted auditing standards
* any restriction on audit scope
* significant accounting policies
* significant issues discussed with the national office respecting auditing or accounting issues presented by the engagement
* management judgments and accounting estimates
* any accounting adjustments arising from the audit that were noted or proposed by the auditors but were passed (as immaterial or
otherwise)
* disagreements with management
* consultation by management with other accountants
* difficulties encountered with management in performing the audit
* the independent auditors judgments about the quality of the entitys accounting principles
* reviews of interim financial information conducted by the independent auditors
* going concern uncertainties
* departures from the standard auditors report
* overview of the audit strategy, timing of the audit, and significant risks
* the responsibilities, budget and staffing of the Groups internal audit function
* to meet with management, the independent auditors and, if appropriate, the director of internal audit:
* discuss the scope of the annual audit
* discuss the annual audited financial statements and quarterly financial statements, including the Groups disclosures under
“Managements Discussion and Analysis of Financial Condition and Results of Operations”; discuss any significant matters arising
from any audit, including any audit problems or difficulties, whether raised by management, director of internal audit or the
independent auditors, relating to the Groups financial statements
* to discuss any difficulties the independent auditors encountered in the course of the audit, including any restrictions on their activities
or access to requested information and any significant disagreements with management
* to discuss any “management” or “internal control” letter issued, or proposed to be issued, by the independent auditors to the Group
* to review the form of opinion the independent auditors propose to render to the Board of Directors and stakeholders;
* to discuss, as appropriate:
* any major issues regarding accounting principles and financial statement presentations, including any significant changes in the Groups selection
or application of accounting principles
* any major issues as to the adequacy of the Groups internal controls and any special audit steps adopted in light of material control deficiencies;
* analyses prepared by management and/or the independent auditors setting forth significant financial reporting issues and judgments made in
connection with the preparation of the financial statements, including analyses of the effects of alternative GAAP methods on
the financial statements
* the effect of regulatory and accounting initiatives, as well as off-balance sheet structures, on the financial statements of the Group;
* to inquire of the Groups Chief Executive Officers and Chief Financial Officers as to the existence of any significant deficiencies and material
weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the Groups
ability to record, process, summarize and report financial information and any fraud, whether or not material, that involves management or other
employees who have a significant role in the Groups internal control over financial reporting
* to discuss guidelines and policies governing the process by which senior management of the Group and the relevant sections of the Group
assess and manage the Groups exposure to risk, and to discuss the Groups major financial risk exposures and the steps management has
taken to monitor and control such exposures
* to obtain from the independent auditors assurance that the audit was conducted in a manner consistent with Section 10A of the Securities
Exchange Act of 1934, as amended, which sets forth certain procedures to be followed in any audit of financial statements required under the
Securities Exchange Act of 1934
* to discuss with senior management of the Group any significant legal, compliance or regulatory matters that may have a material effect on the
financial statements or the Groups business, financial statements or compliance policies, including material notices to or inquiries received from
governmental agencies
* to discuss the type and presentation of information to be included in finanical releases and disclosures
* to establish procedures for the receipt, retention and treatment of complaints received by the Group regarding accounting, internal accounting
controls or auditing matters, and for the confidential, anonymous submission by Group employees of concerns regarding questionable
accounting or auditing matters
* to review and discuss any reports concerning material violations submitted to it by Group attorneys or outside counsel pursuant to the SEC attorney
professional responsibility rules (17 C.F.R. Part 205), or otherwise
* to establish hiring policies for employees or former employees of the independent auditors
* to review and approve all related-party transactions that are required to be disclosed under Item 404(a) of Regulation S-K.
### with respect to reporting and recommendations
* to prepare any report or other disclosures, including any recommendation of the Audit Committee, required by the rules of the SEC to be included in
the Groups annual report;
* to prepare and issue the evaluation required under “Performance Evaluation” below
* to report its activities to the full Board of Directors on a regular basis and to make such recommendations with respect to the above and
other matters as the Audit Committee may deem necessary or appropriate.
### Committee Structure and Operations
The Audit Committee shall designate one member of the Committee as its chairperson. The Audit Committee shall meet once every quarter,
or more frequently if circumstances dictate, to discuss with management the annual audited financial statements and quarterly financial
statements, as applicable.
The Audit Committee should meet separately periodically with management, the director of internal audit and the independent auditors
to discuss any matters that the Audit Committee or any of these persons or firms believe should be discussed privately.
The Audit Committee may request any officer or employee of the Group or the Groups outside counsel or independent auditors to attend a
meeting of the Audit Committee or to meet with any members of, or consultants to, the Audit Committee.
Members of the Audit Committee may participate in a meeting of the Audit Committee by means of conference call or similar communications equipment by
means of which all persons participating in the meeting can hear each other.
## Performance Evaluation
The Audit Committee shall prepare and review with the Board an annual performance evaluation of the Audit Committee, which evaluation
shall compare the performance of the Audit Committee with the requirements of this charter.
The performance evaluation shall also recommend to the Board any improvements to the Audit Committees charter deemed necessary
or desirable by the Audit Committee. The performance evaluation by the Audit Committee shall be conducted in such manner as the Audit
Committee deems appropriate.
The report to the Board may take the form of an oral report by the chairperson of the Audit Committee or any other member of the Audit Committee
designated by the Audit Committee to make this report.
## Resources and Authority of the Audit Committee
The Audit Committee shall have the resources and authority appropriate to discharge its duties and responsibilities, including the
authority to select, retain, terminate, and approve the fees and other retention terms of special or independent counsel, accountants
or other experts and advisors, as it deems necessary or appropriate, without seeking approval of the Board or
management.
The Group shall provide for appropriate funding, as determined by the Audit Committee, in its capacity as a committee of the Board, for payment of:
* Compensation to the independent auditors and any other public accounting firm engaged for the purpose of preparing or issuing an
audit report or performing other audit, review or attest services for the Company
* Compensation of any advisers employed by the Audit Committee
* Ordinary administrative expenses of the Audit Committee that are necessary or appropriate in carrying out its duties.

1
src/Board/charters/Executive-Committee-Charter.md Normal file
View File

@ -0,0 +1 @@
# Committe Charter - Executive

98
src/Board/charters/Executive-Governance-Nominating-Committee-Charter.md Normal file
View File

@ -0,0 +1,98 @@
# Executve, Governance and Nominating Committee Charter
## Role
The role of the Executive, Goverance and Nominating Committee (the “Committee”) of TSYS Group is to assist the Board of Directors (the “Board”)
of the Group by:
* Recommending to the Board corporate governance guidelines applicable to the Group
* Identifying, reviewing, and evaluating individuals qualified to become members of the Board
* Reviewing and recommending the nomination of Board members
* Assisting the Board with other related tasks, as assigned from time to time
## Requirements
Committee members shall be generally acquainted with corporate governance and have experience in one or more of the areas of the Committees
responsibilities.
## Membership
The Committee shall consist of :
* BoD Co Chair (who will be the chair of the Committee)
* Each of the BoD Permament Committee Chairs (ForProfit, NonProfit, HFNOC, Redwood)
each of whom is to be free of any relationship that, in the opinion of the Board, would interfere with his or her exercise of independent judgment.
Committee members shall meet the independence requirements of the New York Stock Exchange, as well as all applicable laws and regulations.
## Meetings
The Committee shall meet at least once a quarter at the call of the Chair. Additional meetings may occur as any members of the
Committee requests or its Chair deems advisable.
## Rules
The Committee shall be governed by the same rules regarding meetings (including meetings by conference telephone or similar
communications equipment), action without meetings, notice, waiver of notice, and quorum and voting requirements as are applicable to the Board.
## Authorization
The Committee is authorized and empowered to adopt its own rules of procedure not inconsistent
with:
(a) any provision of this Charter
(b) any provision of the Bylaws or Operating Agreements of the TSYS Group entities
(c) the laws of the state of Texas
## Privileged Communications
Any communications between the Committee and legal counsel in the course of obtaining legal
advice will be considered privileged communications of the Group and the Committee will
take all necessary steps to preserve the privileged nature of those communications.
## Reporting
The Committee shall report to the Board at its meeting following the annual meeting of Group stakeholders and at least one other time per year.
## Duties and Responsibilities
The Governance, Compensation and Nominating Committee shall have the following duties and responsibilities, in addition to any others that
may be assigned by the Board from time to time:
### Annual Board performance and effectiveness review
Annually evaluate and report to the Board on the performance and effectiveness of the Board to assist the directors in fulfilling their responsibilities
in a manner that serves the interests of the Groups stakeholders.
### Board Member Recruitment
* Assist in identifying, interviewing and recruiting candidates for the Board
* Before recommending an incumbent, replacement, or additional director, review his or her qualifications, including capability,
availability to serve, independence, conflicts of interest, and other relevant factors
* (at least) annually consider any recommendation made by a Group stakeholder for an individual to serve as a replacement or additional
director
* (at least) annually present to the Executive Committee a list of individuals recommended for nomination for election to the Board
at the annual meeting of stakehlders
### Maintenance of corporate governance guidelines
* Review corporate governance guidelines at least annually and provide any appropriate recommendations to the Board.
* Develop and recommend to the Board a set of corporate governance guidelines applicable to the Group.
## Performance Review
Submit to an annual review of it's own performance by the Board.
## Ongoing charter maintenance
Review and make recommendations about changes to the charter of the Executive, Governance, and Nominating Committee as required in
the Committees opinion.

129
src/Board/charters/ForProfit-Committee-Charter.md Normal file
View File

@ -0,0 +1,129 @@
# ForProfit Committee Charter
As stated in the Operating Agreement of the Company electing oversight by this committee, any changes to this charer must be approved by unamious
written consent of all Members of all entities under this committee.
## Purpose
The ForPofit Committee provides support, guidance and counsel to Management and oversight for the interests of all stakeholders in:
* RackRental
* Suborbital
* Axios Heart Studios
and other affiliated entities that may elect oversight by this committee
## Director Elections
The Committee shall be elected (at least) yearly by the LLC Members by unanimous written consent. Directors who participate in the Committee shall be
appointed soley by the Members and shall serve at the pleasure of the Members.
It has no minimum or maximum size, however it must have at all times, at least 1 Director to serve as the Committee Chair.
Directors may be removed at any time by at least 2/3 written consent of the Members, with or without cause, provided that such action doesn't reduce
Committee membership to less than 1 person.
All persons serving on the Committee must be natural persons. All persons serving on the Committee must be indepdent Directors.
## Oversight Delegated to Directors
The Company hereby delegate all oversight of the Company to the Committee which shall consist of such number of Directors as may be set from time to
time by the Members.
## Meetings
The Company Members by resolution may provide for an annual Committee meeting or other regularly scheduled meetings, which may be held without notice as
and when scheduled in such resolutions.
Special meetings of the Committee may be called at any time by the Directors, the Committee Chair, the CEO or by any one (1) or more Officers or Members.
The Committee may participate in a meeting by means of conference telephone or similar communications equipment in which all persons participating
in the meeting can hear each other, and participation in such a meeting pursuant to this Section shall constitute presence in person at such meeting.
## Notice and waiver; quorum
Notice of any meeting of the Committee shall be given to each director personally or by e-mail , or telephone call
addressed to such director at such directors last known e-mail address and/or phone number, at least two (2) days prior
to the meeting.
The attendance of a director at any special meeting shall of itself constitute a waiver of notice of such meeting and of any and all
objections to the place or time of the meeting, or to the manner in which it has been called or convened, except where a director
states, at the beginning of the meeting, any such objection or objections to the transaction of business.
A majority of the Committee shall constitute a quorum at any directors meeting.
## No meeting necessary, when
Any action required by law or permitted to be taken at any meeting of the Committee may be taken without a meeting if written consent, setting forth the
action so taken, shall be signed by all the Committee members.
Such consent shall have the same force and effect as a unanimous vote of the Committee and shall be filed with the Company and recorded in the
Records of the Company.
## Voting
At all meetings of the Committee, each director shall have one vote and, except as otherwise provided herein or provided by law, all questions shall be
determined by a majority vote of the directors present.
## Committees
In the discretion of the Committee, the Committee from time to time may elect or appoint, from its own members, an Executive Sub Committee or such other
subo committee or committees as the Committee may see fit to establish.
Each such sub committee shall consist of two or more directors, and each shall have and may exercise such authority and perform such functions as the
Committee by resolution may prescribe within the limitations imposed by law.
## Expense Reimbursement of Directors
Directors shall be entitled to receive such fees and expenses, if any, for attendance at each regular or special meeting of the Committee and any adjournments
thereof as may be fixed from time to time by resolution of the Committee, and such fees and expenses shall be payable even though an adjournment be had
because of the absence of a quorum.
Directors on either standing or special sub committees may be allowed such compensation as may be provided from time to time by resolution of the Committee for
attending sub committee meetings.
## Key Responsibities of the Committee (Company Major Decisions)
### Requirements of Major Decisions
* All Major Decisions concerning the business affairs of the Company shall be made by the Committee (and jointly with the Members as applicable in this
Agreement).
* Major Decisions require a formal written request from the Members to the Committee
* Major Decisions require written approval from 2/3 or greater majority of the Committee
### Categories of Major Decisions
* causing the Company to enter into any agreement which would subject the Company or its assets to any recourse
liability for borrowings, or for capital contributions to any Person
* causing the Company to grant any interests in the assets, profit, and income of the Company
* causing a dissolution of the Company
* regarding the Company assets, any sale, transfer, exchange, mortgage, financing, hypothecation or encumbrance of all or any part
thereof, or any modification of the terms of the foregoing
* regarding the Company financial affairs
* determination of major accounting policies including selection of accounting methods and making various decisions regarding treatment and
allocation of transactions for federal and state income, franchise or other tax purposes (these should be cross posted to the Group Audit Committee)
* determination of the terms and conditions of all borrowings of the Company and the identity of the lender thereof or applicable Budget therefor
* regarding any Capital Contributions
* regarding the Company operations, approval of insurance coverages, the underwriters thereof and claims related thereto, the settlement of
any litigation that is not fully covered by insurance involving more than $1000.00, entering into any contract which obligates the Company
for more than $500.00 (except to the extent expressly set forth in an Annual Budget) or which cannot be cancelled without payment
of a cancellation fee or other premium on not more than 30 days prior notice
* entering into any lease for office space
* filing of any petition or consenting to the filing of any petition that would subject the Company to a bankruptcy or similar proceeding
* any other action which, considered before the taking thereof, could reasonably be expected to have a material effect upon the business
or affairs of the Company or is a breach of fiduciary duty.

1
src/Board/charters/ForProfitCommittee-Charter.md Normal file
View File

@ -0,0 +1 @@
# Committe Charter - ForProfit

4
src/Board/charters/HFNOC-Committee-Charter.md Normal file
View File

@ -0,0 +1,4 @@
# High Flight Network Operating CoOp - Committe Charter
To be written soon

237
src/Board/charters/NonProfit-Committee-Charter.md Normal file
View File

@ -0,0 +1,237 @@
# Non Profit Committee Charter
## Non Profit Committee Responsibilities
### Organization Related
The Non Profit TSYS Group Entities:
* Americans For A Better Network INC
* Side Door Group INC
* Side Door PAC INC
are managed by the Non Profit Committee.
### Primary duties of the Committee:
1. To determine, create, and review the Entities mission and purpose. The Committee ensures that the Entities current mission statement
correctly expresses the Entities goals, its means, and the individuals the Entity primarily serves.
2. Hire, supervise and evaluate the Executive Director.
3. Ensure that the Executive Director has the support needed to further the mission of the organization.
4. Participate in organizational planning, assist the Executive Director in implementing and monitoring the plan.
5. Provide financial oversight including approving the annual budget and ensuring that proper financial controls are in place.
6. Ensure that the organization is complying with legal and ethical standards.
7. Board members should be able to articulate Entities mission, accomplishments, and vision to the public.
8. Recruit new Board members and assess overall Board performance.
9. Board members should strive to garner support (financial and otherwise) from the community.
10. Determine, monitor, and strengthen Entities programs and services.
## Committee Role in the Operations of Non Profit entities
1. Refrain from making special requests of the staff.
2. Suggest nominees to the Committee who can make significant contributions to the work of the Committe and the Entities.
3. Actively participate in functions and special events, as well as, educate others about the Entities.
4. Be informed about Entity mission, services, policies, events, and keep up-to-date on developments in the area of internet access equality.
5. Maintain strict adherence to TSYS Group conflict of interest and confidentiality policies.
## Meetings
The Committee meets approximately 10 times each year. The President of the Committee may call special meetings as needed.
The Committee annual meeting is held every September.
The Committee meets every month on the first Tuesday from 7:30 to 9:30 p.m CST
Meetings may be attended remotely through electronic means.
The presence of fifty percent (50%) of the directors at any meeting constitutes a quorum.
## Term of Office
Board members are elected to a two-year term of office. The term is without compensation. The Board is made up of 3 to 15 members. Terms begin in November at
our annual meeting and expire at the conclusion of the second annual meeting following their election.
A director can only serve for three consecutive terms. Following completion of a directors term, he or she is eligible for re-election after a one year
waiting period.
## Orientation
Generally, following appointment of new member to the Committee, an orientation will be conducted. All members of the Committee are expected to participate.
## Committee Attendance Policy
The Committee attendance policy helps to ensure full contribution of all Committee members.
The Committee meets at least ten (10) times a year. A Committee attendance problem occurs if:
1. A Committee member has two (2) unexcused absences in a row meaning the member did not communicate ahead of time to indicate they would be unable to attend.
2. A Committee member has three (3) excused absences in a row.
If a Committee attendance problem develops, the Committee President will promptly contact the Director to discuss the problem. The Directors response
will be shared by the Committee President with the entire Committee at their next meeting. In that meeting, the Committee will decide what action should take
place (if any) regarding future membership. The Committee may choose to initiate removal proceedings.
## Officers of the Committee
The officers of the Committee serve one year terms in their respective offices. Any officer of the Committee may be removed by the two-thirds vote of the
voting Directors whenever in its judgment the best interests of the Entities will be served.
### President
1. Is a member of the Committee and serves as the chief volunteer of the Entities.
2. Presides at all meetings of the Committee after developing the agenda with the Entity Executive Directors.
3. Encourages the Committee role in strategic planning.
4. Appoints the chairpersons of sub committees, in consultation with the other Committee members.
5. Plays a leading role in fundraising activities.
6. Is a partner and liason with the Executive Director in achieving the mission of the Entities.
7. Reports to the full TSYS Group Board Of Directors on the committees decisions and recommendations.
### Vice President
1. Is a member of the Committee.
2. Performs responsibilities of the Committee President when the President is not available.
3. Works closely with the Committee President and the Group Entity staff to achieve the mission of the Entities.
### Treasurer
1. Is a member of the Committee.
2. Assists the Executive Director with fiscal matters of the organization, including account signature and reimbursement authorization of the Executive Director.
3. Works closely with the Entity's Executive Director to assure financial accountability.
4. Ensures development and Committee review of financial policies and procedures.
5. Works with Entity's Executive Director in reviewing the annual budget and financial reports for the Committee.
### Secretary
1. Is a member of the Committee.
2. Maintains records of the Committee and ensures effective management of the organizations records.
3. Manages minutes of the Committee meetings and ensures minutes are distributed to members shortly after each meeting.
4. Is familiar with legal documents (e.g. Articles of Incorporation, Bylaws, and IRS letters) to note applicability at meetings.
### Sub Committees
The Committee can establish sub committees to assist them in conducting their business. Sub Committee meetings are held on an as needed basis.
Times and dates are set by the sub committee chairperson. All members of the Committee are expected to serve on at least one sub committee.
### Executive Sub Committee
The Executive Sub Committee oversees the operations of the Committee and often acts on behalf of the Committee during on-demand activities that occur
between meetings and these acts are later presented for review by the full Committee . The Executive Sub Committee is also responsible for completing an
annual performance evaluation for the Entity Executive Director and assists the Entity Executive Director with management and personnel matters.
The Executive Sub Committee is comprised of the officers of the Committee.
### Fundraising Sub Committee
This sub committee ensures that funds are raised to enable the Entities to fulfill their mission. The members consider ways to finance the Entities beyond
charitable solicitations, e.g. earned income, fees, contracts.
### Finance Sub Committee
The Finance Sub Committee recommends policy regarding the Entity finances and assets and ensures adequate financial controls. The members assume
responsibility for safeguarding any endowment or reserve funds.
### Nominating Sub Committee
The Nominating Sub Committee members ensure the Committee has an effective process and structure in place to conduct business. They are responsible for
planning the Committee retreat, sub committee development, ongoing training of Committee members and Committee evaluation.
This sub committee is responsible for recruiting, screening and orienting new Committee members.
### Public Relations Sub Committee
This sub committee promotes awareness of the Entities in the community and works to ensure the Entities enjoys a good public image.
Members are available to present to community organizations on the role of the Entities and the services they provide.
### Ad Hoc
From time to time, an ad hoc sub committee may be formed to accomplish a specific goal and then ceases to exist. Examples of ad hoc committees might
include:
* Capital Campaign
* Special Events
* Strategic Planning
* Facility
## Roles and Responsiblities
| Activity | Board | Executive Director |
|----------|-------|--------------------|
|Develop long term goals (more than 1 year) | Approves | Recommends and provides input|
|Develop short-term goals |Monitors | Establishes and carries out|
|Day to day operation of the Center |No role | Makes all management decisions|
|Budget | Approves | Develops and recommends|
|Capital purchases over $5,000 | Approves | Prepares request|
|Approving expenses over $5,000 | Approves | Obtains estimates and prepares recommendation|
|Decisions on building renovations and expansion | Makes decisions, assumes responsibility | Makes recommendations|
|Authorize purchase of supplies |Approves budget | Purchases according to agency need|
|Minor repairs | Approves budget | Authorizes repairs up to $5,000|
|Hiring of staff | No role | Hires staff|
|Hiring Executive Director | Responsible for the hiring of Executive Director | No role|
|Staff assignment and supervision | No role | Responsible for assigning work and supervising|
|Terminate staff | No role | Makes final termination decision|
|Staff grievances| Has a role in grievances process, but only as it pertains to disciplinary action| All other grievances stop at the Executive Director who is responsible for enforcing policies|
|Staff salaries| Allocates line item for salaries in budget| Reviews and make recommendations at time of annual budget|
|Personnel policies |Approves | Recommends and administers|
|Staff evaluation |Evaluates Executive Director |Evaluates all other staff|
|Raising funds to support the Entities| Joint| Joint|
## Committee and Staff Relationships
The Executive Director is responsible for the hiring, termination and daily management and supervision of the Entity staff.
It is important for the Entity members to maintain appropriate roles and boundaries with staff and adhere to rules of
confidentiality. For instance, if a staff person or volunteer approaches a Committee member with concerns or complaints about
the Entities operation, the Committee member should refer the matter back to the Executive Director.
## Commitee Member as representative of Entity
Committee members should be well informed of the mission and goals of the Entities. Each member should strive to educate, inform, and
recruit support for the programs in the community.
Bearing in mind, that there may be situations in which Committee members should direct questions posed to them to the Executive Director or President.
The situations may be when a Committee member is unsure of the answer or when:
* Media involvement in a well publicized case
* Inappropriate actions by staff or a Committee member
* Liability or lawsuits
It is important that when a Committee member has a question about a public statement, the Committee member first seek assistance from the organization.
## Conflict of Interest
Any duality of interest or possible conflict of interest on part of any Committee member should be disclosed to other Committee members and made a
matter of Committee action.
Committee members shall not benefit financially from their association with the TSYS Group.
Any Committee member having a duality of interest or possible conflict of interest on any matter should not vote or use his/her personal influence on
the matter and he/she should not be counted in determining the quorum for the meeting.
The minutes of the meeting should reflect that a disclosure was made and that the Committee member abstained from voting.
Committee personal relationships should not be used to influence decisions regarding staff hiring, evaluation, the choice of vendors,
or the provision of programs and services.
Committee members should not request staff members to support their political positions or assist in their campaign for public office.
Committee members are not allowed access to confidential organization records simply because of their position on the Committee and should not request
staff to breach confidentiality.

4
src/Board/charters/Redwood-Committee-Charter.md Normal file
View File

@ -0,0 +1,4 @@
# Redwood Springs Capital Partners - Committe Charter
To be written soon

20
src/Board/charts/BoD.diag Normal file
View File

@ -0,0 +1,20 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Leadership" -> "TBD - Bod Chair";
"TSYS Group Board of Directors" -> "Leadership" -> "TBD - BoD Co Chair";
"TSYS Group Board of Directors" -> "Support Activity" -> "TBD - Outside Counsel";
"TSYS Group Board of Directors" -> "Support Activity" -> "TBD - Outside Auditor";
"TSYS Group Board of Directors" -> "Support Activity" -> "Ruiz CPA - Outside CPA";
"TSYS Group Board of Directors" -> "Support Activity" -> "Charles Wyble - BoD Secretary";
"TSYS Group Board of Directors" -> "Committees";
}

BIN
src/Board/charts/BoD.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

18
src/Board/charts/ForProfit.diag Normal file
View File

@ -0,0 +1,18 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "For Profit Committee";
"TSYS Group Board of Directors" -> "For Profit Committee" -> "TBD - Committee Chair";
"TSYS Group Board of Directors" -> "For Profit Committee" -> "TBD - Legal & Regulatory Oversight";
"TSYS Group Board of Directors" -> "For Profit Committee" -> "TBD - R&D Oversight";
"TSYS Group Board of Directors" -> "For Profit Committee" -> "TBD - Education Oversight";
}

BIN
src/Board/charts/ForProfit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

21
src/Board/charts/NonProfit.diag Normal file
View File

@ -0,0 +1,21 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Non Profit Committee";
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - Committee President" ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - Committee Vice President " ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - Committee Treasurer" ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "Charles Wyble - Committee Secretary" ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - Fundrasing " ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - PAC Oversight" ;
"TSYS Group Board of Directors" -> "Non Profit Committee" -> "TBD - Legislation Oversight" ;
}

BIN
src/Board/charts/NonProfit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

21
src/Board/charts/Redwood.diag Normal file
View File

@ -0,0 +1,21 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Redwood Committee";
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Committee Chair" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Regulatory Oversight" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Legal Oversight" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Investment portfolio Oversight" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Investment selection Oversight" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Portfolio management Oversight" ;
"TSYS Group Board of Directors" -> "Redwood Committee" -> "TBD - Limited Partner Oversight" ;
}

BIN
src/Board/charts/Redwood.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

18
src/Board/charts/audit-committee.diag Normal file
View File

@ -0,0 +1,18 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Audit Committee";
"TSYS Group Board of Directors" -> "Audit Committee" -> "TBD - Committee Chair" ;
"TSYS Group Board of Directors" -> "Audit Committee" -> "TBD - Committee member 1" ;
"TSYS Group Board of Directors" -> "Audit Committee" -> "TBD - Committee member 2" ;
"TSYS Group Board of Directors" -> "Audit Committee" -> "TBD - Committee member 3" ;
}

BIN
src/Board/charts/audit-committee.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.8 KiB

20
src/Board/charts/committees.diag Normal file
View File

@ -0,0 +1,20 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Committees";
"TSYS Group Board of Directors" -> "Committees" -> "Executive, Governance And Nominating Committee"
"TSYS Group Board of Directors" -> "Committees" -> "Audit Committee"
"TSYS Group Board of Directors" -> "Committees" -> "For Profit Committee"
"TSYS Group Board of Directors" -> "Committees" -> "Non Profit Committee"
"TSYS Group Board of Directors" -> "Committees" -> "HFNOC Committee"
"TSYS Group Board of Directors" -> "Committees" -> "Redwood Committee"
}

BIN
src/Board/charts/committees.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

20
src/Board/charts/exec-committee.diag Normal file
View File

@ -0,0 +1,20 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee";
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "BoD Chair" ;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "BoD Co Chair" ;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "Non Profit Committee Chair" ;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "For Profit Committee Chair" ;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "HFNOC Committee Chair" ;
"TSYS Group Board of Directors" -> "Executive Governance And Nominating Committee" -> "Redwood Committee Chair" ;
}

BIN
src/Board/charts/exec-committee.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

19
src/Board/charts/hfnoc-committee.diag Normal file
View File

@ -0,0 +1,19 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group Board of Directors" -> "HFNOC Committee";
"TSYS Group Board of Directors" -> "HFNOC Committee" -> "TBD - Committee Chair" ;
"TSYS Group Board of Directors" -> "HFNOC Committee" -> "TBD - Regulatory Oversight" ;
"TSYS Group Board of Directors" -> "HFNOC Committee" -> "TBD - Legal Oversight" ;
"TSYS Group Board of Directors" -> "HFNOC Committee" -> "TBD - Operations Oversight" ;
"TSYS Group Board of Directors" -> "HFNOC Committee" -> "TBD - Government Service Operations Oversight" ;
}

BIN
src/Board/charts/hfnoc-committee.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

17
src/Board/corp-charts/HFNOC/HFNOC-Hold.diag Executable file
View File

@ -0,0 +1,17 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"HFNOC LLC" -> "Holding Companies"
"HFNOC LLC" -> "Holding Companies" -> "Commons (NCL) Flight Holdings Co";
"HFNOC LLC" -> "Holding Companies" -> "Proprietary (non NCL) Flight Holdings Co";
"HFNOC LLC" -> "Holding Companies" -> "United States Government - Classified Flight Holdings Co";
"HFNOC LLC" -> "Holding Companies" -> "United States Government - Unclassified Flight Holdings Co";
}

BIN
src/Board/corp-charts/HFNOC/HFNOC-Hold.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

17
src/Board/corp-charts/HFNOC/HFNOC-Op.diag Executable file
View File

@ -0,0 +1,17 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"HFNOC LLC" -> "Operating Companies"
"HFNOC LLC" -> "Operating Companies" -> "Commons (NCL) Flight Operations Co";
"HFNOC LLC" -> "Operating Companies" -> "Proprietary (non NCL) Flight Operations Co";
"HFNOC LLC" -> "Operating Companies" -> "United States Government - Classified Flight Operations Co";
"HFNOC LLC" -> "Operating Companies" -> "United States Government - Unclassified Flight Operations Co";
}

BIN
src/Board/corp-charts/HFNOC/HFNOC-Op.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

15
src/Board/corp-charts/HFNOC/HFNOC.diag Executable file
View File

@ -0,0 +1,15 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"Turnsys Group" -> "HFNOC LLC" ;
"Turnsys Group" -> "HFNOC LLC" -> "Holding Companies";
"Turnsys Group" -> "HFNOC LLC" -> "Operating Companies";
}

BIN
src/Board/corp-charts/HFNOC/HFNOC.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

26
src/Board/corp-charts/RWSCP/RWSCP-LLC.diag Executable file
View File

@ -0,0 +1,26 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"Redwood Springs Capital Partners LLC" -> "Management/Advisor";
"Redwood Springs Capital Partners LLC" -> "Management/Advisor" -> "Redwood Springs Capital Partners Management Co";
"Redwood Springs Capital Partners LLC" -> "Funds";
"Redwood Springs Capital Partners LLC" -> "Funds" -> "Avenue G (Venture Capital Fund)";
"Redwood Springs Capital Partners LLC" -> "Funds" -> "Boring & Beautiful (Private Equity Fund)";
"Redwood Springs Capital Partners LLC" -> "Funds" -> "Candlelight (Commercial REIT)";
"Redwood Springs Capital Partners LLC" -> "Funds" -> "Starlight (Commercial REIT)";
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings";
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings" -> "RackRental"
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings" -> "Suborbital-Systems"
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings" -> "HFNOC"
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings" -> "Accelerate 3d"
"Redwood Springs Capital Partners LLC" -> "Custodian Holdings" -> "GreenSleveSurgical"
}

BIN
src/Board/corp-charts/RWSCP/RWSCP-LLC.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

16
src/Board/corp-charts/TSYSCore/TSYSGroup-ForProfit.diag Executable file
View File

@ -0,0 +1,16 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group"
"TSYS Group" -> "Turn Net Systems LLC"
"TSYS Group" -> "Rackrental.net Operating Company LLC"
"TSYS Group" -> "Suborbital Systems Development Company LLC"
}

16
src/Board/corp-charts/TSYSCore/TSYSGroup-NonProfit.diag Executable file
View File

@ -0,0 +1,16 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Group"
"TSYS Group" -> -> "Americans For A Better Network INC (emerging 501c3)"
"TSYS Group" -> -> "Side Door Solutions Group INC (emerging 501c4)"
"TSYS Group" -> -> "Side Door PAC (PAC)"
}

14
src/Board/corp-charts/TSYSCore/TSYSGroup-TSYSLLC-Holding.diag Executable file
View File

@ -0,0 +1,14 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
// set default colors
default_node_color = lightblue;
default_group_color = "#7777FF";
default_linecolor = blue;
default_textcolor = black;
"TSYS Core LLC" -> "Holding Cos" -> "CNWTDCMP"
"TSYS Core LLC" -> "Holding Cos" -> "MJATDCMP"
}

11
src/Board/corp-charts/TSYSGroup.diag Executable file
View File

@ -0,0 +1,11 @@
blockdiag {
orientation = portrait
// set default shape
default_shape = roundedbox; // default value is 'box'
"TSYS Group"
"TSYS Group" -> "ForProfit"
"TSYS Group" -> "NonProfit"
"TSYS Group" -> "Redwood"
"TSYS Group" -> "HFNOC"
}

BIN
src/Board/corp-charts/TSYSGroup.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

2
src/Board/policies/AntiHarrassment.md Normal file
View File

@ -0,0 +1,2 @@
# TSYS Group - Anti Harrassment Policy

2
src/Board/policies/InsiderTrading.md Normal file
View File

@ -0,0 +1,2 @@
# TSYS Group Handbook - Anti Insider Trading Policy

17
src/Board/policies/README.md Normal file
View File

@ -0,0 +1,17 @@
# tsg-policies
Policies that apply across the TSYS Group Entities.
Including but not limited to
* IT security
* Equal opportunity
* Federal contracting
* Insider trading
This is a MASSIVE WIP
It's sourced from all over the internet.
The material at https://governance.turnsys.com is authorative.

30
src/CIO/CIO.md Normal file
View File

@ -0,0 +1,30 @@
# TSYS Group - CIO Documentation
## Introduction
Welcome to the TSYS Group Handbook - CIO Documentation.
We strive to be as open, transparent and responsive as possible as we support the mission of the TSYS Group and it's component divisions.
We are glad you are here. :)
This manual serves as the sole source of documentation for all IT operations/systems/services of TSYS Group.
We strive to provide a complete suite of services utilizing an almost entirely FLO stack. The FLO exceptions are:
* Office 365 for e-mail
* Neat.com for expense receipt OCR
* Windows 10 workstations
* Apple IOS devices
The entirety of our servers are running Ubuntu 20.04 or later.
Other than the above exceptions, we utilize 100% FLO software to implement every single IT and Business service delivered to
the TSYS group. We hope our documentation helps you do the same.
Our business and IT service stack GIT Repository: <https://git.turnsys.com/TSGTechops/docs-techops>
## Todo list:
<https://git.turnsys.com/TSGTechops/docs-techops/issues>

1
src/CIO/EngWorkstationBuildGuide.md Normal file
View File

@ -0,0 +1 @@
# Workstation Build Guide

27
src/CIO/Policies/BusinessContinuityPlan.md Normal file
View File

@ -0,0 +1,27 @@
# TSYS Group - IT Documentation - Policies - Business Continuity Plan
## Data
In the event of a data failure, data should be recovered from the most recent backup, to have as minimal impact on daily operations as possible.
* All data lives canonically at PFV
* All data resides in ZFS volumes on pfv-stor2 and pfv-stor1
* All ZFS volumes are continuously snapshotted in place on array
* All ZFS volumes are replicated at various intervals depending on recovery time objectives to pfv-stor1 backup drive
## Equipment
In the event of an equipment failure, equipment is to be replaced as soon as possible, utlizing insurance policies as necessary to recoup losses imposed. Replacesments are to be obtained, and data recovered, as soon as possible, to have as minimal impact on daily opersation as possible.
## Facility
As of the time of this writing, PFV is the only location, and in the event it should become permanently unavailable, obtaining use of a coworking space, such as WeWork or Capitol Factory, for continued dailiy operations is a must, until new dedicated facilities become available.
## Personnel
* In the event that the CEO is no longer willing or able to perform their duties, the next officer in succession is the CFO. The CFO shall perform the duties of both officers, until such time as a replacement can be found.
* In the event that the CFO is no longer willing or able to perform their duties, the next officer in succession is the CMO. The CMO shall perform the duties of both officers, until such time as a replacement can be found.
* In the event the CMO is no longer willing or able to perform their duties, the CTO shall perform the duties of CEO/CFO/CMO and will be acting CEO/CFO/COM until such time as a replacement can be found.

18
src/CIO/Processes/2fa.md Normal file
View File

@ -0,0 +1,18 @@
# TSYS Group - IT Documentation - Processes - 2fa
- [TSYS Group - IT Documentation - Processes - 2fa](#tsys-group-it-documentation-processes-2fa)
- [Introduction](#introduction)
- [Applications](#applications)
## Introduction
This section is to document 2fa at TSYS.
## Applications
| Application | 2fa supported | 2fa enforced | 2fa documentation from vendor | 2fa enable page |
| ----------- | ------------- | ------------ | ----------------------------- | --------------- |
| Discourse | Yes | No | tbd | tbd |
| Bitwarden | Yes | Yes | tbd | tbd |
| Opnsense | Yes | Yes | tbd | tbd |

1
src/CIO/Processes/MoveToProduction.md Normal file
View File

@ -0,0 +1 @@
# Processes - Move To Production

44
src/CIO/Processes/MoveToproduction.md Normal file
View File

@ -0,0 +1,44 @@
# TSYS Group - IT Documentation - Processes - Move To Production
- [TSYS Group - IT Documentation - Processes - Move To Production](#tsys-group-it-documentation-processes-move-to-production)
- [Provision the system](#provision-the-system)
- [Configure the system](#configure-the-system)
## Provision the system
The below steps are performed manually for the small handful of "pet" machines (db/web/app). They are performed by the RackRental provisioner for the "cattle" machines.
* Create phpipam record
* Create forward DNS record
* Create reverse DNS record
* Install the VM
i - Setup the hostname
* Install SSH server
* Configure IP address
* Set resolver to 10.251.37.5 , 10.251.37.6
## Configure the system
* Install FetchApply
```bash
curl <http://pfv-toolbox.turnsys.net/installFetch.sh|/bin/bash>
```
FetchApply will :
* Setup NTP
* Add rundeck key to root authorized_keys
* Setup postfix to relay via pfv-toolbox
* Setup netdata agent
* Setup snmpd
* Add the tsys CA root/intermediate certs
* Harden ssh configuration
* Install logwatch
* Install molly-guard
* Patch the system
* Add system to librenms
* Add system to rundeck
* Perform any server role specific configuration

81
src/CIO/Processes/NewTeamMemberOnboarding.md Normal file
View File

@ -0,0 +1,81 @@
# TSYS Group - IT Documentation - Processes - New Team Member Onboarding
- [TSYS Group - IT Documentation - Processes - New Team Member Onboarding](#tsys-group-it-documentation-processes-new-team-member-onboarding)
- [Introduction](#introduction)
- [Proces Overview](#proces-overview)
- [All users](#all-users)
- [R&D users](#r-d-users)
- [HR tasks](#hr-tasks)
- [Invite user to Discord](#invite-user-to-discord)
- [Inform TSYS point of contact of persons real name and Discord handle](#inform-tsys-point-of-contact-of-persons-real-name-and-discord-handle)
- [IT tasks](#it-tasks)
- [Application Access](#application-access)
- [System Access](#system-access)
- [Facillites Access](#facillites-access)
- [R&D access](#r-d-access)
- [Other tasks](#other-tasks)
- [Introduction](#introduction)
- [IT tasks](#it-tasks)
- [Application Access](#application-access)
- [System Access](#system-access)
- [Facillites Access](#facillites-access)
- [R&D access](#r-d-access)
- [HR tasks](#hr-tasks)
- [Other tasks](#other-tasks)# TSYS Group - IT Documentation - Processes - New Team Member Onboarding
## Introduction
On-boarding is an often overlooked and under documented aspect at companies ranging from startups to established multi national corporations.
We are starting things off right and are in the process of establishing a streamlined on-boarding process. More to come soon, as we work out the
final bugs!
## Proces Overview
### All users
* Invite user to Discord
* Create user account in UCS
* Send initial UCS username/ppassword via discord DM
* Have user change password at https://accounts.knownelemetn.com
* Once user has changed password, add them to appropriate UCS groups
### R&D users
* Create wireguard config with algo for any user systems
* Send user a discord DM with the algo config / QR
* Have user import TSYS Root CA certificate
## HR tasks
### Invite user to Discord
* Document process
### Inform TSYS point of contact of persons real name and Discord handle
* Document process (erpnext workflow)
## IT tasks
### Application Access
- LDAP Groups
- Application ACLs
### System Access
- Wireguard
- SSH key management
### Facillites Access
### R&D access
## Other tasks

125
src/CIO/Processes/PFVRunbook.md Normal file
View File

@ -0,0 +1,125 @@
# TSYS Group - HQ data center documentation - runbook
- [TSYS Group - HQ data center documentation - runbook](#tsys-group-hq-data-center-documentation-runbook)
- [Introduction](#introduction)
- [Prerequisites and requirements](#prerequisites-and-requirements)
- [Scenarios](#scenarios)
- [Power lost and internet access isn't working after power is restored](#power-lost-and-internet-access-isn-t-working-after-power-is-restored)
- [UPS battery fails](#ups-battery-fails)
- [Air conditioning fails (E5 error)](#air-conditioning-fails-e5-error)
## Introduction
This book covers recovery scenarios for PFV. It is meant to be executed inside the PFV server room.
## Prerequisites and requirements
* Be in the PFV server room
* Have a headlamp so your hands are free
* Go slow and easyo
* Ask for help
* Lift up the cardboard on rack3 (bottom rack of the two half racks next to rack 5), so you can press buttons on the Keyboard/Video/Mouse (KVM) switcher
## Scenarios
### Power lost and internet access isn't working after power is restored
The Virtual machines are set to automatically start on boot of the virtual server hosts. However the virtual server hosts boot faster than the storage hosts.
So a manual intervention is needed to restore service.
Procedure:
Step 1)
Ensure that storage enclosures are at the login prompt. You'll be confirming two systems:
* pfv-stor1
* pfv-stor2
The buttons on the KVM switcher with the label
* s1
* s2
will show you the output from pfv-stor1/pfv-stor2 respectively (on the monitor sitting on top of the UPS rack)
* Press the button with the label s1
* Look at the monitor
* Ensure it's at a login prompt.
* Press the button with the label s2
* Look at the monitor
* Ensure it's at a login prompt.
Step 2)
Restart pfv-vm1
Procedure:
1) reboot the system labeled pfv-vm1:
* Press the button on the KVM switcher labeled v1
* quickly press and let go of the power button (just tap it and release). This will start a shutdown of the system.
* wait for power off and observe the output on the monitor . It will print out status as it shuts down.
* Press the power button and let go of the power button (just tape it and release). This will start the system back up.
* wait for power on and observe the output on the monitor . It will print out status as it starts up and will end at a login prompt.
* wait two minutes
* see if internet is working
2) start the guests by logging into the console of vm1 by typing at the login prompt
root
<password from the envelope in the safe>
Then type: qm start 120
This will start up the router
Then type: qm start 106
This will start up the virtual private network
You can use the command:
``` qm list ```
to get the current state
You may see additional systems other than those listed below, when you run qm list. They are not critical path for production and can be started by ops team once core critical path is operational.
* pfv-vmsrv-01
root@pfv-vm1:~# qm list
VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID
120 pfv-core-rtr01 running 2048 20.00 3786 << this is the virtual router, if it's down, nothing else will work .
106 pfv-vpn running 2048 50.00 12814 << vpn server. No one will be able to access the network remotely if it's down
If the above two systems are functioning , then IT can start up the other systems remotely.
### UPS battery fails
Sometimes the UPS will continue to function, passing through utility power, with an active alarm.
Other times it will fail.
1) Report this to ops team as an incident, including
* which UPS (they are labeled front/back) is having an issue
* nature of the issue (total failure, alarm)
* include a picture of the front which will have some information
2) Replace the battery
* Access printed manual in the file cabinet in server room
* Follow battery replacement procedure
* Take pictures as you pull the battery pack out, to allow for easier re-wiring
* Go to batteries plus with the failed batteries (we replace whole packs at once) and they'll sell you replacements for the pack
* Wire pack and place into UPS
### Air conditioning fails (E5 error)
1) Shut down and unplug air conditioning unit
2) Take air conditioning unit outside (front porch)
3) Drain reservoir

0
src/CIO/Processes/VpnUser.md Normal file
View File

14
src/CIO/Processes/VulnerabilityManagmentNotes.md Normal file
View File

@ -0,0 +1,14 @@
# Vulnerability management
* identify total asset base (use nmap and see if it matches librenms and resolve any discrepancies)
* perform scans of total asset base (using openvas/lynis/ossim)
* manage vulnerability ratings/scope
* notify/escalate to appropriate contacts
* address the vulns
* report metrics (i think the apps provide built in dashboards, may need some light modification)
i think ossim can do all the above ,also lynis/openvas (the three combined should provide complete coverage) (network scan/agent based combination)
librenms is our CMDB currently (for identifying assets/contacts). phpipam is our inventory.

42
src/CIO/SUMMARY.md Normal file
View File

@ -0,0 +1,42 @@
# TSYS Group - IT Documentation
# Application IT
- [Applications and (internally) Hosted Services (and a few external services)](./Systems/Admin-Application/AppsAndServices.md)
- [Runtime Environment for Hosted Services](./Systems/Admin-Application/RuntimeLayer.md)
- [Web Server Configuration](./Systems/Admin-Application/WebServerSetupNotes.md)
# Research And Development IT
- [Workstation Build Guide](./Systems/Admin-RandD/EngineeringWorkstatioNBuildBuide.md)
- [VsCode Setup Guide](./Systems/Admin-RandD/TSYS-DevEnv-VsCode.md)
# General IT
- [TSYS Systems Overview](./Systems/TSYS-Systems.md)
# Data Center IT
- [Cooling](./Systems/Admin-DataCenter/cooling/PFVCooling2021.md)
- [Power](./Systems/Admin-DataCenter/power/PFVPower2021Prod.md)
- [Security](./Systems/Admin-DataCenter/security/PhysicalSecurity.md)
- [Storage](./Systems/Admin-DataCenter/storage/PFVStorage2021.md)
- [TSYS HQ LAN](./Systems/Admin-DataCenter/networking/PFV-LAN.md)
- [TSYS HQ WAN](./Systems/Admin-DataCenter/networking/PFV-WAN.md)
# Platform IT
- [Virtual Guests Inventory](./Systems/Admin-Platform/TSYS-Systems.md)
- [Vulnerability Management](./Systems/Admin-Platform/VulnerabilityManagmentNotes.md)
# Processes
- [DataCenter Runbook](./Processes/PFVRunbook.md)
- [Move To Production](./Processes/MoveToproduction.md)
- [2fa](./Processes/2fa.md)
- [New Team Member On-boarding](./Processes/NewTeamMemberOnboarding.md)
# Policies
- [Authentication](./Policies/Authentication.md)
- [BusinessContinuityPlan](./Policies/BusinessContinuityPlan.md)

0
src/CIO/Systems/Admin-AAA/Auditing.md Normal file
View File

17
src/CIO/Systems/Admin-AAA/Authentication.md Normal file
View File

@ -0,0 +1,17 @@
# Authentication
## Password Management
### Shared Passwords
* We utilize bitwarden for shared password storage. For example for external vendors, social media etc. All external logins are 2fa.
### Privileged Access
* CEO/CFO have equivalent access in bitwarden, to absolutely everything.
* CIO has very limited access to shared passwords (just for pfv-stor until it's hooked into true command). Does not have access to domain admin or other shared passwords.
* CMO has access to all social media and all wordpress admin (but uses normal account for day to day use)
### VPN Endpoint Creation / Deletion
* Ansible recipe for algo (update users.yml and re-run ansible) (document more soon)

0
src/CIO/Systems/Admin-AAA/Authorization.md Normal file
View File

271
src/CIO/Systems/Admin-Application/AppsAndServices.md Normal file
View File

@ -0,0 +1,271 @@
# TSYS / Redwood Group Applications and Services
The goal of this section is to document all applications and services utilized by TSYS Group.
Welcome to the future, welcome to the first open source conglomerate! We have broken the page up into a number of sections, to aid navigation.
To our knowledge, we are the only organization in the known universe to fully document our stack and to fully open source it. Enjoy!
Go forth and create your own conglomerates! Solve big problems!
- [TSYS / Redwood Group Applications and Services](#tsys--redwood-group--applications-and-services)
- [Web Properties](#web-properties)
- [Redwood Group Properties](#redwood-group-properties)
- [Non Profit Properties](#non-profit-properties)
- [For Profit Properties](#for-profit-properties)
- [Coop Properties](#coop-properties)
- [Misc Properties](#misc-properties)
- [Services](#services)
- [Externally provided services](#externally-provided-services)
- [Internally provided services](#internally-provided-services)
- [R&D Applications](#rd-applications)
## Web Properties
### Redwood Group Properties
The below table documents the not primarily for profit entities performing capital raising and management for TSYS Group entities and their members.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------ |
| Redwood Group LLC | Sibling organization to TSYS Group for all capital raising and management | <https://www.redwgr.com> |
| Redwood Springs Capital Partners Management Co LLC | management company of the various funds setup to finance TSYS Group operations | <https://www.rwscp.net> |
| Redwood Family Office LLC | Wealth management/healthcare/estate planning/tax advice broker for LLC members and their families | <https://www.redwfo.com> |
### Non Profit Properties
The below table documents the non profit entities performing the educational, advocacy, lobbying and legislative functions for TSYS Group.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| Americans For A Better Network INC | A non profit (seeking 501c3 status) to educate americans about internet provider choices | <https://www.afabn.org> |
| Free Network Foundation INC | A defunct 501c3 (replaced by AFABN) | <https://www.thefnf.org> |
| Free Network Foundation INC | (wiki) comprehensive body of knowledge about community networking | <https://commons.thefnf.org> |
| Free Network Foundation INC | (static files) Assets (pdfs etc) linked from blog/wiki | <https://staticbits.thefnf.org> |
| Side Door (Solutions) Group INC | A non profit (seeking 501c4) / PAC to drive the necessary legislative and executive changes to enable internet for all | <https://www.sidedoorgroup.org> |
| TSYS Group Non Profit Portal | Landing page for non profits | <https://nonprofit.turnsys.com> |
### For Profit Properties
The below table documents the not primarily for profit entities performing the R&D and providing supporting services functions for TSYS Group.
All sites below are proudly powered by the TSYS Wordpress platform.
| Entity | Description | Website |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------ |
| Axios Heart Studios LLC | Art, 2d,3d and other fabrication services for TSYS Group | <https://www.axiosheartstudios.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - technical blog and information | <https://www.suborbital-systems.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - product page | <https://www.meetmorse.com> |
| RackRental LLC | network and lab equipment rental by the hour for training, config testing, competitive testing | <https://www.rackrental.net> |
| Team Rental LLC | HR/staffing of IT/dev professionals (2 million net new job goal by 2025) | <https://www.teamrental.net> |
| Known Element Enterprises LLC | IT/business back office services | <https://www.knownelement.com> |
| Your Dream Name Here LLC | Business in a box | <https://www.yourdreamnamehere.com> |
| The PeerNet LLC | Community, media, public relations / (live/time shifted) streaming/broadcast service | <https://www.thepeernet.com> |
| The PeerNet LLC | Software platform powering ThePeerNet.com service | <https://www.ezpodstack.org> |
### Coop Properties
The below table documents the fairshares cooperatives for financing, building, owning and operating community networks.
| Entity | Description | Website |
| ----------------------------------------- | -------------------------------------------------------- | -------------------------------- |
| High Flight Network Finance Company LLC | Financing network builds | <https://www.hfnfc.net> |
| High Flight Network Operating Company LLC | User owned/operated network backbone | <https://www.hfnoc.net> |
| KickFund.me LLC | Crowdfunding of network and other infrastructure builds | <https://www.kickfund.me> |
| The Campus Trading Co LLC | treasury/investment management/market and other research | <https://www.thecampustrade.com> |
### Misc Properties
| Entity | Description | Website |
| -------------------- | -------------------------------------- | -------------------------------- |
| CNWCO LLC | Charles Wyble blog | <https://www.reachableceo.com> |
| Turn Net Systems LLC | Overall entity for many subsidiary LLC | <https://www.turnsys.com> |
| Turn Net Systems LLC | Governance information for TSYS group | <https://governance.turnsys.com> |
## Services
### Externally provided services
The below table documents the handful of things TSYS Group has yet to vertically integrate and turn into a profit center.
These are not free/libre/open services, that are externally hosted and represent a cost center.
| Function | Vendor Link |
| ----------------------------------------------- | -------------------------------------------------------------------------------------- |
| Corporate email | <https://www.microsoft.com/en-us/microsoft-365/buy/compare-all-microsoft-365-products> |
| OCR for expense management | <https://www.neat.com/> |
| Payment processing | <https://www.paypal.com/> <https://squareup.com/us/en)/> <https://stripe.com/> |
| Payment, treasury operations, wealth management | <https://www.goamplify.com/>) |
| Tax prep/audit and other CPA services | (coming soon) |
| Domain Registrar , DNS, | <https://www.ovh.com/ca/en/>) |
| Live audio/video and text chat | <https://discord.com/>) |
### Internally provided services
These are hosted services (internally hosted by IT) and accessed via either a thick client application or a web browser.
They are provided by Known Element Enterprises LLC.
| Function | Vendor | Application Instance |
| ---------------------------------------------- | --------------------------------------------------------------- | -------------------------------------------------- |
| Storage Array for enterprise wide use | <https://www.freenas.org/> | <http://pfv-stor1.turnsys.net/> |
| Storage Array for RackRental use | <https://www.freenas.org/> | <http://pfv-stor2.turnsys.net/> |
| Ad blocking | <https://pi-hole.net/> | <http://pihole1.turnsys.net/admin> |
| Ad blocking | <https://pi-hole.net/> | <http://pihole2.turnsys.net/admin> |
| IAM | <https://www.gluu.org/> | <https://accounts.turnsys.com> |
| Artifact store | <https://archiva.apache.org/> | <https://artifacts.turnsys.com> |
| Zero trust,BeyondCorp | <https://www.trasa.io/docs/> | <https://beyondcorp.turnsys.com/> |
| Billing platform | <https://killbill.io/> | <https://billing.turnsys.com> |
| Shared Bookmarks | <https://github.com/shaarli/Shaarli> | <https://bookmarks.knownelement.com/> |
| Building Automation | <https://www.home-assistant.io/> | <https://buildauto.turnsys.net/> |
| CAD | <https://collabcad.gov.in/eCollabCAD/> | <https://cad.turnsys.com> |
| CI/CD | <https://www.jenkins.io/> | <https://ci.turnsys.com/> |
| Support forum/KB/general discussion | <https://www.discourse.org/> | <https://community.turnsys.com/> |
| Editing of audio | <https://github.com/Yahweasel/craig | <https://craig.thepeernet.com> |
| Customer data analytics and management | <https://github.com/rudderlabs> | <https://custdash.turnsys.com> |
| Database access | <https://www.metabase.com/> | <https://db.turnsys.com> |
| ERP | <https://erpnext.org/> | <https://erp.turnsys.com/> |
| WebForms | <https://easyforms.dev/> | <https://forms.turnsys.com> |
| Configuration management | <https://github.com/team-video/aviary.sh> | <https://git.turnsys.com/TSGTechops/ConfigMgmt> |
| Source code management | <https://gitea.io/en-us/> | <https://git.turnsys.com> |
| Docker registry | <https://goharbor.io/> | <https://docker-reg.turnsys.com> |
| Customer Helpdesk | <https://freescout.net/> | <https://support.turnsys.com> |
| Business logic/workflow execution | <https://github.com/huginn/huginn> | <https://huginn.turnsys.com> |
| Asset management/inventory | <https://glpi-project.org/> | <https://inventory.turnsys.com/> |
| Mobile Device Management | <https://www.flyve-mdm.com/> | <https://inventory.turnsys.com> |
| SSH Jump <audited,logged,2fa etc> | <https://www.bastillion.io/> | <https://jumpssh.turnsys.com/> |
| Code Notebook | <https://www.github.com/jupyter/enterprise_gateway> | <https://jupyter.turnsys.com> |
| Engineering Notebook | <https://www.elabftw.net/> | <https://labnotebook.turnsys.com> |
| Training/coursework | <https://www.instructure.com/canvas/> | <https://learn.turnsys.com> |
| Mail Archiving/retention/legal/regulatory hold | <https://www.mailpiler.org/wiki/start> | <https://legalhold.turnsys.com> |
| Email Discussion lists | Mailman | <https://mailman.turnsys.com> |
| Marketing Campaigns | <https://www.mautic.org/> | <https://marketing.iurnsys.com/> |
| Out of band system access | <https://www.meshcommander.com/meshcommander> | <https://meshoob.turnsys.net> |
| Budget/Finance analytics/modeling etc | <https://www.firefly-iii.org/> | <https://moneystuff.turnsys.com/> |
| Service Availability Monitoring | <https://www.librenms.org/> | <https://halfthefarm.turnsys.com/> |
| File sync/Groupware | <https://nextcloud.com/hub/> | <https://nextcloud.turnsys.com/> |
| Video surveillance | <https://shinobi.video/> | <https://nvr.turnsys.net> |
| Automated Security Auditing and reporting | <https://openvas.org/> | <https://openvas.turnsys.com/> |
| Pastebin | <https://github.com/claudehohl/Stikked> | <https://paste.turnsys.com> |
| IP Routing/firewalling/DHCP/IDS/IPS/Proxy etc | <https://opnsense.org/> | <https://pfv-core-rtr01.turnsys.net/> |
| IP Routing/firewalling/DHCP/IDS/IPS/Proxy etc | <https://opnsense.org/> | <https://pfv-core-rtr02.turnsys.net/> |
| Photo Management | <https://piwigo.org/> | <https://photos.turnsys.com/> |
| IP Address Management | <https://phpipam.net/> | <https://phpipam.turnsys.com/index.php?page=login> |
| Outbound Newsletters | <https://www.phplist.com/> | <https://phplist.turnsys.com/lists/admin/> |
| Password Management | <https://github.com/dani-garcia/bitwarden_rs> | <https://pwvault.turnsys.com> |
| Secrets Management | <https://github.com/envwarden/envwarden> | <https://pwvault.turnsys.com> |
| Read later | <https://wallabag.com>> | <https://readlater.turnsys.com> |
| Research archive management | <https://archivebox.io/> | <https://research.turnsys.com> |
| Document review/change tracking workflow | <https://www.reviewboard.org/> | <https://review.turnsys.com/> |
| RSS Feed Management | <https://www.freshrss.org/> | <https://rss.knownelement.com> |
| orchestration | <https://www.rundeck.com/open-source> | <https://rundeck.turnsys.net/> |
| Document Creation and management | <https://sandstorm.io/> | <https://sandstorm.turnsys.com> |
| Full text Search | <https://ambar.cloud/> | <https://search.turnsys.com> |
| Host IDS / SIEM | <https://wazuh.com/> | <https://siem.turnsys.com> |
| Streaming of live audio/video | <https://openstreamingplatform.com/> | <https://streaming.thepeernet.com/> |
| Backups | BareOS | <https://tsys-dc-01.turnsys.net/bareos-webui/> |
| Inbound PSTN voice communications | <https://www.sipwise.com/> | <https://voice.turnsys.com> |
| Voting | TBD | <https://voting.turnsys.com> |
| Web Analytics | <https://matomo.org/> | <https://webstats.turnsys.com/> |
| Shared whiteboard | <https://wbo.ophir.dev/> | <https://whiteboard.turnsys.com/> |
| 501c3 donor management/CRM | <https://civicrm.org/home> | <https://www.afabn.org/crm> |
| 501c4 donor management/CRM | <https://civicrm.org/home> | <https://www.sidedoorgroup.org/crm> |
| Streaming of time shifted audio/video | <https://git.turnsys.com/ThePeerNetwork/PodcastAsAServiceStack> | N/A |
| Serverless | <https://github.com/openfaas/faasd/> | N/A |
| Offline Root CA | <https://hohnstaedt.de/xca/> | N/A |
| On demand system provisioning | <https://maas.io/> | N/A |
| Internal CA | <https://github.com/cloudflare/cfssl> | N/A (API Driven) |
| Business Process Mapping | TBD | TBD |
| Computer aided dispatch | TBD | TBD |
| E-signature and contract management | TBD | TBD |
| Process mining | TBD | TBD |
>
## R&D Applications
These are thick client applications installed locally on a developer workstation.
This software has two modes of deployment:
- downloaded from the vendor and setup on your physical workstation (used for dev/testing/experimenting)
- downloaded from the /subo directory and ran on your physical workstation or run from the /subo directory on a virtual workstation you login to remotely
The software that is built/deployed in /subo is the only version approved for production use.
The exception to that is if it has an OTS notation next to it's name, in which case you can use the latest stable version from the vendor.
| Program | Used By | Link | Product Scope |
| -------------------- | ------------------ | ------------------------------------------------------------------------ | ------------------------------------------------- |
| android studio (OTS) | Team-SwEng | <https://developer.android.com/studio> | MorsePod |
| argouml (OTS) | All | <https://github.com/argouml-tigris-org/argouml> | All |
| bitwaden (OTS) | All | <https://bitwarden.com/> | N/A |
| Blender | Team-MechEng/HwEng | <https://www.blender.org/> | MorseFlyer, MorseSkynet |
| bonita (OTS) | All | <https://www.bonitasoft.com/> | All |
| calibre (OTS) | All | <https://calibre-ebook.com/> | N/a |
| camotics | Team-MechEng | <https://camotics.org/> | MorseFlyer (avionics), MorseSkynet |
| chisel | Team-HwEng | <https://www.chisel-lang.org/> | MorseSkynet |
| CodeAster | Team-MechEng | <https://www.code-aster.org/V2/spip.php?rubrique2> | MorseFlyer (envelope/parafoil/airframe) |
| Cubit Toolkit | Team-MechEng | <https://cubit.sandia.gov/> | MorseFlyer (envelope/parafoil/airframe) |
| CUDA SDK | Team-HwEng | <https://developer.nvidia.com/cuda-zone> | MorseFlyer (envelope/parafoil/airframe) |
| Cura | Team-MechEng | <https://ultimaker.com/software/ultimaker-cura> | MorseFlyer (envelope/parafoil/airframe) |
| DbEaver(OTS) | Team-SwEng | <https://dbeaver.io/> | MorseFlyer(avionics), RacKRental.net, HFNOC |
| docear (OTS) | All | <https://docear.org/> | N/A |
| Docker Desktop (OTS) | All | <https://www.docker.com/products/docker-desktop> | All |
| embitz (OTS) | Team-SwEng/HwEng | <https://www.embitz.org/> | MorseSkynet |
| Esim | Team-HwEng | <https://esim.fossee.in/> | MorseFlyer (avionics), MorseSkynet |
| Flora | Team-HwEng/SwEng | <https://flora.aalto.fi/> | MorseFlyer (avionics), MorseSkynet |
| Freecad | Team-MechEng/HwEng | <https://github.com/FreeCAD> | MorseFlyer, MorseSkynet |
| gerber2graphtec | Team-HwEng | <https://github.com/pmonta/gerber2graphtec> | MorseFlyer, MorseSkynet |
| gerber2graphtec | Team-HwEng | <https://github.com/colinoflynn/gerber2graphtec/>> | MorseFlyer, MorseSkynet |
| Gerby | Team-HwEng | <http://gerbv.geda-project.org/> | MorseFlyer (avionics), MorseSkynet |
| ghidra (OTS) | Team-SwEng | <https://ghidra-sre.org/> | ALl (SDLC) |
| gnuradio | Team-HwEng | <https://www.gnuradio.org/> | MorseSkynet |
| GprMax | Team-HwEng | <https://github.com/gprMax/gprMax> | MorseFlyer (avionics), MorseSkynet |
| grass gis (OTS) | Team-SwEng | <https://grass.osgeo.org/> | HFNOC |
| graywolf | Team-HwEng | <https://github.com/rubund/graywolf> | MorseSkynet |
| inkscape | Team-HwEng/MechEng | <https://inkscape.org/> | MorseFlyer, MorseSkynet |
| jxplorer (OTS) | Team-IT | <http://jxplorer.org/> | HFNOC/HFNFC |
| keybase | All | <https://keybase.io> | N/A |
| Kicad | Team-HwEng | <https://gitlab.com/kicad/code/kicad> | MorseFlyer (avionics), MorseSkynet |
| Librecad | Team-MechEng/HwEng | <https://librepcb.org/> | MorseFlyer, MorseSkynet |
| LibrePCB | Team-hwEng | <https://librepcb.org/> | MorseFlyer (avionics), MorseSkynet |
| metasploit | Team-SwEng | <https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers> | All (SDLC) |
| Microsoft R (OTS) | Team-HwEng | <https://mran.microsoft.com/open> | MorseFlyer (envelope/parafoil/airframe)(avionics) |
| NasaTran95 | Team_MechEng | <https://github.com/nasa/trick> | MorseFlyer (envelope/parafoil/airframe) |
| NasaTrick | Team_MechEng | <https://github.com/nasa/trick> | MorseFlyer (envelope/parafoil/airframe) |
| NgSpice | Team-HwEng | <http://ngspice.sourceforge.net/resources.html> | MorseFlyer (avionics), MorseSkynet |
| obs (OTS) | All | <https://obsproject.com/> | N/A |
| Octave | Team-MechEng | <https://hg.savannah.gnu.org/hgweb/octave> | MorseFlyer (envelope/parafoil/airframe) |
| OneLAB | Team-MechEng | <http://onelab.info/> | MorseFlyer (envelope/parafoil/airframe) |
| open 3d model viewer | Team-MechEng | <https://acgessler.github.io/open3mod/> | MorseFlyer (envelope/parafoil/airframe) |
| OpenGribs | Team-SwEng | <https://opengribs.org/en/> | HFNOC |
| openscap (OTS) | Team-IT | <https://www.open-scap.org/tools/scap-workbench/> | All (SDLC) |
| OpenVSP | Team-MechEng | <http://openvsp.org/> | MorseFlyer (envelope/parafoil/airframe) |
| OWASP Threat Dragon | Team-SwEng | <https://owasp.org/www-project-threat-dragon/> | All (SDLC) |
| Pandoc (OTS) | All | <https://pandoc.org/> | All |
| Paraview | Team-MechEng | <https://www.paraview.org/> | MorseFlyer (envelope/parafoil/airframe) |
| PHP runtime | Team-SwEng | <http://devilbox.org/> | RackRental |
| polar (OTS) | All | <https://getpolarized.io/> | N/a |
| postman (OTS) | Team-SwEng | <https://www.postman.com/> | RackRental/HFNOC |
| qgis (OTS) | Team-SwEng | <https://qgis.org/en/site/> | HFNOC |
| qrouter | Team-HwEng | <http://opencircuitdesign.com/qrouter/> | MorseFlyer (avionics), MorseSkynet |
| rstudio (OTS) | Team-HwEng | <https://www.rstudio.com/> | MorseFlyer (envelope/parafoil/airframe) |
| SciKit-RF | Team-HwEng | <https://scikit-rf.readthedocs.io/en/latest/> | MorseFlyer (avionics), MorseSkynet |
| SciLab | Team-MechEng | <https://www.scilab.org/> | MorseFlyer (envelope/parafoil/airframe) |
| sdrsharp | Team-HwEng | <https://www.rtl-sdr.com/tag/sdrsharp/> | MorseSkynet |
| Solvespace | Team-MechEng | <https://solvespace.com/index.pl> | MorseFlyer, MorseSkynet |
| sweethome3d (OTS) | Team-MechEng | <http://www.sweethome3d.com/> | MorseCollective |
| udig (OTS) | Team-SwEng | <http://udig.refractions.net/> | HFNOC |
| VirtualSatellite | Team_MechEng | <https://github.com/virtualsatellite> | MorseFlyer (envelope/parafoil/airframe) |
| vym (OTS) | All | <http://www.insilmaril.de/vym/> | All |
| Warp3d | Team_MechEng | <http://www.warp3d.net/> | MorseFlyer (envelope/parafoil/airframe) |
| worldwind (OTS) | Team-HwEng | <https://worldwind.arc.nasa.gov/> | HFNOC |
| xilinx | Team-HwEng | <https://www.xilinx.com/> | MorseSkynet |
| Xilinx | Team-HwEng | <https://www.xilinx.com/support/download.html> | MorseSkynet |
| YoSys | Team-HwEng | <http://www.clifford.at/yosys/> | MorseSkynet |
| Evolus Pencil | Team-Design | <https://pencil.evolus.vn/> | All |
| yEd | Team-Design | <https://www.yworks.com/products/yed> | All |
| oss-fuzz | Team-IT | <https://github.com/google/oss-fuzz> | All |
| cluster fuzz | Team-IT | <https://github.com/google/clusterfuzz> | All |

98
src/CIO/Systems/Admin-Application/RuntimeLayer.md Normal file
View File

@ -0,0 +1,98 @@
# TSYS Group Web Application Runtime Layer
## Introduction
The TSYS Group needs a web application runtime layer for it's myriad of applications.
## Broad Requirements for runtime layer
* No single point of failure
* High availability/auto recovery for containers
* Distributed/replicated persistent storage for containers
## Major components of runtime environment
### storage
Replicated storage that fulfills the persistent volume claim of docker containers.
Deployed on www1,2,3 virtual machines (k3s worker nodes).
Deployed on subord virtual machine (k3s worker node for r&d).
Using longhorn
### container runtime, control plane, control panel
* Kubernetes load balancer , (metallb). Only TCP load balancing is used , as all intelligence (certs/layer 7 etc) is handled by Opnsense
* Kubernetes runtime environment (k3s from Rancher labs)
* workers
* control plane
* control panel
* Kubernetes runtime environment control panel
* Rancher
* authenticates to TSYS LDAP
Control plane is deployed on db1,2,3
Workers are deployed on www1,2,3
### Core container functionality (running as containers on the platform)
* docker registry
* IAM
* API gateway
* Jenkins
* all the above installed as containers running on the kubernetes runtime.
* all the above configured for LDAP authentication
* all the above no other configuration of the components would be in scope
### Applications to deploy/migrate on the runtime platform
### PAAS
* blue/green and other standard deployment methodologies
* able to auto deploy from ci/cd
* orchestrate all of the primitives (load balancer, port assignment etc) (docker-compose target? helm chart? is Rancher suitable?)
## General notes
## A suggested prescriptive technical stack / Work done so far
Followed some of this howto:
<https://rene.jochum.dev/rancher-k3s-with-galera/>
Enough to get k3s control plane and workers deployed:
```
root@db1:/var/log/maxscale# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
db2 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.2 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
db3 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.3 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
db1 Ready control-plane,master 30d v1.20.4+k3s1 10.251.51.1 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
www1 Ready <none> 30d v1.20.4+k3s1 10.251.50.1 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
www2 Ready <none> 30d v1.20.4+k3s1 10.251.50.2 <none> Ubuntu 20.04.2 LTS 5.4.0-70-generic containerd://1.4.3-k3s3
root@db1:/var/log/maxscale#
```
and a bit of load balancing setup going:
```
fenixpi% kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
metallb-system speaker-7nsvs 1/1 Running 10 30d 10.251.51.2 db2 <none> <none>
kube-system metrics-server-86cbb8457f-64ckz 1/1 Running 18 16d 10.42.2.23 db1 <none> <none>
kube-system local-path-provisioner-5ff76fc89d-kcg7k 1/1 Running 34 16d 10.42.2.22 db1 <none> <none>
metallb-system controller-fb659dc8-m2tlk 1/1 Running 12 30d 10.42.0.42 db3 <none> <none>
metallb-system speaker-vfh2p 1/1 Running 17 30d 10.251.51.3 db3 <none> <none>
kube-system coredns-854c77959c-59kpz 1/1 Running 13 30d 10.42.0.41 db3 <none> <none>
kube-system ingress-nginx-controller-7fc74cf778-qxdpr 1/1 Running 15 30d 10.42.0.40 db3 <none> <none>
metallb-system speaker-7bzlw 1/1 Running 3 30d 10.251.50.2 www2 <none> <none>
metallb-system speaker-hdwkm 0/1 CrashLoopBackOff 4633 30d 10.251.51.1 db1 <none> <none>
metallb-system speaker-nhzf6 0/1 CrashLoopBackOff 1458 30d 10.251.50.1 www1 <none> <none>
```
Beyond that, it's greenfield.

94
src/CIO/Systems/Admin-Application/WebServerSetupNotes.md Normal file
View File

@ -0,0 +1,94 @@
# TSYS Group - IT Documentation - Applications - Web Server Setup
- [TSYS Group - IT Documentation - Applications - Web Server Setup](#tsys-group-it-documentation-applications-web-server-setup)
- [packages to install](#packages-to-install)
- [php modifications](#php-modifications)
- [memcache](#memcache)
- [php config changes](#php-config-changes)
- [apache](#apache)
- [apache configuration mods needed](#apache-configuration-mods-needed)
- [apache modules needed](#apache-modules-needed)
- [apache tweaks performed](#apache-tweaks-performed)
- [scripts to load](#scripts-to-load)
- [TSYS root ca and UCS DC root cert](#tsys-root-ca-and-ucs-dc-root-cert)
These notes capture actions taken to build the www vm around 9/15 to 10/1 2020.
## packages to install
* php stuff and other packages needed :
```console
sudo apt install memcached php7.4 php7.4-mysqli php7.4-fpm php7.4-mbstring php7.4-xml php7.4-imap php7.4-json php7.4-zip php7.4-gd php7.4-curl php7.4-ldap php7.4-gd php7.4-gmp php-par php-apcu jq unzip python3-pip —no-install-recommends
```
## php modifications
### memcache
root@www:/etc/php/7.4/fpm/conf.d# grep -v ^\; 20-memcache.ini
extension=memcache.so
[memcache]
memcache.allow_failover="1"
memcache.max_failover_attempts="20"
memcache.default_port="11211"
memcache.hash_strategy="consistent"
session.save_handler="memcache"
session.save_path = 'tcp://10.251.51.1:11211,tcp://10.251.51.2:11211,tcp://10.251.51.3:11211'
memcache.redundancy=1
memcache.session_redundancy=4
### php config changes
Timezone
## apache
### apache configuration mods needed
-- alter site config for fpm socket to php7.4-fpm (from 7.3) (socket path)
### apache modules needed
* headers
* deflate
* rewrite
* proxy
* proxy_http
* proxy_fcgi
* cache_disk
### apache tweaks performed
* 1153 sudo a2dismod mpm_prefork
* 1154 sudo a2enmod mpm_event
* 1155 sudo apt install libapache2-mod-fcgid
* 1156 sudo a2enconf php7.2-fpm
* 1157 sudo a2enconf php7.-fpm
* 1158 sudo a2enconf php7.4-fpm
## scripts to load
```console
sandstorm-cert.sh
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d '*.sandstorm.turnsys.com' -d sandstorm.turnsys.com
```
## TSYS root ca and UCS DC root cert
Without having the domain root cert present, none of the apps will be able to validate teh domain controller certificate presented during authentication.
```console
root@www:/usr/local/share/ca-certificates# ls -l
total 12
drwxr-xr-x 2 root root 4096 Sep 28 20:43 extra
lrwxrwxrwx 1 root root 13 Sep 28 20:44 tsys-root.crt -> tsys-root.pem
-r--r--r-- 1 root root 822 Sep 28 20:43 tsys-root.pem
lrwxrwxrwx 1 root root 12 Sep 28 20:44 ucs-root.crt -> ucs-root.pem
-rw-r--r-- 1 root root 2094 Sep 28 20:43 ucs-root.pem
root@www:/usr/local/share/ca-certificates#
```

50
src/CIO/Systems/Admin-DataCenter/cooling/PFVCooling2021.md Normal file
View File

@ -0,0 +1,50 @@
# TSYS Group - HQ data center documentation - cooling
## Introduction
Cooling is a critical component of any data center. It is often the dominate consumer of energy.
We keep our data center at about 70 degrees F.
## Make / model
We have a
* HiSense Portable Air Conditioner (standalone) the manual lists several possible models, unsure which exact one we have. It was about 700.00 at Lowes with a multiple year replacement warranty.
which is rated for:
* 15,000 BTU
It draws about 7 amps when the compressor is running.
With our heat load, the compressor does cycle on/off ,so it keeps cool pretty efficiently from an energy perspective.
## Tips/tricks
* Extended exhaust house
We moved the air conditioner to the front of the racks (cold aisle) and extended the exhaust
hose todo so.
* Heat barrier
We deployed a cardboard heat barrier above the racks, to keep hot air behind the racks. We also have a vent duct (made of cardboard) to a panel we removed above the doorway.
* Insulation
* Insulate the exhaust hose!
* Air movers
* We have a tower fan in the hot row (back), pushing the heat towards the duct.
* We have two small blowers in the cold row (front) helping "kick back" the air blowing from the HiSense.
## Instrumentation
We use:
* temper usb probe
* lm-sensors
* DRAC
all consumed via SNMP by librenms to monitor/alert on temperature.This lets us find hot/cold spots across the racks and make any necessary adjustments.

80
src/CIO/Systems/Admin-DataCenter/hypervisor/HighPerformanceSetting.md Normal file
View File

@ -0,0 +1,80 @@
pfv-servers - performance
## vm 1-3 (optiplex)
### Commands to run
* cpupower frequency-set --governor performance
### links to reference
https://itectec.com/ubuntu/ubuntu-how-to-set-performance-instead-of-powersave-as-default/
https://www.cult-of-tech.net/2018/08/linux-ubuntu-cpu-power-frequency-scaling/
https://askubuntu.com/questions/1021748/set-cpu-governor-to-performance-in-18-04
https://metebalci.com/blog/a-minimum-complete-tutorial-of-cpu-power-management-c-states-and-p-states/
## vm 4/6 (xeon poweredge)
Appears to only run at the full frequency (which is what I want)
## Keep the NIC awake
notes taken on 03/20/2021 at 18:28
vm1/2/3 use intel nic
https://downloadcenter.intel.com/download/15817 is the driver (e1000e)
### vm1
root@pfv-vm1:/usr/local/bin# ethtool -i eno1
driver: e1000e
version: 3.2.6-k
firmware-version: 0.13-4
expansion-rom-version:
bus-info: 0000:00:19.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
### vm2
00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04)
root@pfv-vmsrv-02:~# ethtool -i enp0s25
driver: e1000e
version: 3.2.6-k
firmware-version: 0.13-3
expansion-rom-version:
bus-info: 0000:00:19.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
### vm3
00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04)
ethtool -i enp0s25
driver: e1000e
version: 3.2.6-k
firmware-version: 0.13-4
expansion-rom-version:
bus-info: 0000:00:19.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no

10
src/CIO/Systems/Admin-DataCenter/hypervisor/code/fixcpuperf.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
#Script to set performance.
cpufreq-set -r -g performance
cpupower frequency-set --governor performance

59
src/CIO/Systems/Admin-DataCenter/hypervisor/code/newsrv.sh Normal file
View File

@ -0,0 +1,59 @@
#!/bin/bash
#Setup a new server base
#curl -s http://dl.turnsys.net/newSrv.sh|/bin/bash
apt-get -y --purge remove nano
apt-get -y install ntp ntpdate
systemctl stop ntp
ntpdate 10.251.37.5
apt-get update
apt-get -y full-upgrade
apt-get -y install glances htop dstat snmpd screen lldpd lsb-release net-tools sudo gpg molly-guard lshw
rm -rf /usr/local/librenms-agent
curl -s http://dl.turnsys.net/librenms-agent/distro > /usr/local/bin/distro
chmod +x /usr/local/bin/distro
curl -s http://dl.turnsys.net/librenms.tar.gz > /usr/local/librenms.tar.gz
cd /usr/local ; tar xfs librenms.tar.gz
systemctl stop snmpd ; curl -s http://dl.turnsys.net/snmpd.conf > /etc/snmp/snmpd.conf
sed -i "s|-Lsd|-LS6d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
systemctl restart snmpd
/etc/init.d/rsyslog stop
cat <<EOF> /etc/rsyslog.conf
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
*.* @10.251.30.1:514
EOF
/etc/init.d/rsyslog start
logger "hi hi from $(hostname)"
bash <(curl -Ss https://my-netdata.io/kickstart.sh) --dont-wait
echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
wget -q -O- http://www.webmin.com/jcameron-key.asc | sudo apt-key add
sudo apt update
sudo apt-get -y install webmin

36
src/CIO/Systems/Admin-DataCenter/hypervisor/code/omsa.sh Normal file
View File

@ -0,0 +1,36 @@
#!/bin/bash
#install dell omsa
#curl -s http://dl.turnsys.net/omsa.sh|/bin/bash
gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-key 1285491434D8786F
gpg -a --export 1285491434D8786F | apt-key add -
echo "deb http://linux.dell.com/repo/community/openmanage/930/bionic bionic main" > /etc/apt/sources.list.d/linux.dell.com.sources.list
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-curl-client-transport1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-client4_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/libwsman-server1_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-sfcc/libcimcclient0_2.2.8-0ubuntu2_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/o/openwsman/openwsman_2.6.5-0ubuntu3_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/multiverse/c/cim-schema/cim-schema_2.48.0-0ubuntu1_all.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-sfc-common/libsfcutil0_1.0.1-0ubuntu4_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/multiverse/s/sblim-sfcb/sfcb_1.4.9-0ubuntu5_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/s/sblim-cmpi-devel/libcmpicppimpl0_2.0.3-0ubuntu2_amd64.deb
dpkg -i libwsman-curl-client-transport1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman-client4_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libwsman-server1_2.6.5-0ubuntu3_amd64.deb
dpkg -i libcimcclient0_2.2.8-0ubuntu2_amd64.deb
dpkg -i openwsman_2.6.5-0ubuntu3_amd64.deb
dpkg -i cim-schema_2.48.0-0ubuntu1_all.deb
dpkg -i libsfcutil0_1.0.1-0ubuntu4_amd64.deb
dpkg -i sfcb_1.4.9-0ubuntu5_amd64.deb
dpkg -i libcmpicppimpl0_2.0.3-0ubuntu2_amd64.deb
apt update
#apt -y install srvadmin-all
touch /opt/dell/srvadmin/lib64/openmanage/IGNORE_GENERATION
#logout,login, then run
# srvadmin-services.sh enable && srvadmin-services.sh start

12
src/CIO/Systems/Admin-DataCenter/hypervisor/code/prox.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
#Make a proxmox server
rm -f /etc/apt/sources.list.d/*
echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # optional, if you have a non-default umask
apt update && apt -y full-upgrade
apt-get -y install ifupdown2 ipmitool ethtool net-tools lshw
curl -s http://dl.turnsys.net/newSrv.sh|/bin/bash

17
src/CIO/Systems/Admin-DataCenter/networking/PFV-LAN.md Normal file
View File

@ -0,0 +1,17 @@
# PFV Local Area Network
- [PFV Local Area Network](#pfv-local-area-network)
- [Introduction](#introduction)
- [Subnets](#subnets)
- [Diagram](#diagram)
- [Security considerations](#security-considerations)
## Introduction
## Subnets
- 10.251.0.0/16 (See phpipam for all the particulars)
## Diagram
## Security considerations

62
src/CIO/Systems/Admin-DataCenter/networking/PFV-WAN.md Normal file
View File

@ -0,0 +1,62 @@
# PFV WAN
- [PFV WAN](#pfv-wan)
- [Introduction](#introduction)
- [Provider](#provider)
- [IP Allocation](#ip-allocation)
- [Diagram](#diagram)
- [Security considerations](#security-considerations)
- [Availaiblity considerations](#availaiblity-considerations)
## Introduction
The HQ data center provides both corporate network and WAN services. We utilize AT&T Uverse Busienss CLass VDSL service for IP transit.
### Provider
- AT&T Uverse
- Business DSL (fiber overbuild is projected for late 2021)
- 60 down/20 up is what I see in speed tests
## IP Allocation
- Static IP setup : <https://forums.att.com/conversations/att-internet-features/how-do-i-setup-an-att-internet-static-ip/5defee02bad5f2f606ea4054>
```text
Broadband Connection Up
Broadband Network Type Lightspeed
Broadband IPv4 Address 107.140.191.0
Gateway IPv4 Address 107.140.188.1
MAC Address 84:bb:69:e1:b1:e1
Primary DNS 68.94.156.9
Secondary DNS 68.94.157.9
Primary DNS Name
Secondary DNS Name
```
```text
Address: 104.182.29.16 01101000.10110110.00011101.00010 000
Netmask: 255.255.255.248 = 29 11111111.11111111.11111111.11111 000
Wildcard: 0.0.0.7 00000000.00000000.00000000.00000 111
=>
Network: 104.182.29.16/29 01101000.10110110.00011101.00010 000 (Class A)
Broadcast: 104.182.29.23 01101000.10110110.00011101.00010 111
HostMin: 104.182.29.17 01101000.10110110.00011101.00010 001
HostMax: 104.182.29.22 01101000.10110110.00011101.00010 110
Hosts/Net: 6
```
- 104.182.29.16 (network address)
- 104.182.29.17 rtr1
- 104.182.29.18 rtr2
- 104.182.29.19 float
- 104.182.29.20 FNFMail
- 104.182.29.21 WWW testing
- 104.182.29.22 (gateway)
- 104.182.29.23 (broadcast)
## Diagram
## Security considerations
## Availaiblity considerations

23
src/CIO/Systems/Admin-DataCenter/networking/code/fixeth.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#https://forum.proxmox.com/threads/e1000-driver-hang.58284/
#https://serverfault.com/questions/616485/e1000e-reset-adapter-unexpectedly-detected-hardware-unit-hang
#magic to detect main int
echo "Determining management interface..."
#export MAIN_INT=$(brctl show $(netstat -rn|grep 0.0.0.0|head -n1|awk '{print $NF}') | awk '{print $NF}'|tail -1|awk -F '.' '{print $1}')
export MAIN_INT=$(brctl show|grep vmbr0|awk '{print $NF}'|awk -F '.' '{print $1}')
echo "Management interface is: $MAIN_INT"
#fix the issue
echo "Fixing management interface..."
ethtool -K $MAIN_INT tso off
ethtool -K $MAIN_INT gro off
ethtool -K $MAIN_INT gso off
#https://forum.proxmox.com/threads/e1000-driver-hang.58284/
#https://serverfault.com/questions/616485/e1000e-reset-adapter-unexpectedly-detected-hardware-unit-hang

107
src/CIO/Systems/Admin-DataCenter/power/PFVPower2021Prod.md Normal file
View File

@ -0,0 +1,107 @@
# TSYS Group - HQ data center documentation - power
- [TSYS Group - HQ data center documentation - power](#tsys-group-hq-data-center-documentation-power)
- [Introduction](#introduction)
- [Circuits](#circuits)
- [Outlets](#outlets)
- [Surge Protectors](#surge-protectors)
- [Extension cords](#extension-cords)
- [UPS units](#ups-units)
- [Prod](#prod)
- [UPS5](#ups5)
- [UPS7](#ups7)
- [R&D](#r-d)
- [UPS1](#ups1)
- [UPS3](#ups3)
- [UPS4](#ups4)
- [UPS6](#ups6)
- [PDU](#pdu)
- [Unmanaged PDUs](#unmanaged-pdus)
- [Managed PDUs](#managed-pdus)
## Introduction
This article covers the electrical power setup for the HQ data center. We've grown it over time, bringing online more and more protected capacity as we got good deals on UPS/batteries etc and have added additional load.
## Circuits
The server room is fed by two 20amp circuits:
* Circuit 8a serving:
* dedicated air conditioner (see our cooling article for details on that)
* vm(1-3) servers
* network equipment
* overhead and led lighting
* Circuit (xx) serving:
* pfv-stor1/stor2 enclosures and drive arrays
* vm(4-6)
(future plan)
* Connect a new outlet to the 20 amp circuit currently serving front porch outlet (which shares a wall with the server room).
* This would provide sustained 15 amps for the RackRental.net rentable inventory.
## Outlets
We have upgraded the standard 15amp outlets that serve the server room, to 20amp outlets. This allows us to run a full 15amps sustained load (on 20amp circuits)
## Surge Protectors
We utilize GE surge protectors , rated for 15amps. They are about $50.00 apiece. These are placed upstream of the UPS units (between the wall outlet and the UPS extension cord).
## Extension cords
We do not have outlets close to the UPS stack. We utilize 15amp rated extension cords (from the surge protectors) to feed the UPS inputs.
## UPS units
### Prod
* UPS2
* Make/Model: Dell UPS Rack 1000W LV
* PDU served:
* UMPDU1
* Protected load:
* pfv-stor1/pfv-stor2 (Dell PowerEdge 2950s)
* backup USB drives and USB hub
* external scratch/backup arrays
* Protected Load Runtime: 12 minutes
### UPS5
* CyberPower UPS (details tbd)
* PDU served:
* UMPDU4
* BenchPDU
* Cameras
* Protected load:
* pfv-vm1/2/3
* pfv-time1
* pfv-labsw*
* pfv-core-ap01
* pfv-coresw-01
* pfv-labsw*
* Protected Load Runtime: 12 minutes
### UPS7
* PDUs served: n/a
* Monitoring server: n/a (un-monitored ups)
* Protected load: locking relay for server room
## R&D
### UPS1
### UPS3
### UPS4
### UPS6
# PDU
### Unmanaged PDUs
### Managed PDUs

95
src/CIO/Systems/Admin-DataCenter/security/PhysicalSecurity.md Normal file
View File

@ -0,0 +1,95 @@
# TSYS Group - HQ data center documentation - security
- [TSYS Group - HQ data center documentation - security](#tsys-group-hq-data-center-documentation-security)
- [Introduction](#introduction)
- [Badge reader](#badge-reader)
- [Hardware Components](#hardware-components)
- [Software Components](#software-components)
- [Cameras](#cameras)
- [Physical Keys/Badges](#physical-keys-badges)
- [Front Door (physical key)](#front-door-physical-key)
- [Server Room (rfid badge)](#server-room-rfid-badge)
- [Keybox in server room (physical key)](#keybox-in-server-room-physical-key)
- [Gates/Machine Room/Storage](#gates-machine-room-storage)
- [Critical Physical Assets](#critical-physical-assets)
- [server room](#server-room)
- [R&D Shop](#r-d-shop)
- [Amplify Credit Union](#amplify-credit-union)
## Introduction
This article covers the physical security setup for the HQ data center.
## Badge reader
### Hardware Components
- Raspberry Pi 3
- USB relay
- automated door action
- Belkin UPS for the relay
### Software Components
Coming soon
## Cameras
Internal facing
- <http://cam2.pfv.turnsys.net/> (door/rack front cam)
- <http://cam3.pfv.turnsys.net> (rack back cam)
- <http://cam1.pfv.turnsys.net/> (external camera)
## Physical Keys/Badges
### Front Door (physical key)
Charles Wyble
Patti Wyble
Michael Almaraz
### Server Room (rfid badge)
Charles Wyble
Patti Wyble
Michael Almaraz
### Keybox in server room (physical key)
Access to this box means you would have full physical access to all TSYS assets. Access is heavily restricted and granting of access grant requires approval of CEO/CFOO
and Board of Directors.
- Charles Wyble
- Patti Wyble
- Michael Almaraz
### Gates/Machine Room/Storage
- Charles Wyble
- Patti Wyble
- Michael Almaraz
## Critical Physical Assets
### server room
- racks
- air conditioner
- UPS systems
- Digital Information Processing Equipment (servers/drives/network)
- Sentry combination safe (on site cold storage for backup hard drives)
- PKI Safe
- Firebox for important paper records (Patti durable personal/corporate PoA, legal hold records)
- File cabinet (axios customer original contracts)
### R&D Shop
- lab area (tools/prototypes under development etc)
- tool storage and tools
- component storage and components
### Amplify Credit Union
- safety deposit box (off site cold storage for backup hard drives )
- Paper records
- safety deposit box (Patti durable PoA, legal hold records)

12
src/CIO/Systems/Admin-DataCenter/storage/PFVStorage2021.md Normal file
View File

@ -0,0 +1,12 @@
# TSYS Group Storage
## Enclosures
## Arrays
## Block Storage
## Application Object Storage
## Container Object Storage

28
src/CIO/Systems/Admin-Platform/DigitialSecurity.md Normal file
View File

@ -0,0 +1,28 @@
#IT Security
## Logging
Currently into librenms central store
rsyslog configured to forward
## Monitoring
nedata for high fidelity metrics (push)
librenms for up/down (pull)
## Secrets
### Passwords (user secrets)
bitwarden
### Server secrets
envwarden
#### certs/keys
* Public facing (lets encrypt)
We use HTTP challenge via Opnsense LE/HA Proxy . All public facing certs live in OpnSense.
## IDS/IPS
## RBAC

35
src/CIO/Systems/Admin-Platform/OAM.md Normal file
View File

@ -0,0 +1,35 @@
# Operations Administration Management Infrastructure at TSYS Group
## Introduction
(following is copied from our systems overview document)
This is the back office IT bits.
* Functions
* librenms (monitoring/alerting/long term metrics)
* netdata (central dashboard)
* upsd (central dashboard)
* rundeck (internal orchestration only)
* sshaudit
* lynis
* crash dump server
* openvas
* etc
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pfv-toolbox|121|vm3|stor2|tier2vm|
### The origin of the name toolbox
I can't take credit for coming up with naming a utility server toolbox. That credit goes to
the Big Gator. Back when we could freely roam, they let us s (when we could s, before I uncovered a massive federal felony and we had to take drastic action to avoid a consent decree...., I digress, this isn't that story (buy the book!)) to toolbox. It had many fun things.
So at every employer since, I've established at least one system called toolbox. It's fitting that my startup have the same , no?
### monitoring/alerting/metrics
### orchestration
### security auditing

261
src/CIO/Systems/Admin-Platform/TSYS-Systems.md Normal file
View File

@ -0,0 +1,261 @@
# TSYS Systems
This article covers the (high level) systems architecture that supports TSYS/Redwood Group.
Other articles will go more in depth on specific systems. This article provides a general overview.
The architecture was designed to :
* meet the highest levels of information assurance and reliability (at a single site)
* support (up to) Top Secret workloads for R&D (SBIR/OTA) (non production) contract work
(by US Citizens only) being done for the United States Department of Defense/Energy/State
by various components of TSYS Group.
## Virtual Machines: Redundant (mix of active/passive active/active)
We are (with exception of R&D product development (being a hardware/IOT product) 99.9%) virtualized :
Exceptions to virtualized infrastructure:
* raspberry pi providing stratum0 (via hat) and server room badge reader functionality (via usb badge reader and lock relay)
* intermediate CA HSM passed through to a VM on vm3
* UPS units connected to vm3 via usb/serial
Any further exceptions to virtual infra require CEO/board approval and extensive justification.
### Networking
* Functions
* TFTP server
* DHCP server
* HaProxy (443 terminates here)
* Dev/qa/prod Core routing/firewall
* (multi provider) WAN edge routing/firewall
* Static/dynamic routing
* inbound/outbound SMTP handling
* Caching/scanning (via ClamAV)Web proxy
* Suricata IDS/IPS
All the above is provided on an active/passive basis via CARP IP with sub 2ms failover.
* Machines
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|---|
|pfv-core-rtr01|120|vm1|stor2|tier2vm|
|pfv-core-rtr02|xx|vm3|stor1|s1-wwwdb|
### DNS/NTP (user/server facing)
We do not expose the core domain controllers (dc2/3) directly to users or servers. Everything flows through pihole. We allow DNS (via firewall rules) to ONLY pihole 1,2 no other DNS is allowed. pihole 1,2 is only allowed to realy to the core dc, then the dc are allowed to relay to the internet (8.8.8.8).
This blocks the vast majority of spyware/trackerware/malware/c2c etc (using the pihole blacklists). DNS filtering is the first line of defense against attackers and far less false positives when doing log review.
* Functions
* DNS (with ad filtering) (pihole)
* NTP
* Machines
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pihole1|101|vm3|stor1|s1-wwwdb|
|pihole2|103|vm1|stor2|tier2vm|
### Database layer
All the data for all the things. Everything is clustered, shared service model.
* Functions
* Mysql (galera)
* Postgresql (patroni)
* ETcd
* MQTT Brok
* Rabbitmq
* Elasticsearch
* Longhorn
* K3s control plane
* Machines
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|db1|125|vm4|stor1|s1-wwwdb|
|db2|126|vm5|stor2|tier2vm|
|db3|127|vm1|stor2|tier2vm|
### Web/bizops/IT control plane application layer
All the websites for TSYS/Redwood Group live on this infra. It's served up via HAProxy (active/passive on r1/42) in an active/active setup (each node running 50% of workload, capable of 100% for handling node maintenace)
* Functions
* All brand properties
* Data repository (discourse)
* IT Control plane (job clustering/monitoring/alerting/siem etc)
* Business operations (marketing/sales/finance/etc)
* Apache server (for non dockerized applications)
* k3s worker nodes (we are moving all workloads to docker containers with longhorn PVC)
* Machines
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|www1|123|vm5|stor2|tier2vm|
|www2|124|vm4|stor1|s1-wwwdb|
### Line of business Application layer
* Functions
* Guacamole (serving up rackrental customer workloads, also developer workstations)
* Webmail (for a number of our domains, we don't use Office 365)
* Machines
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|tsys-dc-02|129|vm5|stor2|tier2vm|
|tsys-dc-03|130|vm4|stor1|s1-wwwdb|
## Network Security Monitoring
We will be using security onion in some fashion. Looking into that with OpenVAS/Lynis/Graylog as a SIEM/scanner. More to follow soon. It will be a distributed, highly available setup.
## Virtual Machines: Non Redundant
### VPN
You'll notice VPN missing from the redundant networking list. A few comments on that:
* We employ a zero trust access model for vast majority of systems
* We heavily utilize web interfaces/APIs for just about all systems/functionality and secure acces via 2fa/Univention Corporate Server ("AD") and a zero trust model.
* We do have our R&D systems behind the VPN for direct SSH access (as opposed to through various abstraction layers)
* We utilize WIreguard (via the ansible setup provided by algo trailofbits). We don't have a redundant Wireguard setup, just a single small Ubuntu VM. It's worked incredibly well and the occasional 90 seconds or so of downtime for kernel patching is acceaptable.
* Due to ITAR and other regulations, we utilize a VPN for access control. We may in the future, upon appropriate review and approval, setup haproxy with SSH SNI certifcates to route connections to R&D systems directly.
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pfv-vpn|106|vm3|stor2|tier2vm|
### Physical Surveilance
We can take 90 seconds of downtime for occasional kernel patching and not be processing the surveilance feeds for a bit. Everyone knows that criminals just loop the footage anyway....
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pfv-nvr|104|vm5|stor2|tier2vm|
### Building automation
We can take 90 seconds of downtime for occasional kernel patching and wait to turn on a light or whatever.
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|HomeAssistant|116|vm3|stor2|tier2vm|
### Sipwise
We can take 90 seconds of downtime for occasional kernel patching, and have the phones "stop ringing" for that long.
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|sipwise|105|vm4|stor1|s1-wwwdb|
### Online CA (Intermeidate to offline root)
We can take 90 seconds of downtime for occasional kernel patching.
We serve the CRL and other "always on" SSL related bits via cloudflare ssl toolkit in docker using
the web/app layer over HTTP(S) and it's fully redundant.
This VM is only used occasionally to issue long lived certs or perform needed maintenance.
It could be down for weeks/months without issue.
It's using XCA for administration and talking to the db cluster. It is locked to vm3, because
we pass through a Nitrokey HSM, works wonderully.
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pfv-ca|131|vm3|stor1|s1-wwwdb|
### Operations/administration/management (OAM)
This is the back office IT bits.
* Functions
* librenms (monitoring/alerting/long term metrics)
* netdata (central dashboard)
* upsd (central dashboard)
* rundeck (internal orchestration only)
* sshaudit
* lynis
* crash dump server
* openvas
* etc
|VM Name | VM ID | Vm Host | Storage Enclosure| Storage Array |
|---|---|---|---|--|
|pfv-toolbox|121|vm3|stor2|tier2vm|
## Storage Infrastructure
* We keep it very simple and utilize TrueNAS Core on Dell PowerEdge 2950 with 32gb ram.
* We run zero plugins.
* We have a variety of pools setup and served out over NFS to the 10.251.30.0/24 network
* No samba, just NFS
* Utilize built in snapshots/replication for retention/backup
## Virtualization Infrastructure
* We keep it very simple and utilize Proxmox on a mix of :
* Dell Optiplex (i3/i7) (all with 32gb ram)
* Dell PowerEdge (dual socket, quad core xeon) (all with 32gb ram)
* Dell Precision system (i7) (16gb ram) (with nvida quadaro card passed through to kvm guest (either windows 10 or Ubuntu Server 20.04 depending on what we need todo)
* We run the nodes with single power supply and single OS drive.
Vm node failure is expected (we keep the likelihood low with use of thumb drives with syslog set to
only log to the virtualized logging infra), and we handle the downtime via the redundancy we
outlined above (by using virtual machines spread across hypervisors / arrays / enclosures ) and redundancy happens
at the application level).
Restoring a vritual server node would take maybe 30 minutes
(plug a new thumb drive, re-install, join cluster).
In the meantime the vm has auto migrated to another node using proxmox HA functionality (if it's an SPOF VM).
## Overall system move to production status
| Hostname | OSSEC | Rundeck | Netdata | librenms mon | librenms log | DNS | (x)DP | NTP | Slack | Lyris | SCAP | Auditd | OpenVAS | oxidized |
| -------------- | ----- | ------- | ------- | ------------ | ------------ | --- | ----- | --- | ----- | ----- | ---- | ------ | ------- | -------- |
| Pfv-vmsrv-01 | Y | Y | Y | Y | Y | Y | Y | Y | | | | | | N/A |
| Pfv-vmsrv-02 | Y | Y | Y | Y | Y | Y | Y | Y | | | | | | N/A |
| Pfv-vmsrv-03 | Y | Y | Y | Y | Y | Y | Y | Y | | | | | | N/A |
| Pfv-vmsrv-04 | Y | Y | Y | Y | Y | Y | Y | Y | | | | | | N/A |
| Pfv-vmsrv-06 | Y | Y | Y | Y | Y | Y | Y | Y | | | | | | N/A |
| Pfv-time1 | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| Pfv-stor1 | N/A | N/A | N/A | Y | | Y | Y | x | | | N/A | N/A | | N/A |
| Pfv-stor2 | N/A | N/A | N/A | Y | | Y | Y | x | | | N/A | N/A | | N/A |
| Pfv-consrv01 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | N/A | N/A | | N/A |
| Pfv-core-sw01 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | N/A | N/A | | |
| Pfv-core-ap01 | N/A | N/A | N/A | Y | N/A | Y | Y | x | | | N/A | N/A | | |
| Pfv-lab-sw01 | N/A | N/A | N/A | Y | | Y | Y | x | | | | | | |
| Pfv-lab-sw02 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | | | | |
| Pfv-lab-sw03 | N/A | N/A | N/A | Y | | Y | Y | x | | | | | | |
| Pfv-lab-sw04 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | | | | |
| 3dpsrv | Y | Y | Y | Y | Y | Y | N/A | Y | | | | | | N/A |
| Pfv-core-rtr01 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | N/A | N/A | | |
| Pfv-core-rtr02 | N/A | N/A | N/A | Y | Y | Y | Y | x | | | N/A | N/A | | |
| tsys-dc-01 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| tsys-dc-02 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| tsys-dc-03 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| Tsys-dc-04 | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| pihole1 | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| pihole2 | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| pfv-toolbox | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| ca | Y | Y | Y | Y | Y | Y | Y | | | | | | | N/A |
| www1 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| www2 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| www3 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| db1 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| db2 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |
| db3 | Y | Y | Y | Y | Y | Y | Y | | | | | | | |

451
src/CIO/Systems/Admin-RandD/EngWorkstationBuildGuide.md Normal file
View File

@ -0,0 +1,451 @@
# TSYS Group - IT Documentation - R&D - Workstation Build Guide
- [TSYS Group - IT Documentation - R&D - Workstation Build Guide](#tsys-group---it-documentation---rd---workstation-build-guide)
- [Introduction](#introduction)
- [Workstation details - RPI4 8Gb](#workstation-details---rpi4-8gb)
- [Out of box tweaks and basic setup](#out-of-box-tweaks-and-basic-setup)
- [Virtual Workspace Details](#virtual-workspace-details)
- [Non mainline software](#non-mainline-software)
- [Nodejs](#nodejs)
- [Rust](#rust)
- [go](#go)
- [mdbook](#mdbook)
- [Recoll (local search)](#recoll-local-search)
- [Bitwarden CLI](#bitwarden-cli)
- [Krita](#krita)
- [Docker](#docker)
- [RedNotebook (install from source, it just runs in place)](#rednotebook-install-from-source-it-just-runs-in-place)
- [OpenWebRx](#openwebrx)
- [csv2md](#csv2md)
- [helm](#helm)
- [kubectl / k3s](#kubectl--k3s)
- [docker](#docker-1)
- [docker-compose](#docker-compose)
- [metasploit](#metasploit)
- [scap workbench](#scap-workbench)
- [Bitscope](#bitscope)
- [docker based dev environment/pipeline](#docker-based-dev-environmentpipeline)
- [Misc items to setup/breakout into own section](#misc-items-to-setupbreakout-into-own-section)
- [Mainline Packages to install](#mainline-packages-to-install)
- [All the packages](#all-the-packages)
- [General packages for the modern knowledge worker who is tech/security savvy](#general-packages-for-the-modern-knowledge-worker-who-is-techsecurity-savvy)
- [R&d/creative workstation packages](#rdcreative-workstation-packages)
- [Full text search packages](#full-text-search-packages)
- [Document production packages](#document-production-packages)
- [chrome setup](#chrome-setup)
- [passwords/bitwarden](#passwordsbitwarden)
- [web apps](#web-apps)
- [zsh](#zsh)
- [konsole setup](#konsole-setup)
- [xfce tweaks](#xfce-tweaks)
- [bluetooth issues](#bluetooth-issues)
- [More advanced customization and configuration required](#more-advanced-customization-and-configuration-required)
- [VsCode](#vscode)
- [CTO Stuff](#cto-stuff)
- [Workstation details - x86-64 vm](#workstation-details---x86-64-vm)
- [Workstation details - iPAD](#workstation-details---ipad)
## Introduction
In 01/2021 , Charles purchased a Raspberry Pi 4 as his daily driver with the intent of evaluating it for use as the standard issue equipment for TSYS personnel. This document is the results of his experiments with it from 01/2021 to (as of time of writing) June 2021. The RPi4 has been approved as the standard/supported workstation for TSYS across all teams/products.
Charles is the founder, CEO and acting CTO/CIO of TSYS Group. In his role, he does everything from business ops, to system administration to software/hardware engineering tasks. As such he was best positioned to evaluate the rPI for all workloads.
The software mentioned in this document is a long list, reflecting the myriad of tasks/projects Charles may engage with on a daily basis. Most likely, you'll only need a subset of these tools, don't despair! Feel free to install all of them or a subset as you wish.
We hope this document is useful to everyone at TSYS who wants to maximize their productivity. TSYS fully supports Debian/Ubuntu GNU Linux for workstation use, both on rPI4 and x86 virtual/physical systems. We do occasionally test Mac OSX and Windows 10, but they aren't officially supported. Ou experiments and daily use show that 85% or more of TSYS daily driver/workstation use (email/coding/research/browsing/document creation/discord/media editing/etc) can be done on an rPI4. The gaps (if any) can be done via an RDP session to an x86 vm for the few things that have x86 dependencies or need 64bit os (64bit on pi isn't yet fully ready in our opinion as of June 2021).
## Workstation details - RPI4 8Gb
- Operating System: RaspberryPi Os
- Hardware:
- Raspberry Pi 4 with 8gb RAM
- Accessories :
- Case : Argone One case <https://www.argon40.com/argon-one-m-2-case-for-raspberry-pi-4.html>
- Monitors: Dual Dell 24" monitors (IPS) <https://www.dell.com/support/home/en-us/product-support/product/dell-st2421l/overview>0
- Chair: Ikea MARKUS Office Chair: <https://www.ikea.com/us/en/p/markus-office-chair-vissle-dark-gray-90289172/>
- Keyboard: Matias Backlight Keyboard <https://www.matias.ca/aluminum/backlit/>
- Mouse: Apple Magic Mouse 2 Black
- Tablet: iPad Mini 5th Gen (see iPAD section for more)
- Headphones: JBL Over Ear (<https://www.jbl.com.au/TUNE750BTNC.html>)
- Tp-link 7 port USB 3.0 Powered Hub (for plugging in thumb drives, data acquisition devices / other random usb bits) <https://www.tp-link.com/us/home-networking/usb-hub/uh700/>
- IOGear card reader <https://www.iogear.com/product/GFR281/>
- Security Dongle: Yubikey 4 OTP+U2F+CCID
| Program | Used By | Link | Product Scope |
| -------------------- | ------------------ | ------------------------------------------------------------------------ | ------------------------------------------------- |
### Out of box tweaks and basic setup
1) Put Rasberry Pi 4 into Argone One Case (running it without case will cause it to overheat quickly)
2) Flash latest stable Raspbian 32bit to SD card and boot pi
3) connect usb keyboard and mouse
4) Run through first boot setup wizard
5) Setup pin+yubi long string for password for the pi user
6) Connect to wifi
5) Pair and trust Matias Backlight Keyboard
6) Pair and trust Apple Magic Mouse
7) fix date/time via ntpdate (ntpdate 10.251.37.5)
8) apt-get update ; apt-get -y full-upgrade
9) add vi mode to /etc/profile (heathens by default!)
10) clone dotfiles repo
11) enable i2c access via raspi-config
12) setup fan daemon <https://gitlab.com/DarkElvenAngel/argononed.git>
15) (coming soon) run curl htp://dl.turnsys.net/buildFullWorkstation.sh
### Virtual Workspace Details
- Desktop 1: Browsing/Editing/Shell (chrome / VsCode / Konsole / Remmina )
- Desktop 2: Comms (discourse/discord/irc etc/thunderbird/mutt)
- Desktop 3: Long Running: (calibre/recol/etc)
### Non mainline software
Repositories to add and things that aren't deployed with apt-get.
#### Nodejs
```console
curl -sL https://deb.nodesource.com/setup_15.x | sudo -E bash -
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sud apt-get -y install nodejs
sudo apt-get update && sudo apt-get install yarn
```
#### Rust
```console
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
```
#### go
<https://pimylifeup.com/raspberry-pi-golang/>
#### mdbook
```console
cargo install mdbook
```
#### Recoll (local search)
```console
cat recoll-rbuster.list
deb [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main
deb-src [signed-by=/usr/share/keyrings/lesbonscomptes.gpg] http://www.lesbonscomptes.com/recoll/raspbian/ buster main
```
#### Bitwarden CLI
```console
sudo npm install -g @bitwarden/cli
```
#### Krita
```console
sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
sudo flatpak -y install flathub org.kde.krita
```
#### Docker
```console
curl -sSL https://get.docker.com | sh
```
#### RedNotebook (install from source, it just runs in place)
<https://rednotebook.sourceforge.io/downloads.html>
<https://www.linuxlinks.com/raspberry-pi-4-chronicling-desktop-experience-dear-diary/>
#### OpenWebRx
wget -O - <https://repo.openwebrx.de/debian/key.gpg.txt> | apt-key add
echo "deb <https://repo.openwebrx.de/debian/> buster main" > /etc/apt/sources.list.d/openwebrx.list
apt-get update
apt-get install openwebrx
#### csv2md
```console
npm install -g csv2md
```
#### helm
```console
sudo snap install helm --classic
```
#### kubectl / k3s
```console
curl -sfL https://get.k3s.io | sh -
```
#### docker
```console
curl -sSL https://get.docker.com | sh
```
#### docker-compose
#### metasploit
```console
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
sudo gem install wirble sqlite3 bundler nokogiri bundle
bundle install
```
#### scap workbench
Follow the readme
#### Bitscope
```console
wget http://bitscope.com/download/files/bitscope-dso_2.8.FE22H_armhf.deb
wget http://bitscope.com/download/files/bitscope-logic_1.2.FC20C_armhf.deb
wget http://bitscope.com/download/files/bitscope-meter_2.0.FK22G_armhf.deb
wget http://bitscope.com/download/files/bitscope-chart_2.0.FK22M_armhf.deb
wget http://bitscope.com/download/files/bitscope-proto_0.9.FG13B_armhf.deb
wget http://bitscope.com/download/files/bitscope-console_1.0.FK29A_armhf.deb
wget http://bitscope.com/download/files/bitscope-display_1.0.EC17A_armhf.deb
wget http://bitscope.com/download/files/bitscope-server_1.0.FK26A_armhf.deb
sudo dpkg -i *.deb
sudo apt-get -y -f install
```
#### docker based dev environment/pipeline
Todo
- local k3s (for gitops testing)
- (container) local docker reg
- (container) local jenkins
#### Misc items to setup/breakout into own section
Todo
- Make magic mouse 2 scrolling work on pi
- activitywatch
- switch mail from (just) thunderbird to thunderbird/(neo)mutt/notmuch/task warrior
- TurboVNC (3d accelerated) on rpi as client
- kleopatra
- yubikey ssh key
- yubikey gpg key
- xca (build from source)
- Select an Investigative notebook
- <https://github.com/kpcyrd/sn0int>
- <https://www.spiderfoot.net/>
- <https://github.com/smicallef/spiderfoot?ref=d>
- modelio <https://www.modelio.org/>
- <https://gephi.org/>
- Research source material organization
- zotero
- docear <https://opensource.com/life/16/8/organize-your-scholarly-research-docear>
- Get photo processing workflow setup
- currently exploring kphotoablbum
- Browser based Sharing / browsing via Photoprism (or perhaps piwgio ultimately, with photoprism as part of a processing work flow)?
- need something to sync to "cloud" with auto capture from phone
- reference material:
- <https://photoprism.app/>
- <https://kn100.me/declouding-replacing-google-photos-part-1/>
- <https://willem.com/blog/2020-08-31_free-from-the-icloud-escaping-apple-photos/>
### Mainline Packages to install
First run apt-get update to ensure you are using packages from the above repositories and not the stock packages. Do any needed gpg key imports.
#### All the packages
```console
apt-get -y install \
kicad librecad freecad gimp blender shellcheck \
ruby-full offlineimap zsh vim thunderbird enigmail \
kleopatra zsh-autosuggestions zsh-syntax-highlighting screen \
mtr rpi-imager cifs-utils grass cubicsdr arduino jupyter-notebook \
dia basket vym code wings3d flatpak wireguard gnuplot \
pandoc python3-blockdiag texlive-fonts-extra \
spice-client-gtk spice-html5 virt-viewer gnome-system-monitor \
glances htop dstat apt-file kleopatra konsole telnet \
ripgrep recoll poppler-utils abiword wv antiword unrtf \
libimage-exiftool-perl xsltproc davmail kphotoalbum opensc \
yubikey-manager yubikey-personalization yubikey-personalization-gui \
openshot kdenlive pitivi inkscape scribus scdaemon seafile-gui qgis \
octave nodejs gpx2shp libreoffice calligra netbeans sigrok \
nodejs audacity wireshark nmap tcpdump zenmap etherape ghostscript \
geda ngspice graphicsmagick codeblocks scilab calibre paraview \
gnuradio build-essential libimobiledevice-utils libimobiledevice-dev \
libgpod-dev python3-numpy python3-pandas python3-matplotlib \
curl git make binutils bison gcc build-essential openjdk-11-jre-headless \
debootstrap cutecom minicom ser2net conman xsane gocr tesseract-ocr \
fonts-powerline build-essential zlib1g zlib1g-dev libxml2 libxml2-dev \
libxslt-dev locate libreadline6-dev libcurl4-openssl-dev git-core libssl-dev \
libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget postgresql \
postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev ruby-dev \
openvas git-core postgresql curl nmap gem libsqlite3-dev cmake ninja-build libopenscap-dev \
qt5-default libqt5widgets5 libqt5widgets5 libqwt-headers libqt5xmlpatterns5-dev asciidoc \
lmms virt-manager gqrx-sdr multimon-ng rtl-sdr fldigi grads cdo zygrib zygrib-maps \
openwebrx xscreensaver
```
#### General packages for the modern knowledge worker who is tech/security savvy
```console
apt-get -y install \
ruby-full offlineimap zsh vim thunderbird kleopatra zsh-autosuggestions \
zsh-syntax-highlighting screen mtr rpi-imager cifs-utils dia basket \
vym davmail kphotoalbum libreoffice calligra\
enigmail opensc scdaemon nodejs calibre wireguardi \
libimobiledevice-utils libimobiledevice-dev libgpod-dev \
yubikey-manager yubikey-personalization yubikey-personalization-gui
```
#### R&d/creative workstation packages
```console
apt-get -y install \
kicad librecad freecad qgis audacity gpsbabel arduino \
sigrok netbeans scilab blender gimp grass \
openshot kdenlive pitivi inkscape scribus build-essential \
geda ngspice gnuradio cubicsdr flatpak\
shellcheck code codeblocks scilab paraview wings3d \
python3-numpy python3-pandas python3-matplotlib \
jupyter-notebook
```
#### Full text search packages
```console
apt-get -y install \
ripgrep recoll poppler-utils abiword wv antiword \
unrtf libimage-exiftool-perl xsltproc
```
#### Document production packages
```console
apt-get -y install \
pandoc python3-blockdiag texlive-fonts-extra
```
### chrome setup
1) launch chrome
2) change language to english
3) enable dark mode (<https://www.pocket-lint.com/apps/news/google/149866-how-to-enable-dark-mode-for-google-chrome>)
4) login to pwvault.turnsys.com and obtain google account creds
5) login to google account and enable sync
6) (optional at this time) setup any extension configuration needed that results from logging in to google account/turning on sync
7) ensure the following extensions are installed:
1) vimium
2) bitwarden
3) pushover
### passwords/bitwarden
1) disable chrome password saving/autofill (actually this is done via settings sync by google login) (so only need to set it if not already set in your settings)
2) set bitwarden extension to use pwvault.turnsys.com
3) login to bitwarden via extension
4) set vault to not lock ever (balance security/convenience (with locked workstation and using pin+yubi to unlock workstation)
5) set match selection to host
6) set auto fill on page load
### web apps
1) login to discord.com
2) login to office.com
### zsh
- Use oh-my-zsh
- Use powerlevel10k
### konsole setup
- settings -> edit current profile ->
- apperance (set to dark pastels)
- font (set to noto mono)
- mouse
- copy/paste
- copy on select
- paste from clipboard (default is paste from selection)
- un-set copy text as html
- settings - configure shortcuts
- next tab ctrl+tab
- previous ctrl+shift+tab
### xfce tweaks
- Set focus follows mouse (settings/window manager/focus)
- (dark mode)? (only works for gtk apps)
- need to set other apps individually to dark mode
### bluetooth issues
run rpi-update or the keyboard will repeat (key stick) frequently
### More advanced customization and configuration required
#### VsCode
fenix appears to include it in the default image, but it doesn't launch from the menu and shell says code not found. Search for code and it will pull up an entry with VsCode logo labeled as Text Editor. Use that.
to see how I set it up VsCode for a myriad of tasks, see the VsCode guide for tsys at:
<https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/src/Systems/Admin-RandD/TSYS-DevEnv-VsCode.md>
### CTO Stuff
- openwrt
- openmct
- raspi
- arduino
- freedombox
- serval
- genode
- jupyter
## Workstation details - x86-64 vm
- Operating System: Ubuntu Server 20.04 with xfce/xrdp
- Hardware: KVM 4gb ram
- Applications (limited, things that don't (easily) run on the rpi):
- mbed studio
- eclipse
- android studio
- dbeaver
- postman
- sweethome3d
## Workstation details - iPAD
- Operating System: iPAD OS
- Hardware: iPAD Mini 5th Generation
- Accessories:
- Lightining to USB3
- Lightining to HDMI
- I use same KB/Mouse that I do with the rPI
- Key Applications
- Working Copy
- Buffer Text Editor
- Blink.sh
- Jump remote Desktop
- GitJournal
- Microsoft Todo
- Neat
- Discourse
- FreeScout
- ErpNext

302
src/CIO/Systems/Admin-RandD/VsCodeConfigGuide.md Normal file
View File

@ -0,0 +1,302 @@
# TSYS Group - Engineering Documentation - Visual Studio Code Environment Setup Guide
- [TSYS Group - Engineering Documentation - Visual Studio Code Environment Setup Guide](#tsys-group---engineering-documentation---visual-studio-code-environment-setup-guide)
- [Introduction](#introduction)
- [Environmental considerations/assumptions](#environmental-considerationsassumptions)
- [External Software Programs/Services Used](#external-software-programsservices-used)
- [Short version](#short-version)
- [Requirements and dependencies](#requirements-and-dependencies)
- [Languages Used](#languages-used)
- [Deployment Targets](#deployment-targets)
- [General setup](#general-setup)
- [Plugins - Team-*](#plugins---team-)
- [General Tooling](#general-tooling)
- [Docker / k8s](#docker--k8s)
- [Git](#git)
- [(Cross) Compile / (Remote) Debug / (Remote) development](#cross-compile--remote-debug--remote-development)
- [Markdown (and documentation in )](#markdown-and-documentation-in-)
- [Data](#data)
- [Bash](#bash)
- [Plugins - Team-SWEng](#plugins---team-sweng)
- [API (rest) development](#api-rest-development)
- [Web App development](#web-app-development)
- [YAML](#yaml)
- [Rust](#rust)
- [C/C++](#cc)
- [Arduino/Seeduino](#arduinoseeduino)
- [CUDA](#cuda)
- [Java](#java)
- [PHP](#php)
- [Python](#python)
- [Plugins - Team-MechEng](#plugins---team-mecheng)
- [Octave](#octave)
- [R](#r)
- [Jupyter](#jupyter)
- [STL](#stl)
- [G-code](#g-code)
- [Gerber](#gerber)
## Introduction
This is the TSYS Visual Studio Code setup guide. It covers how to setup VsCode for all aspects of TSSY Group.
We have a very complex total stack, but don't despair, you will only need a small subset of this.
Which subset of course depends on what part of the TSYS mission you are supporting!
### Environmental considerations/assumptions
- Charles setup is the most comprehensive, as he is the co-founder and (as of Q3 2021) (acting) CTO and needs to develop for all pieces of the stack/products.
- Do not just blindly follow this guide! Pick the pieces you need for your work. If you have any questions, ask in Discord or post to Discourse.
- Working against a remote server/container/k8s cluster over SSH via VsCode Remote
- VsCode Remote Dev is heavily utilized (almost if not exclusively)
- Source code resides in home directory on the server farm, but is edited "locally" on your workstation with VsCode (Remote)
- Using TSYS self hosted Gitea git instance
- Using TSYS self hosted Jenkins CI
- docker/kubectl commands are present and configured to run against the cluster (and you are connected to the VPN)
- Developing in Windows 10/Mac OSX/Linux with a GUI environment running native VsCode (CNW daily driver is a raspberry pi 4 with 8gb ram to help ensure lowest common denominator support/good performance)
- Using Chrome web browser (firefox/safari may work, but are not supported at all)
- Developing primarily at the "git push, magic happens" abstraction layer
- Need to occasionally inspect/debug the magic at various stages of the pipeline
- Need to frequently debug running code on a variety of targets (pi/arduino etc)
- All text documentation is written in Markdown and is posted to Git/Discourse as Markdown
- (tbd soon, actively experimenting)
- All diagrams are created via text language
- All diagrams are produced using
- (blockdiag?
- uml?
- markdown extensions?
- all (or some mix) of the above?
- what extension(s)to use?)
### External Software Programs/Services Used
You'll need to setup some external tools and services to support the TSYS mission (in addition to VsCode).
Setup of external tools/services is outside the scope of this document. For guidance on tool/service selection and setup, please see the following links:
- <https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/src/Systems/Admin-Application/AppsAndServices.md>
- <https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/src/Systems/Admin-RandD/EngineeringWorkstatioNBuildBuide.md>
Once you've setup your needed external tools and services , return to this document and continue with setup of VsCode as needed to work with the tooling you installed.
### Short version
very soon (june 2021) you'll have two options for EZ stack deployment for your product development environment :
1) docker pull TSYSVSC and use with <https://code.visualstudio.com/docs/remote/containers>
2) Login to <https://desktop.turnsys.com> and get a full engineering stack for whatever product you are working on.
Read on to understand the pieces and particulars in case you want to build your own setup.
## Requirements and dependencies
Here is the tool and language requirements of all the TSYS engineering projects/programs/products.
### Languages Used
| Language | Used By | Product Scope |
|----------------------------------|--------------|------------------------------------|
| bash | TSYS wide | All |
| c/c++ | Team-SwEng | MorseFlyer |
| CUDA | Team MechEng | MorseFlyer (envelope/airframe) |
| dockerfile/docker compose | TSYS wide | All |
| geo spatial data | Team SwEng | MorseFlyer (avionics) |
| Gerber | Team HwEng | MorseSkynet, MorseFlyer (avionics) |
| Go | Team-SwEng | HFNOC/HFNFC/RackRental |
| helm charts | TSYS wide | All |
| Java | Team SwEng | MorseTrackerHUD,MorseTracker |
| javascript | Team SwEng | MorseTrackerHUD |
| Markdown | TSYS wide | All |
| octave | Team MechEng | MorseFlyer (envelope/airframe) |
| OpenFAAS | Team-SwEng | RackRental.net |
| PHP | TEam-SwEng | RackRental.net , HFNOC/HFNFC |
| python (Jupyter and stand alone) | Team MechEng | MorseFlyer (envelope/airframe) |
| R | Team MechEng | MorseFlyer (envelope/airframe) |
| Ruby | Team-SwEng | All (as part of SDLC testing) |
| Rust | Team-SwEng | HFNOC/HFNFC/RackRental |
| tcl/tk | Team HwEng | MorseSkynet |
| Xilinx | Team HwEng | MorseSkynet |
| YAML | TSYS wide | All |
### Deployment Targets
| Target | Used By | Product Scope |
|-----------------------------------------------------|-------------|------------------------------------|
| Arduino (cross compiled) | Team-SwEng | MorseFlyer (Avionics) |
| FreeRTOS (cross compiled) | Team-SwEng | MorseFlyer (Avionics) |
| Jenkins build pipelines | All teams | All |
| OpenMCT farm (java/micro services) | Team-SwEng | MorseTracker/MorseTrackerHUD |
| Raspberry Pi (cross compiled) | Team-SwEng | MorseFlyer (Avionics) |
| Subo pi farm (multi arch) Docker / k3s (and balena) | Team-SwEng | MorseFlyer (Avionics), MorseSkynet |
| TSYS K3S sandbox/dev/prod clusters | All teams | All |
| TSYS Web Farm (lots of PHP (wordpress etc)) | Team-WebEng | RackRental.net, HFNOC, HFNFC |
## General setup
These are steps you need to take before starting development in earnest.
Linux (or at least a mostly linux (WSL/mobaxterm)) environment is presumed for all the below.
You may well find GUI replacements and use them, especially on Windows/MACOSX. They are not supported in any way.
- Setup gitea
- Login once to <https://git.turnsys.com> so you can be added to the appropriate repos/teams/orgs.
- Customize any profile etc settings that you wish.
- Obtain API key to use with gitea-issues plugin
- Setup SSH
- Setup SSH key
- Add SSH public key to gitea
- Setup git
- For all git users:
- $ git config --global user.name "John Doe"
- $ git config --global user.email johndoe@example.com
- Setup git lg : git config --global alias.lg "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"
- for zsh users (and you really should use zsh/oh-my-zsh :)
- git config --add oh-my-zsh.hide-status 1
- git config --add oh-my-zsh.hide-dirty 1
## Plugins - Team-*
The plugins documented here are known to work, and are in active/frequent use by Charles as CTO as he hacks on the stack.
Other options exist for almost all the below. If you find something that works better for you, use it!
Consider the below as a suggested/supported baseline.
### General Tooling
- Code Spell Checker <https://marketplace.visualstudio.com/items?itemName=streetsidesoftware.code-spell-checker>
- Vim <https://marketplace.visualstudio.com/items?itemName=vscodevim.vim>
### Docker / k8s
- Docker:
- <https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker>
- <https://code.visualstudio.com/docs/containers/overview>
- Bridge to K8s <https://marketplace.visualstudio.com/items?itemName=mindaro.mindaro> <https://code.visualstudio.com/docs/containers/bridge-to-kubernetes>
### Git
- Git Extension Pack <https://marketplace.visualstudio.com/items?itemName=donjayamanne.git-extension-pack>
- Git Tree Compare <https://marketplace.visualstudio.com/items?itemName=letmaik.git-tree-compare>
- Git Tags <https://marketplace.visualstudio.com/items?itemName=howardzuo.vscode-git-tags>
- Gitea-VsCode <https://marketplace.visualstudio.com/items?itemName=ijustdev.gitea-vscode>
### (Cross) Compile / (Remote) Debug / (Remote) development
This section is a work in progress. Below is the current guides/plugins that are being tested. Roughly in decreasing order of confirmed stability/active usage.
YMMV, DD , Buyer Beware etc etc etc.
- <https://code.visualstudio.com/docs/remote/remote-overview>
- <https://code.visualstudio.com/docs/remote/ssh>
- <https://dimamoroz.com/2021/03/09/intel-nuc-for-development/>
- <https://github.com/Ed-Yang/rpidebug>
- <https://enes-ozturk.medium.com/remote-debugging-with-gdb-b4b0ca45b8c1>
- <https://enes-ozturk.medium.com/cross-compiling-with-cmake-and-vscode-9ca4976fdd1>
- <https://gist.github.com/aakashpk/e90d4651b074248b4823f6d2dc3373a0>
- <https://marketplace.visualstudio.com/items?itemName=webfreak.debug>
- <https://code.visualstudio.com/docs/cpp/config-linux>
### Markdown (and documentation in )
- Markdown All in One <https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-oneoo>
- Markdown Preview Enhanced <https://marketplace.visualstudio.com/items?itemName=shd101wyy.markdown-preview-enhanced>
- markdownlint <https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint>
- Excel to markdown table <https://marketplace.visualstudio.com/items?itemName=csholmq.excel-to-markdown-table>
- MdTableEditor < <https://marketplace.visualstudio.com/items?itemName=clover.md-table-editor>>
- Markdown Table Formatter https://marketplace.visualstudio.com/items?itemName=fcrespo82.markdown-table-formatter
- Gitdoc <https://marketplace.visualstudio.com/items?itemName=vsls-contrib.gitdoc>
- Draw.io integration <https://marketplace.visualstudio.com/items?itemName=hediet.vscode-drawio>
- PlantUML
- <https://marketplace.visualstudio.com/items?itemName=jebbs.plantuml>
- <https://www.freecodecamp.org/news/inserting-uml-in-markdown-using-vscode/>
- Latex Workshop <https://marketplace.visualstudio.com/items?itemName=James-Yu.latex-workshop>
### Data
- <https://marketplace.visualstudio.com/items?itemName=mtxr.sqltools>
- <https://marketplace.visualstudio.com/items?itemName=RandomFractalsInc.vscode-data-preview>
- <https://marketplace.visualstudio.com/items?itemName=RandomFractalsInc.geo-data-viewer>
- <https://marketplace.visualstudio.com/items?itemName=mechatroner.rainbow-csv>
### Bash
- <https://marketplace.visualstudio.com/items?itemName=mads-hartmann.bash-ide-vscode>
## Plugins - Team-SWEng
### API (rest) development
- <https://marketplace.visualstudio.com/items?itemName=humao.rest-client>
### Web App development
- <https://marketplace.visualstudio.com/items?itemName=iceworks-team.iceworks>
### YAML
- <https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml>
### Rust
- <https://marketplace.visualstudio.com/items?itemName=rust-lang.rust>
### C/C++
- <https://ludwiguer.medium.com/configure-visual-studio-code-to-compile-and-run-c-c-3cef24b4f690>
- <https://marketplace.visualstudio.com/items?itemName=ms-vscode.cpptools-extension-pack0>
- <https://marketplace.visualstudio.com/items?itemName=formulahendry.code-runner>
#### Arduino/Seeduino
-_<https://marketplace.visualstudio.com/items?itemName=vsciot-vscode.vscode-arduino>
#### CUDA
TBD. Pull requests welcome.
### Java
- <https://marketplace.visualstudio.com/items?itemName=vscjava.vscode-java-pack>
### PHP
- <https://github.com/cytopia/devilbox/blob/50ab236ea9780e6c3ba35d357a451d48aba9a5d2/docs/intermediate/configure-php-xdebug/linux/vscode.rst>
### Python
- <https://marketplace.visualstudio.com/items?itemName=ms-python.python>
## Plugins - Team-MechEng
### Octave
TBD. Pull requests welcome.
### R
TBD. Pull requests welcome.
### Jupyter
- <https://marketplace.visualstudio.com/items?itemName=ms-toolsai.jupyter>
### STL
- <https://marketplace.visualstudio.com/items?itemName=xdan.stlint-vscode-plugin>
- <https://marketplace.visualstudio.com/items?itemName=md2perpe.vscode-3dviewer>
- <https://marketplace.visualstudio.com/items?itemName=slevesque.vscode-3dviewer>
### G-code
TBD. Pull requests welcome.
### Gerber
TBD. Pull requests welcome.

1
src/CIO/Systems/TSYS-Systems.md Normal file
View File

@ -0,0 +1 @@
# TSYS Systems Overview

38
src/CIO/Systems/code/ListAllSystems.sh Executable file
View File

@ -0,0 +1,38 @@
host buildbox
host ca
host canonmfc
host db1
host db2
host db2
host nvr
host pfv-consrv01
host pfv-core-ap01
host pfv-core-rtr01
host pfv-core-sw01
host pfv-lab-sw01
host pfv-lab-sw02
host pfv-lab-sw03
host pfv-stor1
host pfv-stor1-oob
host pfv-stor2
host pfv-stor2-oob
host pfv-time1
host pfv-toolbox
host pfv-vmsrv-01
host pfv-vmsrv-02
host pfv-vmsrv-03
host pfv-vmsrv-04
host pfv-vmsrv-06
host pihole1
host pihole2
host sipwise
host subodev
host suboqa
host suboprod
host tsys-dc-01
host tsys-dc-02
host tsys-dc-03
host tsys-dc-04
host www1
host www2
host 3dpsrv

1
src/CIO/VsCodeConfigGuide.md Normal file
View File

@ -0,0 +1 @@
# VsCode Configuration Guide

1
src/CIO?Policies/Authentication.md Normal file
View File

@ -0,0 +1 @@
# Policies - Authentication

BIN
src/CTO/AvionicsGroundStation.vym Normal file
View File

Binary file not shown.

1
src/CTO/CTO.md Normal file
View File

@ -0,0 +1 @@
# CTO

674
src/CTO/LICENSE Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

106
src/CTO/LabComponentInventory.md Normal file
View File

@ -0,0 +1,106 @@
# Lab Component Inventory
| Drawer # | Contents | Source|
|---|---|---|
| 1 | Jumper Wires F2F 6" |to be identified|
| 2 | Jumper Wires F2F 6" |to be identified|
| 3 | Jumper Wires M2M 6" |to be identified|
| 4 | Jumper Wires M2M 6" |to be identified|
| 5 | Jumper Wires M2F 6" |to be identified|
| 6 | Mixed Jumper Wires M2M 6" |to be identified|
| 7 | Header Strips|to be identified|
| 8 | Heatshrink Tubing|https://www.harborfreight.com/120-piece-heat-shrink-tubing-set-67530.html|
| 9 | Heatshrink Tubing|""|
| 10 | Heatshrink Tubing|""|
| 11 | Wire Connector Butt Splice| https://www.harborfreight.com/30-pack-watertight-heat-shrink-butt-connectors-66729.html |
| 12| Zipties| https://www.homedepot.com/p/Commercial-Electric-4-in-Cable-Tie-Natural-1000-Pack-GT-100M/203531927|
| 13| Push Buttons| amz,ck|
| 14| LED Screen|unknown origin|
| 15| Relays | amz but no specific link|
| 16| Sound | ck |
| 17| Diodes | https://www.amazon.com/gp/product/B007L4DX6Q/ref=ppx_yo_dt_b_asin_title_o04_s01?ie=UTF8&psc=1|
| 18| Crystal Oscillators | https://www.amazon.com/gp/product/B07C4WN68Z/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 |
| 19| Switches | ck |
| 20| Empty Drawer | n/a |
| 21| Empty Drawer | n/a |
| 22| Empty Drawer | n/a |
| 23| Empty Drawer | n/a |
| 24| Empty Drawer | n/a |
| 25| Empty Drawer | n/a |
| 26| Empty Drawer | n/a |
| 27| Empty Drawer | n/a |
| 28| Empty Drawer | n/a |
| 29| Empty Drawer | n/a |
| 30| Empty Drawer | n/a |
| 31| USB to DB9 | https://www.altex.com/manhattan-18-usb-to-serial-converter |
| 32| LiPO Batteries | misc |
| 33| LED assortment | https://www.amazon.com/gp/product/B005GL9ENC/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1 ck|
| 34| Dual Row DIP IC Socket Adaptor Assortment | https://www.amazon.com/gp/product/B07CFWWQ1M/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 |
| 35| Inductors | https://www.amazon.com/gp/product/B085Y6XJL1/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 |
| 36| Elenco CK Kit Electronic components not otherwise categorized| ck |
| 37| Resistors | https://www.amazon.com/gp/product/B0002HBQHW/ref=ppx_yo_dt_b_asin_title_o03_s00?ie=UTF8&psc=1 |
| 38| Resistors | ""|
| 39| Empty Drawer | "" |
| 40| LED | amz |
| 41| USBA-proprietary | misc|
| 42| USBA-proprietary| misc |
| 43| USB (misc to misc) | misc |
| 44| Electrical Clip Assortment | https://www.harborfreight.com/28-piece-electrical-clip-set-67589.html?_br_psugg_q=electrical+connectors |
| 45| Test Leads | https://www.harborfreight.com/18-inch-low-voltage-multi-colored-test-leads-66717.html |
| 46| USBA-Mini | misc |
| 47| USBA-Micro| misc |
| 48| Empty Drawer | n/a |
| 49| Empty Drawer | n/a |
| 50|Empty Drawer | n/a |
| 51|Empty Drawer | n/a |
| 52|Empty Drawer | n/a |
| 53|Empty Drawer | n/a |
| 54| Misc electronics/Rpi etc | misc |
| 55| Empty Drawer | n/a|
| 56| Wifi components | misc |
| 57| USB networking devices | misc|
| 58| Electrical Terminals | https://www.harborfreight.com/150-piece-terminal-and-connector-set-67683.html |
| 59| Electrical Terminals | "" |
| 60| Electrical Terminals | "" |
| 61| misc electronic components to be identified | amz |
| 62| misc electronic components to be identified | amz |
| 63| Wire| misc electronic components to be identified |
| 64| empty drawer| n/a|
| 65| empty drawer| n/a |
| 66| empty drawer| n/a |
| 67| empty drawer| n/a |
| 68| empty drawer| n/a |
| 69| screw terminals | misc electronic components to be identified |
| 70| misc electronic components to be identified | |
| 71| servos | unknown |
| 72| servos | unknown |
| 73| motors | unknown |
| 74| Transitors | https://www.amazon.com/gp/product/B00D8J4EZ2/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1 |
| 75| Transistors| "" |
| 76| Transistors | "" |
| 77| Capacitors | https://www.amazon.com/gp/product/B004YHZDW0/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1 |
| 78| Capacitors | "" |
| 79| Capacitors | "" |
| 80| mystery component | amz
| 81| mystery component | amz
| 82| empty drawer | n/a
| 83| empty drawer | n/a
| 84| empty drawer | n/a
| 85| empty drawer | n/a
| 86| empty drawer | n/a
| 87| empty drawer | n/a
| 88| empty drawer | n/a
| 89| empty drawer | n/a
| 90| empty drawer | n/a
| 91| empty drawer | n/a
| 92| empty drawer | n/a
| 93| empty drawer | n/a
| 94| empty drawer | n/a
| 95| LED Strip Connectors | misc |
| 96| empty drawerSoldering drawer:
Hako 599B: https://www.hakko.com/english/products/hakko_599b.html
smd testing : https://www.adafruit.com/product/1359Lab Shopping List
## To Order online:
* magnetizer/demagnetizer

66
src/CTO/LinksFromEngineeringEmails.md Normal file
View File

@ -0,0 +1,66 @@
Link collection from emails
## Batteries
* <https://www.nasa.gov/pdf/287383main_RP-08-75%2006-069-I%20NASA%20Aerospace%20Flight%20Battery%20Program%20_Part%20I-Volume%20II_FINAL_7-10-08_.pdf>
## Lorawan
* <https://www.thethingsnetwork.org/article/ground-breaking-world-record-lorawan-packet-received-at-702-km-436-miles-distance>
* <https://youtu.be/adhWIo-7gr4>
## Parafoil
* <https://www.nps.edu/documents/106608270/107784480/Fields+-+Lower+Stratospheric+Deployment+Testing+of+a+Ram-Air+Parafoil+System.pdf/be8ab409-185b-495b-8a18-5546be31b288>
* <http://www.sjsu.edu/people/nikos.mourtos/docs/Benton.S12.pdf>
* <https://www.google.com/search?rlz=1CDGOYI_enUS805US805&hl=en-US&ei=myTqW5atLoqsjwTTgruwCQ&ins=false&q=high+altitude+balloon+parafoil+return+filetype%3Apdf&oq=high+altitude+balloon+parafoil+return+filetype%3Apdf&gs_l=mobile-gws-wiz-serp.3...1966.5964..6035...0.0..0.205.1692.0j11j1......0....1.........33i299j33i160.s48wBBrSxoA>
* <http://mindworks.shoutwiki.com/wiki/Guided_Parafoil_System>
* <https://scholar.sun.ac.za/bitstream/handle/10019.1/85757/vanderkolf_flight_2013.pdf?sequence=2&isAllowed=y>
* <https://www.google.com/search?q=parafoil+guidance+navigation+control&rlz=1CDGOYI_enUS805US805&oq=parafoil+guidance+navigation+control&aqs=chrome..69i57.12019j0j9&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
* <https://www.google.com/search?q=autonomous+parafoil+balloon&rlz=1CDGOYI_enUS805US805&oq=autonomous+parafoil+balloon&aqs=chrome..69i57j69i60j69i61.11987j1j4&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
* <https://hal.archives-ouvertes.fr/hal-01853228/document>
* <https://mospace.umsystem.edu/xmlui/bitstream/handle/10355/64176/Thesis_2018_Herrington.pdf?sequence=1&isAllowed=y>
## Envelope
* <https://www.google.com/search?rlz=1CDGOYI_enUS805US805&hl=en-US&ei=m1TqW5TXFKTHjgSBmp3wCQ&ins=false&q=super+pressure+balloon+calculator&oq=super+pressure+balloon+calculator&gs_l=mobile-gws-wiz-serp.3...8931.10259..10506...0.0..0.138.1037.0j8......0....1.........0i71j35i304i39j30i10j33i10.BxG5bln1yuw>
* <https://github.com/stanford-ssi/balloons-Parafoil?files=1>
* <https://www.google.com/search?q=winzen+engineering&rlz=1CDGOYI_enUS805US805&oq=winzen+engineering&aqs=chrome..69i57.3827j1j9&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
* <https://www.google.com/search?q=ukhas+super+pressure.&rlz=1CDGOYI_enUS805US805&oq=ukhas+super+pressure.&aqs=chrome..69i57.7282j0j4&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
## General talent and links of interest
* <http://tt7hab.blogspot.com/?m=1>
* <https://stanfordssi.org/teams/balloons>
## FAA Regulations
* <https://www.law.cornell.edu/cfr/text/14/part-101>
## Satcom
* <http://www.rock7mobile.com/>
## Ads-b
* <https://www.aopa.org/news-and-media/all-news/2017/january/19/ads-b-requirement-clarified-for-nonelectrical-aircraft>
* <https://commons.erau.edu/cgi/viewcontent.cgi?article=3674&context=space-congress-proceedings>
* <https://uavionix.com/uas/>
## Avionics / Ground station
* <http://wiki.glidernet.org/esp32-ogn-tracker>
* <https://www.google.com/search?q=mavlink+lora&rlz=1CDGOYI_enUS805US805&oq=mavlink+lora&aqs=chrome..69i57j0.4939j1j4&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
* <https://www.google.com/search?q=ardupilot+lora&rlz=1CDGOYI_enUS805US805&oq=ardupilot+lora&aqs=chrome..69i57.4479j0j9&hl=en-US&sourceid=chrome-mobile&ie=UTF-8>
* <https://www.google.com/search?rlz=1CDGOYI_enUS805US805&hl=en-US&biw=375&bih=638&ei=K2TzW4_NMevMjgTKjL6IBA&ins=false&q=mavlink+lora+high+altitude&oq=mavlink+lora+high+altitude&gs_l=mobile-gws-wiz-serp.3..33i299l2.13851.18077..18247...0.0..0.297.2190.0j13j1......0....1.........0i22i30j33i160.BK3CXBmeiAo>
* <https://github.com/Octanis1/Octanis1-Field-Station>
* <https://wiki.octanis.org/orb/fieldbasestation>
## Questions asked
* On Nov 12, 2018, at 16:56, Mark S Harris <marksharristx@gmail.com> wrote:
> The balloon is likely to be more stable than the parafoil. So part of my concern was maintainomg that kind of pointing accuracy on the parafoil. In addition I didn't think the parafoil was going to be air bourne that long.
>
> Any idea on time from being dropped to landing? And of that, how much time is it in freefall before it needs to be up and running and extending the parafoil and then time to when control is needed?
>

11
src/CTO/RPi Information Normal file
View File

@ -0,0 +1,11 @@
# RPi details
The Raspberry Pi 2 initially featured a 900 MHz 32-bit quad-core ARM Cortex-A7 processor with 1 GB RAM. Later versions featured a 1.2 GHz 64-bit quad-core ARM Cortex-A53 processor.
-----
The Raspberry Pi 3 Model B was released with a 1.2 GHz 64-bit quad core ARM Cortex-A53 processor. The Raspberry Pi 3 Model B+ was launched with a faster 1.4 GHz processor.
-----
The Raspberry Pi 4 Model B was released with a 1.5 GHz 64-bit quad core ARM Cortex-A72 processor.

28
src/CTO/cuda.md Normal file
View File

@ -0,0 +1,28 @@
# Cuda notes for tsys
## Introduction
This is the first cut of CUDA notes for tsys. Eary research, link dump etc.
## OKR
Objectives/key results for CUDA
## Areas to explore
* CUDA clustering
* mixed gpu gens/archs
## Links
* <https://www.google.com/search?client=firefox-b-e&q=ubuntu+20.04+cuda+cross+compile&oq=ubuntu+20.04+cuda+cross+compile&aqs=heirloom-srp>..
* <https://www.google.com/search?q=cuda+jenkins&oq=cuda+jenkins&aqs=chrome..69i57.2296j0j7&sourceid=chrome&ie=UTF-8>
* <https://www.google.com/search?client=firefox-b-e&q=cuda+build+server>
* <https://www.google.com/search?client=firefox-b-e&ei=cFxIYKzcDJaStAaMsKrICA&q=cuda+ci+server&oq=cuda+ci+server&gs_lcp=Cgdnd3Mtd2l6EAM6BwgAEEcQsANQ3idYmShg3SloAnACeACAAYYDiAH6BJIBBzAuMi4wLjGYAQCgAQGqAQdnd3Mtd2l6yAEIuAECwAEB&sclient=gws-wiz&ved=0ahUKEwis1PyjgqXvAhUWCc0KHQyYCokQ4dUDCA4&uact=5>
* <https://www.vitaarca.net/post/tech/install-cuda-and-cudnn-to-ubuntu-server/>
* <https://stackoverflow.com/questions/63309619/is-it-possible-to-build-an-nvidia-cuda-based-image-on-a-server-without-a-gpu>
* <https://jupyterhub.readthedocs.io/en/latest/>
* <https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html>
* <https://crosstool-ng.github.io/docs/>

38
src/CTO/suboTodo Normal file
View File

@ -0,0 +1,38 @@
## Device fleet management
### Backend:
- https://resin.io/how-it-works/
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
- https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-getting-startedr
### Client side
- http://www.berryterminal.com/doku.php/berryboot
- http://www.berryterminal.com/doku.php/berryboot/adding_custom_distributions
- http://blog.hypriot.com/downloads/
- http://blog.hypriot.com/
- http://blog.hypriot.com/post/heavily-armed-after-major-upgrade-raspberry-pi-with-docker-1-dot-5-0/
### Telemetry
- https://richardstechnotes.wordpress.com/2015/12/26/iot-streaming-with-mqtt-and-apache-nifi/
- https://github.com/richards-tech/RTMQTT
- https://github.com/richards-tech/RTNiFiStreamProcessors
- https://github.com/richards-tech/RTIMULib2
- http://cpham.perso.univ-pau.fr/LORA/RPIgateway.html
- http://www.dragino.com/products/module/item/106-lora-gps-hat.html
- http://wiki.dragino.com/index.php?title=Lora/GPS_HAT#Example1_--_Use_with_LMIC_library_for_LoraWAN_compatible
- http://www.eleduino.com/Dragino-Lora-GPS_HAT-for-Raspberry-Pi-p10580.html
- http://www.aliexpress.com/store/product/Long-distance-wireless-433-868-915Mhz-Lora-and-GPS-Expansion-Board-for-Raspberry-Pi/1390863_32672385182.html
### Cross compile for pi and make custom images.
- http://rpi-cloud.com/guide-install-jenkins-on-rpi/
- http://software-novotny.de/raspberry-pi-remote-compilation-with-jenkins
- http://watchmysys.com/blog/tag/cross-compile/
- https://github.com/andrius/build-raspbian-image
- https://github.com/debian-pi/raspbian-ua-netinst
http://csis.org/files/attachments/151216_Unmanned_Systems.pdf

136
src/CTO/team-hweng/SupplyChain/HwEngSupplyChain.md Normal file
View File

@ -0,0 +1,136 @@
---
title: "TSYS Group - Engineering Documentation - Team Hardware- Supply Chain"
---
# Team HwEng - Supply Chain
## Introduction
This article covers the high level overview of the hardware supply chain for all aspects of
the orbiter:
* orbiter envelope
* orbiter parafoil
* orbiter part 101 requirements
* orbiter cutdown
* ads
* orbiter avionics
* arduino
* pi
* ground station hardware for receiving avionics data
## Pi Systems and USB accessories
* raspberry pi
* subopi1
* MorsePOD M6
* subopi2
* Lora Concentrator Pi Hat (Rak 833, 915mhz, SPI, FCC: 2AF6B-RAK833)
* Arduino Uno connected to motor shield connected to
* Servo
* subopi3
* USB Lora Concentrator
* subopi4
* Dragino Lora/GPS hat
* subopi5
* SenseHAT
* Seeduino LorawanGPS connected to
* IMU
* Motor Controller
* subopi6
* SenseHAT
* Seeduino LorawanGPS connected to
* IMU
* Motor Controller
## Orbiter Envelope
Much to write here, very soon.
## Orbiter parafoil
Much to write here, very soon.
## Orbiter Part 101 requirements
### Reflector
Much to write here, very soon.
### Redundancy
Much to write here, very soon.
### Orbiter Cutdowon
Much to write here, very soon.
## Orbiter Avionics - Seeduino
This is the core of the "smarts" (electronic) system for the orbiter. It's where all domain awarness and decision making happens (along with communication), and is subject to full regulatory review/compliance requirements.
It must do very few things, and it must do them perfectly.
It will be running FreeRTOS, with a handful of custom routines.
* The POC utilizes Seedunio LoraWANGPS boards:
* <https://www.seeedstudio.com/Seeeduino-LoRaWAN-W-GPS-p-2781.html>
* With the following groove boards connected to the seeduino:
* IMU: <https://www.seeedstudio.com/Grove-IMU-10DOF-p-2386.html>
* Motor driver board: <https://www.seeedstudio.com/Grove-I2C-Motor-Driver-L298P-p-4534.html> (or very similar , need to confirm)
* Motors (need to document)
### Power Management
* Core power control:
This is where the batteries, cells, load all comes together:
* <http://www.switchdoc.com/sunairplus-solar-power-controllerdata-collector/>
### Hardware Watchdog
This is a critical fail safe component, and will reboot the seeduino or pi automatically if countdown timer expires:
* <https://shop.switchdoc.com/collections/break-out-boards/products/switchdoc-labs-dual-watchdog-timer-board-for-arduino-raspberry-pi>
## Orbiter Avionics - Raspberry pi
The pi is essentially a large disk (for geospatial db, holding avionics firmware, holding log data etc) and beefy CPU (for geospatial lookups, processing ads-b data, perhaps some data crunching for local optimizations based on weather) attached to the avionics. The pi is important, but not completely critical. It can crash (and if not fixed by watchdog) can remain offline and the orbiter can come in for service safely. We will utilize best practices with the pi, to ensure it's as reliable/avaiable as possible.
In poc the pi will be attached via USB (and also serving as a host for the arduino for firware updates of the avionics ), in prototype/prod it will be on an integrated board as a Pi CM.
* Payload power control:
Control of the power payload, on a geospatial basis, in a black box/non customer changeable is also super critical, and will likely receive the second most regulatory scruity.
This is used for power cycling the payload for regulatory compliance (geofence):
* <https://shop.switchdoc.com/collections/break-out-boards/products/usb-powercontrol-board-v2-w-grove-control-usb-to-usb-solid-state-relay-for-raspberry-pi-and-arduinos-v2>
* SenseHat
We have a SenseHat on the raspberry pi, to provide additional sensor data, as a second source of data for comparsion purposes/redundancy.
## Ground Station
From a hardware perspective, not too much involved here. The lora concentrators we have
for modulating/demodulating lora packets are:
(attached via USB)
* <https://github.com/RAKWireless>
* <https://github.com/RAKWireless/RAK831-LoRaGateway-RPi>
* <https://store.rakwireless.com/products/rak831-gateway-module?variant=22375114801252>
and
(pi hat)

108
src/CTO/team-hweng/Tooling/HwEngTooling.md Normal file
View File

@ -0,0 +1,108 @@
---
title: "TSYS Group - Engineering Documentation - Team Hardware- Tooling"
---
# Team HwEng - Tooling
## Introduction
This article covers the support stack of software and hardware used by the hardware engineering
team to develop the orbiter.
Topics covered by this documentation:
* Computer Systems
* Dev/qa/prod systems
* (Custom) Hardware machines/tools for prototypes
* Envelope Sealer
* Inflator
* Pressure chamber
* Reflow Oven
* RF Testing chamber
* Environmental Testing - Temperature
* Environmental Testing - UV
* Software
See the following links for the software setup guides
- <https://git.turnsys.com/TSGTechops/docs-techops/src/branch/master/TSYS-DevEnv-VsCode.md>
- <https://git.turnsys.com/mrcharles/dotfiles/src/branch/master/README.md>
## Computer Systems
* Raspberry Pi
* subobench (all lab equipment with a digital interface is attached to this). Documented on discourse.
* x86 servers
* subodev We develop workloads here. Once a day update or so. (After any needed iterations on our dev workstations)
* suboqa We run qa/unit/integration/burn in etc tests here on all workloads. Expect once a week updates or so.
* suboprod We run production workloads here. All things on here should be expected to come under regulatory review. May be considered a system of record, need to ponder. This is CUDA enabled (quadro). Expected to be under cluster control (slurm).
* Tegra cluster
* suboprod01-05
## (custom) tooling for prototypes
### Envelope Heat Sealer
* Overview
This is used for assembling the envelopes. It's a customized heat sealer, controlled by an Arduino for precision temperature control.
* Bill of Materials
### Inflator
* Overview
This is used for inflating the envelopes once they've been assembled (in particular for leak detection).
It's a customized pump , controlled by an Arduino for precision pressure control.
* Bill of Materials
### Pressure chamber
* Overview
* Bill of Materials
### Reflow Oven
* Overview
This is used
* Bill of Materials
### Cameo Silhouette
* Overview
This is used to (primarily) make solder stencils for PCB re-work we will be doing on prototypes.
### RF Testing Chamber
We will do as much EMC testing in house as we can. This will save us 10s of thousands of dollars
and will increase our first pass chances at the FCC certified lab immensely. We can also rent out the chamber when we aren't using it.
* Major components
* Considerations/concerns
* Budget/BoM
### Environmental Testing
We will do as much environmental testing in house as we can. Need to research if any external testing is required by regulation, but currently (03/03/2021) I'm un-aware of any that is required.
Of course we will test extensively , for robustness etc.
* Major components
* Considerations/concerns
* Budget/BoM
#### UV
#### Extreme cold

244
src/CTO/team-sweng/SupplyChain/SwEngSupplyChain.md Normal file
View File

@ -0,0 +1,244 @@
---
title: "TSYS Group - Engineering Documentation - Team Software - Supply Chain"
---
# Team SwEng - Supply Chain
## Version
* 1.0 published 03/11/2021 at 08:30 CST
## Introduction
This article covers the high level overview of the software supply chain for the orbiter, ground station, operations center.
It touches very briefly on the hardware that will be used in the proof of concept. We have a separate article, that goes into far more detail about the hardware.
This article also doesn't touch on the software tooling (compilers and such), which is extensive and is documented in another article.
## Avionics - Seeduino
This is the core of the software system for the orbiter. It's where the magic happens, and is subject to full regulatory review/compliance requirements. It must do very few things, and it must do them perfectly.
This is all going to be custom code.
### Main board
* The proof of concept utilizes Seeduino LoraWANGPS boards:
Overview: <https://www.seeedstudio.com/Seeeduino-LoRaWAN-W-GPS-p-2781.html>
Technical Documentation: <https://wiki.seeedstudio.com/Seeeduino_LoRAWAN/> (unfortunately no ability to deep link on that page, so read it over for example code of Lora send/receive, battery checking etc)
* The boards will be running all code via FreeRTOS:
* <https://www.freertos.org/FreeRTOS-quick-start-guide.html>
* <https://wiki.seeedstudio.com/Software-FreeRTOS/>
* <https://github.com/Seeed-Studio/Seeed_Arduino_FreeRTOS>
* <https://github.com/Seeed-Studio/Seeed_Arduino_ooFreeRTOS>
FreeRTOS will need to interface with the following groove boards connected to the Seeduino via i2c:
(see <https://wiki.seeedstudio.com/Arduino_Software_I2C_user_guide/> for notes on multiple i2c)
### IMU
* This is where all the sensor data will come from.
* IMU:
<https://www.seeedstudio.com/Grove-IMU-10DOF-p-2386.html>
<https://wiki.seeedstudio.com/Grove-IMU_10DOF/>
<https://github.com/Seeed-Studio/Seeed_Arduino_IMU10DOF>
* Functions
* ReadPitch
* ReadYaw
* ReadRoll
* ReadTime
* ReadTemp
* ...(etc) (whatever the board can provide) (maybe a single function that takes an argument, whatever)
### Parafoil Control
* Control of the parafoil is critical, and will likely receive the most regulatory scrutiny.
* Motor driver board:
<https://wiki.seeedstudio.com/Grove-I2C_Motor_Driver_V1.3/>
<https://github.com/Seeed-Studio/Grove_I2C_Motor_Driver_v1_3/>
* Functions
* OrbiterOperateParafoil (left,right,up,down) [to operate the parafoil motors]
* OrbiterCutDown
* EnvelopePop
* DeployParafoil
* OrbiterSelfDestruct
### Power Management
Where the batteries, cells, load all comes together. The below board will be interfaced to (for data reading purposes) from the Seeduino via (I believe GPIO, but maybe i2c (check the docs)):
<http://www.switchdoc.com/sunairplus-solar-power-controllerdata-collector/>
* Functions
* ReadVoltage
* ReadCurrent
* ReadAmps
* ReadChargeLevel
* ... (etc)
### Telemetry
This key data:
* Charge levels
* Full IMU data
* Full sensor data (light,temp,etc)
needs to be broadcast to:
* Ground stations (via lora)
* other aircraft (via ads-b)
* Functions:
* (future, we have no ads-b currently) ADS-B(send) [for sending data over ads-b]
* (future, we have no ads-b currently) ADS-B(receive) [for receiving (listening) data over ads-b] (all smarts for processing would be on pi)
* lora(send) [to dump out telemetry to ground stations]
* lora(receive) [to receive operator instructions]
* IMU Sensor Read (logs to memory buffer in pi, so tile38 can read)
* IMU Sensor Send (broadcast on air)
* Data Logging
* GPS Read
* GPS Send
* Charge Status
* Voltage of Battery
Technical Documentation for the above, along with example code : <https://wiki.seeedstudio.com/Seeeduino_LoRAWAN/> (unfortunately no ability to deep link on that page, so read it over for example code of Lora send/receive, battery checking etc)
### Overhead / Housekeeping
Various things will be needed for regular management/housekeeping duties.
* Functions:
* TickleTheTail [keep the watchdog from activating]
<https://shop.switchdoc.com/collections/break-out-boards/products/switchdoc-labs-dual-watchdog-timer-board-for-arduino-raspberry-pi>>
is the hardware watchdog timer that we have in the shop.
This will be used to supervise/recover both the arduino and the pi.
## Avionics - Raspberry pi
The pi is essentially a large disk (for geo spatial db, holding avionics firmware, holding log data etc) and beefy CPU (for geo spatial lookups, processing ads-b data, perhaps some data crunching for local optimizations based on weather) attached to the avionics. The pi is important, but not completely critical. It can crash (and if not fixed by watchdog) can remain offline and the orbiter can come in for service safely. We will utilize best practices with the pi, to ensure it's as reliable/available as possible.
In poc the pi will be attached via USB (and also serving as a host for the arduino for firmware updates of the avionics ), in prototype/prod it will be on an integrated board as a Pi CM.
### Payload Power Management
Control of the power payload, on a geo fence basis, in a black box/non customer changeable is also super critical, and will likely receive the second most regulatory scrutiny.
In the prototype, the geo fence will utilize this board to cut/restore power:
<https://shop.switchdoc.com/collections/break-out-boards/products/usb-powercontrol-board-v2-w-grove-control-usb-to-usb-solid-state-relay-for-raspberry-pi-and-arduinos-v2>
* Functions
* Payload Power On
* Payload Power Off
* Payload Location Lookup
### geo gencing
<https://tile38.com/>
This will be utilized for geo-fencing. The pi will periodic query
GPS (or just read off the serial feed from the arduino) and cut off power to the payload (and restore it) at appropriate locations.
### operating system
Most likely will utilize a combination of
* balena os https://www.balena.io/os/
* openmtc https://www.openmtc.org/
### avionics updating
Updating the seeduino firmware image in flight, Will utilize the
* arduino-cli
system.
## Ground Station Avionics
This will be a relatively simple system, designed todo two functions:
* Receive lora broadcasts
* Convert the lora data to IP packets and push the packets to a bus for listeners to consume.
The ground station avionics software will do nothing else.
For receiving broadcasts:
* <https://github.com/RAKWireless>
* <https://github.com/RAKWireless/RAK831-LoRaGateway-RPi>
* For converting lora packets to IP and relaying data to an endpoint: <https://www.chirpstack.io/gateway-bridge/gateway/raspberrypi/>
* General lorawan software
<https://github.com/Lora-net>
* relaying to timeseries database
<https://github.com/mhe/mqtt2influxdb>
## Operations Center / Device fleet management
We must implement one bus listener: the Ops Center. Other parties may implement additional listeners as needed.
Primary software packages involved:
* <https://nasa.github.io/openmct/>
* <https://www.chirpstack.io/>
* Balena
* <https://www.balena.io/os/?>
* <https://www.balena.io/engine/?>
* <https://www.balena.io/open/?>
* <https://github.com/balena-io/open-balena?d_id=7632b330-6018-41b8-82ca-e5fab4fabf15R>
### Backend
### Client side
* <http://www.berryterminal.com/doku.php/berryboot>
* <http://www.berryterminal.com/doku.php/berryboot/adding_custom_distributions>
### Telemetry
* <https://richardstechnotes.wordpress.com/2015/12/26/iot-streaming-with-mqtt-and-apache-nifi/>
* <https://github.com/richards-tech/RTMQTT>
* <https://github.com/richards-tech/RTNiFiStreamProcessors>
* <https://github.com/richards-tech/RTIMULib2>
* <http://cpham.perso.univ-pau.fr/LORA/RPIgateway.html>
* <http://www.dragino.com/products/module/item/106-lora-gps-hat.html>
* <http://wiki.dragino.com/index.php?title=Lora/GPS_HAT#Example1_--_Use_with_LMIC_library_for_LoraWAN_compatible>
* <http://www.eleduino.com/Dragino-Lora-GPS_HAT-for-Raspberry-Pi-p10580.html>
* <http://www.aliexpress.com/store/product/Long-distance-wireless-433-868-915Mhz-Lora-and-GPS-Expansion-Board-for-Raspberry-Pi/1390863_32672385182.html>
* <http://csis.org/files/attachments/151216_Unmanned_Systems.pdf>
## Ground Station Payload
This will be written up later, and is for a dedicated payload team to worry about.
For knowledge capture purposes, some things to consider:
* <https://github.com/jhshi/openofdm>
* <https://openofdm.readthedocs.io/en/latest/overview.html>
* <https://news.ycombinator.com/item?id=25814237>
* <https://www.nuand.com/bladeRF-wiphy/>
* <https://news.ycombinator.com/item?id=24273919>
* <https://github.com/open-sdr/openwifi>

226
src/CTO/team-sweng/Tooling/SwEngTooling.md Normal file
View File

@ -0,0 +1,226 @@
---
title: "TSYS Group - Engineering Documentation - Team Software - Tooling"
---
# Team SwEng - Tooling
## Introduction
This article covers the tools and support stack/systems used by the software engineering team at Suborbital Systems. It should be read by everyone in the engineering organization.
## Sw Engineering Systems
* Build/dev/test systems
* buildbox (All compiles happen here (either directly or via jenkins invoking)
* subodev / suboqa (All dev/testing is done on these systems, in particular for hardware engineering test suite iteration etc)
* Production systems
* suboprod (All production workloads, validations, simulations run here, cuda enabled for speed. May use docker in future to allow easy sharing of cuda card and versioning workloads)
* suboprod01-05 (cuda tk1 cluster)
* opc01/02 (op center systems)
## General Information
* All systems have NTP sync time, and working DNS
* All systems have an MOTD covering the basics and pointers to detailed documentation
* All systems have /subo mounted via NFS
### /subo directory
localuser@buildbox:~$ ls /subo/
SupplyChain Tooling
localuser@buildbox:~$
* **SupplyChain** is for upstream software that is used in deliverables produced by engineering. It would also contain any libraries/custom software etc that engineering produces
* **Tooling** is for off the shelf , upstream, vendor software that is used to support engineering operations. Things like (cross) compilers, custom builds of software etc go in it.
Each directory has the same top-level layout:
```bash
SupplyChain:
bin lib scripts src
Tooling:
bin lib scripts src
```
* bin is for installed packages (either stand alone (go/java) executables , or compiled software distributions) (with sub directories off of bin for each package, even if it's a single executable (we like clean systems and toolboxes))
```bash
root@buildbox:/subo/Tooling/bin# ls team-sweng/
arduino-cli
root@buildbox:/subo/Tooling/bin# ls team-sweng/arduino-cli/
arduino-cli
root@buildbox:/subo/Tooling/bin#
```
This is then referenced in /etc/profile as part of the path:
```bash
export PATH="/subo/Tooling/bin/team-mecheng/openvsp/OpenVSP-3.23.0-Linux:\
/subo/Tooling/lib/miniconda/bin:\
/subo/Tooling/bin/team-sweng/arduino-cli:\
$PATH"
localuser@buildbox:~$ echo $PATH
/subo/Tooling/bin/team-mecheng/openvsp/OpenVSP-3.23.0-Linux:/subo/Tooling/lib/miniconda/bin:/subo/Tooling/bin/team-mecheng/openvsp/OpenVSP-3.23.0-Linux:/subo/Tooling/lib/miniconda/bin:/subo/Tooling/bin/team-sweng/arduino-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
localuser@buildbox:~$
```
We will probably create a /subo/bin directory and symlink things to it and add that to the path (if/when the $PATH environment variable becomes too long)
The path in /etc/profile must be updated on subodev/qa/prod when new software is built on buildbox (and installed to /subo/..../bin)
* lib is for any non apt-get installed libraries needed for anything we are building from source
* src is for the (typically) git clone/checkout of upstream software, with a sub directory for each package, just like bin.
* scripts is for scripts (see immediately below for two key scripts)
### Dependency tracking
```bash
root@buildbox:/subo/Tooling/scripts# ls
install-build-deps.sh install-runtime-deps.sh
root@buildbox:/subo/Tooling/scripts#
```
* Tracking Build Dependencies
If you apt-get a package/packages to make cmake/configure work, capture it in
**install-build-deps.sh**
* Tracking Runtime Dependencies
If you apt-get a package/packages to make cmake/configure work, capture it in
**install-runtime-deps.sh**
## Cross Compilers
### Cross compile for pi and make custom images
* <http://rpi-cloud.com/guide-install-jenkins-on-rpi/>
* <http://software-novotny.de/raspberry-pi-remote-compilation-with-jenkins>
* <http://watchmysys.com/blog/tag/cross-compile/>
* <https://github.com/andrius/build-raspbian-image>
* <https://github.com/debian-pi/raspbian-ua-netinst>
* atmel (arduino mega/uno)
* Documentation: <https://medium.com/swlh/how-to-create-an-automated-build-pipeline-for-your-arduino-project-1df9826f2a5e>
* Location on buildbox:
```bash
/subo/Tooling/src/team-sweng/cross-compile/rpi
```
* pi
* Documentation: <https://www.raspberrypi.org/documentation/linux/kernel/building.md> and
<https://blog.kitware.com/cross-compiling-for-raspberry-pi/>
* Location on buildbox:
```bash
/subo/Tooling/src/team-sweng/cross-compile/rpi
```
which contains the current checkout (as of 03/02/2021)
* cortex (m0)
* Documentation: <https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm>
* Location on buildbox:
```bash
/subo/Tooling/src/team-sweng/cross-compile/cortexm0
root@buildbox:/subo/Tooling/src/team-sweng/cross-compile/cortexm0 ls
binutils-gdb gcc newlib-cygwin
root@buildbox:/subo/Tooling/src/team-sweng/cross-compile/cortexm0
```
* crosstool-ng
* Documentation: <http://crosstool-ng.github.io/docs/install/>
* Location on buildobx:
```bash
/subo/Tooling/src/team-sweng/cross-compile/crosstool-ng
```
which may well prove easier/better than the raw cloned sources enumerated in the last bullet point.
* nvidia
We will be making extensive use of Nvidia systems at subo, especially in R&d (for engineering/validation etc)
* Documentation: * <https://docs.nvidia.com/cuda/cuda-compiler-driver-nvcc/> and * <https://elinux.org/Jetson/Installing_CUDA>
Also see below under Software Development Kits , the CUDA bullet.
## Regular Compilers
buildbox is Ubuntu 20.04 and has bison/flex/autoconf/gcc/g++/build-essential (etc etc) via apt-get install as of 03/02/2021. run apt-get update/upgrade at any time (since anything regulatory scope, we build/install/version lock in /subo/....)
## Meta tooling
* distcc ?
* ccache ?
* ninja make?
## Software Development Kits
* CUDA / JetPack
* <https://developer.nvidia.com/cuda-downloads>
* <https://developer.nvidia.com/embedded/jetpack>
So this will be a bit tricky. We have three CUDA targets:
1 suboprod vm (hosted on pfv-vmsrv-02)
```bash
root@pfv-vmsrv-02:~# lspci |grep -i nv
01:00.0 VGA compatible controller: NVIDIA Corporation GF104GLM [Quadro 3000M] (rev a1)
```
2 jetson nano (<https://developer.nvidia.com/embedded/jetson-nano-developer-kit>) (this might? use cuda)
3 suboprod01-05 (tk1) (kepler)
* <https://developer.nvidia.com/blog/jetson-tk1-mobile-embedded-supercomputer-cuda-everywhere/>
(this uses cuda actual)
* <https://developer.nvidia.com/embedded-computing>
* <https://developer.nvidia.com/embedded/jetson-developer-kits>
* <http://mercury.pr.erau.edu/~siewerts/cec450/documents/Jetson/Tegra_Linux_Driver_Package_Developers_Guide.pdf>
Charles may tackle this, either way it's a (for now) low priority as far as tooling goes for
software engineering tooling. On the other hand, hardware/mechanical engineering will have much greater need for this stack for simulations/validation etc (for example <https://developer.nvidia.com/blog/drop-in-acceleration-gnu-octave/>).
## Editor
We use VSCode as our standard editor with the following extensions:
* for bash <https://marketplace.visualstudio.com/items?itemName=lizebang.bash-extension-pack>
* for arduino <https://marketplace.visualstudio.com/items?itemName=vsciot-vscode.vscode-arduino>
* for cortex <https://marketplace.visualstudio.com/items?itemName=marus25.cortex-debug>
* vim
* arm
* etc
Essentially each developer will setup whatever environment they need to be most productive.
It is a highly personal, subjective, task specific etc. We offer the above
as general guidance that @ReachableCEO has found useful as he works the entire stack in VsCode.
We strongly recommend using VsCode, any other environments will be fully unsupported by Suborbital Systems.

109
src/CTO/team-sweng/Tooling/Tooling Task List.md Normal file
View File

@ -0,0 +1,109 @@
# Tooling Task List
## Add architecture-specific directories to file tree
### Various cross-compiler parts
-----
From <https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm>, you can find the following:
### GNU C/C++ Compiler
You can find the sources to Arm Embedded GCC at [git://gcc.gnu.org/git/gcc.git](git://gcc.gnu.org/git/gcc.git). All contributions are made to trunk. Patches are cherry-picked as needed to the Arm embedded branches.
### Binutils
You can find the sources to Arm Embedded Binutils at [git://sourceware.org/git/binutils-gdb.git](git://sourceware.org/git/binutils-gdb.git). All embedded branches are under [users/ARM/embedded-binutils-[version]-branch](users/ARM/embedded-binutils-[version]-branch). Contribution is similar to GCC.
### GDB
You can find the sources to Arm Embedded Binutils at [users/ARM/embedded-binutils-[version]-branch](git://sourceware.org/git/binutils-gdb.git). All embedded branches are at [users/ARM/embedded-gdb-[version]-branch](users/ARM/embedded-gdb-[version]-branch). You can contribute in the same way that you contribute to GCC.
### Newlib
You can find the sources at [users/ARM/embedded-gdb-[version]-branch](users/ARM/embedded-gdb-[version]-branch). We contribute to master, and the toolchain is based on master branch.
-----
### crosstool-NG [http://crosstool-ng.org/#download_and_usage](http://crosstool-ng.org/#download_and_usage)
x86 install (buildbox)
### Arduino-cli
x86 - RPi cluster install (into /subo/arm directory), deploying Uno and Mega Arduinos)
### Cross-compilers
x86-to-ARM cross-compiler (gcc, binutils, gdb), deploying RPi
x86-to-M0 cross-compiler (gcc, binutils, gdb), deploying M0
x86-to-AVR cross-compiler (gcc, etc.?), deploying Uno, Mega
### CUDA / JetPack (low priority)
suboprod
jetson nano
suboprod[n] - 01 through 05
### Configure Jenkins
-----
## Avionics - Seeeduino
### Install FreeRTOS
### IMU - Interface with
Multiple i2c
IMU
Functions - ReadPitch, ReadYaw, ReadRoll, ReadTime, ReadTemp, etc.
### Parafoil Control
Motor driver board drivers
Functions - OrbiterOperateParafoil (motor left, right, up, down), OrbiterCutDown, EnvelopePop, DeployParafoil, OrbiterSelfDestruct
### Power Management
Functions - ReadVoltage, ReadCurrent, ReadAmps, ReadChargeLevel, etc.
### Telemetry
Key data - Charge levels, Full IMU data, Full sensor data (light, temp, etc.)
Broadcast to ground stations (via lora), other aircraft (via ads-b)
Functions
> Future, no ads-b yet, ADS-B(send), ADS-B(receive)
>
> Lora(send), lora(receive), IMU Sensor Read, IMU
Sensor Send, Data Logging, GPS Read, GPS Send, Charge Status, Battery Voltage
### Overhead / Housekeeping
Functions - TickleTheTail
## Avionics - Raspberry Pi
Payload Power Management
### Functions - Payload Power On, Payload PowerOff, Payload Location Lookup
### Geo Fencing obtain tile38 data
### Operating System - Balena OS, Openmtc
### Avionics Updating will use Arduino-cli
## Ground Station Avionics
### Receive lora broadcasts
### Convert lora data to IP packets, push packets to a bus
### Set up chirpserver
### Set up openmtc

53
src/SUMMARY.md Normal file
View File

@ -0,0 +1,53 @@
# TSYS Group Handbook
# Introduction and overview
- [TSYS Group Introduction](./intro.md)
# Board Of Directors
- [Board Of Directors Manual](./Board/BoardOfDirectorsManual.md)
- [Committe Charter - Audit](./Board/charters/Audit-Committee-Charter.md)
- [Committe Charter - Executive](./Board/charters/Executive-Committee-Charter.md)
- [Committe Charter - ForProfit](./Board/charters/ForProfitCommittee-Charter.md)
- [Committe Charter - NonProfit](./Board/charters/NonProfit-Committee-Charter.md)
- [Committe Charter - HFNOC](./Board/charters/HFNOC-Committee-Charter.md)
- [Committe Charter - Redwood](./Board/charters/Redwood-Committee-Charter.md)
# CEO
# CTO
- [CTO Overview](./CTO/CTO.md)
# CIO
- [CIO Overview](./CIO/CIO.md)
- [Policies - Business Continuity Plan](./CIO/Policies/BusinessContinuityPlan.md)
- [Policies - Authentication](./CIO?Policies/Authentication.md)
- [Processes - Two Factor Authentication ](./CIO/Processes/2fa.md)
- [Processes - Move To Production](./CIO/Processes/MoveToProduction.md)
- [Processes - New Team Member Onboarding](./CIO/Processes/NewTeamMemberOnboarding.md)
- [Processes - PFV Datacenter Runbook](./CIO/Processes/PFVRunbook.md)
- [Processes - VPN User Management](./CIO/Processes/VpnUser.md)
- [Processes - Vulnerability Management](./CIO/Processes/VulnerabilityManagmentNotes.md)
- [Systems - Applications And Web Services](./CIO/Systems/Admin-Application/AppsAndServices.md)
- [Systems - Runtime Environment for Hosted Services](./CIO/Systems/Admin-Application/RuntimeLayer.md)
- [Systems - Web Server Configuration](./CIO/Systems/Admin-Application/WebServerSetupNotes.md)
- [Systems - Overview](./CIO/Systems/TSYS-Systems.md)
- [Systems - Cooling](./CIO/Systems/Admin-DataCenter/cooling/PFVCooling2021.md)
- [Systems - Power](./CIO/Systems/Admin-DataCenter/power/PFVPower2021Prod.md)
- [Systems - Security](./CIO/Systems/Admin-DataCenter/security/PhysicalSecurity.md)
- [Systems - Storage](./CIO/Systems/Admin-DataCenter/storage/PFVStorage2021.md)
- [Systems - TSYS HQ LAN](./CIO/Systems/Admin-DataCenter/networking/PFV-LAN.md)
- [Systems - TSYS HQ WAN](./CIO/Systems/Admin-DataCenter/networking/PFV-WAN.md)
- [Systems - Virtual Guests Inventory](./CIO/Systems/Admin-Platform/TSYS-Systems.md)
- [Systems - Workstation Build Guide](./CIO/Systems/Admin-RAndD/EngWorkstationBuildGuide.md)
- [Systems - VsCode Configuration Guide](./CIO/Systems/Admin-RAndD/VsCodeConfigGuide.md)
# CMO
# CRO
# CFO
# COO

83
src/intro.md Normal file
View File

@ -0,0 +1,83 @@
# TSYS Group overview and introduction
## Mission
TSYS Group is a collection of entities whose common goal is providing internet connectivity to everyone in all of North America (in particular rural areas) for $25.00 per user
per month.
## Who does TSYS Group serve?
Everyone in North America and international waters who wants internet connectivity.
## What does the TSYS Group do?
The TSYS Group seeks to handle every aspect of internet connectivity, soup to nuts. From design and manufacture of the equipment, to
educating users on it's safe and efficient operation to raising the capital for the venture.
## Where can you contact TSYS Group?
Website: www.turnsys.com
## TSYS Group Brands
### Redwood Group
The below table documents the not primarily for profit entities performing capital raising and management for TSYS Group entities and their members.
| Entity | Description | Website |
| -------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------------------------ |
| Redwood Group LLC | Sibling organization to TSYS Group for all capital raising and management | <https://www.redwgr.com> |
| Redwood Springs Capital Partners Management Co LLC | management company of the various funds setup to finance TSYS Group operations | <https://www.rwscp.net> |
| Redwood Family Office LLC | Wealth management/healthcare/estate planning/tax advice broker for LLC members and their families | <https://www.redwfo.com> |
### Non Profit Properties
The below table documents the non profit entities performing the educational, advocacy, lobbying and legislative functions for TSYS Group.
| Entity | Description | Website |
| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| Americans For A Better Network INC | A non profit (seeking 501c3 status) to educate americans about internet provider choices | <https://www.afabn.org> |
| Free Network Foundation INC | A defunct 501c3 (replaced by AFABN) | <https://www.thefnf.org> |
| Free Network Foundation INC | (wiki) comprehensive body of knowledge about community networking | <https://commons.thefnf.org> |
| Free Network Foundation INC | (static files) Assets (pdfs etc) linked from blog/wiki | <https://staticbits.thefnf.org> |
| Side Door (Solutions) Group INC | A non profit (seeking 501c4) / PAC to drive the necessary legislative and executive changes to enable internet for all | <https://www.sidedoorgroup.org> |
| TSYS Group Non Profit Portal | Landing page for non profits | <https://nonprofit.turnsys.com> |
### For Profit Properties
The below table documents the not primarily for profit entities performing the R&D and providing supporting services functions for TSYS Group.
| Entity | Description | Website |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------ |
| Axios Heart Studios LLC | Art, 2d,3d and other fabrication services for TSYS Group | <https://www.axiosheartstudios.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - technical blog and information | <https://www.suborbital-systems.com> |
| Suborbital Systems Development Company LLC | Manufacturer of Morse product line - product page | <https://www.meetmorse.com> |
| RackRental LLC | network and lab equipment rental by the hour for training, config testing, competitive testing | <https://www.rackrental.net> |
| Team Rental LLC | HR/staffing of IT/dev professionals (2 million net new job goal by 2025) | <https://www.teamrental.net> |
| Known Element Enterprises LLC | IT/business back office services | <https://www.knownelement.com> |
| Your Dream Name Here LLC | Business in a box | <https://www.yourdreamnamehere.com> |
| The PeerNet LLC | Community, media, public relations / (live/time shifted) streaming/broadcast service | <https://www.thepeernet.com> |
| The PeerNet LLC | Software platform powering ThePeerNet.com service | <https://www.ezpodstack.org> |
### Coop Properties
The below table documents the fairshares cooperatives for financing, building, owning and operating community networks.
| Entity | Description | Website |
| ----------------------------------------- | -------------------------------------------------------- | -------------------------------- |
| High Flight Network Finance Company LLC | Financing network builds | <https://www.hfnfc.net> |
| High Flight Network Operating Company LLC | User owned/operated network backbone | <https://www.hfnoc.net> |
| KickFund.me LLC | Crowdfunding of network and other infrastructure builds | <https://www.kickfund.me> |
| The Campus Trading Co LLC | treasury/investment management/market and other research | <https://www.thecampustrade.com> |
### Misc Properties
| Entity | Description | Website |
| -------------------- | -------------------------------------- | -------------------------------- |
| CNWCO LLC | Charles Wyble blog | <https://www.reachableceo.com> |
| Turn Net Systems LLC | Overall entity for many subsidiary LLC | <https://www.turnsys.com> |
| Turn Net Systems LLC | Governance information for TSYS group | <https://governance.turnsys.com> |
Please see https://www.turnsys.com for more information.