ingress.hackeriet.no is the nginx-based web front for Hackeriet services. It terminates public web traffic and reverse-proxies service hostnames to their upstream applications.

Known service hostnames in the nginx configuration include:

• ip.hackeriet.no - NetBox
• hula.hackeriet.no
• events.hackeriet.no
• nms.hackeriet.no - LibreNMS
• docs.hackeriet.no
• ping.hackeriet.no
• pad.hackeriet.no and pad2.hackeriet.no

Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and hosting information.

Normal access:

• ssh <your-hacker-id-username>@ingress.hackeriet.no

Access is managed through Hacker-ID / Kanidm. The relevant group is documented on Hacker-ID:

• service-webingress-sysops - SSH + sudo + docker for ingress

Main observed configuration file:

• /etc/nginx/conf.d/hackeriet.no.conf

The file contains an operator note for adding new proxied services:

1. Add the upstream hostname to /etc/hosts if needed.
2. Copy an existing nginx server block.
3. Replace $SERVICE with the configured DNS hostname.
4. Run certbot -d $SERVICE.hackeriet.no –nginx.
5. Configure the downstream host.

Example upstream pattern observed in the config:

proxy_pass https://app-01.hackeriet.no;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_ssl_trusted_certificate /root/cert/app-01.crt;
proxy_ssl_verify on;

Observed DNS on 2026-05-25:

• ingress.hackeriet.no A: 185.35.202.240
• ingress.hackeriet.no AAAA: 2a02:ed06::240

Observed host addresses on 2026-05-25:

• ens18: 185.35.202.240/32, 2a02:ed06::240/64
• ens19: 10.10.50.50/24

Treat these as emergency orientation only. NetBox should remain the source of truth for address assignments.

Observed over SSH on 2026-05-25:

• OS: Rocky Linux 9.5 (Blue Onyx)
• Kernel: 5.14.0-503.35.1.el9_5.x86_64

Observed running services on 2026-05-25:

• nginx - HTTP reverse proxy
• firewalld - host firewall
• kanidm-unixd and kanidm-unixd-tasks - Hacker-ID Unix integration
• sshd - SSH access
• chronyd - time sync
• rsyslog - system logging
• qemu-guest-agent - guest integration

No failed systemd units were observed at that time.

Do not paste secrets into the wiki.

Relevant hackeriet/pass entries:

• root@ingress.hackeriet.no.gpg

If root or service credentials are needed, look in hackeriet/pass and keep decrypted values out of the wiki.

Basic host checks:

hostname -f
id
systemctl --failed --no-pager
df -h -x tmpfs -x devtmpfs
ip -br addr show scope global

Service checks:

systemctl status nginx firewalld kanidm-unixd sshd
nginx -t
grep -n "server_name" /etc/nginx/conf.d/hackeriet.no.conf
journalctl -u nginx --since "1 hour ago"
journalctl -u sshd --since "1 hour ago"

DNS checks from another machine:

dig +short ingress.hackeriet.no A
dig +short ingress.hackeriet.no AAAA
dig +short ip.hackeriet.no A
dig +short nms.hackeriet.no A

If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.