feat: update documentation and add new topics for lab management and VPN setup

Author: cooperj

Writerside/cfg/buildprofiles.xml

@@ -1,14 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <buildprofiles xsi:noNamespaceSchemaLocation="https://resources.jetbrains.com/writerside/1.0/build-profiles.xsd"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
+    <llms-txt single-file="true"/>
     <variables></variables>
     <build-profile instance="hi">
         <variables>
             <noindex-content>true</noindex-content>
             <offline-docs>false</offline-docs>
         </variables>
-        <llms-txt single-file="true"/>
     </build-profile>
     <build-profile instance="ti">
         <variables></variables>

Writerside/cfg/glossary.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE terms SYSTEM "https://resources.jetbrains.com/writerside/1.0/glossary.dtd">
+<terms>
+    <term name="inb-phase1">
+        The original part of INB, This was originally the Engineering Hub!
+    </term>
+    <term name="inb-phase2">
+        Phase 2 refers to the newer extension, this is where all the socs-style computing labs are, you can see the transition in the door next to INB1201, our office is in the old section of the building (but was developed as a part of the extension).
+    </term>
+</terms>

Writerside/hi.tree

@@ -49,6 +49,7 @@
     <toc-element topic="Day-to-Day-Checks.md">
         <toc-element topic="PC-Startups-and-DeepFreeze.md"/>
         <toc-element topic="Lab-AV.md"/>
+        <toc-element topic="Room-Condition.md"/>
     </toc-element>
     <toc-element topic="System-Imaging.md">
         <toc-element topic="Image-Revision-History.md"/>
@@ -89,6 +90,7 @@
         <toc-element topic="Asgard.md"/>
         <toc-element topic="Yggdrasil.md"/>
         <toc-element topic="Snipe-IT.md"/>
+        <toc-element topic="University-VPN.md"/>
     </toc-element>
     <toc-element topic="Servers-and-Remote-Storage.md">
         <toc-element topic="socs-web01.md">

Writerside/images/df-power-saving.png

@@ -14,3 +14,6 @@ Many a technician ago, the School began to have some issues with its open-access
 This is great as it means everything we do as school that could potentially break a corporate setup, will only really affect a single machine - and this gives us a greater degree of flexibility for running our modules.
 
 However, issues with plagiarism, compromised and stolen accounts, and, illicit materials started to appear. DeepFreeze negates this, as every time a machine is restarted, it reverts to a clean state. DeepFreeze will automatically restart a machine to apply this on log out, or, whenever a idle timer is hit.
+
+> Please note, when introducing a class to using the labs for the first time, they should be introduced to Deep Freeze and explained that they **must logout/shutdown/reboot the computer after use**.
+{style="note"}

Writerside/topics/DeepFreeze.md

@@ -7,10 +7,12 @@ We typically like to install (if not installed with the distro) these tools on t
 - Docker (with user access to the `docker` group),
 - [Nvidia Container Toolkit](https://lncn.ac/nvct),
 - VS Code,
-- Firefox[^1]
+- Firefox
 - Neovim
 - LibreOffice (the whole suite!)
 - tmux
 - git
 
-[^1]: Do not install Google Chrome. Chrome will try and install itself as a snap package etc, and will not respect you wanting to have it always open as incognito! You should do this with Firefox, in the setting you can set it to 'never remember history'
+<warning>
+Do not install Google Chrome. Chrome will try and install itself as a snap package etc, and will not respect you wanting to have it always open as incognito! You should do this with Firefox, in the setting you can set it to 'never remember history'
+</warning>

Writerside/topics/Linux-Software-List.md

@@ -1,3 +1,38 @@
 # Policies
 
-Start typing here...
+On DeepFreeze we have a couple of policies that we use that change the characteristics of how the lab PCs work.
+
+> When moving machines between policies and groups, you should check that all the machines have been refrozen before you reopen the space.
+{style="warning"}
+
+## Computing Policy
+
+This is the default policy, this is for student facing machines where they should reboot after a period of time and also have some restrictions in place.
+
+## Events Policy
+
+This is the opposite of the computing policy. We use this for events such as Game Jams, Hackathons and _some_ Exams. The computers are unrestricted and will not reboot after a period of time. 
+
+This is useful as it allows for lab users when they are at a game jam, and force them to have a shower, eat, or just generally move around!
+
+When moving between Events and Computing you should check the power saving icon is green to indicate that it is installed and not just 
+
+![df-power-saving](df-power-saving.png)
+
+## Exam Policy
+
+We have a policy we use for Blackboard exams. This configures the machine to use WINSelect which restricts the machine into only using the Blackboard site.
+
+## Splashtop Policy
+
+This is for our [Splashtop machines](Splashtop.md), this policy enforces the controls we discuss in the Splashtop section.
+
+This should largely be similar to the Computing Policy.
+
+## Your Testing
+
+It is highly encouraged that you create a testing policy that you can deploy and destroy! This is useful figuring our what quirks are with Deep Freeze, but without affecting the labs too much - as you can work by only taking a limited amount of machines out of action.
+
+## Server Policy
+
+This is used for Windows machines which are used as servers, this is useful so we can keep a track of stuff such as IP addresses and have some level of control of Windows Updates.

Writerside/topics/Policies.md

@@ -0,0 +1,9 @@
+# Room Condition
+
+You will also need to check the state of the wall, if the wall in INB1102/INB1301 needs to be open for 9 am, it needs to be opened before 9 am and the AV system combined.
+
+You should also check that the room has been left in a suitable condition;
+- Have people left chairs over the room?
+- Are the chairs pushed under desks?
+- Are keyboards, mice and hdmi cables plugged into the computer correctly (i.e. not unplugged for someone to use with their laptop)?
+- Any general health and safety issues that need to be raised?

Writerside/topics/Room-Condition.md

@@ -1,5 +1,9 @@
 # Snipe-IT
 
-Snipe-IT is our internal asset list. We use it to keep a track of what things should be where.
+Snipe-IT is an open-source asset management solution, and we use it to manage our internal asset list. We use it to keep a track of what things should be where, and we use it to record extra information around an asset.
 
-You will need to be on the University VPN to access this.
+As a technician you should have access to the system, but academics will not have access.
+
+You will need to be on the [University VPN](University-VPN.md) to access this, and have access to [SEPS-APP01](socs-web01.md) via that, at the time of writing you should just have access.
+
+Once you have access - you will need to have credentials made and at that point you will be given the URL. Save these in [1Password!](1Password.md)

Writerside/topics/Snipe-IT.md

@@ -12,7 +12,9 @@ Sometimes, academics want a device that is specifically how they like it (but do
 
 If it is being deployed by technicians, you need to ask the PI/Supervisor to submit a ticket to DT to receive authorization.
 
-Here is a template email that you could modify and send to them, obviously confirming if you have stock first[^1].
+Here is a template email that you could modify and send to them, obviously confirming if you have stock first.
+
+If you run out of stock, contact DT who will arrange for a small quantity to be left in our control.
 
 ```
 Hi DT
@@ -38,29 +40,24 @@ Best,
 
 Once this has been accepted by DT, someone from service desk will contact you to let you know it can get sorted.
 
-First, download [ShredOS](https://github.com/PartialVolume/shredos.x86_64) to a USB memory stick[^2] and then run it on the PC, you should ensure that you collect a destruction certificate once this has been run.
+First, download [ShredOS](https://github.com/PartialVolume/shredos.x86_64) to a USB memory stick and then run it on the PC, you should ensure that you collect a destruction certificate once this has been run.
+
+> We have found that running this on a Ventoy USB Stick does not work as expected.
 
 Save the certificate to the USB stick and then power off the machine, upload this to our [Snipe-IT](Snipe-IT.md) as a file attachment to the asset, this keeps it inside the technicians team for our records.
 
 Then send an email/teams message back to DT with the ticket details (or other reference they've provided) giving them the destruction certificate and the serial number, asset tag and MAC address of the pc. They will then check it out on their end and ensure they've kept the records that they want.
 
 Then you can return back to setting up the PC.
 
-Now you should check to see what the IP address of the PC is getting, we need to ensure for safety and security reasons that it is not in the `Computing Labs Vlan/Group`, also if it is connected to the wrong comms room (aka not INB Phase 2[^3]) it will not authenticate.
+Now you should check to see what the IP address of the PC is getting, we need to ensure for safety and security reasons that it is not in the `Computing Labs Vlan/Group`, also if it is connected to the wrong comms room (aka not <tooltip term="inb-phase2">INB Phase 2</tooltip>) it will not authenticate.
 
-You need to check that the IP you get on the university network is NOT in the v4 subnet of 10.5.24.0/24[^4].
+You need to check that the IP you get on the university network is NOT in the v4 subnet of 10.5.24.0/24. (That's anything from 10.5.24.0 to 10.5.25.255)
 
 If it is in that subnet, raise another ticket with DT (this will be forwarded to the networks team, hence why you need to open another ticket) asking for them to remove that PCs MAC Address from the SoCS Lab Vlan, and they will make sure it works.
 
 Then you should offer install and encrypt whatever OS and software they want. They may want to do this themselves and DT is happy for this to happen.
 
 ### Special
 
-This should be done on a case by case basis, but the academic should always be referred to DT as this is out of our hands. DT may ask that we help with the management of the PC once it has been deployed or setting it up for them but this is uncommon.
-
-
-
-[^1]: If you run out of stock, contact DT who will arrange for a small quantity to be left in our control.
-[^2]: We have found that running this on a Ventoy USB Stick does not work as expected.
-[^3]: Phase 2 refers to the newer extension, this is where all the socs-style computing labs are, you can see the transition in the door next to INB1201, our office is in the old section of the building (but was developed as a part of the extension).
-[^4]: Anything from 10.5.24.0 to 10.5.25.255
+This should be done on a case by case basis, but the academic should always be referred to DT as this is out of our hands. DT may ask that we help with the management of the PC once it has been deployed or setting it up for them but this is uncommon.

Writerside/topics/Staff-Research-Device-Setup.md

@@ -0,0 +1,9 @@
+# University VPN
+
+You will need this to connect to protected internal resources when you're not connected from a desk or a corporate machine on the managed wifi network.
+
+This will also be referred to as 'Cisco VPN' or 'Cisco Anyconnect' - that is because that's what's used at the time of writing.
+
+[A guide has been created by Digital Services who manage the service, you should follow that](https://digitaltechnologies.lincoln.ac.uk/2022/07/20/how-to-vpn/)
+
+Note, on a non-corporate Windows laptop you will need to install this manually. 

Writerside/topics/University-VPN.md

@@ -1,13 +1,17 @@
 # Setting Up
 
-## TL;DR
+<tldr>
+
+**TL;DR**
 
 - Login with shared account
 - Download apps as required
 - Delete user projects
 - Enable dev mode
 - Reset zones
 
+</tldr>
+
 ## User Account
 
 We have a shared account for the quest headsets, we use this because this allows us to not enforce students to log in with their own accounts which causes two problems, one compliance and one logistical. What if a student does not want to use Meta services? If we let students login with their own account, how do we remove this from the headsets once they're done?