Onboarding a new employee

These steps are performed by a d-centralize admin to onboard a new employee.
There are also tasks for the whole team to onboard the employee.
There’s also the new employee orientation for the new employee to read.

Adding a new user

Start Here

Help the new user connect to the Wi-Fi, login to their d-centralize account, and give them the link to this handbook.

Email account

In dc scripts, use mailcow/add_mailcow_user.py to create one or more new user email accounts. It’ll automatically send an invitation email to their personal email address too.

VPN peer

Company VPN allows your internet traffic to be rerouted through the company’s network. This is useful for accessing company resources from home or when traveling. To add a company employee to the VPN network, follow the steps described in WireGuard client config.

Key agreement

Before handing out the office keys, draft a key agreement using inContract.

Also create a 6-digit code for opening the front door through the Loqed app.

Choose Sleutel toevoegen
Naam van ontvanger: Enter first + last name.
Enable: Toegangscode and set a random pin.
Share the generated key to the user through email.

IM memberships

Invite the user to the d-centralize Mattermost and appropriate teams.
For Appsemble, add members to the Appsemble team, Server settings —> members —> Appsemble —> Members. Add members to the team.

GitLab account

In dc scripts, use gitlab/add_gitlab_user.py to invite the user to the following projects:

Group	Role	Link
dcentralize	Reporter	dcentralize_group
Handbook project	Developer	handbook_project

Note that if you provide a user access to a project like: (https://gitlab.d-centralize.nl/pro6pp/pro6pp) and this project uses the dependency_proxy, make sure this user is also added as guest to the group (https://gitlab.d-centralize.nl/pro6pp) or else the CI pipelines will always fail.

Note that the users still need to be approved after having accepted the invite by an admin through the gitlab pending users screen.

The following invites (if applicable) have to be provided manually:

Note that if you provide a user access to a project like: (https://gitlab.d-centralize.nl/pro6pp/pro6pp) and this project uses the dependency_proxy, make sure this user is also added as guest to the group (https://gitlab.d-centralize.nl/pro6pp) or else the CI pipelines will always fail.

If a user needs to run pipelines which depend on a Container Registry from another project (see container_registry_permissions), the user needs at least reporter access in that project holding containers. Inherited guest permissions from the group are not enough.

Clockify account

Users that have admin permissions in Clockify can add new users to the d-centralize team. Then add relevant projects and/or clients when needed.

Vaultwarden account

Within the d-centralize organization in Vaultwarden, navigate to Users -> Invite. After the new user has accepted the invitation, go here again and accept the user. It’s a deliberate 3-step process for security reasons. Add the user to d-centralize - Algemeen as well as the collections important for the user to perform their tasks.

Sentry account

To troubleshoot issues, it’s useful to have access to Sentry. Invite people through self-hosted sentry.

Nextcloud

When user signs in, the user appears in the user list and you can assign the group(s).

Wi-Fi account

Mail Inphos support to obtain a personal Wi-Fi login + access to the service portal for the new team member.

Cuda SSH account

When working with bigger datasets, a new user might want to run code on a server instead of your own workstation. For that purpose, SSH into cuda-dev and/or cuda-dev2 and create a shell account.

ssh cuda-dev
sudo adduser <first name>
# In case you want to add the user as sudoeer too, also perform:
sudo adduser <first name> sudo