H Homelab Docs Reader

Ethica Portal — My Source of Truth

The operator’s quick reference for the Ethica IT-portal — who can do what, where things live, and the automatic behaviour you can rely on. If the platform and your memory disagree, this page is the tie-breaker.


Who can do what

RoleWhere they landWhat they control
AdminFull admin siteEverything: all companies, monitoring, documentation, website, audit log
StaffAdmin site (no admin-only sections)Service desk, pipeline, projects, monitoring, their teams
Customer/account + their companyTheir own tickets, their contacts, their granted docs
Company admin/accountAll of their company’s tickets, and can create users for their own company
Reader/docsOnly the documentation folders they’ve been granted

Rules that always hold:

  • Customers see only their own tickets unless they’re a company admin (then the whole company’s).
  • Staff and customers cannot reach Documentation, Website or Administration — admin-only.
  • A company admin’s new users are locked to their company as customer — they can’t escalate to staff/admin.

Tickets — the states and what they mean

StateDotMeaning
OpenredNeeds picking up
Waiting (internal)blueBlocked on us / a colleague
Waiting (customer)purpleWaiting on the customer
In progressamberBeing worked
MaintenancepinkPlanned work — does not raise an alarm
Resolved / Closedgreen / greyDone
ArchivedAdmin-only, hidden from staff & customers (retention)
  • Pending = either waiting state (plus blocked).
  • A customer can open and close their own ticket once their company has Ticket support switched on.
  • Customer-opened tickets arrive unassigned — triage queue, not silently on one person.
  • A ticket can be assigned to a person or a team. “Assigned to my team” exists so a ticket someone is holding is still findable if they’re off sick.
  • A ticket can link to a project task, tying support back to delivery work.

What happens automatically

  • Resolved/closed tickets auto-archive ~3 months after close.
  • A system goes offline → an incident ticket opens, routed to that system’s alarm responsible (a person or a team).
  • Maintenance clears an open alert and won’t trigger a new alarm.
  • An SSL certificate within 7 days of expiry → a renewal task opens automatically and closes itself once the cert renews.
  • Company deactivation disables all of that company’s users except its company admins.

The public status page

/status shows only the systems you’ve flipped Status / public on, grouped by type, in a glass/Uptime-Kuma style. Post a manual callout per system (Danger / Warning / Success / Info; “Not active” hides it) to tell visitors about planned or ongoing work.

Documentation access

Readers are non-admin accounts with per-folder grants. Manage them at Admin → Documentation → Docs Access — search, sort, 50 per page (stays fast even with thousands of accounts). Admins are listed read-only; you can’t lock yourself out from there.

Security & audit

The audit log (Admin → Users → Audit) records sign-ins, failed and throttled logins, and password changes. Passwords are never logged. Login throttling kicks in after 10 failed attempts from one IP within 5 minutes. Searchable by category and actor; exports to CSV.

Where things live (homelab)

  • App: Development/Ethica/Ethica.noserver.py (admin over Postgres) + Hugo marketing site. Deploys on push to main (CI/CD).
  • Engineering reference: docs/feature-set.md and the dated docs/patch-notes-*.md in that repo.
  • Served docs: content/docs/ is synced from an external docs repo (scripts/docs_sync.py) and is gitignored in the app repo.

Keep this page honest: when behaviour changes, change this page in the same step.