The following infromation is without guarantee!
All services provided at IBR serve the purposes of IBR and the employees and students here. Other individuals may also partially use these services, but they have no entitlement to them and must expect that availability may change.
Below is a (non-exhaustive) list of services.
Outgoing mail should always be submitted via (E)SMTP with authentication to mail.ibr.cs.tu-bs.de, port 587 ("submission").
An incoming mail server using Dovecot is responsible for incoming mail to IBR users.
Users can access their mail via IMAP, again using the server name mail.ibr.cs.tu-bs.de.
A Web Interface is also available.
More information about email can be found in the article Email.
The classification of SPAM and virus-laden emails occurs automatically for all emails delivered to IBR.
This task is handled by software components consisting of Amavis, OpenDKIM, SpamAssassin, and ClamAV.
The results of this classification are recorded in header lines, which every receiving user can use to configure individual filters.
More details can be found in the article Email.
Mailing lists are managed using Mailman at lists.ibr.cs.tu-bs.de and can be created for staff upon request by the admins.
Simple aliases can be manually assigned by the admins in LDAP in justified cases.
Generally, LDAP/UNIX group names can also be used as email addresses for distribution to all group members, e.g., cm@ibr.cs.tu-bs.de.
¶ Calender
Personal and shared calendars can be managed on the CalDAV server cal.ibr.cs.tu-bs.de.
For situations where a corresponding client cannot be used, a rudimentary Web Interface is available.
The same server also supports CardDAV for address books (without guarantee).
¶ Web Server
An Apache 2.x serves as the web server at www.ibr.cs.tu-bs.de (VM web).
The web content of IBR is managed and prepared through a self-developed XML-based Content Management.
Files are located on the Linux servers under /ibr/www/.
¶ IP & DNS
No statically configured IPv4/v6 hosts should be connected to our network.
DHCP should be used exclusively for IPv4. IPv6 works via SLAAC, and if necessary, also via DHCPv6.
This ensures all hosts receive a functioning IPv4 and/or IPv6 configuration along with an assigned nameserver.
Additionally, there is an (currently experimental) DNS-over-HTTPS server https://doh.ibr.cs.tu-bs.de/dns-query, which can be freely used. (Following a DDoS situation, this server has been available only internally (OpenVPN) since 2024-04.)
Employees can manage personal DNS records at (subname.)username.dyn.ibr.cs.tu-bs.de using the tool ibr-dyndns.
¶ WLAN
Anyone wishing to use WLAN in IBR should utilize the "eduroam" offer from GITZ.
In some cases, it may make sense for employees and supervised students to use a dedicated IBR WLAN by prior arrangement.
Employees can use the Institute WLAN service upon consultation with the admins, thereby being directly integrated into the VLAN of IBR upon signing into "eduroam".
This only applies to the "eduroam" at TU Braunschweig, not for other eduroam institutions.
¶ LDAP
At {ldap,ldap1,ldap2,ldap3}.ibr.cs.tu-bs.de, LDAP servers with the same synchronized content are accessible, which hold information about all active IBR users, groups, and hosts, among other things. Information of general interest is available anonymously.
Authenticated IBR employees also receive private addresses and phone numbers of colleagues and insights into other data.
Changes to the LDAP data are possible only through the LDAP master server.
Access is easily possible with the tool dirac. The LDAP "search base" is dc=ibr,dc=cs,dc=tu-bs,dc=de.
Authentication is possible via GSSAPI or with the Bind-DN uid=,ou=users,dc=ibr,dc=cs,dc=tu-bs,dc=de and the user password.
¶ SSH
Most Linux hosts allow remote login via SSHv2. However, most hosts are only reachable from outside the TU network via a "Jump Host": ssh -J <username>@jump.ibr.cs.tu-bs.de <username>@host.ibr.cs.tu-bs.de. MOSH can be used for some servers (including linux.ibr.cs.tu-bs.de).
Some PCs and servers automatically power off when not in use. If these are to be used via SSH, they can be awakened beforehand using ibr-wake <hostname>. However, this should not be done randomly and not for unnecessarily many hosts.
¶ Storage
In IBR, user home directories and some other directories are exported via NFS and are typically mounted by automounters on various machines.
Only NFSv4 with Kerberos (krb5p) is permitted outside of the server room, which has some implications, for example, for cron jobs or scripts using SSH.
A Samba Server at zfs1.ibr.cs.tu-bs.de allows SMB (or CIFS) clients to access home directories as well as some other directories. Home directories are accessible as \\zfs1.ibr.cs.tu-bs.de\username, and the central IBR directory as \\zfs1.ibr.cs.tu-bs.de\ibr.
When making write accesses, it should be considered that the server is oriented towards the Unix world.
Editors should follow Unix line-ending and encoding conventions rather than DOS/Windows.
Unpleasant backup files or trash cans should be avoided. UNIX permissions should be checked for correctness and, for example, should not leave x-bits for text files. Generally, working in the UNIX world is preferred over Samba access.
¶ Backup
The data of the servers is, of course, regularly backed up. Access to the latest snapshots is available in each root directory of a filesystem via .zfs/snapshot/. (Since 2023-10, this is also possible again on NFS clients. .zfs is "magical"; it is not visible via ls, but explicit access is possible!) Self-operated computers and notebooks must, however, be secured by themselves, for example, via rsync or borg into their own home directory. The quota limit can be increased by the admins upon request. Mac users can configure their "TimeMachine" to use our file server. For large amounts of data, a brief consultation is requested.
¶ Printer
Print jobs can be processed via the CUPS server cups.ibr.cs.tu-bs.de. Direct communication with the printers is also possible in some cases. The CUPS server has a web interface through which jobs can be viewed and controlled. More information about printers for employees can be found in another article. Students are requested to use only the printers intended for them and immediately accessible, and only for necessary and IBR-related matters.
¶ cron
cron and at are typically available to all IBR users. However, jobs of this nature should preferably only be used on cron.ibr.cs.tu-bs.de. The execution is not always guaranteed on other hosts, and crontabs may also be deleted on other hosts during updates. In crontabs, please add a line MAILTO=address to receive any output via email.
¶ NTP
Anyone who wishes can synchronize their clock with ntp.ibr.cs.tu-bs.de as an NTP server within the IBR LAN.
¶ VPN
An OpenVPN server runs on openvpn.ibr.cs.tu-bs.de. It can be used by by all IBR users. Client configurations can be provided for projects.
¶ PXE Netboot
A PXE infrastructure is available to boot corresponding machines via the network with live systems, tools (memory tests, hard disk wipe), or operating system installers (including FAI-based). Not all options work on all hosts and under legacy BIOS and EFI.
¶ Cloud
IBR operates its own cloud server for all employees at nextcloud.ibr.cs.tu-bs.de. As an alternative to Dropbox and similar services, data can be stored on our own servers. Large files can also be shared, office documents can be collaboratively edited online, and tools for managing images, documents, appointments, emails, maps, etc. are available.
¶ Virtual Hosts
Upon request, virtual hosts can be provided for employees in IBR. Of course, such VMs can also be made accessible to students as part of supervised work.
¶ Project-Repositories
All IBR account holders have access to a GitLab server at gitlab.ibr.cs.tu-bs.de. The creation of projects is restricted for y-Accounts. However, within the framework of courses, employees can create projects and make them accessible to y-Accounts.
Several GitLab runners can process CI/CD jobs. A Docker-in-Docker runner (dind) is also available but may need to be manually awakened beforehand (ibr-wake dind).
¶ Messaging
A Mattermost server is available at mattermost.ibr.cs.tu-bs.de. It can be used for IBR-wide, group-based, and personal chats. There are also apps for Android and iOS. Please authenticate via IBR-GitLab!
¶ ShareLaTeX / Overleaf
At overleaf.ibr.cs.tu-bs.de, employees, students, and external IBR users can collaboratively edit LaTeX documents.
We use the free version of Overleaf.
For some time now, GITZ has had a framework contract with https://overleaf.com for all TU employees. This also includes the paid features, such as Git integration.
However, the tubs-latex package is not installed on the system at overleaf.com. The workflow is as follows:
Log in once at https://www.tu-braunschweig.de/latex-vorlagen and click on the link "Overleaf Template".
This opens a template for tubs-latex on https://overleaf.com (you must also log in there first if you haven't done so already).
The template will automatically be added as a read-only project to your account.
Clone the template project to write a document based on tubs-latex.
¶ Monitoring
The admins monitor most hosts and services using Icinga2 at nagios.ibr.cs.tu-bs.de. Employees can also gain insights here, particularly regarding the hosts for which they are supervisors.
¶ Passwords, Secure Notes
A Bitwarden clone for managing credentials, especially for shared accounts of external services and vendors, runs at bitwarden.ibr.cs.tu-bs.de. All IBR users can use this service.
¶ Slurm
We use Slurm to efficiently schedule CPU- and time-intensive jobs on several server groups.
¶ Videoconferencing
For lectures and other courses, as well as for smaller virtual meetings or oral exams, we operate our own BigBlueButton/Greenlight server at bbb.ibr.cs.tu-bs.de.
¶ MicLab Parts Managment
Our MicLab manages its parts inventory with our Partkeepr server at partkeepr.ibr.cs.tu-bs.de.
¶ Kanban project management
A Kanban project management service is available at kanboard.ibr.cs.tu-bs.de.
¶ Wiki
¶ No Longer Available Services
SVN, MQTT, Jitsi, Dudle, DB, Mastodon