[x] Create shell user (can connect to bastions)
[x] server root shell (membership in ops group)
[x] Phabricator User + 2FA
[ ] Phabricator permissions to see NDA and Ops restricted tickets, and added to trusted users for antivandal exempt: https://phabricator.wikimedia.org/project/profile/29/ https://phabricator.wikimedia.org/project/profile/61/ https://phabricator.wikimedia.org/project/profile/974/
[x] Add to private IRC channels https://office.wikimedia.org/wiki/IRC#Channel_operators_commands
[x] Add to ops mailing lists (`ops` and `ops-private` minimum requirements)
[x] Add to Exim mail aliases (`root` via `private.git:modules/privateexim/files/wikimedia.org`)
[ ] Icinga contact in `private.git`
[ ] Icinga user and permissions (icinga commands, paging/notifications)
[x] Phone/pager setup
[ ] Add to wmf and ops LDAP groups (for web services)
[x] Access to Office Wiki (OIT grants that)
[ ] Gerrit login and +2 on operations/puppet (this is automatic from being added to LDAP groups above)
[ ] Access to pwstore
[x] Access to Google group for maint-announce mails (directly added user via "web only partecipation" option from https://groups.google.com/a/wikimedia.org/forum/#!managemembers/ops-maintenance/add though anyone in wikimedia org should be able to join) | Added with 'all email'. Yea, the hope was that membership in sre@wikimedia.org inherits the permissions but it seems to not work that way and needs manual addition anyways. --dzahn
[x] Add to "Ops vendor maintenance" Calendar