Last Update: November/2025
Hey Miner, welcome to GLS! This document is here to guide you through your first encounter with Arda. But you may ask - what is Arda?
Arda is the world in Tolkien's legendarium — and it's also the name of our entire GLS system.
You'll quickly notice that GLS is packed with Tolkien references. You'll get used seeing pieces of software named as Gandalf, Bombadil, Saruman, or Smaug. To help you navigate, we’ve prepared a special glosarry with some of the terminology you’ll encounter.
Remember that this is a living document, which means it may become outdated as things evolve. If you spot anything broken, unclear, or missing, feel free to DM @fernando.lisboa or create a brand new gist based on this one. Most importantly: Don’t hesitate to ask for help — Arda is a complex system, and it’s totally normal to run into issues. In fact, some errors are so common, we’ve documented them for you.
See ya, and good luck on your journey through Arda! 🧙♂️
- Access M365
- Access Slack through the M365 account
- Access ConductorOne through the M365 account and request access to the following apps:
- 1Password
- Arda (Development)
- Arda (Staging)
- Argo (Staging): Role => Read Only
- if Argo doesn't appear, talk to @gui, @chris or @gabe
- Datadog: Role => Session Replay Viewer
- Figma: Role => Viewer
- Linear: Role => User, Team => Arda
- Modern Treasury: Role => Sandbox Access
- Whimsical: Role => Viewer
- Sign to 1Password using email invitation
- Install chrome extension (optional)
- Install desktop application (WSL users, please check this section)
- Authorize the app using web application
- Install 1Password CLI
- Associate the CLI using desktop application
- Log into Tailscale (If you're on WSL, you'll need additional config)
- Ask @gui or @gabe to accept the invite
- Run the funnel
tailscale funnel --bg 3000
- For those running Tailscale CLI, we need to set a US exit node in order to access region-locked apps like Google Drive. Just keep in mind that the command below overwrites /etc/resolv.conf. You may need to stop services that also work by overwriting resolv.conf, like dhcpcd
tailscale set --exit-node=us-east
- Configure GitHub:
- Sign in to Github through M365
- Visit https://github.com/settings/notifications
- Add Custom Routing:
glssolutions ➝ [your.name]@glssolutions.us
- Add Custom Routing:
- Visit https://github.com/settings/emails
- Make sure that
Keep my email addresses privateoption is turned off, so you can merge your PRs using the @glssolutions.us email
- Make sure that
- Create SSH Key locally
ssh-keygen -t ed25519 - Configure your new SSH Key in
~/.ssh/configusing Github SSH configuration snippet. - Visit https://github.com/settings/keys
- Click New SSH Key
- Add an Authentication Key
- Title = you can choose, but maybe GLS is a good one
- Key type = Authentication Key
- Key = paste your .pub key from
~/.ssh - After creation, click on configure SSO ➝ glssolutions
- Add Signing Key
- Title = you can choose, but maybe GLS is a good one
- Key type = Signing Key
- Key = paste your .pub key from
~/.ssh - After creation, configure Git to sign commits using your new SSH Key (see on Github SSH configuration)
- Add an Authentication Key
- Click New SSH Key
- Setup Arda following the README
- Disclaimer: Arda setup tends to take some time, and there are some common issues that everyone usually encounters. Please make sure to check the troubleshooting steps in the README, and don’t hesitate to ask for help if you get stuck.
- Complete Drata compliance process (ask @gui if you need any help). (Ubuntu users, please check here)
- To access the staging environment, ask @chris to add new user to service users JSON list
- If you're using VSCode/Cursor, install Aikido extension (ask @gabe if you encouter trouble)
The following Github steps must be completed after following the project README's instructions. Don't forget to come back here once you're done!
- After the project runs successfully using
saruman up, an email will be sent to you through the local email platform (localhost:1080) - Upon accessing the email, you will find a link to validate your account on the platform.
- Once the account is validated, you can log in to the platform by adding the
?show_login=trueflag to the URL, where a new button will be displayed.
Create ~/.ssh/config and replace gls_ed25519 with your SSH Key file name:
Host github.com
IgnoreUnknown AddKeysToAgent,UseKeychain
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/gls_ed25519
Open your global .gitconfig and add these extra configurations. Don't forget to replace gls_ed25519 with your actual SSH Key file name:
[user]
signingkey = ~/.ssh/gls_ed25519.pub
[gpg]
format = ssh
[commit]
gpgsign = true
Drata is required to access some of GLS's sensitive services. If you're working on Ubuntu, these articles may help you with your disk encryption:
- Tutorial: Encrypting an existing root partition in Ubuntu with dm-crypt and LUKS
- Common Bug: Unlock LUKS encrypted Debian root with key file on boot partition
When installing on WSL, everything should be installed inside Ubuntu. Exceptions:
- Tailscale
- 1Password
These are installed on Windows, but accessed from Ubuntu. You can run Docker via Docker Desktop on Windows, while keeping your codebase inside Ubuntu.
Configuring Tailscale and 1Password on WSL requires a workaround. Make sure you adapt paths to match your actual installation locations:
-
Create wrapper scripts in Ubuntu to call the Windows executables:
-
For Tailscale (
/usr/bin/tailscale):#!/bin/bash exec "/mnt/c/Program Files/Tailscale/tailscale.exe" "$@"
-
For 1Password CLI (
/usr/bin/op):#!/bin/bash exec "/mnt/c/Program Files/WindowsApps/Agilebits.1Password_8.11.18.36_x64__amwd9z03whsfe/1Password.exe" "$@"
-
-
Make them executable:
chmod +x /usr/bin/tailscale chmod +x /usr/bin/op
-
Reset tailscale and then
saruman up
- [video] Concept of business loans, the role of private lenders, and the process of loan origination and investment in platform. Passcode:
uDm#D%F4