diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2015-11-06 11:00:06 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2015-11-06 11:00:06 -0200 |
| commit | 5512c493e13998d4c83d7eab3d89e5a1c0836566 (patch) | |
| tree | ee0016cd764492344be3a2075acb3bc2fcef9ab1 /TODO.md | |
| parent | f9fa240c5227020dd10c6f1f309afba1d5a75c1e (diff) | |
| download | debian-5512c493e13998d4c83d7eab3d89e5a1c0836566.tar.gz debian-5512c493e13998d4c83d7eab3d89e5a1c0836566.tar.bz2 | |
Squashed 'puppet/' changes from 26c7b4f..8f7043a
8f7043a Disable backup on puppet-bootstrap.example.org
ea035ff Hiera: change domain and location eval order
f418291 Adds default node
096b65a Removes darkice module
7663170 Updates TODO
d03a934 Deploy: cleanup
66bd115 Deploy: fixes
51b00aa Deploy: apply patches before deployment (2)
fc08d8d Deploy: apply patches before deployment
89cc9aa Typo
e0169de Masterless puppet is supported
a23b6a0 TODO: apply patches
49c4466 Patches, deployment code and TODO update
91477be Use settings::confdir on hiera datadir
381096e TODO cleanup
3d3eb59 Updates TODO
57c6940 Hiera fixes
5a2de12 New hiera scheme for secrets storage
4fc808f Get rid of environments, use git branches instead
47bc020 Updates mrconfig
0d32fa5 New canonical URL
08cd538 Updates TODO
4cfe7fb Site manifests
ff61a20 Updates TODO
20f7608 Adds git hooks for push-to-deploy
6759fe7 Another LAMP example
a461d98 Really remove bootstrap from mrconfig
1920fba Vagrant: apache user and group
f13cb8a Formatting
7425fad Adds puppet-bootstrap.example.org.yaml
4647b02 Vagrant: LAMP example
42ce487 Vagrantfile: example of forwarded port
328873a Fix default hostname
41c9d89 Vagrantfile: set fqdn
72f61db Switch to parametrized classes
fd90a64 Vagrant hostname
43816c7 Vagrantfile minor edit
1932d55 Updates mrconfig
39fa2d5 Fix hiera path
df5df0b Submodules: force
e0b4ebe Updates TODO
ee7491e Updates TODO
65746ac TODO: syslog-ng
fe79512 TODO: modules
60a3d68 TODO update
a7e3e4c Storeconfigs support for vagrant/jessie
0d6de38 Coding style
28bd7e2 Default empty keys.d folder
d33c587 Shell provisioner sudo fix
47c83e6 Vagrant provisioning fixes
6f0a560 Removes VIM modelines from Vagrantfile
c9e8e7a Call nodo as a parametrized class
3730114 More changes for puppet 3.x
106977f Remove import definitions (deprecated since puppet 3.x)
3c13239 TODO update
5491a52 Mock puppet.conf with environment config
133e36b Initial changes for jessie
67baef2 Git and cgit vhosts
097b8ec Nginx: dhparams
git-subtree-dir: puppet
git-subtree-split: 8f7043a8948b3236d3c2582c865b27af4613c632
Diffstat (limited to 'TODO.md')
| -rw-r--r-- | TODO.md | 142 |
1 files changed, 138 insertions, 4 deletions
@@ -1,7 +1,141 @@ TODO ==== -* Minimal manifest for fast provisioning. -* Update to new nodo style (hiera and nodo::role). -* Support for recursive clones in `bin/mrconfig`. -* Test! +High priority +------------- + +- puppet: masterless: + - keyringer/gpg integration. + - https://github.com/compete/hiera_yamlgpg + - https://github.com/crayfishx/hiera-gpg + - https://github.com/sihil/hiera-eyaml-gpg + - https://github.com/StackExchange/blackbox + - http://ww.telent.net/2014/2/10/keeping_secrets_in_public_with_puppet + - https://docs.puppetlabs.com/hiera/1/custom_backends.html + - https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml + - https://packages.debian.org/jessie/hiera-eyaml + - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?): + - add a monkeysphere auth subkey to every openpgp key used for backups. + - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ + - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ + - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ + - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html + - https://github.com/jordansissel/puppet-examples/tree/master/masterless +- sshd: + - https://stribika.github.io/2015/01/04/secure-secure-shell.html + - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 + - enable ecdsa key. + - ecdsa priority: alternatives: + - unsupport ecdsa in the server. + - export ecdsa pubkeys. + - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa`. + - force option via rsync/rdiff handlers. +- virtual: migrate to kvm/libvirt. +- loginrecords: deploy module. +- deploy https://github.com/wido/puppet-module-tcpwrappers +- nodo: + - run stages. + - allow more resources to be declared via hiera. + - fix hiera default boolean value when true. + - easy way to toggle management of subsystems. + +Medium priority +--------------- + +- apt: raspbian support, including unnatended-upgrades. +- backup: + - support for $dombr and $dobios on backupninja::sys for servers and physical machines. + - sync-backups support for rsyncing from kvms / snapshots. +- nodo: + - cleanup and refactor. + - uniform variable names. + - use prompt.sh from bash-prompt as a submodule. +- common: autoload. +- general: + - rollback of commits about charset. + - switch to conf.d: + - php ("refactor" branch), remove E_STRICT from production's error_reporting. + - apache2. + - sudoers. +- backup: `sync-media-iterate [volume]`. +- mail: + - use ssl::dhparams, move to 2048 bit and use the standard file names and paths: + - [Feature #4012: postfix: ship 2048bit dh parameters - Platform - LEAP Issue Tracker](https://leap.se/code/issues/4012) + +Low priority +------------ + +- merge, review, pull requests for all modules. +- bind: nsupdate / dynamic dns: + - http://linux.yyz.us/nsupdate/ + - http://linux.yyz.us/dns/ddns-server.html + - http://caunter.ca/nsupdate.txt + - http://www.rtfm-sarl.ch/articles/using-nsupdate.html + - https://github.com/skx/dhcp.io/ +- munin: lvm monitoring. +- pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: + - http://wiki.rtorrent.org/MagnetUri + - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ + - https://github.com/danfolkes/Magnet2Torrent + - http://code.google.com/p/pyroscope/wiki/CommandLineTools + - https://trac.transmissionbt.com/ticket/4176 + - http://wiki.rtorrent.org/MagnetUri + - https://github.com/rakshasa/rtorrent/issues/212 + - saving/restoring `.meta` and `~/rtorrent/.session` files. +- support for http/https proxy inside web nodes: + - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html + - make all apache sites listen to 8080. +- git: + - gitolite: [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). + - gitweb clean urls. + - email notifications. + - https://packages.debian.org/jessie/git-notifier + - https://github.com/mhagger/git-multimail + - using OpenPGP? +- syslog-ng: use conf.d. +- etherpad: `You need to set a sessionKey value in settings.json`. +- knock integration via https://github.com/juasiepo/knockd +- apache: + - try libapache2-modsecurity. + - deploy https://git.immerda.ch/csp-report/ + - disable other_vhosts_access.log. +- onion: + - support for existing hidden service key, generated with tools like https://github.com/katmagic/Shallot + - load balancing: http://archives.seul.org/tor/relays/Apr-2011/msg00022.html +- nagios: snmp, nrpe, nsca + - http://nagios.sourceforge.net/docs/3_0/addons.html + - http://www.math.wisc.edu/~jheim/snmp/ +- ssh access restrictions: + - denyhosts, but we don't want to log IPs. + - using shorewall: http://www.debian-administration.org/articles/250#comment_16 + - alowed users / groups. +- websites: freewvs. +- puppet: bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 +- mail: + - review dovecot recipient delimiter handling: to which mailbox messages should be sent? + - mlmmj: + - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. + - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. +- drupal/wordpress: + - cronjob/cli: switch to site user. + - drupal_update: Do you really want to continue with the update process? (y/n): + Do you really want to continue with the update process? (y/n): Aborting. [cancel], + possibly related to https://www.drupal.org/node/443392 +- php / wordpress / wp-cli: composer installation and dependencies: + - http://getcomposer.org/doc/00-intro.md#installation-nix + - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods + - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. +- nodo: support for prosody: + - https://github.com/dgoulet/prosody-otr + - http://prosody.im/doc/creating_accounts#importing_from_ejabberd + - config with good score at https://xmpp.net/index.php +- mail: + - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). + - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails. + sent as `root@localhost`. + - deploy https://git.autistici.org/ale/smtp-fp/tree/master + https://github.com/EFForg/starttls-everywhere + - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP + https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 + - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). |