diff options
Diffstat (limited to 'TODO.md')
| -rw-r--r-- | TODO.md | 175 |
1 files changed, 42 insertions, 133 deletions
@@ -1,141 +1,50 @@ TODO ==== -High priority -------------- +Organization +------------ -- puppet: masterless: - - keyringer/gpg integration. - - https://github.com/compete/hiera_yamlgpg - - https://github.com/crayfishx/hiera-gpg - - https://github.com/sihil/hiera-eyaml-gpg - - https://github.com/StackExchange/blackbox - - http://ww.telent.net/2014/2/10/keeping_secrets_in_public_with_puppet - - https://docs.puppetlabs.com/hiera/1/custom_backends.html - - https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml - - https://packages.debian.org/jessie/hiera-eyaml - - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?): - - add a monkeysphere auth subkey to every openpgp key used for backups. - - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ - - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ - - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ - - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html - - https://github.com/jordansissel/puppet-examples/tree/master/masterless -- sshd: - - https://stribika.github.io/2015/01/04/secure-secure-shell.html - - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 - - enable ecdsa key. - - ecdsa priority: alternatives: - - unsupport ecdsa in the server. - - export ecdsa pubkeys. - - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa`. - - force option via rsync/rdiff handlers. -- virtual: migrate to kvm/libvirt. -- loginrecords: deploy module. -- deploy https://github.com/wido/puppet-module-tcpwrappers -- nodo: - - run stages. - - allow more resources to be declared via hiera. - - fix hiera default boolean value when true. - - easy way to toggle management of subsystems. +* Scripts: + * `debian-keyring-setup`. + * `debian-dev-setup`. + * `debian-build`. +* Merge all `build-area` folders. +* Deploy as a ikiwiki + git-annex instance, replacing reprepro. +* Try an [AutomateBackports](https://wiki.debian.org/AutomateBackports) setup. +* Vagrant: run `debian-dev-setup` as an additional shell provisioner. +* Security: https://wiki.debian.org/SecurePbuilder -Medium priority ---------------- +Upstream +-------- -- apt: raspbian support, including unnatended-upgrades. -- backup: - - support for $dombr and $dobios on backupninja::sys for servers and physical machines. - - sync-backups support for rsyncing from kvms / snapshots. -- nodo: - - cleanup and refactor. - - uniform variable names. - - use prompt.sh from bash-prompt as a submodule. -- common: autoload. -- general: - - rollback of commits about charset. - - switch to conf.d: - - php ("refactor" branch), remove E_STRICT from production's error_reporting. - - apache2. - - sudoers. -- backup: `sync-media-iterate [volume]`. -- mail: - - use ssl::dhparams, move to 2048 bit and use the standard file names and paths: - - [Feature #4012: postfix: ship 2048bit dh parameters - Platform - LEAP Issue Tracker](https://leap.se/code/issues/4012) +* Fill a Debian bug report: `dpkg-source` doesn't honour `GNUPGHOME`. -Low priority ------------- +Backport +-------- + +* compton +* mutt with opportunistic encryption: + * http://dev.mutt.org/hg/mutt/rev/b38c4838976f and other patches + * https://www.8t8.us/mutt/patches/ + * [#757117 - mutt-patched: Please add patch to encrypt postponed messages - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757117). +* [firejail](https://l3net.wordpress.com/projects/firejail/) [from sid](https://packages.debian.org/sid/firejail). + +Port +---- + +* [acpi-call](http://hybrid-graphics-linux.tuxfamily.org/index.php?title=Acpi_call). +* [Pond](https://pond.imperialviolet.org/). +* [leap-cli](https://leap.se) (check http://deb.leap.se and `ruby.md`). +* [Blingbling](http://awesome.naquadah.org/wiki/Blingbling). +* [x2go-server](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465821). +* [Terminology](https://www.enlightenment.org/p.php?p=about/terminology). +* [playpen](https://github.com/thestinger/playpen). +* [minijail](https://github.com/omegaup/minijail). + +WNPP +---- + +Before packaging anything, have a look at: -- merge, review, pull requests for all modules. -- bind: nsupdate / dynamic dns: - - http://linux.yyz.us/nsupdate/ - - http://linux.yyz.us/dns/ddns-server.html - - http://caunter.ca/nsupdate.txt - - http://www.rtfm-sarl.ch/articles/using-nsupdate.html - - https://github.com/skx/dhcp.io/ -- munin: lvm monitoring. -- pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: - - http://wiki.rtorrent.org/MagnetUri - - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ - - https://github.com/danfolkes/Magnet2Torrent - - http://code.google.com/p/pyroscope/wiki/CommandLineTools - - https://trac.transmissionbt.com/ticket/4176 - - http://wiki.rtorrent.org/MagnetUri - - https://github.com/rakshasa/rtorrent/issues/212 - - saving/restoring `.meta` and `~/rtorrent/.session` files. -- support for http/https proxy inside web nodes: - - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html - - make all apache sites listen to 8080. -- git: - - gitolite: [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). - - gitweb clean urls. - - email notifications. - - https://packages.debian.org/jessie/git-notifier - - https://github.com/mhagger/git-multimail - - using OpenPGP? -- syslog-ng: use conf.d. -- etherpad: `You need to set a sessionKey value in settings.json`. -- knock integration via https://github.com/juasiepo/knockd -- apache: - - try libapache2-modsecurity. - - deploy https://git.immerda.ch/csp-report/ - - disable other_vhosts_access.log. -- onion: - - support for existing hidden service key, generated with tools like https://github.com/katmagic/Shallot - - load balancing: http://archives.seul.org/tor/relays/Apr-2011/msg00022.html -- nagios: snmp, nrpe, nsca - - http://nagios.sourceforge.net/docs/3_0/addons.html - - http://www.math.wisc.edu/~jheim/snmp/ -- ssh access restrictions: - - denyhosts, but we don't want to log IPs. - - using shorewall: http://www.debian-administration.org/articles/250#comment_16 - - alowed users / groups. -- websites: freewvs. -- puppet: bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 -- mail: - - review dovecot recipient delimiter handling: to which mailbox messages should be sent? - - mlmmj: - - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. - - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. -- drupal/wordpress: - - cronjob/cli: switch to site user. - - drupal_update: Do you really want to continue with the update process? (y/n): - Do you really want to continue with the update process? (y/n): Aborting. [cancel], - possibly related to https://www.drupal.org/node/443392 -- php / wordpress / wp-cli: composer installation and dependencies: - - http://getcomposer.org/doc/00-intro.md#installation-nix - - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods - - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. -- nodo: support for prosody: - - https://github.com/dgoulet/prosody-otr - - http://prosody.im/doc/creating_accounts#importing_from_ejabberd - - config with good score at https://xmpp.net/index.php -- mail: - - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). - - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails. - sent as `root@localhost`. - - deploy https://git.autistici.org/ale/smtp-fp/tree/master - https://github.com/EFForg/starttls-everywhere - - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP - https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 - - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). +* [WNPP](http://wnpp.debian.net). +* [Debian Git](http://anonscm.debian.org/gitweb/). |