diff options
-rw-r--r-- | TODO.md | 203 |
1 files changed, 101 insertions, 102 deletions
@@ -1,59 +1,43 @@ TODO ==== -* UseDns disable on sshd_config for vagrant nodes. -* Support for recursive clones in `bin/mrconfig`. -* Test! -* Puppet 3.x support: - * http://docs.puppetlabs.com/puppet/latest/reference/environments.html - * https://github.com/mitchellh/vagrant/issues/3740 - * https://search.disconnect.me/searchTerms/serp?search=b5af0f89-a8ba-4601-8deb-6b45c8032414 - * https://ask.puppetlabs.com/question/10975/for-node-definitionclassification-what-is-the-successor-to-import-nodespp-now-that-import-is-deprecated/ +High priority +------------- -Puppet modules --------------- - -### Security - -- knock integration via https://github.com/juasiepo/knockd -- apache: - - try libapache2-modsecurity. - - deploy https://git.immerda.ch/csp-report/ - - disable other_vhosts_access.log -- loginrecords: deploy module. -- ssh: - - https://stribika.github.io/2015/01/04/secure-secure-shell.html - - access restrictions: - - denyhosts, but we don't want to log IPs. - - using shorewall: http://www.debian-administration.org/articles/250#comment_16 - - alowed users / groups. -- backup: - - support for $dombr and $dobios on backupninja::sys for servers and physical machines. - - sync-backups support for rsyncing from kvms / snapshots. -- virtual: migrate to kvm/libvirt. -- websites: freewvs. -- puppet: masterless puppet: +- puppet: masterless: - keyringer/gpg integration. - http://it-dev.web.cern.ch/book/cern-puppet-development-user-guide/puppet-development-work-flow-git/hiera-hierarchical-databa-1 - https://github.com/compete/hiera_yamlgpg - https://github.com/crayfishx/hiera-gpg + - https://github.com/StackExchange/blackbox + - http://ww.telent.net/2014/2/10/keeping_secrets_in_public_with_puppet + - https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml + - https://packages.debian.org/jessie/hiera-eyaml - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?): - add a monkeysphere auth subkey to every openpgp key used for backups. - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ - - how to manage storeconfigs? - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html - https://github.com/jordansissel/puppet-examples/tree/master/masterless -- drupal/wordpress: - - cronjob/cli: switch to site user +- sshd: + - https://stribika.github.io/2015/01/04/secure-secure-shell.html + - enable ecdsa key + - ecdsa priority: alternatives: + - unsupport ecdsa in the server + - export ecdsa pubkeys + - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa` + - force option via rsync/rdiff handlers +- virtual: migrate to kvm/libvirt. +- loginrecords: deploy module. -### Fixes +Medium priority +--------------- -- nodo: support for prosody: - - https://github.com/dgoulet/prosody-otr - - http://prosody.im/doc/creating_accounts#importing_from_ejabberd - - config with good score at https://xmpp.net/index.php +- backup: + - support for $dombr and $dobios on backupninja::sys for servers and physical machines. + - sync-backups support for rsyncing from kvms / snapshots. +- nodo: - rename `nodo::base::vserver` and `nodo::role::vserver` to a more generic `virtual` suffix. - use prompt.sh from bash-prompt as a submodule. - general: @@ -63,63 +47,15 @@ Puppet modules - php ("refactor" branch), remove E_STRICT from production's error_reporting. - apache2. - sudoers. -- drupal: - - drupal_update: Do you really want to continue with the update process? (y/n): - Do you really want to continue with the update process? (y/n): Aborting. [cancel], - possibly related to https://www.drupal.org/node/443392 -- sshd/backup: - - ecdsa priority: alternatives: - - unsupport ecdsa in the server - - export ecdsa pubkeys - - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa` - - force option via rsync/rdiff handlers - - enable ecdsa key -- etherpad: `You need to set a sessionKey value in settings.json`. -- websites: - - php / wordpress / wp-cli: composer installation and dependencies: - - http://getcomposer.org/doc/00-intro.md#installation-nix - - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods - - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. - - make rails optional on websites::hosting -- puppet: - - puppetlast. - - bug report: debian wheezy puppetmaster-passenger: not honoring certname / envvars LANG issue. - - bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 - backup: `sync-media-iterate [volume]`. - mail: - - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). - - use ssl::dhparams, move to 2048 bit and use the standard file names and paths. + - use ssl::dhparams, move to 2048 bit and use the standard file names and paths: - [Feature #4012: postfix: ship 2048bit dh parameters - Platform - LEAP Issue Tracker](https://leap.se/code/issues/4012) - - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails - sent as `root@localhost`. - - deploy https://git.autistici.org/ale/smtp-fp/tree/master - https://github.com/EFForg/starttls-everywhere - - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP - https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 -### Features +Low priority +------------ -- git: - - gitweb clean urls - - email notifications - - https://packages.debian.org/jessie/git-notifier - - https://github.com/mhagger/git-multimail - - using OpenPGP? -- support for http/https proxy inside web nodes - - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html - - make all apache sites listen to 8080 -- git: gitolite: - - /root/.config/git/config permission denied ikiwiki issue: - - http://www.redmine.org/issues/13631 - - https://answers.atlassian.com/questions/112982/permission-denied-errors-post-upgrade-to-stash-2 - - https://bugs.gentoo.org/show_bug.cgi?id=460370 - - http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ - - related to ikiwiki's post-update hooks which is not getting the $HOME env correctly - - [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). -- mail: mlmmj: - - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. - - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. +* merge, review, pull requests for all modules. - bind: nsupdate / dynamic dns: - http://linux.yyz.us/nsupdate/ - http://linux.yyz.us/dns/ddns-server.html @@ -127,9 +63,6 @@ Puppet modules - http://www.rtfm-sarl.ch/articles/using-nsupdate.html - https://github.com/skx/dhcp.io/ - munin: lvm monitoring. -- nagios: snmp, nrpe, nsca - - http://nagios.sourceforge.net/docs/3_0/addons.html - - http://www.math.wisc.edu/~jheim/snmp/ - pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: - http://wiki.rtorrent.org/MagnetUri - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ @@ -139,14 +72,80 @@ Puppet modules - http://wiki.rtorrent.org/MagnetUri - https://github.com/rakshasa/rtorrent/issues/212 - saving/restoring `.meta` and `~/rtorrent/.session` files. -- onion: - - support for existing hidden service key, generated with tools like https://github.com/katmagic/Shallot - - load balancing: http://archives.seul.org/tor/relays/Apr-2011/msg00022.html + +- support for http/https proxy inside web nodes + - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html + - make all apache sites listen to 8080 +- git: + - gitweb clean urls + - email notifications + - https://packages.debian.org/jessie/git-notifier + - https://github.com/mhagger/git-multimail + - using OpenPGP? - nodo: - decrease http://www.cups.org/doc-1.1/sam.html#Timeout on cupds.conf from laptops that use remote printers set on client.conf - syslog-ng: use conf.d - -Repo management ---------------- - -- merge, review, pull requests for all modules. +- etherpad: `You need to set a sessionKey value in settings.json`. +- knock integration via https://github.com/juasiepo/knockd +- apache: + - try libapache2-modsecurity. + - deploy https://git.immerda.ch/csp-report/ + - disable other_vhosts_access.log +- onion: + - support for existing hidden service key, generated with tools like https://github.com/katmagic/Shallot + - load balancing: http://archives.seul.org/tor/relays/Apr-2011/msg00022.html +- nagios: snmp, nrpe, nsca + - http://nagios.sourceforge.net/docs/3_0/addons.html + - http://www.math.wisc.edu/~jheim/snmp/ +- ssh access restrictions: + - denyhosts, but we don't want to log IPs. + - using shorewall: http://www.debian-administration.org/articles/250#comment_16 + - alowed users / groups. +- websites: freewvs. +- puppet: + - puppetlast. + - bug report: debian wheezy puppetmaster-passenger: not honoring certname / envvars LANG issue. + - bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 +- mail: mlmmj: + - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. + - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. +- drupal/wordpress: + - cronjob/cli: switch to site user + - drupal_update: Do you really want to continue with the update process? (y/n): + Do you really want to continue with the update process? (y/n): Aborting. [cancel], + possibly related to https://www.drupal.org/node/443392 +- php / wordpress / wp-cli: composer installation and dependencies: + - http://getcomposer.org/doc/00-intro.md#installation-nix + - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods + - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. +- nodo: support for prosody: + - https://github.com/dgoulet/prosody-otr + - http://prosody.im/doc/creating_accounts#importing_from_ejabberd + - config with good score at https://xmpp.net/index.php +- websites: + - make rails, moin, trac, etc optional on websites::hosting +- git: gitolite: + - /root/.config/git/config permission denied ikiwiki issue: + - http://www.redmine.org/issues/13631 + - https://answers.atlassian.com/questions/112982/permission-denied-errors-post-upgrade-to-stash-2 + - https://bugs.gentoo.org/show_bug.cgi?id=460370 + - http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ + - related to ikiwiki's post-update hooks which is not getting the $HOME env correctly + - [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). +- mail: + - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). + - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails + sent as `root@localhost`. + - deploy https://git.autistici.org/ale/smtp-fp/tree/master + https://github.com/EFForg/starttls-everywhere + - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP + https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 + - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). + - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails + sent as `root@localhost`. + - deploy https://git.autistici.org/ale/smtp-fp/tree/master + https://github.com/EFForg/starttls-everywhere + - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP + https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 |