TODO ==== High priority ------------- - puppet: masterless: - ensure puppet daemon is stopped. - gpg integration: - https://github.com/compete/hiera_yamlgpg - https://github.com/sihil/hiera-eyaml-gpg - https://docs.puppetlabs.com/hiera/1/custom_backends.html - https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml - https://packages.debian.org/jessie/hiera-eyaml - key deployment - add a monkeysphere auth subkey to every openpgp key used for backups. - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html - https://github.com/jordansissel/puppet-examples/tree/master/masterless - sshd: - https://stribika.github.io/2015/01/04/secure-secure-shell.html - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 - enable ecdsa key. - ecdsa priority: alternatives: - unsupport ecdsa in the server. - export ecdsa pubkeys. - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa`. - force option via rsync/rdiff handlers. - virtual: migrate to kvm/libvirt. - loginrecords: deploy module. - deploy https://github.com/wido/puppet-module-tcpwrappers - nodo: - allow more resources to be declared via hiera. - fix hiera default boolean value when true. Medium priority --------------- - apt: raspbian support, including unnatended-upgrades. - backup: - support for $dombr and $dobios on backupninja::sys for servers and physical machines. - sync-backups support for rsyncing from kvms / snapshots. - nodo: - cleanup and refactor. - uniform variable names. - use prompt.sh from bash-prompt as a submodule. - easy way to toggle management of subsystems. - common: autoload ou replace. - general: - rollback of commits about charset. - switch to conf.d: - https://wiki.debian.org/PHP/ - http://www.phpdeveloper.org.uk/overriding-default-php-settings-in-debian-and-ubuntu/ - php ("refactor" branch), remove E_STRICT from production's error_reporting. - apache2. - sudoers. - backup: `sync-media-iterate [volume]`. - mail: - use ssl::dhparams, move to 2048 bit and use the standard file names and paths: - [Feature #4012: postfix: ship 2048bit dh parameters - Platform - LEAP Issue Tracker](https://leap.se/code/issues/4012) Low priority ------------ - nodo: solve network-manager / wicd conflict. - merge, review, pull requests for all modules. - pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: - http://wiki.rtorrent.org/MagnetUri - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ - https://github.com/danfolkes/Magnet2Torrent - http://code.google.com/p/pyroscope/wiki/CommandLineTools - https://trac.transmissionbt.com/ticket/4176 - http://wiki.rtorrent.org/MagnetUri - https://github.com/rakshasa/rtorrent/issues/212 - saving/restoring `.meta` and `~/rtorrent/.session` files. - support for http/https proxy inside web nodes: - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html - make all apache sites listen to 8080. - syslog-ng: use conf.d. - knock integration via https://github.com/juasiepo/knockd - drupal/wordpress: cronjobs: switch to site user. - mail: - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). - review dovecot recipient delimiter handling: to which mailbox messages should be sent? - deploy https://git.autistici.org/ale/smtp-fp/tree/master (use cert from ca.autistici.org/ca.pem). https://github.com/EFForg/starttls-everywhere - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.).