TODO ==== High priority ------------- - virtual: migrate to kvm-manager. - cleanup and refactor. - switch from syslog-ng to rsyslog with anonimization. - nodo: journald: volatile logs only. - puppet: masterless: - gpg integration: - https://github.com/compete/hiera_yamlgpg - https://github.com/sihil/hiera-eyaml-gpg - key deployment - add a monkeysphere auth subkey to every openpgp key used for backups. - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ - sshd: - https://stribika.github.io/2015/01/04/secure-secure-shell.html - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 - enable ecdsa key. - loginrecords: deploy module. - deploy https://github.com/wido/puppet-module-tcpwrappers - nodo: - allow more resources to be declared via hiera. - fix hiera default boolean value when true. Medium priority --------------- - backup: sync-backups support for rsyncing from kvms / snapshots. - switch to conf.d: - https://wiki.debian.org/PHP/ - http://www.phpdeveloper.org.uk/overriding-default-php-settings-in-debian-and-ubuntu/ - apache2. - syslog-ng. Low priority ------------ - nodo: replace wicd by network-manager and use nmtui as the text-based interface? - drupal/wordpress: cronjobs: switch to site user. - mail: - [use ssl::dhparams, move to 2048 bit and use the standard file names and paths](https://leap.se/code/issues/4012). - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). - deploy https://git.autistici.org/ale/smtp-fp/tree/master (use cert from ca.autistici.org/ca.pem).