7:41 p.m.
Hi all,
Quick introduction: I am the system administrator of CipherMail B.V., a
company which specializes in email security, and Stichting Bits of
Freedom, the digital rights movement in the Netherlands. I also
volunteer for a community wireless network in Amsterdam called Amsterdam
Wireless. I've started using DebOps in Februari this year when we were
provisioning a new datacenter at CipherMail. So far it's been really
great and I'm introducing DebOps at Bits of Freedom now as well. Last
year I graduated with a bachelor's thesis about deploying DNSSEC at a
large Dutch hosting company. They went from zero to full DNSSEC with
PowerDNS and some Python scripts I wrote. You can find the thesis
(Dutch) here:
https://www.imrejonk.nl/deploying-dnssec-at-a-web-hosting-company/.
Hobbies and sports include computer tinkering, running, shooting sports,
biking, amateur radio and scuba diving.
To business. I wrote some DebOps-integrated roles at CipherMail which
might be useful to others. My employer has agreed to release the roles
under the GPL version 3 (or later). Some roles lack documentation, tests
and functionality to be useful to anyone, so I'll have to do some work
to improve the overall role quality. I guess I'll do that and create PRs
for new debops-contrib roles soon.
These are the roles I'm talking about:
- amsw.dnsui: provides complete functionality for integrating Opera's
DNS-UI, an LDAP-authenticated web frontend for PowerDNS authoritative
server. The role uses the nginx PAM module for LDAP authentication.
Requires PowerDNS 4.1+ for DNSSEC functionality. Depends on
debops.secret, debops.users, debops.postgresql, debops.php, debops.nginx
and debops.cron.
- amsw.powerdns_auth: a simple role for PowerDNS authoritative server
management. Right now you can only use this role with the Postgresql
backend and the upstream packages (I needed v4.1 for DNSSEC capabilities
on the API). Nonetheless it should be very easy to integrate this with
debops.mariadb and the PowerDNS BIND backend.
- ciphermail.nut: almost complete role for managing a Network UPS Tools
(NUT) server. Needs documentation and tests.
- ciphermail.nut_client: NUT client management.
- ciphermail.cups: manages our CUPS print server. Integrates with
debops.pki and applies some hardening tricks to ensure our print jobs
are always TLS encrypted with verified certificates.
- ciphermail.simplesamlphp: manages a SAML 2.0 iDP-only SimpleSAMLphp
installation, integrated with debops.pki. We use it for Single Sign-On.
- ciphermail.docker_container: simple role for managing Docker containers.
- ciphermail.docker_network: additional Docker role for managing networks.
We've also modified some existing DebOps roles because they weren't
entirely satisfactory for us. We'll contribute these changes back as
well. We're using a lot of DebOps roles :)
Any suggestions (on where I should start, for example) are most welcome!
Cheers,
Imre