TODO: Difference between revisions

From Run Your Own
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 9: Line 9:
* Move GS out of the way from lurk.org to gs.lurk.org or something like that
* Move GS out of the way from lurk.org to gs.lurk.org or something like that
* <s>make account for rra</s>
* <s>make account for rra</s>
* convert Prosody internal db to MySQL
* <s>convert Prosody internal db to MySQL</s> Apparently this is pointless the internal storage can scale very fine.
* Make simple static homepage about LURK
* Make simple static homepage about LURK
* automate certbot
* automate certbot
Line 32: Line 32:
* <strike>Install mastodon</strike>
* <strike>Install mastodon</strike>
* automate certbot
* automate certbot
* try matrix/riot to make sure rocket.chat is not the next GS
* <s>try matrix/riot to make sure rocket.chat is not the next GS</s> We don't have enough resources for that
* make ssh access via keys only
* make ssh access via keys only
* install/configure fail2ban (Should be OK without it if we only use keys, but would be nice to have it also watchdog the email server)
* install/configure fail2ban (Should be OK without it if we only use keys, but would be nice to have it also watchdog the email server)

Latest revision as of 00:22, 14 July 2018

Send-help.png

Because there could be so many other exciting things to do right now.

agnesbaxter

  • Explain the backscatter rejection parameters
  • Better explain SPF in backscatter rejection page
  • Submit backscatter postfix config to postfix list to make sure these are decent settings
  • Move GS out of the way from lurk.org to gs.lurk.org or something like that
  • make account for rra
  • convert Prosody internal db to MySQL Apparently this is pointless the internal storage can scale very fine.
  • Make simple static homepage about LURK
  • automate certbot
  • setup backupninja (reuired: backup machine)
  • install icecast with an nginx proxy to serve radio.lurk.org
  • startup/init script for mailman3
  • make ssh access via keys only
  • install/configure fail2ban (Should be OK without it if we only use keys, but would be nice to have it also watchdog the email server)
  • install tinc
  • setup log rotation for mm3 (see discussion on mm3 list)
  • check if postfix is up to date with all SPF/DKIM nonsense
  • configure iptable with GOTO10/bleu255 script
  • investigate why free.fr sees email (so far the ones from douglas) as spam (X-ProXaD-SC: state=SPAM score=150)
  • run https://observatory.mozilla.org on server and improve + document how to make the improvements
  • Check if mm3 handles DMARC correctly (thread on mm3 list about it)
  • consider upgrading mm3 to alpha version in pip (need to ask on mm list first for caveats) alpha was removed from pip!
  • clean mm3 broken emails in moderation queue db (discussion in mm3 list) implies manually editing the db :/
  • Add doc + info for missing welcome messages (using the repos created by Alex on gitlab)
  • check why the email from Major Dennis Hornbeck went though the net and reached mm3

douglas

  • Install mastodon
  • automate certbot
  • try matrix/riot to make sure rocket.chat is not the next GS We don't have enough resources for that
  • make ssh access via keys only
  • install/configure fail2ban (Should be OK without it if we only use keys, but would be nice to have it also watchdog the email server)
  • install tinc
  • configure iptable with GOTO10/bleu255 script
  • run https://observatory.mozilla.org on server and improve + document how to make the improvements

$INSERT_NAME

  • Setup a backup machine
  • install tinc

Run Your Own documentation

  • Make a page with a detailed list of services/ports/servers
  • howto restart GS
  • howto restart mailman3
  • howto mastodon
  • try to modify the certbot gandi plugin to handle the shared-id API parameter