source: darkpeak-services/ @ 23973407

Last change on this file since 23973407 was 23973407, checked in by Mat Booth <mat.booth@…>, 3 years ago

Remove a TODO note.

Further testing shows that what I thought might not work, does in
fact just work. FreeIPA limitation of one pub key per user is
actually not a big deal; gitolite and sshd are pretty smart it
turns out.

  • Property mode set to 100644
File size: 1.7 KB
1- Create users and groups as part of each web service's role rather than having php-fpm role create them indirectly.
2- Shorten the merry dance of simlinks involved in the location of mediawiki's LocalSettings.php file (which involves allowing the execution of php code in several directories that might otherwise be sensible to keep out of php-fpm's path, like /etc/mediawiki)
3- Have each role create its own webroot directory, or at least pass owner, group and mode as variables to the nginx role's "configure-nginx-website.yml" playbook. This would avoid having to fix webroot permissions for roles that use php-fpm(e.g. ttrss, mediawiki).
4  - Some roles that require nginx (git/znc/ipsilon) require no webroot directory because they simply use nginx to proxy requests to other processes, so it may be better to have the roles that need one create them
5- Move mastodon's webroot from /home/mastodon/live to /var/www/mastodon for consistency.
6- Fix the "include" deprecation warnings.
7- Ensure all users of LDAP are talking over TLS and actually verify certs
8- Replace the "darkpeak" LDAP user with a proper system user for services such as SSSD to bind with
9- We'll probably end up with random logos and other kinds of branding in a bunch of places -- this should be consolidated somehow (maybe submodule the design repo?)
10- Finish implementing git hosting:
11  - Static site hosting (missing hook)
12- Ipsilon is currently storing session/user data in sqlite3 -- probably should migrate it to make use of the postgres role, then it will no longer need a home directory. Anything it doesn't store in a db is ephemera that could live in /tmp or some other tmpfs location
13- Move to latest version of FreeIPA (and ansiblise at the same time)
Note: See TracBrowser for help on using the repository browser.