post icon [news] [activity] Projects Activities
[2019-04-18 13:09 +0200] WIP DuckCorp Infrastructure> Revision 26a4d9ad (duckcorp-infra): stuff.milkypond.org: extend memory limit
[2019-04-18 12:18 +0200] WIP DuckCorp Infrastructure> Revision 8ebc0d63 (duckcorp-infra): update submodules
[2019-04-18 12:17 +0200] WIP DuckCorp Infrastructure> Revision c7ffb59d (duckcorp-infra): dc-web: install PHP configuration
[2019-04-18 09:40 +0200] WIP DuckCorp Infrastructure> Revision 2db56b8a (ansible-role-zabbix): fix E306
[2019-04-18 09:37 +0200] WIP DuckCorp Infrastructure> Revision 1d712c46 (ansible-role-zabbix): fix E502
[2019-04-18 09:33 +0200] WIP DuckCorp Infrastructure> Revision b4de26cf (ansible-role-redmine): fix E306
[2019-04-18 09:31 +0200] WIP DuckCorp Infrastructure> Revision cd8cc1ff (ansible-role-roundcube): fix E305
[2019-04-18 09:09 +0200] WIP DuckCorp Infrastructure> Revision 3c1ad57f (duckcorp-infra): dc_check: fix apt-forktracer call
[2019-04-18 08:53 +0200] WIP DuckCorp Infrastructure> Revision 083cbd49 (ansible-role-httpd_php_fpm): fix E306
[2019-04-18 08:41 +0200] WIP DuckCorp Infrastructure> Revision 9665b40c (duckcorp-infra): dc-base: add galaxy_info
Word from the Admin Team
[archives] « Happy New Year! »

Quack,

Many hugs for this new year!

Pilou and I are coming to FOSDEM (and some side-events), so if you’re around do not be shy and say quack.

Plans for the Future

No crazy plans for this new year yet. We’re focused on replacing the aging hardware and finishing automating our deployments to simplify our job. There’s a few ideas when we get extra power on the new hardware, but that’s for another post.

Nicecity is small and could not keep up with the load of the Monitoring system, so Pilou kindly is upgraded her. We should transplant her consciousness soon and restart both monitoring and backup on the new hardware. There is no direct user impact but be sure to backup your critical data on your own just in case.

The work on Toushirou-NG is ongoing, this is coupled with the effort to Ansibilize our infra which made quite a lot of progress. So we’re basically able to reinstall the host fully with Ansible modulo one or two small glitches. Data are being synced with the current host too. Before proceeding to the replacement we need to check that all services work fine, this is WIP.

DNSSEC (signed DNS zones) is a very nice security feature but unfortunately managing the keys and their replacement over time is quite a hassle to say the least. We’re currently using OpenDNSSEC and it works but the setup is a tad complicated. the DNS server (Bind9) has made quite some progress on this front. We’re now using the Debian backports to take advantages of some new features and we’re evaluating switching to using Bind9 tooling directly.

Mail

We did some work around the mail filtering system (SIEVE): - activated spamtest: if you do not use the provided include script to move SPAM into the Junk box becaue you need more customization, then you should be interested in this extension. Instead of parsing the headers yourself, which could break if we change the system, tune the sensitivity… this extension provides an interface with a normalized score directly - activated vacation-seconds: allows more granularity for the vacation settings - on the webmail we replaced the unmaintained Roundcube ‘sieverules’ plugin by ‘managesieve’; this is prepare for the future Debian version with an improved Roundcube and SIEVE plugin. Currently they are equally incomplete and buggy, so it should not change anything for you. - we recently switched from the deprecated dovecot-antispam Dovecot extension to IMAPSIEVE, which does a similar job but cleaner and more flexible by far. It currently implements the same exact behavior, so no user change. In the future Debian version the old extension would not work, so better be prepared. The documentation was updated accordingly: https://users.duckcorp.org/index.php/Services/Mail

We also activated the IMAP metadata extension which is used by some mail clients to store server and folder custom information. It "might" be useful, but it’s cheap anyway so why not enable it.

Cleanup

We’re continuing to reevaluate our services to focus on the important things and to be able to gather resources for new projects. The webstats, fetchmail and feed2imap services were unused, so they were removed.

\_o<

Activism

  • Not f'd — you won't find me on Facebook

Special Support

  • FSF Member Logo
  • DUC Logo

Sponsors

  • Hivane
  • Nerim