post icon [news] [activity] Projects Activities
[2019-01-17 16:08 +0100] WIP DuckCorp Infrastructure> work
[2019-01-17 16:08 +0100] NEWS DuckCorp Infrastructure> work
[2019-01-17 14:34 +0100] WIP DuckCorp Infrastructure> Revision a7e9483c (duckcorp-infra): disable all monitoring until Nicecity-NG is ready
[2019-01-11 19:28 +0100] WIP DuckCorp Infrastructure> Revision 2dbd6575 (duckcorp-infra): force lists in intermediate variables to be resolved #2
[2019-01-11 19:23 +0100] WIP DuckCorp Infrastructure> Revision 65d9ed5c (duckcorp-infra): dc-web: rsync needed for 'synchronize' module
[2019-01-11 17:02 +0100] WIP DuckCorp Infrastructure> Revision d25cc3cc (duckcorp-infra): update submodules
[2019-01-11 17:01 +0100] WIP DuckCorp Infrastructure> Revision 1562056d (duckcorp-infra): force lists in intermediate variables to be resolved
[2019-01-10 04:58 +0100] WIP DuckCorp Infrastructure> Revision 35a67e9f (duckcorp-infra): fix index permissions
[2018-12-30 14:44 +0100] WIP DuckCorp Infrastructure> Revision 802177b7 (duckcorp-infra): Orfeo: needs accounts resolution
[2018-12-30 13:41 +0100] WIP DuckCorp Infrastructure> Revision aad53888 (duckcorp-infra): dns: adjust rate limiting
Word from the Admin Team
[archives] « Happy New Year! »


Many hugs for this new year!

Pilou and I are coming to FOSDEM (and some side-events), so if you’re around do not be shy and say quack.

Plans for the Future

No crazy plans for this new year yet. We’re focused on replacing the aging hardware and finishing automating our deployments to simplify our job. There’s a few ideas when we get extra power on the new hardware, but that’s for another post.

Nicecity is small and could not keep up with the load of the Monitoring system, so Pilou kindly is upgraded her. We should transplant her consciousness soon and restart both monitoring and backup on the new hardware. There is no direct user impact but be sure to backup your critical data on your own just in case.

The work on Toushirou-NG is ongoing, this is coupled with the effort to Ansibilize our infra which made quite a lot of progress. So we’re basically able to reinstall the host fully with Ansible modulo one or two small glitches. Data are being synced with the current host too. Before proceeding to the replacement we need to check that all services work fine, this is WIP.

DNSSEC (signed DNS zones) is a very nice security feature but unfortunately managing the keys and their replacement over time is quite a hassle to say the least. We’re currently using OpenDNSSEC and it works but the setup is a tad complicated. the DNS server (Bind9) has made quite some progress on this front. We’re now using the Debian backports to take advantages of some new features and we’re evaluating switching to using Bind9 tooling directly.


We did some work around the mail filtering system (SIEVE): - activated spamtest: if you do not use the provided include script to move SPAM into the Junk box becaue you need more customization, then you should be interested in this extension. Instead of parsing the headers yourself, which could break if we change the system, tune the sensitivity… this extension provides an interface with a normalized score directly - activated vacation-seconds: allows more granularity for the vacation settings - on the webmail we replaced the unmaintained Roundcube ‘sieverules’ plugin by ‘managesieve’; this is prepare for the future Debian version with an improved Roundcube and SIEVE plugin. Currently they are equally incomplete and buggy, so it should not change anything for you. - we recently switched from the deprecated dovecot-antispam Dovecot extension to IMAPSIEVE, which does a similar job but cleaner and more flexible by far. It currently implements the same exact behavior, so no user change. In the future Debian version the old extension would not work, so better be prepared. The documentation was updated accordingly:

We also activated the IMAP metadata extension which is used by some mail clients to store server and folder custom information. It "might" be useful, but it’s cheap anyway so why not enable it.


We’re continuing to reevaluate our services to focus on the important things and to be able to gather resources for new projects. The webstats, fetchmail and feed2imap services were unused, so they were removed.



  • Not f'd — you won't find me on Facebook

Special Support

  • FSF Member Logo
  • DUC Logo


  • Hivane
  • Nerim