Continuous integration with Debian virtual machines
Dear Debian users, Anyone know a hosting service, like GitHub or GitLab, offering recent Debian virtual machines to run tests ? The last time I checked, they offered old Ubuntu versions or docker images, but I need a full Debian VM. For contextual information, the source code is here: https://github.com/progmaticltd/homebox My tests are relying on systemd services as well (so no docker), and some of them are pretty low-level. The packages names differences are big enough for the tests to fails, and I am not interested porting my solution to Ubuntu. Thanks for your insights. André Rodier.
Continuous integration with Debian virtual machines
Dear Debian users, Anyone know a hosting service, like GitHub or GitLab, offering recent Debian virtual machines to run tests ? The last time I checked, they offered old Ubuntu versions or docker images, but I need a full Debian VM. For contextual information, the source code is here: https://github.com/progmaticltd/homebox My tests are relying on systemd services as well (so no docker), and some of them are pretty low-level. The packages names differences are big enough for the tests to fails, and I am not interested porting my solution to Ubuntu. Thanks for your insights. André Rodier.
How to create a systemd service that interact with nftables service
Hello, all. I have a simple script, to save / and store dynamic nftables sets. I would like to create a systemd service, that starts -after- nftables is started, and stops -before- nftables is stopped. Any idea on how to achieve this, please ? I tried to play a little with ‘Requires’ or ‘After’, without success. Thanks for your help. André
Re: Email clients and IMAP search support
Hi, Byung-Hee. This is definitely not what I asked, and we don't ask for a Gmail advertisement. I don't understand what prompted you to write such an answer, this is a waste of resource and time. Moreover, I have found my answer. Andre. 17 Apr 2023 06:29:12 Byung-Hee HWANG : > Andre Rodier writes: > >> On Sun, 2023-04-16 at 17:01 +0100, Andre Rodier wrote: >>> Hi, >>> >>> Is there any desktop email client on Debian, that supports server >>> side IMAP search, please ? >>> >>> I have an email server that support indexing attachment contents, >>> and when I run a query from the command line using >>> doveadm search or even TELNET, it is returning the correct email indexes. >>> >>> However, when I try the same search with a desktop client, nothing >>> is returned. I tried Thunderbird, Balsa, Claws and >>> Geary. None of them is satisfactory. >>> >>> Thanks for your help. >>> >>> Thanks, >>> André >>> >> >> OK, I am answering to myself, Gnome Evolution works, it is sending the >> search query to the server. >> >> Even in some advanced RTL languages like Arabic. >> >> Great! > > Hellow Andre, > > Searching for IMAP is good with Gmail web interface, i think. If you > have web browser such as mozilla firefox, chromium browser. Try to > gmail, just with web browser. It is not bad in my experience. And also i > am Debian user (Debian 11 Bullseye under Chromebook). > > As you know, Gmail is good with UTF-8 support / Searching / Labeling. > > See here: > https://gitlab.com/soyeomul/Gnus/-/commit/314e84446d1002726aec0ccf81a756d54568bfbb > > In real world, i use both Gmail and Emacs Gnus for email. > > Sincerely, Byung-Hee > > -- > ^고맙습니다 _地平天成_ 감사합니다_^))//
Thunderbird security
Hi all, I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? Thanks for your understanding and advice, but please, I don't want to start a troll. -- 퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟
Thunderbird security
Hi all, I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? Thanks for your understanding and advice, but please, I don't want to start a troll. -- 퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟
netfilter on bullseye: matching executable name or pid with nftables
Hi, With iptables, I was able to use the match extension, and create rules per program or pid, for isntance: iptables -A OUTPUT --match owner -p tcp --cmd-owner tinyproxy -j ACCEPT iptables -A OUTPUT --match owner -p tcp --pid-owner 4554 -j ACCEPT How can I achieve the same, on Linux, using nftables, please ? I am using Debian Bullseye Thanks. -- 퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟
Re: PAM two factors authentication
Hello Kamil, This is not exactly what I asked. I want two factors authentication, with the first factor (the password) and the second one being one of many (Yubikey, google auth or u2f) Thanks, On 13/11/2021 18:13, Kamil Jońca wrote: André Rodier writes: Hello all, I can use various second factors authentications on Debian: - google authenticator - u2f key - yubikey I would like to configure pam sessions to have 1) password authentication, and then 2) one of the second factor described above. How this can be achieved, please ? Thanks for your answers. André Rodier. Well. I can say that I follow: https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F and I can use my ubikey (I believe its u2f application) to login/unlock. KJ -- 퓐퓡 - André Rodier
PAM two factors authentication
Hello all, I can use various second factors authentications on Debian: - google authenticator - u2f key - yubikey I would like to configure pam sessions to have 1) password authentication, and then 2) one of the second factor described above. How this can be achieved, please ? Thanks for your answers. André Rodier.
preseeding Bullseye
Hello all, I am building a preseed file for Debian Bullseye. I am able to configure many advanced features, like LUKS / LVM, etc. However, I still have one question asked at the beginning of the installer, about the keyboard variant (see the attached image) For instance, I can select British, and then, the installation continues. I am attaching the full preseed file I use. Thanks for your help. André Rodier. Preseed for one drive, using just an LVM partitioning scheme # The values can also be preseeded individually for greater flexibility. d-i debian-installer/language string en_GB:en d-i debian-installer/country string UK d-i debian-installer/locale string en_GB # Optionally specify additional locales to be generated. # d-i localechooser/supported-locales multiselect en_GB.UTF-8 # Keyboard selection. # d-i console-keymaps-at/keymap string gb d-i keyboard-configuration/xkb-keymap select gb d-i keyboard-configuration/variant select British English d-i keyboard-configuration/toggle select No toggling # Do not scan for another CD d-i apt-setup/use_mirror boolean false d-i apt-setup/cdrom/set-first boolean false d-i apt-setup/cdrom/set-next boolean false d-i apt-setup/cdrom/set-failed boolean false ### Apt setup # You can choose to install non-free and contrib software. d-i apt-setup/non-free boolean true d-i apt-setup/contrib boolean true d-i apt-setup/use_mirror boolean true # Select which update services to use; define the mirrors to be used. # Values shown below are the normal defaults. d-i apt-setup/services-select multiselect security, updates d-i apt-setup/security_host string security.debian.org # Additional repositories, local[0-9] available # d-i apt-setup/local0/repository string \ # http://dl.google.com/linux/chrome/deb/ stable main # d-i apt-setup/local0/comment string Google chrome # URL to the public key of the local repository; you must provide a key or # apt will complain about the unauthenticated repository and so the # sources.list line will be left commented out # d-i apt-setup/local0/key string https://dl.google.com/linux/linux_signing_key.pub # Enable deb-src lines #d-i apt-setup/local0/source boolean true # By default the installer requires that repositories be authenticated # using a known gpg key. This setting can be used to disable that # authentication. Warning: Insecure, not recommended. #d-i debian-installer/allow_unauthenticated boolean true # Uncomment this to add multiarch configuration for i386 #d-i apt-setup/multiarch string i386 ### Network configuration # Disable network configuration entirely. This is useful for cdrom # installations on non-networked devices where the network questions, # warning and long timeouts are a nuisance. #d-i netcfg/enable boolean false # netcfg will choose an interface that has link if possible. This makes it # skip displaying a list if there is more than one interface. # d-i netcfg/choose_interface select auto d-i netcfg/choose_interface select auto # To set a different link detection timeout (default is 3 seconds). # Values are interpreted as seconds. #d-i netcfg/link_wait_timeout string 10 # If you have a slow dhcp server and the installer times out waiting for # it, this might be useful. #d-i netcfg/dhcp_timeout string 60 #d-i netcfg/dhcpv6_timeout string 60 # If you prefer to configure the network manually, uncomment this line and # the static network configuration below. #d-i netcfg/disable_autoconfig boolean true # Any hostname and domain names assigned from dhcp take precedence over # values set here. However, setting the values still prevents the questions # from being shown, even if values come from dhcp. d-i netcfg/get_hostname string mail d-i netcfg/get_domain string rodier.me # If you want to force a hostname, regardless of what either the DHCP # server returns or what the reverse DNS entry for the IP is, uncomment # and adjust the following line. #d-i netcfg/hostname string somehost # Disable that annoying WEP key dialog. d-i netcfg/wireless_wep string # The wacky dhcp hostname that some ISPs use as a password of sorts. #d-i netcfg/dhcp_hostname string radish # If non-free firmware is needed for the network or other hardware, you can # configure the installer to always try to load it, without prompting. Or # change to false to disable asking. d-i hw-detect/load_firmware boolean false ### Network console1 # Use the following settings if you wish to make use of the network-console # component for remote installation over SSH. This only makes sense if you # intend to perform the remainder of the installation manually. #d-i anna/choose_modules string network-console #d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key #d-i network-console/password password r00tme #d-i network-console/password-again password r00tme ### Mirror settings # If you select ftp, the mirror/country string does not need to be set. #d-i mirror/protocol string ftp d-i mirror/country string manual d
Status of Apache Solr
Hello, The version of Solr on Debian seems to be outdated a lot. The Debian version is 3.6, but IIRC, the official version is 8.x. I checked testing and Sid, but it seems to be the same version. What is the status, of this, please? Thanks, André
Any Bluetooth 5 adapter Debian compatible
Hello, I am looking for a USB / Bluetooth 5 adapter, natively compatible with Debian. Thanks, André
Re: pass simple readline frontend
On Tue, 2019-11-05 at 18:30 -0800, Kushal Kumaran wrote: > André Rodier writes: > > > Hello, > > > > I want to use the pass password urtility on Linux, in my Emacs > > eterm. > > > > The TERM environment variable seems to be ignored, the ncurses > > utility > > starts and this is totally unusable. > > Is there any option, beside recompiling the software to have it > > working properly? > > > > Have you looked at the emacs mode for pass? > https://stable.melpa.org/#/pass > > Not sure what your usecase is, but I find the emacs mode suffices for > everything I need it to do. > Hello Kushal, Yes, I am using it to manage the passwords, but the gpg agent is not compatible and starts an ncurses frontend in the eshell prompt. Apparently, Dominik have proposed a solution. Thanks, André
Re: Remove package file from cache as soon as it is installed
On Sun, 2019-09-22 at 11:08 -0500, David Wright wrote: > On Sun 22 Sep 2019 at 16:29:54 (+0100), André Rodier wrote: > > Hello, > > > > Is there a way, when using apt to install packages, to delete the > > package file from /var/cache as soon as it is installed? > > > > I am running a package installation inside docker:stable, and it > > fails > > in the middle, with no space left on device. > > I think you need to break up the apt command into several of them, > with clean in between (if needed: apt might clean automatically; > IDK as I use apt-get). > > Install the dependencies of dependencies first, then the > dependencies, > then the packages *with* those dependencies, ie starting from the > bottom of the tree of dependencies. > > > Otherwise, is there an option to increase the docker image before > > installing it? > > Cheers, > David. > Thanks David et al, The issue was the number of inodes in my /var/lib/docker partition was ridiculously small, I had to reformat the partition to increase the number of inodes, and it is now working. Th partition is 20G, with the big files option, perhaps it was the reason of the small number of inodes? And yes, I was using overlay2. Thanks again for your help, André
Re: Remove package file from cache as soon as it is installed
On Sun, 2019-09-22 at 18:01 +0200, Nemeth Gyorgy wrote: > 2019. 09. 22. 17:29 keltezéssel, André Rodier írta: > > Is there a way, when using apt to install packages, to delete the > > package file from /var/cache as soon as it is installed? > > apt-get clean > Thanks, I knew the command, so perhaps I did not explain properly. Let's take an example: > Step 7/24 : RUN apt -qq install -t buster-backports -y simple-cdd > debian-archive-keyring > ---> Running in > e3e9a1948203 > > > > WARNING: apt does not have a stable CLI interface. Use with caution > in scripts. > > > debian-archive-keyring is already the newest version > (2019.1). > debian-archive-keyring set to manually > installed. > The following additional packages will be > installed: > bc binutils binutils-common binutils-x86-64-linux-gnu build- > essential bzip2 > ca-certificates cpp cpp-8 curl dbus dctrl-tools debian-cd > dirmngr > distro-info-data dose-distcheck dosfstools dpkg-dev fakeroot > file > fontconfig-config fonts-dejavu-core fonts-droid-fallback fonts- > noto-mono g++ > g++-8 gcc gcc-8 ghostscript gnupg gnupg-l10n gnupg-utils gpg gpg- > agent > gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv gsfonts hfsutils > iso-codes > isolinux krb5-locales libalgorithm-diff-perl libalgorithm-diff-xs- > perl > libalgorithm-merge-perl libapparmor1 libapt-inst2.0 libarchive13 > libasan5 > libassuan0 libatomic1 libavahi-client3 libavahi-common-data > libavahi-common3 > libbinutils libbsd0 libburn4 libc-dev-bin libc6-dev libcc1-0 > libcups2 > libcupsfilters1 libcupsimage2 libcurl4 libdbus-1-3 libdpkg-perl > libexpat1 > libfakeroot libfile-fcntllock-perl libfontconfig1 libfreetype6 > libgcc-8-dev > libgdbm-compat4 libgdbm6 libgomp1 libgpgme11 libgpm2 libgs9 libgs9- > common > libgssapi-krb5-2 libicu63 libidn11 libijs-0.35 libisl19 > libisoburn1 > libisofs6 libitm1 libjbig0 libjbig2dec0 libjpeg62-turbo libjte1 > libk5crypto3 > libkeyutils1 libkrb5-3 libkrb5support0 libksba8 liblcms2-2 libldap- > 2.4-2 > libldap-common liblocale-gettext-perl liblsan0 liblua5.2-0 > libmagic-mgc > libmagic1 libmpc3 libmpdec2 libmpfr6 libmpx2 libncurses6 > libnetpbm10 > libnghttp2-14 libnpth0 libnspr4 libnss3 libopenjp2-7 libpaper- > utils > libpaper1 libpcre2-8-0 libperl5.28 libpng16-16 libpopt0 > libpsl5 > libpython3-stdlib libpython3.7-minimal libpython3.7-stdlib > libquadmath0 > libreadline7 librpm8 librpmio8 librtmp1 libsasl2-2 libsasl2-modules > libsasl2-modules-db libsqlite3-0 libssh2-1 libssl1.1 libstdc++-8- > dev > libtiff5 libtsan0 libubsan1 libwebp6 libxml2 libyaml-0-2 linux- > libc-dev > lsb-base lsb-release lynx lynx-common make manpages manpages-dev > mime-support mtools netbase netpbm openssl patch perl perl-modules- > 5.28 > pinentry-curses poppler-data publicsuffix python-apt-common python3 > python3-apt python3-chardet python3-debian python3-minimal > python3-pkg-resources python3-simple-cdd python3-six python3-yaml > python3.7 > python3.7-minimal readline-common reprepro rpm-common rsync > sensible-utils > syslinux-common syslinux-utils tofrodos ucf wget xorriso xz-utils > [...] > Selecting previously unselected package g++- > 8. > Preparing to unpack .../044-g++-8_8.3.0-6_amd64.deb > ... > Unpacking g++-8 (8.3.0-6) > ... > > dpkg: error processing archive /tmp/apt-dpkg-install-x4yofK/044-g++- > 8_8.3.0-6_amd64.deb (--unpack): > error creating directory './usr/share/doc/gcc-8-base/C++': No space > left on device > tar: ./prerm: Cannot open: No space left on > device > tar: Exiting with failure status due to previous > errors
Remove package file from cache as soon as it is installed
Hello, Is there a way, when using apt to install packages, to delete the package file from /var/cache as soon as it is installed? I am running a package installation inside docker:stable, and it fails in the middle, with no space left on device. Otherwise, is there an option to increase the docker image before installing it? Thanks, André
Re: Get the timezone from an IP address
On Wed, 2019-05-08 at 15:03 -0400, Michael Stone wrote: > On Wed, May 08, 2019 at 07:43:58PM +0100, André Rodier wrote: > > Is there any way - or Debian package - to know the timezone from an IP > > address, or at least from a country? I have successfully used the geoip > > databases to get the country, so I could use the main city as an > > approximation. > > > > I would prefer to do this offline, though. > > You can get a guess on lat/lon for an IP and then get the TZ for the > coordinates. Lots of options there, e.g.: > https://stackoverflow.com/questions/16086962/how-to-get-a-time-zone-from-a-location-using-latitude-and-longitude-coordinates > Thanks, I will check this as well, a lot of links! -- André
nscd errors with AppArmor
Hello all, I have an annoying bug or something not configured properly with the nscd library, that is visible with AppArmor. This is happening at least with Apache and Dovecot. With Dovecot: > Feb 15 06:51:19 portal kernel: [2105960.896749] audit: type=1400 > audit(1550213479.204:6722): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=6180 > comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 15 07:04:30 portal kernel: [2106752.493506] audit: type=1400 > audit(1550214270.805:6723): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=6653 > comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 15 07:47:27 portal kernel: [2109329.163406] audit: type=1400 > audit(1550216847.487:6724): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=8221 > comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > With Apache: > Feb 15 06:25:22 portal kernel: [2104404.314334] audit: type=1400 > audit(1550211922.612:6713): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/sbin/apache2" name="var/cache/nscd/hosts" pid=5144 > comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 15 06:25:22 portal kernel: [2104404.678807] audit: type=1400 > audit(1550211922.976:6714): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/sbin/apache2" name="var/cache/nscd/passwd" pid=5144 > comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 15 06:25:22 portal kernel: [2104404.679772] audit: type=1400 > audit(1550211922.980:6715): apparmor="DENIED" operation="file_mmap" > info="Failed name lookup - disconnected path" error=-13 > profile="/usr/sbin/apache2" name="var/cache/nscd/group" pid=5144 > comm="apache2" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Basically, the query to open nscd cache files is missing the heading '/' character. Does anyone has an idea where this is coming from? Thanks, André -- André Rodier HomeBox: https://github.com/progmaticltd/homebox
Re: Debian on Phone as webserver
On 2018-12-13 22:13, Marek Mosiewicz wrote: W dniu 13.12.2018, czw o godzinie 20∶55 +, użytkownik André Rodier napisał: On 2018-12-13 17:31, Marek Mosiewicz wrote: > I'm just about having static IP for my LTE connection. > > That brings me to some idea. What about having install Debian on > ARM > old phone to have it as web server. They have quite modern hardware > and > this is of course depending on web application, but I suspect that > ordinary PHP website could be served quite easily. > > It can be connected to web as LTE or be bounded to router location > via > WiFi or USB cable (that is for sure can be done) > > Battery means that it can monitor easily possible shutdown of > system. > > Are there any experiences with installing Debian on phones ? Hello Marek, Interesting, thanks for the feedback. - In which country you are ? Poland - Is the static IP address is IPv4 or IPv6 ? I have dynamic IP4 address - Are the ports 25 and 587 are open, or there are restrictions? I have mail server on OVH server. I bought there VPS (I had is sometime before, even root server time ago). But realizing how much RAM requires java CMS I liked I just thought maybe there is something different. On my machine ports are closed. Router should also have no this port open By the way such phone server could also hold mailbox. Just have some good backup tool - Do you have access to reverse DNS There is no reverse DNS set. Actually I have no experience with reverse DNS. How it is set if there is many web virtual hosts on same machine. - How much you pay per month I pay about $30 a year for mail hosting. $15 monthly for VPS and $10 and $15 monthly for LTE Thanks for your answer. Kind regards, André Sorry, I am interested in the details of the static IP address with your mobile broadband. Kind regards, André -- https://github.com/progmaticltd/homebox
Re: Email tutorial?
On 2018-04-24 20:56, J.W. Foster wrote: I am trying once again to get an email server to run on my server. I NEED a qualified tutorial or some real assistance in getting it operational and secure. I am aware that there are MANY primers or docs on this. Problem is they like most are done for an individuals system and are not really designed for my system. So here is what I'm working with: 1. all IP addresses are DHCP regulated by Spectrum internet. 2. I do have a fully functioning Mediawiki website running on this server and it is just fine. Spectrum doesn't often change the IP addresses. 3. I have installed Dovecot and Postfix out of the box with no changes, for MTA and mail server 4. I have Thunderbird as my MUI. 5. All this is running on a system using Debian 9 (stable) with plenty of CPU and memory horsepower for the job. I want to use this system to both send and receive email ONLY for this server. There is only one user account currently and that is mine. I need to be able to allow my Mediawiki system send replies to my membership and to receive queries and emails from that membership. Ther may be additional user accounts that need to be set up but for now, only mine. I have been sort of able to send a few test emails to my secondary testing account locally. Sending to an outside system such as my own Gmail or Yahoo simply does not work. I was getting an error message but I reinstalled everything again and am still getting that message> An error occurred while sending mail. The mail server responded: 4.7.1: Relay access denied. Hello J.W., I understand your point, about the tutorials on internet. Most of the them are covering a small part of email hosting and a lot of other aspects are simply ignored. I would not put my emails live with doing only just what these tutorials are explaining. I have hosted my emails for a while, now, and I recently started a project on Github that may suit your needs. The principle is to deploy a mail server on a Debian standard server, without installing anything from source or a git repository. Only Debian packages from maintained repositories. Instead of being a long and theoretical tutorial, it is a set of Ansible scripts. It is also oriented towards security and stability, thanks to Debian. As you could read in the other answers, having an IP address that change from time to time may affect your delivery, and TTL is perhaps the best solution. The project I have started also covers this aspect, to a certain extent. One solution that works for me, when my server is offline: I have setup a backup MX record using the DNS provider (Gandi) and I get emails automatically from this server when connecting. The script is setting this up very easily. Your only concern would be someone setting up am catchall server and waiting for his server to receive emails from your domain. If you are receiving personal and confidential email, I suggest you not to do it, except if all emails are encrypted. My project is meant to be at home, but I think it should be fine if you are using a remote server. You may have to set the AppArmor flag to false, as the scripts are deploying AppArmor profiles by default. https://github.com/progmaticltd/homebox Kind regards, André
hosting emails at home
Hello everyone, I have been using Postfix and Dovecot on Debian (Since potato) for my personal emails for years. After being tired of reinstalling my personal mail server many times, I am currently writing some Ansible scripts to do it automatically. I obviously checked the other projects, and did not found anything close to what I am looking for, so I am implementing it now. The final goal is to have a box that once online, would setup itself, by creating the certificates, the DKIM keys and update the appropriate DNS records. This is so far what I have achieved: - Automatic generation of certificates using LetsEncrypt - Automatic update of the domain entries: imap, smtp, webmail, etc. - Automatic generation of a DKIM keys - Automatic update of specific records (MX, SPF, DKIM, etc.) - LDAP server for user accounts, with or without system login. - Installation of Postfix, Dovecot and Roundcube Sending DKIM signed emails is working, and the IMAP server is configured as well, although basic. The postfix and dovecot configuration are not yet entirely finished. I am planing to add an anti spam system, and sieve, amongst other things. Although in development during my spare time, the system is normally robust and you should be able to run it multiple times without errors. If anyone is interested to use it, to have a look, or to take part, it is here: https://github.com/progmaticltd/homebox Kind regards, André Rodier.
LVM replication between two computers
Hello all, I have a Debian Wheezy based virtualizer, with software raid properly configured :-) I would like to try DRBD/GFS2 clustering, on top of an LVM, using this link: http://www.drbd.org/users-guide/s-lvm-lv-as-drbd-backing-dev.html So far, the logical stack would be like this: 2 - GFS2 2 - DRBD 1 - LVM 0 - RAID1 Now, some questions: 1) At the moment, I have only one computer available, so is it possible to start a DRBD cluster with only one computer, and add a second computer later. 2) Is it really wise to use a so complex stack to host virtual machines? 3) Would it be faster to use directly LVM volumes to host virtual machines? 4) Would it be better to use another stack, for instance DRBD on top of software RAID? 5) Is DRBD is the best solution to replicate LVM modules easily with two computers? My final goal is to be able to do live migration, between two or more virtual machines hosts, without using a shared storage. Thanks for your advices Andre Rodier. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/18a762b23713488139756f2e42f10...@webmail2.rodier.me
Re: LVM replication between two computers
On 2014-05-09 13:15, Denis Witt wrote: On Fri, 09 May 2014 12:14:50 +0100 André Rodier an...@rodier.me wrote: 1) At the moment, I have only one computer available, so is it possible to start a DRBD cluster with only one computer, and add a second computer later. Yes, but you can't test certain things. What you can do is to set up Xen on your Machine and create two hosts for testing. The downside is that if you doesn't want to keep Xen you have to set up anything again when you second physical machine is available. 2) Is it really wise to use a so complex stack to host virtual machines? 3) Would it be faster to use directly LVM volumes to host virtual machines? Works fine for me (except I don't use GFS2). As I use a Failover-Cluster-Setup I have a classic primary/secondary-DRBD-Setup. So there is no need for a Cluster-Filesystem, as only one DRBD-Drive is active (mounted). I use ext4. 4) Would it be better to use another stack, for instance DRBD on top of software RAID? I'm using it that way (in fact I use a hardware RAID10, but did some tests before using mdadm, works fine too.) 5) Is DRBD is the best solution to replicate LVM modules easily with two computers? I replicate the ext4, not the LVM. My Machines are Xen-DomUs having no knowledge that their drives have LVM-Support at all. Only the Dom0s have access to LVM. But from the top of my head I could not think of any problems replicating the LVM itself. My final goal is to be able to do live migration, between two or more virtual machines hosts, without using a shared storage. Using it for more than a year now, together with pacemaker/corosync, without problems on about 35 machines. Regards. Thanks a lot for all these information. Andre Rodier. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/f98b7062990500d587ef17e895d11...@webmail2.rodier.me
dovecot version in debian wheezy
Hello all, The version packaged in Debian wheezy (2.1.7) contains a bug with the solr plugin that prevent indexing a large number of folders(#704422). Does anyone knows how to compile properly a most recent version on Debian? Thanks André -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51da5537.9000...@gmail.com
Problème de routage en PLIP
Salut à tous ! Je cherche désespérément à utiliser une liaison PLIP entre un portable et une passerelle. La passerelle fonctionne déjà avec un autre PC, via une carte réseau 1Mbps, et ceci fonctionne bien. par contre, le portable semble ne pas vouloir utiliser la passerelle, et les pings vers mon fai restens sans réponse. Les pings entre le portable et la passerelle fonctionnent, (ils se voient). C'est donc un problème de configuration de la route, du portable vers la passerelle. Quelqu'un pourrait-il m'expliquer la syntaxe bizarre de la commande route, et m'indiquer quelles sont les commandes pour configurer la route. Sur le portable, j'ai essayé : route add default gw serveur netmask 255.255.255.0 dev plip0 mais ensuite, les pings envoyés vers mon DNS restent sans réponses. Il y a bien un mini howto, en français, mais je le trouve confu, et il date un peu. Merci de votre aide.