Table of Contents
- INPROGRESS Project Tree KICKASS
- DONE Open source infrastructure
- DONE Make website
- NEXT Review pond.imperialviolet.org
- NEXT Make sure everything gets more and more backed up in my existing infra roles
- WAITING Address FIXMEs in the Postgres role tasks
- WAITING Peer with Ian WAITING
- CANCELLED Peer with Torrie WAITING
- WAITING Peer with Robbie WAITING
- NEXT Add gpg key Ids to disk labels
- CANCELLED Add ianweller to git01
- Specific Host Work
- Kickass Systems Core Service Proposal NOTE
- NEXT Kickass Systems Mission Statement
- generating SSL CA NOTE
- See Also
My friends and I are building a VPN Darknet. We're stringing together TINC nodes, Kerberos and LDAP to create a base-layer for self-hosted services ranging from code hosting to IRC to Diaspora to Ceph.
I wrote a lot about this in my Off the Grid blog post. This is basically an excuse to build out a fun distributed network and build distributed services on top of them.
- INPROGRESS Create a virtualserver for mail01
- NEXT Install dovecot on mail01
- INPROGRESS design relay system for mail01 postfix
- WAITING Sync IMAP over to mail01
- WAITING Integrate LDAP login to mail01 dovecot
- WAITING Integrate LDAP login to mail01 postfix
- WAITING Update MX records
- WAITING Set up rss2email on mail01
- WAITING kill rs3
- WAITING Figure out how to get wallace to stop holding messages
error: uncaptured python exception, closing channel <smtpd.SMTPChannel connected 127.0.0.1:53692 at 0x1376fc8> (<type 'exceptions.UnicodeDecodeError'>: 'utf8' codec can't decode byte 0xb4 in position 5639: invalid start byte [/usr/lib64/python2.6/asyncore.py|read|78] [/usr/lib64/python2.6/asyncore.py|h andlereadevent|428] [/usr/lib64/python2.6/asynchat.py|handleread|158] [/usr/lib64/python2.6/smtpd.py|foundterminator|184] [/usr/lib/python2.6/site- packages/wallace/_init_.py|processmessage|249] [/usr/lib64/python2.6/json/_init_.py|dumps|230] [/usr/lib64/python2.6/json/encoder.py|encode|367] [/usr/lib64/python2.6/json/encoder.py|iterencode|309] [/usr/lib64/python2.6/json/encoder.py|iterencodedict|275] [/usr/lib64/python2.6/json/encoder.py |iterencode|294])
DONE Make website
NEXT Review pond.imperialviolet.org
file:///home/rrix/Projects/devops/roles/postgres/tasks/main.yml::# FIXME: Get rid of this shit.
Specific Host Work
- CANCELLED Create SSL certificates for cloud01, and make owncloud use them
- CANCELLED Make cloud01 work with selinux enabled
- NEXT Feed ZNC logs in to ElasticSearch
DONE Review and Provide feedback on http://frields.org/~ianweller/pop-proposal.txt
- NEXT attach a file to this with photo of page in note book
- Things to VM
- bridge guests on to network
- files + backups are encrypted via LUKS with seperate keys
- hypervisor runs NFS or sshfs and CIFS
A core service is a service which any registered user of Kickass Systems has the ability to use. Core Services are not necessarily a part of the core infrastructure, they do not need to be critical for the healthy function of the network to qualify as a Core Service.
Core Services exist as shared resources and projects for the entire community and works towards reaching the goal of providing an entire suite of infrastructure and tools the members of Kickass Systems want to use.
- Proposal Process
Services are proposed as Service Proposals on Discourse.
- Answer the following questions:
- Brief description of the system, and its purpose for the network
- Is the service already deployed on Kickss Systems as a non-Core Service?
- Will it integrate with LDAP SSO?
- Who will own and manage the system?
- What resources will be required?
- Where will the service be hosted?
- If the service is already deployed, what is its current internal and external URI?
- What is the expected SLA of the service?
- Create a Page on the wiki answering these questions
- Create a post on Discourse linking to the wiki page
- Answer the following questions:
- Approval Process
There will be a seven day discussion period from the time the proposal is posted to Discourse.
Approval process is based on consensus with limited blocking. Consent is implied unless issues are actively raised. Discussion of service proposal does not itself imply a block, only an explicit "-1" is a block.
A service can be implemented with consensus or a single block, two or more blocks require changes and the voting period is extended another 7 days. If at the end of the seven day period, there are still blocks, the proposal is scrapped and most be re-proposed at a later time.
Core Services are given:
- A CNAME hanging directly off of
- Monitoring with the Core Services Nagios infrastructure
- SHOULD have a well defined SLA
- MUST integrate with core single sign on infrastructure
- MUST NOT discriminate in who may use the service
- Services MAY have multiple user tiers, especially when service is resource intensive, such as shell or storage