fripost-ansible - Fripost ansible scripts

	Commit message (Collapse)	Author	Age	Files
*	Remove the IMAP caching proxy.	Guilhem Moulin	2016-05-28	1
\| \| \| \| \| \| \| \| \|	Dovecot imapc requires two authentication rounds to the IMAP backend for each connection. It seems suboptimal that Roundcube keeps connecting to the IMAP server for each new connection, but benchmarks shows little advantage in caching the IMAP sessions with imapproxy: http://www.dovecot.org/list/dovecot/2012-February/133544.html
*	Dovecot imapc: use the version from jessie-backports.	Guilhem Moulin	2016-05-23	1
\| \| \| \| \|	Since many bug have been fixed since 2.2.13, and we really want passthrough search on the caching proxy.
*	Dovecot imapc: don't hardcode the master IMAP server's IP.	Guilhem Moulin	2016-05-23	1
\|
*	Dovecot imapc: change imapproxy's homedir from /home/imapproxy to ↵	Guilhem Moulin	2016-05-22	1
\| \| \| \|	/var/lib/imapproxy.
*	IMAP proxy: copy only the leaf cert, not the whole chain.	Guilhem Moulin	2016-05-22	1
\| \| \| \|	The comment regarding stunnel4 seems to not be relevant any longer.
*	Use systemd unit files for stunnel4.	Guilhem Moulin	2016-05-12	1
\|
*	Rename imap.conf → roundcube.conf	Guilhem Moulin	2015-06-07	1
\|
*	wibble	Guilhem Moulin	2015-06-07	1
\|
*	stunnel.conf → imap.conf	Guilhem Moulin	2015-06-07	1
\|
*	Prefer '/usr/sbin/nologin' over '/bin/false' for system users.	Guilhem Moulin	2015-06-07	1
\|
*	Upgrade the webmail configuration from Wheezy to Jessie.	Guilhem Moulin	2015-06-07	1
\|
*	Don't auto-create home directories when adding system users.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	Unlike adduser(8), ansible's 'user' module copies skeletal configuration files even for system users (unless called with createhome=no).
*	Use stunnel to secure the connection from the IMAP proxy to the IMAP server.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \| \|	The reason is that we don't want to rely on CAs to verify the certificate of our server. Dovecot currently doesn't offer a way to match said cert against a local copy or known fingerprint. stunnel does.
*	Revert dovecot (imapc) to stable (2.1.7-7+deb7u1).	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There seem to be multiple bugs with the version from wheezy-backports (2.2.9-1~bpo70+1), and the client is killed on THREAD commands: guilhem@elefant:~$ telnet localhost 143 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a LOGIN guilhem xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY] Logged in b SELECT INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \)] Flags permitted. 8060 EXISTS * 0 RECENT * OK [UIDVALIDITY 1302032711] UIDs valid * OK [UIDNEXT 78905] Predicted next UID * OK [NOMODSEQ] No permanent modsequences b OK [READ-WRITE] Select completed (0.395 secs). c THREAD REFERENCES UTF-8 ALL Connection closed by foreign host. :/var/log/syslog Jun 27 21:58:01 elefant dovecot: imap(guilhem@fripost.org): Fatal: master: service(imap): child 24907 killed with signal 11 (core dumps disabled) Jun 27 21:58:01 elefant kernel: [248570.057270] imap[24907]: segfault at 400 ip 00007f7651596e09 sp 00007fff6e267760 error 4 in libdovecot.so.0.0.0[7f765153a000+cc000] Other (less scary) errors can be found in the syslog: Jun 27 20:26:09 elefant dovecot: imap(xxxx@fripost.org): Error: file_dotlock_open() failed with file /home/imapproxy/fripost.org/xxxx/imapc/dovecot.list.index.log: No such file or directory Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Error: imapc(imap.fripost.org:993): Command '11 APPEND "Sent" (\Seen) {2512485}' timed out, disconnecting Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Error: imapc: COPY failed: Disconnected from server Jun 27 21:30:10 elefant dovecot: imap(xxxx@fripost.org): Disconnected: IMAP session state is inconsistent, please relogin. in=2512632 out=969 This is infortunate as we cannot benefit from the 'fetch-headers' imapc_features right now. However, the bugs (at least the segfault) seems to be fixed as of 2.2.13-1, the version which can currently be found in testing. Hopefully it'll be backported soon :-)
*	Install dovecot from backports (for imapc).	Guilhem Moulin	2015-06-07	1
\| \| \| \| \|	Interesting features include caching of mail headers (v2.2.8+) as well as new IMAP capabilities.
*	Assume a DNS entry for each role.	Guilhem Moulin	2015-06-07	1
\| \| \| \| \| \|	E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
*	Use a local IMAP caching proxy under the webmail.	Guilhem Moulin	2015-06-07	1
	(Unless the webmail is itself a full IMAP server.) It replaces RoundCube's own IMAP and message caches. Dovecot's IMAPC storage backend is not very documented, but provides smart IMAP proxying. References include: http://dovecot.org/pipermail/dovecot/2011-January/056975.html http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/Migration/Dsync