summaryrefslogtreecommitdiff
path: root/architecture
diff options
context:
space:
mode:
Diffstat (limited to 'architecture')
-rw-r--r--architecture/features.mdwn6
-rw-r--r--architecture/mail.mdwn6
-rw-r--r--architecture/needed_admin_infrastructure.mdwn7
-rw-r--r--architecture/needed_user_facing_infrastrucutre.mdwn18
4 files changed, 37 insertions, 0 deletions
diff --git a/architecture/features.mdwn b/architecture/features.mdwn
new file mode 100644
index 0000000..638ca12
--- /dev/null
+++ b/architecture/features.mdwn
@@ -0,0 +1,6 @@
+An in-distributed-repo model for
+- code
+- blogs
+- bugs
+- web pages
+- [[mail]]
diff --git a/architecture/mail.mdwn b/architecture/mail.mdwn
new file mode 100644
index 0000000..61bbfcd
--- /dev/null
+++ b/architecture/mail.mdwn
@@ -0,0 +1,6 @@
+I can presumably get mailing lists into ikiwiki using one of the following:
+
+- MLM+Ikiwiki [comment-by-mail plugin](http://ikiwiki.info/todo/comment_by_mail/)
+- MLM+Ikiwiki [mailbox plugin](http://pivot.cs.unb.ca/git/?p=ikimailbox.git;a=summary)
+
+But how would we get it into git? Might we have to do that externally?
diff --git a/architecture/needed_admin_infrastructure.mdwn b/architecture/needed_admin_infrastructure.mdwn
new file mode 100644
index 0000000..ff4b5a1
--- /dev/null
+++ b/architecture/needed_admin_infrastructure.mdwn
@@ -0,0 +1,7 @@
+- DONE: HTTP AUTH from PAM through the magic of mod-auth-pam
+- DONE: HTTP access from /etc/group through the magic of mod-auth-sys-group
+- DONE: Shell security through rbash and privilege escalation security (for mkwiki, mkuser, etc) through sudo
+- DONE: Guaranteed namespace coherence with the vhosting of cgi, secure, and normal with the aid of a wildcard SSL certificate
+- TODO: Work out how to get a wildcard SSL certificate through browser-trusted PKI infrastructure.
+- TODO: Work out how to get client SSL certificates to work through browser-trusted PKI infrastructure, though I don't know if we'll ever really care about this.
+- TODO: Work out how to pass mailing list emails around. Probably either ssh or vserver namespace magic.
diff --git a/architecture/needed_user_facing_infrastrucutre.mdwn b/architecture/needed_user_facing_infrastrucutre.mdwn
new file mode 100644
index 0000000..5a487f7
--- /dev/null
+++ b/architecture/needed_user_facing_infrastrucutre.mdwn
@@ -0,0 +1,18 @@
+It'd be nice to maintain feature parity between command line access and web access.
+
+[[!table data"""
+feature|command line|web
+anonymous account creation|TODO: ssh createuser@piny.svcs.cs.pdx.edu|TODO: CGI frontend to adduser
+password modification|DONE: ssh piny /srv/rbin/passwd|TODO: Authen::PAM chauthtok CGI jblake: the pam interface was *really* not designed with http in mind though if you hard-code the interaction script it's not hard at all
+wiki creation|TODO: ssh piny /srv/rbin/mkwiki|TODO: CGI frontend
+wiki user management|TODO: cmdline frontend to adduser user group |TODO: CGI frontend
+[[mailing list addition|mail]]|TODO: ssh piny /srv/rbin/addlist|TODO: CGI frontend
+authorized_keys modification|TODO: cmdlind frontend to cat > ~/.ssh/authorized_keys|TODO: CGI frontend, though i am not convinced anyone would care
+wiki modification|TODO: ssh piny /srv/rbin/chwiki|TODO: CGI frontend
+"""]
+
+Eventually:
+- configuration for globally writable repos vs. group writable repos
+- configuration for globally readable repos vs. group readable repos
+
+- SSL client keys for folks who hate HTTP AUTH? (all one of me)