From b612d640d0c4a1e4c5105914007e527fa80db17a Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Sun, 26 Apr 2009 20:48:01 -0700 Subject: Adding architecture features and planning --- architecture/features.mdwn | 6 ++++++ architecture/mail.mdwn | 6 ++++++ architecture/needed_admin_infrastructure.mdwn | 7 +++++++ architecture/needed_user_facing_infrastrucutre.mdwn | 18 ++++++++++++++++++ 4 files changed, 37 insertions(+) create mode 100644 architecture/features.mdwn create mode 100644 architecture/mail.mdwn create mode 100644 architecture/needed_admin_infrastructure.mdwn create mode 100644 architecture/needed_user_facing_infrastrucutre.mdwn diff --git a/architecture/features.mdwn b/architecture/features.mdwn new file mode 100644 index 0000000..638ca12 --- /dev/null +++ b/architecture/features.mdwn @@ -0,0 +1,6 @@ +An in-distributed-repo model for +- code +- blogs +- bugs +- web pages +- [[mail]] diff --git a/architecture/mail.mdwn b/architecture/mail.mdwn new file mode 100644 index 0000000..61bbfcd --- /dev/null +++ b/architecture/mail.mdwn @@ -0,0 +1,6 @@ +I can presumably get mailing lists into ikiwiki using one of the following: + +- MLM+Ikiwiki [comment-by-mail plugin](http://ikiwiki.info/todo/comment_by_mail/) +- MLM+Ikiwiki [mailbox plugin](http://pivot.cs.unb.ca/git/?p=ikimailbox.git;a=summary) + +But how would we get it into git? Might we have to do that externally? diff --git a/architecture/needed_admin_infrastructure.mdwn b/architecture/needed_admin_infrastructure.mdwn new file mode 100644 index 0000000..ff4b5a1 --- /dev/null +++ b/architecture/needed_admin_infrastructure.mdwn @@ -0,0 +1,7 @@ +- DONE: HTTP AUTH from PAM through the magic of mod-auth-pam +- DONE: HTTP access from /etc/group through the magic of mod-auth-sys-group +- DONE: Shell security through rbash and privilege escalation security (for mkwiki, mkuser, etc) through sudo +- DONE: Guaranteed namespace coherence with the vhosting of cgi, secure, and normal with the aid of a wildcard SSL certificate +- TODO: Work out how to get a wildcard SSL certificate through browser-trusted PKI infrastructure. +- TODO: Work out how to get client SSL certificates to work through browser-trusted PKI infrastructure, though I don't know if we'll ever really care about this. +- TODO: Work out how to pass mailing list emails around. Probably either ssh or vserver namespace magic. diff --git a/architecture/needed_user_facing_infrastrucutre.mdwn b/architecture/needed_user_facing_infrastrucutre.mdwn new file mode 100644 index 0000000..5a487f7 --- /dev/null +++ b/architecture/needed_user_facing_infrastrucutre.mdwn @@ -0,0 +1,18 @@ +It'd be nice to maintain feature parity between command line access and web access. + +[[!table data""" +feature|command line|web +anonymous account creation|TODO: ssh createuser@piny.svcs.cs.pdx.edu|TODO: CGI frontend to adduser +password modification|DONE: ssh piny /srv/rbin/passwd|TODO: Authen::PAM chauthtok CGI jblake: the pam interface was *really* not designed with http in mind though if you hard-code the interaction script it's not hard at all +wiki creation|TODO: ssh piny /srv/rbin/mkwiki|TODO: CGI frontend +wiki user management|TODO: cmdline frontend to adduser user group |TODO: CGI frontend +[[mailing list addition|mail]]|TODO: ssh piny /srv/rbin/addlist|TODO: CGI frontend +authorized_keys modification|TODO: cmdlind frontend to cat > ~/.ssh/authorized_keys|TODO: CGI frontend, though i am not convinced anyone would care +wiki modification|TODO: ssh piny /srv/rbin/chwiki|TODO: CGI frontend +"""] + +Eventually: +- configuration for globally writable repos vs. group writable repos +- configuration for globally readable repos vs. group readable repos + +- SSL client keys for folks who hate HTTP AUTH? (all one of me) -- cgit v1.2.3