diff options
Diffstat (limited to 'architecture')
-rw-r--r-- | architecture/features.mdwn | 7 | ||||
-rw-r--r-- | architecture/mail.mdwn | 6 | ||||
-rw-r--r-- | architecture/needed_admin_infrastructure.mdwn | 5 | ||||
-rw-r--r-- | architecture/needed_user_facing_infrastructure.mdwn | 23 |
4 files changed, 41 insertions, 0 deletions
diff --git a/architecture/features.mdwn b/architecture/features.mdwn new file mode 100644 index 0000000..fbdedb2 --- /dev/null +++ b/architecture/features.mdwn @@ -0,0 +1,7 @@ +An in-distributed-repo model for + +- code +- blogs +- bugs +- web pages +- [[mail]] diff --git a/architecture/mail.mdwn b/architecture/mail.mdwn new file mode 100644 index 0000000..61bbfcd --- /dev/null +++ b/architecture/mail.mdwn @@ -0,0 +1,6 @@ +I can presumably get mailing lists into ikiwiki using one of the following: + +- MLM+Ikiwiki [comment-by-mail plugin](http://ikiwiki.info/todo/comment_by_mail/) +- MLM+Ikiwiki [mailbox plugin](http://pivot.cs.unb.ca/git/?p=ikimailbox.git;a=summary) + +But how would we get it into git? Might we have to do that externally? diff --git a/architecture/needed_admin_infrastructure.mdwn b/architecture/needed_admin_infrastructure.mdwn new file mode 100644 index 0000000..7591b96 --- /dev/null +++ b/architecture/needed_admin_infrastructure.mdwn @@ -0,0 +1,5 @@ +- DONE: HTTP AUTH from PAM through the magic of mod-auth-pam +- DONE: HTTP access from /etc/group through the magic of mod-auth-sys-group +- DONE: Shell security through rbash and privilege escalation security (for mkwiki, mkuser, etc) through sudo +- DONE: Guaranteed namespace coherence with the vhosting of cgi, secure, and normal with the aid of a wildcard SSL certificate +- TODO: Work out how to pass mailing list emails around. Probably either ssh or vserver namespace magic. diff --git a/architecture/needed_user_facing_infrastructure.mdwn b/architecture/needed_user_facing_infrastructure.mdwn new file mode 100644 index 0000000..2729859 --- /dev/null +++ b/architecture/needed_user_facing_infrastructure.mdwn @@ -0,0 +1,23 @@ +TODO: user-facing documentation on piny-web + +It'd be nice to maintain feature parity between command line access and web access. + +[[!table data=""" +feature |command line |web +anonymous account creation |DONE: ssh createuser@piny.be |TODO: CGI frontend to adduser +password modification |DONE: /srv/rbin/passwd |TODO: Authen::PAM chauthtok CGI jblake: the pam interface was *really* not designed with http in mind though if you hard-code the interaction script it's not hard at all +repo creation, deletion |DONE: /srv/rbin/newrepo, rmrepo, TODO: lsrepo |TODO: CGI frontend +repo user management |DONE: /srv/rbin/addaccess, rmaccess TODO: lsaccess |TODO: CGI frontend +[[mailing list addition|mail]] |TODO: ssh piny /srv/rbin/addlist |TODO: CGI frontend +authorized_keys modification |TODO: cmdlind frontend to cat > ~/.ssh/authorized_keys |TODO: CGI frontend, though i am not convinced anyone would care +config tweaking |TODO: ssh piny /srv/rbin/chrepo |TODO: CGI frontend +commit access |DONE: git+ssh://piny/srv/whatever.git |DONE: Ikiwiki+mod-auth-sys-group/mod-auth-pam, though I am told there is a magic hook to allow public editing through git:// +"""]] + +Needed config tweakables + +- TODO: globally writable repos vs. group writable repos +- TODO: globally readable repos vs. group readable repos +- TODO: ikiwiki-editable vs. git-only +- TODO: editable ikiwiki templates vs. default layout +- TODO: user-configured domain vs. default piny domain |