mccarthy.hcoop.net is our first Debian Jessie VM, and is intended to run mail services and the member portal.

1. The Ugly

ServerDeleuze decided to start dying one day so a few evils were committed in moving services.

1.1. Exim

Installed exim4-daemon-heavy procmail, merged deleuze's config onto the current Debian base exim4 config. No config package has been created.

Added /etc/ferm/service.d/...

2. Setup Issues

• Fix fail2ban
  • ferm resets rules ever time it reloads. Add a ferm hook to reload fail2ban on firewall reload

• sudo $command > file does not work, piping does however. Probably a new sudo option to detect output redirection and squelch output.

• systemd work:
  • domtool unit files seem to work OK so far
  • ferm is likely starting earlier than it should be, and may fail if the generated config references any pts users

  • dnscache-run starts very late by virtue of daemontools starting late. Either hack daemontools to be WantedBy=nss-lookup.target (systemd equiv of LSB $named service), or make dnscache-run a native systemd service.

    • Hacked momentarily by adding Google DNS servers as backups

CategorySystemAdministration