Re: [Tails-dev] Tails Server: updated plan and GSoC!

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Tails Server: updated plan and GSoC!
anonym wrote (23 Mar 2016 12:32:15 GMT) :
> * The scripts configuration bits should be idempotent and always ensure
> that the full expected configuration is in place: this simplifies things
> a lot and generally results in more robustness by making sure we don't
> end up in "half-configured" broken states that we cannot automatically
> recover from, and by making many assumptions explicit and handled.


Just in case those who will make it happen are excited about it:
a tool Ansible or Puppet would help providing the idempotent property.

> * It's pretty nice to use Debian's default configuration as templates
> since they generally set sane and secure settings by default, and are
> maintained. Since this implies that we have to patch an existing
> configuration, I expect us to end up using ugly regex-based solutions,
> but I think it provides so many advantages that it is worth it.
> Otherwise we could provide our own template configurations and use ERB,
> but then we need to maintain these ourselves (e.g. sync with Debian's
> configurations regularly) and I expect it will make user modifications
> to configurations much harder to support.


Thankfully this is not a new problem, and there are existing solutions
around for many file formats, that avoid having to write the Nth
half-working parser for them; e.g. Augeas is pretty good.

Config::Model might be worth looking at as well, but I have no
experience with it personally (IIRC bertagaz looked into it years
ago though).

Cheers!
--
intrigeri