Closed besendorf closed 3 years ago
markshep
commented
3 years ago I'm just starting to use homebox to install onto Buster. I've encountered a few issues where the Ansible files are referencing old packages and paths (e.g. PHP 7.0 things rather than PHP 7.3 things in the Roundcube setup) so it doesn't look like it's ready for Buster yet.
markshep
commented
3 years ago The generated dovecot config files included settings that are now obsolete for the version in Debian Buster so I'm destroying the VPS I've been using and spinning up a new one using Debian Stretch.
fredericmoulins
commented
3 years ago Hi,
unfortunately, not all the roles have been checked or made to work for buster. The basics should be quite ok (plus a few changes for ejabberd, cf PRs). Roundcube and Sogo seem to be problematic. I am not sure the preseed has been tested.
The generated dovecot config files included settings that are now obsolete for the version in Debian Buster
@markshep, which settings have you found to be obsolete ?
arodier
commented
3 years ago We are switching to bullseye directly. We have a bullseye branch with a deployment that works, with standard packages. The main settings are use on this branch:
# HomeBox configuration example.
###############################################################################
# Domain and hostname information
network:
domain: homebox.website
hostname: main.homebox.website
external_ip: 140.82.52.222
backup_ip: 2a05:f480:1c00:adf:5400:02ff:fee9:3fa2
###############################################################################
# Users
users:
- uid: victor
cn: Victor Hugo
first_name: Victor
last_name: Hugo
mail: victor@homebox.website
aliases:
- vhugo@homebox.website
- victor.hugo@homebox.website
- uid: camille
cn: Camille Claudel
first_name: Camille
last_name: Claudel
mail: camille@homebox.website
aliases:
- cclaudel@homebox.website
- camille.claudel@homebox.website
- uid: rembrandt
cn: Rembrandt Harmenszoon van Rijn
first_name: Rembrandt
last_name: Harmenszoon
mail: rembrandt@homebox.website
aliases:
- rharmenszoon@homebox.website
- rembrandt.harmenszoon@homebox.website
- uid: antonio
cn: Antonio Vivaldi
first_name: Antonio
last_name: Vivaldi
mail: antonio@homebox.website
aliases:
- tonio@homebox.website
- antonio.vivaldi@homebox.website
###############################################################################
# Email related options
mail:
max_attachment_size: 10 # In megabytes
autoconfig: true # Support Thunderbird automatic configuration
autodiscover: true # Support MS Outlook automatic configuration (uses https)
quota:
default: 250M # Maximum allowed mailbox size for your users.
# The safe maximum value will be automatically computed in a next version.
discard_duplicates: true # Discard duplicates messages.
# It is safe, but you can disable if you are worried
# The default timerange is 1h
#############################################################################
# Dovecot / solr FTS (Full Text search)
fts:
active: false
#############################################################################
# Postfix options
postfix:
mynetworks: ~
#############################################################################
antispam: # Check inbound and outbound emails for viruses
active: true # Activate or not
webui: # rspamd web interface
active: false # Activate or not
antivirus: # Check inbound and outbound emails for viruses
active: true # or false
impersonate: # Activate dovecot "master" user feature, ideal for families and communities
active: false # https://wiki2.dovecot.org/Authentication/MasterUsers
#############################################################################
# Virtual folders
virtual_folders: # Create virtual IMAP folders, like flagged,
active: false # deleted, unread, conversations, etc.
#############################################################################
recipient_delimiter: '+' # The characters you want to use to split email address from mailbox, i.e.:
# when receiving a message to john+lists@example.com, it should go directly to
# the 'lists' folder...
###############################################################################
# System related
system:
release: bullseye
devel: true
debug: true
keep_certs: true
###############################################################################
# Once the system is in place, it is possible to use 'limit' for the rule, instead of any.
# It is also possible to use fail2ban, which is installed anyway
firewall:
fwknop:
install: false
ssh:
- src: 192.168.54.0/24
rule: limit
comment: Allow ssh from LAN
- src: any
rule: deny
comment: Deny SSH from anywhere
###############################################################################
# Extra security values
security:
auto_update: true
dhparam_size: 2048
# various options when luks is installed
luks:
yubikey: false
###############################################################################
# Install a webmail, or not...
webmail:
install: false
###############################################################################
# Install a static web site on www.yourdomain.com
# Still requests two certificates, one for '@' and one for 'www'
website:
install: true
###############################################################################
# Install backup scripts
backup:
install: false
###############################################################################
# Dictionaries to install in the system
dictionaries:
- name: English
id: en
lang: british
- name: French
id: fr
lang: french
###############################################################################
# Jabber server
# The port numbers are not exposed externally, everything
# is behind nginx, in https.
# By default, the server is open to other servers (public flag to true).
# To restrict to only a few domains, set the flag to false, and
# enter the list of domains in the trust array
ejabberd:
install: true
###############################################################################
# Transmission installation
transmission:
install: false
###############################################################################
# Bind server defaults
bind:
# Bind is actually in testing phase, feedback welcome
install: true
# Default servers to forward queries
forward:
- 8.8.8.8
- 8.8.4.4
# Timing configuration (see https://www.ripe.net/publications/docs/ripe-203)
refresh: 86400 # 24 hours
retry: 7200 # 2 hours
expire: 3600000 # 10000 hours
neg_cache_ttl: 172800 # 2 days
ttl: 3600 # 1 hour
# General configuration
mx_priority: 10
# DNSSEC options
dnssec:
active: true
algo: RSASHA256
propagation:
check: false
# Privoxy privacy proxy and the onion router
tor:
install: false
privoxy:
install: false
# Zabbix monitoring
zabbix:
install: false
extra_certs:
- type: gogs
- type: gpg
- type: packages
redirect: false
pgp:
- uid: andre
ascii_armored_public_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.key-server.io
mQINBF0wZ48BEACb/5wRCedJc/cbMyDJtTv2/oHPW5fK0p7j+unML3tjsAq/E3EBi4hY2zCi
UYNhDTGafiYrpxIO9gdNDNCgcfL2f1ZbsgxDlr3zdj6u7yjp2OcBe6g5EiRw0YHDAjFW7WHn
hjND4VqOIy7zt3E24IlB4vgcASXLnib0bEM5hz+0uSM03dAP2e3ic5M45YWIv+6TrJzGxtVo
gkO1+WHjk4/d+qvbbhqzNk5SS2bM39CDaOL1ID9HdQmHJFKwzzqZZiIOKeeOqjG4e7lgrGys
r1Ko2E+oltmlCvJ4i00xdMMysjex6KzxqULxRPSew4WyW/el6FjxYfhuqLkKet2pGhfZjpQ0
9J4jZa40RoHKszPcSXcgIBXuYP8nNMkiN0i5hM4FHbNd9UJ5L4z/A9YX3jwUwJBCqPFCqk9o
UQ4Rw/1AS1ssPgTYMfBqPKIyM9GCRbG8C4OqY6BkKFfQ/g8meVcuXeVGPYfaKhGCbpNYfCwu
cOAS6VN/HR2fUo5oFOmEybuqCxRXtpPiLPvZw00Hzhu69HIPM8MK7ytYqEam8zS2ufhbVKCB
cDzAMNunQhjDPy0jXOaSjBF8ZrIVtJ7YY03pSNaBWsCg4a1hK02IHAuthMRK3m/aekVGk/ZG
LJ9ZjEjje5BjsNKzVjI1D8FNNP/84vs19dtfazOI6fPgUySdDwARAQABtB5BbmRyZSBSb2Rp
ZXIgPGFuZHJlQHJvZGllci5tZT6JAk4EEwEKADgWIQSB0xc3kmxehFUBLp0vQOP/Rbm3HQUC
XTBnjwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAvQOP/Rbm3HVmIEACN33bE46UM
9tu3CHtxjIiR28L4Fgx2IRsvg+S7yNtir9KLcTpDGmvfkimFMpeIUkBonnTsn4szufGFpGMt
UKSmjQueT5YjQK44bDFio/krOnCbTUithlC4R3oT7TI4MqDmLzzUt4PWNzyl1kHuODNQ/eC3
88lVjRTawDn0sNvaa+FXot79E43K9Eq9ZiW78NlJl4KqixBrrIclaAhlS6cft2A1EUQ5ckcG
mLSKsOgcrARBQRONp2TOTG+tGuz1u4Kmh3Ttyr8z1ZeoYkk5OW7sw3sFgfYrhD2jEHzFy7kM
NgU03CmJQ2Ywz8rRmdva/V0tccGL0WoMblaB345HDlIi245j5ENDUspZZcTbrXXqlH+Am0gm
Z1O4reKUxICHnSrCOfvfnn7HYgJBerhNNOBOgBBqO3GcoZDaY+fg+nBgNuziRA4CNH93EAAs
JCv8En6G8hDSZ/LqRBBjfb6ErCWAZ3EUmFLtlNKLQlgRB6Wdn4raEAZANSxvjPDSZMpEsv+H
scJ4rMp5qqRzf8DKmI5kNR7SkSGSXTQzougT1cMEqCWJwreJE9L5nFdDaOloZl24HBazyDg8
IoUdW16fLTXTyDgWU2N+AVpejcRWiAks64ewiqaDjSUMsSZZbBO4lqXQNYkvC9jfMYtO19ml
4toZMOQvhcI5PE1BHpTKzsUtUrkBjQRdMGf0AQwA1hZkX+4ioYcrHtIhIVqvrY9dvYJm7NtH
IaHZIo5Df7Mt4FVCVJ8EpHVh7UirFI7nkCPLT0axkWomRbLwqREQ+kROmC576trx7lN1J2Rv
wlzHz91sqpeDJqe2xpZF+O5jbcJZT3hNxV+BuWI8TBECDEfh8BBOQJJS28MhTcNmSugjwU3X
v+MxPGF6Cc3/iGe6qLJAVJjFovlwZFd5ZN+dq6UaRsGlPNreyx+qHg/f3ONR1Sp9PUFq2qBk
5tUxHVg4nkyyw2IQMOE+6MjcWNc8uYPW82CEEdp2T9I88w6EHtTclUwCkMkz7KXAJs8rH6Vy
asxFdkjmCbl/4OU8mIXMWO4qJJOS7Gqrx3E/R+1jrtA/jrRX/9zyRi+dUXXUTRRKu5vyslTi
25iT3D7e83DQyeZ3NOMz5jQHyYDDHI5zaUvqcgS2B+slDEkRGvhfshWgJjPezgXmBTFQf+Sa
epMjhWUhK/VcseW6jpz2w0CFkm9znaxVKRULB0QwqG/e3Al7ABEBAAGJAjYEGAEKACAWIQSB
0xc3kmxehFUBLp0vQOP/Rbm3HQUCXTBn9AIbIAAKCRAvQOP/Rbm3HbdHD/9Xg03q6h9253TE
rDhEprOI+A+tvZ2pBwy11aM39ZwBEyrDGBP1hm7zHUcpwHPe1FqUKifokPp13OPpM++BROQc
/JO5reioNfu7GNMItE8Qm3uEXA0+QzgBfn4OavOdOeU5DR5kc1QqrfDVtD/GZI5uSl6UZP4c
5oUX+VLB/ylxp0VFtu55ZOF7x0QH/3LABX3Tu/Y7Sw+wJGndKswDXnfDvu7dizhqgDs6GJ2j
rhVv/Ymv+PuQrtf5vdlUv8lcsOYnrWjoBqIA7SHAuJvKOQ88On5YbukhrVPxq6rsmqulgeI0
28llJ55ipvOxuRpjExoTWDavYbrUptM7DJ1tGmT722losBnDy7dVfYze1e9bQuo52kXWhBdl
dSoPWDhSK9v1opKtvC3AMpRbROJQOcpcJZhe4DlKKIlGXcadHdy5sXknnPuPwmfG6pGXILqs
6NlbKXOp1AxqAaKLdftprDmN44/K2sViuRIY33CQEJNzqmFCm00IORz7zbDLjlOl6vZp/o3f
IKv5qmeAb3Hrra3iLoo/6yCjL1seVNWuJxNG6vpC0Lrx3CpVDIbds21/cW3/dQ8cEi7eXFw5
07+X19J3o0pSCdhG8wpElX8LlE0HPImajR70a9zNvlwhAvgfLjx+SIkTCOklcjBvCuZaSAud
1ALhMLhAbFcuWceCI6FE0bkCDQRdMGePARAAsjNPIGb2djJXLLy5qOk1CRwxKrWlyOw3WkZh
z6d9tVGDRzQcMiM3SGQsgZj/cgMVMb4KL8VNHoW4P/e65fRvya9zWBYwuwicc8Yc2lKkzDlH
OBDHc5xsIOzoPoKN9tJ1a+oNnFm9dkL6pfjxX6ZPCKuji8BKmR5c3XRD9lgn+Nr4wd3/me3H
RS3xICkdVtRaNztw/LDjfngvvEvNF4elMAfkv2LPrXvgEhJIap+o1+8JZ1NRGQZIg/7lSDm9
coeJaFouYIVwQePydXSYqkio7KM1/ujtrRs0WQLPFzxtC/qfg8tzvP+HEGnjU9PdyW3D8ko8
VDAV+c5XRg164AjQhjL/u6/eYThE6NDVN2TO9NIi4OodZpiPL4rrIEeNuDs0k+6ov212XUEV
lr0Egnh8EJFZWs3zWnYxYV6W37AaW0RcGHMb6GJCiqUKQgxLqfeDlcyB3eQ5OFHX00AG4zgP
Rrj+Da11SLpQWe0m1ZEitqALYM0ceIs4Ddduo/EWo6k5nvHVr+cx784I5u5fLyv6UUN6og5c
xvjYcOr4Myjcl0Kx79p2FeYmpph3BfGiMpeZY3h4bk8tyg8hbGycu74mxJw/SdCAAWxv/400
ta3Hvy3A/UqjKWtr3b1ZXi1him1v6Ho3h7/Jdhe/wEU3tnU/JjZfm1+i1l3T3ULs+/LyzBcA
EQEAAYkCNgQYAQoAIBYhBIHTFzeSbF6EVQEunS9A4/9FubcdBQJdMGePAhsMAAoJEC9A4/9F
ubcdPDMP/iobCXtDQbee3+YzbQHFWcHfJhuw4VyeJjn61wALNKtMj8olKp1/z1HQDzMh48b7
+RJT6gMMC8X+h4e+APkUsYtg4v1lk44RCLn15g08Pmtk/AkAHCrDyp3I8a9Ow8OTImnMBdTD
YFEyci3rJWfGX2bjhkzMak+P2VX8CPtUfS1fOMZNpkKzyQDdh2DDUet8lWift6grhG6A2S/U
OS0SkXEwNlepPWjmZDn+jzcuC1akaCuykBoMu9CRiPODEfEmxLCFkQP5D5/jUDYprOD6Tn4r
M4lTFbHrk2iFNE6+9bBcojDCeEm+1E63g7nBz+GON4PRvsN+SnleOeP98ISQ4quyv6MZJ21J
OIVzAVOORcvVu1JWssZ+LWCHzwiyC5GoNIRX/2sfvaZtiwd49WeIFM1HtRGZ9vIe4g4he/LK
4Nk8VmNuI/GLtsLgrltbPT6swrT+gi0o+Zg0RdJu8y3fqq0oh4KxytS8r0SxmnYgpBsVs5yP
9C1kU9mHX76sQ8R5cBSB813w8EyJwu+2tJOg8+4bqae/2JK3ctIAzTo9frVV3tksU4XUNbAu
1HmzdPH6Zp5L8rKvnEPcfYRtsNfrT0XcF2k1fKUqzrP7fZlEqRJRcLqG/f6zEoLbk3E+V5bN
hL0l18zTyJCT6acNvIxEdLxy5B8kvwu04d6AN9nYnzGM
=j3an
-----END PGP PUBLIC KEY BLOCK-----
besendorf
commented
3 years ago Do I understand that correctly that this line still needs to be changed to buster or now bullyseye? https://github.com/progmaticltd/homebox/blob/bullseye/preseed/config/system-example.yml#L97
arodier
commented
3 years ago This is just an example, but yes, we can change this from stretch to bullseye.
The system-example.yml still includes the debian stretch repo in the dev branch. If I understodd the readme correctly this should be changed to buster. Edit: The Dockerfile also uses the Stretch image Is the buster version ready or should the stretch version be used for now?