= misaka =

{{attachment:misaka_imouto.jpg}}

 * debian squeeze x64
 * puppet managed

== local work ==
 * mount `/home` with `acl`s
 * `/etc/skel`
  * `.bashrc` {{{
# Timestamped shell FTW
export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S  '
}}}
  * `.screenrc`
  * `.vimrc`
  * add self to `.ssh/authorized_keys`
  * `mkdir -m 0701 public_html`


== thinking about apache ==

Our puppet management of apache is still a mess, so we'll do it manually. What do we want to take care of?

 * install `apache2-mpm-itk`
 * a couple of timeout tweaks to `apache2.conf`
 * `ports.conf` (listen only on 202.4.224.31, ''not'' ssl, etc.)
  * aka. biribiri.meidokon.net
 * `a2enmod ssl`
  * fix `ports.conf` again for SSL, no generic Listens
 * conf.d/priv.conf {{{
SetEnvIf Remote_Addr ^202\.4\.235\.109$ priv-group
}}}
 * install `libapache2-mod-php5`
 * start the service
 * stub out `/var/www/html/monitor` for the default site
  * fix up an index.html
  * edit `mods-enabled/status.conf` to get a usable `/server-status`
  * fix up an `info.php`
 * install `libapache2-mod-wsgi`
 * `AssignUserId [username] [groupname]` for itk
 * nice logging
  * log to homedirs, `~/logs/apache/{access,error}.log`
  * fix up logrotate fragment, `apache2-vhost-logs`


== Some puppet manifest ==

{{{#!highlight puppet
node "misaka.anchor.net.au" {
    $supportlevel = complete

    networking::interface {
        "eth0":
            ipaddress => "202.4.224.29/25",
            gateway   => "top";
        "eth0:00":
            ipaddress => "202.4.224.30/25",
            comment   => "nginx";
        "eth0:01":
            ipaddress => "202.4.224.31/25",
            comment   => "apache";
        "eth0:02":
            ipaddress => "202.4.224.48/25",
            comment   => "qqc.meidokon.net";
        "eth1":
            ipaddress => "172.22.71.103/16";
    }
}}}