[SASAG] need part-time Debian sysadmin for 1-time contract

Gabriel Cain gabriel at dreamingcrow.com
Tue Nov 3 22:32:13 PST 2015 

I would strenuously urge you to consider using google apps for business for
the mail and mailing list services. It is a lot of work, ongoing work, to
run your own mail server.   They work very well, and are very inexpensive.
   Given as well that you only want static content, consider as well using
Amazon S3 and Amazon Route53 for your solution.  The whole of what you want
to accomplish could be done in a couple hours and be wholly
self-maintainable.

-Gabriel


On Tue, Nov 3, 2015 at 3:39 PM, Blibbet <blibbet at gmail.com> wrote:

> Hi,
>
> I need a small site built, to represent a new small (1-person)
> consulting company. I'm looking for a sysadmin who has time to work on
> a 1-time contract to setup a Debian-based server, hosted on Linode,
> with a web server, mail sever, and mailing list server, perhaps a DNS
> server. Details on main system and 3 servers below:
>
> For the main system and administration:
> Help registering a few domains (example.com, example.org, example.biz,
> etc.)
> Hosted on Linode.com.
> Debian-based server.
> SSH-based shell-based administration.
> Full-disk encryption.
> Perhaps SEL-based (with SEL enabled).
> Some sh/Python script to backup/restore data on site.
> IPtables firewall integrated with Snort or Suricata.
> Clamd with freshclam (like that really does much...) :-(
> For security, hardened server with minimal services enabled, hopefully
> with each service isolated in a jail/VM/other isolation technology.
> OpenSCAP setup to do regular vulnerability reports.
> Nagios or other similar monitoring tool.
>
> Extra points for Xen/KVM-based UEFI Secure Boot-based system with
> TPM-based TNC remote attestation ability, instead of unverifiable BIOS
> box, as long as provider is using fresh Tianocore OVMFs. I don't think
> Linode or anyone does that yet. :-)
>
> It also needs a few more security things I've probably missed, feel
> free to suggest.
>
> [Why Linode and not some other cloud? I'm doing a FOSS-centric
> company, and want a Linux-based provider. So Windows-based Azure is
> not an option, etc. Linode is one of the sites supported by Apache
> LibCloud, which I was thinking of making some admin scripts with. I am
> open to other options besides Linode, if you know something I don't.]
>
> Beyond core system, it needs 3 public-viewing services, web server,
> mail server, and mailing list sever:
>
> 1) web server, eg, www.example.com
> www. prefix optional.
> Help getting proper Verisign cert for HTTPS.
> Apache httpd, with mod_security, with minimal modules, no script
> languages or dynamic content. If mod_security has value in a static site
> .
> Site will only host a dozen static HTML files, with a handful of JPEGs
> and PDFs/ODTs.
> For now, multiple domains all point to same site.
>
> 2) mail server, eg support at example.com
> I don't know which is proper one to use, probably what
> Apache/Debian/Python use for their infrastructure. sendmail, postfix,
> qmail, courier, etc.
> I'd prefer TLS-only -- no cleartext -- versions of IMAP/SMTP/POP3, but
> have been warned that TLS-only mail servers are difficult:
> https://www.google.com/transparencyreport/saferemail/
> Experience dealing with some of these issues useful:
> https://twitter.com/astrobiased/status/655512405363982336
>
> 3) mailing list server, eg announce at lists.example.com
> GNU Mailman-based
>
> If it ends up that we should have separate VMs for each of these
> services to scale or for security, then probably also a 4th service: a
> DNS server.
>
> I'd like to get help building the initial site.
>
> Then one or two follow-up hourly updates to help with the initial 1-2
> upgrades, and some emergency help, like if site goes down, I'd like
> help with initial restore.
>
> [A few months later, perhaps a second contract in a few months for V2
> features: Semantic MediaWiki-based wiki.example.com, git.example.com,
> lxr.example.com, some iCalendar server, perhaps an IRC/XMPP/WebRTC
> server.]
>
> But I'm presuming to take over admin role after site has been
> initialized, so after initial contract, and upgrade/emergency or two,
> that'll probably be end of the contract. I'd like to have the V1 site
> up before EOY, is possible.
>
> If you're a FOSS-centric, Linux-savvy, local sysadmin who has time for
> this contract, please email me privately.
>
> Thanks,
> Lee
>
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> https://lists.sasag.org/mailman/listinfo/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sasag.org/pipermail/members/attachments/20151103/f26d4a1b/attachment.html>

More information about the Members mailing list