@@ -5,11 +5,13 @@ A set of Ansible scripts to setup a secure email and personal files server. This
55- You want a low maintenance box that keep itself updated automatically.
66- You trust the _ Debian community_ to publish security updates.
77
8+
89## Official documentation and user's guide
910
1011- [ Stable branch] ( http://homebox.readthedocs.io/en/latest/ )
1112- [ Development branch] ( http://homebox.readthedocs.io/en/dev/ )
1213
14+
1315## Mailing lists
1416
1517Thanks to [ Framasoft] ( https://framasoft.org/ ) , two mailing lists have been created, one for general questions,
@@ -18,33 +20,35 @@ suggestions and support, and another one dedicated for development.
1820- General questions: https://framalistes.org/sympa/info/homebox-general
1921- Development: https://framalistes.org/sympa/info/homebox-dev
2022
21- ## Current project status
2223
23- ## Current status and supported features
24+ ## Current project status
2425
25- For a complete list of features, see the [ features page] ( http://homebox.readthedocs.io/en/latest/features/ ) in the
26- official documentation.
2726
2827### System installation and features
2928
3029- Custom Debian installer generation with full disk encryption and fully automatic installation.
3130- Unlock the system upon boot by entering the passphrase through SSH or with a Yubikey.
32- - Install packages only from Debian stable (Stretch) or officially maintained repositories (rspamd ).
33- - Automatic SSL Certificates generation with [ letsencrypt] ( https://letsencrypt.org ) .
31+ - Install packages only from Debian stable (Bullseye ).
32+ - Automatic [ letsencrypt] ( https://letsencrypt.org ) certificates generation using DNS challenge .
3433- Automatic security updates (optional).
3534- Centralised authentication with an LDAP users database, SSL certificate, password policies, PAM integration.
36- - AppArmor activated by default, profiles for all daemons.
37- - Automatic backup of the deployment data to replay the installation with the same data .
35+ - AppArmor activated by default, with a profile for all daemons.
36+ - Random passwords generated and saved into pass by default .
3837- Can be used at home, on a dedicated or virtual server hosted online.
39- - Flexible IP address support: IPv4, IPv6, IPv4+IPv4, IPv4+IPv6.
38+ - Flexible IP address support: IPv4 only , IPv6 only, and IPv4+IPv4 or IPv4+IPv6.
4039- Embedded DNS server, with CAA, DNSSEC and SSHFP (SSH fingerprint) support.
4140- Grade A https sites, HSTS implemented by default.
41+ - Automatic configuration of OpenPGP Web Key Directory.
42+ - Automatic firewall rules for inbound, outbound and forwarding traffic, using nftables.
43+ - Restricted outbound traffic to the minimum.
44+ - Automatic update of DNS servers and glue records on Gandi.
45+
4246
4347### Emails
4448
4549- Postfix configuration and installation, with LDAP lookups, internationalised email aliases,
4650 fully SSL compliant.
47- - Generate DKIM keys, SPF and DMARC DNS records.
51+ - Generate DKIM keys, SPF and DMARC DNS records. The DKIM keys are generated every year.
4852- Automatic copy of sent emails into the sent folder.
4953- Automatic creation of the postmaster account and special email addresses using
5054 [ RFC 2142] ( https://tools.ietf.org/html/rfc2142 ) specifications.
@@ -56,17 +60,13 @@ official documentation.
5660- Optional master user creation, e.g. for families with children or moderated communities.
5761- Server side full text search inside emails, attached documents and files and
5862 compressed archives, with better results than GMail.
59- - Detailed weekly, monthly and yearly access report per country, ISP, IP addresses, etc.
60- - Optional Roundcube webmail with sieve filters management, password change form, automatic identity
61- creation, master account access, etc.
62- - Optional SOGo webmail with sieve filters management, password change form, Calendar and Address book management, GUI
63+ - SOGo webmail with sieve filters management, password change form, Calendar and Address book management, GUI
6364 to import other account emails.
64- - Automatic import emails from Google Mail, Yahoo, Outlook.com or any other standard IMAP account.
6565- Powerful and light antispam system with [ rspamd] ( https://rspamd.com/ ) and optional access to the web interface.
6666- Antivirus for inbound _ and_ outbound emails with [ clamav] ( https://www.clamav.net/ ) .
6767- Automatic configuration for Thunderbird and Outlook using published XML and other clients with
6868 special DNS records ([ RFC 6186] ( https://tools.ietf.org/html/rfc6186 ) ).
69- - Automatic detection of unusual behaviour, with real time warning using XMPP and email to external address.
69+
7070
7171### Calendar and Address book
7272
@@ -75,27 +75,19 @@ official documentation.
7575- Recurring events, email alerts, shared address books and calendars.
7676- Mobile devices compatibility: Android, Apple iOS, BlackBerry 10 and Windows mobile through Microsoft ActiveSync.
7777
78+
7879### Other optional features
7980
8081- Incremental backups, encrypted, on multiple destination (SFTP, S3, Samba share or USB drive), with email and Jabber
8182 reporting.
8283- Jabber server, using [ ejabberd] ( https://www.ejabberd.im/ ) , with LDAP authentication, direct or offline file transfer
8384 and optional server to server communication.
84- - [ Tor] ( https://www.torproject.org/ ) installation out of the box with possible customisation.
85- - [ Privoxy] ( https://www.privoxy.org/ ) easy installation, with adblock rules daily synchronisation, and optional tor
86- chaining.
8785- Static web site skeleton configuration, with https certificates and A+ security grade by default.
88- - Personal backup server for each user, using borgbackup.
89- - [ Transmission daemon] ( https://transmissionbt.com/ ) , accessible over https, public or private over your LAN. Files can
90- be downloaded directly with a web browser, using LDAP credentials for authentication or whitelisted IP addresses
91- (e.g. LAN).
92- - Monitoring with [ Zabbix] ( https://www.zabbix.com/ ) , with email and Jabber alerts.
93- - Hide the SSH server with Single Packet Authorization, using [ fwknop] ( http://www.cipherdyne.org/fwknop/ ) .
86+
9487
9588### Development
9689
9790- YAML files validation on each commit, using [ travis-ci] ( https://travis-ci.org/progmaticltd/homebox ) .
98- - Continuous Integration using [ Jenkins] ( https://jenkins.homebox.space ) .
9991- End to end integration tests for the majority of components.
10092- Playbooks to facilitate the installation or removal of development packages.
10193- Global debug flag to activate the debug mode of all components.
0 commit comments