etckeeper is a collection of tools to let /etc be stored in a git, mercurial, darcs, or bzr repository. It hooks into apt (and other package managers including yum and pacman-g2) to automatically commit changes made to /etc during package upgrades. It tracks file metadata that revison control systems do not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It's quite modular and configurable, while also being simple to use if you understand the basics of working with revision control.

Under Debian Lenny :

Install :

apt-get install etckeeper

Set ut the git repository (git is the default repository system, see /etc/etckeeper/etckeeper.conf if you want to change that) :

cd /etc
etckeeper init
etckeeper commit "initial import"

We’re done with the initial setup..

If you install a package through apt-get or aptitude, changes will be automatically commited.

If you made changes to files under /etc, commit them by doing :

git commit -a

Also, you can install trac-git, which provides a user friendly web interface to browse your git repository.

Basically, you would call 9253 followed by the time the phone should ring, for exemple if you want to be awaken at 06:30am you would call 92530630 (on your dialpad WAKE0610).

This code only allows to set ONE alarm.

If you want to delete -for exemple the 0630am- alarm, you would call 6692530610 (on dialpad NOWAKE0610).

Asterisk will create a call file and put it under /var/spool/asterisk/outgoing/
How does Asterisk know when to call you ? It will check the timestamp of the call files.

Make sure you enable func_strings.so module, it is required for STRFTIME.

[Context-This-Code-Should-Go-In]

; WAKE + hour + minute : sets a wake up call
exten => _9253XXXX,1,Answer()
exten => _9253XXXX,n,Set(wakeuptime=${EXTEN:4:4})
exten => _9253XXXX,n,Set(today=${STRFTIME(${EPOCH},,%Y%m%d)})
exten => _9253XXXX,n,Set(tomorrow=${STRFTIME($[${EPOCH} + 86400],,%Y%m%d)})
exten => _9253XXXX,n,Set(now=${STRFTIME(${EPOCH},,%Y%m%d%H%M)})
exten => _9253XXXX,n,System(echo -e "Channel: SIP/${CALLERID(num)}\\nContext: WakeUp\\nExtension: 92531" > /tmp/${UNIQUEID}.call)
exten => _9253XXXX,n,GotoIf($["${today}${wakeuptime}" < "${now}"]?tomorrow:today)
exten => _9253XXXX,n(today),NoOp(Scheduling wake up call for ${CALLERID(num)} today at ${wakeuptime} / )
exten => _9253XXXX,n,System(touch -t ${today}${wakeuptime} /tmp/${UNIQUEID}.call)
exten => _9253XXXX,n,Goto(move)
exten => _9253XXXX,n(tomorrow),NoOp(Scheduling wake up call for ${CALLERID(num)} tomorrow at ${wakeuptime} / )
exten => _9253XXXX,n,System(touch -t ${tomorrow}${wakeuptime} /tmp/${UNIQUEID}.call)
exten => _9253XXXX,n(move),System(mv /tmp/${UNIQUEID}.call /var/spool/asterisk/outgoing/${wakeuptime}.${UNIQUEID}.call)
exten => _9253XXXX,n,Wait(1)
exten => _9253XXXX,n,SayNumber(${wakeuptime})
exten => _9253XXXX,n,Hangup()

; NOWAKE + hour + minute : deletes a wake up call
exten => _669253XXXX,1,Answer()
exten => _669253XXXX,n,Set(wakeuptime=${EXTEN:6:4})
exten => _669253XXXX,n,NoOp(Deleting alarm set at ${wakeuptime})
exten => _669253XXXX,n,System(rm -f /var/spool/asterisk/outgoing/${wakeuptime}*)
exten => _669253XXXX,n,Wait(1)
exten => _669253XXXX,n,Background(auth-thankyou)
exten => _669253XXXX,n,Hangup()

[WakeUp]
;;; Context for outgoing wake up calls only, well you can always call 92531 but it's rather pointless
exten => 92531,1,Answer()
exten => 92531,n,Wait(1)
exten => 92531,n,Background(hello-world)
exten => 92531,n,Wait(1)
exten => 92531,n,Hangup()

This howto is basic, as in “no security involved”. I may come up with a second part to this guide about securing OpenLDAP with TLS, if I ever find the time.
Meanwhile see http://www.openldap.org/doc/admin23/security.html for the security aspect of things.

In this example, I’ll create a tree following this scheme : dc=my,dc=domain,dc=tld.
It’s really up to you how you organize your tree, it’s really for organizational purposes. You can limit your tree to a single root branch, for example dc=myname.

Install OpenLDAP server and some useful utilities :

# apt-get install slapd ldap-utils

You should be prompted for a password, if not create it from the command line :

# slappasswd
New password:
Re-enter new password:
{SSHA}vFk3EP4SSW0RDm4yEKD

Edit /etc/ldap/slapd.conf :

You should copy the password obtained with slappasswd under the rootpw option.

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        none
modulepath	/usr/lib/ldap
moduleload	back_hdb
sizelimit 500
tool-threads 1
backend		hdb
database        hdb
suffix          "dc=my,dc=domain,dc=tld"
rootdn          "cn=admin,dc=my,dc=domain,dc=tld"
rootpw		"{SSHA}vFk3EP4SSW0RDm4yEKD"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
lastmod         on
checkpoint      512 30
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=my,dc=domain,dc=tld" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=my,dc=domain,dc=tld" write
        by * read

“cn=admin,dc=my,dc=domain,dc=tld” is the database admin. This is what you will use as credential when you need to modify something in the database.

Then edit /etc/ldap/ldap.conf :

This is the configuration for the LDAP client.

HOST 127.0.0.1
BASE dc=my,dc=domain,dc=tld
URI ldap://localhost

Now create a directory that will contain some initial configuration files.

# mkdir /etc/ldap/LDIF

In this directory create the following files :

1_base.ldif (the base of our LDAP tree) :

dn: dc=my,dc=domain,dc=tld
dc: my
objectClass: domain

2_group.ldif (this will be the branch that will host our groups) :

dn: ou=Groups,dc=my,dc=domain,dc=tld
ou: Groups
objectClass: organizationalUnit

3_dev.ldif (this is our first group) :

dn: cn=dev,ou=Groups,dc=my,dc=domain,dc=tld
cn: dev
gidNumber: 30000
memberUid: user1
objectClass: posixGroup
objectClass: top
description: developers

4_people.ldif (this is the branch hosting users) :

dn: ou=People,dc=my,dc=domain,dc=tld
ou: People
objectClass: organizationalUnit

5_user1.ldif (this is our first user) :

dn: uid=user1,ou=People,dc=my,dc=domain,dc=tld
uid: user1
cn: John Doe
displayName: John Doe
givenName: Doe
sn: Doe
objectClass: inetOrgPerson
userPassword: pass
mail: johndoe@domain.tld

When we are done, we can restart OpenLDAP and create the tree and import some data :

# /etc/init.d/slapd restart
# cd /etc/ldap/LDIF
# for i in `ls`; do ldapadd -x -D "cn=admin,dc=my,dc=domain,dc=tld" -W -f $i ; done

You should be prompted for the admin password as much as you have LDIF files in the directory.
If you didn’t name your file 1_base.ldif, 2_group.ldif, etc. the command may fail as it may try to add a group or user before creating its branch.

Now you should be able to query the LDAP tree :

# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=my,dc=domain,dc=tld> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# my.domain.tld
dn: dc=my,dc=domain,dc=tld
dc: my
objectClass: domain

# Groups, my.domain.tld
dn: ou=Groups,dc=my,dc=domain,dc=tld
ou: Groups
objectClass: organizationalUnit

# People, my.domain.tld
dn: ou=People,dc=my,dc=domain,dc=tld
ou: People
objectClass: organizationalUnit

# user1, People, my.domain.tld
dn: uid=user1,ou=People,dc=my,dc=domain,dc=tld
uid: user1
cn: John Doe
displayName: John Doe
givenName: Doe
sn: Doe
objectClass: inetOrgPerson
mail: johndoe@domain.tld

# dev, Groups, my.domain.tld
dn: cn=dev,ou=Groups,dc=my,dc=domain,dc=tld
cn: dev
gidNumber: 30000
memberUid: user1
objectClass: posixGroup
objectClass: top
description: developers

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

This command requires /etc/ldap/ldap.conf. If you don’t have ldap.conf configured you’d have to type the whole command :

# ldapsearch -x -b "dc=my,dc=domain,dc=tld" -H ldap://server

Now, you can authenticate several services against your new LDAP server.
For example, web authentication in Apache.. Take a look at http://www.wains.be/index.php/2010/01/26/apache-simple-authentication-and-ldap-authentication-examples/

You also may want to install PHP LDAP Admin for managing your LDAP database through a web GUI :

# apt-get install phpldapadmin

Then go to http://server/phpldapadmin and authentify with cn=admin,dc=my,dc=domain,dc=tld and your rootpw.

Users credentials are stored in a file created with htpasswd command

<Location /dir/>
AuthType Basic
AuthName "Authentication"
AuthUserFile /etc/apache2/passwd-file
Require user username1 username2
</Location>

If we want to allow all users in passwd-file, use :
Require valid-user

LDAP user authentication :

We allow user1 and user2 found in the branch ou=People,dc=domain,dc=tld

<Location /dir/>
AuthName "Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=domain,dc=tld
Require ldap-user user1 user2
</Location>

LDAP group authentication :

We allow all users in the group “support”, users are defined in that group under the memberUid field

<Location /dir/>
AuthName "Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=domain,dc=tld
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=support,ou=Groups,dc=domain,dc=tld
</Location>

Combination of users and group :

<Location /dir/>
AuthName "Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://127.0.0.1/ou=People,dc=domain,dc=tld
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=support,ou=Groups,dc=domain,dc=tld
Require ldap-attribute gidNumber=10000
Require ldap-user user1 user3 user5
</Location>

See also :

- Conditional web authentication : http://www.wains.be/index.php/2007/01/27/apache-conditional-http-authentication/

- Source for this post : http://www.linux.com/archive/feature/120050?theme=print

Keith in his post is wrong about the “Satisfy Any” option, as explained in Apache documentation : http://httpd.apache.org/docs/2.0/mod/core.html#satisfy :

This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password.

He seems to explain that the “Satisfy Any” option is necessary when using several “Require” arguments. That’s incorrect, all Require arguments are evaluated by default and must pass checks to give access to the resource.

This is actually the most basic RADIUS configuration ever, useful for quick tests. I can only recommend checking the post mentioned above if you want to do something serious.

# apt-get install freeradius

# vim /etc/freeradius/users

login     Cleartext-Password := "password"
login2     Cleartext-Password := "password2"

#vim /etc/freeradius/clients.conf

client localhost {
	ipaddr = 127.0.0.1
        secret = radiuspassword
}

client router {
	ipaddr = 10.0.0.1
        secret = radiuspassword
}

# /etc/init.d/freeradius restart

Check if RADIUS is working :

# radtest login password localhost 1812 radiuspassword
Sending Access-Request of id 222 to 127.0.0.1 port 1812
User-Name = "login"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=222, length=20

# radtest login2 password2 localhost 1812 radiuspassword
Sending Access-Request of id 1 to 127.0.0.1 port 1812
User-Name = "login2"
User-Password = "password2"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=1, length=20

We expect Access-Accept from the server, not Access-Reject…

Configure your wireless access point :

Usually found under Security tab (or RADIUS, 802.1X, etc.)
Configure your device at 10.0.0.1 to authenticate against the Radius server with password radiuspassword.
Try to connect to your wireless access point using login and password.

We want to be able to send emails to username@domain.tld
We also want to have aliases for our users, for example : firstname.lastname@domain.tld pointing to username@domain.tld
Finally, we want groups to act as a mailing list, forwarding emails to members of the group, for example : support@domain.tld

LDAP tree

dc=domain,dc=tld
|-------ou=Aliases,dc=domain,dc=tld
|---------------cn=support,ou=Aliases,dc=domain,dc=tld
|
|		cn : support
|		description : alias support
|		gidNumber : 50000
|		mailRoutingAddress : support@domain.tld
|		memberUid : it (this is a group with a inetLocalMailRecipient class and a mailRoutingAddress field defined)
|		memberUid : username3 (this is a user account)
|
|-------ou=Groups,dc=domain,dc=tld
|---------------cn=it,ou=Groups,dc=domain,dc=tld
|
|		cn : it
|		description : IT dept group
|		gidNumber : 40000
|		mailRoutingAddress : it@domain.tld
|		memberUid : username1
|		memberUid : username2
|
|-------ou=Users,dc=domain,dc=tld
|---------------uid=username1,ou=Users,dc=domain,dc=tld

		cn : username1
		gecos : John Doe
		gidNumber : 10000
		homeDirectory : /home/username1
		mail : john.doe@domain.tld
		mailLocalAddress : john.doe
		uid : username1
		[...]

Postfix configuration

For this to work, we must define “append_at_myorigin = yes” in main.cf
For group/alias emails to work, the group must have the inetLocalMailRecipient class and mailRoutingAddress defined

So we basically add in main.cf :
virtual_alias_maps = ldap:/etc/postfix/ldap-account.cf, ldap:/etc/postfix/ldap-group.cf, ldap:/etc/postfix/ldap-alias.cf

It means that Postfix will check ldap-account.cf first, then ldap-group.cf and finally ldap-alias.cf.

So we create those files :

ldap-account.cf (for virtual users) :

server_host = localhost
port = 389
version = 3
search_base = ou=Users,dc=domain,dc=tld
scope = sub
# we search through the Users base for the recipient email address (%s)
query_filter = (mail=%s)
# if we find anything under ou=Users,dc=domain,dc=tld, we deliver to the account specified under "uid"
# so basically, if we send an email to john.doe@domain.tld, we will find an entry, finally delivering the email to uid username1
result_attribute = uid

ldap-alias.cf (for virtual aliases) :

server_host = localhost
port = 389
version = 3
scope = sub
# we search through the Aliases base...
search_base = ou=Aliases,dc=domain,dc=tld
# ...for the recipient email address (%s) specified under mailRoutingAddress field
query_filter = mailRoutingAddress=%s
# If we find anything, return memberUid, that can be accounts, groups, or aliases
result_attribute = memberUid

ldap-group.cf (for virtual groups) :

server_host = localhost
port = 389
version = 3
scope = sub
# Same as aliases, but in a different base
search_base = ou=Groups,dc=domain,dc=tld
query_filter = mailRoutingAddress=%s
result_attribute = memberUid

If someone calls and hangs up before leaving a voicemail (that means while the phone is ringing or during voicemail message), Asterisk will send a “missed call” notification by XMPP/Jabber.

/etc/asterisk/jabber.conf :

This file contains the info for Asterisk to connect to the Jabber server.
When restarting Asterisk, it will connect automatically and add contacts specified under buddy fields to its contact list.
You can specify several accounts in this file, and use different accounts for different notifications, for example.
From Asterisk CLI, there’s a command “jabber test” which would display the status of your contacts, this command only works with the account specified in the [asterisk] context.

[general]
debug=no
autoprune=no ; this is important to set this to no, if set to yes and you don't specify any "buddy=" it will delete contacts from your buddy list
autoregister=yes        

[asterisk] ; must be called "asterisk" if we want the command "jabber test" to work
type=client
serverhost=jabber.example.org
username=pbx@example.org/pbx
secret=PASSWORD
port=5222
usetls=yes
usesasl=yes
buddy=youraccountreceivingnotifications@gmail.com
buddy=anotheraccountthatmayreceivenotifications@gmail.com
statusmessage=Asterisk XMPP bot. Don't talk to me, your messages would be lost forever.
timeout=100

[account2]
type=client
serverhost=jabber.example.org
username=anotheraccount@example.org/pbx
secret=PASSWORD
port=5222
usetls=yes
usesasl=yes
buddy=someoneelse@gmail.com
statusmessage=Asterisk XMPP bot. Don't talk to me, your messages would be lost forever.
timeout=100

/etc/asterisk/extensions.conf :

When you pass the option “g” to the Dial() command, when the user hangs up, Asterisk exits the Dial() command and continue by jumping to the special “h” extension in the current context. From the console you should expect something like “Spawn extension (macro-DialVM, h, 5) exited” when the whole thing has been processed.

If you don’t specify the option, Asterisk will exit at the Dial() command. You would then see “Spawn extension (macro-DialVM, s, 1) exited” right after the user hangs up.

In this bit of dialplan, we enable XMPP notifications for calls made on extension 555 in the context named Local.
Dialing is made through a macro called macro-DialVM.
XMPP notifications are sent through macro-XMPPSend.

[macro-XMPPSend]
;;; Description : sends XMPP messages only if user is online and not away
;;; ARG1 = Jabber ID to be notified
;;; ARG2 = Message
;;; Jabberstatus and Jabbersend take the account name to user to send notifications as first argument ([asterisk] or [account2] under jabber.conf)

; getting user's status
; Status can be in order : 1)Online, 2)Chatty, 3)Away, 4)XAway, 5)DND, 6)Offline, 7)Not in roster
exten => s,1,Jabberstatus(asterisk,${ARG1},STATUS)
; If the value of STATUS is anything under 3 (or Away), in other words if user is Online or in Chatty mode
exten => s,n,GotoIf($["${STATUS}" < "3"]?available:unavailable)
; then we send a message
exten => s,n(available),NoOp(${ARG1} is available)
exten => s,n,Jabbersend(asterisk,${ARG1},${ARG2})
exten => s,n,MacroExit()
; if the user is not available, we don't send anything
exten => s,n(unavailable),NoOp(${ARG1} is not available in at least one location.. Do not send notification)
exten => s,n,MacroExit()

[macro-DialVM]
;;; Description : dials (option g enabled, jumps to h extension) and goes to voicemail if reaching timeout.
;;; ARG1 = extension to be dialed
;;; ARG2 = timeout
;;; XMPP notification if call missed

exten => s,1,Dial(SIP/${ARG1},${ARG2},wg)
exten => s,n,Voicemail(${ARG1})

; option g must be passed to Dial() to jump to h extension or it would spawn at "macro-DialVM,s,1"
; if user doesn't leave a voicemail, VMSTATUS = FAILED
; if user hangs up before reaching the voicemail app, DIALSTATUS = CANCEL
exten => h,1,NoOp(Did user hang up before leaving a voicemail ?)
exten => h,n,GotoIf($["${VMSTATUS}" = "FAILED"]?missed:nextcheck)
exten => h,n(nextcheck),GotoIf($["${DIALSTATUS}" = "CANCEL"]?missed:notmissed)
exten => h,n(missed),Macro(XMPPSend,youraccountreceivingnotifications@gmail.com,${CALLERID(all)} just tried to call ${ARG1})
exten => h,n(notmissed),Hangup()

[Local]
;;; Description : Local calls context

; My extension is 555, with a timeout of 30 seconds
exten => 555,1,Macro(DialVM,${EXTEN},30)

Install the necessary stuff :

# apt-get install apache2 subversion trac
# apt-get install libapache2-svn

libapache2-svn will enable dav and dav_fs modules.

More stuff :

# apt-get install libapache2-mod-python

Create your directories for TRAC environments (/home/trac/), projects source files (/home/dev/) and SVN repositories (/home/svn/) :

# mkdir /home/{trac,dev,svn}

Create your first project :

# mkdir /home/dev/project1
# echo "<?php phpinfo() ?>" > /home/dev/project1/index.php

Create the SVN repository for the project :

# svnadmin create /home/svn/project1

Import the project into the SVN repository :

# svn import -m "Initial import" /home/dev/project1/ file:///home/svn/project1/
Adding         /home/dev/project1/index.php

Committed revision 1.

Move your sources to a safe place, while we checkout the project :

# mv /home/dev/project1 /home/dev/project1-orig

Checkout the project :

# svn checkout file:///home/svn/project1 /home/dev/project1
A /home/dev/project1/index.php
Checked out revision 1.

Make sure the project is now under revision, you should see a “.svn” directory :

# ls -lah /home/dev/project1
total 16K
drwxr-xr-x 3 root root 4.0K Jan 20 12:42 .
drwxr-xr-x 4 root root 4.0K Jan 20 12:42 ..
drwxr-xr-x 6 root root 4.0K Jan 20 12:42 .svn
-rw-r--r-- 1 root root 19 Jan 20 12:42 index.php

It’s now safe to delete the copy not under revision :

# rm -fr /home/dev/project1-orig/

Set up TRAC for your first project, in bold what you need to specify :

# trac-admin /home/trac/project1 initenv
Creating a new Trac environment at /home/trac/project1

Trac will first ask a few questions about your environment
in order to initialize and prepare the project database.

 Please enter the name of your project.
 This name will be used in page titles and descriptions.

Project Name [My Project]> Project1

 Please specify the connection string for the database to use.
 By default, a local SQLite database is created in the environment
 directory. It is also possible to use an already existing
 PostgreSQL database (check the Trac documentation for the exact
 connection string syntax).

Database connection string [sqlite:db/trac.db]> PRESS ENTER

 Please specify the type of version control system,
 By default, it will be svn.

 If you don't want to use Trac with version control integration,
 choose the default here and don't specify a repository directory.
 in the next question.

Repository type [svn]> svn

 Please specify the absolute path to the version control
 repository, or leave it blank to use Trac without a repository.
 You can also set the repository location later.

Path to repository [/path/to/repos]> /home/svn/project1

Creating and Initializing Project
 Installing default wiki pages
 TracSyntaxColoring imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracSyntaxColoring
 TracChangeset imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracChangeset
 TracWiki imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracWiki
 WikiHtml imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiHtml
 TracRevisionLog imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracRevisionLog
 TracFastCgi imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracFastCgi
 TracTicketsCustomFields imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracTicketsCustomFields
 SandBox imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/SandBox
 WikiMacros imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiMacros
 TracUpgrade imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracUpgrade
 TracBackup imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracBackup
 TracAccessibility imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracAccessibility
 RecentChanges imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/RecentChanges
 WikiDeletePage imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiDeletePage
 TracNavigation imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracNavigation
 TracImport imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracImport
 TracModPython imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracModPython
 TracEnvironment imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracEnvironment
 TracBrowser imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracBrowser
 WikiFormatting imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiFormatting
 TracPlugins imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracPlugins
 WikiPageNames imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiPageNames
 TracNotification imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracNotification
 TracInstall imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracInstall
 TracIni imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracIni
 TracAdmin imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracAdmin
 TracRss imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracRss
 TracLogging imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracLogging
 TracGuide imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracGuide
 WikiStart imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiStart
 TracQuery imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracQuery
 WikiNewPage imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiNewPage
 CamelCase imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/CamelCase
 TracRoadmap imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracRoadmap
 TracLinks imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracLinks
 TracStandalone imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracStandalone
 TracInterfaceCustomization imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracInterfaceCustomization
 TracUnicode imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracUnicode
 InterMapTxt imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/InterMapTxt
 TracPermissions imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracPermissions
 TitleIndex imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TitleIndex
 WikiProcessors imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiProcessors
 InterWiki imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/InterWiki
 TracCgi imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracCgi
 TracTimeline imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracTimeline
 InterTrac imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/InterTrac
 PageTemplates imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/PageTemplates
 TracTickets imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracTickets
 TracSupport imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracSupport
 TracWorkflow imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracWorkflow
 TracSearch imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracSearch
 TracFineGrainedPermissions imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracFineGrainedPermissions
 WikiRestructuredTextLinks imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiRestructuredTextLinks
 TracReports imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/TracReports
 WikiRestructuredText imported from /usr/lib/python2.5/site-packages/trac/wiki/default-pages/WikiRestructuredText
 Indexing repository
 [1]
---------------------------------------------------------------------
Project environment for 'Project1' created.

You may now configure the environment by editing the file:

  /home/trac/project1/conf/trac.ini

If you'd like to take this new project environment for a test drive,
try running the Trac standalone web server `tracd`:

  tracd --port 8000 /home/trac/project1

Then point your browser to http://localhost:8000/project1.
There you can also browse the documentation for your installed
version of Trac, including information on further setup (such as
deploying Trac to a real web server).

The latest documentation can also always be found on the project
website:

http://trac.edgewall.org/

Congratulations

The configuration is stored under /home/trac/project1/conf/trac.ini.

Create the password files for web authentication :

# htpasswd -c /etc/apache2/passwd-trac yourusername

Set up Apache :

# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/projects

# vim /etc/apache2/sites-available/projects
<VirtualHost *:80>
    DocumentRoot /var/www/

    <Directory /var/www/>
        Order allow,deny
        Allow from all
    </Directory>

    ### TRAC Root : http://server/trac or http://server/trac/

        # Rewrite ./trac to ./trac/
        RewriteEngine on
        RewriteRule ^(.*)\/trac$ $1/ [NC]

    <Location /trac/>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonInterpreter main
        PythonOption TracEnvParentDir /home/trac
        PythonOption TracUriRoot /trac/
        SetEnv PYTHON_EGG_CACHE /tmp
    </Location>

    ### TRAC Login : http://server/trac/*/login
    <LocationMatch ^(/trac/[^/]+)?/login>
        AuthType Basic
        AuthName "TRAC Login"
        AuthUserFile /etc/apache2/passwd-trac
        Require valid-user
    </LocationMatch>

    ### SVN repository : http://server/svn
    <Location /svn>
        DAV svn
        SVNParentPath /home/svn
        SVNListParentPath on

        AuthType Basic
        AuthName "SVN Repository"
        AuthUserFile /etc/apache2/passwd-trac
        Require valid-user
    </Location>
</VirtualHost>

Enable rewrite module :

# a2enmod rewrite
Enabling module rewrite.
Run '/etc/init.d/apache2 restart' to activate new configuration!

Disable the default website :

# a2dissite default
Site default disabled.
Run '/etc/init.d/apache2 reload' to activate new configuration!

Enable the newly configured website :

# a2ensite projects
Enabling site projects.
Run '/etc/init.d/apache2 reload' to activate new configuration!

Restart Apache :

# /etc/init.d/apache2 restart

Make sure Apache can read and write TRAC configuration files.
This is a basic working example but you may want to do something more elaborate involving Set-GID or POSIX ACL.

# chown -R www-data. /home/trac

Now go to http://server/trac, it should rewrite the URL to http://server/trac/ and display a list of available projects.

WALLA

Please let me know if it works for you. Thanks.

Partially based on http://www.willamaze.eu/?p=732

142 MB.. seriously ? Meanwhile Askozia fits on 30 MB, and that includes the OS.

# apt-get install asterisk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  asterisk-config asterisk-sounds-main binutils build-essential bzip2 ca-certificates cpp cpp-4.3 debhelper dpkg-dev file g++ g++-4.3 gcc gcc-4.3 gettext gettext-base
  html2text intltool-debian libasound2 libc-client2007b libc6-dev libcap2 libcompress-raw-zlib-perl libcompress-zlib-perl libcurl3 libdigest-hmac-perl libdigest-sha1-perl
  libfile-remove-perl libgmp3c2 libgomp1 libgsm1 libidn11 libiksemel3 libio-compress-base-perl libio-compress-zlib-perl libio-stringy-perl libldap-2.4-2 libltdl3
  libmagic1 libmail-box-perl libmail-sendmail-perl libmailtools-perl libmime-types-perl libmpfr1ldbl libobject-realize-later-perl libogg0 libpci3 libperl5.10 libpq5
  libpri1.0 libradiusclient-ng2 libsensors3 libsnmp-base libsnmp15 libspeex1 libspeexdsp1 libsqlite0 libssh2-1 libstdc++6-4.3-dev libsys-hostname-long-perl libsysfs2
  libtimedate-perl libtonezone1 liburi-perl libuser-identity-perl libvorbis0a libvorbisenc2 libvpb0 linux-libc-dev make mlock module-assistant odbcinst1debian1 openssl
  patch perl perl-modules po-debconf ucf unixodbc vpb-driver-source
Suggested packages:
  ekiga ohphone twinkle kphone asterisk-doc asterisk-dev asterisk-h323 binutils-doc bzip2-doc cpp-doc gcc-4.3-locales dh-make debian-keyring g++-multilib g++-4.3-multilib
  gcc-4.3-doc libstdc++6-4.3-dbg gcc-multilib manpages-dev autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.3-multilib libmudflap0-4.3-dev libgcc1-dbg
  libgomp1-dbg libmudflap0-dbg cvs gettext-doc libasound2-plugins uw-mailutils glibc-doc libmime-tools-perl libhtml-tree-perl libhtml-format-perl spamassassin
  libmail-imapclient-perl lm-sensors speex libstdc++6-4.3-doc libwww-perl vpb-utils make-doc diff-doc perl-doc libterm-readline-gnu-perl libterm-readline-perl-perl
  libmyodbc odbc-postgresql libct1
The following NEW packages will be installed:
  asterisk asterisk-config asterisk-sounds-main binutils build-essential bzip2 ca-certificates cpp cpp-4.3 debhelper dpkg-dev file g++ g++-4.3 gcc gcc-4.3 gettext
  gettext-base html2text intltool-debian libasound2 libc-client2007b libc6-dev libcap2 libcompress-raw-zlib-perl libcompress-zlib-perl libcurl3 libdigest-hmac-perl
  libdigest-sha1-perl libfile-remove-perl libgmp3c2 libgomp1 libgsm1 libidn11 libiksemel3 libio-compress-base-perl libio-compress-zlib-perl libio-stringy-perl
  libldap-2.4-2 libltdl3 libmagic1 libmail-box-perl libmail-sendmail-perl libmailtools-perl libmime-types-perl libmpfr1ldbl libobject-realize-later-perl libogg0 libpci3
  libperl5.10 libpq5 libpri1.0 libradiusclient-ng2 libsensors3 libsnmp-base libsnmp15 libspeex1 libspeexdsp1 libsqlite0 libssh2-1 libstdc++6-4.3-dev
  libsys-hostname-long-perl libsysfs2 libtimedate-perl libtonezone1 liburi-perl libuser-identity-perl libvorbis0a libvorbisenc2 libvpb0 linux-libc-dev make mlock
  module-assistant odbcinst1debian1 openssl patch perl perl-modules po-debconf ucf unixodbc vpb-driver-source
0 upgraded, 83 newly installed, 0 to remove and 0 not upgraded.
Need to get 47.3MB of archives.
After this operation, 142MB of additional disk space will be used.
Do you want to continue [Y/n]? 

EDIT Janv. 30 :

Thanks to Kurt for the tip in the comments.
It completely went unnoticed to me, but Debian Lenny indeed installs “recommends” packages :

To avoid the bloat caused by this new policy, edit /etc/apt/apt.conf and add :
APT::Install-Recommends "0";

The result is clear :

# apt-get install asterisk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  asterisk-config asterisk-sounds-main ca-certificates libasound2
  libc-client2007b libcap2 libcurl3 libgsm1 libidn11 libiksemel3 libldap-2.4-2
  libltdl3 libogg0 libpci3 libperl5.10 libpq5 libpri1.0 libradiusclient-ng2
  libsensors3 libsnmp-base libsnmp15 libspeex1 libspeexdsp1 libsqlite0
  libssh2-1 libsysfs2 libtonezone1 libvorbis0a libvorbisenc2 libvpb0 mlock
  odbcinst1debian1 openssl ucf unixodbc
Suggested packages:
  ekiga ohphone twinkle kphone asterisk-doc asterisk-dev asterisk-h323
  libasound2-plugins uw-mailutils lm-sensors speex vpb-utils libmyodbc
  odbc-postgresql libct1
Recommended packages:
  vpb-driver-source
The following NEW packages will be installed:
  asterisk asterisk-config asterisk-sounds-main ca-certificates libasound2
  libc-client2007b libcap2 libcurl3 libgsm1 libidn11 libiksemel3 libldap-2.4-2
  libltdl3 libogg0 libpci3 libperl5.10 libpq5 libpri1.0 libradiusclient-ng2
  libsensors3 libsnmp-base libsnmp15 libspeex1 libspeexdsp1 libsqlite0
  libssh2-1 libsysfs2 libtonezone1 libvorbis0a libvorbisenc2 libvpb0 mlock
  odbcinst1debian1 openssl ucf unixodbc
0 upgraded, 36 newly installed, 0 to remove and 13 not upgraded.
Need to get 14.0MB of archives.
After this operation, 33.2MB of additional disk space will be used.
Do you want to continue [Y/n]?

This howto is based on http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/
Matthias’ post is very comprehensive. This post is basically a raw copy paste of commands, if you want more information, go see Matthias post.
If you find this useful, please give credit to Matthias

Why AFP (Apple Filing Protocol) ?

I wanted to see if AFP was faster than SMB.
A quick test showed my Macbook (running OS 10.6.2) is transfering files 20 % faster on AFP than SMB.

Build netatalk to support encryption

Starting with Netatalk version 2.0.4 (and Debian Squeeze) you won’t need to rebuild to support SSL (see Frank’s comment).

Lenny comes with version 2.0.3 so we still need to go through recompilation (which I recommend doing on another box).

# apt-get build-dep netatalk
# apt-get install cracklib2-dev fakeroot libssl-dev
# apt-get source netatalk
# cd netatalk-2*
# DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot

Install modified version of netatalk

# dpkg -i ../netatalk_2*.deb
# echo "netatalk hold" | dpkg --set-selections

/etc/default/netatalk

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

/etc/netatalk/afpd.conf

- -transall -uamlist uams_dhx.so -nosavepassword

/etc/netatalk/AppleVolumes.default

/home/seb "Seb's share" allow:seb

Start netatalk

/etc/init.d/netatalk start

Advertise the service with Avahi

You can skip this step, but it’d mean the server doesn’t magically appear as a Shared drive in your Finder.

apt-get install avahi-daemon

/etc/avahi/services/afpd.service

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h AFP</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

# /etc/init.d/avahi-daemon restart

Firewall :

Allow tcp/548 (netatalk) and tcp/5353 (avahi)