{"id":19174630,"url":"https://github.com/equalitie/caislean","last_synced_at":"2025-05-07T18:21:05.831Z","repository":{"id":26613840,"uuid":"30069090","full_name":"equalitie/Caislean","owner":"equalitie","description":"Ansible recipes for deployment of secure communications systems","archived":false,"fork":false,"pushed_at":"2018-01-21T17:46:10.000Z","size":778,"stargazers_count":44,"open_issues_count":43,"forks_count":11,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-20T01:33:00.666Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://equalit.ie/activists-can-run-independent-and-secure-online-services-with-caislean/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/equalitie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-30T11:24:33.000Z","updated_at":"2025-04-11T00:43:24.000Z","dependencies_parsed_at":"2022-08-17T17:35:11.100Z","dependency_job_id":null,"html_url":"https://github.com/equalitie/Caislean","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equalitie%2FCaislean","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equalitie%2FCaislean/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equalitie%2FCaislean/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equalitie%2FCaislean/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/equalitie","download_url":"https://codeload.github.com/equalitie/Caislean/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252931815,"owners_count":21827171,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T10:18:34.042Z","updated_at":"2025-05-07T18:21:05.796Z","avatar_url":"https://github.com/equalitie.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Caislean\n\n*Caisleán - the Irish word for \"castle\". Pronounced \"cash-lawn\"*\n\nCaislean is a set of [Ansible](https://www.ansible.com)\n[recipes](https://docs.ansible.com/ansible/playbooks_intro.html) (also called\ncookbook or playbook) that you can use to set up and manage in **few simple\nsteps** one or more servers offering free and open-source **tools for\ncommunication and security** such as e-mail, a VPN and an instant messaging\nservice to communities and organizations.\n\nAll of the services included in these recipes have been carefully and\nmeticulously configured to ensure confidentiality, integrity and authenticity\nto users whenever they are interacting with the server\n\n\n## What does Caislean do?\n\nCaislean helps system administrators to set up one or more\n[secure](doc/security.md) servers **in few simple steps**.\n\nThe recipes install a set of free and open-source tools for communication,\nfile-sharing, secure Internet access and webhosting. Since Caislean is\n**modular**, you can decide either to roll out all services or to just choose\nthe ones you need.\n\nFurthermore, Caislean is designed to provide by default a good level of **basic\nserver security**, thanks to proper specific tweakings regarding TLS cipher\nlists, web server security options, files and directories permissions and\nownership, etc.\n\n\n## What services will the server offer?\n\nIf you point Caislean at a server, you will be able to offer several\n[secure](doc/security.md) services to your users. The cookbook has a **modular\nstructure**, so you can choose to provide all the services listed below or just\nsome of them (see \"How does Caislean work?\" below for more details).\n\n*  **Email**:  IMAP and SMTP over SSL via [Postfix](http://www.postfix.org/) and\n   [Dovecot](http://dovecot.org/), with a webmail interface via\n   [Roundcube](https://roundcube.net/).\n*  **Jabber/XMPP** instant messaging via [Prosody](https://prosody.im/).\n*  A **file hosting** service via [Owncloud](https://owncloud.org/).\n*  A **webserver** via [Nginx](http://nginx.org/en/).\n*  A [Wordpress](https://wordpress.org/)-based **blog**.\n*  An [OpenVPN](https://openvpn.net/) server and\n   [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) for Internet access\n   through a **VPN**.\n\nEach service will run in a **secure system** that grants confidentiality, integrity and\nauthenticity whenever users interact with the server.\n\n## Who is Caislean for?\n\nCaislean requires basic system administration skills and can therefore be used\nby anyone who has some familiarity with managing a server.\n\nThis makes it easy for single individuals, as well as for small groups and\norganizations who cannot afford to hire a tech team (or prefer to rely solely on\nvolunteers) to have their own [secure](doc/security.md) server and to offer to a\nnumber of users a set of tools for communication, file-sharing, secure Internet\naccess and webhosting.\n\n\n## What do I need to use Caislean?\n\n\n### Basic skills\n\nSetting up and managing a server with Caislean requires familiarity with\nGNU/Linux system administration, ease with the command line and some knowledge\nof server security best practices.\n\nIt is also important to understand how [Ansible\ncookbooks](https://docs.ansible.com/ansible/playbooks_intro.html) work, and\nbasic experience and understanding of the components that are going to be\ninstalled is also recommended. For instance, if you choose to use Caislean to\ninstall a mail server, you should know the basics of\n[Postfix](http://www.postfix.org/) and [Dovecot](http://dovecot.org/), if you\nintend to host a website or a blog, knowing the basics of\n[Nginx](http://nginx.org/en/) is recommended, and so on.\n\n\n### Technical requirements\n\n*  One or more dedicated servers (the **target system**) with typical Debian\n   requirements (see for instance the minimum hardware requirements for Debian\n   [Wheezy](https://www.debian.org/releases/wheezy/amd64/ch03s04.html.en) and\n   [Jessie](https://www.debian.org/releases/jessie/amd64/ch03s04.html.en)).  In\n   general, requirements will vary depending on the services you offer and on\n   the number of your users.\n    *  To better take care of the users whose data you will be hosting, it is\n       recommended to enable full disk encryption (FDE) on your target system.\n       This can only be done when you install the system and requires full\n       control over the Debian installation process (see the [server setup\n       guide](doc/debian-installation.md) for more information).\n    *  Only Debian 7 (Wheezy) and 8 (Jessie) are supported at the moment.\n    *  SSH access and access to root privileges are necessary.\n    *  The packages `python` and `python-apt` are required.\n    *  Read the [server setup guide](doc/debian-installation.md) for more details on\n       how to set up the target system.\n\n*  A **local machine** to run Caislean.\n    *  The machine where the recipes run must have\n       [Ansible](https://www.ansible.com) installed in version 1.8 or more\n       recent. It is packaged in most GNU/Linux distributions.\n    *  Some components require the manual use of additional software such as\n       OpenSSL and GnuPG.\n    *  Indeed, you also need a copy of the Caislean git repository, that you can\n       get through this command:\n\n\t    git clone https://github.com/equalitie/Caislean/\n\n\n## How does Caislean work?\n\nOnce you have installed and set up your [target system](doc/debian-installation.md)\nand have everything you need in your local machine, have a look at the Caislean\ndirectory you have just downloaded.\n\nThe repository follows the usual Ansible structure: each component sits in an\nAnsible role, in the `roles` directory.\n\nCaislean has a **modular structure**, which means that while certain roles are\nnecessary to run all or most of the services, other roles correspond to the\nsingle services you may want to offer. So if, for example, you just want to\noffer your users a Jabber/XMPP service and a VPN, your configuration files won't\nhave to include the roles that are needed for email and Wordpress.\n\nIn each role's detailed documentation (in the `role-doc` directory) you will\nalso find a list of the necessary roles that you need to launch for that module\nto work. But to be sure, in the `doc` directory you will also find an [overview\nof the roles](doc/roles_list.md) where roles that are fundamental for the server\nto run correctly are separated from the roles for each single service.\n\n\n## How to launch Caislean\n\nAfter reading the documentation for each module you need to install, you can\nstart configuring your cookbook:\n\n* write your inventory file (see [ansible_hosts.example](ansible_hosts.example)\n  for a simple example);\n* specify the components you want on each target system by writing a playbook\n  (an example is given in [site.yml.example](site.yml.example)) that matches one\n  or several hosts from your inventory file;\n* configure the necessary variables required by the roles you selected by\n  writing host variable files in the `host_vars` directory (see the example file\n  in that directory): each role requires a number of variables to be set -- read\n  the documentation for each role (in the `role-doc` directory) to learn how to\n  configure the variables according to your needs;\n* please, note that the roles you select may require a few manual steps: read\n  the documentation to make sure you perform them all.\n\nOnce these steps are completed, run your cookbook from the root of the\nrepository tree:\n\n\t    ansible-playbook -i ansible_hosts site.yml\n\nYou may need to use some of these additional options on the command line,\ndepending on your case:\n\n- `-u \u003cuser\u003e` to specify the remote user to connect as;\n- `-l \u003chostname or group\u003e` to apply the cookbook just to one hostname or group\n  defined in your inventory;\n- `-K` to make Ansible prompt for a `su` or `sudo` password so that it obtains\n  the right privileges on the target system.\n* `-vvvv` to obtain a verbose output and check for errors.\n\n\n## Contacts/Troubleshooting\n\nTo report a bug, ask questions or provide feedback of any kind, open an issue in\nCaislean's [Github project](https://github.com/equalitie/Caislean/issues) or\nwrite to: caislean@equalit.ie.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequalitie%2Fcaislean","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fequalitie%2Fcaislean","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequalitie%2Fcaislean/lists"}