homebox

Product Overview: Homebox

Homebox is a suite of Ansible scripts designed to deploy a fully functional mail server on Debian, focusing on stability, security, and ease of use. This project provides a comprehensive solution for setting up a personal mail server or private cloud, allowing users to host their own email services with minimal hassle.

Main Features:

1. Automatic Repository Creation: Homebox includes a small and secure Git server per user, which automatically creates a new repository on the first push.
2. YAML Files Validation: The project uses Travis-CI for YAML files validation on each commit.
3. End-to-End Integration Tests: Most components have end-to-end integration tests to ensure stability and reliability.
4. Playbooks for Development Packages: Homebox includes playbooks to facilitate the installation or removal of development packages, making it easier to work with the project.
5. Global Debug Flag: A global debug flag can be activated to enable debug mode for all components.
6. Fully Open-Source Ansible Scripts: The project is fully open-source, licensed under GPLv3.
7. System Installation and Features:
   • Installs packages only from Debian stable (Bookworm).
   • Generates automatic Let's Encrypt certificates using DNS challenge.
   • Provides automatic security updates.
   • Offers centralized authentication with an LDAP users database and password policies.
   • Activates AppArmor with a profile for all daemons.
   • Generates random passwords and saves them using pass.
   • Supports flexible IP address options (IPv4 only, IPv6 only, or both).
   • Includes an embedded DNS server with CAA, DNSSEC, and SSH fingerprint (SSHFP) records.
   • Implements automatic firewall rules for inbound, outbound, and forwarding traffic using nftables.
   • Restricts outbound traffic to the minimum.
   • Automatically updates DNS servers and glue records on Gandi.
   • Configures OpenPGP Web Key Directory automatically.

Overall, Homebox provides a comprehensive solution for setting up a personal mail server or private cloud, with a focus on stability, security, and ease of use.