Vitruvius on lead pipes

I recently received a copy of Vitruvius’s On Architecture. This is a guide for professional engineers written in about BCE10. Vitruvius worked for Julius Caeser and was granted a pension by Augustus.

The first impression is of a modern attitude towards engineering. Whilst some of the conclusions are not in alignment with modern thinking the overall impression is that you could take this book, follow the instructions and the results would be satisfactory. The theory as to why you should do certain things is dubious, but the conclusions seem sound.

I’ve only browsed the book so far, but my biggest surprise is that he says lead pipes are poisonous:

Besides, water from terracotta pipes is much more healthy than that taken through lead pipes, which seems to be particularly damaging seeing that white lead, said to be harmful to the human organism, derives from lead.

So it is obvious that water should never be conducted in lead pipes if we want it to be beneficial to our health.

This was over 2000 years ago. I’d always thought that lead being toxic was a modern discovery. I grew up with:

  • Leaded petrol
  • Lead in paint
  • Lead water pipes (lots still around and in use)

So I am boggled that lead was known to be a problem over 2000 years ago!

Rebuilding steel-framed bike

One option to get fitter, reduce car costs and reduce carbon emissions is to:

  1. Drive myself and the kids to school in the car;
  2. Get bike out of the car boot and cycle home;
  3. Cycle back in at pick up time, dismantle bike and put it back in the boot of the car;
  4. Get kids and drive back in the car.

I discovered that a bike my dad bought me for school will fit in the boot of the car with its wheels off. It is a nice bike – great fun to ride. However the freewheel was free in both directions and the paint was coming off, leading to rust.

First stage was to strip off the old paint. I was going to get the frame shot-blasted and powder coated. However I couldn’t find anyone locally to do this – most calls went unreturned – and I didn’t want to put the frame in the post due to the risk of damage. For this bike I don’t really care what it looks like – the paint needs to stop rust and if it looks rough it is less likely to get stolen.

Continue reading

Debian exim/dovecot email server with Saltstack – Installation

I develop the Salt scripts against a local VM. Once it is time to deploy remotely the process is as follows:

  1. Start up the VM with provider of choice (I use and recommend Bytemark)
  2. Log in via SSH
  3. Add the appropriate Saltstack Package Repoisitory
  4. apt-get update
  5. apt-get upgrade
  6. apt-get install salt-minion
  7. Configure the SaltStack Minion to run masterless: edit /etc/salt/minion and ensure that file_client: local is set.
  8. Tar up the SaltStack configuration files you’ve created, scp them across to the server, and tar xzf them out into /srv/salt/
  9. salt-call --local state.apply
  10. Now wait a bit. Hopefully there won’t be any errors.
  11. /usr/sbin/update-exim4.conf
  12. systemctl restart exim4
Continue reading

Debian exim/dovecot email server with Saltstack – Security

A couple of basic security utilities: fail2ban and logcheck.

srv/salt/fail2ban.sls

Fail2ban scans the SSHD log files looking for failed login attempts. After a few attempts from one IP address it adds a firewall rule to block that IP address from further connections. Given that any SSHD exposed to the Internet will receive a continuous stream of connection attempts within seconds of going online, protection of this kind is very necessary.

Continue reading

Debian exim/dovecot email server with Saltstack – SSL Certificates

I’m going to install a couple of services – SMTP (exim) and IMAP (dovecot) – and I want to share the SSL key and certificate between them. Having separate certificates for each is additional hassle when it comes to updating them.

Thus I’ve got a sslcerts.sls file to manage the certificate installation which I can share between exim.sls and dovecot.sls.

Continue reading

Debian exim/dovecot email server with Saltstack – Dovecot IMAP

I use Dovecot as my IMAP/IMAPS server – it has always worked very reliably for me.

srv/salt/dovecot.sls

First, this file needs to include sslcerts.sls to make sure that the certificates are installed. Dovecot starts as root so it doesn’t need any special groups to get access to the key.

Once the packages are installed there is a bit of configuration to set up:

  • Configure the system to use Maildir format;
  • Get rid of any configuration to use mbox format;
  • Ensure that SSL is turned on and that the ssl_cert and ssl_key values are set correctly;
  • Ensure that SSL isn’t turned off.
Continue reading

Debian exim/dovecot email server with Saltstack – Exim

srv/salt/exim.sls

This YAML file is responsible for installing and configuring exim. First thing is to install SASL to handle authentication – exim needs access to the passwords and SASL is one of the standard ways to do this.

As discussed previously I’ve chosen to install the SSL certificates centrally in /etc/ssl; I’ve set up a group ssl-cert to allow access to these. Exim also needs to run under the sasl group to get access to the authentication daemon.

Debian uses a complex configuration system for exim. This makes it easy to configure with Saltstack – we can just add our configuration to the default and Debian will put it all together for us. However it must be noted that there appears to be a bug in Saltstack at present – it should be able to tell Debian to update the configuration when a file changes but at present I’m getting infinite recursion so that bit is commented out for now.

Continue reading