can reach them provided they have appropriate read/write rights on the file

  itself, and provided they know the exact path of the file.

* Deploys CA certificate files, normally used for truststore purposes, to

* Installs ``ferm`` (for iptables management), configuring a basic firewall

  which allows ICMP echo requests (PING), incoming connection on TCP port 22

  (SSH), and also introduces rate-limitting for incoming ICMP echo request

  of the package.

**ca_certificates** (list, optional, ``{}``)

**incoming_connection_limit** (string, optional, ``3/second``)

  Rate at which the incoming ICMP echo-request packages and new TCP connections

    - debconf-utils

  ca_certificates:

  incoming_connection_limit: 2/second

1. Install the necessary system packages (using the ``root`` account)::

2. Set-up the virtual environment (using the ``ansible`` account):

     mkdir ~/mysite/

     mkvirtualenv -a ~/mysite/ mysite

     pip install 'ansible~=2.1'

      tls_private_key_dir: "~/mysite/tls/"

      tls_certificate_dir: "~/mysite/tls/"

      ca_certificates:

8. And now as finishing touch, simply run the playbooks again::

          # Create first a couple of user entries. Don't forget to set the

          # "mail" attribute for them.

          - dn: uid=johndoe,ou=people,dc=example,dc=com

          - dn: uid=janedoe,ou=people,dc=example,dc=com

          # Now, let's add the two users to the mail group. Observe that we use

          # the "state: append" option. This is a bit of a cheat since the

          # the group, and instead add the attributes to it (in this case we add

          # the two users from above).

          - dn: cn=mail,ou=groups,dc=example,dc=com

            state: append

          # Let's register our domain in LDAP directory.

          - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com

          # Finally, for the lolz, let's also add the standard postmaster alias

          # for our domain.

          - dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com

5. Once again, before we apply the configuration, we must make sure the

   necessary TLS private keys and certificates are available. In this particular

          # the group, and instead add the attributes to it (in this case we add

          # the two users).

          - dn: cn=xmpp,ou=groups,dc=example,dc=com

            state: append

5. Do you know what comes next? Yes! Create some more TLS private keys

   and certificates, this time for our XMPP server ;)

           # uid/gid usage, this is useful. Take note that below value is used

           # for both the dedicated uid and gid for application user.

           uid: 2000

         # And this role sets up a new dedicated database for our web

         # application.

         - role: database

           # Again, not mandatory, but it is good to have some sort of policy

           # for assigning UIDs.

           uid: 2001

           # These are additional packages that should be installed in the

           # virtual environment.

           virtualenv_packages:

           # This is the name of the WSGI application to

           # serve. wiki_example_com.wsgi will be the Python "module" that is

           # accesed, while application is the object instantiated within it (the

   file. Take into account that you can use pretty much any globbing pattern

   supported by Duplicity.

   :file:`~/mysite/roles/tbg/meta/main.yml`

   ::

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtp_tls_security_level=verify

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

  - unzip

ca_certificates:

incoming_connection_limit: 2/second