Merge branch 'master' into backup

Sergio Oliveira
2 parents ea748818 039e2ae8
Showing 58 changed files with 2269 additions and 1423 deletions Show diff stats
.gitignore
Rakefile
Vagrantfile
config/dev/config.yaml
config/dev/ips.yaml
config/dev/iptables-filter-rules
config/dev/ssh_config
config/development/config.yaml
config/development/ips.yaml
config/development/iptables-filter-rules
config/development/ssh_config
config/homologa/config.yaml
config/homologa/ips.yaml
config/homologa/iptables-filter-rules
config/homologa/ssh_config
config/local/config.yaml
config/production/config.yaml
cookbooks/basics/files/default/is-a-container
cookbooks/basics/files/default/selinux-enabled
cookbooks/basics/files/default/selinux-install-module
 /utils/obs/isv*
 /Gemfile.lock
 /config/local/ssh_config
+/config/lxc/
 /.tmp
 /tmp
 /docs/_build
+/docs/dns.rst
 /.*.html
 /local.rake
 *.swp
+require 'yaml'
+
 begin
   load 'local.rake'
 rescue LoadError
@@ -13,15 +15,40 @@ iptables_file = &quot;config/#{$SPB_ENV}/iptables-filter-rules&quot;
 ENV['CHAKE_SSH_CONFIG'] = ssh_config_file
+if $SPB_ENV == 'lxc'
+  system("mkdir -p config/lxc; sudo lxc-ls -f -F name,ipv4 | sed -e '/^softwarepublico/ !d; s/softwarepublico_//; s/_[0-9_]*/:/ ' > #{ips_file}.new")
+  begin
+    ips = YAML.load_file("#{ips_file}.new")
+    raise ArgumentError unless ips.is_a?(Hash)
+    FileUtils.mv ips_file + '.new', ips_file
+  rescue Exception => ex
+    puts ex.message
+    puts
+    puts "Q: did you boot the containers first?"
+    exit
+  end
+  config = YAML.load_file('config/local/config.yaml')
+  config['external_ip'] = ips['reverseproxy']
+  config['relay_ip'] = ips['email']
+  File.open(config_file, 'w') do |f|
+    f.puts(YAML.dump(config))
+  end
+
+  File.open('config/lxc/iptables-filter-rules', 'w') do |f|
+    lxc_host_bridge_ip = '192.168.122.1' # FIXME don't hardcode
+    f.puts "-A INPUT -s #{lxc_host_bridge_ip} -p tcp -m state --state NEW --dport 22 -j ACCEPT"
+  end
+end
+
 require 'chake'
 if Chake::VERSION < '0.4.3'
   fail "Please upgrade to chake 0.4.3+"
 end
-config = YAML.load_file(config_file)
-ips = YAML.load_file(ips_file)
-firewall = File.open(iptables_file).read
+ips ||= YAML.load_file(ips_file)
+config ||= YAML.load_file(config_file)
+firewall ||= File.open(iptables_file).read
 $nodes.each do |node|
   node.data['config'] = config
   node.data['peers'] = ips
@@ -38,13 +65,41 @@ task :test do
 end
 file 'ssh_config.erb'
-file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb', 'Rakefile'] do |t|
-  require 'erb'
-  template = ERB.new(File.read('ssh_config.erb'))
-  File.open(t.name, 'w') do |f|
-    f.write(template.result(binding))
+if ['local', 'lxc'].include?($SPB_ENV)
+  file ssh_config_file => ['nodes.yaml', ips_file, 'ssh_config.erb', 'Rakefile'] do |t|
+    require 'erb'
+    template = ERB.new(File.read('ssh_config.erb'))
+    File.open(t.name, 'w') do |f|
+      f.write(template.result(binding))
+    end
+    puts 'ERB %s' % t.name
   end
-  puts 'ERB %s' % t.name
+end
+
+task :backup => ssh_config_file do
+  # setup
+  sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', 'rm -rf /tmp/backups'
+  sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', 'rm -rf /tmp/backups'
+  sh 'mkdir', '-p', 'backups'
+  # integration
+  sh 'scp', '-F', ssh_config_file, 'utils/migration/backup_integration.sh', 'integration:/tmp'
+  sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', '/tmp/backup_integration.sh'
+  sh 'scp', '-F', ssh_config_file, 'integration:/tmp/backups/*', 'backups/'
+  # social
+  sh 'scp', '-F', ssh_config_file, 'utils/migration/backup_social.sh', 'social:/tmp'
+  sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', '/tmp/backup_social.sh'
+  sh 'scp', '-F', ssh_config_file, 'social:/tmp/backups/*', 'backups/'
+end
+
+task :restore => ssh_config_file do
+  #integration
+  sh 'scp', '-r', '-F', ssh_config_file, 'backups', 'integration:/tmp'
+  sh 'scp', '-F', ssh_config_file, 'utils/migration/restore_integration.sh', 'integration:/tmp'
+  sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', '/tmp/restore_integration.sh'
+  #social
+  sh 'scp', '-r', '-F', ssh_config_file, 'backups', 'social:/tmp'
+  sh 'scp', '-F', ssh_config_file, 'utils/migration/restore_social.sh', 'social:/tmp'
+  sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', '/tmp/restore_social.sh'
 end
 task :backup => ssh_config_file do
@@ -98,3 +153,5 @@ task :preconfig =&gt; ssh_config_file do
     end
   end
 end
+
+Dir.glob('tasks/*.rake').each { |f| load f }
@@ -7,34 +7,49 @@ require &#39;yaml&#39;
 VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = ENV.fetch("VAGRANT_BOX", 'centos7')
+  config.vm.box = ENV.fetch("VAGRANT_BOX", 'chef/centos-7.0')
   proxy = ENV['http_proxy'] || ENV['HTTP_PROXY']
   if proxy
     config.vm.provision 'shell', path: 'utils/proxy.sh', args: [proxy]
   end
-  ips = YAML.load_file('config/local/ips.yaml')
+  load './local.rake' if File.exists?('local.rake')
+  env = ENV.fetch('SPB_ENV', 'local')
+
+  if File.exist?("config/#{env}/ips.yaml")
+    ips = YAML.load_file("config/#{env}/ips.yaml")
+  else
+    ips = nil
+  end
   config.vm.define 'database' do |database|
-    database.vm.network 'private_network', ip: ips['database']
+    database.vm.provider "virtualbox" do |vm|
+      database.vm.network 'private_network', ip: ips['database'] if ips
+    end
   end
   config.vm.define 'integration' do |integration|
-    integration.vm.network 'private_network', ip: ips['integration']
-    integration.vm.provider "virtualbox" do |v|
-      v.memory = 1024
-      v.cpus = 2
+    integration.vm.provider "virtualbox" do |vm|
+      integration.vm.network 'private_network', ip: ips['integration'] if ips
+      vm.memory = 1024
+      vm.cpus = 2
     end
   end
   config.vm.define 'email' do |email|
-    email.vm.network 'private_network', ip: ips['email']
+    email.vm.provider "virtualbox" do |vm|
+      email.vm.network 'private_network', ip: ips['email'] if ips
+    end
   end
   config.vm.define 'social' do |social|
-    social.vm.network 'private_network', ip: ips['social']
+    social.vm.provider "virtualbox" do |vm|
+      social.vm.network 'private_network', ip: ips['social'] if ips
+    end
   end
   config.vm.define 'reverseproxy' do |reverseproxy|
-    reverseproxy.vm.network 'private_network', ip: ips['reverseproxy']
-    if File.exist?('tmp/preconfig.local.stamp')
-      reverseproxy.ssh.port =  File.read('tmp/preconfig.local.stamp').strip.to_i
+    reverseproxy.vm.provider "virtualbox" do |vm|
+      reverseproxy.vm.network 'private_network', ip: ips['reverseproxy'] if ips
+    end
+    if File.exist?("tmp/preconfig.#{env}.stamp")
+      reverseproxy.ssh.port =  File.read("tmp/preconfig.#{env}.stamp").strip.to_i
       reverseproxy.ssh.host = ips['reverseproxy']
     end
   end
@@ -0,0 +1,15 @@
+admins:
+  - ["Paulo Meirelles", "paulo@softwarelivre.org"]
+external_hostname: dev.softwarepublico.gov.br
+external_ip: 189.9.151.16
+site_url: https://dev.softwarepublico.gov.br
+colab_from_address: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
+server_email: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
+email_subject_prefix: '[spb|dev]'
+lists_hostname: listas.dev.softwarepublico.gov.br
+lists_admin: paulo@softwarelivre.org
+from_address: noreply@dev.softwarepublico.gov.br
+relay_hostname: relay.dev.softwarepublico.gov.br
+relay_ip: 189.9.151.44
+external_outgoing_mail_relay: 189.9.150.53
+external_outgoing_mail_domain: serpro.gov.br
@@ -0,0 +1,5 @@
+reverseproxy: 10.18.0.15
+database: 10.18.0.16
+social: 10.18.0.17
+email: 10.18.0.18
+integration: 10.18.0.19
@@ -0,0 +1,23 @@
+
+-A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+-A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
+-A INPUT -s 200.198.196.192/26 -p icmp --icmp-type 8 -j ACCEPT
+-A INPUT -s 200.198.196.201/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -s 200.198.196.206/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+
+-A INPUT -s 189.9.150.85/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
+
+
+# UnB
+-A INPUT -s 164.41.86.12/32 -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT
+-A INPUT -s 164.41.9.36/32  -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
+
+
+# Sergio Oliveira
+-A INPUT -s 179.111.229.232/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
+
+
+-A INPUT -s 10.18.0.0/16 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
+-A INPUT -s 10.18.0.0/16 -p icmp --icmp-type 8 -j ACCEPT
+-A INPUT -s 189.9.137.239/32 -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
+-A INPUT -s 189.9.137.239/32 -p icmp --icmp-type 8 -j ACCEPT
@@ -0,0 +1,30 @@
+Host *
+  ForwardAgent yes
+
+Host reverseproxy
+  Hostname 189.9.151.16
+  User spb
+
+Host database
+  Hostname 10.18.0.16
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.16 nc %h %p
+
+Host social
+  Hostname 10.18.0.17
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.16 nc %h %p
+
+Host email
+  Hostname 10.18.0.18
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.16 nc %h %p
+
+Host integration
+  Hostname 10.18.0.19
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.16 nc %h %p
@@ -1,13 +0,0 @@
-admins:
-  -
-    - Paulo Meirelles
-    - paulo@softwarelivre.org
-external_hostname: dev.softwarepublico.gov.br
-site_url: https://dev.softwarepublico.gov.br
-colab_from_address: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
-server_email: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
-email_subject_prefix: '[spb|dev]'
-lists_hostname: listas.dev.softwarepublico.gov.br
-lists_admin: paulo@softwarelivre.org
-relay_hostname: relay.dev.softwarepublico.gov.br
-from_address: noreply@dev.softwarepublico.gov.br
@@ -1,5 +0,0 @@
-reverseproxy: 10.18.0.15
-database: 10.18.0.16
-social: 10.18.0.17
-email: 10.18.0.18
-integration: 10.18.0.19
@@ -1,23 +0,0 @@
-
--A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
--A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
--A INPUT -s 200.198.196.192/26 -p icmp --icmp-type 8 -j ACCEPT
--A INPUT -s 200.198.196.201/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
--A INPUT -s 200.198.196.206/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-
--A INPUT -s 189.9.150.85/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
-
-
-# UnB
--A INPUT -s 164.41.86.12/32 -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT
--A INPUT -s 164.41.9.36/32  -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
-
-
-# Sergio Oliveira
--A INPUT -s 179.111.229.232/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
-
-
--A INPUT -s 10.18.0.0/16 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
--A INPUT -s 10.18.0.0/16 -p icmp --icmp-type 8 -j ACCEPT
--A INPUT -s 189.9.137.239/32 -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
--A INPUT -s 189.9.137.239/32 -p icmp --icmp-type 8 -j ACCEPT
@@ -1,30 +0,0 @@
-Host *
-  ForwardAgent yes
-
-Host reverseproxy
-  Hostname 189.9.151.16
-  User spb
-
-Host database
-  Hostname 10.18.0.16
-  User spb
-  # connect via reverseproxy host
-  ProxyCommand ssh spb@189.9.151.16 nc %h %p
-
-Host social
-  Hostname 10.18.0.17
-  User spb
-  # connect via reverseproxy host
-  ProxyCommand ssh spb@189.9.151.16 nc %h %p
-
-Host email
-  Hostname 10.18.0.18
-  User spb
-  # connect via reverseproxy host
-  ProxyCommand ssh spb@189.9.151.16 nc %h %p
-
-Host integration
-  Hostname 10.18.0.19
-  User spb
-  # connect via reverseproxy host
-  ProxyCommand ssh spb@189.9.151.16 nc %h %p
@@ -0,0 +1,16 @@
+admins:
+  - ["Nayanne Araújo", "nayanne.bonifacio@planejamento.gov.br"]
+  - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"]
+external_hostname: homologa.softwarepublico.gov.br
+external_ip: 189.9.151.65
+site_url: https://homologa.softwarepublico.gov.br
+colab_from_address: '"Portal do Software Publico (homologação)" <noreply@homologa.softwarepublico.gov.br>'
+server_email: '"Portal do Software Publico (homologação)" <noreply@homologa.softwarepublico.gov.br>'
+email_subject_prefix: '[spb]'
+lists_hostname: listas.homologa.softwarepublico.gov.br
+lists_admin: nayanne.bonifacio@planejamento.gov.br
+from_address: noreply@homologa.softwarepublico.gov.br
+relay_hostname: relay.homologa.softwarepublico.gov.br
+relay_ip: 189.9.151.66
+external_outgoing_mail_relay: 189.9.150.53
+external_outgoing_mail_domain: serpro.gov.br
@@ -0,0 +1,5 @@
+reverseproxy: 10.0.13.2
+database: 10.0.13.6
+social: 10.0.13.4
+email: 10.0.13.5
+integration: 10.0.13.7
@@ -0,0 +1 @@
+# nothing yet
@@ -0,0 +1,35 @@
+Host *
+  ForwardAgent yes
+
+Host reverseproxy.unconfigured
+  Hostname 189.9.151.65
+  User spb
+
+Host reverseproxy
+  Hostname 10.0.13.2
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.65 nc %h %p
+
+Host database
+  Hostname 10.0.13.6
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.65 nc %h %p
+
+Host social
+  Hostname 10.0.13.4
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.65 nc %h %p
+
+Host email
+  Hostname 10.0.13.5
+  User spb
+  # connect via reverseproxy host
+  ProxyCommand ssh spb@189.9.151.65 nc %h %p
+
+Host integration
+  Hostname 10.0.13.7
+  User spb
+  # Porta 22 de 189.9.151.65 cai aqui entao nao precisa de ProxyCommand
 admins:
-  -
-    - Paulo Meirelles
-    - paulo@softwarelivre.org
-external_hostname: softwarepublico.dev
+  - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 site_url: https://softwarepublico.dev
+external_hostname: softwarepublico.dev
+external_ip: 10.10.10.6
 colab_from_address: '"Portal do Software Publico" <noreply@softwarepublico.dev>'
 server_email: '"Portal do Software Publico" <noreply@softwarepublico.dev>'
 email_subject_prefix: '[spb]'
 lists_hostname: listas.softwarepublico.dev
 lists_admin: paulo@softwarelivre.org
 relay_hostname: relay.softwarepublico.dev
+relay_ip: 10.10.10.3
 alt_ssh_port: 5555
 from_address: noreply@softwarepublico.dev
 admins:
-  -
-    - Paulo Meirelles
-    - paulo@softwarelivre.org
+  - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 external_hostname: beta.softwarepublico.gov.br
+external_ip: 164.41.9.49
 site_url: https://beta.softwarepublico.gov.br
 colab_from_address: '"Portal do Software Publico" <noreply@beta.softwarepublico.gov.br>'
 server_email: '"Portal do Software Publico" <noreply@beta.softwarepublico.gov.br>'
@@ -10,5 +9,6 @@ email_subject_prefix: &#39;[spb]&#39;
 lists_hostname: listas.softwarepublico.gov.br
 lists_admin: paulo@softwarelivre.org
 relay_hostname: relay.softwarepublico.gov.br
+relay_ip: 164.41.9.48
 alt_ssh_port: 55555
 from_address: noreply@softwarepublico.gov.br
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# MANAGED WITH CHEF; DO NOT CHANGE BY HAND
+
+set -e
+
+if grep -q '/$' /proc/1/cgroup; then
+  # "Real" system
+  exit 1
+else
+  # container
+  exit 0
+fi
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# MANAGED WITH CHEF; DO NOT CHANGE BY HAND
+
+set -e
+
+selinux_status=$(sestatus | sed -e '/^SELinux status:/ !d; s/.*\s//')
+[ "$selinux_status" = 'enabled' ]
@@ -9,6 +9,12 @@ if [ $# -ne 1 ]; then
   exit 1
 fi
+selinux_status=$(sestatus | sed -e '/^SELinux status:/ !d; s/.*\s//')
+if ! selinux-enabled; then
+  echo "I: SELinux disabled, skipping"
+  exit 0
+fi
+
 input="$1"
 directory=$(dirname "$input")
@@ -10,8 +10,19 @@ cookbook_file &#39;/etc/selinux/config&#39; do
   group   'root'
   mode    0644
 end
-execute 'setenforce Enforcing'
-execute 'setsebool httpd_can_network_connect 1'
+
+cookbook_file '/usr/local/bin/selinux-enabled' do
+  owner   'root'
+  group   'root'
+  mode    '0755'
+end
+
+execute 'setenforce Enforcing' do
+  only_if 'selinux-enabled'
+end
+execute 'setsebool httpd_can_network_connect 1' do
+  only_if 'selinux-enabled'
+end
 # directory for local type enforcements
 directory '/etc/selinux/local' do
   owner   'root'
@@ -32,8 +43,14 @@ package &#39;less&#39;
 package 'htop'
 package 'ntp'
+cookbook_file '/usr/local/bin/is-a-container' do
+  owner   'root'
+  group   'root'
+  mode    '0755'
+end
 service 'ntpd' do
   action [:enable, :start]
+  not_if 'is-a-container'
 end
 service 'firewalld' do
@@ -46,3 +46,10 @@ execute &#39;transport:postmap&#39; do
   command "postmap /etc/postfix/transport"
   action :nothing
 end
+
+external_relay = node['config']['external_outgoing_mail_relay']
+if external_relay
+  execute "postconf relayhost=#{external_relay}"
+else
+  execute 'postconf -X relayhost'
+end
@@ -33,5 +33,5 @@ COMMIT
 *nat
-<%= render 'iptables-nat.erb' if node.hostname == 'reverseproxy' %>
+<%= render 'iptables-nat.erb' %>
 COMMIT
@@ -0,0 +1,2 @@
+
+
 # Allow access to Postfix
--A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport 25 -j ACCEPT
--A INPUT -s <%= node['peers']['social'] %> -p tcp -m state --state NEW --dport 25 -j ACCEPT
--A INPUT -s <%= node['peers']['database'] %> -p tcp -m state --state NEW --dport 25 -j ACCEPT
--A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW --dport 25 -j ACCEPT
+-A INPUT -p tcp -m state --state NEW --dport 25 -j ACCEPT
@@ -0,0 +1,2 @@
+
+
@@ -0,0 +1,2 @@
+
+
@@ -0,0 +1,2 @@
+
+
@@ -18,7 +18,8 @@ end
 execute 'gitlab:setup' do
   user 'git'
   cwd '/usr/lib/gitlab'
-  command 'yes yes | bundle exec rake db:setup RAILS_ENV=production'
+  command 'yes yes | bundle exec rake db:setup RAILS_ENV=production && touch /var/lib/gitlab/setup.done'
+  not_if { File.exists?('/var/lib/gitlab/setup.done') }
   action :nothing
   notifies :restart, 'service[gitlab]'
@@ -42,6 +42,10 @@ execute &#39;plugins:enable&#39; do
   command '/usr/lib/noosfero/script/noosfero-plugins enable ' + plugins.join(' ')
 end
+execute 'plugins:activate' do
+    command "RAILS_ENV=production bundle exec rake noosfero:plugins:enable_all_plugins"
+end
+
 execute 'theme:enable' do
   command 'psql -h database -U noosfero --no-align --tuples-only -q -c "update environments set theme=\'noosfero-spb-theme\' where id=1;"'
 end
@@ -12,7 +12,9 @@ cookbook_file &quot;/etc/sysctl.d/ip_forward.conf&quot; do
   mode 0644
 end
-execute 'sysctl -w net.ipv4.ip_forward=1'
+execute 'sysctl -w net.ipv4.ip_forward=1' do
+  not_if 'is-a-container'
+end
 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.key" do
   owner 'root'
-# Makefile for Sphinx documentation
-#
-
-# You can set these variables from the command line.
-SPHINXOPTS    =
-SPHINXBUILD   = sphinx-build
-PAPER         =
-BUILDDIR      = _build
-
-# User-friendly check for sphinx-build
-ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
-$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
-endif
-
-# Internal variables.
-PAPEROPT_a4     = -D latex_paper_size=a4
-PAPEROPT_letter = -D latex_paper_size=letter
-ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
-# the i18n builder cannot share the environment and doctrees with the others
-I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
-
-.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
-
-help:
-	@echo "Please use \`make <target>' where <target> is one of"
-	@echo "  html       to make standalone HTML files"
-	@echo "  dirhtml    to make HTML files named index.html in directories"
-	@echo "  singlehtml to make a single large HTML file"
-	@echo "  pickle     to make pickle files"
-	@echo "  json       to make JSON files"
-	@echo "  htmlhelp   to make HTML files and a HTML help project"
-	@echo "  qthelp     to make HTML files and a qthelp project"
-	@echo "  devhelp    to make HTML files and a Devhelp project"
-	@echo "  epub       to make an epub"
-	@echo "  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
-	@echo "  latexpdf   to make LaTeX files and run them through pdflatex"
-	@echo "  latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
-	@echo "  text       to make text files"
-	@echo "  man        to make manual pages"
-	@echo "  texinfo    to make Texinfo files"
-	@echo "  info       to make Texinfo files and run them through makeinfo"
-	@echo "  gettext    to make PO message catalogs"
-	@echo "  changes    to make an overview of all changed/added/deprecated items"
-	@echo "  xml        to make Docutils-native XML files"
-	@echo "  pseudoxml  to make pseudoxml-XML files for display purposes"
-	@echo "  linkcheck  to check all external links for integrity"
-	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
-
-clean:
-	rm -rf $(BUILDDIR)/*
-
-html:
-	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
-	@echo
-	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
-
-dirhtml:
-	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
-	@echo
-	@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
-
-singlehtml:
-	$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
-	@echo
-	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
-
-pickle:
-	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
-	@echo
-	@echo "Build finished; now you can process the pickle files."
-
-json:
-	$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
-	@echo
-	@echo "Build finished; now you can process the JSON files."
-
-htmlhelp:
-	$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
-	@echo
-	@echo "Build finished; now you can run HTML Help Workshop with the" \
-	      ".hhp project file in $(BUILDDIR)/htmlhelp."
-
-qthelp:
-	$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
+all:
+	@echo "Usage:"
 	@echo
-	@echo "Build finished; now you can run "qcollectiongenerator" with the" \
-	      ".qhcp project file in $(BUILDDIR)/qthelp, like this:"
-	@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/softwarepublico.qhcp"
-	@echo "To view the help file:"
-	@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/softwarepublico.qhc"
+	@echo "make html				Builds the documentation in HTML"
+	@echo "make latexpdf		Builds the documentation in PDF"
-devhelp:
-	$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
-	@echo
-	@echo "Build finished."
-	@echo "To view the help file:"
-	@echo "# mkdir -p $$HOME/.local/share/devhelp/softwarepublico"
-	@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/softwarepublico"
-	@echo "# devhelp"
-
-epub:
-	$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
-	@echo
-	@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
-
-latex:
-	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
-	@echo
-	@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
-	@echo "Run \`make' in that directory to run these through (pdf)latex" \
-	      "(use \`make latexpdf' here to do that automatically)."
-
-latexpdf:
-	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
-	@echo "Running LaTeX files through pdflatex..."
-	$(MAKE) -C $(BUILDDIR)/latex all-pdf
-	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
-
-latexpdfja:
-	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
-	@echo "Running LaTeX files through platex and dvipdfmx..."
-	$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
-	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
-
-text:
-	$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
-	@echo
-	@echo "Build finished. The text files are in $(BUILDDIR)/text."
-
-man:
-	$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
-	@echo
-	@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
-
-texinfo:
-	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
-	@echo
-	@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
-	@echo "Run \`make' in that directory to run these through makeinfo" \
-	      "(use \`make info' here to do that automatically)."
+SPB_ENV ?= local
-info:
-	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
-	@echo "Running Texinfo files through makeinfo..."
-	make -C $(BUILDDIR)/texinfo info
-	@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
-
-gettext:
-	$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
-	@echo
-	@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
+# autogenerated DNS documentation
+BUILT += _build/dns.rst
+_build/dns.rst: ../test/dns_test.sh
+	(cd .. && sh test/dns_test.sh --doc) > $@
-changes:
-	$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
-	@echo
-	@echo "The overview file is in $(BUILDDIR)/changes."
+BUILT += $(patsubst %.svg, _build/%.png, $(wildcard *.svg))
+_build/%.png: %.svg
+	inkscape --export-area-page --export-width=800 --export-width=600 --export-png=$@ $<
-linkcheck:
-	$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
-	@echo
-	@echo "Link check complete; look for any errors in the above output " \
-	      "or in $(BUILDDIR)/linkcheck/output.txt."
+BUILT += $(patsubst %.in, _build/%, $(wildcard *.in))
+_build/%: %.in build.rb
+	ruby -p build.rb $< > $@ || ($(RM) $@; false)
-doctest:
-	$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
-	@echo "Testing of doctests in the sources finished, look at the " \
-	      "results in $(BUILDDIR)/doctest/output.txt."
+CLEAN_FILES += $(BUILT)
-xml:
-	$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
-	@echo
-	@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
+html latexpdf: $(BUILT)
+	$(MAKE) -C _build $@
-pseudoxml:
-	$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
-	@echo
-	@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
+clean:
+	$(RM) $(BUILT)
+	$(MAKE) -C _build $@
@@ -0,0 +1,177 @@
+# Makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+PAPER         =
+BUILDDIR      = .
+
+# User-friendly check for sphinx-build
+ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
+$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
+endif
+
+# Internal variables.
+PAPEROPT_a4     = -D latex_paper_size=a4
+PAPEROPT_letter = -D latex_paper_size=letter
+ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+# the i18n builder cannot share the environment and doctrees with the others
+I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+
+.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
+
+help:
+	@echo "Please use \`make <target>' where <target> is one of"
+	@echo "  html       to make standalone HTML files"
+	@echo "  dirhtml    to make HTML files named index.html in directories"
+	@echo "  singlehtml to make a single large HTML file"
+	@echo "  pickle     to make pickle files"
+	@echo "  json       to make JSON files"
+	@echo "  htmlhelp   to make HTML files and a HTML help project"
+	@echo "  qthelp     to make HTML files and a qthelp project"
+	@echo "  devhelp    to make HTML files and a Devhelp project"
+	@echo "  epub       to make an epub"
+	@echo "  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
+	@echo "  latexpdf   to make LaTeX files and run them through pdflatex"
+	@echo "  latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
+	@echo "  text       to make text files"
+	@echo "  man        to make manual pages"
+	@echo "  texinfo    to make Texinfo files"
+	@echo "  info       to make Texinfo files and run them through makeinfo"
+	@echo "  gettext    to make PO message catalogs"
+	@echo "  changes    to make an overview of all changed/added/deprecated items"
+	@echo "  xml        to make Docutils-native XML files"
+	@echo "  pseudoxml  to make pseudoxml-XML files for display purposes"
+	@echo "  linkcheck  to check all external links for integrity"
+	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
+
+clean:
+	rm -rf $(BUILDDIR)/[a-z]*
+
+html:
+	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+
+dirhtml:
+	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
+
+singlehtml:
+	$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
+	@echo
+	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
+
+pickle:
+	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
+	@echo
+	@echo "Build finished; now you can process the pickle files."
+
+json:
+	$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
+	@echo
+	@echo "Build finished; now you can process the JSON files."
+
+htmlhelp:
+	$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
+	@echo
+	@echo "Build finished; now you can run HTML Help Workshop with the" \
+	      ".hhp project file in $(BUILDDIR)/htmlhelp."
+
+qthelp:
+	$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
+	@echo
+	@echo "Build finished; now you can run "qcollectiongenerator" with the" \
+	
+	@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/softwarepublico.qhcp"
+	@echo
+	@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/softwarepublico.qhc"
+
+devhelp:
+	$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
+	@echo
+	@echo "Build finished."
+	@echo
+	@echo "# mkdir -p $$HOME/.local/share/devhelp/softwarepublico"
+	@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/softwarepublico"
+	@echo "# devhelp"
+
+epub:
+	$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
+	@echo
+	@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
+
+latex:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo
+	@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
+	@echo "Run \`make' in that directory to run these through (pdf)latex" \
+	      "(use \`make latexpdf' here to do that automatically)."
+
+latexpdf:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through pdflatex..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+latexpdfja:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through platex and dvipdfmx..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+text:
+	$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
+	@echo
+	@echo "Build finished. The text files are in $(BUILDDIR)/text."
+
+man:
+	$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
+	@echo
+	@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
+
+texinfo:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo
+	@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
+	@echo "Run \`make' in that directory to run these through makeinfo" \
+	      "(use \`make info' here to do that automatically)."
+
+info:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo "Running Texinfo files through makeinfo..."
+	make -C $(BUILDDIR)/texinfo info
+	@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
+
+gettext:
+	$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
+	@echo
+	@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
+
+changes:
+	$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
+	@echo
+	@echo "The overview file is in $(BUILDDIR)/changes."
+
+linkcheck:
+	$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
+	@echo
+	@echo "Link check complete; look for any errors in the above output " \
+	      "or in $(BUILDDIR)/linkcheck/output.txt."
+
+doctest:
+	$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
+	@echo "Testing of doctests in the sources finished, look at the " \
+	      "results in $(BUILDDIR)/doctest/output.txt."
+
+xml:
+	$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
+	@echo
+	@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
+
+pseudoxml:
+	$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
+	@echo
+	@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
@@ -1,27 +0,0 @@
-digraph architecture {
-
-  subgraph cluster_0 {
-    style=filled;
-    color="#d3d7cf";
-    label = "Local network";
-    node [style=filled,fillcolor=white];
-
-    reverseproxy  [shape=box];
-    social        [shape=box];
-    email         [shape=box];
-    integration   [shape=box];
-    database      [shape=box];
-
-    reverseproxy -> social    [label="HTTP"];
-    social -> integration     [label="HTTP"];
-    social -> database        [label="PostgreSQL (5432)"];
-    integration -> database   [label="PostgreSQL (5432)"];
-    email -> integration      [label="SMTP"];
-
-  }
-
-  internet  -> reverseproxy   [label="HTTP"];
-  internet  -> email          [label="SMTP"];
-  email     -> internet       [label="SMTP"];
-
-}
@@ -0,0 +1,25 @@
+Arquitetura
+===========
+
+A arquitetura do SPB consiste em 5 servidores, representados na figura
+a seguir.
+
+.. image:: arquitetura.png
+
+Servidores e serviços
+---------------------
+
+*Esta seção é um trabalho em andamento. Ela cobrirá:*
+
+* descrever arquitetura
+* descrever papel de cada máquina
+* descrever conexões
+
+Gestão de configuração
+----------------------
+
+*Esta seção é um trabalho em andamento. Ela cobrirá:*
+
+* adicionar links com o repositório de gestão de configuração
+* descrever repositório de gestão de configuração
+* descrever como o chake funciona
@@ -0,0 +1,818 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="1052.3622"
+   height="744.09448"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="arquitetura.svg">
+  <defs
+     id="defs4">
+    <marker
+       inkscape:stockid="Arrow2Lend"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Arrow2Lend"
+       style="overflow:visible;">
+      <path
+         id="path4235"
+         style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round;"
+         d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
+         transform="scale(1.1) rotate(180) translate(1,0)" />
+    </marker>
+    <marker
+       inkscape:stockid="Arrow1Lend"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Arrow1Lend"
+       style="overflow:visible;">
+      <path
+         id="path4217"
+         d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;"
+         transform="scale(0.8) rotate(180) translate(12.5,0)" />
+    </marker>
+    <marker
+       inkscape:stockid="Arrow2Lstart"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Arrow2Lstart"
+       style="overflow:visible">
+      <path
+         id="path4232"
+         style="fill-rule:evenodd;stroke-width:0.62500000;stroke-linejoin:round"
+         d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.9730900,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
+         transform="scale(1.1) translate(1,0)" />
+    </marker>
+    <marker
+       inkscape:stockid="Arrow2Lstart"
+       orient="auto"
+       refY="0"
+       refX="0"
+       id="Arrow2Lstart-4"
+       style="overflow:visible">
+      <path
+         inkscape:connector-curvature="0"
+         id="path4232-0"
+         style="fill-rule:evenodd;stroke-width:0.625;stroke-linejoin:round"
+         d="M 8.7185878,4.0337352 -2.2072895,0.01601326 8.7185884,-4.0017078 c -1.7454984,2.3720609 -1.7354408,5.6174519 -6e-7,8.035443 z"
+         transform="matrix(1.1,0,0,1.1,1.1,0)" />
+    </marker>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.65045503"
+     inkscape:cx="526.18109"
+     inkscape:cy="372.04724"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer6"
+     showgrid="false"
+     inkscape:window-width="1366"
+     inkscape:window-height="702"
+     inkscape:window-x="0"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Camada 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-308.2677)"
+     style="display:inline">
+    <g
+       inkscape:groupmode="layer"
+       id="layer4"
+       inkscape:label="Release 1"
+       style="display:inline">
+      <text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         x="642.34241"
+         y="491.6839"
+         id="text5794"
+         sodipodi:linespacing="125%"><tspan
+           style="font-size:16.46647072px"
+           id="tspan5796"
+           sodipodi:role="line"
+           x="642.34241"
+           y="491.6839">HTTP</tspan><tspan
+           style="font-size:16.46647072px"
+           id="tspan5798"
+           sodipodi:role="line"
+           x="642.34241"
+           y="512.26697">reverse proxy</tspan></text>
+      <g
+         id="g4382"
+         transform="matrix(0.68610294,0,0,0.68610294,325.50286,328.94289)">
+        <g
+           transform="translate(-104.51642,-10.919621)"
+           id="g4315">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+             id="rect4317"
+             width="703.53589"
+             height="193.43335"
+             x="45.238449"
+             y="819.93018"
+             rx="24.959101"
+             ry="24.959101" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="62.26289"
+             y="991.02106"
+             id="text4319"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4321"
+               x="62.26289"
+               y="991.02106"
+               style="font-size:22.5px;fill:#555753">database</tspan></text>
+        </g>
+        <g
+           style="display:inline"
+           id="g4246"
+           transform="matrix(1.0487632,0,0,1.0487632,-73.081866,298.25531)">
+          <rect
+             transform="translate(0,308.2677)"
+             ry="24.959145"
+             rx="24.959145"
+             y="205.91293"
+             x="99.836578"
+             height="106.07636"
+             width="215.27261"
+             id="rect4248"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text4250"
+             y="575.53479"
+             x="143.37675"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             xml:space="preserve"><tspan
+               y="575.53479"
+               x="143.37675"
+               id="tspan4252"
+               sodipodi:role="line">PostgreSQL</tspan></text>
+        </g>
+        <g
+           transform="matrix(1.0487632,0,0,1.0487632,218.62813,298.25532)"
+           id="g4263"
+           style="display:inline">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             id="rect4265"
+             width="215.27261"
+             height="106.07636"
+             x="99.836578"
+             y="205.91293"
+             rx="24.959145"
+             ry="24.959145"
+             transform="translate(0,308.2677)" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             x="178.57445"
+             y="575.53479"
+             id="text4267"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4269"
+               x="178.57445"
+               y="575.53479">Redis</tspan></text>
+        </g>
+      </g>
+      <g
+         id="g4396"
+         transform="matrix(0.68610294,0,0,0.68610294,548.29673,158.97368)">
+        <g
+           id="g4307"
+           transform="translate(-73.317486,-262.07101)">
+          <rect
+             ry="24.959101"
+             rx="24.959101"
+             y="819.93018"
+             x="45.238449"
+             height="385.60645"
+             width="641.40228"
+             id="rect4309"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text4311"
+             y="1185.0211"
+             x="62.26289"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             xml:space="preserve"><tspan
+               style="font-size:22.5px;fill:#555753"
+               y="1185.0211"
+               x="62.26289"
+               id="tspan4313"
+               sodipodi:role="line">integration</tspan></text>
+        </g>
+        <g
+           transform="matrix(1.0487632,0,0,1.0487632,-79.431935,244.40644)"
+           id="g3018"
+           style="display:inline">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             id="rect3020"
+             width="215.27261"
+             height="106.07636"
+             x="99.836578"
+             y="205.91293"
+             transform="translate(0,308.2677)"
+             rx="24.959145"
+             ry="24.959145" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             x="175.63876"
+             y="575.49884"
+             id="text3022"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan3024"
+               x="175.63876"
+               y="575.49884">Gitlab</tspan></text>
+        </g>
+        <g
+           transform="matrix(1.0487632,0,0,1.0487632,-80.194985,44.124888)"
+           id="g3034"
+           style="display:inline">
+          <rect
+             transform="translate(0,308.2677)"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             id="rect3036"
+             width="215.27261"
+             height="106.07636"
+             x="99.836578"
+             y="205.91293"
+             rx="24.959145"
+             ry="24.959145" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             x="169.5842"
+             y="575.53479"
+             id="text3038"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan3040"
+               x="169.5842"
+               y="575.53479">COLAB</tspan></text>
+        </g>
+        <g
+           transform="matrix(1.0487632,0,0,1.0487632,226.64988,243.33747)"
+           id="g4271"
+           style="display:inline">
+          <rect
+             transform="translate(0,308.2677)"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             id="rect4273"
+             width="215.27261"
+             height="106.07636"
+             x="99.836578"
+             y="205.91293"
+             rx="24.959145"
+             ry="24.959145" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             x="163.01907"
+             y="575.53479"
+             id="text4275"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4277"
+               x="163.01907"
+               y="575.53479">Mailman</tspan></text>
+        </g>
+        <g
+           style="display:inline"
+           id="g4288"
+           transform="matrix(1.0487632,0,0,1.0487632,226.64988,125.74526)">
+          <rect
+             ry="24.959145"
+             rx="24.959145"
+             y="205.91293"
+             x="99.836578"
+             height="106.07636"
+             width="215.27261"
+             id="rect4290"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             transform="translate(0,308.2677)" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text4292"
+             y="575.53479"
+             x="140.90532"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             xml:space="preserve"><tspan
+               y="575.53479"
+               x="140.90532"
+               id="tspan4294"
+               sodipodi:role="line">Mailman-API</tspan></text>
+        </g>
+      </g>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4541"
+         y="619.28687"
+         x="457.85617"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="619.28687"
+           x="457.85617"
+           sodipodi:role="line"
+           id="tspan4543"
+           style="font-size:16.46647072px">HTTP</tspan><tspan
+           y="639.86993"
+           x="457.85617"
+           sodipodi:role="line"
+           id="tspan4545"
+           style="font-size:16.46647072px">reverse proxy</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         x="649.13086"
+         y="657.7215"
+         id="text4547"
+         sodipodi:linespacing="125%"><tspan
+           style="font-size:16.46647072px;text-align:start;text-anchor:start"
+           id="tspan4549"
+           sodipodi:role="line"
+           x="649.13086"
+           y="657.7215">HTTP</tspan><tspan
+           style="font-size:16.46647072px;text-align:start;text-anchor:start"
+           id="tspan4551"
+           sodipodi:role="line"
+           x="649.13086"
+           y="678.30457">reverse proxy</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4553"
+         y="566.24707"
+         x="769.04694"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="566.24707"
+           x="769.04694"
+           sodipodi:role="line"
+           id="tspan4557"
+           style="font-size:16.46647072px;text-align:start;text-anchor:start">HTTP</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         x="345.62704"
+         y="851.43207"
+         id="text4561"
+         sodipodi:linespacing="125%"><tspan
+           style="font-size:16.46647072px"
+           id="tspan4565"
+           sodipodi:role="line"
+           x="345.62704"
+           y="851.43207">SQL</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4569"
+         y="753.59344"
+         x="485.86237"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="753.59344"
+           x="485.86237"
+           sodipodi:role="line"
+           id="tspan4571"
+           style="font-size:16.46647072px">SQL</tspan></text>
+      <text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         x="513.03973"
+         y="822.08044"
+         id="text4573"
+         sodipodi:linespacing="125%"><tspan
+           style="font-size:16.46647072px"
+           id="tspan4575"
+           sodipodi:role="line"
+           x="513.03973"
+           y="822.08044">SQL</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4577"
+         y="850.34491"
+         x="643.99384"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:start;letter-spacing:0px;word-spacing:0px;text-anchor:start;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="850.34491"
+           x="643.99384"
+           sodipodi:role="line"
+           id="tspan4579"
+           style="font-size:16.46647072px;text-align:start;text-anchor:start">Protocolo</tspan><tspan
+           y="870.92798"
+           x="643.99384"
+           sodipodi:role="line"
+           style="font-size:16.46647072px;text-align:start;text-anchor:start"
+           id="tspan4581">nativo</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4589"
+         y="556.0722"
+         x="177.66902"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="556.0722"
+           x="177.66902"
+           sodipodi:role="line"
+           id="tspan4591"
+           style="font-size:16.46647072px">SMTP</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4597"
+         y="505.26852"
+         x="432.2182"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24.06708527px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;text-align:end;letter-spacing:0px;word-spacing:0px;text-anchor:end;display:inline;fill:#000000;fill-opacity:1;stroke:none"
+         xml:space="preserve"><tspan
+           y="505.26852"
+           x="432.2182"
+           sodipodi:role="line"
+           id="tspan4599"
+           style="font-size:16.46647072px">SMTP</tspan></text>
+    </g>
+    <g
+       inkscape:groupmode="layer"
+       id="layer5"
+       inkscape:label="Release 2"
+       style="display:inline">
+      <g
+         id="g4372"
+         transform="matrix(0.68610294,0,0,0.68610294,-257.62288,142.05473)">
+        <g
+           id="g4323"
+           transform="translate(471.10384,-45.23844)"
+           style="display:inline">
+          <rect
+             ry="24.959101"
+             rx="24.959101"
+             y="819.93018"
+             x="45.238449"
+             height="193.43336"
+             width="491.38315"
+             id="rect4325"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text4327"
+             y="991.02106"
+             x="62.26289"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             xml:space="preserve"><tspan
+               style="font-size:22.5px;fill:#555753"
+               y="991.02106"
+               x="62.26289"
+               id="tspan4329"
+               sodipodi:role="line">social</tspan></text>
+        </g>
+        <g
+           id="g3042"
+           transform="matrix(1.0487632,0,0,1.0487632,544.44394,276.5302)"
+           style="display:inline">
+          <rect
+             ry="24.959145"
+             rx="24.959145"
+             transform="translate(0,308.2677)"
+             y="205.91293"
+             x="99.836578"
+             height="106.07636"
+             width="215.27261"
+             id="rect3044"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text3046"
+             y="575.46283"
+             x="157.44057"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             xml:space="preserve"><tspan
+               y="575.46283"
+               x="157.44057"
+               id="tspan3048"
+               sodipodi:role="line">Noosfero</tspan></text>
+        </g>
+      </g>
+      <g
+         id="g4343"
+         transform="matrix(0.68610294,0,0,0.68610294,-313.27764,36.270151)">
+        <g
+           transform="translate(552.22106,-389.98662)"
+           id="g4331"
+           style="display:inline">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+             id="rect4333"
+             width="491.38315"
+             height="193.43336"
+             x="45.238449"
+             y="819.93018"
+             rx="24.959101"
+             ry="24.959101" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="62.26289"
+             y="991.02106"
+             id="text4335"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4337"
+               x="62.26289"
+               y="991.02106"
+               style="font-size:22.5px;fill:#555753">email</tspan></text>
+        </g>
+        <g
+           transform="translate(277.45747,43.873309)"
+           id="g4240">
+          <g
+             id="g4232"
+             transform="matrix(1.0487632,0,0,1.0487632,348.10369,-112.09129)"
+             style="display:inline">
+            <rect
+               ry="24.959145"
+               rx="24.959145"
+               transform="translate(0,308.2677)"
+               y="205.91293"
+               x="99.836578"
+               height="106.07636"
+               width="215.27261"
+               id="rect4234"
+               style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate" />
+            <text
+               sodipodi:linespacing="125%"
+               id="text4236"
+               y="575.46283"
+               x="170.96269"
+               style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+               xml:space="preserve"><tspan
+                 y="575.46283"
+                 x="170.96269"
+                 id="tspan4238"
+                 sodipodi:role="line">Postfix</tspan></text>
+          </g>
+        </g>
+      </g>
+      <g
+         transform="matrix(0.68610294,0,0,0.68610294,-326.80522,364.9756)"
+         id="g4449">
+        <rect
+           style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#d3d7cf;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#babdb6;stroke-width:2.91501451;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+           id="rect4531"
+           width="257.68625"
+           height="245.36218"
+           x="494.24698"
+           y="743.06433"
+           rx="9.5793791"
+           ry="9.5793791" />
+        <g
+           style="display:inline"
+           transform="translate(471.03,-45.23844)"
+           id="g4451">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+             id="rect4453"
+             width="213.55743"
+             height="65.710571"
+             x="45.238449"
+             y="947.65295"
+             rx="15.452409"
+             ry="15.452409" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="62.26289"
+             y="991.02106"
+             id="text4455"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4457"
+               x="62.26289"
+               y="991.02106"
+               style="font-size:22.5px;fill:#555753">servidor</tspan></text>
+        </g>
+        <g
+           style="display:inline"
+           transform="matrix(1.0487632,0,0,1.0487632,410.82571,289.93364)"
+           id="g4459">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             id="rect4461"
+             width="106.31865"
+             height="52.388897"
+             x="99.836578"
+             y="205.91293"
+             transform="translate(0,308.2677)"
+             rx="6.5724359"
+             ry="6.5724359" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             x="112.57272"
+             y="546.08508"
+             id="text4463"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4465"
+               x="112.57272"
+               y="546.08508">Serviço</tspan></text>
+        </g>
+        <g
+           id="g4526"
+           transform="translate(0,3.0637686e-6)">
+          <path
+             sodipodi:nodetypes="cc"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart-4);enable-background:accumulate"
+             d="m 615.18822,805.26531 -99.9181,0.22208"
+             id="path4467"
+             inkscape:connector-curvature="0" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text4522"
+             y="794.6015"
+             x="515.53412"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:20.40509987px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             xml:space="preserve"><tspan
+               y="794.6015"
+               x="515.53412"
+               id="tspan4524"
+               sodipodi:role="line">conexão</tspan></text>
+        </g>
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:20.40509987px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
+           x="665.66437"
+           y="769.95325"
+           id="text4533"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             id="tspan4535"
+             x="665.66437"
+             y="769.95325"
+             style="-inkscape-font-specification:'Cantarell Bold';font-family:Cantarell;font-weight:bold;font-style:normal;font-stretch:normal;font-variant:normal;fill:#555753;">Legenda</tspan></text>
+      </g>
+    </g>
+    <g
+       inkscape:groupmode="layer"
+       id="layer6"
+       inkscape:label="Release 3"
+       style="display:inline">
+      <g
+         id="g4358"
+         transform="matrix(0.68610294,0,0,0.68610294,499.06367,112.26031)">
+        <g
+           transform="translate(-1.5599465,-500.74283)"
+           id="g4302"
+           style="display:inline">
+          <rect
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;opacity:1;fill:#babdb6;fill-opacity:0.61568627;fill-rule:nonzero;stroke:#2e3436;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;enable-background:accumulate"
+             id="rect4296"
+             width="491.38315"
+             height="193.43336"
+             x="45.238449"
+             y="819.93018"
+             rx="24.959101"
+             ry="24.959101" />
+          <text
+             xml:space="preserve"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.92820835px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#555753;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+             x="62.26289"
+             y="991.02106"
+             id="text4298"
+             sodipodi:linespacing="125%"><tspan
+               sodipodi:role="line"
+               id="tspan4300"
+               x="62.26289"
+               y="991.02106"
+               style="font-size:22.5px;fill:#555753">reverseproxy</tspan></text>
+        </g>
+        <g
+           id="g3987"
+           transform="matrix(1.0487632,0,0,1.0487632,71.78015,-178.97419)"
+           style="display:inline">
+          <rect
+             ry="24.959145"
+             rx="24.959145"
+             y="205.91293"
+             x="99.836578"
+             height="106.07636"
+             width="215.27261"
+             id="rect3989"
+             style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:#fce94f;fill-opacity:1;fill-rule:nonzero;stroke:#c4a000;stroke-width:0.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.55984557;marker:none;enable-background:accumulate"
+             transform="translate(0,308.2677)" />
+          <text
+             sodipodi:linespacing="125%"
+             id="text3991"
+             y="575.11481"
+             x="126.62383"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:24px;line-height:125%;font-family:Cantarell;-inkscape-font-specification:Cantarell;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none"
+             xml:space="preserve"><tspan
+               y="575.11481"
+               x="126.62383"
+               id="tspan3993"
+               sodipodi:role="line">Frontend HTTP</tspan></text>
+        </g>
+      </g>
+      <path
+         inkscape:connector-curvature="0"
+         id="path5590"
+         d="m 634.01413,553.48165 c -0.36236,-61.8148 62.32682,-56.21368 62.508,-114.76719"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         sodipodi:nodetypes="cc" />
+      <path
+         sodipodi:nodetypes="cc"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         d="m 642.85409,689.15591 0.62824,-49.04397"
+         id="path4433"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="cc"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         d="M 859.12722,609.13106 C 829.91865,575.18646 753.05114,554.30963 723.07388,599.54037"
+         id="path4437"
+         inkscape:connector-curvature="0" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path4439"
+         d="m 271.00931,696.41651 c -0.36236,-61.8148 48.40654,-100.93072 283.89148,-100.93072"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         sodipodi:nodetypes="cc" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path4441"
+         d="m 630.55501,896.50178 c -2.09667,-64.00693 20.40483,-66.51846 19.07686,-115.92023"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         sodipodi:nodetypes="cc" />
+      <path
+         sodipodi:nodetypes="cc"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         d="M 397.48723,898.80785 C 397.78887,788.16087 262.61615,877.38604 264.36295,782.88763"
+         id="path4443"
+         inkscape:connector-curvature="0" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path4445"
+         d="m 424.41946,896.50178 c -1.80573,-37.68499 12.38386,-120.28208 48.96766,-120.62805 38.60999,-0.36513 5.96395,-98.15121 42.04501,-99.61416 86.6488,-3.51329 82.65006,9.13901 86.41488,-35.58008"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         sodipodi:nodetypes="cssc" />
+      <path
+         sodipodi:nodetypes="cc"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         d="M 450.58299,896.50178 C 451.5611,765.36235 628.56982,888.6602 627.24185,779.81286"
+         id="path4447"
+         inkscape:connector-curvature="0" />
+      <path
+         sodipodi:nodetypes="cc"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         d="m 260.24762,444.28533 c 2.71241,99.61065 -131.46755,100.46675 -126.5904,221.92019"
+         id="path4583"
+         inkscape:connector-curvature="0" />
+      <path
+         inkscape:connector-curvature="0"
+         id="path4585"
+         d="m 301.98953,444.28533 c -11.02329,92.39356 107.94916,65.41353 177.6501,74.78698 29.8001,4.00755 50.59374,14.66025 48.37091,44.1284"
+         style="color:#000000;display:inline;overflow:visible;visibility:visible;fill:none;stroke:#000000;stroke-width:1.02915442;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker:none;marker-start:url(#Arrow2Lstart);enable-background:accumulate"
+         sodipodi:nodetypes="csc" />
+    </g>
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Manutenção"
+     style="display:inline" />
+</svg>
@@ -0,0 +1,39 @@
+Backup
+======
+
+O SPB possui rotinas automatizadas para backup e restore dos dados de
+todos os seus componentes. As seções a seguir descrevem estas rotinas.
+Ambos os procedimentos devem ser realizados num *shell* onde o diretório
+atual é o repositório de controle de versão do SPB.
+
+Procedimento de backup
+----------------------
+
+Suponha que estamos realizando um backup do ambiente de produção,
+chamado de ``prod``; o comando para realizar um *backup* é o seguinte
+(note ``SPB_ENV=prod``)::
+
+    $ rake backup SPB_ENV=prod
+
+Esta operação vai copiar arquivos e *dumps* dos bancos de dados do
+Noosfero, GitLab, Colab e Mailman, e copiá-los para um subdiretório
+chamado ``backups`` na sua estação de trabalho.
+
+Procedimento de restauração
+---------------------------
+
+**Importante:** o procedimento de restauração é suportado apenas para uma
+versão idêntica da plataforma, ou seja, não é suportado fazer um *backup*
+de uma versão mais antiga da plataforma e restaurar esse *backup* numa
+versão mais recente da plataforma, e nem vice-versa.
+
+O comando para restaurar um backup no ambiente **@@SPB_ENV@@** é o seguinte::
+
+    $ rake restore SPB_ENV=@@SPB_ENV@@
+
+Esta operação vai restaurar o último backup realizado no ambiente
+chamado **@@SPB_ENV@@**.
+
+**Importante:** a restauração do backup irá apagar os dados existes no
+ambiente @@SPB_ENV@@. Confira duas vezes antes de iniciar o
+procedimento.
@@ -0,0 +1,10 @@
+$SPB_ENV = ENV.fetch('SPB_ENV', 'local')
+
+$_.gsub!('@@SPB_ENV@@', $SPB_ENV)
+
+$_.gsub!(/@@config\(([^\)]*)\)@@/) do |f|
+  lines = File.read("../config/#{$SPB_ENV}/#{$1}").lines
+  lines.shift + lines.map do |line|
+    '    ' + line
+  end.join
+end
@@ -1,331 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# softwarepublico documentation build configuration file, created by
-# sphinx-quickstart on Thu Nov  6 15:48:07 2014.
-#
-# This file is execfile()d with the current directory set to its
-# containing dir.
-#
-# Note that not all possible configuration values are present in this
-# autogenerated file.
-#
-# All configuration values have a default; values that are commented out
-# serve to show the default.
-
-import sys
-import os
-
-# If extensions (or modules to document with autodoc) are in another directory,
-# add these directories to sys.path here. If the directory is relative to the
-# documentation root, use os.path.abspath to make it absolute, like shown here.
-#sys.path.insert(0, os.path.abspath('.'))
-
-# -- General configuration ------------------------------------------------
-
-# If your documentation needs a minimal Sphinx version, state it here.
-#needs_sphinx = '1.0'
-
-# Add any Sphinx extension module names here, as strings. They can be
-# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
-# ones.
-extensions = []
-
-# Add any paths that contain templates here, relative to this directory.
-templates_path = ['_templates']
-
-# The suffix of source filenames.
-source_suffix = '.rst'
-
-# The encoding of source files.
-#source_encoding = 'utf-8-sig'
-
-# The master toctree document.
-master_doc = 'index'
-
-# General information about the project.
-project = u'softwarepublico'
-copyright = u'2014, Universidade de Brasília - UnB. Documentação licenciada sob a Licença Creative Commons Atribuição-CompartilhaIgual 4.0 Internacional'
-
-# The version info for the project you're documenting, acts as replacement for
-# |version| and |release|, also used in various other places throughout the
-# built documents.
-#
-# The short X.Y version.
-version = '2.0'
-# The full version, including alpha/beta/rc tags.
-release = '2.0'
-
-# The language for content autogenerated by Sphinx. Refer to documentation
-# for a list of supported languages.
-#language = None
-
-# There are two options for replacing |today|: either, you set today to some
-# non-false value, then it is used:
-#today = ''
-# Else, today_fmt is used as the format for a strftime call.
-#today_fmt = '%B %d, %Y'
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-exclude_patterns = ['_build']
-
-# The reST default role (used for this markup: `text`) to use for all
-# documents.
-#default_role = None
-
-# If true, '()' will be appended to :func: etc. cross-reference text.
-#add_function_parentheses = True
-
-# If true, the current module name will be prepended to all description
-# unit titles (such as .. function::).
-#add_module_names = True
-
-# If true, sectionauthor and moduleauthor directives will be shown in the
-# output. They are ignored by default.
-#show_authors = False
-
-# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
-
-# A list of ignored prefixes for module index sorting.
-#modindex_common_prefix = []
-
-# If true, keep warnings as "system message" paragraphs in the built documents.
-#keep_warnings = False
-
-
-# -- Options for HTML output ----------------------------------------------
-
-# The theme to use for HTML and HTML Help pages.  See the documentation for
-# a list of builtin themes.
-html_theme = 'default'
-
-# Theme options are theme-specific and customize the look and feel of a theme
-# further.  For a list of options available for each theme, see the
-# documentation.
-#html_theme_options = {}
-
-# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
-
-# The name for this set of Sphinx documents.  If None, it defaults to
-# "<project> v<release> documentation".
-#html_title = None
-
-# A shorter title for the navigation bar.  Default is the same as html_title.
-#html_short_title = None
-
-# The name of an image file (relative to this directory) to place at the top
-# of the sidebar.
-#html_logo = None
-
-# The name of an image file (within the static path) to use as favicon of the
-# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
-# pixels large.
-#html_favicon = None
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
-
-# Add any extra paths that contain custom files (such as robots.txt or
-# .htaccess) here, relative to this directory. These files are copied
-# directly to the root of the documentation.
-#html_extra_path = []
-
-# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
-# using the given strftime format.
-#html_last_updated_fmt = '%b %d, %Y'
-
-# If true, SmartyPants will be used to convert quotes and dashes to
-# typographically correct entities.
-#html_use_smartypants = True
-
-# Custom sidebar templates, maps document names to template names.
-#html_sidebars = {}
-
-# Additional templates that should be rendered to pages, maps page names to
-# template names.
-#html_additional_pages = {}
-
-# If false, no module index is generated.
-#html_domain_indices = True
-
-# If false, no index is generated.
-#html_use_index = True
-
-# If true, the index is split into individual pages for each letter.
-#html_split_index = False
-
-# If true, links to the reST sources are added to the pages.
-#html_show_sourcelink = True
-
-# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
-#html_show_sphinx = True
-
-# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
-#html_show_copyright = True
-
-# If true, an OpenSearch description file will be output, and all pages will
-# contain a <link> tag referring to it.  The value of this option must be the
-# base URL from which the finished HTML is served.
-#html_use_opensearch = ''
-
-# This is the file name suffix for HTML files (e.g. ".xhtml").
-#html_file_suffix = None
-
-# Output file base name for HTML help builder.
-htmlhelp_basename = 'softwarepublicodoc'
-
-
-# -- Options for LaTeX output ---------------------------------------------
-
-latex_elements = {
-# The paper size ('letterpaper' or 'a4paper').
-#'papersize': 'letterpaper',
-
-# The font size ('10pt', '11pt' or '12pt').
-#'pointsize': '10pt',
-
-# Additional stuff for the LaTeX preamble.
-#'preamble': '',
-}
-
-# Grouping the document tree into LaTeX files. List of tuples
-# (source start file, target name, title,
-#  author, documentclass [howto, manual, or own class]).
-latex_documents = [
-  ('index', 'softwarepublico.tex',
-   u'Documentação - Software Público Brasileiro (SPB)',
-   u'Universidade de Brasília', 'manual'),
-]
-
-# The name of an image file (relative to this directory) to place at the top of
-# the title page.
-#latex_logo = None
-
-# For "manual" documents, if this is true, then toplevel headings are parts,
-# not chapters.
-#latex_use_parts = False
-
-# If true, show page references after internal links.
-#latex_show_pagerefs = False
-
-# If true, show URL addresses after external links.
-#latex_show_urls = False
-
-# Documents to append as an appendix to all manuals.
-#latex_appendices = []
-
-# If false, no module index is generated.
-#latex_domain_indices = True
-
-
-# -- Options for manual page output ---------------------------------------
-
-# One entry per manual page. List of tuples
-# (source start file, name, description, authors, manual section).
-man_pages = [
-    ('index', 'softwarepublico',
-     u'Documentação - Software Público Brasileiro (SPB)',
-     [u'Universidade de Brasília'], 1)
-]
-
-# If true, show URL addresses after external links.
-#man_show_urls = False
-
-
-# -- Options for Texinfo output -------------------------------------------
-
-# Grouping the document tree into Texinfo files. List of tuples
-# (source start file, target name, title, author,
-#  dir menu entry, description, category)
-texinfo_documents = [
-  ('index', 'softwarepublico',
-   u'Documentação - Software Público Brasileiro (SPB)',
-   u'Universidade de Brasília', 'softwarepublico', 'One line description of project.',
-   'Miscellaneous'),
-]
-
-# Documents to append as an appendix to all manuals.
-#texinfo_appendices = []
-
-# If false, no module index is generated.
-#texinfo_domain_indices = True
-
-# How to display URL addresses: 'footnote', 'no', or 'inline'.
-#texinfo_show_urls = 'footnote'
-
-# If true, do not generate a @detailmenu in the "Top" node's menu.
-#texinfo_no_detailmenu = False
-
-
-# -- Options for Epub output ----------------------------------------------
-
-# Bibliographic Dublin Core info.
-epub_title = u'softwarepublico'
-epub_author = u'Universidade de Brasília'
-epub_publisher = u'Universidade de Brasília'
-epub_copyright = u'2014, Universidade de Brasília. Documentação licenciada sob a Licença Crea  tive Commons Atribuição-CompartilhaIgual 4.0 Internacional'
-
-# The basename for the epub file. It defaults to the project name.
-#epub_basename = u'softwarepublico'
-
-# The HTML theme for the epub output. Since the default themes are not optimized
-# for small screen space, using the same theme for HTML and epub output is
-# usually not wise. This defaults to 'epub', a theme designed to save visual
-# space.
-#epub_theme = 'epub'
-
-# The language of the text. It defaults to the language option
-# or en if the language is not set.
-#epub_language = ''
-
-# The scheme of the identifier. Typical schemes are ISBN or URL.
-#epub_scheme = ''
-
-# The unique identifier of the text. This can be a ISBN number
-# or the project homepage.
-#epub_identifier = ''
-
-# A unique identification for the text.
-#epub_uid = ''
-
-# A tuple containing the cover image and cover page html template filenames.
-#epub_cover = ()
-
-# A sequence of (type, uri, title) tuples for the guide element of content.opf.
-#epub_guide = ()
-
-# HTML files that should be inserted before the pages created by sphinx.
-# The format is a list of tuples containing the path and title.
-#epub_pre_files = []
-
-# HTML files shat should be inserted after the pages created by sphinx.
-# The format is a list of tuples containing the path and title.
-#epub_post_files = []
-
-# A list of files that should not be packed into the epub file.
-epub_exclude_files = ['search.html']
-
-# The depth of the table of contents in toc.ncx.
-#epub_tocdepth = 3
-
-# Allow duplicate toc entries.
-#epub_tocdup = True
-
-# Choose between 'default' and 'includehidden'.
-#epub_tocscope = 'default'
-
-# Fix unsupported image types using the PIL.
-#epub_fix_images = False
-
-# Scale large images.
-#epub_max_image_width = 0
-
-# How to display URL addresses: 'footnote', 'no', or 'inline'.
-#epub_show_urls = 'inline'
-
-# If false, no index is generated.
-#epub_use_index = True
@@ -0,0 +1,331 @@
+# -*- coding: utf-8 -*-
+#
+# softwarepublico documentation build configuration file, created by
+# sphinx-quickstart on Thu Nov  6 15:48:07 2014.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys
+import os
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#sys.path.insert(0, os.path.abspath('.'))
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = []
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+#source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'softwarepublico'
+copyright = u'2014-2015, Universidade de Brasília - UnB. Documentação licenciada sob a Licença Creative Commons Atribuição-CompartilhaIgual 4.0 Internacional'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = '3'
+# The full version, including alpha/beta/rc tags.
+release = '3'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+language = 'pt_BR'
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build']
+
+# The reST default role (used for this markup: `text`) to use for all
+# documents.
+#default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+#add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+#add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+#show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+#modindex_common_prefix = []
+
+# If true, keep warnings as "system message" paragraphs in the built documents.
+#keep_warnings = False
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+html_theme = 'default'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents.  If None, it defaults to
+# "<project> v<release> documentation".
+#html_title = None
+
+# A shorter title for the navigation bar.  Default is the same as html_title.
+#html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+#html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+# Add any extra paths that contain custom files (such as robots.txt or
+# .htaccess) here, relative to this directory. These files are copied
+# directly to the root of the documentation.
+#html_extra_path = []
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+#html_last_updated_fmt = '%b %d, %Y'
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+#html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+#html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+#html_additional_pages = {}
+
+# If false, no module index is generated.
+#html_domain_indices = True
+
+# If false, no index is generated.
+#html_use_index = True
+
+# If true, the index is split into individual pages for each letter.
+#html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+#html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it.  The value of this option must be the
+# base URL from which the finished HTML is served.
+#html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'softwarepublicodoc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+  ('index', 'softwarepublico.tex',
+   u'Software Público Brasileiro: Manual de Operação (@@SPB_ENV@@)',
+   u'Universidade de Brasília', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+#latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+#latex_use_parts = False
+
+# If true, show page references after internal links.
+#latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+#latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+#latex_appendices = []
+
+# If false, no module index is generated.
+#latex_domain_indices = True
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    ('index', 'softwarepublico',
+     u'Documentação - Software Público Brasileiro (SPB)',
+     [u'Universidade de Brasília'], 1)
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+  ('index', 'softwarepublico',
+   u'Documentação - Software Público Brasileiro (SPB)',
+   u'Universidade de Brasília', 'softwarepublico', 'One line description of project.',
+   'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
+
+# If true, do not generate a @detailmenu in the "Top" node's menu.
+#texinfo_no_detailmenu = False
+
+
+# -- Options for Epub output ----------------------------------------------
+
+# Bibliographic Dublin Core info.
+epub_title = u'softwarepublico'
+epub_author = u'Universidade de Brasília'
+epub_publisher = u'Universidade de Brasília'
+epub_copyright = u'2014, Universidade de Brasília. Documentação licenciada sob a Licença Crea  tive Commons Atribuição-CompartilhaIgual 4.0 Internacional'
+
+# The basename for the epub file. It defaults to the project name.
+#epub_basename = u'softwarepublico'
+
+# The HTML theme for the epub output. Since the default themes are not optimized
+# for small screen space, using the same theme for HTML and epub output is
+# usually not wise. This defaults to 'epub', a theme designed to save visual
+# space.
+#epub_theme = 'epub'
+
+# The language of the text. It defaults to the language option
+# or en if the language is not set.
+#epub_language = ''
+
+# The scheme of the identifier. Typical schemes are ISBN or URL.
+#epub_scheme = ''
+
+# The unique identifier of the text. This can be a ISBN number
+# or the project homepage.
+#epub_identifier = ''
+
+# A unique identification for the text.
+#epub_uid = ''
+
+# A tuple containing the cover image and cover page html template filenames.
+#epub_cover = ()
+
+# A sequence of (type, uri, title) tuples for the guide element of content.opf.
+#epub_guide = ()
+
+# HTML files that should be inserted before the pages created by sphinx.
+# The format is a list of tuples containing the path and title.
+#epub_pre_files = []
+
+# HTML files shat should be inserted after the pages created by sphinx.
+# The format is a list of tuples containing the path and title.
+#epub_post_files = []
+
+# A list of files that should not be packed into the epub file.
+epub_exclude_files = ['search.html']
+
+# The depth of the table of contents in toc.ncx.
+#epub_tocdepth = 3
+
+# Allow duplicate toc entries.
+#epub_tocdup = True
+
+# Choose between 'default' and 'includehidden'.
+#epub_tocscope = 'default'
+
+# Fix unsupported image types using the PIL.
+#epub_fix_images = False
+
+# Scale large images.
+#epub_max_image_width = 0
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#epub_show_urls = 'inline'
+
+# If false, no index is generated.
+#epub_use_index = True
@@ -1,96 +0,0 @@
-
-.. _dependencies:
-
-Dependências
-============
-
-O repositório do SPB contém os pacotes que não são nativos do Sistema
-Operacional onde o mesmo o sistema do Portal do Software Público deve ser
-instalado. Esse repositório contém os pacotes referentes ao Bottle, Mailman-api,
-Solr, Colab e às dependências do Colab (pacote Colab-deps).
-
-Colab
-----------
-Esse pacote, contém o sistema Colab. O processo de
-criação desse pacote depende do pacote `python-virtualenv`, além de um
-conjunto de dependências python, contidos no pacote `colab-deps`, descrito na
-próxima seção. O processo de instalação desse pacote requer uma instalação
-prévia do pacote `colab-deps`, que é instalado automaticamente se o repositório
-do mesmo estiver disponível no conjunto de repositórios do `yum`.
-
-Colab-deps
-----------
-Este pacote contém as dependências *python* do Colab. Tais dependências foram
-encapsuladas em um ambiente virtual python (`python-virtualenv`), permitindo uma
-maior independência e, consequentemente, compatibilidade com o Sistema
-Operacional no qual o pacote seja instalado. Esse pacote é composto pelas
-ferramentas listadas a seguir.
-
-* Chardet
-* Django
-* Django-browserid
-* Django-cliauth
-* Django-common
-* Django-conversejs
-* Django-haystack
-* Django-hitcounter
-* Django-i18n-model
-* Django-mobile
-* Django-mptt
-* Django-piston
-* Django-revproxy
-* Django-taggit
-* Django-tastypie
-* Dpaste
-* Etiquetando
-* Eventlet
-* Fancy_tag
-* Feedzilla
-* Grab
-* Gunicorn
-* Html2text
-* Lorem-ipsum-generator
-* Lxml
-* Paste
-* Pip
-* Poster
-* Psycopg2
-* Pure-sasl
-* Pygments
-* Pysolr
-* Python-dateutil
-* Python-memcached
-* Python-mimeparse
-* PyYAML
-* Raven
-* Repoze.lru
-* Requests
-* Setuptools
-* Six
-* Sleekxmpp
-* South
-* Stemming
-* Tornado
-* Transliterate
-
-
-Mailman-api
------------
-
-Esse pacote contém o Mailman-api. Esta ferramenta python possui como
-dependência os pacotes Bottle e python. Como o Bottle não é provido
-nativamente pelo CentOS 7, foi necessário empacotá-lo separadamente.
-
-Bottle
------------
-
-Esse pacote contém a ferramenta Bottle, um framowork web escrito em
-python, e requisito para a utilização da ferramenta Mailman-api. Este pacote
-possui como dependência o pacote python, que está disponível nativamente no
-CentOS.
-
-Solr
-----
-Esse pacote contém a ferramenta python Bottle, e integra o conjunto de
-ferramentas do SPB. Sua instalação requer o pacote Java, que já existe
-nativamente no CentOS.
@@ -0,0 +1,72 @@
+Gestão do Firewall
+==================
+
+Firewall Interno
+-----------------
+
+O Portal do Software Público atualmente é composto por diversos serviços
+funcionando em diferentes servidores. Para o seu correto funcionamento é
+esperado que estes serviços se comuniquem através de TCP/IP.
+
+Os scripts de instalação do Portal do Software Público também cuidam da
+manutenção das regras de firewall. Cada máquina possui um firewall
+(iptables) local que por padrão nega todos os tipos de conexão de
+entrada em todas as portas (INPUT rules) mas permite conexões de saída
+(OUTPUT rules).
+
+Todas as regras de firewall são definidas no cookbook ``firewall``. Para
+definir regras de comunidacação entre hosts locais, válidas para todos
+os ambientes (local, produção, homologação, testes, etc) são utilizados
+templates que podem ser encontrados em
+``cookbooks/firewall/templates/``. Para regras de filtro utilize o
+arquivo ``iptables-filter.erb`` e para regras de `NAT` o arquivo
+``iptables-nat.erb``.
+
+Para adicionar regras específicas de cada ambiente (por exemplo, abrir
+uma porta diferente em homologação) utilize o arquivo
+``config/@@SPB_ENV@@/iptables-filter-rules``. Este arquivo aceita apenas
+regras de filtro do tipo INPUT.
+
+
+Comunicação Entre Serviços
+++++++++++++++++++++++++++++
+
+Os serviços que compõe o portal e suas portas de entrada são descritos
+na tabela a seguir:
+
+============= ============= ============== =====
+Destino       Origem        Serviço        Porta
+============= ============= ============== =====
+database      integration   Redis          6379
+database      integration   PostgreSQL     5432
+database      social        PostgreSQL     5432
+social        reverseproxy  Nginx          80
+social        reverseproxy  Nginx          443
+integration   reverseproxy  Nginx          80
+integration   reverseproxy  Nginx          443
+email         externa       Postfix        25
+reverseproxy  externa       Nginx          80
+reverseproxy  externa       Nginx          443
+reverseproxy  externa       OpenSSH (git)  22
+============= ============= ============== =====
+
+
+Comunicação externa
+-------------------
+
+============ ============= =====
+Destino      Serviço       Porta
+============ ============= =====
+email        Postfix       25
+reverseproxy Nginx         80
+reverseproxy Nginx         443
+reverseproxy OpenSSH (git) 22
+============ ============= =====
+
+**Outros firewalls da rede:**
+
+Além do firewall local é importante que os serviços com origem
+``externa`` tenham suas portas de INPUT abertas em todos os firewalls da
+rede. No caso do host ``email`` a porta **25** também deve estar aberta
+para OUTPUT (alternativamente o Postfix pode ser configurado para enviar
+e-mails utilizando um relay interno).
@@ -0,0 +1,202 @@
+Implantação
+===========
+
+Preparação da estação de trabalho
+---------------------------------
+
+Para gerenciar o SPB, é necessária uma estação de trabalho GNU/Linux,
+que pode ser Debian 8 ou posterior, Ubuntu 14.04 ou superior, ou CentOS
+7 ou superior (e equivalentes como RHEL 7 ou superior, ou Fedora).  O
+processo também pode ser feito em outros sistemas, desde que os pacotes
+equivalentes estejam instalados.
+
+As seguintes ferramentas serão necessárias:
+
+* git_: ferramenta de controle de versão.
+* chake_: ferramenta de gestão de configuração.
+
+.. _chake: https://gitlab.com/terceiro/chake
+.. _git: http://git-scm.com/
+
+Para instalar em Debian/Ubuntu::
+
+    $ sudo apt-get install git ruby
+    $ sudo gem install chake
+
+Para instalar em CentOS/RHEL/Fedora::
+
+    $ sudo yum install git ruby
+    $ sudo gem install chake
+
+Além dessas ferramentas, será necessário um emulador de terminal. O
+emulador de terminal padrão do seu ambiente de trabalho, ou qualquer
+outro, vai servir.
+
+Obtendo o repositório de configuração
+-------------------------------------
+
+Para iniciar, é necessário uma conta e usuário no SPB, com uma chave SSH
+configurada.
+
+Para obter o repositório de configuração, é necessário clonar o
+repositório com ``git``::
+
+    $ git clone git@beta.softwarepublico.gov.br:softwarepublico/softwarepublico.git
+
+A partir daqui, todos os passos serão executados de dentro do
+repositório, então se certifique que o seu *shell* está no diretório
+onde foi clonado o repositório::
+
+    $ cd softwarepublico/
+
+
+Preparação dos servidores
+-------------------------
+
+* Os servidores precisam estar acessíveis por SSH. Caso necessário,
+  podem ser feitas configurações do SSH em
+  ``config/@@SPB_ENV@@/ssh_config`` para isso.
+* O usuário que vai conectar via SSH nos servidores precisa:
+  * ter acesso SSH configurado via chave SSH para evitar digitar senha.
+  * ter permissão de usar ``sudo`` sem a necessidade de digitar senha.
+
+Configuração do ambiente alvo
+-----------------------------
+
+O SPB tem o conceito de "ambientes", que são diferentes instalações da
+mesma plataforma. Todas as informações específicas sobre um determinado
+ambiente estão centralizadas em arquivos dentro do diretório
+``config/${ambiente}/``. Por exemplo, o ambiente "local", que se destina
+ao uso para desenvolvimento local com máquinas virtuais, possui o
+seguinte conteúdo::
+
+    $ find config/local/ | sort
+    config/local/config.yaml
+    config/local/ips.yaml
+    config/local/ssh_config
+
+Estes arquivos possuem a seguinte finalidade:
+
+* ``config.yaml``: Parâmetros gerais de configuração
+* ``ips.yaml``: Tabela de IP's (na rede local) das máquinas que compõem
+  o ambiente.
+* ``ssh_config``: Configuração necessária para o SSH. Pode ser um
+  arquivo caso não seja necessária nenhuma configuração especial para
+  acessar as máquinas (e.g. se você está na mesma rede local que elas.
+
+Vamos agora verificar o conteúdo de cada arquivo no ambiente
+**@@SPB_ENV@@**. Primeiro, ``config.yaml``:
+
+.. code-block:: yaml
+
+    @@config(config.yaml)@@
+
+Para nossa sorte, o significado de cada um dos campo acima deve ser
+autoexplicativo.
+
+O arquivo ``ips.yaml`` contém uma tabela com os endereços IP de cada
+servidor da plataforma na rede local. Exemplo:
+
+.. code-block:: yaml
+
+    @@config(ips.yaml)@@
+
+Já o arquivo ``ssh_config`` contém opções padrão de configuração do
+``ssh`` para conexão às máquinas::
+
+    @@config(ssh_config)@@
+
+Configuração do DNS
+-------------------
+
+A tabela a seguir foi gerada dinamicamente a partir da configuração do
+ambiente **@@SPB_ENV@@**. As seguintes entradas precisam ser configuradas no
+DNS:
+
+.. include:: dns.rst
+
+Verificando o ambiente
+----------------------
+
+Para listar as máquinas do ambiente::
+
+    $ rake nodes SPB_ENV=@@SPB_ENV@@
+
+O comando acima deve dar o seguinte resultado::
+
+    integration                              ssh
+    email                                    ssh
+    social                                   ssh
+    database                                 ssh
+    reverseproxy                             ssh
+
+Note que todas as vezes que formos chamar ``rake``, será preciso
+informar sobre qual ambiente desejamos operar (``SPB_ENV=@@SPB_ENV@@``).
+Caso você for operar sobre apenas um ambiente, ou caso você queira
+evitar digitação, você pode criar um arquivo ``local.rake`` na raiz do
+repositório com o seguinte conteúdo::
+
+    ENV['SPB_ENV'] ||= '@@SPB_ENV@@'
+
+Isto fará com que o valor e ``SPB_ENV`` seja sempre ``@@SPB_ENV@@``, a
+não ser que você informe na linha de comando. Daqui para frente, vamos
+sempre exibir o parâmetro ``SPB_ENV=@@SPB_ENV@@``, mas lembre-se que ele pode ser omitido se você tiver configurado o *default* em ``local.rake``.
+
+Para testar a conectividade às máquinas, podemos executar um comando
+nelas::
+
+    $ rake nodes SPB_ENV=@@SPB_ENV@@
+    $ <PROMPT PARA VOCÊ DIGITAR>
+
+No prompt, entre um comando simples como ``sudo date``. O resultado deve ser
+parecido com o seguinte::
+
+    $ rake run
+    $ sudo date
+     integration: $ sudo date
+     integration: Qui Mai 14 18:59:19 BRT 2015
+           email: $ sudo date
+           email: Qui Mai 14 18:59:22 BRT 2015
+          social: $ sudo date
+          social: Qui Mai 14 18:59:24 BRT 2015
+        database: $ sudo date
+        database: Qui Mai 14 18:59:27 BRT 2015
+    reverseproxy: $ sudo date
+    reverseproxy: Qui Mai 14 18:59:28 BRT 2015
+
+Se o resultado se parece com o exemplo acima, e você não precisou digitar a sua
+senha nehuma vez, significa que 1) você conseguiu conectar em todas as máquinas
+e 2) o sudo sem senha está configurado corretamente. Está tudo certo para
+começar!
+
+Primeira instalação
+-------------------
+
+Uma vez configurados os parâmetros em ``config/@@SPB_ENV@@/``, podemos
+dar início à instalação. O primeiro passo é uma preconfiguração que
+precisamos fazer::
+
+    $ rake preconfig SPB_ENV=@@SPB_ENV@@
+
+
+Este comando vai fazer uma configuração inicial que é necessária para o
+resto do processo, e **só é necessária fazer uma vez**.
+
+Depois de completo o procedimento acima, para aplicar as configurações a
+todos os servidores basta executar::
+
+    $ rake converge SPB_ENV=@@SPB_ENV@@
+
+O comando ``converge`` na verdade é o *default*, então o seguinte é
+equivalente::
+
+    $ rake SPB_ENV=@@SPB_ENV@@
+
+Se você tiver configurado o ambiente **@@SPB_ENV@@** no ``local.rake``
+(ver instruções acima), então o comando seguinte, também equivalente, é
+muito mais simples::
+
+    $ rake
+
+Todas as possibilidades de comandos serão listados se você executar
+``rake -T``. Consulte também a documentação do chake_.
@@ -1,39 +0,0 @@
-
-Documentação do Software Público Brasileiro (SPB)
-=================================================
-
-Introdução
-----------
-
-Bem-vindo a documentação do Portal do Software Público Brasileiro.
-
-O Portal do Software Público Brasileiro (SPB), na prática, é um sistema Web
-que se consolidou como um ambiente de compartilhamento de softwares. O projeto
-de evolução deste portal está sendo desenvolvido pela Universidade de Brasília.
-
-Hoje o SPB é um sistema Web composto por ferramentas livres integradas porém com
-desenvolvimento e comunidades independentes.
-
-As ferramentas que compõe o Software Público são:
-
-* **Mailman**: Para lista de e-mail estamos utilizando o Mailman na versão 2, que é um software gratuito para gerenciamento de discussão eletrônica de e-mail e listas *e-newsletter*;
-
-* **Noosfero**: Para rede social estamos utilizando o Noosfero que é uma plataforma web livre para criação de redes sociais com blog, e-Portifólios, CMS, RSS, discussão temática, agenda de eventos, galeria de imagens, chat, entre outros. Ele foi desenvolvido pela Cooperativa de Tecnologias Livres – Colivre 3 em 2007, sob a licença AGPL v.3, com a proposta de permitir ao usuário criar sua própria rede social personalizada, livre e autônoma;
-
-* **Gitlab**: Para Forge para Git estamos utilizando o GitLab, que é um software livre de colaboração de código *online* que utiliza a ferramenta de gerência de código fonte Git;
-
-* **Solr**: Para Plataforma de Buscas estamos utilizando Apache Solr, que é uma plataforma de busca open source da Apache Lucene escrita em Java;
-
-* **Persona**: Para suporte a autentição Federada estamos utilizando o Mozilla Persona, que foi desenvolvido pela Mozilla Foundation.
-
-* **Colab**: Para integrar todas estas ferramentas estamos utilizando o Colab, que é uma plataforma de integração de ferramentas. Nele, são também integradas as interfaces das ferramentas para que, ao navegar, o usuário tenha a sensação de estar navegando em uma única ferramenta.
-
-
-Conteúdos
-----------
-
-.. toctree::
-   :maxdepth: 3
-
-   install
-   dependencies
@@ -0,0 +1,12 @@
+Software Público Brasileiro: Manual de Operação (@@SPB_ENV@@)
+*******************************************************************************
+
+.. toctree::
+   :maxdepth: 1
+
+   introducao
+   arquitetura
+   implantacao
+   manutencao
+   backup
+   firewall
@@ -1,403 +0,0 @@
-Instalação
-==========
-
-.. Descrição dos pacotes e listagem das dependências de cada pacote
-
-Para instalação das ferramentas que compõem o Software Público, é necessária a
-instalação de um conjunto de pacotes RPM. Um pacote RPM consiste em uma coleção
-de uma ou mais ferramentas que permite um meio automático de instalação,
-atualização, configuração e remoção de softwares. 
-
-O processo de instalação aqui descrito permite a instalação e configuração
-desses pacotes em uma máquina com o Sistema Operacional CentOS 7 instalado e
-atualizado. Os pacotes a seguir já são fornecidos nativamente pelo Sistema
-Operacional, não sendo necessária uma configuração adicional para a
-instalação dos mesmos.
-
-* Mailman
-* Nginx
-* PostgreSQL Server
-
-Somados a esses, alguns pacotes não fornecidos nativamente também são
-necessários. Os mesmos estão listados a seguir.
-
-* Noosfero
-* Gitlab
-* Gitlab-deps
-* Solr
-* Colab
-* Colab-deps
-* Mailman-api
-
-Para disponibilizar cada pacote não nativo do CentOS 7, fez-se um levantamento
-das dependências de cada ferramenta empacotada, bem como do processo de 
-instalação de cada uma, de modo a automatizar esse processo.
-A seção :ref:`dependencies` descreve brevemente o levantamento de dependências
-feito.
-
-
-Repositório do SPB
--------------------
-
-.. Configuração do repositório yum em /etc/yum.repos.d
-
-Para instalação dos pacotes existentes no repositório do SPB através do
-gerenciador de instalação e remoção de pacotes do CentOS (o *Yum*), é preciso
-adicionar o arquivo de configuração desse repositório no diretório
-`/etc/yum.repos.d/` do Sistema Operacional onde o Portal do Software Público deve
-Procedimento:
-
-Os comandos a seguir devem ser executados via terminal, com permissões de super
-usuário do sistema.
-
-1. Instalar (caso não esteja instalado) o programa `wget`, para download das
-   configurações de repositório
-
-::
-
-   yum install -y wget
-
-2. Ir para o diretório `/etc/yum.repos.d/`
-
-::
-
-   cd /etc/yum.repos.d/
-
-3. Fazer o *download* dos arquivos de configuração nesse diretório:
-
-::
-
-   wget http://download.opensuse.org/repositories/isv:/spb:/colab/CentOS_7/isv:spb:colab.repo
-   wget http://download.opensuse.org/repositories/isv:/spb:/mailman-api/CentOS_7/isv:spb:mailman-api.repo
-   wget http://download.opensuse.org/repositories/isv:/spb:/gitlab/CentOS_7/isv:spb:gitlab.repo
-
-4. Instalar repositório para instalação do servidor web Nginx:
-
-::
-
-   rpm -i http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
-
-
-Instalação das Ferramentas (via pacote)
----------------------------------------
-
-.. Instalação dos pacotes via yum
-
-Após a configuração do repositório do SPB, todos os pacotes deverão estar
-disponíveis através do *yum*. Ainda que algumas dependências sejam tratadas
-automaticamente, o comportamento de alguns pacotes é dependente da ordem em que
-os mesmos são instalados. Portanto, deve-se executar a instalação na ordem
-especificada a seguir.
-Os comandos a seguir devem ser executados via terminal, com permissões de super
-usuário do sistema.
-
-Procedimento:
-
-1. Instalar o pacote PostreSQL Server
-
-::
-
-   yum install -y postgresql-server
-
-2. Instalar o pacote do servidor de estrutura de dados Redis
-
-::
-
-   yum install -y redis
-
-3. Instalar os pacotes do source forge Gitlab e gerenciador de repositórios
-   Gitlab-shell
-
-::
-
-   yum install -y gitlab gitlab-shell
-
-4. Instalar o pacote da ferramenta Noosfero
-
-::
-
-   yum install -y noosfero
-
-5. Instalar o pacote da ferramenta de integração Colab
-
-::
-
-   yum install -y colab
-
-6. Instalar o pacote do servidor web Nginx
-
-::
-
-   yum install -y nginx
-
-Configurações
---------------
-
-
-Nginx
-+++++
-
-Para configurar o Nginx crie o arquivo ``/etc/nginx/conf.d/colab.conf`` com o conteúdo abaixo: 
-
-.. code-block:: nginx
-
-   upstream colab {
-     server                127.0.0.1:8001  fail_timeout=10s;
-   }
-
-   server {
-     listen                *:80;
-
-     server_name           beta.softwarepublico.gov.br;
-     return                301 https://$server_name$request_uri;
-   }
-
-   server {
-     listen                *:443 ssl;
-
-     server_name           beta.softwarepublico.gov.br;
-
-     ssl on;
-
-     ssl_certificate           /etc/nginx/colab.crt;
-     ssl_certificate_key       /etc/nginx/colab.key;
-     ssl_session_cache         shared:SSL:10m;
-     ssl_session_timeout       5m;
-     ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-     ssl_ciphers               HIGH:!aNULL:!MD5;
-     ssl_prefer_server_ciphers on;
-
-     access_log            /var/log/nginx/ssl-colab.access.log;
-     error_log             /var/log/nginx/ssl-colab.error.log;
-
-     location /gitlab/assets/ {
-       alias  /var/lib/gitlab-assets/;
-     }
-
-     location / {
-       root  /usr/share/nginx/colab;
-       try_files $uri @colab-app;
-     }
-
-     location @colab-app {
-       proxy_pass              http://colab;
-       proxy_read_timeout      90;
-       proxy_connect_timeout   90;
-       proxy_redirect          off;
-       proxy_set_header        Host $host;
-       proxy_set_header        X-Real-IP $remote_addr;
-       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-       proxy_set_header        X-Forwarded-Proto https;
-     }
-   }
-
-
-Substitua o domínio de exemplo ``beta.softwarepublico.gov.br`` pelo domínio
-desejado.
-
-Certifique-se de instalar o certificado SSL (``/etc/nginx/colab.crt``) e sua
-chave privada (``/etc/nginx/colab.key``).
-
-Reinicie o serviço do Nginx com o comando: ``sudo service nginx restart``.
-
-
-Colab
-+++++
-
-Edite o arquivo ``/etc/colab/settings.yaml`` e adicione o nome e e-mail dos administradores do sistema:
-
-.. code-block:: yaml
-
-   ## System admins
-   ADMINS: &admin
-     -
-       - John Foo
-       - john@example.com
-	 -
-	   - Mary Bar
-	   - mary@example.com
-
-   MANAGERS: *admin
-
-
-Edite o arquivo ``/etc/colab/settings.yaml`` e configure a URL principal da aplicação, quais hosts deverão aceitar requisições e quais hosts poderão ser utilizadas para que o login seja efetuado. Exemplo:
-
-.. code-block:: yaml
-
-   SITE_URL: 'https://beta.softwarepublico.gov.br'
-
-   ALLOWED_HOSTS:
-     - beta.softwarepublico.gov.br
-
-   BROWSERID_AUDIENCES:
-     - http://beta.softwarepublico.gov.br
-     - https://beta.softwarepublico.gov.br
-
-
-Edite o arquivo ``/etc/colab/settings.yaml`` e configure o endereço que será utilizado no FROM dos e-mails enviados pelo Colab. Veja o exemplo:
-
-.. code-block:: yaml
-
-   COLAB_FROM_ADDRESS: '"Portal do Software Publico" <noreply@beta.softwarepublico.gov.br>'
-   SERVER_EMAIL: '"Portal do Software Publico" <noreply@beta.softwarepublico.gov.br>'
-
-
-Edite o arquivo ``/etc/colab/settings.yaml`` e configure o endereço das ferramentas a serem integradas ao Colab. Veja o exemplo:
-
-.. code-block:: yaml
-
-   PROXIED_APPS:
-      gitlab:
-	 upstream: 'http://localhost:8080/gitlab'
-      noosfero:
-	 upstream: 'http://localhost:8090/noosfero'
-
-
-Após editar todos os arquivos desejados reinicie o processo do Colab com
-utilizando o comando ``service colab restart``.
-
-
-Gitlab
-++++++
-
-Edite o arquivo ``/etc/gitlab/gitlab.yml`` acrescentando o atributo
-relative_url_root após a linha ``email_from: example@example.com``. 
-Veja o exemplo a seguir:
-
-.. code-block:: yaml
-
-   email_from:example@example.com
-   relative_url_root: /gitlab
-
-
-Descomente a linha a seguir no arquivo ``/etc/gitlab/unicorn.rb``, veja o exemplo:
-
-.. code-block:: ruby
-
-   ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
-
-
-Altere o atributo gitlab_url no arquivo ``/etc/gitlab-shell/config.yml``, acrescentando /gitlab a url existente. Veja o exemplo:
-
-.. code-block:: yaml
-
-   gitlab_url: "http://localhost:8080/gitlab"
-
-
-Descomente a linha a seguir no arquivo ``/usr/lib/gitlab/config/application.rb``, veja o exemplo:
-
-.. code-block:: ruby
-
-   config.relative_url_root = "/gitlab"
-
-
-Após a configuração acima ter sido feita o serviço do gitlab precisa ser reiniciado utilizando o comando ``service gitlab restart``.
-
-Noosfero
-++++++++
-
-Edite o arquivo ``/etc/noosfero/thin.yml``, e adicione uma linha com o
-seguinte conteúdo:
-
-.. code-block:: yaml
-
-   prefix: /social
-
-Crie/edite o arquivo ``/etc/default/noosfero`` e adicione a seguinte
-linha:
-
-.. code-block:: ruby
-
-   export RAILS_RELATIVE_URL_ROOT=/social
-
-Reinicie o serviço:
-
-.. code-block:: sh
-
-   $ sudo service noosfero restart
-
-Mailman
-+++++++
-
-Edite o arquivo de configuração do `mailman` em
-``/etc/mailman/mm_cfg.py``, e ajuste os seguintes valores:
-
-.. code-block:: python
-
-   DEFAULT_EMAIL_HOST = 'listas.softwarepublico.gov.br'
-   MTA = None
-   POSTFIX_STYLE_VIRTUAL_DOMAINS = ['listas.softwarepublico.gov.br']
-
-Crie a lista de discussão default, necessária para a inicialização do
-serviço. Substitua ``USER@DOMAIN.COM`` pelo email a ser usado como
-administrador do `mailman`, e ``PASSWORD`` pela senha de administração do
-`mailman`.
-
-.. code-block:: sh
-
-   $ sudo -u mailman /usr/lib/mailman/bin/newlist --quiet mailman USER@DOMAIN.COM PASSWORD
-   $ sudo service mailman restart
-
-
-Postfix
-+++++++
-
-Configure o postfix:
-
-.. code-block:: sh
-
-   $ sudo postconf relay_domains=listas.softwarepublico.gov.br
-   $ sudo postconf transport_maps=hash:/etc/postfix/transport
-
-Crie/edite ``/etc/postfix/transport`` com o seguinte conteúdo:
-
-.. code-block:: sh
-
-   listas.softwarepublico.gov.br mailman:
-
-
-Faça o download do arquivo :download:`postfix-to-mailman-centos.py` e salve no
-diretório ``/etc/postfix``, e altere as permissões para tornar o arquivo
-executável:
-
-.. code-block:: sh
-
-   $ sudo chmod +x /etc/postfix/postfix-to-mailman-centos.py
-
-Adicione o seguinte conteúdo no final do arquivo ``/etc/postfix/master.cf``:
-
-::
-
-   mailman   unix  -       n       n       -       -       pipe
-     flags=FR user=mailman:mailman
-     argv=/etc/postfix/postfix-to-mailman-centos.py ${nexthop} ${user}
-
-Gere o banco de dados para consulta, e reinicie o serviço:
-
-.. code-block:: sh
-
-   $ sudo postmap /etc/postfix/transport
-   $ sudo service postfix restart
-
-Inicie o serviço do mailman-api:
-
-.. code-block:: sh
-
-   $ sudo service mailman-api start
-
-
-Habilitar inicialização automática dos serviços
-+++++++++++++++++++++++++++++++++++++++++++++++
-
-Para permitir que os serviços iniciem automaticamente, execute os comandos
-abaixo:
-
-.. code-block:: sh
-
-   $ sudo systemctl enable mailman
-   $ sudo systemctl enable mailman-api
-   $ sudo systemctl enable nginx
-   $ sudo systemctl enable colab
-   $ sudo systemctl enable noosfero
-   $ sudo chkconfig --add gitlab
-   $ sudo chkconfig --add solr
@@ -0,0 +1,55 @@
+Introdução
+==========
+
+Bem-vindo a documentação do Portal do Software Público Brasileiro.
+
+O Portal do Software Público Brasileiro (SPB) é uma plataforma de
+compartilhamento e colaboração no desenvolvimento de softwares. O
+projeto de evolução deste portal está sendo desenvolvido pela
+Universidade de Brasília.
+
+O SPB é composto de um conjunto de ferramentas com funcionalidades
+complementares, que são desenvolvidas de forma independentes pelas suas
+respectivas comunidades. Estas ferramentas estão sendo integradas pela
+nossa equipe de forma a apresentar uma experiência de usuário
+consistente.
+
+* O Colab_ é uma ferramenta especializada na integração de outras
+  ferramentas. O Colab fornece um ponto central de autenticação de
+  usuários para as demais ferramentas da plataforma, indexa informações
+  das demais ferramentas para busca e gamificação, e fornece integração
+  visual entre as diferentes ferramentas que compõem o SOB. O Colab é um
+  software livre criado no Brasil, que teve sua origem no
+  Programa `Interlegis` do Senado Federal.
+
+.. _Colab: https://github.com/colab-community
+.. _`Programa Interlegis do Senado Federal`: http://www.interlegis.leg.br/
+
+* O Noosfero_ é uma plataforma para criação de redes sociais que conta com
+  diversas funcionalidades de gestão de conteúdo como blogs, galeria de
+  imagens e vídeos, entre outros. O Noosfero também é um software livre
+  criado no Brasil, iniciado em 2007 pela COLIVRE_ e que hoje conta com
+  uma comunidade de desenvolvimento que inclui o SERPRO, a Universidade de
+  Brasília e o Fórum Brasileiro de Economia Solidária.
+
+.. _Noosfero: http://www.noosfero.org/
+.. _COLIVRE: http://www.colivre.coop.br/
+
+* O Gitlab_ é uma plataforma para desenvolvimento colaborativo. Projetos
+  no gitlab são mantidos em repositorios ``git``, com gestão de tarefas
+  (*issue tracker*), *merge requests*, gestão de marcos (*milestones*),
+  suporte a integração com plataformas de integração contínua e
+  notificações.
+
+.. _Gitlab: https://www.gitlab.com/
+
+* O `GNU Mailman`_ é uma gerenciador de listas de email tradicionalmente
+  usado por diversas organizações no Brasil e no mundo.
+
+.. _`GNU Mailman`: http://www.gnu.org/software/mailman/
+
+O restando deste manual descreve a arquitetura do SPB bem como os
+procedimentos necessários para sua implantação, manutenção, backup e
+restauração e gestão de firewall.
+
+
@@ -1,242 +0,0 @@
-@ECHO OFF
-
-REM Command file for Sphinx documentation
-
-if "%SPHINXBUILD%" == "" (
-	set SPHINXBUILD=sphinx-build
-)
-set BUILDDIR=_build
-set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
-set I18NSPHINXOPTS=%SPHINXOPTS% .
-if NOT "%PAPER%" == "" (
-	set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
-	set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
-)
-
-if "%1" == "" goto help
-
-if "%1" == "help" (
-	:help
-	echo.Please use `make ^<target^>` where ^<target^> is one of
-	echo.  html       to make standalone HTML files
-	echo.  dirhtml    to make HTML files named index.html in directories
-	echo.  singlehtml to make a single large HTML file
-	echo.  pickle     to make pickle files
-	echo.  json       to make JSON files
-	echo.  htmlhelp   to make HTML files and a HTML help project
-	echo.  qthelp     to make HTML files and a qthelp project
-	echo.  devhelp    to make HTML files and a Devhelp project
-	echo.  epub       to make an epub
-	echo.  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter
-	echo.  text       to make text files
-	echo.  man        to make manual pages
-	echo.  texinfo    to make Texinfo files
-	echo.  gettext    to make PO message catalogs
-	echo.  changes    to make an overview over all changed/added/deprecated items
-	echo.  xml        to make Docutils-native XML files
-	echo.  pseudoxml  to make pseudoxml-XML files for display purposes
-	echo.  linkcheck  to check all external links for integrity
-	echo.  doctest    to run all doctests embedded in the documentation if enabled
-	goto end
-)
-
-if "%1" == "clean" (
-	for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
-	del /q /s %BUILDDIR%\*
-	goto end
-)
-
-
-%SPHINXBUILD% 2> nul
-if errorlevel 9009 (
-	echo.
-	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
-	echo.installed, then set the SPHINXBUILD environment variable to point
-	echo.to the full path of the 'sphinx-build' executable. Alternatively you
-	echo.may add the Sphinx directory to PATH.
-	echo.
-	echo.If you don't have Sphinx installed, grab it from
-	echo.http://sphinx-doc.org/
-	exit /b 1
-)
-
-if "%1" == "html" (
-	%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The HTML pages are in %BUILDDIR%/html.
-	goto end
-)
-
-if "%1" == "dirhtml" (
-	%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
-	goto end
-)
-
-if "%1" == "singlehtml" (
-	%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
-	goto end
-)
-
-if "%1" == "pickle" (
-	%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished; now you can process the pickle files.
-	goto end
-)
-
-if "%1" == "json" (
-	%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished; now you can process the JSON files.
-	goto end
-)
-
-if "%1" == "htmlhelp" (
-	%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished; now you can run HTML Help Workshop with the ^
-.hhp project file in %BUILDDIR%/htmlhelp.
-	goto end
-)
-
-if "%1" == "qthelp" (
-	%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished; now you can run "qcollectiongenerator" with the ^
-.qhcp project file in %BUILDDIR%/qthelp, like this:
-	echo.^> qcollectiongenerator %BUILDDIR%\qthelp\softwarepublico.qhcp
-	echo.To view the help file:
-	echo.^> assistant -collectionFile %BUILDDIR%\qthelp\softwarepublico.ghc
-	goto end
-)
-
-if "%1" == "devhelp" (
-	%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished.
-	goto end
-)
-
-if "%1" == "epub" (
-	%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The epub file is in %BUILDDIR%/epub.
-	goto end
-)
-
-if "%1" == "latex" (
-	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
-	goto end
-)
-
-if "%1" == "latexpdf" (
-	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
-	cd %BUILDDIR%/latex
-	make all-pdf
-	cd %BUILDDIR%/..
-	echo.
-	echo.Build finished; the PDF files are in %BUILDDIR%/latex.
-	goto end
-)
-
-if "%1" == "latexpdfja" (
-	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
-	cd %BUILDDIR%/latex
-	make all-pdf-ja
-	cd %BUILDDIR%/..
-	echo.
-	echo.Build finished; the PDF files are in %BUILDDIR%/latex.
-	goto end
-)
-
-if "%1" == "text" (
-	%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The text files are in %BUILDDIR%/text.
-	goto end
-)
-
-if "%1" == "man" (
-	%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The manual pages are in %BUILDDIR%/man.
-	goto end
-)
-
-if "%1" == "texinfo" (
-	%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.
-	goto end
-)
-
-if "%1" == "gettext" (
-	%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The message catalogs are in %BUILDDIR%/locale.
-	goto end
-)
-
-if "%1" == "changes" (
-	%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.The overview file is in %BUILDDIR%/changes.
-	goto end
-)
-
-if "%1" == "linkcheck" (
-	%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Link check complete; look for any errors in the above output ^
-or in %BUILDDIR%/linkcheck/output.txt.
-	goto end
-)
-
-if "%1" == "doctest" (
-	%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Testing of doctests in the sources finished, look at the ^
-results in %BUILDDIR%/doctest/output.txt.
-	goto end
-)
-
-if "%1" == "xml" (
-	%SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The XML files are in %BUILDDIR%/xml.
-	goto end
-)
-
-if "%1" == "pseudoxml" (
-	%SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml
-	if errorlevel 1 exit /b 1
-	echo.
-	echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml.
-	goto end
-)
-
-:end
@@ -0,0 +1,12 @@
+Manutenção
+==========
+
+Mantendo o sistema atualizado
+-----------------------------
+
+*Esta seção é um trabalho em andamento.*
+
+Modificando configurações
+-------------------------
+
+*Esta seção é um trabalho em andamento.*
@@ -1 +0,0 @@
-../cookbooks/mailman/files/centos/postfix-to-mailman-centos.py
 \ No newline at end of file
@@ -0,0 +1,32 @@
+desc 'Builds documentation (HTML)'
+task :doc do
+  sh 'make -C docs/ html'
+end
+
+desc 'Builds documentation (PDF)'
+task :pdf do
+  sh 'make -C docs/ latexpdf'
+end
+
+desc 'Opens PDF documentation'
+task :viewpdf => :pdf do
+  sh 'xdg-open', 'docs/_build/latex/softwarepublico.pdf'
+end
+
+desc 'Publishes PDF'
+task :pdfupload => :pdf do
+  require 'date'
+
+  tag = Date.today.strftime('doc-%Y-%m-%d-') + $SPB_ENV
+  blob = `git hash-object -w docs/_build/latex/softwarepublico.pdf`.strip
+  tree = `printf '100644 blob #{blob}\tsoftwarepublico-#{$SPB_ENV}.pdf\n' | git mktree`.strip
+  commit = `git commit-tree -m #{tag} #{tree}`.strip
+
+  sh 'git', 'tag', tag, commit
+  sh 'git', 'push', 'origin', tag
+end
+
+desc 'Removes generated files'
+task :clean do
+  sh 'make -C docs/ clean'
+end
@@ -21,16 +21,16 @@ test_nginx_responds() {
 }
 test_nginx_virtualhost() {
-  local title="$(curl --header 'Host: softwarepublico.dev' http://$integration/dashboard | grep '<title>' | sed -e 's/^\s*//')"
+  local title="$(curl --header 'Host: softwarepublico.dev' http://$config_external_hostname/dashboard | grep '<title>' | sed -e 's/^\s*//')"
   assertEquals "<title>Home - Colab</title>" "$title"
 }
 test_reverse_proxy_gitlab() {
-  assertTrue 'Reverse proxy for gitlab' "curl --header 'Host: softwarepublico.dev' http://$integration/gitlab/public/projects | grep -i '<meta.*gitlab.*>'"
+  assertTrue 'Reverse proxy for gitlab' "curl --header 'Host: softwarepublico.dev' http://$config_external_hostname/gitlab/public/projects | grep -i '<meta.*gitlab.*>'"
 }
 test_reverse_proxy_noosfero() {
-  assertTrue 'Reverse proxy for noosfero' "curl --header 'Host: softwarepublico.dev' http://$integration/social/search/people | grep -i '<meta.*noosfero.*>'"
+  assertTrue 'Reverse proxy for noosfero' "curl --header 'Host: softwarepublico.dev' http://$config_external_hostname/social/search/people | grep -i '<meta.*noosfero.*>'"
 }
 load_shunit2
@@ -0,0 +1,6 @@
+# exports all configuration variables into the environment with a config_
+# prefix, e.g.
+#
+# external_hostname → $config_external_hostname
+
+eval $(sed -e '/^\S*:\s*\S\+/!d; s/^/config_/; s/:\s*/=/' ${ROOTDIR:-.}/config/${SPB_ENV:-local}/config.yaml)
@@ -0,0 +1,137 @@
+. $(dirname $0)/test_helper.sh
+
+if [ "$SPB_ENV" = local -o "$SPB_ENV" = lxc ]; then
+  echo "_No DNS for local environment_"
+  exit
+fi
+
+
+export LANG=C
+
+check_hostname() {
+  local host="$1"
+  local ip="$2"
+  local results="$(host -t A $host)"
+  local expected="$host has address $ip"
+  assertEquals "$host must resolve to $ip" "$results" "$expected"
+}
+
+check_mx() {
+  local host="$1"
+  local mx="$2"
+  local results="$(host -t MX $host)"
+  local expected="$host mail is handled by 0 ${mx}."
+  assertEquals "$host MX must be $mx"  "$results" "$expected"
+}
+
+check_reverse_dns() {
+  local ip="$1"
+  local hostname="$2"
+  local results="$(host $ip)"
+  local expected=".*in-addr.arpa domain name pointer ${hostname}."
+  assertTrue "Reverse DNS of $ip must be $hostname (found: $results)" "expr match '$results' 'include:$expected\$'"
+}
+
+check_spf() {
+  domain="$1"
+  spf_domain="$2"
+  local results="$(host -t TXT "$domain")"
+  assertTrue "TXT entry for $domain must have include:$spf_domain (found: $results)" "expr match '$results' 'include:$spf_domain'"
+}
+
+test_dns_web() {
+  check_hostname "$config_external_hostname" "$config_external_ip"
+}
+
+test_mx() {
+  check_mx "$config_external_hostname" "${config_relay_hostname}"
+}
+
+test_dns_lists() {
+  check_hostname "$config_lists_hostname" "$config_external_ip"
+}
+
+test_mx_lists() {
+  check_mx "$config_lists_hostname" "$config_relay_hostname"
+}
+
+test_dns_relay() {
+  check_hostname "$config_relay_hostname" "$config_relay_ip"
+}
+
+test_reverse_dns_web() {
+  check_reverse_dns "$config_external_ip" "$config_external_hostname"
+}
+
+test_reverse_dns_relay() {
+  check_reverse_dns "$config_relay_ip" "$config_relay_hostname"
+}
+
+if [ -n "$config_external_outgoing_mail_domain" ]; then
+  test_spf_domain() {
+    check_spf "$config_external_hostname" "$config_external_outgoing_mail_domain"
+  }
+  test_spf_lists() {
+    check_spf "$config_lists_hostname" "$config_external_outgoing_mail_domain"
+  }
+fi
+
+if [ "$1" = '--doc' ]; then
+  check_hostname() {
+    echo '   * - A'
+    echo "     - $1"
+    echo "     - ${2}"
+  }
+  check_mx() {
+    echo '   * - MX'
+    echo "     - $1"
+    echo "     - ${2}."
+  }
+  check_reverse_dns() {
+    echo '   * - PTR'
+    echo "     - $1"
+    echo "     - ${2}."
+  }
+  check_spf() {
+    echo "   * - TXT (SPF: \"v=spf1 ...\")"
+    echo "     - $1 "
+    echo "     - include:${2} "
+  }
+  header() {
+    local aponta="${2:-Aponta para}"
+    echo '.. list-table::'
+    echo '   :header-rows: 1'
+    echo
+    echo '   * - Tipo'
+    echo '     - Entrada'
+    echo "     - $aponta"
+  }
+  footer() {
+    echo
+  }
+  (
+    header 'DNS(A)'
+    test_dns_web
+    test_dns_lists
+    test_dns_relay
+    footer
+
+    header 'MX'
+    test_mx
+    test_mx_lists
+    footer
+
+    header 'DNS reverso'
+    test_reverse_dns_web
+    test_reverse_dns_relay
+    footer
+
+    header 'SPF' 'Deve conter'
+    test_spf_domain
+    test_spf_lists
+    footer
+
+  )
+else
+  . shunit2
+fi
@@ -21,7 +21,7 @@ test_mailman_delivery() {
 }
 test_mailman_web_interface() {
-  local title="$(curl --location --header 'Host: listas.softwarepublico.dev' http://$integration/mailman/cgi-bin/listinfo | grep -i '<title>')"
+  local title="$(curl --location --header 'Host: listas.softwarepublico.dev' http://$config_external_hostname/mailman/cgi-bin/listinfo | grep -i '<title>')"
   assertEquals "<TITLE>listas.softwarepublico.dev Mailing Lists</TITLE>" "$title"
 }
@@ -19,12 +19,12 @@ test_reverse_proxy_noosfero() {
 }
 test_reverse_proxy_static_files() {
-  local content_type="$(curl-host softwarepublico.dev --head http://$social/social/images/noosfero-network.png | grep-header Content-Type)"
+  local content_type="$(curl-host softwarepublico.dev --head http://$config_external_hostname/social/images/noosfero-network.png | grep-header Content-Type)"
   assertEquals "Content-Type: image/png" "$content_type"
 }
 test_redirect_with_correct_hostname_behind_proxy() {
-  local redirect="$(curl-host softwarepublico.dev --head https://softwarepublico.dev/social/search/contents | grep-header Location)"
+  local redirect="$(curl-host softwarepublico.dev --head https://$config_external_hostname/social/search/contents | grep-header Location)"
   assertEquals "Location: https://softwarepublico.dev/social/search/articles" "$redirect"
 }
@@ -19,4 +19,5 @@ load_shunit2() {
 }
 . $(dirname $0)/ip_helper.sh
+. $(dirname $0)/config_helper.sh
@@ -11,7 +11,15 @@ sed -i -e &#39;s/^#\?\s*Port\s*[0-9]\+\s*$/Port &#39;$port&#39;/g&#39; /etc/ssh/sshd_config
 yum install -y selinux-policy policycoreutils-python
 # Tell SELinux to allow the new port
-semanage port -a -t ssh_port_t -p tcp "$port"
+if grep -q '/$' /proc/1/cgroup; then
+  # not in a container
+  semanage port -a -t ssh_port_t -p tcp "$port"
+else
+  # in container; will fail if host does not have SELinux enabled
+  if ! semanage port -a -t ssh_port_t -p tcp "$port"; then
+    echo "I: can't use SELinux, your host probably does not have it enabled"
+  fi
+fi
 # Restart SSH
 systemctl restart sshd
		1	+require 'yaml'
		2	+
1	begin	3	begin
2	load 'local.rake'	4	load 'local.rake'
3	rescue LoadError	5	rescue LoadError
	@@ -13,15 +15,40 @@ iptables_file = "config/#{$SPB_ENV}/iptables-filter-rules"		@@ -13,15 +15,40 @@ iptables_file = "config/#{$SPB_ENV}/iptables-filter-rules"
13		15
14	ENV['CHAKE_SSH_CONFIG'] = ssh_config_file	16	ENV['CHAKE_SSH_CONFIG'] = ssh_config_file
15		17
		18	+if $SPB_ENV == 'lxc'
		19	+ system("mkdir -p config/lxc; sudo lxc-ls -f -F name,ipv4 \| sed -e '/^softwarepublico/ !d; s/softwarepublico_//; s/_[0-9_]*/:/ ' > #{ips_file}.new")
		20	+ begin
		21	+ ips = YAML.load_file("#{ips_file}.new")
		22	+ raise ArgumentError unless ips.is_a?(Hash)
		23	+ FileUtils.mv ips_file + '.new', ips_file
		24	+ rescue Exception => ex
		25	+ puts ex.message
		26	+ puts
		27	+ puts "Q: did you boot the containers first?"
		28	+ exit
		29	+ end
		30	+ config = YAML.load_file('config/local/config.yaml')
		31	+ config['external_ip'] = ips['reverseproxy']
		32	+ config['relay_ip'] = ips['email']
		33	+ File.open(config_file, 'w') do \|f\|
		34	+ f.puts(YAML.dump(config))
		35	+ end
		36	+
		37	+ File.open('config/lxc/iptables-filter-rules', 'w') do \|f\|
		38	+ lxc_host_bridge_ip = '192.168.122.1' # FIXME don't hardcode
		39	+ f.puts "-A INPUT -s #{lxc_host_bridge_ip} -p tcp -m state --state NEW --dport 22 -j ACCEPT"
		40	+ end
		41	+end
		42	+
16	require 'chake'	43	require 'chake'
17		44
18	if Chake::VERSION < '0.4.3'	45	if Chake::VERSION < '0.4.3'
19	fail "Please upgrade to chake 0.4.3+"	46	fail "Please upgrade to chake 0.4.3+"
20	end	47	end
21		48
22	-config = YAML.load_file(config_file)
23	-ips = YAML.load_file(ips_file)
24	-firewall = File.open(iptables_file).read	49	+ips \|\|= YAML.load_file(ips_file)
		50	+config \|\|= YAML.load_file(config_file)
		51	+firewall \|\|= File.open(iptables_file).read
25	$nodes.each do \|node\|	52	$nodes.each do \|node\|
26	node.data['config'] = config	53	node.data['config'] = config
27	node.data['peers'] = ips	54	node.data['peers'] = ips
	@@ -38,13 +65,41 @@ task :test do		@@ -38,13 +65,41 @@ task :test do
38	end	65	end
39		66
40	file 'ssh_config.erb'	67	file 'ssh_config.erb'
41	-file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb', 'Rakefile'] do \|t\|
42	- require 'erb'
43	- template = ERB.new(File.read('ssh_config.erb'))
44	- File.open(t.name, 'w') do \|f\|
45	- f.write(template.result(binding))	68	+if ['local', 'lxc'].include?($SPB_ENV)
		69	+ file ssh_config_file => ['nodes.yaml', ips_file, 'ssh_config.erb', 'Rakefile'] do \|t\|
		70	+ require 'erb'
		71	+ template = ERB.new(File.read('ssh_config.erb'))
		72	+ File.open(t.name, 'w') do \|f\|
		73	+ f.write(template.result(binding))
		74	+ end
		75	+ puts 'ERB %s' % t.name
46	end	76	end
47	- puts 'ERB %s' % t.name	77	+end
		78	+
		79	+task :backup => ssh_config_file do
		80	+ # setup
		81	+ sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', 'rm -rf /tmp/backups'
		82	+ sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', 'rm -rf /tmp/backups'
		83	+ sh 'mkdir', '-p', 'backups'
		84	+ # integration
		85	+ sh 'scp', '-F', ssh_config_file, 'utils/migration/backup_integration.sh', 'integration:/tmp'
		86	+ sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', '/tmp/backup_integration.sh'
		87	+ sh 'scp', '-F', ssh_config_file, 'integration:/tmp/backups/*', 'backups/'
		88	+ # social
		89	+ sh 'scp', '-F', ssh_config_file, 'utils/migration/backup_social.sh', 'social:/tmp'
		90	+ sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', '/tmp/backup_social.sh'
		91	+ sh 'scp', '-F', ssh_config_file, 'social:/tmp/backups/*', 'backups/'
		92	+end
		93	+
		94	+task :restore => ssh_config_file do
		95	+ #integration
		96	+ sh 'scp', '-r', '-F', ssh_config_file, 'backups', 'integration:/tmp'
		97	+ sh 'scp', '-F', ssh_config_file, 'utils/migration/restore_integration.sh', 'integration:/tmp'
		98	+ sh 'ssh', '-F', ssh_config_file, 'integration', 'sudo', '/tmp/restore_integration.sh'
		99	+ #social
		100	+ sh 'scp', '-r', '-F', ssh_config_file, 'backups', 'social:/tmp'
		101	+ sh 'scp', '-F', ssh_config_file, 'utils/migration/restore_social.sh', 'social:/tmp'
		102	+ sh 'ssh', '-F', ssh_config_file, 'social', 'sudo', '/tmp/restore_social.sh'
48	end	103	end
49		104
50	task :backup => ssh_config_file do	105	task :backup => ssh_config_file do
	@@ -98,3 +153,5 @@ task :preconfig => ssh_config_file do		@@ -98,3 +153,5 @@ task :preconfig => ssh_config_file do
98	end	153	end
99	end	154	end
100	end	155	end
		156	+
		157	+Dir.glob('tasks/*.rake').each { \|f\| load f }
@@ -0,0 +1,15 @@		@@ -0,0 +1,15 @@
	1	+admins:
	2	+ - ["Paulo Meirelles", "paulo@softwarelivre.org"]
	3	+external_hostname: dev.softwarepublico.gov.br
	4	+external_ip: 189.9.151.16
	5	+site_url: https://dev.softwarepublico.gov.br
	6	+colab_from_address: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
	7	+server_email: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
	8	+email_subject_prefix: '[spb\|dev]'
	9	+lists_hostname: listas.dev.softwarepublico.gov.br
	10	+lists_admin: paulo@softwarelivre.org
	11	+from_address: noreply@dev.softwarepublico.gov.br
	12	+relay_hostname: relay.dev.softwarepublico.gov.br
	13	+relay_ip: 189.9.151.44
	14	+external_outgoing_mail_relay: 189.9.150.53
	15	+external_outgoing_mail_domain: serpro.gov.br
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+reverseproxy: 10.18.0.15
	2	+database: 10.18.0.16
	3	+social: 10.18.0.17
	4	+email: 10.18.0.18
	5	+integration: 10.18.0.19
@@ -0,0 +1,23 @@		@@ -0,0 +1,23 @@
	1	+
	2	+-A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
	3	+-A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
	4	+-A INPUT -s 200.198.196.192/26 -p icmp --icmp-type 8 -j ACCEPT
	5	+-A INPUT -s 200.198.196.201/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	6	+-A INPUT -s 200.198.196.206/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	7	+
	8	+-A INPUT -s 189.9.150.85/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
	9	+
	10	+
	11	+# UnB
	12	+-A INPUT -s 164.41.86.12/32 -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT
	13	+-A INPUT -s 164.41.9.36/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
	14	+
	15	+
	16	+# Sergio Oliveira
	17	+-A INPUT -s 179.111.229.232/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
	18	+
	19	+
	20	+-A INPUT -s 10.18.0.0/16 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
	21	+-A INPUT -s 10.18.0.0/16 -p icmp --icmp-type 8 -j ACCEPT
	22	+-A INPUT -s 189.9.137.239/32 -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
	23	+-A INPUT -s 189.9.137.239/32 -p icmp --icmp-type 8 -j ACCEPT
@@ -0,0 +1,30 @@		@@ -0,0 +1,30 @@
	1	+Host *
	2	+ ForwardAgent yes
	3	+
	4	+Host reverseproxy
	5	+ Hostname 189.9.151.16
	6	+ User spb
	7	+
	8	+Host database
	9	+ Hostname 10.18.0.16
	10	+ User spb
	11	+ # connect via reverseproxy host
	12	+ ProxyCommand ssh spb@189.9.151.16 nc %h %p
	13	+
	14	+Host social
	15	+ Hostname 10.18.0.17
	16	+ User spb
	17	+ # connect via reverseproxy host
	18	+ ProxyCommand ssh spb@189.9.151.16 nc %h %p
	19	+
	20	+Host email
	21	+ Hostname 10.18.0.18
	22	+ User spb
	23	+ # connect via reverseproxy host
	24	+ ProxyCommand ssh spb@189.9.151.16 nc %h %p
	25	+
	26	+Host integration
	27	+ Hostname 10.18.0.19
	28	+ User spb
	29	+ # connect via reverseproxy host
	30	+ ProxyCommand ssh spb@189.9.151.16 nc %h %p
	@@ -1,13 +0,0 @@	@@ -1,13 +0,0 @@
1	-admins:
2	- -
3	- - Paulo Meirelles
4	- - paulo@softwarelivre.org
5	-external_hostname: dev.softwarepublico.gov.br
6	-site_url: https://dev.softwarepublico.gov.br
7	-colab_from_address: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
8	-server_email: '"Portal do Software Publico (dev)" <noreply@dev.softwarepublico.gov.br>'
9	-email_subject_prefix: '[spb\|dev]'
10	-lists_hostname: listas.dev.softwarepublico.gov.br
11	-lists_admin: paulo@softwarelivre.org
12	-relay_hostname: relay.dev.softwarepublico.gov.br
13	-from_address: noreply@dev.softwarepublico.gov.br
	@@ -1,5 +0,0 @@	@@ -1,5 +0,0 @@
1	-reverseproxy: 10.18.0.15
2	-database: 10.18.0.16
3	-social: 10.18.0.17
4	-email: 10.18.0.18
5	-integration: 10.18.0.19
	@@ -1,23 +0,0 @@	@@ -1,23 +0,0 @@
1	-
2	--A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
3	--A INPUT -s 200.198.196.192/26 -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
4	--A INPUT -s 200.198.196.192/26 -p icmp --icmp-type 8 -j ACCEPT
5	--A INPUT -s 200.198.196.201/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
6	--A INPUT -s 200.198.196.206/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
7	-
8	--A INPUT -s 189.9.150.85/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
9	-
10	-
11	-# UnB
12	--A INPUT -s 164.41.86.12/32 -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT
13	--A INPUT -s 164.41.9.36/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
14	-
15	-
16	-# Sergio Oliveira
17	--A INPUT -s 179.111.229.232/32 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
18	-
19	-
20	--A INPUT -s 10.18.0.0/16 -p tcp -m state --state NEW -m multiport --dports 22,80,5432 -j ACCEPT
21	--A INPUT -s 10.18.0.0/16 -p icmp --icmp-type 8 -j ACCEPT
22	--A INPUT -s 189.9.137.239/32 -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
23	--A INPUT -s 189.9.137.239/32 -p icmp --icmp-type 8 -j ACCEPT
	@@ -1,30 +0,0 @@	@@ -1,30 +0,0 @@
1	-Host *
2	- ForwardAgent yes
3	-
4	-Host reverseproxy
5	- Hostname 189.9.151.16
6	- User spb
7	-
8	-Host database
9	- Hostname 10.18.0.16
10	- User spb
11	- # connect via reverseproxy host
12	- ProxyCommand ssh spb@189.9.151.16 nc %h %p
13	-
14	-Host social
15	- Hostname 10.18.0.17
16	- User spb
17	- # connect via reverseproxy host
18	- ProxyCommand ssh spb@189.9.151.16 nc %h %p
19	-
20	-Host email
21	- Hostname 10.18.0.18
22	- User spb
23	- # connect via reverseproxy host
24	- ProxyCommand ssh spb@189.9.151.16 nc %h %p
25	-
26	-Host integration
27	- Hostname 10.18.0.19
28	- User spb
29	- # connect via reverseproxy host
30	- ProxyCommand ssh spb@189.9.151.16 nc %h %p
@@ -0,0 +1,16 @@		@@ -0,0 +1,16 @@
	1	+admins:
	2	+ - ["Nayanne Araújo", "nayanne.bonifacio@planejamento.gov.br"]
	3	+ - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"]
	4	+external_hostname: homologa.softwarepublico.gov.br
	5	+external_ip: 189.9.151.65
	6	+site_url: https://homologa.softwarepublico.gov.br
	7	+colab_from_address: '"Portal do Software Publico (homologação)" <noreply@homologa.softwarepublico.gov.br>'
	8	+server_email: '"Portal do Software Publico (homologação)" <noreply@homologa.softwarepublico.gov.br>'
	9	+email_subject_prefix: '[spb]'
	10	+lists_hostname: listas.homologa.softwarepublico.gov.br
	11	+lists_admin: nayanne.bonifacio@planejamento.gov.br
	12	+from_address: noreply@homologa.softwarepublico.gov.br
	13	+relay_hostname: relay.homologa.softwarepublico.gov.br
	14	+relay_ip: 189.9.151.66
	15	+external_outgoing_mail_relay: 189.9.150.53
	16	+external_outgoing_mail_domain: serpro.gov.br