forked from GNUsocial/gnu-social
[DOCKER][MAIL] Update config and change the way mail docker handles it, so the edits aren't visible from the outside, polluting the git staging area
This commit is contained in:
parent
0a15ccab9b
commit
349df02f78
79
bin/configure
vendored
79
bin/configure
vendored
@ -96,14 +96,15 @@ while true; do
|
||||
done
|
||||
|
||||
if [ "${DBMS}" = 'postgres' ]; then DB_USER="postgres"; else DB_USER="social"; fi
|
||||
while true; do
|
||||
DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${DB_USER}" ]; then break; fi
|
||||
done
|
||||
|
||||
if echo "${DOCKER}" | grep -Fvq '"db"'; then
|
||||
while true; do
|
||||
DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${DB_USER}" ]; then break; fi
|
||||
done
|
||||
fi
|
||||
while true; do
|
||||
DB_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB password' --clear --backtitle 'GNU social' \
|
||||
--passwordbox "\nEnter a password for social to connect to the database with" 0 0 \
|
||||
@ -224,17 +225,25 @@ validate_exit $?
|
||||
|
||||
|
||||
# ------------ Mail server --------------
|
||||
if echo "${DOCKER}" | grep -Fq '"mail"'; then
|
||||
MAILER_DSN='sendmail://localhost'
|
||||
if echo "${DOCKER}" | grep -Fvq '"mail"'; then
|
||||
while true; do
|
||||
MAILER_DSN=$(${WHIPTAIL} --title 'GNU social mail server DSN' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 'sendmail://localhost' \
|
||||
--inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 "${MAILER_DSN}" \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${MAILER_DSN}" ]; then break; fi
|
||||
done
|
||||
while true; do
|
||||
MAIL_DOMAIN=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter the domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${MAIL_DOMAIN}" ]; then break; fi
|
||||
done
|
||||
fi
|
||||
|
||||
if echo "${DOCKER}" | grep -Fvq '"mail"'; then
|
||||
if echo "${DOCKER}" | grep -Fq '"mail"'; then
|
||||
while true; do
|
||||
MAIL_DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter the root domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
|
||||
@ -256,7 +265,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
|
||||
|
||||
while true; do
|
||||
MAIL_SENDER_USER=$(${WHIPTAIL} --title 'GNU social mail sender user' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter the user emails should be sent from" 0 0 \
|
||||
--inputbox "\nEnter the user emails should be sent from (email without @domain)" 0 0 \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${MAIL_SENDER_USER}" ]; then break; fi
|
||||
@ -264,7 +273,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
|
||||
|
||||
while true; do
|
||||
MAIL_SENDER_NAME=$(${WHIPTAIL} --title 'GNU social mail sender name' --clear --backtitle 'GNU social' \
|
||||
--inputbox "\nEnter the name emails should be sent from (name without @domain)" 0 0 \
|
||||
--inputbox "\nEnter the name emails should be sent from" 0 0 "${NODE_NAME}" \
|
||||
3>&1 1>&2 2>&3)
|
||||
validate_exit $?
|
||||
if [ -n "${MAIL_SENDER_NAME}" ]; then break; fi
|
||||
@ -331,7 +340,7 @@ SOCIAL_DB=${DB_NAME}
|
||||
SOCIAL_USER=${DB_USER}
|
||||
SOCIAL_PASSWORD=${DB_PASSWORD}
|
||||
SOCIAL_DOMAIN=${DOMAIN}
|
||||
SOCIAL_SITENAME=${SITENAME}
|
||||
SOCIAL_NODE_NAME=${NODE_NAME}
|
||||
SOCIAL_ADMIN_EMAIL=${EMAIL}
|
||||
SOCIAL_SITE_PROFILE=${PROFILE}
|
||||
MAILER_DSN=${MAILER_DSN}
|
||||
@ -347,40 +356,18 @@ EOF
|
||||
# --------------- Write mail configuration, and setup ----------------------
|
||||
mkdir -p "${INSTALL_DIR}/docker/mail"
|
||||
|
||||
cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
|
||||
MAIL_DOMAIN=${MAIL_DOMAIN}
|
||||
MAIL_USER=${MAIL_SENDER_USER}
|
||||
MAIL_NAME=${MAIL_SENDER_NAME}
|
||||
MAIL=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
|
||||
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
|
||||
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
|
||||
EOF
|
||||
|
||||
HASHED_PASSWORD="{SHA512-CRYPT}"$(echo "${MAIL_PASSWORD}" | openssl passwd -6 -in -)
|
||||
|
||||
# Config postfix
|
||||
sed -ri \
|
||||
-e "s/^\s*myhostname\s*=.*/myhostname = ${MAILNAME}/" \
|
||||
-e "s/^\s*mydomain\s*=.*/mydomain = ${DOMAINNAME}/" \
|
||||
-e "s/^\s*smtpd_tls_cert_file\s*=.*/smtpd_tls_cert_file = ${SSL_CERT}/" \
|
||||
-e "s/^\s*smtpd_tls_key_file\s*=.*/smtpd_tls_key_file = ${SSL_KEY}/" \
|
||||
"${INSTALL_DIR}/docker/mail/config/postfix/main.cf"
|
||||
|
||||
# Config dovecot
|
||||
sed -ri \
|
||||
-e "s/^\s*ssl_cert\s*=.*/ssl_cert = <${SSL_CERT}/" \
|
||||
-e "s/^\s*ssl_key\s*=.*/ssl_key = <${SSL_KEY}/" \
|
||||
-e "s/^\s*postmaster_address\s*=.*/postmaster_address = postmaster@${DOMAINNAME}/" \
|
||||
"${INSTALL_DIR}/docker/mail/config/dovecot/dovecot.conf"
|
||||
|
||||
# Config dkim
|
||||
sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" "${INSTALL_DIR}/docker/mail/config/opendkim/TrustedHosts"
|
||||
|
||||
# Prepare mail user
|
||||
echo "${MAIL_DOMAIN_ROOT} #OK" > "${INSTALL_DIR}/docker/mail/config/domains"
|
||||
echo "${MAIL_USER} ${MAIL_USER}" > "${INSTALL_DIR}/docker/mail/config/aliases"
|
||||
echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > "${INSTALL_DIR}/docker/mail/config/mailboxes"
|
||||
echo "${MAIL_USER}:${HASHED_PASSWORD}" > "${INSTALL_DIR}/docker/mail/config/passwd"
|
||||
cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
|
||||
MAIL_DOMAIN=${MAIL_DOMAIN}
|
||||
MAIL_DOMAIN_ROOT=${MAIL_DOMAIN_ROOT}
|
||||
MAIL_USER=${MAIL_SENDER_USER}
|
||||
MAIL_NAME=${MAIL_SENDER_NAME}
|
||||
MAIL_ADDRESS=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
|
||||
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
|
||||
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
|
||||
HASHED_PASSWORD=${HASHED_PASSWORD}
|
||||
EOF
|
||||
# --------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
|
||||
. bootstrap.env
|
||||
|
||||
sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf
|
||||
sed -ri "s/%hostname%/${MAIL_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
|
||||
|
||||
nginx
|
||||
|
||||
|
@ -1,54 +1,12 @@
|
||||
FROM debian:buster-slim
|
||||
FROM alpine
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Install packages
|
||||
RUN apt-get update \
|
||||
&& apt-get upgrade -y \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
dovecot-core \
|
||||
dovecot-imapd \
|
||||
dovecot-lmtpd \
|
||||
dovecot-pop3d \
|
||||
opendkim \
|
||||
opendkim-tools \
|
||||
openssl \
|
||||
postfix \
|
||||
procps \
|
||||
rsyslog \
|
||||
s6 \
|
||||
&& apt-get autoclean \
|
||||
&& apt-get autoremove
|
||||
|
||||
# Setup folders and users
|
||||
RUN groupadd -g 2222 vmail \
|
||||
&& mkdir -p -m 751 "/var/mail/" \
|
||||
&& mkdir -p -m 755 "/etc/mail/" \
|
||||
&& mkdir -p "/var/opendkim/keys/" \
|
||||
&& useradd -d "/var/mail" -M -s "/usr/sbin/nologin" -u 2222 -g 2222 vmail \
|
||||
&& usermod -aG vmail postfix \
|
||||
&& usermod -aG vmail dovecot \
|
||||
&& usermod -aG vmail opendkim \
|
||||
&& chown vmail:vmail "/var/mail" \
|
||||
&& chown opendkim:opendkim "/var/opendkim/keys/"
|
||||
|
||||
# Copy config files
|
||||
COPY rootfs/ /
|
||||
|
||||
RUN chmod +x "/etc/service/postfix/run" \
|
||||
&& chmod +x "/etc/service/dovecot/run" \
|
||||
&& chmod +x "/etc/service/opendkim/run" \
|
||||
&& chmod +x "/etc/service/rsyslog/run" \
|
||||
&& chmod +x "/usr/bin/start.sh"
|
||||
|
||||
# Prepare user
|
||||
RUN mkdir -p "/var/mail/${MAIL_DOMAIN}" \
|
||||
&& mkdir -p "/var/mail/${DOMAINPART}/${USER%@*}" \
|
||||
&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN}" \
|
||||
&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN_ROOT}/${MAIL_USER%@*}"
|
||||
RUN apk update && apk add postfix dovecot dovecot-pop3d opendkim s6
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 25 110 143 587 993 995
|
||||
|
||||
# Fixes problem with s6 (s6 claims it's a docker bug)
|
||||
VOLUME ["/run"]
|
||||
|
||||
# Run start script
|
||||
ENTRYPOINT /usr/bin/start.sh
|
||||
ENTRYPOINT /usr/bin/entrypoint.sh
|
||||
|
@ -1,9 +1,10 @@
|
||||
protocols = imap pop3 lmtp
|
||||
|
||||
ssl = yes
|
||||
ssl_cert =
|
||||
ssl_key =
|
||||
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
||||
# `<` means read from file
|
||||
ssl_cert = <%cert_file%
|
||||
ssl_key = <%key_file%
|
||||
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
|
||||
|
||||
listen = *, ::
|
||||
dict {
|
||||
@ -33,7 +34,7 @@ userdb {
|
||||
}
|
||||
|
||||
service auth {
|
||||
unix_listener auth-client {
|
||||
unix_listener /var/spool/postfix/private/auth {
|
||||
user = postfix
|
||||
group = postfix
|
||||
mode = 0660
|
||||
@ -47,7 +48,7 @@ service imap-login {
|
||||
}
|
||||
|
||||
protocol lmtp {
|
||||
postmaster_address =
|
||||
postmaster_address = %postmaster_address%
|
||||
}
|
||||
|
||||
protocol imap {
|
||||
@ -68,5 +69,5 @@ service stats {
|
||||
}
|
||||
}
|
||||
|
||||
!include_try conf.d/*.conf
|
||||
!include_try local.conf
|
||||
# !include_try conf.d/*.conf
|
||||
# !include_try local.conf
|
||||
|
@ -7,5 +7,5 @@
|
||||
::1
|
||||
172.17.0.0/16
|
||||
fe80::/64
|
||||
#HOSTNAME
|
||||
%hostname%
|
||||
|
||||
|
@ -1,19 +1,39 @@
|
||||
## STANDARD POSTFIX CONFIG PARAMS ###
|
||||
|
||||
myhostname = %hostname%
|
||||
mydomain = %domain_root%
|
||||
myorigin = $myhostname
|
||||
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
# Intentianally blank
|
||||
relayhost =
|
||||
alias_maps = hash:/etc/mail/postfix/aliases
|
||||
alias_database = hash:/etc/mail/postfix/aliases
|
||||
|
||||
smtpd_tls_cert_file = %cert_file%
|
||||
smtpd_tls_key_file = %key_file%
|
||||
smtpd_use_tls=yes
|
||||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
||||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
||||
smtpd_tls_security_level=may
|
||||
#SSLv2 and SSLv3 are obsolete
|
||||
smtpd_tls_protocols = !SSLv2, !SSLv3
|
||||
smtp_tls_security_level = may
|
||||
smtp_tls_protocols = !SSLv2, !SSLv3
|
||||
smtp_tls_exclude_ciphers = EXPORT, LOW
|
||||
smtpd_tls_loglevel = 1
|
||||
smtpd_tls_session_cache_timeout = 3600s
|
||||
|
||||
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
|
||||
|
||||
queue_directory = /var/spool/postfix
|
||||
command_directory = /usr/sbin
|
||||
daemon_directory = /usr/lib/postfix/sbin
|
||||
data_directory = /var/lib/postfix
|
||||
mail_owner = postfix
|
||||
myhostname =
|
||||
mydomain =
|
||||
myorigin = $myhostname
|
||||
inet_interfaces = all
|
||||
inet_protocols = all
|
||||
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||
unknown_local_recipient_reject_code = 550
|
||||
mynetworks = 127.0.0.0/8, [::1]/128
|
||||
alias_maps = hash:/etc/mail/postfix/aliases
|
||||
|
||||
mailbox_command = /usr/lib/dovecot/deliver
|
||||
|
||||
@ -30,10 +50,6 @@ manpage_directory = /usr/share/man
|
||||
sample_directory = /usr/share/doc/postfix-2.10.1/samples
|
||||
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
|
||||
|
||||
smtp_tls_security_level = may
|
||||
smtp_tls_loglevel = 1
|
||||
smtp_tls_protocols = !SSLv2
|
||||
smtp_tls_exclude_ciphers = EXPORT, LOW
|
||||
|
||||
### VIRTUAL MAIL CONFIG PARAMS ###
|
||||
relay_domains = *
|
||||
@ -63,12 +79,7 @@ smtpd_sasl_local_domain = $mydomain
|
||||
broken_sasl_auth_clients = yes
|
||||
|
||||
smtpd_tls_security_level = may
|
||||
smtpd_tls_key_file =
|
||||
smtpd_tls_cert_file =
|
||||
smtpd_tls_loglevel = 1
|
||||
smtpd_tls_session_cache_timeout = 3600s
|
||||
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
|
||||
smtpd_tls_protocols = $smtp_tls_protocols
|
||||
|
||||
tls_random_source = dev:/dev/urandom
|
||||
tls_random_exchange_name = /var/lib/postfix/prng_exch
|
||||
smtpd_tls_auth_only = yes
|
||||
|
@ -8,21 +8,16 @@
|
||||
# service type private unpriv chroot wakeup maxproc command + args
|
||||
# (yes) (yes) (yes) (never) (100)
|
||||
# ==========================================================================
|
||||
smtp inet n - n - - smtpd
|
||||
smtp inet n - n - - smtpd
|
||||
#smtp inet n - n - 1 postscreen
|
||||
#smtpd pass - - n - - smtpd
|
||||
#dnsblog unix - - n - 0 dnsblog
|
||||
#tlsproxy unix - - n - 0 tlsproxy
|
||||
submission inet n - n - - smtpd
|
||||
# -o syslog_name=postfix/submission
|
||||
# -o smtpd_tls_security_level=encrypt
|
||||
# -o smtpd_sasl_auth_enable=yes
|
||||
# -o smtpd_reject_unlisted_recipient=no
|
||||
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||
# -o milter_macro_daemon_name=ORIGINATING
|
||||
submission inet n - n - - smtpd
|
||||
-o syslog_name=postfix/submission
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
-o smtpd_reject_unlisted_recipient=no
|
||||
smtps inet n - n - - smtpd
|
||||
-o syslog_name=postfix/smtps
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
@ -30,7 +25,7 @@ smtps inet n - n - - smtpd
|
||||
-o smtpd_reject_unlisted_recipient=no
|
||||
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||
-o milter_macro_daemon_name=ORIGINATING
|
||||
#628 inet n - n - - qmqpd
|
||||
#628 inet n - n - - qmqpd
|
||||
pickup unix n - n 60 1 pickup
|
||||
cleanup unix n - n - 0 cleanup
|
||||
qmgr unix n - n 300 1 qmgr
|
||||
@ -122,5 +117,5 @@ scache unix - - n - 1 scache
|
||||
#mailman unix - n n - - pipe
|
||||
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||
# ${nexthop} ${user}
|
||||
dovecot unix - n n - - pipe
|
||||
dovecot unix - n n - - pipe
|
||||
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
|
||||
|
@ -12,8 +12,12 @@ cat <<EOF
|
||||
- 587:587
|
||||
- 993:993
|
||||
volumes:
|
||||
- ./docker/mail/etc:/etc
|
||||
- ./docker/mail/entrypoint.sh:/usr/bin/entrypoint.sh
|
||||
- ./docker/mail/mail:/var/mail
|
||||
- ./docker/mail/config:/etc/mail
|
||||
- ./docker/mail/config/postfix:/etc/postfix
|
||||
- ./docker/mail/config/dovecot:/etc/dovecot
|
||||
# Certbot
|
||||
- ./docker/certbot/www:/var/www/certbot
|
||||
- ./docker/certbot/.files:/etc/letsencrypt
|
||||
|
51
docker/mail/entrypoint.sh
Executable file
51
docker/mail/entrypoint.sh
Executable file
@ -0,0 +1,51 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
|
||||
touch /etc/passwd
|
||||
adduser nobody
|
||||
adduser postfix
|
||||
adduser dovecot
|
||||
adduser opendkim
|
||||
|
||||
addgroup dovecot postfix
|
||||
addgroup opendkim postfix
|
||||
chown postfix:postfix "/var/mail/${MAIL_DOMAIN}"
|
||||
mkdir -p "/var/opendkim/keys/"
|
||||
chown opendkim:opendkim "/var/opendkim/keys/"
|
||||
chmod +x "/etc/service/postfix/run"
|
||||
chmod +x "/etc/service/dovecot/run"
|
||||
chmod +x "/etc/service/opendkim/run"
|
||||
chmod +x "/etc/service/rsyslog/run"
|
||||
chmod +x "/usr/bin/entrypoint.sh"
|
||||
mkdir -p "/var/mail/${MAIL_DOMAIN}/${MAIL_USER}"
|
||||
|
||||
# Config postfix
|
||||
sed -ri \
|
||||
-e "s,%hostname%,${MAIL_DOMAIN}," \
|
||||
-e "s,%domain_root%,${MAIL_DOMAIN_ROOT}," \
|
||||
-e "s,%cert_file%,${SSL_CERT}," \
|
||||
-e "s,%key_file%,${SSL_KEY}," \
|
||||
-e "s,%postmaster_address%,${MAIL_ADDRESS}," \
|
||||
/etc/postfix/main.cf /etc/dovecot/dovecot.conf /etc/mail/opendkim/TrustedHosts
|
||||
|
||||
# Prepare mail user
|
||||
touch /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
|
||||
echo "${MAIL_DOMAIN} #OK" > /etc/mail/domains
|
||||
if ! grep -Fq 'root:' /etc/mail/aliases; then echo "root: ${MAIL_USER}" >> /etc/mail/aliases; fi
|
||||
echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > /etc/mail/mailboxes
|
||||
echo "${MAIL_USER}:${HASHED_PASSWORD}" > /etc/mail/passwd
|
||||
|
||||
# Run opendkim
|
||||
if [ ! -e "/var/opendkim/keys/default.private" ]
|
||||
then
|
||||
opendkim-genkey -d "${MAIL_DOMAIN}" -D "/var/opendkim/keys/"
|
||||
fi
|
||||
|
||||
newaliases
|
||||
postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
|
||||
postfix reload
|
||||
dovecot
|
||||
|
||||
# # Run services
|
||||
# s6-svscan /etc/service
|
10
docker/mail/etc/mail/postfix/aliases
Normal file
10
docker/mail/etc/mail/postfix/aliases
Normal file
@ -0,0 +1,10 @@
|
||||
mailer-daemon: postmaster
|
||||
postmaster: root
|
||||
nobody: root
|
||||
hostmaster: root
|
||||
usenet: root
|
||||
news: root
|
||||
webmaster: root
|
||||
www: root
|
||||
ftp: root
|
||||
abuse: root
|
@ -1,21 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Run openssl
|
||||
if [ ! -e "${SSL_CERT}" ]
|
||||
then
|
||||
mkdir -p "$(dirname ${SSL_CERT})" "$(dirname $SSL_KEY)"
|
||||
openssl req -x509 -nodes -newkey rsa:2018 -days 365 -keyout "${SSL_CERT}" -out "${SSL_KEY}"
|
||||
fi
|
||||
|
||||
# Run opendkim
|
||||
if [ ! -e "/var/opendkim/keys/default.private" ]
|
||||
then
|
||||
opendkim-genkey -d "${DOMAINNAME}" -D "/var/opendkim/keys/"
|
||||
fi
|
||||
|
||||
postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
|
||||
postfix reload
|
||||
dovecot reload
|
||||
|
||||
# Run services
|
||||
s6-svscan /etc/service
|
@ -1,48 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
ROOT="$(git rev-parse --show-toplevel)"
|
||||
. $ROOT/docker/mail/mail.env
|
||||
|
||||
cd "${0%/*}"
|
||||
|
||||
if [ -z "${MAIL_SUBDOMAIN}" ]
|
||||
then
|
||||
domain="${MAIL_DOMAIN_ROOT}"
|
||||
else
|
||||
domain="${MAIL_SUBDOMAIN}.${MAIL_DOMAIN_ROOT}"
|
||||
fi
|
||||
|
||||
PASSHASH="{SHA512-CRYPT}$(mkpasswd -m sha-512 -R 5000 ${MAIL_PASSWORD})"
|
||||
|
||||
cat > mail.env <<EOF
|
||||
#!/bin/sh
|
||||
DOMAINNAME=${MAIL_DOMAIN_ROOT}
|
||||
MAILNAME=${domain}
|
||||
SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/fullchain.pem
|
||||
SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/privkey.pem
|
||||
MAIL_USER="${MAIL_USER}"
|
||||
USER="${MAIL_USER}@${MAIL_DOMAIN_ROOT}"
|
||||
EOF
|
||||
|
||||
. $ROOT/docker/mail/mail.env
|
||||
|
||||
# Config postfix
|
||||
sed -i -e "s#^\s*myhostname\s*=.*#myhostname = ${MAILNAME}#" config/postfix/main.cf
|
||||
sed -i -e "s#^\s*mydomain\s*=.*#mydomain = ${DOMAINNAME}#" config/postfix/main.cf
|
||||
sed -i -e "s#^\s*smtpd_tls_cert_file\s*=.*#smtpd_tls_cert_file = ${SSL_CERT}#" config/postfix/main.cf
|
||||
sed -i -e "s#^\s*smtpd_tls_key_file\s*=.*#smtpd_tls_key_file = ${SSL_KEY}#" config/postfix/main.cf
|
||||
|
||||
# Config dovecot
|
||||
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <${SSL_CERT}#" config/dovecot/dovecot.conf
|
||||
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <${SSL_KEY}#" config/dovecot/dovecot.conf
|
||||
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = postmaster@${DOMAINNAME}#" config/dovecot/dovecot.conf
|
||||
|
||||
# Config dkim
|
||||
sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" config/opendkim/TrustedHosts
|
||||
|
||||
# Prepare mail user
|
||||
touch config/aliases config/domains config/mailboxes config/passwd
|
||||
echo "${DOMAINNAME} #OK" > config/domains
|
||||
echo "${USER} ${USER}" > config/aliases
|
||||
echo "${USER} ${DOMAINNAME}/${MAIL_USER}/" > config/mailboxes
|
||||
echo "${USER}:${PASSHASH}" > config/passwd
|
@ -2,5 +2,5 @@
|
||||
|
||||
# Can't do sed inplace, because the file would be busy
|
||||
cat /var/nginx/social.conf | \
|
||||
sed -r "s/%hostname%/${DOMAIN}/g;" > \
|
||||
sed -r "s/%hostname%/${WEB_DOMAIN}/g;" > \
|
||||
/etc/nginx/conf.d/social.conf
|
||||
|
Loading…
Reference in New Issue
Block a user