wip

2021-06-16 18:19:52 +02:00 · 2021-06-16 18:19:52 +02:00 · dfd2c0b992
commit dfd2c0b992
parent d2f048b389
12 changed files with 132 additions and 7 deletions
--- a/bundles/dovecot/files/dovecot.conf
+++ b/bundles/dovecot/files/dovecot.conf
@ -12,18 +12,19 @@ namespace inbox {
  inbox = yes
  separator = .
  mailbox Drafts {
+    auto = subscribe 
    special_use = \Drafts
  }
  mailbox Junk {
+    auto = create 
    special_use = \Junk
  }
  mailbox Trash {
+    auto = subscribe 
    special_use = \Trash
  }
  mailbox Sent {
-    special_use = \Sent
-  }
-  mailbox "Sent Messages" {
+    auto = subscribe 
    special_use = \Sent
  }
 }
--- a/bundles/dovecot/items.py
+++ b/bundles/dovecot/items.py
@ -17,7 +17,7 @@ users['vmail'] = {
    'home': '/var/vmail',
    'needs': [
        'group:vmail',
-    ]
+    ],
 }

 files = {
--- a/bundles/dovecot/metadata.py
+++ b/bundles/dovecot/metadata.py
@ -1,5 +1,3 @@
-from bundlewrap.metadata import atomic
-
 defaults = {
    'apt': {
        'packages': {
--- a/bundles/mailserver/items.py
+++ b/bundles/mailserver/items.py
@ -1,4 +1,5 @@
 assert node.has_bundle('postfix')
+assert node.has_bundle('opendkim')
 assert node.has_bundle('dovecot')
 assert node.has_bundle('letsencrypt')
 assert node.has_bundle('roundcube')
--- a/bundles/opendkim/files/key_table
+++ b/bundles/opendkim/files/key_table
@ -0,0 +1,3 @@
+% for domain in domains:
+mail._domainkey.${domain} ${domain}:mail:/etc/opendkim/keys/${domain}/mail.private
+% endfor
--- a/bundles/opendkim/files/opendkim.conf
+++ b/bundles/opendkim/files/opendkim.conf
@ -0,0 +1,14 @@
+Mode                    sv
+SignatureAlgorithm      rsa-sha256
+Canonicalization        relaxed/simple
+KeyTable                refile:/etc/opendkim/key_table
+SigningTable            refile:/etc/opendkim/signing_table
+
+UMask                   002
+UserID                  opendkim:opendkim
+PidFile                 /var/run/opendkim/opendkim.pid
+Socket                  local:/var/run/opendkim/opendkim.sock
+
+Syslog                  yes
+SyslogSuccess           Yes
+LogWhy                  Yes
--- a/bundles/opendkim/files/signing_table
+++ b/bundles/opendkim/files/signing_table
@ -0,0 +1,3 @@
+% for domain in domains:
+*@${domain} mail._domainkey.${domain}
+% endfor
--- a/bundles/opendkim/items.py
+++ b/bundles/opendkim/items.py
@ -0,0 +1,75 @@
+file_attributes = {
+    'owner': 'opendkim',
+    'group': 'opendkim',
+    'mode': '700',
+    'triggers': [
+        'svc_systemd:opendkim:restart',
+    ],
+}
+
+groups['opendkim'] = {}
+users['opendkim'] = {}
+
+directories = {
+    '/etc/opendkim': {
+        **file_attributes,
+    },
+    '/etc/opendkim/keys': {
+        **file_attributes,
+    },
+}
+
+files = {
+    '/etc/opendkim.conf': {
+        **file_attributes,
+    },
+    '/etc/defaults/opendkim': {
+        # https://metadata.ftp-master.debian.org/changelogs//main/o/opendkim/testing_opendkim.NEWS
+        'delete': True,
+    },
+    '/etc/opendkim/key_table': {
+        'content_type': 'mako',
+        'context': {
+            'domains': node.metadata.get('opendkim/domains'),
+        },
+        **file_attributes,
+    },
+    '/etc/opendkim/signing_table': {
+        'content_type': 'mako',
+        'context': {
+            'domains': node.metadata.get('opendkim/domains'),
+        },
+        **file_attributes,
+    },
+}
+
+for domain in node.metadata.get('opendkim/domains'):
+    directories[f'/etc/opendkim/keys/{domain}'] = {
+        **file_attributes,
+    }
+    
+    actions[f'generate_{domain}_dkim_key'] = {
+        'command': (
+            'sudo --user opendkim'
+            ' opendkim-genkey'
+            f' --directory=/etc/opendkim/keys/{domain}'
+            f' --domain={domain}'
+        ),
+        'unless': f'test -f /etc/opendkim/keys/{domain}/default.private',
+        'needs': [
+            'svc_systemd:opendkim',
+            f'directory:/etc/opendkim/keys/{domain}',
+        ],
+        'triggers': [
+            'svc_systemd:opendkim:restart',
+        ],
+    }
+
+svc_systemd['opendkim'] = {
+    'needs': [
+        'pkg_apt:opendkim',
+        'file:/etc/opendkim.conf',
+        'file:/etc/opendkim/key_table',
+        'file:/etc/opendkim/signing_table',
+    ],
+}
--- a/bundles/opendkim/metadata.py
+++ b/bundles/opendkim/metadata.py
@ -0,0 +1,11 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'opendkim': {},
+            'opendkim-tools': {},
+        },
+    },
+    'opendkim': {
+        'domains': [],
+    },
+}
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -41,3 +41,9 @@ smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mu
 mua_client_restrictions = permit_sasl_authenticated, reject
 mua_sender_restrictions = permit_sasl_authenticated, reject
 mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
+
+# opendkim
+milter_protocol = 2
+milter_default_action = accept
+smtpd_milters = local:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
--- a/groups/applications/mailserver.py
+++ b/groups/applications/mailserver.py
@ -1,5 +1,6 @@
 {
    'bundles': [
+        'opendkim',
        'dovecot',
        'letsencrypt',
        'mailserver',
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -10,7 +10,19 @@
        'zfs',
    ],
    'metadata': {
-         'interfaces': {
+        'opendkim': {
+            'domains': [
+                "sublimity.de", 
+                "freibrief.net",
+                "nadenau.net",
+                "naeder.net",
+                "rolfwerner.eu",
+                "wettengl.net",
+                "wingl.de",
+                "woodpipe.de",
+            ],
+        },
+        'interfaces': {
            'eth0': {
                'ips': {
                    '162.55.188.157',