cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-16 18:19:52 +02:00
parent d2f048b389
commit dfd2c0b992
12 changed files with 132 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bundles/dovecot/files/dovecot.conf
View file

@ -12,18 +12,19 @@ namespace inbox {
inbox = yes inbox = yes
separator = . separator = .
mailbox Drafts { mailbox Drafts {
auto = subscribe
special_use = \Drafts special_use = \Drafts
} }
mailbox Junk { mailbox Junk {
auto = create
special_use = \Junk special_use = \Junk
} }
mailbox Trash { mailbox Trash {
auto = subscribe
special_use = \Trash special_use = \Trash
} }
mailbox Sent { mailbox Sent {
special_use = \Sent auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent special_use = \Sent
} }
} }

2
bundles/dovecot/items.py
View file

@ -17,7 +17,7 @@ users['vmail'] = {
'home': '/var/vmail', 'home': '/var/vmail',
'needs': [ 'needs': [
'group:vmail', 'group:vmail',
] ],
} }
files = { files = {

2
bundles/dovecot/metadata.py
View file

@ -1,5 +1,3 @@
from bundlewrap.metadata import atomic
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {

1
bundles/mailserver/items.py
View file

@ -1,4 +1,5 @@
assert node.has_bundle('postfix') assert node.has_bundle('postfix')
assert node.has_bundle('opendkim')
assert node.has_bundle('dovecot') assert node.has_bundle('dovecot')
assert node.has_bundle('letsencrypt') assert node.has_bundle('letsencrypt')
assert node.has_bundle('roundcube') assert node.has_bundle('roundcube')

3
bundles/opendkim/files/key_table Normal file
View file

@ -0,0 +1,3 @@
% for domain in domains:
mail._domainkey.${domain} ${domain}:mail:/etc/opendkim/keys/${domain}/mail.private
% endfor

14
bundles/opendkim/files/opendkim.conf Normal file
View file

@ -0,0 +1,14 @@
Mode sv
SignatureAlgorithm rsa-sha256
Canonicalization relaxed/simple
KeyTable refile:/etc/opendkim/key_table
SigningTable refile:/etc/opendkim/signing_table
UMask 002
UserID opendkim:opendkim
PidFile /var/run/opendkim/opendkim.pid
Socket local:/var/run/opendkim/opendkim.sock
Syslog yes
SyslogSuccess Yes
LogWhy Yes

3
bundles/opendkim/files/signing_table Normal file
View file

@ -0,0 +1,3 @@
% for domain in domains:
*@${domain} mail._domainkey.${domain}
% endfor

75
bundles/opendkim/items.py Normal file
View file

@ -0,0 +1,75 @@
file_attributes = {
'owner': 'opendkim',
'group': 'opendkim',
'mode': '700',
'triggers': [
'svc_systemd:opendkim:restart',
],
}
groups['opendkim'] = {}
users['opendkim'] = {}
directories = {
'/etc/opendkim': {
**file_attributes,
},
'/etc/opendkim/keys': {
**file_attributes,
},
}
files = {
'/etc/opendkim.conf': {
**file_attributes,
},
'/etc/defaults/opendkim': {
# https://metadata.ftp-master.debian.org/changelogs//main/o/opendkim/testing_opendkim.NEWS
'delete': True,
},
'/etc/opendkim/key_table': {
'content_type': 'mako',
'context': {
'domains': node.metadata.get('opendkim/domains'),
},
**file_attributes,
},
'/etc/opendkim/signing_table': {
'content_type': 'mako',
'context': {
'domains': node.metadata.get('opendkim/domains'),
},
**file_attributes,
},
}
for domain in node.metadata.get('opendkim/domains'):
directories[f'/etc/opendkim/keys/{domain}'] = {
**file_attributes,
}
actions[f'generate_{domain}_dkim_key'] = {
'command': (
'sudo --user opendkim'
' opendkim-genkey'
f' --directory=/etc/opendkim/keys/{domain}'
f' --domain={domain}'
),
'unless': f'test -f /etc/opendkim/keys/{domain}/default.private',
'needs': [
'svc_systemd:opendkim',
f'directory:/etc/opendkim/keys/{domain}',
],
'triggers': [
'svc_systemd:opendkim:restart',
],
}
svc_systemd['opendkim'] = {
'needs': [
'pkg_apt:opendkim',
'file:/etc/opendkim.conf',
'file:/etc/opendkim/key_table',
'file:/etc/opendkim/signing_table',
],
}

11
bundles/opendkim/metadata.py Normal file
View file

@ -0,0 +1,11 @@
defaults = {
'apt': {
'packages': {
'opendkim': {},
'opendkim-tools': {},
},
},
'opendkim': {
'domains': [],
},
}

6
bundles/postfix/files/main.cf
View file

@ -41,3 +41,9 @@ smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mu
mua_client_restrictions = permit_sasl_authenticated, reject mua_client_restrictions = permit_sasl_authenticated, reject
mua_sender_restrictions = permit_sasl_authenticated, reject mua_sender_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
# opendkim
milter_protocol = 2
milter_default_action = accept
smtpd_milters = local:/var/run/opendkim/opendkim.sock
non_smtpd_milters = local:/var/run/opendkim/opendkim.sock

1
groups/applications/mailserver.py
View file

@ -1,5 +1,6 @@
{ {
'bundles': [ 'bundles': [
'opendkim',
'dovecot', 'dovecot',
'letsencrypt', 'letsencrypt',
'mailserver', 'mailserver',

14
nodes/htz.mails.py
View file

@ -10,7 +10,19 @@
'zfs', 'zfs',
], ],
'metadata': { 'metadata': {
'interfaces': { 'opendkim': {
'domains': [
"sublimity.de",
"freibrief.net",
"nadenau.net",
"naeder.net",
"rolfwerner.eu",
"wettengl.net",
"wingl.de",
"woodpipe.de",
],
},
'interfaces': {
'eth0': { 'eth0': {
'ips': { 'ips': {
'162.55.188.157', '162.55.188.157',