bundles/dovecot/files/sudors

@@ -0,0 +1 @@
+www-data ALL=(ALL) NOPASSWD: /usr/bin/doveadm pw -s ARGON2ID

bundles/letsencrypt/files/hook.sh

@@ -9,6 +9,8 @@ deploy_challenge() {
     update add $1.${zone}. 60 IN TXT \"$3\"
     send
   " | tee | nsupdate -y hmac-sha512:${acme_key_name}:${acme_key}
+  
+  sleep 10
 }
 
 clean_challenge() {

bundles/letsencrypt/metadata.py

@@ -1,3 +1,5 @@
+from ipaddress import ip_interface
+
 defaults = {
     'apt': {
         'packages': {

bundles/mailserver-autoconfig/README.md

@@ -1,3 +0,0 @@
-test autodiscover.php:
-
-`curl -X POST https://autoconfig.mail.example.com/Autodiscover/Autodiscover.xml -d '<EMailAddress>test@example.com</EMailAddress>'`

bundles/mailserver-autoconfig/files/autodiscover.php

@@ -1,83 +0,0 @@
-<?php
-
-// https://raw.githubusercontent.com/Radiergummi/autodiscover/master/autodiscover/autodiscover.php
-
-/********************************
- * Autodiscover responder
- ********************************
- * This PHP script is intended to respond to any request to http(s)://mydomain.com/autodiscover/autodiscover.xml.
- * If configured properly, it will send a spec-complient autodiscover XML response, pointing mail clients to the
- * appropriate mail services.
- * If you use MAPI or ActiveSync, stick with the Autodiscover service your mail server provides for you. But if 
- * you use POP/IMAP servers, this will provide autoconfiguration to Outlook, Apple Mail and mobile devices.
- *
- * To work properly, you'll need to set the service (sub)domains below in the settings section to the correct 
- * domain names, adjust ports and SSL.
- */
-
-//get raw POST data so we can extract the email address
-$request = file_get_contents("php://input");
-
-// optional debug log
-# file_put_contents( 'request.log', $request, FILE_APPEND );
-
-// retrieve email address from client request
-preg_match( "/\<EMailAddress\>(.*?)\<\/EMailAddress\>/", $request, $email );
-
-// check for invalid mail, to prevent XSS
-if (filter_var($email[1], FILTER_VALIDATE_EMAIL) === false) {
-	throw new Exception('Invalid E-Mail provided');
-}
-
-// get domain from email address
-$domain = substr( strrchr( $email[1], "@" ), 1 );
-
-/**************************************
- *   Port and server settings below   *
- **************************************/
-
-// IMAP settings
-$imapServer = 'imap.' . $domain; // imap.example.com
-$imapPort   = 993;
-$imapSSL    = true;
-
-// SMTP settings
-$smtpServer = 'smtp.' . $domain; // smtp.example.com
-$smtpPort   = 587;
-$smtpSSL    = true;
-
-//set Content-Type
-header( 'Content-Type: application/xml' );
-?>
-<?php echo '<?xml version="1.0" encoding="utf-8" ?>'; ?>
-<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
-	<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
-		<Account>
-			<AccountType>email</AccountType>
-			<Action>settings</Action>
-			<Protocol>
-			<Protocol>
-				<Type>IMAP</Type>
-				<Server><?php echo $imapServer; ?></Server>
-				<Port><?php echo $imapPort; ?></Port>
-				<DomainRequired>off</DomainRequired>
-				<LoginName><?php echo $email[1]; ?></LoginName>
-				<SPA>off</SPA>
-				<SSL><?php echo $imapSSL ? 'on' : 'off'; ?></SSL>
-				<AuthRequired>on</AuthRequired>
-			</Protocol>
-			<Protocol>
-				<Type>SMTP</Type>
-				<Server><?php echo $smtpServer; ?></Server>
-				<Port><?php echo $smtpPort; ?></Port>
-				<DomainRequired>off</DomainRequired>
-				<LoginName><?php echo $email[1]; ?></LoginName>
-				<SPA>off</SPA>
-				<SSL><?php echo $smtpSSL ? 'on' : 'off'; ?></SSL>
-				<AuthRequired>on</AuthRequired>
-				<UsePOPAuth>on</UsePOPAuth>
-				<SMTPLast>on</SMTPLast>
-			</Protocol>
-		</Account>
-	</Response>
-</Autodiscover>

bundles/mailserver-autoconfig/files/config-v1.1.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0"?>
-<clientConfig version="1.1">
-  <!-- Outgoing Server -->
-  <emailProvider id="${mailserver}">
-
-    <!-- Hosted Domains -->
-
-    <domain>${mailserver}</domain>
-    <displayName>${mailserver}</displayName>
-    <displayShortName>${mailserver}</displayShortName>
-
-    <!-- Incoming Mail Servers -->
-
-    <incomingServer type="imap">
-      <hostname>${mailserver}</hostname>
-      <port>993</port>
-      <socketType>SSL</socketType>
-      <authentication>password-cleartext</authentication>
-      <username>%EMAILADDRESS%</username>
-    </incomingServer>
-
-    <incomingServer type="imap">
-      <hostname>${mailserver}</hostname>
-      <port>143</port>
-      <socketType>STARTTLS</socketType>
-      <authentication>password-cleartext</authentication>
-      <username>%EMAILADDRESS%</username>
-    </incomingServer>
-
-    <!-- Outgoing Mail Servers -->
-
-    <outgoingServer type="smtp">
-      <hostname>${mailserver}</hostname>
-      <port>465</port>
-      <socketType>SSL</socketType>
-      <authentication>password-cleartext</authentication>
-      <username>%EMAILADDRESS%</username>
-    </outgoingServer>
-
-    <outgoingServer type="smtp">
-      <hostname>${mailserver}</hostname>
-      <port>587</port>
-      <socketType>STARTTLS</socketType>
-      <authentication>password-cleartext</authentication>
-      <username>%EMAILADDRESS%</username>
-    </outgoingServer>
-
-    <!-- Documentation -->
-
-    <documentation url="http://www.example.com/help/mail/thunderbird">
-      <descr lang="en">Configure Thunderbird 2.0 for IMAP</descr>
-      <descr lang="de">Thunderbird 2.0 mit IMAP konfigurieren</descr>
-    </documentation>
-
-  </emailProvider>
-  <clientConfigUpdate url="https://${autoconfig}/mail/config-v1.1.xml" />
-</clientConfig>

bundles/mailserver-autoconfig/items.py

@@ -1,16 +0,0 @@
-autoconfig_hostname = node.metadata.get('mailserver/autoconfig_hostname')
-
-files = {
-    f'/var/www/{autoconfig_hostname}/mail/config-v1.1.xml': {
-        'content_type': 'mako',
-        'context': {
-            'mailserver': node.metadata.get('mailserver/hostname'),
-            'autoconfig': autoconfig_hostname,
-        },
-        'owner': 'www-data',
-    },
-    f'/var/www/{autoconfig_hostname}/autodiscover/autodiscover.php': {
-        'content_type': 'mako',
-        'owner': 'www-data',
-    },
-}

bundles/mailserver-autoconfig/metadata.py

@@ -1,78 +0,0 @@
-defaults = {}
-
-
-@metadata_reactor.provides(
-    'mailserver/autoconfig_hostname',
-)
-def hostname(metadata):
-    return {
-        'mailserver': {
-            'autoconfig_hostname': f"autoconfig.{metadata.get('mailserver/hostname')}",
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'nginx/vhosts',
-)
-def nginx(metadata):
-    return {
-        'nginx': {
-            'vhosts': {
-                metadata.get('mailserver/autoconfig_hostname'): {
-                    'content': 'mailserver-autodiscover/vhost.conf',
-                    'context': {
-                        'root': f"/var/www/{metadata.get('mailserver/autoconfig_hostname')}",
-                    },
-                },
-            },
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'letsencrypt/domains',
-)
-def letsencrypt(metadata):
-    return {
-        'letsencrypt': {
-            'domains': {
-                metadata.get('mailserver/autoconfig_hostname'): {
-                    'aliases': {
-                        *{
-                            f'autoconfig.{domain}'
-                                for domain in metadata.get('mailserver/domains')
-                        },
-                        *{
-                            f'autodiscover.{domain}'
-                                for domain in metadata.get('mailserver/domains')
-                        },
-                    },
-                },
-            },
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'dns',
-)
-def autoconfig(metadata):
-    dns = {}
-    
-    for domain in metadata.get('mailserver/domains'):
-        dns.update({
-            f'autoconfig.{domain}': {
-                'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
-            },
-            f'_autodiscover._tcp.{domain}': {
-                'SRV': {f"10 10 443 {metadata.get('mailserver/autoconfig_hostname')}."},
-            },
-            f'autodiscover.{domain}': {
-                'CNAME': {f"{metadata.get('mailserver/autoconfig_hostname')}."},
-            },
-        })
-    
-    return {
-        'dns': dns,
-    }

bundles/postfix/files/master.cf

@@ -53,14 +53,3 @@ submission inet n       -       y       -       -       smtpd
    -o smtpd_recipient_restrictions=
    -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
-smtps     inet  n       -       y       -       -       smtpd
-  -o syslog_name=postfix/smtps
-  -o smtpd_tls_wrappermode=yes
-  -o smtpd_sasl_auth_enable=yes
-  -o smtpd_reject_unlisted_recipient=no
-  -o smtpd_client_restrictions=$mua_client_restrictions
-  -o smtpd_helo_restrictions=$mua_helo_restrictions
-  -o smtpd_sender_restrictions=$mua_sender_restrictions
-  -o smtpd_recipient_restrictions=
-  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-  -o milter_macro_daemon_name=ORIGINATING

data/dkim/wiegand.tel.privkey.enc

@@ -1 +0,0 @@
-encrypt$gAAAAABhlq_D2jvj7dxi_FGdRARCtVD03iEUWDY3dyX-wzZmc1MlyW4c2hOv-K1FzXzH3Ki9kdniBVtu3V8eewizG7p1eZAwO-hn4mD2WJOV30pHo2_ZLiS8UDCtxDTvAYhNILiCVefZVb_-8RWBpojIhI3MEB7GHbHWuTb6vNFMuS4pGGTMqXRH5HFQOsVxp6ID7vTKL_sRc3hM_wNncGd0Nh02BPMC9JzuGLuVJPBWEfzslPfkmTy_6qN-D-cppFkXcR7aLOWtfOQxPnZy5vZ_3vT5LDSG9B1xjVuFcUXsb8_f0K6gu3pkrjJOsi5_CuJhterC9mYXp0A3vo7AVRFAuZHL0Y7cSb_kmbWGmqCi2-wqHSjnl5jkdLjvT8qWoftdpYt0cIDNkiAOaU9JSf4J6GCK2Ph5ZYZAoSu7jjYrysqjuW3EzfrYFYNGrvWzP3ZLGggMb8aCmwOqDRmeOF859nO2O4_dUpeBSEwvihv8cO5WCgZKm2-niGf_UprmGWtqKOxZ-Oix0DQ4npaf2u65X1xXahXsxJH-UCkymrW7p7qzrLOCH0E0B90HhhL2U4IGMxUtYV0egX2vHg45b1YSnLRg3lQmCk6SUitcrNCWmwTRMilsY-RRcYOQFu3-Z9Pbz3QTLGGOTeFAhi1jqdhP3CObtKRbkhRc8FXABiErrNkAcWYM-SW3lqWAZbVhDewfD0m_uQuEJLDpHFNnqW_xCJiFpC-1RIXBwcGDCCoki0Gto8S1EdsIk-c7taq6F1cR__eXc6E3phIh9C7GignOUnlwlz1qvJ6zKZ5BXeUxI_MlSxZy18KTVjUhxrk4X-p8x4CSVrPR7yi5k9Pr31KdqjUSileb5byZIORkiyh6UCx40ODf98zLJVFF3NxiFRrAGRDFyKQ-bWX2JTGZ0M62CSkFdqM7rA6IenZ0WpVWY4jNu8u8ir-IMgLNP_iQzJGSSXsJn-hMI580fza_dJD8L-A05u0ZcAMcEXAQ7Vs9X3ilCcqQd-vZJIPlIc6lUch_evNBwreRSZ32I5GabVYWLbXKO1wJUi6fIzHmLY_vYNPpF15mDqcMbHcIxyDgua-zFGeK51PI9vHlbgfnDbHdqvXm8hGVI8R5fVFr_CTTqHBXAXkzYTtRd1YgNf4ibbdWyx6Bx0l_Zper21-FHnbjgDLKG9yeKz-5SLIL0F_uY_K4WdEn9UVlC5BP7OS2etk-pFXOgKdJry91jlZ-7NdEwki7mwYYndO_rNCMcjPvmQ1V050dh4kZNOYBHo18roFgojgiJSDYv3CSziXXHUAEiELXnfhssarF7OZ3blM9K6RNSz2vKx4blVifTYhA3zcyLa5vPJyn2zySLHU9u4-E_UDe9lYa7esCJhBhWi1PtqMC8nIJmU-DW3vcb_Jkc7MuKUBIcPLlSiJu5Y7lV469-rztRbj6BaNJQCtXgYii8dZgeA5GsUSc6ofwWKgmA7aCdL5xcQWYlQ7nho0HNapSjqe7uh3fwLxud2BExfJRd9T2HWScoZ77qbRuHn4zp5fdZQD26fbmMgMVpP7PjB1pBXOnmVIyJBXqN2KhemRYul9RL7YjeuydFgM-Ek8II0WdZf0S0dbzjRmLNHz8hoVwHV18V7yTXazx6vYTIzrhQlcY8Q91VyuYuA8EV-AbdM5WxFKCUr4NDSOrJzCXray0HjD2YY_MdqRbD3-IdQGqm5LM9yHq9YqVskGc1HU0eA_jt-Sst7YclyfZl01LvG_tvg-rz1eCAO8rzGt5M_x7FJZdxKrQW8L_fyONtPhgdzYg6aYToKZhsN8iR-mFbsfJ8097H3KVtfmXPijrdiJRCrhkp-0MGhS8WHUplbhlxXyxgzzaXkTdTWp4pEc4ei6YpZ_f6IVBKKRlFVlsua-0J9PbZVFAX2D_tUMFI5NlwLoKHUm7WNFBypRULdp6xiW8fDboZi6daZ8kCQRNbhqgZRxZQs1Wy5OH6yZxBJC1J6sY38n36Y6UP_xLYUnAlaHITu2dyIShvpRgZQCDYxeWv8oaJxodFiGpJaMOBukozz4sVL_-dBIQxK9_oGTyE-5wPo_5ad-fuhd2lnCYDtWhDhSNaKrk0yMRhFgRNAQzMFBKPibUvpLX5NGek8VcP5KRO3dbLB8Q3QacjWe2CI3Y16Ix1HqPCAZ1j79A-LmowoYq7qhTUHoVYJ4zf2Jd2zeuaMjdpZ4Bej0Be6dJNpZBsolXQl-QJPlw08ZUf1HbP-XhT0URcVQt9reAHU-G77rJVSo30OrrsDRjNxvh0LVnzrvaeFdtEl6rKh_Qtli6vNDBOCk1hNre6cKDgjCy-O-rOKdOwmBueXI5tEJMNaFLOoX29elGTHE=

data/dkim/wiegand.tel.pubkey

@@ -1 +0,0 @@
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvB69VOHK0vJ0yumq5TR9/29N0PQiZj4HQJ1hMdQGuwt3zozDR7vvgINJ5lJo8NXcZEJtbRbkIEJLJFvMiGfALNYU/Lcgpfc0bfCgWgwsvFe2P8JrcxSDf0M0eEV/k78agXVn75b5eWDCPPSm16XqjK8RlNz3LJo7ENkVAZshPg4mRm039ejAFmKKCirfzw3l4uZak9czSQxlLmOd503uiu0ljlguwHoNRX2FLSi77mdDYQl16BtHgu96fJL0ruiokfyuBi0Ves1LX2Fc4KQIzk1cgEt/dSZvQBkvYH/idR48rVgOT+lGyT30y2VbyFK0rCSft8tcC7HDoqYi2zJQQIDAQAB

data/mailserver-autodiscover/vhost.conf

@@ -1,16 +0,0 @@
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    server_name ${server_name};
-
-    ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
-    ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
-
-    root ${root};
-    
-    location ~ /(?:a|A)utodiscover/(?:a|A)utodiscover.xml {
-        try_files /autodiscover/autodiscover.php =404;
-        fastcgi_pass php-handler;
-        include fastcgi.conf;
-    }
-}

groups/applications/mailserver.py

@@ -4,7 +4,6 @@
         'dovecot',
         'letsencrypt',
         'mailserver',
-        'mailserver-autoconfig',
         'nginx',
         'php',
         'postfix',

nodes/netcup.mails.py

@@ -38,13 +38,13 @@
                 'freibrief.net',
                 'nadenau.net',
                 'naeder.net',
+                'rolfwerner.eu',
                 'wettengl.net',
                 'wingl.de',
                 'woodpipe.de',
                 'ckn.li',
                 'islamicstate.eu',
                 'hausamsilberberg.de',
-                'wiegand.tel',
             },
         },
         'dns': {
@@ -80,8 +80,10 @@
                 'freibrief.net',
                 'nadenau.net',
                 'naeder.net',
+                'rolfwerner.eu',
                 'wettengl.net',
-                'wiegand.tel',
+                'wingl.de',
+                'woodpipe.de',
             },
         },
         'rspamd': {