aia_mailserver for all in a machine

This commit is contained in:
Tube 2023-11-06 09:21:06 +01:00
parent 577366e195
commit 215c81f3ee
1 changed files with 508 additions and 6 deletions

View File

@ -6,9 +6,15 @@
bundle agent install_mailserver(param_cfg)
{
vars:
"default_alias_maps" string => "hash:/etc/aliases";
freebsd::
"default_alias_maps" string => "hash:/etc/mail/aliases";
any::
"default_cfg" data => '{
"pam_auth":true,
"vimb_auth":false,
"vimb_auth":true,
"imap":true,
"submission":true,
"smtp":true,
@ -21,7 +27,7 @@ vars:
"mydestination":"$myhostname, localhost",
"mail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"vmail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"alias_maps":"$(default_alias_maps)"
}';
@ -155,19 +161,24 @@ vars:
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination }",
"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination }"
"{ -o smtpd_client_restrictions = permit_mynetworks reject }",
"{ -o smtpd_relay_restrictions = permit_mynetworks reject }",
"{ -o smtpd_sender_restrictions = permit_mynetworks }"
"#{ -o smtpd_client_restrictions = permit_mynetworks }",
"#{ -o smtpd_sender_restrictions = }"
]
}
]
,
"main_raw":"
#debug_peer_level=4
#debug_peer_list= 5.9.7.163
myhostname=$(cfg[myhostname])
mydestination=$(cfg[mydestination])
alias_maps=$(cfg[alias_maps])
myorigin=$(cfg[myorigin])
local_recipient_maps = unix:passwd.byname $alias_maps
"
,
"master_raw":""
@ -180,7 +191,7 @@ myorigin=$(cfg[myorigin])
methods:
"any" usebundle => install_postfix_pkgs;
"any" usebundle => install_dovecot_pkgs;
# "any" usebundle => install_dovecot_pkgs;
"any" usebundle => dovecot(@(dovecot_cfg));
"any" usebundle => postfix(@(postfix_cfg));
@ -188,3 +199,494 @@ reports:
# "DCP: $(dovecot_protos)";
# "DBS: $(dbs)";
}
bundle agent aia_install_dbs
{
methods:
"any" usebundle => install_mysql_server(@(aia_mailserver.mysql_cfg)),
handle => "aia_mysql_installed";
"any" usebundle => create_mysql_db(@(aia_mailserver.vimb_db)),
depends_on => {"aia_mysql_installed"};
"any" usebundle => create_mysql_db(@(aia_mailserver.roundcube_cfg)),
depends_on => {"aia_mysql_installed"};
}
bundle agent aia_install_apache
{
methods:
"any" usebundle => apache;
"any" usebundle => install_apache,
depends_on => {"aia_php_installed"};
"any" usebundle => install_php_fpm,handle=>"aia_php_installed";
}
bundle agent aia_install_sites
{
vars:
"mail_site" data => '{
"domain":"$(aia_mailserver.cfg[imap_domain])",
"aliases":[
"$(aia_mailserver.cfg[smtp_domain])"
],
"email":"7u83@mail.ru",
"disable":false,
}';
methods:
"any" usebundle => apache_vhost(@(aia_mailserver.vimb_site));
"any" usebundle => apache_vhost(@(aia_mailserver.roundcube_site));
"any" usebundle => apache_vhost(@(aia_mailserver.rspamd_site));
"any" usebundle => certbot_cert(@(mail_site),"$(apache.web_root)");
}
bundle agent aia_mailserver(param_cfg)
{
vars:
any::
"default_cfg" data => '{
"pam_auth":true,
"vimb_auth":true,
"imap":true,
"submission":true,
"smtp":true,
"pop3":false,
"sieve":false,
"ssl":false,
"opendkim":false,
"myhostname":"$(sys.host)",
"myorigin":"$myhostname",
"mydestination":"$myhostname, localhost",
"mail_location" : "mbox:~/mail:LAYOUT=maildir++:INBOX=/var/mail/%u:INDEX=~/mail/index:CONTROL=~/mail/control"
"vmail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"alias_maps":"$(postfix.default_alias_maps)",
"db_host":"127.0.0.1",
"vimb_db_pass":"vimbdb-secret",
"vimb_server_email_name":"Vimbadmin $(param_cfg[vimb_domain])",
"roundcube_db_pass":"roundcube-secret",
"roundcube_version":"1.6.4",
"vimb_rememberme_salt":"Xa])o3GwVe-$8>-vz}y<uR/@Nr*tMwA!^O,D~Npj/JBq8:kM=mLLF(UlFhPntV.(",
"vimb_password_salt":"1M;C&Mn{4}){:f=VH*99S%dp)lnKdaQ8#;g>~+&D\C!2Ni+_AeocxD^ZhGQz-H/8",
"rspamd_bind_socket":"127.0.0.1:11332",
"vmail_user":"vmail",
"vmail_uid":"5000",
"vmail_gid":"5000",
"vmail_dir":"/var/vmail",
}';
"cfg" data => mergedata(@(default_cfg),@(param_cfg));
"mysql_cfg" data => '{
"settings":{
"mysqld":{
"bind-address":"$(cfg[db_host])",
"lower_case_table_names":"1",
"default-authentication-plugin":"mysql_native_password"
}
},
"bind_address":"$(cfg[db_host])",
"backup_dir":"/tank/backups/mysql_backups"
}';
"vimb_db" data => '{
"db_name":"vimbadmin",
"db_user":"vimbadmin",
"db_host":"$(cfg[db_host])",
"db_pass":"$(cfg[vimb_db_pass])",
"db_user_host":"%"
}';
"vimb_site" data => '{
"domain":"$(cfg[vimb_domain])",
"aliases":[ ],
"email":"7u83@mail.ru",
"disable":false,
"doc_root":"$(apache.www_dir)/$(cfg[vimb_domain])/public",
"ssl":true,
"raw":"
Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
"
}';
"vimb_cfg" data => '{
"src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz",
"install_dir":"$(apache.www_dir)/$(cfg[vimb_domain])",
"restore_db_file":"$(cfg[backup_dir])/vimbdb.sql",
"db_driver":"pdo_mysql",
"db_user":"$(vimb_db[db_user])",
"db_pass":"$(vimb_db[db_pass])",
"db_host":"$(vimb_db[db_host])",
"db_name":"$(vimb_db[db_name])",
"server_email_name":"$(cfg[vimb_server_email_name])",
"server_email_address":"$(cfg[vimb_server_email_address])",
"security_salt":"$(cfg[vimb_security_salt])",
"rememberme_salt":"$(cfg[vimb_rememberme_salt])",
"password_salt":"$(cfg[vimb_password_salt])",
}';
"roundcube_site" data => '{
"domain":"$(cfg[webmail_domain])",
"aliases":[ ],
"email":"7u83@mail.ru",
"disable":false,
"doc_root":"$(apache.www_dir)/$(cfg[webmail_domain])/public",
"ssl":true,
"raw":"
"
}';
"roundcube_cfg" data =>'{
"db_host":"$(cfg[db_host])",
"db_user":"roundcube",
"db_pass":"$(cfg[roundcube_db_pass])",
"db_user_host":"%",
"db_name":"roundcube",
"www_user":"$(apache.www_user)",
"www_group":"$(apache.www_group)",
"install_dir":"$(apache.www_dir)/$(cfg[webmail_domain])",
"version":"$(cfg[roundcube_version])",
"backup_dir":"$(cfg[backup_dir])/roundcube",
"settings":{
"imap_host":"\'tls://$(cfg[imap_domain]):143\'",
"smtp_host":"\'tls://$(cfg[smtp_domain]):587\'"
}
}';
"rspamd_site" data => '{
"domain" : "$(cfg[rspamd_domain])",
"aliases" : [ ],
"email": "7u83@mail.ru",
"disable": false,
"ssl": true,
"doc_root":"$(apache.www_dir)/$(cfg[rspamd_domain])",
"php_handler":"proxy:unix:$(php.fpm_socket)|fcgi://localhost/",
"raw": "
<Location / >
ProxyPass http://localhost:11334/
ProxyPassReverse http://localhost:11334/
</Location>
"
}';
"rspamd_cfg" data => '{
"worker_normal":"
#bind_socket = \\"localhost:12222\\"
"
,
"worker_proxy":"
upstream \\"local\\" {
self_scan = yes
}
bind_socket = \\"$(cfg[rspamd_bind_socket])\\"
",
"password":"hallorspamd",
"enable-password":"hallorspamd-enable"
}';
"opendkim_cfg" data => '{
"mynetworks":[
"127.0.0.1",
],
"keyfile":"$(cfg[dkim_private_key_file])",
"selector":"$(cfg[dkim_selector])",
"uid":"$(postfix.user)",
"gid":"$(postfix.group)",
"milter_sock":"$(postfix.queue_dir)/private/opendkim"
}';
"dbs" string => string_mustache('
"userdbs":[
{{#cfg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
},
{{/cfg.vimb_auth}}
{{#cfg.pam_auth}}
{
"driver":"passwd",
"args":""
},
{{/cfg.pam_auth}}
],
"passdbs":[
{{#cfg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
} ,
{{/cfg.vimb_auth}}
{{#cfg.pam_auth}}
{
"driver":"pam",
"args":"dovecot"
},
{{/cfg.pam_auth}}
],',
bundlestate("$(this.bundle)"));
"dovecot_cfg" data => '{
"protocols":["imap","sieve","lmtp"],
"ssl":true,
"imap_cert":"$(certbot.certbot_dir)/live/$(cfg[imap_domain])/fullchain.pem",
"imap_key":"$(certbot.certbot_dir)/live/$(cfg[imap_domain])/privkey.pem",
"submission_cert":"$(certbot.certbot_dir)/live/$(cfg[imap_domain])/fullchain.pem",
"submission_key":"$(certbot.certbot_dir)/live/$(cfg[imap_domain])/privkey.pem",
"rspamd_scripts":true,
"global_sieve_after":true,
"default_imap_folders":true,
"vmail_dir":"$(cfg[vmail_dir])",
"vmail_uid":"$(cfg[vmail_uid])",
"vmail_gid":"$(cfg[vmail_gid])",
"raw":"
mail_location = $(cfg[mail_location])
mail_privileged_group=mail
log_path = /var/log/dovecot.log
mail_debug=yes
auth_debug=yes
protocol sieve {
managesieve_max_line_length = 65536
}
",
$(dbs)
"services":{
"imap-login":{
"raw":"
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
"
}
,
"pop3-login":{
"raw":"
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
"
}
,
"auth":{
"raw":"
unix_listener $(postfix.queue_dir)/private/auth {
user = postfix
group = postfix
mode = 0666
}
"
}
,
"lmtp":{
"raw":"
unix_listener $(postfix.queue_dir)/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
"
}
}
}';
"postfix_cfg" data => '{
"non_smtpd_milters":[
"unix:$ (postfix.queue_dir)/private/opendkim"
]
,
"services" : [
{
"name":"submission"
"comment": "Submission service"
"enable":$(cfg[submission]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_sender_restrictions = permit_sasl_authenticated reject }",
"{ -o smtpd_recipient_restrictions = reject_unknown_recipient_domain permit_sasl_authenticated reject }",
"{ -o smtpd_client_restrictions = permit_sasl_authenticated reject }",
"{ -o smtpd_helo_restrictions = permit_sasl_authenticated reject }",
"{ -o smtpd_relay_restrictions = permit_sasl_authenticated reject }",
"{ -o smtpd_sasl_auth_enable = yes }",
"{ -o smtpd_sasl_type = dovecot }",
"{ -o smtpd_sasl_path = $(postfix.queue_dir)/private/auth }",
"{ -o smtpd_tls_security_level = encrypt }",
"{ -o smtpd_tls_key_file = $(certbot.certbot_dir)/live/$(cfg[imap_domain])/privkey.pem }",
"{ -o smtpd_tls_cert_file = $(certbot.certbot_dir)/live/$(cfg[imap_domain])/fullchain.pem }",
"{ -o smtpd_tls_loglevel = 1 }",
"{ -o smtpd_tls_received_header = yes }",
"{ -o smtpd_tls_session_cache_timeout = 3600s }",
"{ -o smtpd_tls_mandatory_ciphers = high}",
"{ -o tls_ssl_options = 0x40000000}",
"{ -o tls_preempt_cipherlist = yes}",
"{ -o smtpd_tls_eecdh_grade = ultra}",
"{ -o smtpd_tls_auth_only = yes }",
"{ -o smtp_tls_note_starttls_offer = yes }",
"{ -o smtpd_milters = unix:/var/spool/postfix/private/opendkim }",
],
}
,
{
"name":"smtp",
"comment": "SMTP service",
"enable":$(cfg[smtp]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination }",
"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination }"
"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unlisted_recipient reject_unauth_destination reject_unknown_recipient_domain reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client zen.spamhaus.org }",
"{ -o smtpd_client_restrictions = permit_mynetworks reject_unknown_reverse_client_hostname reject_unauth_pipelining }",
"{ -o smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname reject_unknown_hostname reject_non_fqdn_hostname }",
"{ -o smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination }",
"{ -o smtpd_milters = inet:$(cfg[rspamd_bind_socket]) }",
"{ -o smtpd_use_tls = yes }",
"{ -o smtpd_tls_mandatory_ciphers = high }",
"{ -o tls_preempt_cipherlist = yes }",
"{ -o smtpd_tls_eecdh_grade = ultra }",
"{ -o smtpd_tls_security_level = may }",
"{ -o smtp_tls_note_starttls_offer = yes }",
"{ -o smtpd_sasl_auth_enable = no }",
"{ -o smtpd_tls_loglevel = 1 }",
"{ -o smtpd_tls_received_header = yes }",
"{ -o smtpd_tls_session_cache_timeout = 3600s }",
"{ -o smtpd_tls_key_file = $(certbot.certbot_dir)/live/$(cfg[imap_domain])/privkey.pem }",
"{ -o smtpd_tls_cert_file = $(certbot.certbot_dir)/live/$(cfg[imap_domain])/fullchain.pem }",
],
}
]
,
"main_raw":"
#debug_peer_level=4
#debug_peer_list= 5.9.7.163
#compatibility_level = 3.8
myhostname=$(cfg[myhostname])
mydestination=$(cfg[mydestination])
alias_maps=$(cfg[alias_maps])
myorigin=$(cfg[myorigin])
local_recipient_maps = unix:passwd.byname $alias_maps
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_alias_maps = mysql:$(postfix_vimbadmin_sql.virtual_alias_maps)
virtual_mailbox_domains = mysql:$(postfix_vimbadmin_sql.virtual_domains_maps)
virtual_mailbox_maps = mysql:$(postfix_vimbadmin_sql.virtual_mailbox_maps)
"
,
"master_raw":""
}
';
reports:
users:
"$(cfg[vmail_user])"
policy => "present",
description => "Vmail user",
uid => "$(cfg[vmail_uid])";
methods:
"any" usebundle => aia_install_dbs,
handle => "aia_dbs_installed";
"any" usebundle => aia_install_apache,
handle=> "aia_apache_installed";
"any" usebundle => aia_install_sites,
handle => "aia_sites_installed",
depends_on => {"aia_apache_installed"};
"any" usebundle => vimbadmin(@(vimb_cfg)),
depends_on => {"aia_sites_installed"};
"any" usebundle => roundcube(@(roundcube_cfg)),
handle => "aia_roundcube_installed",
depends_on => {
"aia_sites_installed",
"aia_roundcube_backup_dir_created"
};
"any" usebundle => configure_roundcube(@(roundcube_cfg)),
depends_on => {"aia_roundcube_installed"};
"any" usebundle => install_postfix_pkgs;
"any" usebundle => install_dovecot_pkgs;
"any" usebundle => install_redis;
"any" usebundle => install_rspamd_pkgs;
"any" usebundle => dovecot(@(dovecot_cfg));
"any" usebundle => postfix(@(postfix_cfg));
"any" usebundle => rspamd(@(rspamd_cfg));
"any" usebundle => dovecot_vimbadmin_sql(@(vimb_cfg),@(dovecot_cfg));
"any" usebundle => postfix_vimbadmin_sql(@(vimb_db));
"any" usebundle => opendkim(@(opendkim_cfg));
files:
"$(roundcube_cfg[backup_dir])/."
create=>"true",
handle => "aia_roundcube_backup_dir_created";
}