From 33502f8dd811c4749603de0c08607208f1688514 Mon Sep 17 00:00:00 2001
From: Tobias Herre <tobias.herre@wikimedia.de>
Date: Tue, 31 Oct 2023 20:33:56 +0100
Subject: [PATCH 1/3] Sieve stuff integrated

---
 dovecot.cf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/dovecot.cf b/dovecot.cf
index 1d7dad6..d277505 100644
--- a/dovecot.cf
+++ b/dovecot.cf
@@ -23,6 +23,7 @@ vars:
 		"submission_key" string => "$(cfg_dir)/private/submission.key";
 		"submission_cert" string => "$(cfg_dir)/private/submission.crt";
 
+		"sievec_exe" string => "/usr/bin/sievec";
 
 
 		"service_name" string => "dovecot";
@@ -50,6 +51,7 @@ vars:
 		"submission_key" string => "$(cfg_dir)/private/submission.key";
 		"submission_cert" string => "$(cfg_dir)/private/submission.crt";
 		"service_name" string => "dovecot";
+		"sievec_exe" string => "/usr/bin/sievec";
 
 	use_ssl::
 		"service_deps" slist => {
@@ -158,3 +160,28 @@ bundle agent install_dovecot_pkgs
 methods:
 	"any" usebundle => wmde_install_packages(@(dovecot.pkgs),"dovecot");
 }
+
+
+bundle agent install_global_sieve_script( filename , content)
+{
+vars:
+	"rep_class" string =>"global_sieve_repaired_$(filename)";
+files:
+	"$(filename)"
+	create => "true",
+	content => "$(content)",
+	perms => m("644"),
+	handle => "global_sieve_$(filename)_created",
+	classes => if_repaired (sieve_repaired);
+
+commands:
+#	sieve_repaired::
+#		"$(dovecot.sievec_exe)"
+#		args => "$(filename)",
+#		depends_on => { "global_sieve_$(filename)_created" };
+reports:
+	"FILENAME: $(filename)";
+
+}
+
+

From d80dc7360731a9a67534f186278e2125fbeb7d16 Mon Sep 17 00:00:00 2001
From: Tobias Herre <tobias.herre@wikimedia.de>
Date: Tue, 31 Oct 2023 20:42:18 +0100
Subject: [PATCH 2/3] Initial commit

---
 mailserver.cf | 190 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 190 insertions(+)
 create mode 100644 mailserver.cf

diff --git a/mailserver.cf b/mailserver.cf
new file mode 100644
index 0000000..1515224
--- /dev/null
+++ b/mailserver.cf
@@ -0,0 +1,190 @@
+#
+#
+#
+
+
+bundle agent install_mailserver(param_cfg)
+{
+vars:
+	"default_cfg" data => '{
+		"pam_auth":true,
+		"vimb_auth":false,
+		"imap":true,
+		"submission":true,
+		"smtp":true,
+		"pop3":false,
+		"sieve":false,
+		"ssl":false,
+		"opendkim":false,
+		"myhostname":"$(sys.host)",
+		"myorigin":"$myhostname",
+		"mydestination":"$myhostname, localhost",
+		"mail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
+		"vmail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
+
+
+	}';
+
+	"cfg" data => mergedata(@(default_cfg),@(param_cfg));	
+
+	"dovecot_protos" string => string_mustache (
+		'"lmtp"{{#cfg.imap}},"imap"{{/cfg.imap}}{{#cfg.pop3}},"pop3"{{/cfg.pop3}}{{#cfg.sieve}},"sieve"{{/cfg.sieve}}',
+		bundlestate("$(this.bundle)")
+	);
+	
+	"imaps_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"993","0");
+	"pop3s_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"995","0");
+
+	"dbs" string => string_mustache('
+		"userdbs":[
+			{{#cfg.pam_auth}}
+			{
+				"driver":"passwd",
+				"args":""
+			},
+			{{/cfg.pam_auth}}
+			{{#fg.vimb_auth}}
+			{
+				"driver":"sql",
+				"args":"$(dovecot_vimbadmin_sql.cfg_file)"
+			},
+			{{/cfg.vimb_auth}}
+		],
+		"passdbs":[
+			{{#cfg.pam_auth}}
+			{
+				"driver":"pam",
+				"args":"dovecot"
+			}, 
+			{{/cfg.pam_auth}}
+			{{#cfg.vimb_auth}}
+			{
+				"driver":"sql",
+				"args":"$(dovecot_vimbadmin_sql.cfg_file)"
+			} ,
+			{{/cfg.vimb_auth}}
+		],',
+	bundlestate("$(this.bundle)"));
+	
+
+	
+	"dovecot_cfg" data => '{
+		"protocols":[$(dovecot_protos)],
+		"ssl":$(cfg[ssl]),
+		$(dbs)
+		"services":{
+			"imap-login":{
+				"raw":"
+				inet_listener imap {
+					port = 143
+				}
+				inet_listener imaps {
+					port = $(imaps_port)
+					ssl = yes
+				}
+			"
+			}
+			,
+			"pop3-login":{
+				"raw":"
+				inet_listener pop3 {
+					port = 110
+				}
+				inet_listener pop3s {
+					port = $(pop3s_port)
+					ssl = yes
+				}
+			"
+			}
+			,
+			"auth":{
+				"raw":"
+  				unix_listener $(postfix.queue_dir)/private/auth {
+						user = postfix
+						group = postfix
+						mode = 0666
+				}
+				"
+			}
+			,
+			"lmtp":{
+				"raw":"
+				unix_listener $(postfix.queue_dir)/private/dovecot-lmtp {
+   					group = postfix
+					mode = 0600
+					user = postfix
+				}
+				"
+			}
+
+		}
+	}';
+
+
+	"postfix_cfg" data => '{
+		"non_smtpd_milters":[
+			"unix:$(postfix.queue_dir)/private/opendkim"
+		]
+		,
+		"services" : [
+			{
+				"name":"submission" 
+				"comment": "Submission service"
+				"enable":$(cfg[submission]),
+				"type":"inet",
+				"private":"n",
+				"unpriv":"-",
+				"chroot":"n",
+				"wakeup":"-",
+				"maxproc":"-",
+				"command":"smtpd",
+				"args":[
+					"{ -o smtpd_sender_restrictions = permit_sasl_authenticated reject }",
+				],
+			}
+			,
+			{
+				"name":"smtp",
+				"comment": "SMTP service",
+				"enable":$(cfg[smtp]),
+				"type":"inet",
+				"private":"n",
+				"unpriv":"-",
+				"chroot":"n",
+				"wakeup":"-",
+				"maxproc":"-",
+				"command":"smtpd",
+				"args":[
+					"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination }"
+					"{ -o smtpd_client_restrictions = permit_mynetworks reject }",
+					"{ -o smtpd_relay_restrictions = permit_mynetworks reject }",
+					"{ -o smtpd_sender_restrictions = permit_mynetworks }"	
+				]
+			}
+
+		]
+		,
+		"main_raw":"
+myhostname=$(cfg[myhostname])
+mydestination=$(cfg[mydestination])
+myorigin=$(cfg[myorigin])
+"
+		,
+		"master_raw":""
+
+	}
+	';
+
+
+
+
+methods:
+	"any" usebundle => install_postfix_pkgs;
+	"any" usebundle => install_dovecot_pkgs;	
+
+	"any" usebundle => dovecot(@(dovecot_cfg));
+	"any" usebundle => postfix(@(postfix_cfg));
+reports:
+	"DCP: $(dovecot_protos)";
+	"DBS: $(dbs)";
+}

From 026f626dbe3f91e59e8cd5e02342f6a4c2078300 Mon Sep 17 00:00:00 2001
From: Tobias Herre <tobias.herre@wikimedia.de>
Date: Wed, 1 Nov 2023 00:31:26 +0100
Subject: [PATCH 3/3] Initial commit

---
 scripts/get-domains-from-cert.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 scripts/get-domains-from-cert.sh

diff --git a/scripts/get-domains-from-cert.sh b/scripts/get-domains-from-cert.sh
new file mode 100644
index 0000000..04b47af
--- /dev/null
+++ b/scripts/get-domains-from-cert.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#!/bin/sh
+  
+# Check for the presence of the certificate file
+if [ ! -f "$1" ]; then
+    exit 0
+fi
+
+# Extract subjectAltName from the certificate
+openssl x509 -in "$1" -text -noout | grep -E -o "DNS:[^,]*" | sed 's/DNS://g' | tr -d ' ' | tr ',' ' ' | sort | tr '\n' ' '
+