Compare commits

...

4 Commits

4 changed files with 99 additions and 255 deletions

View File

@ -13,6 +13,9 @@ classes:
# "apache enable_php"; # "apache enable_php";
vars: vars:
"default_php_handler" string => "application/x-httpd-php", unless => isvariable( $(this.promiser));
"admin_email" string => "[]",unless => isvariable( $(this.promiser) ) ; "admin_email" string => "[]",unless => isvariable( $(this.promiser) ) ;
@ -216,7 +219,7 @@ commands:
reports: reports:
} }
bundle agent install_apache bundle agent install_apache(raw)
{ {
methods: methods:
@ -338,7 +341,7 @@ vars:
"doc_root":"$(apache.www_dir)/$(site_param[domain])", "doc_root":"$(apache.www_dir)/$(site_param[domain])",
"doc_root_options":"Indexes FollowSymLinks", "doc_root_options":"Indexes FollowSymLinks",
"php":true, "php":true,
"php_handler":"application/x-httpd-php" "php_handler":"$(apache.default_php_handler)"
} }
'; ';

View File

@ -1,252 +1,20 @@
# #
# #
# aia_mailserver
# mandatory params:
#
# vimb_domain: domain where vimbadmin is accessable
# webmail_domain: domain where roundcube is
# smtp_domain: domain to use for smtp
# imap_domain: domain for imap
# rspamd_domain: domain for rspamd web interface
# vimb_server_email_address: email adress vimbadmin uses to send mails
# vimb_security_salt: security sallt to install vimbadmin installer
# backup_dir: a directory where backups are store, it has to exist
# vmail_dir: where to store mails for virtual domains
# dkim_selector: the dkim-selector used for all mails
# dkim_private_key_file: path to dkim key
# #
bundle agent install_mailserver(param_cfg)
{
vars:
"default_alias_maps" string => "hash:/etc/aliases";
freebsd::
"default_alias_maps" string => "hash:/etc/mail/aliases";
any::
"default_cfg" data => '{
"pam_auth":true,
"vimb_auth":true,
"imap":true,
"submission":true,
"smtp":true,
"pop3":false,
"sieve":false,
"ssl":false,
"opendkim":false,
"myhostname":"$(sys.host)",
"myorigin":"$myhostname",
"mydestination":"$myhostname, localhost",
"mail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"vmail_location" : "maildir:~/Maildir:LAYOUT=maildir++:INBOX=~/Maildir/.INBOX:CONTROL=~/Mail/control:INDEX=~/Mail/index",
"alias_maps":"$(default_alias_maps)"
}';
"cfg" data => mergedata(@(default_cfg),@(param_cfg));
"dovecot_protos" string => string_mustache (
'"lmtp"{{#cfg.imap}},"imap"{{/cfg.imap}}{{#cfg.pop3}},"pop3"{{/cfg.pop3}}{{#cfg.sieve}},"sieve"{{/cfg.sieve}}',
bundlestate("$(this.bundle)")
);
"imaps_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"993","0");
"pop3s_port" string => ifelse(strcmp("$(cfg[ssl])","true"),"995","0");
"dbs" string => string_mustache('
"userdbs":[
{{#fg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
},
{{/cfg.vimb_auth}}
{{#cfg.pam_auth}}
{
"driver":"passwd",
"args":""
},
{{/cfg.pam_auth}}
],
"passdbs":[
{{#cfg.vimb_auth}}
{
"driver":"sql",
"args":"$(dovecot_vimbadmin_sql.cfg_file)"
} ,
{{/cfg.vimb_auth}}
{{#cfg.pam_auth}}
{
"driver":"pam",
"args":"dovecot"
},
{{/cfg.pam_auth}}
],',
bundlestate("$(this.bundle)"));
"dovecot_cfg" data => '{
"protocols":[$(dovecot_protos)],
"ssl":$(cfg[ssl]),
$(dbs)
"services":{
"imap-login":{
"raw":"
inet_listener imap {
port = 143
}
inet_listener imaps {
port = $(imaps_port)
ssl = yes
}
"
}
,
"pop3-login":{
"raw":"
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = $(pop3s_port)
ssl = yes
}
"
}
,
"auth":{
"raw":"
unix_listener $(postfix.queue_dir)/private/auth {
user = postfix
group = postfix
mode = 0666
}
"
}
,
"lmtp":{
"raw":"
unix_listener $(postfix.queue_dir)/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
"
}
}
}';
"postfix_cfg" data => '{
"non_smtpd_milters":[
"unix:$(postfix.queue_dir)/private/opendkim"
]
,
"services" : [
{
"name":"submission"
"comment": "Submission service"
"enable":$(cfg[submission]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_sender_restrictions = permit_sasl_authenticated reject }",
],
}
,
{
"name":"smtp",
"comment": "SMTP service",
"enable":$(cfg[smtp]),
"type":"inet",
"private":"n",
"unpriv":"-",
"chroot":"n",
"wakeup":"-",
"maxproc":"-",
"command":"smtpd",
"args":[
"{ -o smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination }",
"{ -o smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination }"
"#{ -o smtpd_client_restrictions = permit_mynetworks }",
"#{ -o smtpd_sender_restrictions = }"
]
}
]
,
"main_raw":"
#debug_peer_level=4
#debug_peer_list= 5.9.7.163
myhostname=$(cfg[myhostname])
mydestination=$(cfg[mydestination])
alias_maps=$(cfg[alias_maps])
myorigin=$(cfg[myorigin])
local_recipient_maps = unix:passwd.byname $alias_maps
"
,
"master_raw":""
}
';
methods:
"any" usebundle => install_postfix_pkgs;
# "any" usebundle => install_dovecot_pkgs;
"any" usebundle => dovecot(@(dovecot_cfg));
"any" usebundle => postfix(@(postfix_cfg));
reports:
# "DCP: $(dovecot_protos)";
# "DBS: $(dbs)";
}
bundle agent aia_install_dbs
{
methods:
"any" usebundle => install_mysql_server(@(aia_mailserver.mysql_cfg)),
handle => "aia_mysql_installed";
"any" usebundle => create_mysql_db(@(aia_mailserver.vimb_db)),
depends_on => {"aia_mysql_installed"};
"any" usebundle => create_mysql_db(@(aia_mailserver.roundcube_cfg)),
depends_on => {"aia_mysql_installed"};
}
bundle agent aia_install_apache
{
methods:
"any" usebundle => apache;
"any" usebundle => install_apache,
depends_on => {"aia_php_installed"};
"any" usebundle => install_php_fpm,handle=>"aia_php_installed";
}
bundle agent aia_install_sites
{
vars:
"mail_site" data => '{
"domain":"$(aia_mailserver.cfg[imap_domain])",
"aliases":[
"$(aia_mailserver.cfg[smtp_domain])"
],
"email":"7u83@mail.ru",
"disable":false,
}';
methods:
"any" usebundle => apache_vhost(@(aia_mailserver.vimb_site));
"any" usebundle => apache_vhost(@(aia_mailserver.roundcube_site));
"any" usebundle => apache_vhost(@(aia_mailserver.rspamd_site));
"any" usebundle => certbot_cert(@(mail_site),"$(apache.web_root)");
}
bundle agent aia_mailserver(param_cfg) bundle agent aia_mailserver(param_cfg)
{ {
@ -285,6 +53,9 @@ vars:
"vmail_uid":"5000", "vmail_uid":"5000",
"vmail_gid":"5000", "vmail_gid":"5000",
"vmail_dir":"/var/vmail", "vmail_dir":"/var/vmail",
"vimb_src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz",
"php_handler":"$(apache.default_php_handler)"
}'; }';
"cfg" data => mergedata(@(default_cfg),@(param_cfg)); "cfg" data => mergedata(@(default_cfg),@(param_cfg));
@ -316,6 +87,7 @@ vars:
"email":"7u83@mail.ru", "email":"7u83@mail.ru",
"disable":false, "disable":false,
"doc_root":"$(apache.www_dir)/$(cfg[vimb_domain])/public", "doc_root":"$(apache.www_dir)/$(cfg[vimb_domain])/public",
"php_handler":"$(cfg[php_handler])",
"ssl":true, "ssl":true,
"raw":" "raw":"
Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
@ -323,7 +95,7 @@ Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
}'; }';
"vimb_cfg" data => '{ "vimb_cfg" data => '{
"src_tgz":"$(sys.workdir)/data/public/vimbadmin-3.4.1.tar.gz", "src_tgz":"$(cfg[vimb_src_tgz])",
"install_dir":"$(apache.www_dir)/$(cfg[vimb_domain])", "install_dir":"$(apache.www_dir)/$(cfg[vimb_domain])",
"restore_db_file":"$(cfg[backup_dir])/vimbdb.sql", "restore_db_file":"$(cfg[backup_dir])/vimbdb.sql",
@ -349,6 +121,7 @@ Alias /vimbadmin $(apache.www_dir)/$(cfg[vimb_domain])/public
"aliases":[ ], "aliases":[ ],
"email":"7u83@mail.ru", "email":"7u83@mail.ru",
"disable":false, "disable":false,
"php_handler":"$(cfg[php_handler])",
"doc_root":"$(apache.www_dir)/$(cfg[webmail_domain])/public", "doc_root":"$(apache.www_dir)/$(cfg[webmail_domain])/public",
"ssl":true, "ssl":true,
"raw":" "raw":"
@ -641,9 +414,12 @@ users:
policy => "present", policy => "present",
description => "Vmail user", description => "Vmail user",
uid => "$(cfg[vmail_uid])"; uid => "$(cfg[vmail_uid])";
reports:
methods: methods:
"any" usebundle => install_system_repos;
"any" usebundle => aia_install_dbs, "any" usebundle => aia_install_dbs,
handle => "aia_dbs_installed"; handle => "aia_dbs_installed";
@ -690,3 +466,52 @@ files:
} }
bundle agent aia_install_dbs
{
methods:
"any" usebundle => install_mysql_server(@(aia_mailserver.mysql_cfg)),
handle => "aia_mysql_installed";
"any" usebundle => create_mysql_db(@(aia_mailserver.vimb_db)),
depends_on => {"aia_mysql_installed"};
"any" usebundle => create_mysql_db(@(aia_mailserver.roundcube_cfg)),
depends_on => {"aia_mysql_installed"};
}
bundle agent aia_install_apache
{
methods:
"any" usebundle => apache;
"any" usebundle => install_apache,
depends_on => {"aia_php_installed"};
"any" usebundle => install_php_fpm,handle=>"aia_php_installed";
}
bundle agent aia_install_sites
{
vars:
"mail_site" data => '{
"domain":"$(aia_mailserver.cfg[imap_domain])",
"aliases":[
"$(aia_mailserver.cfg[smtp_domain])"
],
"email":"7u83@mail.ru",
"disable":false,
}';
methods:
"any" usebundle => apache_vhost(@(aia_mailserver.vimb_site));
"any" usebundle => apache_vhost(@(aia_mailserver.roundcube_site));
"any" usebundle => apache_vhost(@(aia_mailserver.rspamd_site));
"any" usebundle => certbot_cert(@(mail_site),"$(apache.web_root)");
}

View File

@ -51,7 +51,9 @@ vars:
methods: methods:
"any" usebundle => opendkim_systemd_overrides, "any" usebundle => opendkim_systemd_overrides,
handle => "opendkim_overrides_done"; handle => "opendkim_overrides_done";
"any" usebundle => wmde_install_packages(@(opendkim.pkgs),"opendkim"); "any" usebundle => install_system_repos, handle => "opendkim_system_repos_installed";
"any" usebundle => wmde_install_packages(@(opendkim.pkgs),"opendkim"),
depends_on => {"opendkim_system_repos_installed" };
"any" usebundle => wmde_service("$(service_name)","opendkim_kept","opendkim_repaired"), "any" usebundle => wmde_service("$(service_name)","opendkim_kept","opendkim_repaired"),
depends_on => { depends_on => {

View File

@ -69,14 +69,15 @@ files:
handle => "rspamd_password_created", handle => "rspamd_password_created",
classes => if_repaired("rspamd_password_repaired"); classes => if_repaired("rspamd_password_repaired");
rspamd_password_repaired:: methods:
"$(sys.workdir)/data/agent/rspamd/password-hash.txt" runpw::
content => execresult("$(rspamadm) pw -p $(cfg[password])","noshell"), "any" usebundle => rspamd_create_password_hash,
depends_on => {"rspamd_password_created"}, depends_on => {"rspamd_password_created"},
handle => "rspamd_password_hash_created"; handle => "rspamd_password_hash_created";
commands: commands:
!rspamd_password_repaired:: !runpw::
"/usr/bin/true" "/usr/bin/true"
depends_on => {"rspamd_password_created"}, depends_on => {"rspamd_password_created"},
handle => "rspamd_password_hash_created", handle => "rspamd_password_hash_created",
@ -109,6 +110,19 @@ reports:
} }
bundle agent rspamd_create_password_hash
{
classes:
"no_hash_file" expression => not(fileexists("$(sys.workdir)/data/agent/rspamd/password-hash.txt"));
files:
rspamd_password_repaired|no_hash_file::
"$(sys.workdir)/data/agent/rspamd/password-hash.txt"
content => execresult("$(rspamd.rspamadm) pw -p $(rspamd.cfg[password])","noshell"),
handle => "rspamd_password_hash_created";
}
bundle agent rspamd_install_yum_repo bundle agent rspamd_install_yum_repo
{ {
classes: classes: