From: Christian Heller Date: Wed, 28 Nov 2018 00:34:16 +0000 (+0100) Subject: WIP. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/decks/%7B%7Bdb.prefix%7D%7D/%7B%7Bprefix%7D%7D/todos?a=commitdiff_plain;h=1b8bb66a16702bf3488ccddb27db8f2001c4b865;p=config WIP. --- diff --git a/all_new_2018/letsencrypt_local_set.sh b/all_new_2018/letsencrypt_local_set.sh index a7ec6e5..d4ca0d1 100755 --- a/all_new_2018/letsencrypt_local_set.sh +++ b/all_new_2018/letsencrypt_local_set.sh @@ -2,11 +2,12 @@ set -e # Ensure we have a mail address as argument. -if [ $# -lt 1 ]; then - echo "Need mail address as argument." +if [ $# -lt 2 ]; then + echo "Need target domain and mail address as argument." false fi -mail_address="$1" +domain="$1" +mail_address="$2" # If port 80 blocked by iptables, open it. set +e @@ -18,7 +19,7 @@ if [ "${open_iptables}" -eq "1" ]; then fi # Create new certificate and copy it to /etc/letsencrypt. -certbot certonly --standalone --agree-tos -m "${mail}" -d "$(hostname -f)" +certbot certonly --standalone --agree-tos -m "${mail_address}" -d "${domain}" # Remove iptables rule to open port 80 if we added it. if [ "${open_iptables}" -eq "1" ]; then diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf index dbb2b5d..39d3720 100644 --- a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf +++ b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf @@ -31,10 +31,10 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myorigin = /etc/mailname -myhostname = $myorigin +myhostname = REPLACE_myhostname_ECALPER alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases -mydestination = $myhostname, localhost.plomlompom.com, localhost +mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 diff --git a/all_new_2018/setup_mail.sh b/all_new_2018/setup_mail.sh index c6a0e63..d65f0a7 100755 --- a/all_new_2018/setup_mail.sh +++ b/all_new_2018/setup_mail.sh @@ -1,11 +1,14 @@ #/bin/sh set -e -dkim_selector=$1 -if [ ! -n "${dkim_selector}" ]; then - echo "Give DKIM selector argument." +if [ $# -lt 2 ]; then + echo "Give arguments of mail domain and DKIM selector." + echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." false fi +mail_domain="$1" +dkim_selector="$2" +domainwide="$3" # Set up DKIM key if necessary. mkdir -p /etc/dkimkeys/ @@ -28,8 +31,14 @@ fi # Link and adapt mail-server-specific /etc/ files. ./hardlink_etc.sh mail -sed -i "s/REPLACE_Domain_ECALPER/$(hostname -f)/g" /etc/opendkim.conf +sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf +sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf +if [ "${domainwide}" = "domainwide" ]; then + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf +else + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf +fi # Some useful debconf selections. echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections @@ -39,13 +48,13 @@ echo "ssl_key = > /etc/dovec # The second line should not be necessary due to the first line, but for # some reason the installation forgets to set up /etc/mailname early # enough to not (when running newaliases) stumble over its absence. -echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections -echo "$(hostname -f)" > /etc/mailname +echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections +echo "${mail_domain}" > /etc/mailname # Everything should now be ready for installations. apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd opendkim echo "TODO: Ensure MX entry for your system in your DNS configuration." -echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 a mx -all' mapped to your host." +echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." if [ "${add_dkim_record}" -eq "1" ]; then echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):" cat "${dkim_selector}.txt"