Commit
+14 -735 +/-24 browse
1 | diff --git a/containers/ayllu/Containerfile b/containers/ayllu/Containerfile |
2 | index a7a3af0..974db05 100644 |
3 | --- a/containers/ayllu/Containerfile |
4 | +++ b/containers/ayllu/Containerfile |
5 | @@ -32,7 +32,7 @@ RUN --mount=type=cache,target=/root/.cargo --network=none \ |
6 | && cp -v target/release/rudolfs /usr/bin/ |
7 | |
8 | COPY ayllu /src/ayllu/ayllu |
9 | - COPY ayllu-mail /src/ayllu/ayllu-mail |
10 | + COPY ayllu-jobs /src/ayllu/ayllu-jobs |
11 | COPY contrib /src/ayllu/contrib |
12 | COPY crates /src/ayllu/crates |
13 | COPY quipu /src/ayllu/quipu |
14 | @@ -62,11 +62,11 @@ RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/ |
15 | --color=never --locked --frozen --offline --release --package ayllu \ |
16 | && mv /src/ayllu/target/release/ayllu / |
17 | |
18 | - # build the ayllu-mail binary |
19 | + # build the ayllu-jobs binary |
20 | RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/target --network=none \ |
21 | cargo build \ |
22 | - --color=never --locked --frozen --offline --release --package ayllu-mail \ |
23 | - && mv /src/ayllu/target/release/ayllu-mail / |
24 | + --color=never --locked --frozen --offline --release --package ayllu-jobs \ |
25 | + && mv /src/ayllu/target/release/ayllu-jobs / |
26 | |
27 | # build the quipu binary |
28 | RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/target --network=none \ |
29 | @@ -85,7 +85,7 @@ RUN rm -v /usr/lib/libtree-sitter-cpp.so |
30 | |
31 | COPY --from=build --chown=0:0 /usr/bin/rudolfs /usr/bin/ |
32 | COPY --from=build --chown=0:0 /ayllu /usr/bin/ |
33 | - COPY --from=build --chown=0:0 /ayllu-mail /usr/bin/ |
34 | + COPY --from=build --chown=0:0 /ayllu-jobs /usr/bin/ |
35 | COPY --from=build --chown=0:0 /quipu /usr/bin/ |
36 | COPY --from=build --chown=0:0 /src/ayllu/ayllu/themes /usr/lib/ayllu/themes |
37 | COPY --from=build --chown=0:0 /src/ayllu/ayllu/migrations /usr/lib/ayllu/migrations/ayllu |
38 | diff --git a/containers/base-build/Containerfile b/containers/base-build/Containerfile |
39 | index f6848e1..61d5b29 100644 |
40 | --- a/containers/base-build/Containerfile |
41 | +++ b/containers/base-build/Containerfile |
42 | @@ -1,7 +1,7 @@ |
43 | FROM alpine:3 |
44 | |
45 | RUN apk add \ |
46 | - curl cargo rust pkgconf sqlite sassc npm \ |
47 | + curl cargo rust pkgconf sqlite sassc ncurses npm \ |
48 | openssl openssl-dev fontconfig fontconfig-dev \ |
49 | tree-sitter-dev build-base git |
50 | |
51 | diff --git a/containers/multiuser-mail/Containerfile b/containers/multiuser-mail/Containerfile |
52 | deleted file mode 100644 |
53 | index 5c21597..0000000 |
54 | --- a/containers/multiuser-mail/Containerfile |
55 | +++ /dev/null |
56 | @@ -1,34 +0,0 @@ |
57 | - ARG BUILD_IMAGE |
58 | - FROM $BUILD_IMAGE AS build |
59 | - |
60 | - ARG DKIMDO_VERSION="0.1.1" |
61 | - ARG DKIM_MILTER="0.1.0" |
62 | - ARG SPF_MILTER="0.6.0" |
63 | - |
64 | - # FIXME: mirror these in ayllu-forge.org and build them from there |
65 | - RUN cargo install --locked dkimdo@"$DKIMDO_VERSION" |
66 | - RUN cargo install --locked dkim-milter@"$DKIM_MILTER" |
67 | - RUN cargo install --locked spf-milter@"$SPF_MILTER" |
68 | - |
69 | - RUN mkdir /build && mv -v /root/.cargo/bin/* /build |
70 | - |
71 | - ARG MULTIUSER_IMAGE |
72 | - FROM $MULTIUSER_IMAGE |
73 | - |
74 | - USER root |
75 | - |
76 | - RUN apk add --no-cache neomutt postfix |
77 | - |
78 | - # un-privilaged user to run various milter software |
79 | - RUN adduser -D -s /bin/sh -H milter |
80 | - |
81 | - RUN addgroup postfix milter |
82 | - |
83 | - COPY --from=build --chown=0:0 /build/dkimdo /usr/bin/ |
84 | - COPY --from=build --chown=0:0 /build/dkim-milter /usr/bin/ |
85 | - COPY --from=build --chown=0:0 /build/spf-milter /usr/bin/ |
86 | - |
87 | - COPY containers/multiuser-mail/templates /etc/templates/ |
88 | - COPY containers/multiuser-mail/service /etc/service |
89 | - COPY containers/multiuser-mail/cron.d /etc/cron.d/ |
90 | - COPY containers/multiuser-mail/init/ /etc/ayllu-init/ |
91 | diff --git a/containers/multiuser-mail/cron.d/mail.cron b/containers/multiuser-mail/cron.d/mail.cron |
92 | deleted file mode 100644 |
93 | index cd565ea..0000000 |
94 | --- a/containers/multiuser-mail/cron.d/mail.cron |
95 | +++ /dev/null |
96 | @@ -1,2 +0,0 @@ |
97 | - # send queued messages every minute |
98 | - */1 * * * * su ayllu -c 'ayllu-mail --config /etc/ayllu/config.toml send' |
99 | diff --git a/containers/multiuser-mail/init/ayllu-mail.sh b/containers/multiuser-mail/init/ayllu-mail.sh |
100 | deleted file mode 100755 |
101 | index 1a24852..0000000 |
102 | --- a/containers/multiuser-mail/init/ayllu-mail.sh |
103 | +++ /dev/null |
104 | @@ -1 +0,0 @@ |
105 | - #!/bin/sh |
106 | diff --git a/containers/multiuser-mail/init/dkim-milter.sh b/containers/multiuser-mail/init/dkim-milter.sh |
107 | deleted file mode 100755 |
108 | index 91edb41..0000000 |
109 | --- a/containers/multiuser-mail/init/dkim-milter.sh |
110 | +++ /dev/null |
111 | @@ -1,20 +0,0 @@ |
112 | - #!/bin/sh |
113 | - set -ex |
114 | - |
115 | - TEMPLATE_PATH="/etc/templates/dkim-milter/dkim-milter.conf" |
116 | - CONFIG_PATH="/etc/dkim-milter/dkim-milter.conf" |
117 | - SIGNING_KEY="/etc/dkim-milter/ed25519.key" |
118 | - |
119 | - mkdir -p /etc/dkim-milter |
120 | - |
121 | - if [ ! -f "$SIGNING_KEY" ] ; then |
122 | - echo "DKIM signing key not detected, generating it now" |
123 | - dkimdo genkey -O "$SIGNING_KEY" ed25519 |
124 | - dkimdo keyinfo "$SIGNING_KEY" |
125 | - chown milter:milter "$SIGNING_KEY" |
126 | - fi |
127 | - |
128 | - envsubst < "$TEMPLATE_PATH" > "$CONFIG_PATH" |
129 | - |
130 | - echo "ed25519 <$SIGNING_KEY" > /etc/dkim-milter/signing-keys |
131 | - echo ".$AYLLU_MAIL_HOSTNAME $AYLLU_MAIL_HOSTNAME ed25519 ed25519" > /etc/dkim-milter/signing-senders |
132 | diff --git a/containers/multiuser-mail/init/postfix.sh b/containers/multiuser-mail/init/postfix.sh |
133 | deleted file mode 100755 |
134 | index 795e55e..0000000 |
135 | --- a/containers/multiuser-mail/init/postfix.sh |
136 | +++ /dev/null |
137 | @@ -1,55 +0,0 @@ |
138 | - #!/bin/sh |
139 | - |
140 | - AYLLU_MAIL="/usr/bin/ayllu-mail" |
141 | - AYLLU_CONFIG="${AYLLU_CONFIG-/etc/ayllu/config.toml}" |
142 | - AYLLU_DB_PATH="${AYLLU_DB_PATH-/home/ayllu/.local/share/ayllu/mail.db}" |
143 | - |
144 | - # FIXME: Mailpot's master-cf generation seems to be broken but it may also be |
145 | - # due to my own ignorance so manually specifying it for now. |
146 | - |
147 | - AYLLU_SMTP_TLS_SECURITY_LEVEL="${AYLLU_SMTP_TLS_SECURITY_LEVEL:-none}" |
148 | - |
149 | - [ -n "${AYLLU_ROOT_MAIL_USER}" ] && { |
150 | - echo "# AYLLU: DO NOT EDIT" > /etc/postfix/aliases |
151 | - AYLLU_ROOT_MAIL_USER="$(echo "$AYLLU_ROOT_MAIL_USER" | tr '[:upper:]' '[:lower:]')" |
152 | - AYLLU_ROOT_MAIL_USER="$AYLLU_ROOT_MAIL_USER" envsubst < /etc/templates/postfix/aliases >> /etc/postfix/aliases |
153 | - newaliases |
154 | - } |
155 | - |
156 | - # hide sender's IP address / User Agent |
157 | - # See https://wiki.archlinux.org/title/Postfix#Hide_the_sender's_IP_and_user_agent_in_the_Received_header |
158 | - cp /etc/templates/postfix/smtp_header_checks /etc/postfix/ |
159 | - postconf -e smtp_header_checks="regexp:/etc/postfix/smtp_header_checks" |
160 | - postconf -e smtpd_helo_required=yes |
161 | - |
162 | - # attachments are entirely disallowed |
163 | - cp /etc/templates/postfix/mime_header_checks /etc/postfix/ |
164 | - postconf -e mime_header_checks="regexp:/etc/postfix/mime_header_checks" |
165 | - |
166 | - postconf -e smtp_tls_security_level="$AYLLU_SMTP_TLS_SECURITY_LEVEL" |
167 | - postconf -e maillog_file="/dev/stdout" |
168 | - |
169 | - AYLLU_MAIL_HOSTNAME="${AYLLU_MAIL_HOSTNAME:-localhost}" |
170 | - postconf -e myhostname="${AYLLU_MAIL_HOSTNAME}" |
171 | - |
172 | - # disallow relay from anywhere but localhost |
173 | - postconf -e inet_interfaces="loopback-only" |
174 | - postconf -e mynetworks="127.0.0.0/8" |
175 | - postconf -e local_transport="local" |
176 | - postconf -e transport_maps="lmdb:/etc/postfix/transport" |
177 | - |
178 | - # SPF |
179 | - postconf -e smtpd_milters="unix:/run/spf-milter/spf-milter.sock" |
180 | - postconf -e policyd-spf_time_limit="3600" |
181 | - |
182 | - postconf -e smtpd_recipient_restrictions="permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policyd-spf" |
183 | - |
184 | - # setup master.cf |
185 | - AYLLU_CONFIG="$AYLLU_CONFIG" AYLLU_DB_PATH="$AYLLU_DB_PATH" envsubst \ |
186 | - < /etc/templates/postfix/master.cf > /etc/postfix/master.cf |
187 | - |
188 | - su ayllu -c "$AYLLU_MAIL --config $AYLLU_CONFIG --database $AYLLU_DB_PATH postfix maps" |tee /etc/postfix/transport |
189 | - |
190 | - chown -R ayllu:ayllu /home/ayllu/.local/share/ayllu |
191 | - |
192 | - postmap /etc/postfix/transport |
193 | diff --git a/containers/multiuser-mail/init/spf-milter.sh b/containers/multiuser-mail/init/spf-milter.sh |
194 | deleted file mode 100755 |
195 | index 8d2403c..0000000 |
196 | --- a/containers/multiuser-mail/init/spf-milter.sh |
197 | +++ /dev/null |
198 | @@ -1,7 +0,0 @@ |
199 | - #!/bin/sh |
200 | - set -e |
201 | - |
202 | - TEMPLATE_PATH="/etc/templates/spf-milter/spf-milter.conf" |
203 | - CONFIG_PATH="/etc/spf-milter.conf" |
204 | - |
205 | - envsubst < "$TEMPLATE_PATH" > "$CONFIG_PATH" |
206 | diff --git a/containers/multiuser-mail/post-message.sh b/containers/multiuser-mail/post-message.sh |
207 | deleted file mode 100755 |
208 | index 75640a5..0000000 |
209 | --- a/containers/multiuser-mail/post-message.sh |
210 | +++ /dev/null |
211 | @@ -1,4 +0,0 @@ |
212 | - #!/bin/sh |
213 | - |
214 | - export HOME=/home/ayllu |
215 | - ayllu-mail -c /etc/ayllu/config.toml post |
216 | diff --git a/containers/multiuser-mail/service/ayllu-mail/run b/containers/multiuser-mail/service/ayllu-mail/run |
217 | deleted file mode 100755 |
218 | index 8863caa..0000000 |
219 | --- a/containers/multiuser-mail/service/ayllu-mail/run |
220 | +++ /dev/null |
221 | @@ -1,3 +0,0 @@ |
222 | - #!/bin/sh |
223 | - |
224 | - exec su ayllu -c 'ayllu-mail --config /etc/ayllu/config.toml serve' |
225 | diff --git a/containers/multiuser-mail/service/dkim-milter/run b/containers/multiuser-mail/service/dkim-milter/run |
226 | deleted file mode 100755 |
227 | index f09b180..0000000 |
228 | --- a/containers/multiuser-mail/service/dkim-milter/run |
229 | +++ /dev/null |
230 | @@ -1,10 +0,0 @@ |
231 | - #!/bin/sh |
232 | - set -e |
233 | - |
234 | - RUN_DIR="/run/dkim-milter" |
235 | - |
236 | - mkdir -p "$RUN_DIR" |
237 | - chown milter:milter "$RUN_DIR" |
238 | - |
239 | - umask 0007 |
240 | - exec su milter -c /usr/bin/dkim-milter |
241 | diff --git a/containers/multiuser-mail/service/postfix/run b/containers/multiuser-mail/service/postfix/run |
242 | deleted file mode 100755 |
243 | index 6fd52e1..0000000 |
244 | --- a/containers/multiuser-mail/service/postfix/run |
245 | +++ /dev/null |
246 | @@ -1,4 +0,0 @@ |
247 | - #!/bin/sh |
248 | - set -e |
249 | - |
250 | - exec postfix -c /etc/postfix start-fg |
251 | diff --git a/containers/multiuser-mail/service/spf-milter/run b/containers/multiuser-mail/service/spf-milter/run |
252 | deleted file mode 100755 |
253 | index ddef30d..0000000 |
254 | --- a/containers/multiuser-mail/service/spf-milter/run |
255 | +++ /dev/null |
256 | @@ -1,10 +0,0 @@ |
257 | - #!/bin/sh |
258 | - set -e |
259 | - |
260 | - RUN_DIR="/run/spf-milter" |
261 | - |
262 | - mkdir -p "$RUN_DIR" |
263 | - chown milter:milter "$RUN_DIR" |
264 | - |
265 | - umask 0007 |
266 | - exec su milter -c /usr/bin/spf-milter |
267 | diff --git a/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf b/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf |
268 | deleted file mode 100644 |
269 | index e81678c..0000000 |
270 | --- a/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf |
271 | +++ /dev/null |
272 | @@ -1,135 +0,0 @@ |
273 | - # DKIM Milter sample configuration file |
274 | - # See the manual page dkim-milter.conf(5) for reference documentation. |
275 | - |
276 | - # |
277 | - # General |
278 | - # |
279 | - |
280 | - # Start the milter listening on port 3000: |
281 | - # socket = inet:localhost:3000 |
282 | - socket = unix:/run/dkim-milter/dkim-milter.sock |
283 | - |
284 | - # Whether to only "sign", only "verify", or make this decision "auto"matically: |
285 | - mode = auto |
286 | - #mode = sign |
287 | - |
288 | - # Read signing keys and signing senders from the following files: |
289 | - signing_senders = /etc/dkim-milter/signing-senders |
290 | - # signing_keys = <sample-conf/signing-keys |
291 | - signing_keys = /etc/dkim-milter/signing-keys |
292 | - #signing_keys = sqlite://mail-config.db |
293 | - #signing_keys = sqlite://mail-config.db#dkim_signing_keys |
294 | - |
295 | - # Read connection-specific configuration overrides from this file: |
296 | - # connection_overrides = <sample-conf/connection-overrides |
297 | - # |
298 | - # # Read recipient-specific configuration overrides from this file: |
299 | - # recipient_overrides = <sample-conf/recipient-overrides |
300 | - |
301 | - # Treat message transactions from these networks as eligible for signing: |
302 | - # trusted_networks = loopback |
303 | - # #trusted_networks = 12.3.4.56/28, 2001:1600:2:3::4cde |
304 | - # |
305 | - # # Whether to treat messages from authenticated senders as eligible for signing: |
306 | - # trust_authenticated_senders = yes |
307 | - # |
308 | - # # Use this authserv-id in generated Authentication-Results headers: |
309 | - # authserv_id = mail.example.com |
310 | - # |
311 | - # # Whether to delete forged Authentication-Results headers |
312 | - # # ("forged" means *incoming* authserv-id equals *our* authserv-id). |
313 | - # # Important: If you use an earlier milter that adds such headers and takes care |
314 | - # # of deletion itself (eg, SPF Milter), you must disable this setting, else those |
315 | - # # legitimate headers will be deleted by DKIM Milter. |
316 | - # delete_incoming_authentication_results = yes |
317 | - # |
318 | - # # Whether to only accept signing senders (in Sender or From header) that match |
319 | - # # the envelope sender (in MAIL FROM) for signing. |
320 | - # require_envelope_sender_match = no |
321 | - |
322 | - # Log destination (syslog, stderr) and log level (error, warn, info, debug). |
323 | - log_destination = stderr |
324 | - log_level = info |
325 | - |
326 | - # Maximum time to allow when querying for DKIM public key records. |
327 | - lookup_timeout = 10s |
328 | - |
329 | - # Whether to operate without applying changes to messages or rejecting messages. |
330 | - dry_run = no |
331 | - |
332 | - # |
333 | - # Signing |
334 | - # |
335 | - |
336 | - # When signing, include the following headers in the signature. Value "default" |
337 | - # selects the default set of headers plus additional colon-separated headers |
338 | - # after a semicolon. Value "all" selects all headers present. |
339 | - sign_headers = default |
340 | - #sign_headers = default; Message-ID |
341 | - #sign_headers = all |
342 | - #sign_headers = From:To:Cc:Date:Subject |
343 | - |
344 | - # Value "default" in parameter sign_headers refers to this set of headers: |
345 | - default_signed_headers = From:Reply-To:Subject:Date:To:Cc:Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive |
346 | - |
347 | - # When value "all" is used in parameter sign_headers, exclude these headers: |
348 | - default_unsigned_headers = Return-Path:Received:Comments:Keywords |
349 | - |
350 | - # When signing, oversign these headers, that is include them in h= once more |
351 | - # than actually present. Value "signed" oversigns all headers included in the |
352 | - # h= tag, value "signed-extended" additionally oversigns all headers in the |
353 | - # default set even if not present in the message. |
354 | - oversign_headers = |
355 | - #oversign_headers = From:To |
356 | - #oversign_headers = signed |
357 | - #oversign_headers = signed-extended |
358 | - |
359 | - # When signing, canonicalize using the following algorithm: |
360 | - canonicalization = relaxed/simple |
361 | - |
362 | - # When signing, set the valid duration in the x= tag to this value: |
363 | - expiration = 5d |
364 | - #expiration = never |
365 | - |
366 | - # Whether to record the length of the signed body in the l= tag: |
367 | - limit_body_length = no |
368 | - |
369 | - # Whether to record the original headers in the z= tag: |
370 | - copy_headers = no |
371 | - |
372 | - # Whether to include tag r=y in signatures (RFC 6651, DKIM Failure Reporting): |
373 | - request_reports = no |
374 | - |
375 | - # |
376 | - # Verification |
377 | - # |
378 | - |
379 | - # Whether to accept expired signatures. |
380 | - allow_expired = no |
381 | - |
382 | - # Whether to accept signatures with a timestamp in the future. |
383 | - allow_timestamp_in_future = no |
384 | - |
385 | - # Whether to accept signatures using the SHA-1 hash algorithm. |
386 | - # (This setting is only effective if DKIM Milter was compiled with feature |
387 | - # "pre-rfc8301".) |
388 | - allow_sha1 = no |
389 | - |
390 | - # Minimum acceptable RSA public key size. |
391 | - min_rsa_key_bits = 1024 |
392 | - |
393 | - # When verifying, require these headers to be signed. |
394 | - required_signed_headers = From* |
395 | - #required_signed_headers = From:To:Subject |
396 | - |
397 | - # When verifying, whether to accept messages whose body is only partially |
398 | - # included in a signature through an l= tag limit. |
399 | - forbid_unsigned_content = no |
400 | - |
401 | - # The set of signature verification results to reject with an SMTP error reply: |
402 | - # "missing": reject messages without DKIM signature |
403 | - # "no-pass": reject messages without a passing DKIM signature |
404 | - # "author-mismatch": reject messages that don’t have a passing DKIM signature |
405 | - # where d= matches the From header domain |
406 | - reject_failures = |
407 | - #reject_failures = missing, no-pass, author-mismatch |
408 | diff --git a/containers/multiuser-mail/templates/postfix/aliases b/containers/multiuser-mail/templates/postfix/aliases |
409 | deleted file mode 100644 |
410 | index bedd39e..0000000 |
411 | --- a/containers/multiuser-mail/templates/postfix/aliases |
412 | +++ /dev/null |
413 | @@ -1,273 +0,0 @@ |
414 | - # |
415 | - # Sample aliases file. Install in the location as specified by the |
416 | - # output from the command "postconf alias_maps". Typical path names |
417 | - # are /etc/aliases or /etc/mail/aliases. |
418 | - # |
419 | - # >>>>>>>>>> The program "newaliases" must be run after |
420 | - # >> NOTE >> this file is updated for any changes to |
421 | - # >>>>>>>>>> show through to Postfix. |
422 | - # |
423 | - |
424 | - # Person who should get root's mail. Don't receive mail as root! |
425 | - root: ${AYLLU_ROOT_MAIL_USER} |
426 | - |
427 | - # Basic system aliases -- these MUST be present |
428 | - MAILER-DAEMON: postmaster |
429 | - postmaster: root |
430 | - |
431 | - # General redirections for pseudo accounts |
432 | - bin: root |
433 | - daemon: root |
434 | - named: root |
435 | - nobody: root |
436 | - uucp: root |
437 | - www: root |
438 | - ftp-bugs: root |
439 | - postfix: root |
440 | - |
441 | - # Put your local aliases here. |
442 | - |
443 | - # Well-known aliases |
444 | - manager: root |
445 | - dumper: root |
446 | - operator: root |
447 | - abuse: postmaster |
448 | - |
449 | - # trap decode to catch security attacks |
450 | - decode: root |
451 | - |
452 | - # ALIASES(5) ALIASES(5) |
453 | - # |
454 | - # NAME |
455 | - # aliases - Postfix local alias database format |
456 | - # |
457 | - # SYNOPSIS |
458 | - # newaliases |
459 | - # |
460 | - # DESCRIPTION |
461 | - # The optional aliases(5) table (alias_maps) redirects mail |
462 | - # for local recipients. The redirections are processed by |
463 | - # the Postfix local(8) delivery agent. |
464 | - # |
465 | - # This is unlike virtual(5) aliasing (virtual_alias_maps) |
466 | - # which applies to all recipients: local(8), virtual, and |
467 | - # remote, and which is implemented by the cleanup(8) daemon. |
468 | - # |
469 | - # Normally, the aliases(5) table is specified as a text file |
470 | - # that serves as input to the postalias(1) command. The |
471 | - # result, an indexed file in dbm or db format, is used for |
472 | - # fast lookup by the mail system. Execute the command |
473 | - # newaliases in order to rebuild the indexed file after |
474 | - # changing the Postfix alias database. |
475 | - # |
476 | - # When the table is provided via other means such as NIS, |
477 | - # LDAP or SQL, the same lookups are done as for ordinary |
478 | - # indexed files. |
479 | - # |
480 | - # Alternatively, the table can be provided as a regu- |
481 | - # lar-expression map where patterns are given as regular |
482 | - # expressions. In this case, the lookups are done in a |
483 | - # slightly different way as described below under "REGULAR |
484 | - # EXPRESSION TABLES". |
485 | - # |
486 | - # Users can control delivery of their own mail by setting up |
487 | - # .forward files in their home directory. Lines in per-user |
488 | - # .forward files have the same syntax as the right-hand side |
489 | - # of aliases(5) entries. |
490 | - # |
491 | - # The format of the alias database input file is as follows: |
492 | - # |
493 | - # o An alias definition has the form |
494 | - # |
495 | - # name: value1, value2, ... |
496 | - # |
497 | - # o Empty lines and whitespace-only lines are ignored, |
498 | - # as are lines whose first non-whitespace character |
499 | - # is a `#'. |
500 | - # |
501 | - # o A logical line starts with non-whitespace text. A |
502 | - # line that starts with whitespace continues a logi- |
503 | - # cal line. |
504 | - # |
505 | - # The name is a local address (no domain part). Use double |
506 | - # quotes when the name contains any special characters such |
507 | - # as whitespace, `#', `:', or `@'. The name is folded to |
508 | - # lowercase, in order to make database lookups case insensi- |
509 | - # tive. |
510 | - # |
511 | - # In addition, when an alias exists for owner-name, this |
512 | - # will override the envelope sender address, so that deliv- |
513 | - # ery diagnostics are directed to owner-name, instead of the |
514 | - # originator of the message (for details, see |
515 | - # owner_request_special, expand_owner_alias and |
516 | - # reset_owner_alias). This is typically used to direct |
517 | - # delivery errors to the maintainer of a mailing list, who |
518 | - # is in a better position to deal with mailing list delivery |
519 | - # problems than the originator of the undelivered mail. |
520 | - # |
521 | - # The value contains one or more of the following: |
522 | - # |
523 | - # address |
524 | - # Mail is forwarded to address, which is compatible |
525 | - # with the RFC 822 standard. |
526 | - # |
527 | - # /file/name |
528 | - # Mail is appended to /file/name. For details on how |
529 | - # a file is written see the sections "EXTERNAL FILE |
530 | - # DELIVERY" and "DELIVERY RIGHTS" in the local(8) |
531 | - # documentation. Delivery is not limited to regular |
532 | - # files. For example, to dispose of unwanted mail, |
533 | - # deflect it to /dev/null. |
534 | - # |
535 | - # |command |
536 | - # Mail is piped into command. Commands that contain |
537 | - # special characters, such as whitespace, should be |
538 | - # enclosed between double quotes. For details on how |
539 | - # a command is executed see "EXTERNAL COMMAND DELIV- |
540 | - # ERY" and "DELIVERY RIGHTS" in the local(8) documen- |
541 | - # tation. |
542 | - # |
543 | - # When the command fails, a limited amount of command |
544 | - # output is mailed back to the sender. The file |
545 | - # /usr/include/sysexits.h defines the expected exit |
546 | - # status codes. For example, use "|exit 67" to simu- |
547 | - # late a "user unknown" error, and "|exit 0" to |
548 | - # implement an expensive black hole. |
549 | - # |
550 | - # :include:/file/name |
551 | - # Mail is sent to the destinations listed in the |
552 | - # named file. Lines in :include: files have the same |
553 | - # syntax as the right-hand side of alias entries. |
554 | - # |
555 | - # A destination can be any destination that is |
556 | - # described in this manual page. However, delivery to |
557 | - # "|command" and /file/name is disallowed by default. |
558 | - # To enable, edit the allow_mail_to_commands and |
559 | - # allow_mail_to_files configuration parameters. |
560 | - # |
561 | - # ADDRESS EXTENSION |
562 | - # When alias database search fails, and the recipient local- |
563 | - # part contains the optional recipient delimiter (e.g., |
564 | - # user+foo), the search is repeated for the unextended |
565 | - # address (e.g., user). |
566 | - # |
567 | - # The propagate_unmatched_extensions parameter controls |
568 | - # whether an unmatched address extension (+foo) is propa- |
569 | - # gated to the result of table lookup. |
570 | - # |
571 | - # CASE FOLDING |
572 | - # The local(8) delivery agent always folds the search string |
573 | - # to lowercase before database lookup. |
574 | - # |
575 | - # REGULAR EXPRESSION TABLES |
576 | - # This section describes how the table lookups change when |
577 | - # the table is given in the form of regular expressions. For |
578 | - # a description of regular expression lookup table syntax, |
579 | - # see regexp_table(5) or pcre_table(5). NOTE: these formats |
580 | - # do not use ":" at the end of a pattern. |
581 | - # |
582 | - # Each regular expression is applied to the entire search |
583 | - # string. Thus, a search string user+foo is not broken up |
584 | - # into user and foo. |
585 | - # |
586 | - # Regular expressions are applied in the order as specified |
587 | - # in the table, until a regular expression is found that |
588 | - # matches the search string. |
589 | - # |
590 | - # Lookup results are the same as with indexed file lookups. |
591 | - # For security reasons there is no support for $1, $2 etc. |
592 | - # substring interpolation. |
593 | - # |
594 | - # SECURITY |
595 | - # The local(8) delivery agent disallows regular expression |
596 | - # substitution of $1 etc. in alias_maps, because that would |
597 | - # open a security hole. |
598 | - # |
599 | - # The local(8) delivery agent will silently ignore requests |
600 | - # to use the proxymap(8) server within alias_maps. Instead |
601 | - # it will open the table directly. Before Postfix version |
602 | - # 2.2, the local(8) delivery agent will terminate with a |
603 | - # fatal error. |
604 | - # |
605 | - # CONFIGURATION PARAMETERS |
606 | - # The following main.cf parameters are especially relevant. |
607 | - # The text below provides only a parameter summary. See |
608 | - # postconf(5) for more details including examples. |
609 | - # |
610 | - # alias_database (see 'postconf -d' output) |
611 | - # The alias databases for local(8) delivery that are |
612 | - # updated with "newaliases" or with "sendmail -bi". |
613 | - # |
614 | - # alias_maps (see 'postconf -d' output) |
615 | - # Optional lookup tables with aliases that apply only |
616 | - # to local(8) recipients; this is unlike vir- |
617 | - # tual_alias_maps that apply to all recipients: |
618 | - # local(8), virtual, and remote. |
619 | - # |
620 | - # allow_mail_to_commands (alias, forward) |
621 | - # Restrict local(8) mail delivery to external com- |
622 | - # mands. |
623 | - # |
624 | - # allow_mail_to_files (alias, forward) |
625 | - # Restrict local(8) mail delivery to external files. |
626 | - # |
627 | - # expand_owner_alias (no) |
628 | - # When delivering to an alias "aliasname" that has an |
629 | - # "owner-aliasname" companion alias, set the envelope |
630 | - # sender address to the expansion of the |
631 | - # "owner-aliasname" alias. |
632 | - # |
633 | - # propagate_unmatched_extensions (canonical, virtual) |
634 | - # What address lookup tables copy an address exten- |
635 | - # sion from the lookup key to the lookup result. |
636 | - # |
637 | - # owner_request_special (yes) |
638 | - # Enable special treatment for owner-listname entries |
639 | - # in the aliases(5) file, and don't split owner-list- |
640 | - # name and listname-request address localparts when |
641 | - # the recipient_delimiter is set to "-". |
642 | - # |
643 | - # recipient_delimiter (empty) |
644 | - # The set of characters that can separate an email |
645 | - # address localpart, user name, or a .forward file |
646 | - # name from its extension. |
647 | - # |
648 | - # Available in Postfix version 2.3 and later: |
649 | - # |
650 | - # frozen_delivered_to (yes) |
651 | - # Update the local(8) delivery agent's idea of the |
652 | - # Delivered-To: address (see prepend_deliv- |
653 | - # ered_header) only once, at the start of a delivery |
654 | - # attempt; do not update the Delivered-To: address |
655 | - # while expanding aliases or .forward files. |
656 | - # |
657 | - # STANDARDS |
658 | - # RFC 822 (ARPA Internet Text Messages) |
659 | - # |
660 | - # SEE ALSO |
661 | - # local(8), local delivery agent |
662 | - # newaliases(1), create/update alias database |
663 | - # postalias(1), create/update alias database |
664 | - # postconf(5), configuration parameters |
665 | - # |
666 | - # README FILES |
667 | - # Use "postconf readme_directory" or "postconf html_direc- |
668 | - # tory" to locate this information. |
669 | - # DATABASE_README, Postfix lookup table overview |
670 | - # |
671 | - # LICENSE |
672 | - # The Secure Mailer license must be distributed with this |
673 | - # software. |
674 | - # |
675 | - # AUTHOR(S) |
676 | - # Wietse Venema |
677 | - # IBM T.J. Watson Research |
678 | - # P.O. Box 704 |
679 | - # Yorktown Heights, NY 10598, USA |
680 | - # |
681 | - # Wietse Venema |
682 | - # Google, Inc. |
683 | - # 111 8th Avenue |
684 | - # New York, NY 10011, USA |
685 | - # |
686 | - # |
687 | diff --git a/containers/multiuser-mail/templates/postfix/master.cf b/containers/multiuser-mail/templates/postfix/master.cf |
688 | deleted file mode 100644 |
689 | index 47f2a46..0000000 |
690 | --- a/containers/multiuser-mail/templates/postfix/master.cf |
691 | +++ /dev/null |
692 | @@ -1,155 +0,0 @@ |
693 | - # |
694 | - # Postfix master process configuration file. For details on the format |
695 | - # of the file, see the master(5) manual page (command: "man 5 master" or |
696 | - # on-line: http://www.postfix.org/master.5.html). |
697 | - # |
698 | - # Do not forget to execute "postfix reload" after editing this file. |
699 | - # |
700 | - # ========================================================================== |
701 | - # service type private unpriv chroot wakeup maxproc command + args |
702 | - # (yes) (yes) (no) (never) (100) |
703 | - # ========================================================================== |
704 | - smtp inet n - n - - smtpd |
705 | - #smtp inet n - n - 1 postscreen |
706 | - #smtpd pass - - n - - smtpd |
707 | - #dnsblog unix - - n - 0 dnsblog |
708 | - #tlsproxy unix - - n - 0 tlsproxy |
709 | - # Choose one: enable submission for loopback clients only, or for any client. |
710 | - #127.0.0.1:submission inet n - n - - smtpd |
711 | - #submission inet n - n - - smtpd |
712 | - # -o syslog_name=postfix/submission |
713 | - # -o smtpd_tls_security_level=encrypt |
714 | - # -o smtpd_sasl_auth_enable=yes |
715 | - # -o smtpd_tls_auth_only=yes |
716 | - # -o local_header_rewrite_clients=static:all |
717 | - # -o smtpd_reject_unlisted_recipient=no |
718 | - # Instead of specifying complex smtpd_<xxx>_restrictions here, |
719 | - # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" |
720 | - # here, and specify mua_<xxx>_restrictions in main.cf (where |
721 | - # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). |
722 | - # -o smtpd_client_restrictions= |
723 | - # -o smtpd_helo_restrictions= |
724 | - # -o smtpd_sender_restrictions= |
725 | - # -o smtpd_relay_restrictions= |
726 | - # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
727 | - # -o milter_macro_daemon_name=ORIGINATING |
728 | - # Choose one: enable submissions for loopback clients only, or for any client. |
729 | - #127.0.0.1:submissions inet n - n - - smtpd |
730 | - #submissions inet n - n - - smtpd |
731 | - # -o syslog_name=postfix/submissions |
732 | - # -o smtpd_tls_wrappermode=yes |
733 | - # -o smtpd_sasl_auth_enable=yes |
734 | - # -o local_header_rewrite_clients=static:all |
735 | - # -o smtpd_reject_unlisted_recipient=no |
736 | - # Instead of specifying complex smtpd_<xxx>_restrictions here, |
737 | - # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" |
738 | - # here, and specify mua_<xxx>_restrictions in main.cf (where |
739 | - # "<xxx>" is "client", "helo", "sender", "relay", or "recipient"). |
740 | - # -o smtpd_client_restrictions= |
741 | - # -o smtpd_helo_restrictions= |
742 | - # -o smtpd_sender_restrictions= |
743 | - # -o smtpd_relay_restrictions= |
744 | - # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject |
745 | - # -o milter_macro_daemon_name=ORIGINATING |
746 | - #628 inet n - n - - qmqpd |
747 | - pickup unix n - n 60 1 pickup |
748 | - cleanup unix n - n - 0 cleanup |
749 | - qmgr unix n - n 300 1 qmgr |
750 | - #qmgr unix n - n 300 1 oqmgr |
751 | - tlsmgr unix - - n 1000? 1 tlsmgr |
752 | - rewrite unix - - n - - trivial-rewrite |
753 | - bounce unix - - n - 0 bounce |
754 | - defer unix - - n - 0 bounce |
755 | - trace unix - - n - 0 bounce |
756 | - verify unix - - n - 1 verify |
757 | - flush unix n - n 1000? 0 flush |
758 | - proxymap unix - - n - - proxymap |
759 | - proxywrite unix - - n - 1 proxymap |
760 | - smtp unix - - n - - smtp |
761 | - relay unix - - n - - smtp |
762 | - -o syslog_name=postfix/$service_name |
763 | - # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 |
764 | - showq unix n - n - - showq |
765 | - error unix - - n - - error |
766 | - retry unix - - n - - error |
767 | - discard unix - - n - - discard |
768 | - local unix - n n - - local |
769 | - virtual unix - n n - - virtual |
770 | - lmtp unix - - n - - lmtp |
771 | - anvil unix - - n - 1 anvil |
772 | - scache unix - - n - 1 scache |
773 | - postlog unix-dgram n - n - 1 postlogd |
774 | - # |
775 | - # ==================================================================== |
776 | - # Interfaces to non-Postfix software. Be sure to examine the manual |
777 | - # pages of the non-Postfix software to find out what options it wants. |
778 | - # |
779 | - # Many of the following services use the Postfix pipe(8) delivery |
780 | - # agent. See the pipe(8) man page for information about ${recipient} |
781 | - # and other message envelope options. |
782 | - # ==================================================================== |
783 | - # |
784 | - # maildrop. See the Postfix MAILDROP_README file for details. |
785 | - # Also specify in main.cf: maildrop_destination_recipient_limit=1 |
786 | - # |
787 | - #maildrop unix - n n - - pipe |
788 | - # flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} |
789 | - # |
790 | - # ==================================================================== |
791 | - # |
792 | - # Recent Cyrus versions can use the existing "lmtp" master.cf entry. |
793 | - # |
794 | - # Specify in cyrus.conf: |
795 | - # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 |
796 | - # |
797 | - # Specify in main.cf one or more of the following: |
798 | - # mailbox_transport = lmtp:inet:localhost |
799 | - # virtual_transport = lmtp:inet:localhost |
800 | - # |
801 | - # ==================================================================== |
802 | - # |
803 | - # Cyrus 2.1.5 (Amos Gouaux) |
804 | - # Also specify in main.cf: cyrus_destination_recipient_limit=1 |
805 | - # |
806 | - #cyrus unix - n n - - pipe |
807 | - # flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} |
808 | - # |
809 | - # ==================================================================== |
810 | - # |
811 | - # Old example of delivery via Cyrus. |
812 | - # |
813 | - #old-cyrus unix - n n - - pipe |
814 | - # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} |
815 | - # |
816 | - # ==================================================================== |
817 | - # |
818 | - # See the Postfix UUCP_README file for configuration details. |
819 | - # |
820 | - #uucp unix - n n - - pipe |
821 | - # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) |
822 | - # |
823 | - # ==================================================================== |
824 | - # |
825 | - # Other external delivery methods. |
826 | - # |
827 | - #ifmail unix - n n - - pipe |
828 | - # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) |
829 | - # |
830 | - #bsmtp unix - n n - - pipe |
831 | - # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient |
832 | - # |
833 | - #scalemail-backend unix - n n - 2 pipe |
834 | - # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store |
835 | - # ${nexthop} ${user} ${extension} |
836 | - # |
837 | - #mailman unix - n n - - pipe |
838 | - # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py |
839 | - # ${nexthop} ${user} |
840 | - |
841 | - # SPF Verifier |
842 | - policyd-spf unix - n n - 0 spawn |
843 | - user=nobody argv=/usr/bin/postfix-policyd-spf-perl |
844 | - |
845 | - # Mailpot |
846 | - mailpot unix - n n - 1 pipe |
847 | - flags=RX user=ayllu directory=/home/ayllu argv=/usr/bin/ayllu-mail --database ${AYLLU_DB_PATH} --config ${AYLLU_CONFIG} post" |
848 | diff --git a/containers/multiuser-mail/templates/postfix/mime_header_checks b/containers/multiuser-mail/templates/postfix/mime_header_checks |
849 | deleted file mode 100644 |
850 | index 50cf33f..0000000 |
851 | --- a/containers/multiuser-mail/templates/postfix/mime_header_checks |
852 | +++ /dev/null |
853 | @@ -1 +0,0 @@ |
854 | - /Content-(Type|Disposition):.*attachment;/ REJECT Attachments are disallowed |
855 | diff --git a/containers/multiuser-mail/templates/postfix/smtp_header_checks b/containers/multiuser-mail/templates/postfix/smtp_header_checks |
856 | deleted file mode 100644 |
857 | index 9e39150..0000000 |
858 | --- a/containers/multiuser-mail/templates/postfix/smtp_header_checks |
859 | +++ /dev/null |
860 | @@ -1,2 +0,0 @@ |
861 | - /^Received: .*/ IGNORE |
862 | - /^User-Agent: .*/ IGNORE |
863 | diff --git a/containers/multiuser-mail/templates/spf-milter/spf-milter.conf b/containers/multiuser-mail/templates/spf-milter/spf-milter.conf |
864 | deleted file mode 100644 |
865 | index d97eb8c..0000000 |
866 | --- a/containers/multiuser-mail/templates/spf-milter/spf-milter.conf |
867 | +++ /dev/null |
868 | @@ -1,8 +0,0 @@ |
869 | - # spf-milter.conf |
870 | - |
871 | - socket = unix:/run/spf-milter/spf-milter.sock |
872 | - log_level = debug |
873 | - log_destination = stderr |
874 | - |
875 | - # Also verify HELO before MAIL FROM: |
876 | - verify_helo = yes |
877 | diff --git a/containers/multiuser/Containerfile b/containers/multiuser/Containerfile |
878 | index 5b830a1..c57401f 100644 |
879 | --- a/containers/multiuser/Containerfile |
880 | +++ b/containers/multiuser/Containerfile |
881 | @@ -19,6 +19,7 @@ COPY containers/multiuser/init/ /etc/ayllu-init/ |
882 | COPY containers/multiuser/motd.txt /etc/motd |
883 | COPY containers/multiuser/service/ /etc/service/ |
884 | COPY containers/multiuser/profile.d/ /etc/profile.d/ |
885 | + COPY containers/multiuser/crontabs/ /etc/crontabs/ |
886 | COPY containers/multiuser/run_all.sh / |
887 | |
888 | CMD ["/run_all.sh"] |
889 | diff --git a/containers/multiuser/crontabs/ayllu b/containers/multiuser/crontabs/ayllu |
890 | new file mode 100644 |
891 | index 0000000..5fa990b |
892 | --- /dev/null |
893 | +++ b/containers/multiuser/crontabs/ayllu |
894 | @@ -0,0 +1,2 @@ |
895 | + # min hour day month weekday command |
896 | + */1 * * * * NO_COLOR=true /usr/bin/ayllu-jobs run-all |
897 | diff --git a/containers/multiuser/init/config.sh b/containers/multiuser/init/config.sh |
898 | index 57f51e5..71fe19c 100755 |
899 | --- a/containers/multiuser/init/config.sh |
900 | +++ b/containers/multiuser/init/config.sh |
901 | @@ -1,7 +1,5 @@ |
902 | #!/bin/sh |
903 | |
904 | - # TODO: Ayllu should have a programmatic way to set configuration values |
905 | - # at runtime e.g. ayllu config set http.address = .... |
906 | [ -n "${AYLLU_LISTEN_ADDRESS}" ] && { |
907 | - sed -i "s/127.0.0.1:8080/$AYLLU_LISTEN_ADDRESS/" /etc/ayllu/config.toml |
908 | - } |
909 | + ayllu config set http.address "\"$AYLLU_LISTEN_ADDRESS\"" |
910 | + } || true |
911 | diff --git a/containers/multiuser/service/syslogd/run b/containers/multiuser/service/syslogd/run |
912 | new file mode 100755 |
913 | index 0000000..455172e |
914 | --- /dev/null |
915 | +++ b/containers/multiuser/service/syslogd/run |
916 | @@ -0,0 +1,3 @@ |
917 | + #!/bin/sh |
918 | + |
919 | + syslogd -n -O - |
920 | diff --git a/scripts/build_all_containers.sh b/scripts/build_all_containers.sh |
921 | index 0cfc44a..8f00ae9 100755 |
922 | --- a/scripts/build_all_containers.sh |
923 | +++ b/scripts/build_all_containers.sh |
924 | @@ -4,4 +4,3 @@ set -e |
925 | scripts/build_container.sh containers/base-build |
926 | scripts/build_container.sh containers/ayllu |
927 | scripts/build_container.sh containers/multiuser |
928 | - scripts/build_container.sh containers/multiuser-mail |