Commit
Author: Kevin Schoon [me@kevinschoon.com]
Hash: 184ed2cec8430f688413a06bc53eb36d96e7f096
Timestamp: Sat, 19 Oct 2024 16:46:55 +0000 (1 month ago)

+14 -735 +/-24 browse
update container scripts, run ayllu-jobs via cron
1diff --git a/containers/ayllu/Containerfile b/containers/ayllu/Containerfile
2index a7a3af0..974db05 100644
3--- a/containers/ayllu/Containerfile
4+++ b/containers/ayllu/Containerfile
5 @@ -32,7 +32,7 @@ RUN --mount=type=cache,target=/root/.cargo --network=none \
6 && cp -v target/release/rudolfs /usr/bin/
7
8 COPY ayllu /src/ayllu/ayllu
9- COPY ayllu-mail /src/ayllu/ayllu-mail
10+ COPY ayllu-jobs /src/ayllu/ayllu-jobs
11 COPY contrib /src/ayllu/contrib
12 COPY crates /src/ayllu/crates
13 COPY quipu /src/ayllu/quipu
14 @@ -62,11 +62,11 @@ RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/
15 --color=never --locked --frozen --offline --release --package ayllu \
16 && mv /src/ayllu/target/release/ayllu /
17
18- # build the ayllu-mail binary
19+ # build the ayllu-jobs binary
20 RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/target --network=none \
21 cargo build \
22- --color=never --locked --frozen --offline --release --package ayllu-mail \
23- && mv /src/ayllu/target/release/ayllu-mail /
24+ --color=never --locked --frozen --offline --release --package ayllu-jobs \
25+ && mv /src/ayllu/target/release/ayllu-jobs /
26
27 # build the quipu binary
28 RUN --mount=type=cache,target=/root/.cargo --mount=type=cache,target=/src/ayllu/target --network=none \
29 @@ -85,7 +85,7 @@ RUN rm -v /usr/lib/libtree-sitter-cpp.so
30
31 COPY --from=build --chown=0:0 /usr/bin/rudolfs /usr/bin/
32 COPY --from=build --chown=0:0 /ayllu /usr/bin/
33- COPY --from=build --chown=0:0 /ayllu-mail /usr/bin/
34+ COPY --from=build --chown=0:0 /ayllu-jobs /usr/bin/
35 COPY --from=build --chown=0:0 /quipu /usr/bin/
36 COPY --from=build --chown=0:0 /src/ayllu/ayllu/themes /usr/lib/ayllu/themes
37 COPY --from=build --chown=0:0 /src/ayllu/ayllu/migrations /usr/lib/ayllu/migrations/ayllu
38 diff --git a/containers/base-build/Containerfile b/containers/base-build/Containerfile
39index f6848e1..61d5b29 100644
40--- a/containers/base-build/Containerfile
41+++ b/containers/base-build/Containerfile
42 @@ -1,7 +1,7 @@
43 FROM alpine:3
44
45 RUN apk add \
46- curl cargo rust pkgconf sqlite sassc npm \
47+ curl cargo rust pkgconf sqlite sassc ncurses npm \
48 openssl openssl-dev fontconfig fontconfig-dev \
49 tree-sitter-dev build-base git
50
51 diff --git a/containers/multiuser-mail/Containerfile b/containers/multiuser-mail/Containerfile
52deleted file mode 100644
53index 5c21597..0000000
54--- a/containers/multiuser-mail/Containerfile
55+++ /dev/null
56 @@ -1,34 +0,0 @@
57- ARG BUILD_IMAGE
58- FROM $BUILD_IMAGE AS build
59-
60- ARG DKIMDO_VERSION="0.1.1"
61- ARG DKIM_MILTER="0.1.0"
62- ARG SPF_MILTER="0.6.0"
63-
64- # FIXME: mirror these in ayllu-forge.org and build them from there
65- RUN cargo install --locked dkimdo@"$DKIMDO_VERSION"
66- RUN cargo install --locked dkim-milter@"$DKIM_MILTER"
67- RUN cargo install --locked spf-milter@"$SPF_MILTER"
68-
69- RUN mkdir /build && mv -v /root/.cargo/bin/* /build
70-
71- ARG MULTIUSER_IMAGE
72- FROM $MULTIUSER_IMAGE
73-
74- USER root
75-
76- RUN apk add --no-cache neomutt postfix
77-
78- # un-privilaged user to run various milter software
79- RUN adduser -D -s /bin/sh -H milter
80-
81- RUN addgroup postfix milter
82-
83- COPY --from=build --chown=0:0 /build/dkimdo /usr/bin/
84- COPY --from=build --chown=0:0 /build/dkim-milter /usr/bin/
85- COPY --from=build --chown=0:0 /build/spf-milter /usr/bin/
86-
87- COPY containers/multiuser-mail/templates /etc/templates/
88- COPY containers/multiuser-mail/service /etc/service
89- COPY containers/multiuser-mail/cron.d /etc/cron.d/
90- COPY containers/multiuser-mail/init/ /etc/ayllu-init/
91 diff --git a/containers/multiuser-mail/cron.d/mail.cron b/containers/multiuser-mail/cron.d/mail.cron
92deleted file mode 100644
93index cd565ea..0000000
94--- a/containers/multiuser-mail/cron.d/mail.cron
95+++ /dev/null
96 @@ -1,2 +0,0 @@
97- # send queued messages every minute
98- */1 * * * * su ayllu -c 'ayllu-mail --config /etc/ayllu/config.toml send'
99 diff --git a/containers/multiuser-mail/init/ayllu-mail.sh b/containers/multiuser-mail/init/ayllu-mail.sh
100deleted file mode 100755
101index 1a24852..0000000
102--- a/containers/multiuser-mail/init/ayllu-mail.sh
103+++ /dev/null
104 @@ -1 +0,0 @@
105- #!/bin/sh
106 diff --git a/containers/multiuser-mail/init/dkim-milter.sh b/containers/multiuser-mail/init/dkim-milter.sh
107deleted file mode 100755
108index 91edb41..0000000
109--- a/containers/multiuser-mail/init/dkim-milter.sh
110+++ /dev/null
111 @@ -1,20 +0,0 @@
112- #!/bin/sh
113- set -ex
114-
115- TEMPLATE_PATH="/etc/templates/dkim-milter/dkim-milter.conf"
116- CONFIG_PATH="/etc/dkim-milter/dkim-milter.conf"
117- SIGNING_KEY="/etc/dkim-milter/ed25519.key"
118-
119- mkdir -p /etc/dkim-milter
120-
121- if [ ! -f "$SIGNING_KEY" ] ; then
122- echo "DKIM signing key not detected, generating it now"
123- dkimdo genkey -O "$SIGNING_KEY" ed25519
124- dkimdo keyinfo "$SIGNING_KEY"
125- chown milter:milter "$SIGNING_KEY"
126- fi
127-
128- envsubst < "$TEMPLATE_PATH" > "$CONFIG_PATH"
129-
130- echo "ed25519 <$SIGNING_KEY" > /etc/dkim-milter/signing-keys
131- echo ".$AYLLU_MAIL_HOSTNAME $AYLLU_MAIL_HOSTNAME ed25519 ed25519" > /etc/dkim-milter/signing-senders
132 diff --git a/containers/multiuser-mail/init/postfix.sh b/containers/multiuser-mail/init/postfix.sh
133deleted file mode 100755
134index 795e55e..0000000
135--- a/containers/multiuser-mail/init/postfix.sh
136+++ /dev/null
137 @@ -1,55 +0,0 @@
138- #!/bin/sh
139-
140- AYLLU_MAIL="/usr/bin/ayllu-mail"
141- AYLLU_CONFIG="${AYLLU_CONFIG-/etc/ayllu/config.toml}"
142- AYLLU_DB_PATH="${AYLLU_DB_PATH-/home/ayllu/.local/share/ayllu/mail.db}"
143-
144- # FIXME: Mailpot's master-cf generation seems to be broken but it may also be
145- # due to my own ignorance so manually specifying it for now.
146-
147- AYLLU_SMTP_TLS_SECURITY_LEVEL="${AYLLU_SMTP_TLS_SECURITY_LEVEL:-none}"
148-
149- [ -n "${AYLLU_ROOT_MAIL_USER}" ] && {
150- echo "# AYLLU: DO NOT EDIT" > /etc/postfix/aliases
151- AYLLU_ROOT_MAIL_USER="$(echo "$AYLLU_ROOT_MAIL_USER" | tr '[:upper:]' '[:lower:]')"
152- AYLLU_ROOT_MAIL_USER="$AYLLU_ROOT_MAIL_USER" envsubst < /etc/templates/postfix/aliases >> /etc/postfix/aliases
153- newaliases
154- }
155-
156- # hide sender's IP address / User Agent
157- # See https://wiki.archlinux.org/title/Postfix#Hide_the_sender's_IP_and_user_agent_in_the_Received_header
158- cp /etc/templates/postfix/smtp_header_checks /etc/postfix/
159- postconf -e smtp_header_checks="regexp:/etc/postfix/smtp_header_checks"
160- postconf -e smtpd_helo_required=yes
161-
162- # attachments are entirely disallowed
163- cp /etc/templates/postfix/mime_header_checks /etc/postfix/
164- postconf -e mime_header_checks="regexp:/etc/postfix/mime_header_checks"
165-
166- postconf -e smtp_tls_security_level="$AYLLU_SMTP_TLS_SECURITY_LEVEL"
167- postconf -e maillog_file="/dev/stdout"
168-
169- AYLLU_MAIL_HOSTNAME="${AYLLU_MAIL_HOSTNAME:-localhost}"
170- postconf -e myhostname="${AYLLU_MAIL_HOSTNAME}"
171-
172- # disallow relay from anywhere but localhost
173- postconf -e inet_interfaces="loopback-only"
174- postconf -e mynetworks="127.0.0.0/8"
175- postconf -e local_transport="local"
176- postconf -e transport_maps="lmdb:/etc/postfix/transport"
177-
178- # SPF
179- postconf -e smtpd_milters="unix:/run/spf-milter/spf-milter.sock"
180- postconf -e policyd-spf_time_limit="3600"
181-
182- postconf -e smtpd_recipient_restrictions="permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policyd-spf"
183-
184- # setup master.cf
185- AYLLU_CONFIG="$AYLLU_CONFIG" AYLLU_DB_PATH="$AYLLU_DB_PATH" envsubst \
186- < /etc/templates/postfix/master.cf > /etc/postfix/master.cf
187-
188- su ayllu -c "$AYLLU_MAIL --config $AYLLU_CONFIG --database $AYLLU_DB_PATH postfix maps" |tee /etc/postfix/transport
189-
190- chown -R ayllu:ayllu /home/ayllu/.local/share/ayllu
191-
192- postmap /etc/postfix/transport
193 diff --git a/containers/multiuser-mail/init/spf-milter.sh b/containers/multiuser-mail/init/spf-milter.sh
194deleted file mode 100755
195index 8d2403c..0000000
196--- a/containers/multiuser-mail/init/spf-milter.sh
197+++ /dev/null
198 @@ -1,7 +0,0 @@
199- #!/bin/sh
200- set -e
201-
202- TEMPLATE_PATH="/etc/templates/spf-milter/spf-milter.conf"
203- CONFIG_PATH="/etc/spf-milter.conf"
204-
205- envsubst < "$TEMPLATE_PATH" > "$CONFIG_PATH"
206 diff --git a/containers/multiuser-mail/post-message.sh b/containers/multiuser-mail/post-message.sh
207deleted file mode 100755
208index 75640a5..0000000
209--- a/containers/multiuser-mail/post-message.sh
210+++ /dev/null
211 @@ -1,4 +0,0 @@
212- #!/bin/sh
213-
214- export HOME=/home/ayllu
215- ayllu-mail -c /etc/ayllu/config.toml post
216 diff --git a/containers/multiuser-mail/service/ayllu-mail/run b/containers/multiuser-mail/service/ayllu-mail/run
217deleted file mode 100755
218index 8863caa..0000000
219--- a/containers/multiuser-mail/service/ayllu-mail/run
220+++ /dev/null
221 @@ -1,3 +0,0 @@
222- #!/bin/sh
223-
224- exec su ayllu -c 'ayllu-mail --config /etc/ayllu/config.toml serve'
225 diff --git a/containers/multiuser-mail/service/dkim-milter/run b/containers/multiuser-mail/service/dkim-milter/run
226deleted file mode 100755
227index f09b180..0000000
228--- a/containers/multiuser-mail/service/dkim-milter/run
229+++ /dev/null
230 @@ -1,10 +0,0 @@
231- #!/bin/sh
232- set -e
233-
234- RUN_DIR="/run/dkim-milter"
235-
236- mkdir -p "$RUN_DIR"
237- chown milter:milter "$RUN_DIR"
238-
239- umask 0007
240- exec su milter -c /usr/bin/dkim-milter
241 diff --git a/containers/multiuser-mail/service/postfix/run b/containers/multiuser-mail/service/postfix/run
242deleted file mode 100755
243index 6fd52e1..0000000
244--- a/containers/multiuser-mail/service/postfix/run
245+++ /dev/null
246 @@ -1,4 +0,0 @@
247- #!/bin/sh
248- set -e
249-
250- exec postfix -c /etc/postfix start-fg
251 diff --git a/containers/multiuser-mail/service/spf-milter/run b/containers/multiuser-mail/service/spf-milter/run
252deleted file mode 100755
253index ddef30d..0000000
254--- a/containers/multiuser-mail/service/spf-milter/run
255+++ /dev/null
256 @@ -1,10 +0,0 @@
257- #!/bin/sh
258- set -e
259-
260- RUN_DIR="/run/spf-milter"
261-
262- mkdir -p "$RUN_DIR"
263- chown milter:milter "$RUN_DIR"
264-
265- umask 0007
266- exec su milter -c /usr/bin/spf-milter
267 diff --git a/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf b/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf
268deleted file mode 100644
269index e81678c..0000000
270--- a/containers/multiuser-mail/templates/dkim-milter/dkim-milter.conf
271+++ /dev/null
272 @@ -1,135 +0,0 @@
273- # DKIM Milter sample configuration file
274- # See the manual page dkim-milter.conf(5) for reference documentation.
275-
276- #
277- # General
278- #
279-
280- # Start the milter listening on port 3000:
281- # socket = inet:localhost:3000
282- socket = unix:/run/dkim-milter/dkim-milter.sock
283-
284- # Whether to only "sign", only "verify", or make this decision "auto"matically:
285- mode = auto
286- #mode = sign
287-
288- # Read signing keys and signing senders from the following files:
289- signing_senders = /etc/dkim-milter/signing-senders
290- # signing_keys = <sample-conf/signing-keys
291- signing_keys = /etc/dkim-milter/signing-keys
292- #signing_keys = sqlite://mail-config.db
293- #signing_keys = sqlite://mail-config.db#dkim_signing_keys
294-
295- # Read connection-specific configuration overrides from this file:
296- # connection_overrides = <sample-conf/connection-overrides
297- #
298- # # Read recipient-specific configuration overrides from this file:
299- # recipient_overrides = <sample-conf/recipient-overrides
300-
301- # Treat message transactions from these networks as eligible for signing:
302- # trusted_networks = loopback
303- # #trusted_networks = 12.3.4.56/28, 2001:1600:2:3::4cde
304- #
305- # # Whether to treat messages from authenticated senders as eligible for signing:
306- # trust_authenticated_senders = yes
307- #
308- # # Use this authserv-id in generated Authentication-Results headers:
309- # authserv_id = mail.example.com
310- #
311- # # Whether to delete forged Authentication-Results headers
312- # # ("forged" means *incoming* authserv-id equals *our* authserv-id).
313- # # Important: If you use an earlier milter that adds such headers and takes care
314- # # of deletion itself (eg, SPF Milter), you must disable this setting, else those
315- # # legitimate headers will be deleted by DKIM Milter.
316- # delete_incoming_authentication_results = yes
317- #
318- # # Whether to only accept signing senders (in Sender or From header) that match
319- # # the envelope sender (in MAIL FROM) for signing.
320- # require_envelope_sender_match = no
321-
322- # Log destination (syslog, stderr) and log level (error, warn, info, debug).
323- log_destination = stderr
324- log_level = info
325-
326- # Maximum time to allow when querying for DKIM public key records.
327- lookup_timeout = 10s
328-
329- # Whether to operate without applying changes to messages or rejecting messages.
330- dry_run = no
331-
332- #
333- # Signing
334- #
335-
336- # When signing, include the following headers in the signature. Value "default"
337- # selects the default set of headers plus additional colon-separated headers
338- # after a semicolon. Value "all" selects all headers present.
339- sign_headers = default
340- #sign_headers = default; Message-ID
341- #sign_headers = all
342- #sign_headers = From:To:Cc:Date:Subject
343-
344- # Value "default" in parameter sign_headers refers to this set of headers:
345- default_signed_headers = From:Reply-To:Subject:Date:To:Cc:Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
346-
347- # When value "all" is used in parameter sign_headers, exclude these headers:
348- default_unsigned_headers = Return-Path:Received:Comments:Keywords
349-
350- # When signing, oversign these headers, that is include them in h= once more
351- # than actually present. Value "signed" oversigns all headers included in the
352- # h= tag, value "signed-extended" additionally oversigns all headers in the
353- # default set even if not present in the message.
354- oversign_headers =
355- #oversign_headers = From:To
356- #oversign_headers = signed
357- #oversign_headers = signed-extended
358-
359- # When signing, canonicalize using the following algorithm:
360- canonicalization = relaxed/simple
361-
362- # When signing, set the valid duration in the x= tag to this value:
363- expiration = 5d
364- #expiration = never
365-
366- # Whether to record the length of the signed body in the l= tag:
367- limit_body_length = no
368-
369- # Whether to record the original headers in the z= tag:
370- copy_headers = no
371-
372- # Whether to include tag r=y in signatures (RFC 6651, DKIM Failure Reporting):
373- request_reports = no
374-
375- #
376- # Verification
377- #
378-
379- # Whether to accept expired signatures.
380- allow_expired = no
381-
382- # Whether to accept signatures with a timestamp in the future.
383- allow_timestamp_in_future = no
384-
385- # Whether to accept signatures using the SHA-1 hash algorithm.
386- # (This setting is only effective if DKIM Milter was compiled with feature
387- # "pre-rfc8301".)
388- allow_sha1 = no
389-
390- # Minimum acceptable RSA public key size.
391- min_rsa_key_bits = 1024
392-
393- # When verifying, require these headers to be signed.
394- required_signed_headers = From*
395- #required_signed_headers = From:To:Subject
396-
397- # When verifying, whether to accept messages whose body is only partially
398- # included in a signature through an l= tag limit.
399- forbid_unsigned_content = no
400-
401- # The set of signature verification results to reject with an SMTP error reply:
402- # "missing": reject messages without DKIM signature
403- # "no-pass": reject messages without a passing DKIM signature
404- # "author-mismatch": reject messages that don’t have a passing DKIM signature
405- # where d= matches the From header domain
406- reject_failures =
407- #reject_failures = missing, no-pass, author-mismatch
408 diff --git a/containers/multiuser-mail/templates/postfix/aliases b/containers/multiuser-mail/templates/postfix/aliases
409deleted file mode 100644
410index bedd39e..0000000
411--- a/containers/multiuser-mail/templates/postfix/aliases
412+++ /dev/null
413 @@ -1,273 +0,0 @@
414- #
415- # Sample aliases file. Install in the location as specified by the
416- # output from the command "postconf alias_maps". Typical path names
417- # are /etc/aliases or /etc/mail/aliases.
418- #
419- # >>>>>>>>>> The program "newaliases" must be run after
420- # >> NOTE >> this file is updated for any changes to
421- # >>>>>>>>>> show through to Postfix.
422- #
423-
424- # Person who should get root's mail. Don't receive mail as root!
425- root: ${AYLLU_ROOT_MAIL_USER}
426-
427- # Basic system aliases -- these MUST be present
428- MAILER-DAEMON: postmaster
429- postmaster: root
430-
431- # General redirections for pseudo accounts
432- bin: root
433- daemon: root
434- named: root
435- nobody: root
436- uucp: root
437- www: root
438- ftp-bugs: root
439- postfix: root
440-
441- # Put your local aliases here.
442-
443- # Well-known aliases
444- manager: root
445- dumper: root
446- operator: root
447- abuse: postmaster
448-
449- # trap decode to catch security attacks
450- decode: root
451-
452- # ALIASES(5) ALIASES(5)
453- #
454- # NAME
455- # aliases - Postfix local alias database format
456- #
457- # SYNOPSIS
458- # newaliases
459- #
460- # DESCRIPTION
461- # The optional aliases(5) table (alias_maps) redirects mail
462- # for local recipients. The redirections are processed by
463- # the Postfix local(8) delivery agent.
464- #
465- # This is unlike virtual(5) aliasing (virtual_alias_maps)
466- # which applies to all recipients: local(8), virtual, and
467- # remote, and which is implemented by the cleanup(8) daemon.
468- #
469- # Normally, the aliases(5) table is specified as a text file
470- # that serves as input to the postalias(1) command. The
471- # result, an indexed file in dbm or db format, is used for
472- # fast lookup by the mail system. Execute the command
473- # newaliases in order to rebuild the indexed file after
474- # changing the Postfix alias database.
475- #
476- # When the table is provided via other means such as NIS,
477- # LDAP or SQL, the same lookups are done as for ordinary
478- # indexed files.
479- #
480- # Alternatively, the table can be provided as a regu-
481- # lar-expression map where patterns are given as regular
482- # expressions. In this case, the lookups are done in a
483- # slightly different way as described below under "REGULAR
484- # EXPRESSION TABLES".
485- #
486- # Users can control delivery of their own mail by setting up
487- # .forward files in their home directory. Lines in per-user
488- # .forward files have the same syntax as the right-hand side
489- # of aliases(5) entries.
490- #
491- # The format of the alias database input file is as follows:
492- #
493- # o An alias definition has the form
494- #
495- # name: value1, value2, ...
496- #
497- # o Empty lines and whitespace-only lines are ignored,
498- # as are lines whose first non-whitespace character
499- # is a `#'.
500- #
501- # o A logical line starts with non-whitespace text. A
502- # line that starts with whitespace continues a logi-
503- # cal line.
504- #
505- # The name is a local address (no domain part). Use double
506- # quotes when the name contains any special characters such
507- # as whitespace, `#', `:', or `@'. The name is folded to
508- # lowercase, in order to make database lookups case insensi-
509- # tive.
510- #
511- # In addition, when an alias exists for owner-name, this
512- # will override the envelope sender address, so that deliv-
513- # ery diagnostics are directed to owner-name, instead of the
514- # originator of the message (for details, see
515- # owner_request_special, expand_owner_alias and
516- # reset_owner_alias). This is typically used to direct
517- # delivery errors to the maintainer of a mailing list, who
518- # is in a better position to deal with mailing list delivery
519- # problems than the originator of the undelivered mail.
520- #
521- # The value contains one or more of the following:
522- #
523- # address
524- # Mail is forwarded to address, which is compatible
525- # with the RFC 822 standard.
526- #
527- # /file/name
528- # Mail is appended to /file/name. For details on how
529- # a file is written see the sections "EXTERNAL FILE
530- # DELIVERY" and "DELIVERY RIGHTS" in the local(8)
531- # documentation. Delivery is not limited to regular
532- # files. For example, to dispose of unwanted mail,
533- # deflect it to /dev/null.
534- #
535- # |command
536- # Mail is piped into command. Commands that contain
537- # special characters, such as whitespace, should be
538- # enclosed between double quotes. For details on how
539- # a command is executed see "EXTERNAL COMMAND DELIV-
540- # ERY" and "DELIVERY RIGHTS" in the local(8) documen-
541- # tation.
542- #
543- # When the command fails, a limited amount of command
544- # output is mailed back to the sender. The file
545- # /usr/include/sysexits.h defines the expected exit
546- # status codes. For example, use "|exit 67" to simu-
547- # late a "user unknown" error, and "|exit 0" to
548- # implement an expensive black hole.
549- #
550- # :include:/file/name
551- # Mail is sent to the destinations listed in the
552- # named file. Lines in :include: files have the same
553- # syntax as the right-hand side of alias entries.
554- #
555- # A destination can be any destination that is
556- # described in this manual page. However, delivery to
557- # "|command" and /file/name is disallowed by default.
558- # To enable, edit the allow_mail_to_commands and
559- # allow_mail_to_files configuration parameters.
560- #
561- # ADDRESS EXTENSION
562- # When alias database search fails, and the recipient local-
563- # part contains the optional recipient delimiter (e.g.,
564- # user+foo), the search is repeated for the unextended
565- # address (e.g., user).
566- #
567- # The propagate_unmatched_extensions parameter controls
568- # whether an unmatched address extension (+foo) is propa-
569- # gated to the result of table lookup.
570- #
571- # CASE FOLDING
572- # The local(8) delivery agent always folds the search string
573- # to lowercase before database lookup.
574- #
575- # REGULAR EXPRESSION TABLES
576- # This section describes how the table lookups change when
577- # the table is given in the form of regular expressions. For
578- # a description of regular expression lookup table syntax,
579- # see regexp_table(5) or pcre_table(5). NOTE: these formats
580- # do not use ":" at the end of a pattern.
581- #
582- # Each regular expression is applied to the entire search
583- # string. Thus, a search string user+foo is not broken up
584- # into user and foo.
585- #
586- # Regular expressions are applied in the order as specified
587- # in the table, until a regular expression is found that
588- # matches the search string.
589- #
590- # Lookup results are the same as with indexed file lookups.
591- # For security reasons there is no support for $1, $2 etc.
592- # substring interpolation.
593- #
594- # SECURITY
595- # The local(8) delivery agent disallows regular expression
596- # substitution of $1 etc. in alias_maps, because that would
597- # open a security hole.
598- #
599- # The local(8) delivery agent will silently ignore requests
600- # to use the proxymap(8) server within alias_maps. Instead
601- # it will open the table directly. Before Postfix version
602- # 2.2, the local(8) delivery agent will terminate with a
603- # fatal error.
604- #
605- # CONFIGURATION PARAMETERS
606- # The following main.cf parameters are especially relevant.
607- # The text below provides only a parameter summary. See
608- # postconf(5) for more details including examples.
609- #
610- # alias_database (see 'postconf -d' output)
611- # The alias databases for local(8) delivery that are
612- # updated with "newaliases" or with "sendmail -bi".
613- #
614- # alias_maps (see 'postconf -d' output)
615- # Optional lookup tables with aliases that apply only
616- # to local(8) recipients; this is unlike vir-
617- # tual_alias_maps that apply to all recipients:
618- # local(8), virtual, and remote.
619- #
620- # allow_mail_to_commands (alias, forward)
621- # Restrict local(8) mail delivery to external com-
622- # mands.
623- #
624- # allow_mail_to_files (alias, forward)
625- # Restrict local(8) mail delivery to external files.
626- #
627- # expand_owner_alias (no)
628- # When delivering to an alias "aliasname" that has an
629- # "owner-aliasname" companion alias, set the envelope
630- # sender address to the expansion of the
631- # "owner-aliasname" alias.
632- #
633- # propagate_unmatched_extensions (canonical, virtual)
634- # What address lookup tables copy an address exten-
635- # sion from the lookup key to the lookup result.
636- #
637- # owner_request_special (yes)
638- # Enable special treatment for owner-listname entries
639- # in the aliases(5) file, and don't split owner-list-
640- # name and listname-request address localparts when
641- # the recipient_delimiter is set to "-".
642- #
643- # recipient_delimiter (empty)
644- # The set of characters that can separate an email
645- # address localpart, user name, or a .forward file
646- # name from its extension.
647- #
648- # Available in Postfix version 2.3 and later:
649- #
650- # frozen_delivered_to (yes)
651- # Update the local(8) delivery agent's idea of the
652- # Delivered-To: address (see prepend_deliv-
653- # ered_header) only once, at the start of a delivery
654- # attempt; do not update the Delivered-To: address
655- # while expanding aliases or .forward files.
656- #
657- # STANDARDS
658- # RFC 822 (ARPA Internet Text Messages)
659- #
660- # SEE ALSO
661- # local(8), local delivery agent
662- # newaliases(1), create/update alias database
663- # postalias(1), create/update alias database
664- # postconf(5), configuration parameters
665- #
666- # README FILES
667- # Use "postconf readme_directory" or "postconf html_direc-
668- # tory" to locate this information.
669- # DATABASE_README, Postfix lookup table overview
670- #
671- # LICENSE
672- # The Secure Mailer license must be distributed with this
673- # software.
674- #
675- # AUTHOR(S)
676- # Wietse Venema
677- # IBM T.J. Watson Research
678- # P.O. Box 704
679- # Yorktown Heights, NY 10598, USA
680- #
681- # Wietse Venema
682- # Google, Inc.
683- # 111 8th Avenue
684- # New York, NY 10011, USA
685- #
686- #
687 diff --git a/containers/multiuser-mail/templates/postfix/master.cf b/containers/multiuser-mail/templates/postfix/master.cf
688deleted file mode 100644
689index 47f2a46..0000000
690--- a/containers/multiuser-mail/templates/postfix/master.cf
691+++ /dev/null
692 @@ -1,155 +0,0 @@
693- #
694- # Postfix master process configuration file. For details on the format
695- # of the file, see the master(5) manual page (command: "man 5 master" or
696- # on-line: http://www.postfix.org/master.5.html).
697- #
698- # Do not forget to execute "postfix reload" after editing this file.
699- #
700- # ==========================================================================
701- # service type private unpriv chroot wakeup maxproc command + args
702- # (yes) (yes) (no) (never) (100)
703- # ==========================================================================
704- smtp inet n - n - - smtpd
705- #smtp inet n - n - 1 postscreen
706- #smtpd pass - - n - - smtpd
707- #dnsblog unix - - n - 0 dnsblog
708- #tlsproxy unix - - n - 0 tlsproxy
709- # Choose one: enable submission for loopback clients only, or for any client.
710- #127.0.0.1:submission inet n - n - - smtpd
711- #submission inet n - n - - smtpd
712- # -o syslog_name=postfix/submission
713- # -o smtpd_tls_security_level=encrypt
714- # -o smtpd_sasl_auth_enable=yes
715- # -o smtpd_tls_auth_only=yes
716- # -o local_header_rewrite_clients=static:all
717- # -o smtpd_reject_unlisted_recipient=no
718- # Instead of specifying complex smtpd_<xxx>_restrictions here,
719- # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
720- # here, and specify mua_<xxx>_restrictions in main.cf (where
721- # "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
722- # -o smtpd_client_restrictions=
723- # -o smtpd_helo_restrictions=
724- # -o smtpd_sender_restrictions=
725- # -o smtpd_relay_restrictions=
726- # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
727- # -o milter_macro_daemon_name=ORIGINATING
728- # Choose one: enable submissions for loopback clients only, or for any client.
729- #127.0.0.1:submissions inet n - n - - smtpd
730- #submissions inet n - n - - smtpd
731- # -o syslog_name=postfix/submissions
732- # -o smtpd_tls_wrappermode=yes
733- # -o smtpd_sasl_auth_enable=yes
734- # -o local_header_rewrite_clients=static:all
735- # -o smtpd_reject_unlisted_recipient=no
736- # Instead of specifying complex smtpd_<xxx>_restrictions here,
737- # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
738- # here, and specify mua_<xxx>_restrictions in main.cf (where
739- # "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
740- # -o smtpd_client_restrictions=
741- # -o smtpd_helo_restrictions=
742- # -o smtpd_sender_restrictions=
743- # -o smtpd_relay_restrictions=
744- # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
745- # -o milter_macro_daemon_name=ORIGINATING
746- #628 inet n - n - - qmqpd
747- pickup unix n - n 60 1 pickup
748- cleanup unix n - n - 0 cleanup
749- qmgr unix n - n 300 1 qmgr
750- #qmgr unix n - n 300 1 oqmgr
751- tlsmgr unix - - n 1000? 1 tlsmgr
752- rewrite unix - - n - - trivial-rewrite
753- bounce unix - - n - 0 bounce
754- defer unix - - n - 0 bounce
755- trace unix - - n - 0 bounce
756- verify unix - - n - 1 verify
757- flush unix n - n 1000? 0 flush
758- proxymap unix - - n - - proxymap
759- proxywrite unix - - n - 1 proxymap
760- smtp unix - - n - - smtp
761- relay unix - - n - - smtp
762- -o syslog_name=postfix/$service_name
763- # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
764- showq unix n - n - - showq
765- error unix - - n - - error
766- retry unix - - n - - error
767- discard unix - - n - - discard
768- local unix - n n - - local
769- virtual unix - n n - - virtual
770- lmtp unix - - n - - lmtp
771- anvil unix - - n - 1 anvil
772- scache unix - - n - 1 scache
773- postlog unix-dgram n - n - 1 postlogd
774- #
775- # ====================================================================
776- # Interfaces to non-Postfix software. Be sure to examine the manual
777- # pages of the non-Postfix software to find out what options it wants.
778- #
779- # Many of the following services use the Postfix pipe(8) delivery
780- # agent. See the pipe(8) man page for information about ${recipient}
781- # and other message envelope options.
782- # ====================================================================
783- #
784- # maildrop. See the Postfix MAILDROP_README file for details.
785- # Also specify in main.cf: maildrop_destination_recipient_limit=1
786- #
787- #maildrop unix - n n - - pipe
788- # flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
789- #
790- # ====================================================================
791- #
792- # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
793- #
794- # Specify in cyrus.conf:
795- # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
796- #
797- # Specify in main.cf one or more of the following:
798- # mailbox_transport = lmtp:inet:localhost
799- # virtual_transport = lmtp:inet:localhost
800- #
801- # ====================================================================
802- #
803- # Cyrus 2.1.5 (Amos Gouaux)
804- # Also specify in main.cf: cyrus_destination_recipient_limit=1
805- #
806- #cyrus unix - n n - - pipe
807- # flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
808- #
809- # ====================================================================
810- #
811- # Old example of delivery via Cyrus.
812- #
813- #old-cyrus unix - n n - - pipe
814- # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
815- #
816- # ====================================================================
817- #
818- # See the Postfix UUCP_README file for configuration details.
819- #
820- #uucp unix - n n - - pipe
821- # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
822- #
823- # ====================================================================
824- #
825- # Other external delivery methods.
826- #
827- #ifmail unix - n n - - pipe
828- # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
829- #
830- #bsmtp unix - n n - - pipe
831- # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
832- #
833- #scalemail-backend unix - n n - 2 pipe
834- # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
835- # ${nexthop} ${user} ${extension}
836- #
837- #mailman unix - n n - - pipe
838- # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
839- # ${nexthop} ${user}
840-
841- # SPF Verifier
842- policyd-spf unix - n n - 0 spawn
843- user=nobody argv=/usr/bin/postfix-policyd-spf-perl
844-
845- # Mailpot
846- mailpot unix - n n - 1 pipe
847- flags=RX user=ayllu directory=/home/ayllu argv=/usr/bin/ayllu-mail --database ${AYLLU_DB_PATH} --config ${AYLLU_CONFIG} post"
848 diff --git a/containers/multiuser-mail/templates/postfix/mime_header_checks b/containers/multiuser-mail/templates/postfix/mime_header_checks
849deleted file mode 100644
850index 50cf33f..0000000
851--- a/containers/multiuser-mail/templates/postfix/mime_header_checks
852+++ /dev/null
853 @@ -1 +0,0 @@
854- /Content-(Type|Disposition):.*attachment;/ REJECT Attachments are disallowed
855 diff --git a/containers/multiuser-mail/templates/postfix/smtp_header_checks b/containers/multiuser-mail/templates/postfix/smtp_header_checks
856deleted file mode 100644
857index 9e39150..0000000
858--- a/containers/multiuser-mail/templates/postfix/smtp_header_checks
859+++ /dev/null
860 @@ -1,2 +0,0 @@
861- /^Received: .*/ IGNORE
862- /^User-Agent: .*/ IGNORE
863 diff --git a/containers/multiuser-mail/templates/spf-milter/spf-milter.conf b/containers/multiuser-mail/templates/spf-milter/spf-milter.conf
864deleted file mode 100644
865index d97eb8c..0000000
866--- a/containers/multiuser-mail/templates/spf-milter/spf-milter.conf
867+++ /dev/null
868 @@ -1,8 +0,0 @@
869- # spf-milter.conf
870-
871- socket = unix:/run/spf-milter/spf-milter.sock
872- log_level = debug
873- log_destination = stderr
874-
875- # Also verify HELO before MAIL FROM:
876- verify_helo = yes
877 diff --git a/containers/multiuser/Containerfile b/containers/multiuser/Containerfile
878index 5b830a1..c57401f 100644
879--- a/containers/multiuser/Containerfile
880+++ b/containers/multiuser/Containerfile
881 @@ -19,6 +19,7 @@ COPY containers/multiuser/init/ /etc/ayllu-init/
882 COPY containers/multiuser/motd.txt /etc/motd
883 COPY containers/multiuser/service/ /etc/service/
884 COPY containers/multiuser/profile.d/ /etc/profile.d/
885+ COPY containers/multiuser/crontabs/ /etc/crontabs/
886 COPY containers/multiuser/run_all.sh /
887
888 CMD ["/run_all.sh"]
889 diff --git a/containers/multiuser/crontabs/ayllu b/containers/multiuser/crontabs/ayllu
890new file mode 100644
891index 0000000..5fa990b
892--- /dev/null
893+++ b/containers/multiuser/crontabs/ayllu
894 @@ -0,0 +1,2 @@
895+ # min hour day month weekday command
896+ */1 * * * * NO_COLOR=true /usr/bin/ayllu-jobs run-all
897 diff --git a/containers/multiuser/init/config.sh b/containers/multiuser/init/config.sh
898index 57f51e5..71fe19c 100755
899--- a/containers/multiuser/init/config.sh
900+++ b/containers/multiuser/init/config.sh
901 @@ -1,7 +1,5 @@
902 #!/bin/sh
903
904- # TODO: Ayllu should have a programmatic way to set configuration values
905- # at runtime e.g. ayllu config set http.address = ....
906 [ -n "${AYLLU_LISTEN_ADDRESS}" ] && {
907- sed -i "s/127.0.0.1:8080/$AYLLU_LISTEN_ADDRESS/" /etc/ayllu/config.toml
908- }
909+ ayllu config set http.address "\"$AYLLU_LISTEN_ADDRESS\""
910+ } || true
911 diff --git a/containers/multiuser/service/syslogd/run b/containers/multiuser/service/syslogd/run
912new file mode 100755
913index 0000000..455172e
914--- /dev/null
915+++ b/containers/multiuser/service/syslogd/run
916 @@ -0,0 +1,3 @@
917+ #!/bin/sh
918+
919+ syslogd -n -O -
920 diff --git a/scripts/build_all_containers.sh b/scripts/build_all_containers.sh
921index 0cfc44a..8f00ae9 100755
922--- a/scripts/build_all_containers.sh
923+++ b/scripts/build_all_containers.sh
924 @@ -4,4 +4,3 @@ set -e
925 scripts/build_container.sh containers/base-build
926 scripts/build_container.sh containers/ayllu
927 scripts/build_container.sh containers/multiuser
928- scripts/build_container.sh containers/multiuser-mail