dovecot: add auto configuration

seed/applicationservice/2022.03.08/dovecot/applicationservice.yml

@@ -5,3 +5,4 @@ depends:
   - relay-mail-client
   - ldap-client-fedora
   - oauth2-client
+  - nginx-common

seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml

@@ -18,9 +18,15 @@
     </service>
     <service name='dovecot-init'>
       <override/>
+      <file>/etc/nginx/conf.d/autoconfig.conf</file>
+    </service>
+    <service name='nginx'>
+      <file source='config-v1.1.xml' file_type="variable" variable="mail_domains">well_known_filenames</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
+      <file file_type="variable" source="revprox.crt">revprox_cert_file</file>
+      <file file_type="variable" source="revprox.key" mode="400">revprox_key_file</file>
     </service>
     <service name="dovecot" target="multi-user">
-      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
       <file engine="none" source="sysuser-dovecot.conf">/sysusers.d/1dovecot.conf</file>
       <file engine="none" source="tmpfile-dovecot.conf">/tmpfiles.d/0dovecot.conf</file>
       <file engine='none'>/etc/dovecot/conf.d/10-logging.conf</file>
@@ -63,6 +69,7 @@
     </family>
     <family name="mail" description="Mail domain" leadership="True">
       <variable name="mail_domains" type="domainname" description="Domaine de courriel géré localement" mandatory="True" multi="True"/>
+      <variable name="mail_domains_calc" type="domainname" multi="True" hidden="True"/>
       <variable name="imap_domainname" type="domainname" mandatory="True"/>
       <variable name="submission_domainname" type="domainname" mandatory="True"/>
     </family>
@@ -70,6 +77,8 @@
       <variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
     </family>
     <family name="dovecot" description="IMAP mail server">
+      <variable name="well_knowns" type="web_address" hidden='True' multi="True"/>
+      <variable name="well_known_filenames" type="filename" hidden='True' multi="True"/>
       <variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
       <variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
       <variable name='dovecot_local_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
@@ -78,6 +87,8 @@
         <variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
       </family>
       <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
+      <variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
+      <variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
       <variable name="revprox_server_domainname" type="domainname" description="Reverse proxy domain name for CA" mandatory="True"/>
     </family>
   </variables>
@@ -107,6 +118,18 @@
       <param name="join">/</param>
       <target>revprox_ca_file</target>
     </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_cert_directory</param>
+      <param>revprox.crt</param>
+      <param name="join">/</param>
+      <target>revprox_cert_file</target>
+    </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_key_directory</param>
+      <param>revprox.key</param>
+      <param name="join">/</param>
+      <target>revprox_key_file</target>
+    </fill>
     <fill name="calc_value">
       <param>/etc/pki/tls/certs/imap_</param>
       <param type="variable">imap_domainname</param>
@@ -131,5 +154,46 @@
       <param name="multi" type="boolean">True</param>
       <target>postfix_pem_files</target>
     </fill>
+    <fill name="calc_value">
+      <param type="variable">mail_domains</param>
+      <param name="multi" type="boolean">True</param>
+      <target>mail_domains_calc</target>
+    </fill>
+    <fill name="calc_value">
+      <param>/var/www/html/mail/</param>
+      <param type="variable">mail_domains</param>
+      <param>/autodiscover/autodiscover.xml</param>
+      <!--param>/config-v1.1.xml</param-->
+      <param name="join"></param>
+      <param name="multi" type="boolean">True</param>
+      <target>well_known_filenames</target>
+    </fill>
+    <check name="set_linked_multi_variables">
+      <param type="variable">revprox_server_domainname</param>
+      <param name="linked_provider_0">revprox_clients</param>
+      <param name="linked_provider_1">revprox_location</param>
+      <param name="linked_value_1">/.well-known/autoconfig/mail/config-v1.1.xml</param>
+      <param name="linked_provider_2">revprox_is_websocket</param>
+      <param name="linked_value_2" type="boolean">False</param>
+      <param name="linked_provider_3">revprox_url</param>
+      <param name="linked_value_3" type="variable">well_knowns</param>
+      <target>mail_domains_calc</target>
+    </check>
+    <check name="set_linked_multi_variables">
+      <param type="variable">revprox_server_domainname</param>
+      <param name="linked_provider_0">revprox_clients</param>
+      <param name="linked_provider_1">revprox_location</param>
+      <param name="linked_value_1">/autodiscover/autodiscover.xml</param>
+      <param name="linked_provider_2">revprox_is_websocket</param>
+      <param name="linked_value_2" type="boolean">False</param>
+      <param name="linked_provider_3">revprox_url</param>
+      <param name="linked_value_3" type="variable">well_knowns</param>
+      <target>mail_domains_calc</target>
+    </check>
+    <fill name="calc_well_known">
+      <param type="variable">domain_name_eth0</param>
+      <param type="variable">mail_domains</param>
+      <target>well_knowns</target>
+    </fill>
   </constraints>
 </rougail>

seed/applicationservice/2022.03.08/dovecot/funcs/dovecot.py

@@ -1,9 +1,20 @@
 from crypt import crypt as _crypt
 from string import ascii_letters as _ascii_letters, digits as _digits
 from secrets import choice as _choice
+from risotto.utils import multi_function as _multi_function
 
 
 def sha512_crypt(password):
     salt = ''.join([_choice(_ascii_letters + _digits) for _ in range(8)])
     prefix = '$6$'
     return _crypt(password, prefix + salt)
+
+
+@_multi_function
+def calc_well_known(*args):
+    if None in args:
+        return
+    ret = []
+    for dom in args[1]:
+        ret.append(f'https://{args[0]}/mail/{dom}/autodiscover/autodiscover.xml')
+    return ret

seed/applicationservice/2022.03.08/dovecot/manual/image/preinstall/postfix_dovecot.sh

@@ -1 +1 @@
-PKG="$PKG postfix-ldap dovecot cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain"
+PKG="$PKG postfix-ldap dovecot cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain nginx"

seed/applicationservice/2022.03.08/dovecot/templates/autoconfig.conf

@@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name %%domain_name_eth0;
+
+    ssl_client_certificate %%revprox_ca_file;
+    ssl_certificate        %%revprox_cert_file;
+    ssl_certificate_key    %%revprox_key_file;
+
+    root /var/www/html/;
+    # To allow POST on static pages
+    error_page  405     =200 $uri;
+}

seed/applicationservice/2022.03.08/dovecot/templates/config-v1.1.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+# GNUNUX: from https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat -->
+%set %%domain = %%rougail_variable
+%set %%leader = %%mail_domains[%%mail_domains.index(%%domain)]
+%set %%imap_domain = %%leader.imap_domainname
+%set %%submission_domain = %%leader.submission_domainname
+<clientConfig version="1.1">
+  <emailProvider id="%%domain">
+    <domain>%%domain</domain>
+    <displayName>Services %%domain</displayName>
+    <displayShortName>%%domain</displayShortName>
+    <incomingServer type="imap">
+      <hostname>%%imap_domain</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <username>%EMAILADDRESS%</username>
+      <authentication>password-cleartext</authentication>
+    </incomingServer>
+    <outgoingServer type="smtp">
+      <hostname>%%submission_domain</hostname>
+      <port>587</port>
+      <socketType>STARTTLS</socketType>
+      <username>%EMAILADDRESS%</username>
+      <authentication>password-cleartext</authentication>
+    </outgoingServer>
+  </emailProvider>
+</clientConfig>

seed/applicationservice/2022.03.08/dovecot/templates/revprox.crt

@@ -0,0 +1,2 @@
+%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_server_domainname, authority_name='InternalReverseProxy', type="server")
+%%get_chain(%%revprox_server_domainname, 'InternalReverseProxy')

seed/applicationservice/2022.03.08/dovecot/templates/revprox.key

@@ -0,0 +1 @@
+%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_server_domainname, authority_name='InternalReverseProxy', type='server')