dovecot: add auto configuration

2022-03-29 16:30:38 +02:00 · 2022-03-29 16:30:38 +02:00 · aec2b09ee5
commit aec2b09ee5
parent d93404353e
8 changed files with 120 additions and 2 deletions
--- a/seed/applicationservice/2022.03.08/dovecot/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/dovecot/applicationservice.yml
@ -5,3 +5,4 @@ depends:
  - relay-mail-client
  - ldap-client-fedora
  - oauth2-client
+  - nginx-common
--- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
@ -18,9 +18,15 @@
    </service>
    <service name='dovecot-init'>
      <override/>
+      <file>/etc/nginx/conf.d/autoconfig.conf</file>
+    </service>
+    <service name='nginx'>
+      <file source='config-v1.1.xml' file_type="variable" variable="mail_domains">well_known_filenames</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
+      <file file_type="variable" source="revprox.crt">revprox_cert_file</file>
+      <file file_type="variable" source="revprox.key" mode="400">revprox_key_file</file>
    </service>
    <service name="dovecot" target="multi-user">
-      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
      <file engine="none" source="sysuser-dovecot.conf">/sysusers.d/1dovecot.conf</file>
      <file engine="none" source="tmpfile-dovecot.conf">/tmpfiles.d/0dovecot.conf</file>
      <file engine='none'>/etc/dovecot/conf.d/10-logging.conf</file>
@ -63,6 +69,7 @@
    </family>
    <family name="mail" description="Mail domain" leadership="True">
      <variable name="mail_domains" type="domainname" description="Domaine de courriel géré localement" mandatory="True" multi="True"/>
+      <variable name="mail_domains_calc" type="domainname" multi="True" hidden="True"/>
      <variable name="imap_domainname" type="domainname" mandatory="True"/>
      <variable name="submission_domainname" type="domainname" mandatory="True"/>
    </family>
@ -70,6 +77,8 @@
      <variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
    </family>
    <family name="dovecot" description="IMAP mail server">
+      <variable name="well_knowns" type="web_address" hidden='True' multi="True"/>
+      <variable name="well_known_filenames" type="filename" hidden='True' multi="True"/>
      <variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
      <variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
      <variable name='dovecot_local_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
@ -78,6 +87,8 @@
        <variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
      </family>
      <variable name="revprox_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
+      <variable name="revprox_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
+      <variable name="revprox_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
      <variable name="revprox_server_domainname" type="domainname" description="Reverse proxy domain name for CA" mandatory="True"/>
    </family>
  </variables>
@ -107,6 +118,18 @@
      <param name="join">/</param>
      <target>revprox_ca_file</target>
    </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_cert_directory</param>
+      <param>revprox.crt</param>
+      <param name="join">/</param>
+      <target>revprox_cert_file</target>
+    </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_key_directory</param>
+      <param>revprox.key</param>
+      <param name="join">/</param>
+      <target>revprox_key_file</target>
+    </fill>
    <fill name="calc_value">
      <param>/etc/pki/tls/certs/imap_</param>
      <param type="variable">imap_domainname</param>
@ -131,5 +154,46 @@
      <param name="multi" type="boolean">True</param>
      <target>postfix_pem_files</target>
    </fill>
+    <fill name="calc_value">
+      <param type="variable">mail_domains</param>
+      <param name="multi" type="boolean">True</param>
+      <target>mail_domains_calc</target>
+    </fill>
+    <fill name="calc_value">
+      <param>/var/www/html/mail/</param>
+      <param type="variable">mail_domains</param>
+      <param>/autodiscover/autodiscover.xml</param>
+      <!--param>/config-v1.1.xml</param-->
+      <param name="join"></param>
+      <param name="multi" type="boolean">True</param>
+      <target>well_known_filenames</target>
+    </fill>
+    <check name="set_linked_multi_variables">
+      <param type="variable">revprox_server_domainname</param>
+      <param name="linked_provider_0">revprox_clients</param>
+      <param name="linked_provider_1">revprox_location</param>
+      <param name="linked_value_1">/.well-known/autoconfig/mail/config-v1.1.xml</param>
+      <param name="linked_provider_2">revprox_is_websocket</param>
+      <param name="linked_value_2" type="boolean">False</param>
+      <param name="linked_provider_3">revprox_url</param>
+      <param name="linked_value_3" type="variable">well_knowns</param>
+      <target>mail_domains_calc</target>
+    </check>
+    <check name="set_linked_multi_variables">
+      <param type="variable">revprox_server_domainname</param>
+      <param name="linked_provider_0">revprox_clients</param>
+      <param name="linked_provider_1">revprox_location</param>
+      <param name="linked_value_1">/autodiscover/autodiscover.xml</param>
+      <param name="linked_provider_2">revprox_is_websocket</param>
+      <param name="linked_value_2" type="boolean">False</param>
+      <param name="linked_provider_3">revprox_url</param>
+      <param name="linked_value_3" type="variable">well_knowns</param>
+      <target>mail_domains_calc</target>
+    </check>
+    <fill name="calc_well_known">
+      <param type="variable">domain_name_eth0</param>
+      <param type="variable">mail_domains</param>
+      <target>well_knowns</target>
+    </fill>
  </constraints>
 </rougail>
--- a/seed/applicationservice/2022.03.08/dovecot/funcs/dovecot.py
+++ b/seed/applicationservice/2022.03.08/dovecot/funcs/dovecot.py
@ -1,9 +1,20 @@
 from crypt import crypt as _crypt
 from string import ascii_letters as _ascii_letters, digits as _digits
 from secrets import choice as _choice
+from risotto.utils import multi_function as _multi_function


 def sha512_crypt(password):
    salt = ''.join([_choice(_ascii_letters + _digits) for _ in range(8)])
    prefix = '$6$'
    return _crypt(password, prefix + salt)
+
+
+@_multi_function
+def calc_well_known(*args):
+    if None in args:
+        return
+    ret = []
+    for dom in args[1]:
+        ret.append(f'https://{args[0]}/mail/{dom}/autodiscover/autodiscover.xml')
+    return ret
--- a/seed/applicationservice/2022.03.08/dovecot/manual/image/preinstall/postfix_dovecot.sh
+++ b/seed/applicationservice/2022.03.08/dovecot/manual/image/preinstall/postfix_dovecot.sh
@ -1 +1 @@
-PKG="$PKG postfix-ldap dovecot cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain"
+PKG="$PKG postfix-ldap dovecot cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain nginx"
--- a/seed/applicationservice/2022.03.08/dovecot/templates/autoconfig.conf
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/autoconfig.conf
@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name %%domain_name_eth0;
+
+    ssl_client_certificate %%revprox_ca_file;
+    ssl_certificate        %%revprox_cert_file;
+    ssl_certificate_key    %%revprox_key_file;
+
+    root /var/www/html/;
+    # To allow POST on static pages
+    error_page  405     =200 $uri;
+}
--- a/seed/applicationservice/2022.03.08/dovecot/templates/config-v1.1.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/config-v1.1.xml
@ -0,0 +1,27 @@
+<?xml version="1.0"?>
+# GNUNUX: from https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat -->
+%set %%domain = %%rougail_variable
+%set %%leader = %%mail_domains[%%mail_domains.index(%%domain)]
+%set %%imap_domain = %%leader.imap_domainname
+%set %%submission_domain = %%leader.submission_domainname
+<clientConfig version="1.1">
+  <emailProvider id="%%domain">
+    <domain>%%domain</domain>
+    <displayName>Services %%domain</displayName>
+    <displayShortName>%%domain</displayShortName>
+    <incomingServer type="imap">
+      <hostname>%%imap_domain</hostname>
+      <port>993</port>
+      <socketType>SSL</socketType>
+      <username>%EMAILADDRESS%</username>
+      <authentication>password-cleartext</authentication>
+    </incomingServer>
+    <outgoingServer type="smtp">
+      <hostname>%%submission_domain</hostname>
+      <port>587</port>
+      <socketType>STARTTLS</socketType>
+      <username>%EMAILADDRESS%</username>
+      <authentication>password-cleartext</authentication>
+    </outgoingServer>
+  </emailProvider>
+</clientConfig>
--- a/seed/applicationservice/2022.03.08/dovecot/templates/revprox.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/revprox.crt
@ -0,0 +1,2 @@
+%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_server_domainname, authority_name='InternalReverseProxy', type="server")
+%%get_chain(%%revprox_server_domainname, 'InternalReverseProxy')
--- a/seed/applicationservice/2022.03.08/dovecot/templates/revprox.key
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/revprox.key
@ -0,0 +1 @@
+%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_server_domainname, authority_name='InternalReverseProxy', type='server')
				`@ -0,0 +1 @@`
				`%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_server_domainname, authority_name='InternalReverseProxy', type='server')`