32 changed files with 44 additions and 174 deletions
--- a/seed/applicationservice/2022.03.08/base/manual/install/install_host
+++ b/seed/applicationservice/2022.03.08/base/manual/install/install_host
@ -5,7 +5,7 @@ if [ -z "$HOST_NAME" ]; then
    echo "usage: $0 host name"
    exit 1
 fi
-apt install --yes systemd-container dnf jq debootstrap htop gettext
+apt install --yes systemd-container dnf jq debootstrap htop
 systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0asystemd-nspawn.conf
 systemd-tmpfiles --create --clean --remove $PWD/host/configurations/$HOST_NAME/tmpfiles.d/0rougail.conf
 systemctl daemon-reload
--- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
@ -12,9 +12,6 @@
      <file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
      <file>/etc/pki/tls/certs/postfix.crt</file>
      <file owner="root" group="postfix" mode="440">/etc/pki/tls/private/postfix.key</file>
-      <file>/etc/postfix/sni</file>
-      <file source="postfix_sni.pem" file_type="variable" mode="400" variable="submission_domainname">postfix_pem_files</file>
-      <file mode="400">/etc/postfix/certs/postfix.pem</file>
    </service>
    <service name='dovecot-init'>
      <override/>
@ -27,7 +24,7 @@
      <file engine='none'>/etc/dovecot/conf.d/10-auth.conf</file>
      <file engine='none'>/etc/dovecot/conf.d/10-mail.conf</file>
      <file>/etc/dovecot/conf.d/10-master.conf</file>
-      <file>/etc/dovecot/conf.d/10-ssl.conf</file>
+      <file engine='none'>/etc/dovecot/conf.d/10-ssl.conf</file>
      <!-- FIXME file engine='none'>/etc/dovecot/conf.d/12-managesieve.conf</file-->
      <file engine='none'>/etc/dovecot/conf.d/15-ldap.conf</file>
      <file engine='none'>/etc/dovecot/conf.d/30-service-stats.conf</file>
@ -44,15 +41,9 @@
      <file>/etc/pki/ca-trust/source/anchors/ca_IMAPServer.crt</file>
      <file>/etc/pki/tls/certs/dovecot.crt</file>
      <file owner="root" group="dovecot" mode="440">/etc/pki/tls/private/dovecot.key</file>
-      <file source="external_imap.crt" file_type="variable" variable="imap_domainname">external_imap_crt</file>
-      <file owner="root" group="dovecot" mode="440" source="external_imap.key" file_type="variable" variable="imap_domainname">external_imap_key</file>
    </service>
  </services>
  <variables>
-    <variable name="external_ports" redefine="True">
-      <value>587</value>
-      <value>993</value>
-    </variable>
    <family name="annuaire">
      <variable name="ldap_key_file_owner" redefine="True">
        <value>dovecot</value>
@ -61,17 +52,12 @@
        <value>postfix</value>
      </variable>
    </family>
-    <family name="mail" description="Mail domain" leadership="True">
-      <variable name="mail_domains" type="domainname" description="Domaine de courriel géré localement" mandatory="True" multi="True"/>
-      <variable name="imap_domainname" type="domainname" mandatory="True"/>
-      <variable name="submission_domainname" type="domainname" mandatory="True"/>
-    </family>
-    <family name="postfix">
-      <variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
+    <family name="postfix" description="Postfix mail server">
+      <variable name="postfix_my_domains" type="domainname" description="Domaine de courriel généré localement" mandatory="True" multi="True"/>
+      <variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
    </family>
    <family name="dovecot" description="IMAP mail server">
-      <variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
-      <variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
+      <variable name='dovecot_ca_chain' description="CA certificate" hidden='True'/>
      <variable name='dovecot_local_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
      <family name="local_authentification_" description="Local server authentification" dynamic='dovecot_local_authentifications'>
        <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
@ -82,6 +68,16 @@
    </family>
  </variables>
  <constraints>
+    <fill name="get_chain">
+      <param name="authority_cn" type="variable">domain_name_eth0</param>
+      <param name="authority_name">MailServer</param>
+      <target>postfix_ca_chain</target>
+    </fill>
+    <fill name="get_chain">
+      <param name="authority_cn" type="variable">domain_name_eth0</param>
+      <param name="authority_name">IMAPServer</param>
+      <target>dovecot_ca_chain</target>
+    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username" type="suffix"/>
@ -93,13 +89,13 @@
      <param name="linked_server" type="variable">smtp_relay_address</param>
      <param name="linked_provider">lmtp_server</param>
      <param name="linked_value" type="variable">domain_name_eth0</param>
-      <target>mail_domains</target>
+      <target>postfix_my_domains</target>
    </check>
    <check name="set_linked_configuration">
      <param name="linked_server" type="variable">smtp_relay_address</param>
      <param name="linked_provider">lmtp_criteria</param>
      <param name="dynamic" type="variable">domain_name_eth0</param>
-      <target>mail_domains</target>
+      <target>postfix_my_domains</target>
    </check>
    <fill name="calc_value">
      <param type="variable">tls_ca_directory</param>
@ -107,29 +103,5 @@
      <param name="join">/</param>
      <target>revprox_ca_file</target>
    </fill>
-    <fill name="calc_value">
-      <param>/etc/pki/tls/certs/imap_</param>
-      <param type="variable">imap_domainname</param>
-      <param>.crt</param>
-      <param name="join"></param>
-      <param name="multi" type="boolean">True</param>
-      <target>external_imap_crt</target>
-    </fill>
-    <fill name="calc_value">
-      <param>/etc/pki/tls/private/imap_</param>
-      <param type="variable">imap_domainname</param>
-      <param>.key</param>
-      <param name="join"></param>
-      <param name="multi" type="boolean">True</param>
-      <target>external_imap_key</target>
-    </fill>
-    <fill name="calc_value">
-      <param>/etc/postfix/certs/</param>
-      <param type="variable">submission_domainname</param>
-      <param>.pem</param>
-      <param name="join"></param>
-      <param name="multi" type="boolean">True</param>
-      <target>postfix_pem_files</target>
-    </fill>
  </constraints>
 </rougail>
--- a/seed/applicationservice/2022.03.08/dovecot/templates/10-ssl.conf
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/10-ssl.conf
@ -16,16 +16,6 @@ ssl = required
 #>GNUNUX
 ssl_cert = </etc/pki/tls/certs/dovecot.crt
 ssl_key = </etc/pki/tls/private/dovecot.key
-%for %%mail in %%mail_domains
-local_name %%mail.imap_domainname {
-    ssl_cert = </etc/pki/tls/certs/imap_%%{mail.imap_domainname}.crt
-    ssl_key = </etc/pki/tls/private/imap_%%{mail.imap_domainname}.key
-}
-%end for
-local_name %%domain_name_eth0 {
-    ssl_cert = </etc/pki/tls/certs/dovecot.crt
-    ssl_key = </etc/pki/tls/private/dovecot.key
-}
 #<GNUNUX

 # If key file is password protected, give the password here. Alternatively
--- a/seed/applicationservice/2022.03.08/dovecot/templates/ca_IMAPServer.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/ca_IMAPServer.crt
@ -1 +1 @@
-%%get_chain(%%domain_name_eth0, "IMAPServer")
+%%dovecot_ca_chain
--- a/seed/applicationservice/2022.03.08/dovecot/templates/ca_MailServer.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/ca_MailServer.crt
@ -1 +1 @@
-%%get_chain(%%domain_name_eth0, "MailServer")
+%%postfix_ca_chain
--- a/seed/applicationservice/2022.03.08/dovecot/templates/external_imap.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/external_imap.crt
@ -1,2 +0,0 @@
-%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
-
--- a/seed/applicationservice/2022.03.08/dovecot/templates/external_imap.key
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/external_imap.key
@ -1 +0,0 @@
-%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
--- a/seed/applicationservice/2022.03.08/dovecot/templates/main.cf
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/main.cf
@ -749,9 +749,6 @@ smtpd_tls_key_file = /etc/pki/tls/private/postfix.key

 smtpd_tls_CApath = /etc/pki/tls/certs
 smtpd_tls_CAfile = /etc/pki/ca-trust/source/anchors/ca_MailServer.crt
-#>GNUNUX
-tls_server_sni_maps = hash:/etc/postfix/sni
-#<GNUNUX
 # Announce STARTTLS support to remote SMTP clients, but do not require that
 # clients use TLS encryption (opportunistic TLS inbound).
 #
@ -799,11 +796,7 @@ smtpd_sasl_path = /srv/dovecot/auth
 broken_sasl_auth_clients = yes

 dovecot_destination_recipient_limit = 1
-%set %%domains = []
-%for %%domain in %%mail_domains
-%%domains.append(%%str(%%domain))%slurp
-%end for
-virtual_mailbox_domains = %echo ', '.join(%%domains)
+virtual_mailbox_domains = %echo ', '.join(%%postfix_my_domains)
 virtual_mailbox_maps = ldap:/etc/postfix/ldapsource.cf
 virtual_alias_maps = ldap:/etc/postfix/ldapsource.cf
 virtual_minimum_uid = 1000
--- a/seed/applicationservice/2022.03.08/dovecot/templates/postfix.pem
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/postfix.pem
@ -1,2 +0,0 @@
-%%get_private_key(%%domain_name_eth0, 'MailServer')
-%%get_certificate(%%domain_name_eth0, "MailServer")
--- a/seed/applicationservice/2022.03.08/dovecot/templates/postfix.service
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/postfix.service
@ -1,4 +1,3 @@
 [Service]
 ExecStartPre=/usr/sbin/postmap /etc/postfix/relay_passwd
-ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
 PIDFile=/srv/postfix/spool/pid/master.pid
--- a/seed/applicationservice/2022.03.08/dovecot/templates/postfix_sni.pem
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/postfix_sni.pem
@ -1,3 +0,0 @@
-%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
-%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
-%%cert
--- a/seed/applicationservice/2022.03.08/dovecot/templates/sni
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/sni
@ -1,4 +0,0 @@
-%for %%name in %%mail_domains
-%%name.submission_domainname /etc/postfix/certs/%%{name.submission_domainname}.pem
-%end for
-%%domain_name_eth0 /etc/postfix/certs/postfix.pem
--- a/seed/applicationservice/2022.03.08/letsencrypt/dictionaries/20-letsencrypt.xml
+++ b/seed/applicationservice/2022.03.08/letsencrypt/dictionaries/20-letsencrypt.xml
@ -3,6 +3,8 @@
  <variables>
    <family name='letsencrypt' description="Défi DNS pour Let's encrypt" leadership="True">
      <variable name="domain_names" type="domainname" description="Nom des domaines" multi="True"/>
+      <variable name="authority_cn" description="Nom de domaine de l'autorité" mandatory="True"/>
+      <variable name="authority_name" description="Nom de l'authorité" mandatory="True"/>
      <variable name="plugin_name" type="string" description="Nom du greffon de mise à jour DNS du domaine" mandatory="True"/>
      <variable name="credential_filename" type="filename" description="Nom du fichier de configuration du greffin" mandatory="True"/>
      <variable name="email" type="mail" description="Courriel associé au certificat" mandatory="True"/>
@ -10,7 +12,8 @@
  </variables>
  <constraints>
    <check name="letsencrypt_certif">
-      <param type="variable">domain_name_eth0</param>
+      <param type="variable">authority_cn</param>
+      <param type="variable">authority_name</param>
      <param type="variable">plugin_name</param>
      <param type="variable">credential_filename</param>
      <param type="variable">email</param>
--- a/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py
+++ b/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py
@ -14,13 +14,13 @@ _X509_DIR = _join(_HERE, 'pki', 'x509')

 def letsencrypt_certif(domain: str,
                       authority_cn: str,
+                       authority_name: str,
                       plugin_name: str,
                       credential_filename: str,
                       email: str,
                       ) -> None:
-    if None in (domain, authority_cn, plugin_name, credential_filename, email):
+    if None in (domain, authority_cn, authority_name, plugin_name, credential_filename, email):
        return
-    authority_name = 'External'
    date_file = _join(_LE_DIR, f'{domain}.date')
    date = _datetime.now()
    today = str(date.date())
--- a/seed/applicationservice/2022.03.08/mailman/DEBUG.md
+++ b/seed/applicationservice/2022.03.08/mailman/DEBUG.md
@ -42,4 +42,3 @@ export MAILMAN_WEB_CONFIG=/usr/share/postorius/m_postorius/settings.py

 echo "DEBUG=True" >> /etc/mailman3.d/postorius.py
 systemctl restart postorius
-
--- a/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py
+++ b/seed/applicationservice/2022.03.08/mailman/funcs/mailman.py
@ -1,11 +1,12 @@
 from risotto.utils import multi_function as _multi_function
 from itertools import chain

+
@_multi_function
 def mailman_emails(lists, domain):
    ret = []
    for lst in lists:
-        for suffix in [None, 'bounces(\+.*)?', 'confirm(\+.*)?', 'join', 'leave', 'owner', 'request', 'subscribe', 'unsubscribe']:
+        for suffix in [None, 'bounces', 'confirm', 'join', 'leave', 'owner', 'request', 'subscribe', 'unsubscribe']:
            if suffix:
                lst_name = lst + '-' + suffix
            else:
--- a/seed/applicationservice/2022.03.08/mailman/manual/image/postinstall/postorius.sh
+++ b/seed/applicationservice/2022.03.08/mailman/manual/image/postinstall/postorius.sh
@ -6,7 +6,3 @@ chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/manage.py"
 ln -s /etc/mailman3.d/postorius.py "$IMAGE_NAME_RISOTTO_IMAGE_DIR/usr/share/postorius/m_postorius/settings_local.py"
 ln -s ../../django_mailman3/static/django-mailman3 "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
 ln -s ../../django/contrib/admin/static/admin "$IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/static/"
-#translation
-msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/postorius/locale/fr/LC_MESSAGES/django.mo
-sed -i 's/$event.mlist.fqdn_listname\./$event.mlist.fqdn_listname/g' $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po
-msgfmt $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.po -o $IMAGE_NAME_RISOTTO_IMAGE_DIR/$PYTHON/mailman/messages/fr/LC_MESSAGES/mailman.mo
--- a/seed/applicationservice/2022.03.08/mailman/manual/image/postinstall/postorius/m_postorius/settings.py
+++ b/seed/applicationservice/2022.03.08/mailman/manual/image/postinstall/postorius/m_postorius/settings.py
@ -172,7 +172,7 @@ AUTH_PASSWORD_VALIDATORS = [
 # Internationalization
 # https://docs.djangoproject.com/en/1.9/topics/i18n/

-LANGUAGE_CODE = 'fr'
+LANGUAGE_CODE = 'en-us'

 TIME_ZONE = 'UTC'

--- a/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py
+++ b/seed/applicationservice/2022.03.08/mailman/templates/postorius-settings.py
@ -40,7 +40,6 @@ SOCIALACCOUNT_PROVIDERS = {
        'ACCOUNT_USERNAME_REQUIRED': False,
        'ACCOUNT_AUTHENTICATION_METHOD': 'email',
        'SOCIALACCOUNT_AUTO_SIGNUP': True,
-        'VERIFIED_EMAIL': True,
    },
 }
 #FIXME
--- a/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml
+++ b/seed/applicationservice/2022.03.08/nextcloud/dictionaries/31_nextcloud.xml
@ -17,8 +17,6 @@
      <variable name="nextcloud_admin_password" type="password" auto_freeze="True" hidden="True"/>
      <variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
      <variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
-      <variable name="nexcloud_well_known_caldav" type="web_address" hidden='True'/>
-      <variable name="nexcloud_well_known_carddav" type="web_address" hidden='True'/>
    </family>
    <family name="oauth2_client">
      <variable name="oauth2_is_client_application" redefine='True'>
@ -57,39 +55,5 @@
      <param name="starts_with_char" type="boolean">True</param>
      <target>nextcloud_instance_id</target>
    </fill>
-    <check name="set_linked_multi_variables">
-      <param name="linked_provider_0">revprox_clients</param>
-      <param name="linked_value_0" type="variable">revprox_client_external_domainname</param>
-      <param name="linked_provider_1">revprox_location</param>
-      <param name="linked_value_1">/.well-known/caldav</param>
-      <param name="linked_provider_2">revprox_is_websocket</param>
-      <param name="linked_value_2" type="boolean">False</param>
-      <param name="linked_provider_3">revprox_url</param>
-      <param name="linked_value_3" type="variable">nexcloud_well_known_caldav</param>
-      <target>revprox_client_server_domainname</target>
-    </check>
-    <fill name="calc_web_address">
-      <param type="variable">domain_name_eth0</param>
-      <param type="variable">revprox_client_port</param>
-      <param>/.well-known/caldav</param>
-      <target>nexcloud_well_known_caldav</target>
-    </fill>
-    <check name="set_linked_multi_variables">
-      <param name="linked_provider_0">revprox_clients</param>
-      <param name="linked_value_0" type="variable">revprox_client_external_domainname</param>
-      <param name="linked_provider_1">revprox_location</param>
-      <param name="linked_value_1">/.well-known/carddav</param>
-      <param name="linked_provider_2">revprox_is_websocket</param>
-      <param name="linked_value_2" type="boolean">False</param>
-      <param name="linked_provider_3">revprox_url</param>
-      <param name="linked_value_3" type="variable">nexcloud_well_known_carddav</param>
-      <target>revprox_client_server_domainname</target>
-    </check>
-    <fill name="calc_web_address">
-      <param type="variable">domain_name_eth0</param>
-      <param type="variable">revprox_client_port</param>
-      <param>/.well-known/carddav</param>
-      <target>nexcloud_well_known_carddav</target>
-    </fill>
  </constraints>
 </rougail>
--- a/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init
+++ b/seed/applicationservice/2022.03.08/nextcloud/templates/nextcloud.init
@ -14,8 +14,6 @@ else
    sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
    /usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
 fi
-# Upgrade
-/usr/bin/php /usr/share/nextcloud/occ upgrade || true
 # SSO
 /usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
 # Feature
@ -51,6 +49,7 @@ fi
 # Need network
 /usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
 # Maintenance
+/usr/bin/php /usr/share/nextcloud/occ upgrade
 /usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
 /usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q

--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/certificate.crt
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/certificate.crt
@ -1 +1 @@
-%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
+%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/private.key
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/private.key
@ -1 +1 @@
-%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
+%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
--- a/seed/applicationservice/2022.03.08/postfix-relay/DEBUG.md
+++ b/seed/applicationservice/2022.03.08/postfix-relay/DEBUG.md
@ -45,7 +45,3 @@ postconf maillog_file

 postconf maillog_file=/dev/stdout

-# Test mail en ligne
-
-https://www.mail-tester.com/
-https://dkimvalidator.com/
--- a/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/20_postfix.xml
+++ b/seed/applicationservice/2022.03.08/postfix-relay/dictionaries/20_postfix.xml
@ -11,7 +11,7 @@
      <file engine="none">/etc/postfix/master.cf</file>
      <file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
      <file>/etc/pki/tls/certs/postfix.crt</file>
-      <file source="sni.pem" file_type="variable" mode="400" variable="domain_name_eth">postfix_pem_files</file>
+      <file source="sni.pem" file_type="variable" mode="400" owner="postfix" variable="domain_name_eth">postfix_pem_files</file>
      <file owner="root" group="postfix" mode="440">/etc/pki/tls/private/postfix.key</file>
    </service>
    <service name="saslauthd">
@ -32,19 +32,16 @@
    </service>
  </services>
  <variables>
-    <variable name="external_ports" redefine="True">
-      <value>25</value>
-    </variable>
    <family name="postfix" description="Postfix mail server">
      <variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
-      <variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/>
+      <variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True"/>
      <variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
      <variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
      <family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
        <variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
        <variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
      </family>
-      <variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
+      <variable name='postfix_pem_files' type="filename" description="PEM certificates" hidden='True' multi='True'/>
    </family>
    <family name="opendkim">
      <variable name="opendkim_keys" type="filename" description="Keys filename" multi="True" hidden="True"/>
--- a/seed/applicationservice/2022.03.08/postfix-relay/extras/lmtp/00-lmtp.xml
+++ b/seed/applicationservice/2022.03.08/postfix-relay/extras/lmtp/00-lmtp.xml
@ -6,10 +6,4 @@
      <variable name="criteria_" description="transport criteria" type="string" multi="True" mandatory="True" hidden="True" provider="lmtp_criteria"/>
    </family>
  </variables>
-  <constraints>
-    <fill name="calc_postfix_relay_domains">
-      <param type="variable">lmtp.lmtp_.criteria_</param>
-      <target>postfix_relay_domains</target>
-    </fill>
-  </constraints>
 </rougail>
--- a/seed/applicationservice/2022.03.08/postfix-relay/funcs/opendkim.py
+++ b/seed/applicationservice/2022.03.08/postfix-relay/funcs/opendkim.py
@ -16,16 +16,14 @@ _DKIM_DIR = _join(_HERE, 'pki/dkim')

 def get_dkim_key(domain_name_eth0, domain):
    dkim_dir = _join(_DKIM_DIR, domain_name_eth0, domain)
-#    dkim_file_src = _join(dkim_dir, f'{domain}')
+    dkim_file_src = _join(dkim_dir, f'{domain}')
    dkim_file_key = _join(dkim_dir, f'{domain}.key')
    dkim_file = _join(dkim_dir, f'{domain}.dns')
    if not _isfile(dkim_file):
        if _isdir(dkim_dir):
            _rmtree(dkim_dir)
        _makedirs(dkim_dir)
-        priv_key = _dknewkey.GenRSAKeys(dkim_file_key)
-        _dknewkey.ExtractRSADnsPublicKey(dkim_file_key, dkim_file)
-#        priv_key = _dknewkey.GenEd25519Keys(dkim_file_key)
-#        _dknewkey.ExtractEd25519PublicKey(dkim_file_src, priv_key)
+        priv_key = _dknewkey.GenEd25519Keys(dkim_file_src)
+        _dknewkey.ExtractEd25519PublicKey(dkim_file_key, priv_key)
    with open(dkim_file_key, 'r') as fh:
        return fh.read().strip()
--- a/seed/applicationservice/2022.03.08/postfix-relay/funcs/postfix.py
+++ b/seed/applicationservice/2022.03.08/postfix-relay/funcs/postfix.py
@ -1,12 +0,0 @@
-from risotto.utils import multi_function as _multi_function
-
-
-@_multi_function
-def calc_postfix_relay_domains(criteria):
-    relay = set()
-    for lsts in criteria:
-        for lst in lsts:
-            if '@' in lst:
-                lst = lst.split('@')[1]
-            relay.add(lst)
-    return list(relay)
--- a/seed/applicationservice/2022.03.08/postfix-relay/templates/SigningTable
+++ b/seed/applicationservice/2022.03.08/postfix-relay/templates/SigningTable
@ -24,5 +24,5 @@

 #example.com default._domainkey.example.com
 %for %%domain in %%postfix_relay_domains
-*@%%domain default._domainkey.%%domain
+%%domain default._domainkey.%%domain
 %end for
--- a/seed/applicationservice/2022.03.08/postfix-relay/templates/lmtp
+++ b/seed/applicationservice/2022.03.08/postfix-relay/templates/lmtp
@ -1,9 +1,6 @@
 %for %%domain in %%lmtp.server_lmtp
  %set %%name=%%normalize_family(%%domain)
  %for %%lst in %%lmtp['lmtp_' + name]['criteria_' + %%name]
-%if '@' not in %%lst
-%set %%lst = '.*@' + %%lst
-%end if
-/^%%lst$/                       lmtp:[%%domain]:8024
+%%lst                       lmtp:[%%domain]:8024
  %end for
 %end for
--- a/seed/applicationservice/2022.03.08/postfix-relay/templates/main.cf
+++ b/seed/applicationservice/2022.03.08/postfix-relay/templates/main.cf
@ -350,9 +350,8 @@ mynetworks = 172.0.0.0/8
 #
 #relay_domains = $mydestination
 #>GNUNUX
-relay_domains = %echo ', '.join(%%postfix_relay_domains)
 %if %%lmtp.server_lmtp
-transport_maps = regexp:/etc/postfix/lmtp
+transport_maps = hash:/etc/postfix/lmtp
 %end if
 #<GNUNUX

--- a/seed/applicationservice/2022.03.08/reverse-proxy-client/funcs/revprox_client.py
+++ b/seed/applicationservice/2022.03.08/reverse-proxy-client/funcs/revprox_client.py
@ -1,9 +1,7 @@
-def calc_web_address(domain_name: str, port: str, local_location: str) -> str:
+def calc_web_address(domain_name:str, port:str, local_location:str):
    if not domain_name or not port:
        return
-    web_address = f'https://{domain_name}'
-    if port != '443':
-        web_address += f':{port}'
+    web_address = f'https://{domain_name}:{port}'
    if local_location:
        web_address += local_location
    return web_address
				`@ -1,2 +0,0 @@`
				`%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')`
				`@ -1 +0,0 @@`
				`%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')`