smtp and postgresql tls path
This commit is contained in:
parent
d06e4bc9ee
commit
e5f53eda0d
15 changed files with 48 additions and 28 deletions
|
@ -16,7 +16,8 @@
|
|||
<file>/tests/mailman.yml</file>
|
||||
</service>
|
||||
<service name="postgresqlclient" target="multi-user" engine="creole">
|
||||
<file owner="postorius" mode="400">/etc/pki/tls/private/postgresql_postorius.key</file>
|
||||
<!-- mailman and postorius have differents username -->
|
||||
<file owner="postorius" mode="400" source="postgresql.key">/etc/pki/tls/private/postgresql_postorius.key</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
|
|
@ -24,7 +24,7 @@ layout: fhs
|
|||
#>GNUNUX
|
||||
[database]
|
||||
class: mailman.database.postgresql.PostgreSQLDatabase
|
||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
|
||||
url: postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
|
||||
|
||||
[mta]
|
||||
lmtp_host: %%ip_eth0
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
%%get_private_key(cn=%%domain_name_eth0, authority_cn=%%pg_client_server_domainname, authority_name='PostgreSQL', type="client", hide=%%hide_secret)
|
|
@ -10,7 +10,7 @@ DATABASES = {
|
|||
'HOST': '%%pg_client_server_domainname', # Database server
|
||||
'PORT': '', # Database port (leave blank for default)
|
||||
'CONN_MAX_AGE': 300, # Max database connection age
|
||||
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '/etc/pki/tls/certs/postgresql.crt', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'},
|
||||
'OPTIONS': {'sslmode': 'verify-full', 'sslcert': '%%pg_client_crt_file', 'sslkey': '/etc/pki/tls/private/postgresql_postorius.key', 'sslrootcert': '%%pg_client_ca_file'},
|
||||
}
|
||||
}
|
||||
ALLOWED_HOSTS = ['%%{revprox_client_external_domainnames[0]}']
|
||||
|
|
|
@ -40,9 +40,9 @@ $CONFIG = array (
|
|||
'dbdriveroptions' =>
|
||||
array (
|
||||
'sslmode' => 'verify-full',
|
||||
'sslcert' => '/etc/pki/tls/certs/postgresql.crt',
|
||||
'sslkey' => '/etc/pki/tls/private/postgresql.key',
|
||||
'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt',
|
||||
'sslcert' => '%%pg_client_crt_file',
|
||||
'sslkey' => '%%pg_client_key_file',
|
||||
'sslrootcert' => '%%pg_client_ca_file',
|
||||
),
|
||||
'passwordsalt' => '{{SALT}}',
|
||||
'secret' => '{{SECRET}}',
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
After=risotto.target
|
||||
|
||||
[Service]
|
||||
Environment="PGSSLROOTCERT=/etc/pki/tls/certs/postgresql.crt"
|
||||
Environment="PGSSLCERT=/etc/pki/tls/certs/postgresql.crt"
|
||||
Environment="PGSSLKEY=/etc/pki/tls/private/postgresql.key"
|
||||
Environment="PGSSLROOTCERT=%%pg_client_crt_file"
|
||||
Environment="PGSSLCERT=%%pg_client_crt_file"
|
||||
Environment="PGSSLKEY=%%pg_client_key_file"
|
||||
Environment="PGPASSFILE=/etc/odoo/postgresql.pass"
|
||||
|
||||
#if database not imported, imported it active addons
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
g odoo 1000 -
|
||||
u odoo 998:1000 "ODOO" /srv/odoo /bin/bash
|
||||
m odoo ssl-cert
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
d /srv/odoo 750 odoo odoo - -
|
||||
d /etc/ssl/private 750 root ssl-cert - -
|
||||
|
|
|
@ -72,7 +72,7 @@ smtp:
|
|||
password: '%%smtp_relay_password'
|
||||
tls: false # If you use StartTLS: false
|
||||
disable_starttls: false
|
||||
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
|
||||
ca_file: '%%smtp_ca_file' # Used for self signed certificates
|
||||
from_address: '%%peertube_admin_email'
|
||||
|
||||
email:
|
||||
|
|
|
@ -68,7 +68,7 @@ smtp:
|
|||
password: '%%smtp_relay_password'
|
||||
tls: false # If you use StartTLS: false
|
||||
disable_starttls: false
|
||||
ca_file: '/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt' # Used for self signed certificates
|
||||
ca_file: '%%smtp_ca_file' # Used for self signed certificates
|
||||
from_address: '%%peertube_admin_email'
|
||||
|
||||
email:
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
<services>
|
||||
<service name="postgresqlclient" target="risotto" engine="creole">
|
||||
<file mode="400">/secrets/postgresql.pass</file>
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt</file>
|
||||
<file>/etc/pki/tls/certs/postgresql.crt</file>
|
||||
<file owner_type="variable" owner="pg_client_key_owner" mode="400">/etc/pki/tls/private/postgresql.key</file>
|
||||
<file file_type="variable" source="ca_PostgreSQL.crt">pg_client_ca_file</file>
|
||||
<file file_type="variable" owner_type="variable" owner="pg_client_key_owner" mode="444" source="postgresql.crt">pg_client_crt_file</file>
|
||||
<file file_type="variable" owner_type="variable" owner="pg_client_key_owner" mode="400" source="postgresql.key">pg_client_key_file</file>
|
||||
<file filelist="postgresql_debian" engine="none" source="sysuser-postgresql-client.conf">/sysusers.d/0postgresqlclient.conf</file>
|
||||
</service>
|
||||
</services>
|
||||
|
@ -18,6 +18,9 @@
|
|||
<variable name="pg_client_key_owner" type="unix_user" description="Key owner" mandatory="True">
|
||||
<value>apache</value>
|
||||
</variable>
|
||||
<variable name="pg_client_ca_file" type="filename" description="Postgresql CA filename" hidden="True"/>
|
||||
<variable name="pg_client_crt_file" type="filename" description="Postgresql cert filename" hidden="True"/>
|
||||
<variable name="pg_client_key_file" type="filename" description="Postgresql key filename" hidden="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
|
@ -42,6 +45,24 @@
|
|||
<param type="variable">pg_client_username</param>
|
||||
<target>pg_client_database</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_ca_directory</param>
|
||||
<param>ca_PostgreSQL.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>pg_client_ca_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_cert_directory</param>
|
||||
<param>postgresql.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>pg_client_crt_file</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_key_directory</param>
|
||||
<param>postgresql.key</param>
|
||||
<param name="join">/</param>
|
||||
<target>pg_client_key_file</target>
|
||||
</fill>
|
||||
<condition name="disabled_if_not_in" source="os_name">
|
||||
<param>Debian</param>
|
||||
<target type="filelist">postgresql_debian</target>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
<rougail version="0.10">
|
||||
<services>
|
||||
<service name="smtp" manage="False">
|
||||
<file>/etc/pki/ca-trust/source/anchors/ca_MailRelay.crt</file>
|
||||
<file file_type="variable" source="ca_MailRelay.crt">smtp_ca_file</file>
|
||||
</service>
|
||||
</services>
|
||||
<variables>
|
||||
|
@ -10,6 +10,7 @@
|
|||
<variable name="smtp_relay_address" type="domainname" description="Nom de domaine du serveur SMTP" mandatory="True" supplier="SMTP"/>
|
||||
<variable name="smtp_relay_user" type="unix_user" description="Relay username" mandatory="True" hidden="True"/>
|
||||
<variable name="smtp_relay_password" type="secret" description="Relay password" mandatory="True" hidden="True" supplier="SMTP:password"/>
|
||||
<variable name="smtp_ca_file" type="filename" description="SMTP CA filename" hidden="True"/>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
|
@ -25,5 +26,11 @@
|
|||
<param name="hide" type="variable">hide_secret</param>
|
||||
<target>smtp_relay_password</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
<param type="variable">tls_ca_directory</param>
|
||||
<param>ca_MailRelay.crt</param>
|
||||
<param name="join">/</param>
|
||||
<target>smtp_ca_file</target>
|
||||
</fill>
|
||||
</constraints>
|
||||
</rougail>
|
||||
|
|
|
@ -31,7 +31,7 @@ $config = [];
|
|||
// e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
|
||||
// GNUNUX $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';
|
||||
//>GNUNUX
|
||||
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt';
|
||||
$config['db_dsnw'] = 'pgsql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file';
|
||||
//<GNUNUX
|
||||
|
||||
// Database DSN for read-only operations (if empty write database will be used)
|
||||
|
|
|
@ -1,12 +1,2 @@
|
|||
[Unit]
|
||||
After=risotto.target
|
||||
|
||||
[Service]
|
||||
PrivateDevices=false
|
||||
ProtectHome=false
|
||||
ProtectSystem=false
|
||||
LimitNOFILE=
|
||||
LimitNPROC=
|
||||
WorkingDirectory=/srv/vaultwarden
|
||||
ReadWriteDirectories=
|
||||
ReadWriteDirectories=
|
||||
|
|
|
@ -20,7 +20,7 @@ DATA_FOLDER=/srv/vaultwarden
|
|||
## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
# DATABASE_URL=postgresql://user:password@host[:port]/database_name
|
||||
#>GNUNUX
|
||||
DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=/etc/pki/tls/certs/postgresql.crt&sslkey=/etc/pki/tls/private/postgresql.key&sslrootcert=/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt
|
||||
DATABASE_URL=postgresql://%%pg_client_username:%%pg_client_password@%%pg_client_server_domainname/%%pg_client_database?sslmode=verify-full&sslcert=%%pg_client_crt_file&sslkey=%%pg_client_key_file&sslrootcert=%%pg_client_ca_file
|
||||
#<GNUNUX
|
||||
|
||||
## Database max connections
|
||||
|
|
Loading…
Reference in a new issue