main #5
22 changed files with 144 additions and 33 deletions
|
@ -12,6 +12,9 @@
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
|
<file>/etc/pki/ca-trust/source/anchors/ca_MailServer.crt</file>
|
||||||
<file>/etc/pki/tls/certs/postfix.crt</file>
|
<file>/etc/pki/tls/certs/postfix.crt</file>
|
||||||
<file owner="root" group="postfix" mode="440">/etc/pki/tls/private/postfix.key</file>
|
<file owner="root" group="postfix" mode="440">/etc/pki/tls/private/postfix.key</file>
|
||||||
|
<file>/etc/postfix/sni</file>
|
||||||
|
<file source="postfix_sni.pem" file_type="variable" mode="400" variable="submission_domainname">postfix_pem_files</file>
|
||||||
|
<file mode="400">/etc/postfix/certs/postfix.pem</file>
|
||||||
</service>
|
</service>
|
||||||
<service name='dovecot-init'>
|
<service name='dovecot-init'>
|
||||||
<override/>
|
<override/>
|
||||||
|
@ -24,7 +27,7 @@
|
||||||
<file engine='none'>/etc/dovecot/conf.d/10-auth.conf</file>
|
<file engine='none'>/etc/dovecot/conf.d/10-auth.conf</file>
|
||||||
<file engine='none'>/etc/dovecot/conf.d/10-mail.conf</file>
|
<file engine='none'>/etc/dovecot/conf.d/10-mail.conf</file>
|
||||||
<file>/etc/dovecot/conf.d/10-master.conf</file>
|
<file>/etc/dovecot/conf.d/10-master.conf</file>
|
||||||
<file engine='none'>/etc/dovecot/conf.d/10-ssl.conf</file>
|
<file>/etc/dovecot/conf.d/10-ssl.conf</file>
|
||||||
<!-- FIXME file engine='none'>/etc/dovecot/conf.d/12-managesieve.conf</file-->
|
<!-- FIXME file engine='none'>/etc/dovecot/conf.d/12-managesieve.conf</file-->
|
||||||
<file engine='none'>/etc/dovecot/conf.d/15-ldap.conf</file>
|
<file engine='none'>/etc/dovecot/conf.d/15-ldap.conf</file>
|
||||||
<file engine='none'>/etc/dovecot/conf.d/30-service-stats.conf</file>
|
<file engine='none'>/etc/dovecot/conf.d/30-service-stats.conf</file>
|
||||||
|
@ -41,9 +44,15 @@
|
||||||
<file>/etc/pki/ca-trust/source/anchors/ca_IMAPServer.crt</file>
|
<file>/etc/pki/ca-trust/source/anchors/ca_IMAPServer.crt</file>
|
||||||
<file>/etc/pki/tls/certs/dovecot.crt</file>
|
<file>/etc/pki/tls/certs/dovecot.crt</file>
|
||||||
<file owner="root" group="dovecot" mode="440">/etc/pki/tls/private/dovecot.key</file>
|
<file owner="root" group="dovecot" mode="440">/etc/pki/tls/private/dovecot.key</file>
|
||||||
|
<file source="external_imap.crt" file_type="variable" variable="imap_domainname">external_imap_crt</file>
|
||||||
|
<file owner="root" group="dovecot" mode="440" source="external_imap.key" file_type="variable" variable="imap_domainname">external_imap_key</file>
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
<variables>
|
<variables>
|
||||||
|
<variable name="external_ports" redefine="True">
|
||||||
|
<value>587</value>
|
||||||
|
<value>993</value>
|
||||||
|
</variable>
|
||||||
<family name="annuaire">
|
<family name="annuaire">
|
||||||
<variable name="ldap_key_file_owner" redefine="True">
|
<variable name="ldap_key_file_owner" redefine="True">
|
||||||
<value>dovecot</value>
|
<value>dovecot</value>
|
||||||
|
@ -52,12 +61,17 @@
|
||||||
<value>postfix</value>
|
<value>postfix</value>
|
||||||
</variable>
|
</variable>
|
||||||
</family>
|
</family>
|
||||||
<family name="postfix" description="Postfix mail server">
|
<family name="mail" description="Mail domain" leadership="True">
|
||||||
<variable name="postfix_my_domains" type="domainname" description="Domaine de courriel généré localement" mandatory="True" multi="True"/>
|
<variable name="mail_domains" type="domainname" description="Domaine de courriel géré localement" mandatory="True" multi="True"/>
|
||||||
<variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
|
<variable name="imap_domainname" type="domainname" mandatory="True"/>
|
||||||
|
<variable name="submission_domainname" type="domainname" mandatory="True"/>
|
||||||
|
</family>
|
||||||
|
<family name="postfix">
|
||||||
|
<variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
|
||||||
</family>
|
</family>
|
||||||
<family name="dovecot" description="IMAP mail server">
|
<family name="dovecot" description="IMAP mail server">
|
||||||
<variable name='dovecot_ca_chain' description="CA certificate" hidden='True'/>
|
<variable name='external_imap_crt' type="filename" hidden='True' multi='True'/>
|
||||||
|
<variable name='external_imap_key' type="filename" hidden='True' multi='True'/>
|
||||||
<variable name='dovecot_local_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
|
<variable name='dovecot_local_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
|
||||||
<family name="local_authentification_" description="Local server authentification" dynamic='dovecot_local_authentifications'>
|
<family name="local_authentification_" description="Local server authentification" dynamic='dovecot_local_authentifications'>
|
||||||
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
||||||
|
@ -68,16 +82,6 @@
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<fill name="get_chain">
|
|
||||||
<param name="authority_cn" type="variable">domain_name_eth0</param>
|
|
||||||
<param name="authority_name">MailServer</param>
|
|
||||||
<target>postfix_ca_chain</target>
|
|
||||||
</fill>
|
|
||||||
<fill name="get_chain">
|
|
||||||
<param name="authority_cn" type="variable">domain_name_eth0</param>
|
|
||||||
<param name="authority_name">IMAPServer</param>
|
|
||||||
<target>dovecot_ca_chain</target>
|
|
||||||
</fill>
|
|
||||||
<fill name="get_password">
|
<fill name="get_password">
|
||||||
<param name="server_name" type="variable">domain_name_eth0</param>
|
<param name="server_name" type="variable">domain_name_eth0</param>
|
||||||
<param name="username" type="suffix"/>
|
<param name="username" type="suffix"/>
|
||||||
|
@ -89,13 +93,13 @@
|
||||||
<param name="linked_server" type="variable">smtp_relay_address</param>
|
<param name="linked_server" type="variable">smtp_relay_address</param>
|
||||||
<param name="linked_provider">lmtp_server</param>
|
<param name="linked_provider">lmtp_server</param>
|
||||||
<param name="linked_value" type="variable">domain_name_eth0</param>
|
<param name="linked_value" type="variable">domain_name_eth0</param>
|
||||||
<target>postfix_my_domains</target>
|
<target>mail_domains</target>
|
||||||
</check>
|
</check>
|
||||||
<check name="set_linked_configuration">
|
<check name="set_linked_configuration">
|
||||||
<param name="linked_server" type="variable">smtp_relay_address</param>
|
<param name="linked_server" type="variable">smtp_relay_address</param>
|
||||||
<param name="linked_provider">lmtp_criteria</param>
|
<param name="linked_provider">lmtp_criteria</param>
|
||||||
<param name="dynamic" type="variable">domain_name_eth0</param>
|
<param name="dynamic" type="variable">domain_name_eth0</param>
|
||||||
<target>postfix_my_domains</target>
|
<target>mail_domains</target>
|
||||||
</check>
|
</check>
|
||||||
<fill name="calc_value">
|
<fill name="calc_value">
|
||||||
<param type="variable">tls_ca_directory</param>
|
<param type="variable">tls_ca_directory</param>
|
||||||
|
@ -103,5 +107,29 @@
|
||||||
<param name="join">/</param>
|
<param name="join">/</param>
|
||||||
<target>revprox_ca_file</target>
|
<target>revprox_ca_file</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<fill name="calc_value">
|
||||||
|
<param>/etc/pki/tls/certs/imap_</param>
|
||||||
|
<param type="variable">imap_domainname</param>
|
||||||
|
<param>.crt</param>
|
||||||
|
<param name="join"></param>
|
||||||
|
<param name="multi" type="boolean">True</param>
|
||||||
|
<target>external_imap_crt</target>
|
||||||
|
</fill>
|
||||||
|
<fill name="calc_value">
|
||||||
|
<param>/etc/pki/tls/private/imap_</param>
|
||||||
|
<param type="variable">imap_domainname</param>
|
||||||
|
<param>.key</param>
|
||||||
|
<param name="join"></param>
|
||||||
|
<param name="multi" type="boolean">True</param>
|
||||||
|
<target>external_imap_key</target>
|
||||||
|
</fill>
|
||||||
|
<fill name="calc_value">
|
||||||
|
<param>/etc/postfix/certs/</param>
|
||||||
|
<param type="variable">submission_domainname</param>
|
||||||
|
<param>.pem</param>
|
||||||
|
<param name="join"></param>
|
||||||
|
<param name="multi" type="boolean">True</param>
|
||||||
|
<target>postfix_pem_files</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -16,6 +16,16 @@ ssl = required
|
||||||
#>GNUNUX
|
#>GNUNUX
|
||||||
ssl_cert = </etc/pki/tls/certs/dovecot.crt
|
ssl_cert = </etc/pki/tls/certs/dovecot.crt
|
||||||
ssl_key = </etc/pki/tls/private/dovecot.key
|
ssl_key = </etc/pki/tls/private/dovecot.key
|
||||||
|
%for %%mail in %%mail_domains
|
||||||
|
local_name %%mail.imap_domainname {
|
||||||
|
ssl_cert = </etc/pki/tls/certs/imap_%%{mail.imap_domainname}.crt
|
||||||
|
ssl_key = </etc/pki/tls/private/imap_%%{mail.imap_domainname}.key
|
||||||
|
}
|
||||||
|
%end for
|
||||||
|
local_name %%domain_name_eth0 {
|
||||||
|
ssl_cert = </etc/pki/tls/certs/dovecot.crt
|
||||||
|
ssl_key = </etc/pki/tls/private/dovecot.key
|
||||||
|
}
|
||||||
#<GNUNUX
|
#<GNUNUX
|
||||||
|
|
||||||
# If key file is password protected, give the password here. Alternatively
|
# If key file is password protected, give the password here. Alternatively
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%dovecot_ca_chain
|
%%get_chain(%%domain_name_eth0, "IMAPServer")
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%postfix_ca_chain
|
%%get_chain(%%domain_name_eth0, "MailServer")
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
|
@ -749,6 +749,9 @@ smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
|
||||||
|
|
||||||
smtpd_tls_CApath = /etc/pki/tls/certs
|
smtpd_tls_CApath = /etc/pki/tls/certs
|
||||||
smtpd_tls_CAfile = /etc/pki/ca-trust/source/anchors/ca_MailServer.crt
|
smtpd_tls_CAfile = /etc/pki/ca-trust/source/anchors/ca_MailServer.crt
|
||||||
|
#>GNUNUX
|
||||||
|
tls_server_sni_maps = hash:/etc/postfix/sni
|
||||||
|
#<GNUNUX
|
||||||
# Announce STARTTLS support to remote SMTP clients, but do not require that
|
# Announce STARTTLS support to remote SMTP clients, but do not require that
|
||||||
# clients use TLS encryption (opportunistic TLS inbound).
|
# clients use TLS encryption (opportunistic TLS inbound).
|
||||||
#
|
#
|
||||||
|
@ -796,7 +799,11 @@ smtpd_sasl_path = /srv/dovecot/auth
|
||||||
broken_sasl_auth_clients = yes
|
broken_sasl_auth_clients = yes
|
||||||
|
|
||||||
dovecot_destination_recipient_limit = 1
|
dovecot_destination_recipient_limit = 1
|
||||||
virtual_mailbox_domains = %echo ', '.join(%%postfix_my_domains)
|
%set %%domains = []
|
||||||
|
%for %%domain in %%mail_domains
|
||||||
|
%%domains.append(%%str(%%domain))%slurp
|
||||||
|
%end for
|
||||||
|
virtual_mailbox_domains = %echo ', '.join(%%domains)
|
||||||
virtual_mailbox_maps = ldap:/etc/postfix/ldapsource.cf
|
virtual_mailbox_maps = ldap:/etc/postfix/ldapsource.cf
|
||||||
virtual_alias_maps = ldap:/etc/postfix/ldapsource.cf
|
virtual_alias_maps = ldap:/etc/postfix/ldapsource.cf
|
||||||
virtual_minimum_uid = 1000
|
virtual_minimum_uid = 1000
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
%%get_private_key(%%domain_name_eth0, 'MailServer')
|
||||||
|
%%get_certificate(%%domain_name_eth0, "MailServer")
|
|
@ -1,3 +1,4 @@
|
||||||
[Service]
|
[Service]
|
||||||
ExecStartPre=/usr/sbin/postmap /etc/postfix/relay_passwd
|
ExecStartPre=/usr/sbin/postmap /etc/postfix/relay_passwd
|
||||||
|
ExecStartPre=/usr/sbin/postmap -F /etc/postfix/sni
|
||||||
PIDFile=/srv/postfix/spool/pid/master.pid
|
PIDFile=/srv/postfix/spool/pid/master.pid
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
%set %%cert = %%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
||||||
|
%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
||||||
|
%%cert
|
4
seed/applicationservice/2022.03.08/dovecot/templates/sni
Normal file
4
seed/applicationservice/2022.03.08/dovecot/templates/sni
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
%for %%name in %%mail_domains
|
||||||
|
%%name.submission_domainname /etc/postfix/certs/%%{name.submission_domainname}.pem
|
||||||
|
%end for
|
||||||
|
%%domain_name_eth0 /etc/postfix/certs/postfix.pem
|
|
@ -3,8 +3,6 @@
|
||||||
<variables>
|
<variables>
|
||||||
<family name='letsencrypt' description="Défi DNS pour Let's encrypt" leadership="True">
|
<family name='letsencrypt' description="Défi DNS pour Let's encrypt" leadership="True">
|
||||||
<variable name="domain_names" type="domainname" description="Nom des domaines" multi="True"/>
|
<variable name="domain_names" type="domainname" description="Nom des domaines" multi="True"/>
|
||||||
<variable name="authority_cn" description="Nom de domaine de l'autorité" mandatory="True"/>
|
|
||||||
<variable name="authority_name" description="Nom de l'authorité" mandatory="True"/>
|
|
||||||
<variable name="plugin_name" type="string" description="Nom du greffon de mise à jour DNS du domaine" mandatory="True"/>
|
<variable name="plugin_name" type="string" description="Nom du greffon de mise à jour DNS du domaine" mandatory="True"/>
|
||||||
<variable name="credential_filename" type="filename" description="Nom du fichier de configuration du greffin" mandatory="True"/>
|
<variable name="credential_filename" type="filename" description="Nom du fichier de configuration du greffin" mandatory="True"/>
|
||||||
<variable name="email" type="mail" description="Courriel associé au certificat" mandatory="True"/>
|
<variable name="email" type="mail" description="Courriel associé au certificat" mandatory="True"/>
|
||||||
|
@ -12,8 +10,7 @@
|
||||||
</variables>
|
</variables>
|
||||||
<constraints>
|
<constraints>
|
||||||
<check name="letsencrypt_certif">
|
<check name="letsencrypt_certif">
|
||||||
<param type="variable">authority_cn</param>
|
<param type="variable">domain_name_eth0</param>
|
||||||
<param type="variable">authority_name</param>
|
|
||||||
<param type="variable">plugin_name</param>
|
<param type="variable">plugin_name</param>
|
||||||
<param type="variable">credential_filename</param>
|
<param type="variable">credential_filename</param>
|
||||||
<param type="variable">email</param>
|
<param type="variable">email</param>
|
||||||
|
|
|
@ -14,13 +14,13 @@ _X509_DIR = _join(_HERE, 'pki', 'x509')
|
||||||
|
|
||||||
def letsencrypt_certif(domain: str,
|
def letsencrypt_certif(domain: str,
|
||||||
authority_cn: str,
|
authority_cn: str,
|
||||||
authority_name: str,
|
|
||||||
plugin_name: str,
|
plugin_name: str,
|
||||||
credential_filename: str,
|
credential_filename: str,
|
||||||
email: str,
|
email: str,
|
||||||
) -> None:
|
) -> None:
|
||||||
if None in (domain, authority_cn, authority_name, plugin_name, credential_filename, email):
|
if None in (domain, authority_cn, plugin_name, credential_filename, email):
|
||||||
return
|
return
|
||||||
|
authority_name = 'External'
|
||||||
date_file = _join(_LE_DIR, f'{domain}.date')
|
date_file = _join(_LE_DIR, f'{domain}.date')
|
||||||
date = _datetime.now()
|
date = _datetime.now()
|
||||||
today = str(date.date())
|
today = str(date.date())
|
||||||
|
|
|
@ -42,3 +42,4 @@ export MAILMAN_WEB_CONFIG=/usr/share/postorius/m_postorius/settings.py
|
||||||
|
|
||||||
echo "DEBUG=True" >> /etc/mailman3.d/postorius.py
|
echo "DEBUG=True" >> /etc/mailman3.d/postorius.py
|
||||||
systemctl restart postorius
|
systemctl restart postorius
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,8 @@
|
||||||
<variable name="nextcloud_admin_password" type="password" auto_freeze="True" hidden="True"/>
|
<variable name="nextcloud_admin_password" type="password" auto_freeze="True" hidden="True"/>
|
||||||
<variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
|
<variable name="nextcloud_mail_admin" type="mail" mandatory="True"/>
|
||||||
<variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
|
<variable name="nextcloud_instance_id" type="password" auto_freeze="True" hidden="True"/>
|
||||||
|
<variable name="nexcloud_well_known_caldav" type="web_address" hidden='True'/>
|
||||||
|
<variable name="nexcloud_well_known_carddav" type="web_address" hidden='True'/>
|
||||||
</family>
|
</family>
|
||||||
<family name="oauth2_client">
|
<family name="oauth2_client">
|
||||||
<variable name="oauth2_is_client_application" redefine='True'>
|
<variable name="oauth2_is_client_application" redefine='True'>
|
||||||
|
@ -55,5 +57,39 @@
|
||||||
<param name="starts_with_char" type="boolean">True</param>
|
<param name="starts_with_char" type="boolean">True</param>
|
||||||
<target>nextcloud_instance_id</target>
|
<target>nextcloud_instance_id</target>
|
||||||
</fill>
|
</fill>
|
||||||
|
<check name="set_linked_multi_variables">
|
||||||
|
<param name="linked_provider_0">revprox_clients</param>
|
||||||
|
<param name="linked_value_0" type="variable">revprox_client_external_domainname</param>
|
||||||
|
<param name="linked_provider_1">revprox_location</param>
|
||||||
|
<param name="linked_value_1">/.well-known/caldav</param>
|
||||||
|
<param name="linked_provider_2">revprox_is_websocket</param>
|
||||||
|
<param name="linked_value_2" type="boolean">False</param>
|
||||||
|
<param name="linked_provider_3">revprox_url</param>
|
||||||
|
<param name="linked_value_3" type="variable">nexcloud_well_known_caldav</param>
|
||||||
|
<target>revprox_client_server_domainname</target>
|
||||||
|
</check>
|
||||||
|
<fill name="calc_web_address">
|
||||||
|
<param type="variable">domain_name_eth0</param>
|
||||||
|
<param type="variable">revprox_client_port</param>
|
||||||
|
<param>/.well-known/caldav</param>
|
||||||
|
<target>nexcloud_well_known_caldav</target>
|
||||||
|
</fill>
|
||||||
|
<check name="set_linked_multi_variables">
|
||||||
|
<param name="linked_provider_0">revprox_clients</param>
|
||||||
|
<param name="linked_value_0" type="variable">revprox_client_external_domainname</param>
|
||||||
|
<param name="linked_provider_1">revprox_location</param>
|
||||||
|
<param name="linked_value_1">/.well-known/carddav</param>
|
||||||
|
<param name="linked_provider_2">revprox_is_websocket</param>
|
||||||
|
<param name="linked_value_2" type="boolean">False</param>
|
||||||
|
<param name="linked_provider_3">revprox_url</param>
|
||||||
|
<param name="linked_value_3" type="variable">nexcloud_well_known_carddav</param>
|
||||||
|
<target>revprox_client_server_domainname</target>
|
||||||
|
</check>
|
||||||
|
<fill name="calc_web_address">
|
||||||
|
<param type="variable">domain_name_eth0</param>
|
||||||
|
<param type="variable">revprox_client_port</param>
|
||||||
|
<param>/.well-known/carddav</param>
|
||||||
|
<target>nexcloud_well_known_carddav</target>
|
||||||
|
</fill>
|
||||||
</constraints>
|
</constraints>
|
||||||
</rougail>
|
</rougail>
|
||||||
|
|
|
@ -14,6 +14,8 @@ else
|
||||||
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
|
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
||||||
fi
|
fi
|
||||||
|
# Upgrade
|
||||||
|
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
|
||||||
# SSO
|
# SSO
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
|
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
|
||||||
# Feature
|
# Feature
|
||||||
|
@ -49,7 +51,6 @@ fi
|
||||||
# Need network
|
# Need network
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
|
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
|
||||||
# Maintenance
|
# Maintenance
|
||||||
/usr/bin/php /usr/share/nextcloud/occ upgrade
|
|
||||||
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
|
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
|
||||||
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
|
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
|
%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
|
%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External')
|
||||||
|
|
|
@ -45,3 +45,7 @@ postconf maillog_file
|
||||||
|
|
||||||
postconf maillog_file=/dev/stdout
|
postconf maillog_file=/dev/stdout
|
||||||
|
|
||||||
|
# Test mail en ligne
|
||||||
|
|
||||||
|
https://www.mail-tester.com/
|
||||||
|
https://dkimvalidator.com/
|
||||||
|
|
|
@ -37,14 +37,14 @@
|
||||||
</variable>
|
</variable>
|
||||||
<family name="postfix" description="Postfix mail server">
|
<family name="postfix" description="Postfix mail server">
|
||||||
<variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
|
<variable name="postfix_mail_hostname" type="domainname" description="Nom de domaine extérieur du serveur de courriel" mandatory="True"/>
|
||||||
<variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True"/>
|
<variable name="postfix_relay_domains" type="domainname" description="Domaine de courriel généré localement" multi="True" mandatory="True" hidden="True"/>
|
||||||
<variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
|
<variable name='postfix_ca_chain' description="CA certificate" hidden='True'/>
|
||||||
<variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
|
<variable name='postfix_relay_authentifications' description="CA certificate" hidden='True' multi="True" provider="mail"/>
|
||||||
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
<family name="local_authentification_" description="Local server authentification" dynamic='postfix_relay_authentifications'>
|
||||||
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
<variable name="local_authentification_ip_" type="ip" provider="mail_ip"/>
|
||||||
<variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
|
<variable name="local_authentification_password_" type="secret" auto_save="True" provider="mail_password"/>
|
||||||
</family>
|
</family>
|
||||||
<variable name='postfix_pem_files' type="filename" description="PEM certificates" hidden='True' multi='True'/>
|
<variable name='postfix_pem_files' type="filename" hidden='True' multi='True'/>
|
||||||
</family>
|
</family>
|
||||||
<family name="opendkim">
|
<family name="opendkim">
|
||||||
<variable name="opendkim_keys" type="filename" description="Keys filename" multi="True" hidden="True"/>
|
<variable name="opendkim_keys" type="filename" description="Keys filename" multi="True" hidden="True"/>
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
from risotto.utils import multi_function as _multi_function
|
||||||
|
|
||||||
|
|
||||||
|
@_multi_function
|
||||||
|
def calc_postfix_relay_domains(criteria):
|
||||||
|
relay = set()
|
||||||
|
for lsts in criteria:
|
||||||
|
for lst in lsts:
|
||||||
|
if '@' in lst:
|
||||||
|
lst = lst.split('@')[1]
|
||||||
|
relay.add(lst)
|
||||||
|
return list(relay)
|
|
@ -1,7 +1,9 @@
|
||||||
def calc_web_address(domain_name:str, port:str, local_location:str):
|
def calc_web_address(domain_name: str, port: str, local_location: str) -> str:
|
||||||
if not domain_name or not port:
|
if not domain_name or not port:
|
||||||
return
|
return
|
||||||
web_address = f'https://{domain_name}:{port}'
|
web_address = f'https://{domain_name}'
|
||||||
|
if port != '443':
|
||||||
|
web_address += f':{port}'
|
||||||
if local_location:
|
if local_location:
|
||||||
web_address += local_location
|
web_address += local_location
|
||||||
return web_address
|
return web_address
|
||||||
|
|
Loading…
Reference in a new issue