danarchy_deploy 0.2.7 → 0.2.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.asdf_versions.json +5 -0
- data/.tool-versions +1 -0
- data/CHANGELOG.md +9 -0
- data/Gemfile.lock +9 -8
- data/danarchy_deploy.gemspec +4 -4
- data/lib/danarchy_deploy/groups.rb +0 -1
- data/lib/danarchy_deploy/services/init/openrc.rb +10 -6
- data/lib/danarchy_deploy/services/init.rb +28 -18
- data/lib/danarchy_deploy/services.rb +0 -1
- data/lib/danarchy_deploy/system/centos.rb +7 -0
- data/lib/danarchy_deploy/system/debian.rb +6 -0
- data/lib/danarchy_deploy/system/gentoo.rb +83 -23
- data/lib/danarchy_deploy/system/opensuse.rb +6 -0
- data/lib/danarchy_deploy/system.rb +13 -8
- data/lib/danarchy_deploy/templater.rb +1 -2
- data/lib/danarchy_deploy/users.rb +50 -42
- data/lib/danarchy_deploy/version.rb +1 -1
- data/lib/danarchy_deploy.rb +61 -19
- data/templates/applications/nginx/domain.conf.erb +38 -0
- data/templates/applications/php/phpfpm.conf.erb +19 -0
- data/templates/applications/php/user.conf.erb +19 -0
- data/templates/applications/wordpress/mysql_user_privileges.sql.erb +2 -0
- data/templates/applications/wordpress/wp-config.php.erb +82 -0
- data/templates/asdf/asdf.sh.erb +52 -0
- data/templates/deploy_template.json +6 -7
- data/templates/distcc/distccd.erb +14 -0
- data/templates/distcc/hosts.erb +2 -0
- data/templates/portage/make.conf.erb +30 -0
- data/templates/portage/package.use/bindist +3 -0
- data/templates/portage/package.use/documentation +3 -0
- data/templates/services/memcached/memcached.erb +40 -0
- data/templates/services/mysql/my.cnf.erb +143 -0
- data/templates/services/mysql/root_my.cnf.erb +11 -0
- data/templates/services/mysql/user_db_grants.sql.erb +33 -0
- data/templates/services/mysql/user_db_grants.sql.erb_cleanupUsers +52 -0
- data/templates/services/nginx/nginx.conf.erb +48 -0
- data/templates/services/php/php-fpm.conf.erb +2 -0
- data/templates/services/postfix/localmail.initial_setup.sh +19 -0
- data/templates/services/postfix/localmail.main.cf.erb +41 -0
- data/templates/services/postfix/mailname.erb +1 -0
- data/templates/services/postfix/mailrelayhost_main.cf.erb +33 -0
- data/templates/services/postfix/main.cf.erb +28 -0
- data/templates/services/postfix/master.cf.erb +124 -0
- data/templates/services/postfix/mysql-virtual-alias-maps.cf.erb +5 -0
- data/templates/services/postfix/mysql-virtual-mailbox-domains.cf.erb +5 -0
- data/templates/services/postfix/mysql-virtual-mailbox-maps.cf.erb +5 -0
- data/templates/system/authorized_keys.erb +5 -0
- data/templates/system/crontab.erb +8 -0
- data/templates/system/dmcrypt.erb +17 -0
- data/templates/system/exports.erb +4 -0
- data/templates/system/fstab.erb +4 -0
- data/templates/system/sudoers.erb +5 -0
- metadata +44 -11
- data/.ruby-gemset +0 -1
- data/.ruby-version +0 -1
- /data/bin/{setup → setup-dd} +0 -0
@@ -0,0 +1,143 @@
|
|
1
|
+
# /etc/mysql/my.cnf: The global mysql configuration file.
|
2
|
+
|
3
|
+
# The following options will be passed to all MySQL clients
|
4
|
+
[client]
|
5
|
+
#password = your_password
|
6
|
+
port = 3306
|
7
|
+
socket = /var/run/mysqld/mysqld.sock
|
8
|
+
|
9
|
+
[mysql]
|
10
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
11
|
+
default-character-set=utf8
|
12
|
+
|
13
|
+
[mysqladmin]
|
14
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
15
|
+
default-character-set=utf8
|
16
|
+
|
17
|
+
[mysqlcheck]
|
18
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
19
|
+
default-character-set=utf8
|
20
|
+
|
21
|
+
[mysqldump]
|
22
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
23
|
+
default-character-set=utf8
|
24
|
+
|
25
|
+
[mysqlimport]
|
26
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
27
|
+
default-character-set=utf8
|
28
|
+
|
29
|
+
[mysqlshow]
|
30
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
31
|
+
default-character-set=utf8
|
32
|
+
|
33
|
+
[myisamchk]
|
34
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
35
|
+
|
36
|
+
[myisampack]
|
37
|
+
character-sets-dir=/usr/share/mariadb/charsets
|
38
|
+
|
39
|
+
# use [safe_mysqld] with mysql-3
|
40
|
+
[mysqld_safe]
|
41
|
+
err-log = /var/log/mysql/mysqld.err
|
42
|
+
|
43
|
+
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
|
44
|
+
[mysqld]
|
45
|
+
expire_logs_days = 30
|
46
|
+
character-set-server = utf8
|
47
|
+
user = mysql
|
48
|
+
port = 3306
|
49
|
+
socket = /var/run/mysqld/mysqld.sock
|
50
|
+
pid-file = /var/run/mysqld/mysqld.pid
|
51
|
+
log-error = /var/log/mysql/mysqld.err
|
52
|
+
basedir = /usr
|
53
|
+
datadir = <%= @variables[:datadir] ? @variables[:datadir] : '/var/lib/mysql' %>
|
54
|
+
skip-external-locking
|
55
|
+
key_buffer_size = 16M
|
56
|
+
max_allowed_packet = 4M
|
57
|
+
table_open_cache = 400
|
58
|
+
sort_buffer_size = 512K
|
59
|
+
net_buffer_length = 16K
|
60
|
+
read_buffer_size = 256K
|
61
|
+
read_rnd_buffer_size = 512K
|
62
|
+
myisam_sort_buffer_size = 8M
|
63
|
+
lc_messages_dir = /usr/share/mariadb
|
64
|
+
#Set this to your desired error message language
|
65
|
+
lc_messages = en_US
|
66
|
+
|
67
|
+
# security:
|
68
|
+
# using "localhost" in connects uses sockets by default
|
69
|
+
# skip-networking
|
70
|
+
bind-address = <%= @variables[:bind_address] ? @variables[:bind_address] : '127.0.0.1' %>
|
71
|
+
skip-name-resolve
|
72
|
+
|
73
|
+
log-bin = /var/log/mysql/mysql-bin.log
|
74
|
+
binlog_format = MIXED
|
75
|
+
binlog_expire_logs_seconds = 604800 # 7 days binlogs
|
76
|
+
server-id = 1
|
77
|
+
|
78
|
+
# point the following paths to different dedicated disks
|
79
|
+
tmpdir = /tmp/
|
80
|
+
#log-update = /path-to-dedicated-directory/hostname
|
81
|
+
|
82
|
+
# you need the debug USE flag enabled to use the following directives,
|
83
|
+
# if needed, uncomment them, start the server and issue
|
84
|
+
# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace
|
85
|
+
# this will show you *exactly* what's happening in your server ;)
|
86
|
+
|
87
|
+
#log = /tmp/mysqld.sql
|
88
|
+
#gdb
|
89
|
+
#debug = d:t:i:o,/tmp/mysqld.trace
|
90
|
+
#one-thread
|
91
|
+
|
92
|
+
# the rest of the innodb config follows:
|
93
|
+
# don't eat too much memory, we're trying to be safe on 64Mb boxes
|
94
|
+
# you might want to bump this up a bit on boxes with more RAM
|
95
|
+
innodb_buffer_pool_size = 128M
|
96
|
+
#
|
97
|
+
# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-(
|
98
|
+
# and upstream wants things to be under /var/lib/mysql/, so that's the route
|
99
|
+
# we have to take for the moment
|
100
|
+
#innodb_data_home_dir = /var/lib/mysql/
|
101
|
+
#innodb_log_arch_dir = /var/lib/mysql/
|
102
|
+
#innodb_log_group_home_dir = /var/lib/mysql/
|
103
|
+
# you may wish to change this size to be more suitable for your system
|
104
|
+
# the max is there to avoid run-away growth on your machine
|
105
|
+
innodb_data_file_path = ibdata1:10M:autoextend:max:128M
|
106
|
+
# we keep this at around 25% of of innodb_buffer_pool_size
|
107
|
+
# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
|
108
|
+
innodb_log_file_size = 48M
|
109
|
+
# this is the default, increase it if you have very large transactions going on
|
110
|
+
innodb_log_buffer_size = 8M
|
111
|
+
# see the innodb config docs, the other options are not always safe
|
112
|
+
innodb_flush_log_at_trx_commit = 1
|
113
|
+
innodb_lock_wait_timeout = 50
|
114
|
+
innodb_file_per_table
|
115
|
+
|
116
|
+
# Uncomment this to get FEDERATED engine support
|
117
|
+
#plugin-load=federated=ha_federated.so
|
118
|
+
#loose-federated
|
119
|
+
|
120
|
+
[mysqldump]
|
121
|
+
quick
|
122
|
+
max_allowed_packet = 16M
|
123
|
+
|
124
|
+
[mysql]
|
125
|
+
# uncomment the next directive if you are not familiar with SQL
|
126
|
+
#safe-updates
|
127
|
+
|
128
|
+
[isamchk]
|
129
|
+
key_buffer_size = 20M
|
130
|
+
sort_buffer_size = 20M
|
131
|
+
read_buffer = 2M
|
132
|
+
write_buffer = 2M
|
133
|
+
|
134
|
+
[myisamchk]
|
135
|
+
key_buffer_size = 20M
|
136
|
+
sort_buffer_size = 20M
|
137
|
+
read_buffer_size = 2M
|
138
|
+
write_buffer_size = 2M
|
139
|
+
|
140
|
+
[mysqlhotcopy]
|
141
|
+
interactive-timeout
|
142
|
+
|
143
|
+
[mariadb]
|
@@ -0,0 +1,11 @@
|
|
1
|
+
[mysql]
|
2
|
+
<%= @variables[:host] ? "host=\"#{@variables[:host]}\"\n" : '' -%>
|
3
|
+
<%= @variables[:user] ? "user=\"#{@variables[:user]}\"\n" : '' -%>
|
4
|
+
<%= @variables[:pass] ? "password=\"#{@variables[:pass]}\"\n" : '' -%>
|
5
|
+
<%= @variables[:port] ? "port=\"#{@variables[:port]}\"\n" : '' -%>
|
6
|
+
|
7
|
+
[client]
|
8
|
+
<%= @variables[:host] ? "host=\"#{@variables[:host]}\"\n" : '' -%>
|
9
|
+
<%= @variables[:user] ? "user=\"#{@variables[:user]}\"\n" : '' -%>
|
10
|
+
<%= @variables[:pass] ? "password=\"#{@variables[:pass]}\"\n" : '' -%>
|
11
|
+
<%= @variables[:port] ? "port=\"#{@variables[:port]}\"\n" : '' -%>
|
@@ -0,0 +1,33 @@
|
|
1
|
+
DROP DATABASE IF EXISTS test;
|
2
|
+
|
3
|
+
<% @variables.each do |mysql| -%>
|
4
|
+
<% if mysql[:action] == 'grant' -%>
|
5
|
+
|
6
|
+
CREATE DATABASE IF NOT EXISTS `<%= mysql[:database] %>`;
|
7
|
+
GRANT <%= mysql[:grants].join(', ') %>
|
8
|
+
ON `<%= mysql[:database] %>`.*
|
9
|
+
TO `<%= mysql[:user] %>`@`<%= mysql[:host] %>`
|
10
|
+
IDENTIFIED BY '<%= DanarchyDeploy::Helpers.decode_base64(mysql[:password]) %>';
|
11
|
+
|
12
|
+
<% elsif mysql[:action] == 'revoke' -%>
|
13
|
+
|
14
|
+
REVOKE <%= mysql[:grants].join(', ') %>
|
15
|
+
ON `<%= mysql[:database] %>`.*
|
16
|
+
FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
17
|
+
|
18
|
+
<% elsif mysql[:action] == 'drop' %>
|
19
|
+
|
20
|
+
DROP DATABASE IF EXISTS <%= mysql[:database] %>;
|
21
|
+
REVOKE ALL PRIVILEGES
|
22
|
+
ON `<%= mysql[:database] %>`.*
|
23
|
+
FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
24
|
+
DROP USER `<%= mysql[:user] %>`;
|
25
|
+
|
26
|
+
<% elsif mysql[:action] == 'dropuser' %>
|
27
|
+
|
28
|
+
DROP USER IF EXISTS `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
29
|
+
|
30
|
+
<% end -%>
|
31
|
+
<% end -%>
|
32
|
+
|
33
|
+
FLUSH PRIVILEGES;
|
@@ -0,0 +1,52 @@
|
|
1
|
+
DROP DATABASE IF EXISTS test;
|
2
|
+
|
3
|
+
<% @variables.each do |mysql| -%>
|
4
|
+
<% if mysql[:action] == 'grant' -%>
|
5
|
+
|
6
|
+
CREATE DATABASE IF NOT EXISTS `<%= mysql[:database] %>`;
|
7
|
+
GRANT <%= mysql[:grants].join(', ') %>
|
8
|
+
ON `<%= mysql[:database] %>`.*
|
9
|
+
TO `<%= mysql[:user] %>`@`<%= mysql[:host] %>`
|
10
|
+
IDENTIFIED BY '<%= DanarchyDeploy::Helpers.decode_base64(mysql[:password]) %>';
|
11
|
+
|
12
|
+
<% elsif mysql[:action] == 'revoke' -%>
|
13
|
+
|
14
|
+
REVOKE <%= mysql[:grants].join(', ') %>
|
15
|
+
ON `<%= mysql[:database] %>`.*
|
16
|
+
FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
17
|
+
|
18
|
+
<% elsif mysql[:action] == 'drop' %>
|
19
|
+
|
20
|
+
DROP DATABASE IF EXISTS <%= mysql[:database] %>;
|
21
|
+
REVOKE ALL PRIVILEGES
|
22
|
+
ON `<%= mysql[:database] %>`.*
|
23
|
+
FROM `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
24
|
+
DROP USER `<%= mysql[:user] %>`;
|
25
|
+
|
26
|
+
<% elsif mysql[:action] == 'dropuser' %>
|
27
|
+
|
28
|
+
DROP USER IF EXISTS `<%= mysql[:user] %>`@`<%= mysql[:host] %>`;
|
29
|
+
|
30
|
+
<% end -%>
|
31
|
+
|
32
|
+
# Cleanup user privileges without grants
|
33
|
+
SET @keep_hosts = NULL;
|
34
|
+
SELECT GROUP_CONCAT(Host) INTO @keep_hosts
|
35
|
+
FROM (
|
36
|
+
SELECT Host FROM mysql.db
|
37
|
+
WHERE User = '<%= mysql[:user] %>'
|
38
|
+
UNION
|
39
|
+
SELECT Host FROM mysql.tables_priv
|
40
|
+
WHERE User = '<%= mysql[:user] %>'
|
41
|
+
) AS T;
|
42
|
+
|
43
|
+
SET @drop_users = SELECT GROUP_CONCAT('\'', user, '\'@\'', host, '\'') FROM mysql.user
|
44
|
+
WHERE User = '<%= mysql[:user] %>'
|
45
|
+
AND NOT FIND_IN_SET(Host, @keep_hosts);
|
46
|
+
PREPARE stmt1 FROM @drop_users;
|
47
|
+
EXECUTE stmt1;
|
48
|
+
DEALLOCATE PREPARE stmt1;
|
49
|
+
|
50
|
+
<% end -%>
|
51
|
+
|
52
|
+
FLUSH PRIVILEGES;
|
@@ -0,0 +1,48 @@
|
|
1
|
+
user <%= @variables[:web_user] ? @variables[:web_user] : 'nginx' %>;
|
2
|
+
worker_processes auto;
|
3
|
+
|
4
|
+
error_log /var/log/nginx/error_log info;
|
5
|
+
|
6
|
+
events {
|
7
|
+
worker_connections 1024;
|
8
|
+
use epoll;
|
9
|
+
|
10
|
+
}
|
11
|
+
|
12
|
+
http {
|
13
|
+
include /etc/nginx/mime.types;
|
14
|
+
default_type text/html;
|
15
|
+
|
16
|
+
log_format main
|
17
|
+
'$remote_addr - $remote_user [$time_local] '
|
18
|
+
'"$request" $status $bytes_sent '
|
19
|
+
'"$http_referer" "$http_user_agent" '
|
20
|
+
'"$gzip_ratio"';
|
21
|
+
|
22
|
+
client_header_timeout 10m;
|
23
|
+
client_body_timeout 10m;
|
24
|
+
client_max_body_size <%= @variables[:client_max_body_size] ? @variables[:client_max_body_size] : '32mm' %>;
|
25
|
+
send_timeout 10m;
|
26
|
+
|
27
|
+
connection_pool_size 256;
|
28
|
+
client_header_buffer_size 1k;
|
29
|
+
large_client_header_buffers 4 2k;
|
30
|
+
request_pool_size 4k;
|
31
|
+
|
32
|
+
gzip on;
|
33
|
+
|
34
|
+
output_buffers 1 32k;
|
35
|
+
postpone_output 1460;
|
36
|
+
|
37
|
+
sendfile on;
|
38
|
+
tcp_nopush on;
|
39
|
+
tcp_nodelay on;
|
40
|
+
|
41
|
+
keepalive_timeout 75 20;
|
42
|
+
|
43
|
+
ignore_invalid_headers on;
|
44
|
+
|
45
|
+
index index.html;
|
46
|
+
|
47
|
+
include /home/*/nginx/sites-enabled/*.conf;
|
48
|
+
}
|
@@ -0,0 +1,19 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
if [[ ${UID} != 0 ]]; then
|
4
|
+
echo 'Run this script as root!'
|
5
|
+
exit 1
|
6
|
+
fi
|
7
|
+
|
8
|
+
postfix upgrade-configuration
|
9
|
+
postfix check
|
10
|
+
|
11
|
+
newaliases
|
12
|
+
|
13
|
+
if [[ $(which rc-service) ]]; then
|
14
|
+
rc-service postfix restart
|
15
|
+
elif [[ $(which systemctl) ]]; then
|
16
|
+
systemctl restart postfix
|
17
|
+
else
|
18
|
+
echo 'Unable to determine init system! Restart postfix manually.'
|
19
|
+
fi
|
@@ -0,0 +1,41 @@
|
|
1
|
+
|
2
|
+
compatibility_level = 3.8
|
3
|
+
|
4
|
+
|
5
|
+
queue_directory = /var/spool/postfix
|
6
|
+
command_directory = /usr/sbin
|
7
|
+
daemon_directory = /usr/libexec/postfix
|
8
|
+
data_directory = /var/lib/postfix
|
9
|
+
|
10
|
+
mail_owner = postfix
|
11
|
+
myhostname = localhost
|
12
|
+
mydomain = localdomain
|
13
|
+
|
14
|
+
inet_interfaces = $myhostname, localhost
|
15
|
+
mydestination = $myhostname, localhost.$mydomain, localhost
|
16
|
+
|
17
|
+
unknown_local_recipient_reject_code = 550
|
18
|
+
mynetworks_style = host
|
19
|
+
default_transport = error:outside mail is not deliverable
|
20
|
+
|
21
|
+
debug_peer_level = 2
|
22
|
+
debugger_command =
|
23
|
+
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
24
|
+
ddd $daemon_directory/$process_name $process_id & sleep 5
|
25
|
+
|
26
|
+
|
27
|
+
sendmail_path = /usr/sbin/sendmail
|
28
|
+
newaliases_path = /usr/bin/newaliases
|
29
|
+
mailq_path = /usr/bin/mailq
|
30
|
+
|
31
|
+
setgid_group = postdrop
|
32
|
+
html_directory = no
|
33
|
+
|
34
|
+
manpage_directory = /usr/share/man
|
35
|
+
sample_directory = /etc/postfix
|
36
|
+
|
37
|
+
readme_directory = no
|
38
|
+
inet_protocols = ipv4
|
39
|
+
shlib_directory = /usr/lib64/postfix/${mail_version}
|
40
|
+
meta_directory = /etc/postfix
|
41
|
+
home_mailbox = .maildir/
|
@@ -0,0 +1 @@
|
|
1
|
+
<%= @variables[:hostname] %>
|
@@ -0,0 +1,33 @@
|
|
1
|
+
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
2
|
+
biff = no
|
3
|
+
|
4
|
+
# appending .domain is the MUA's job.
|
5
|
+
append_dot_mydomain = no
|
6
|
+
|
7
|
+
# Uncomment the next line to generate \"delayed mail\" warnings
|
8
|
+
#delay_warning_time = 4h
|
9
|
+
|
10
|
+
readme_directory = no
|
11
|
+
|
12
|
+
# TLS parameters
|
13
|
+
smtpd_tls_cert_file = <%= @variables[:ssl_cert] %>
|
14
|
+
smtpd_tls_key_file = <%= @variables[:ssl_key] %>
|
15
|
+
smtpd_use_tls = <%= @variables[:use_tls] || 'yes' %>
|
16
|
+
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
17
|
+
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
18
|
+
|
19
|
+
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
20
|
+
# information on enabling SSL in the smtp client.
|
21
|
+
|
22
|
+
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
23
|
+
myhostname = <%= @variables[:hostname] %>
|
24
|
+
alias_maps = hash:/etc/aliases
|
25
|
+
alias_database = hash:/etc/aliases
|
26
|
+
myorigin = /etc/mailname
|
27
|
+
mydestination = <%= @variables[:hostname] %>, localhost
|
28
|
+
relayhost = <%= @variables[:relayhost] %>
|
29
|
+
mynetworks = <%= @variables[:mynetworks] %> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
30
|
+
mailbox_size_limit = 0
|
31
|
+
recipient_delimiter = +
|
32
|
+
inet_interfaces = all
|
33
|
+
inet_protocols = ipv4
|
@@ -0,0 +1,28 @@
|
|
1
|
+
smtpd_banner = $myhostname ESMTP $mail_name
|
2
|
+
biff = no
|
3
|
+
|
4
|
+
# TLS parameters
|
5
|
+
smtpd_use_tls = <%= @variables[:use_tls] %>
|
6
|
+
smtpd_tls_auth_only = <%= @variables[:use_tls] %>
|
7
|
+
smtpd_tls_cert_file = <%= @variables[:ssl_cert] %>
|
8
|
+
smtpd_tls_key_file = <%= @variables[:ssl_key] %>
|
9
|
+
smtpd_tls_CAfile = <%= @variables[:ssl_cacert] %>
|
10
|
+
|
11
|
+
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
|
12
|
+
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
13
|
+
|
14
|
+
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
15
|
+
# information on enabling SSL in the smtp client.
|
16
|
+
|
17
|
+
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
18
|
+
myhostname = <%= @variables[:hostname] %>
|
19
|
+
alias_maps = hash:/etc/aliases
|
20
|
+
alias_database = hash:/etc/aliases
|
21
|
+
myorigin = /etc/mailname
|
22
|
+
mydestination = <%= @variables[:hostname] %>, localhost
|
23
|
+
relayhost = <%= @variables[:relayhost] %>
|
24
|
+
mynetworks = <%= @variables[:mynetworks] %> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
25
|
+
mailbox_size_limit = 0
|
26
|
+
recipient_delimiter = +
|
27
|
+
inet_interfaces = all
|
28
|
+
inet_protocols = ipv4
|
@@ -0,0 +1,124 @@
|
|
1
|
+
#
|
2
|
+
# Postfix master process configuration file. For details on the format
|
3
|
+
# of the file, see the master(5) manual page (command: "man 5 master" or
|
4
|
+
# on-line: http://www.postfix.org/master.5.html).
|
5
|
+
#
|
6
|
+
# Do not forget to execute "postfix reload" after editing this file.
|
7
|
+
#
|
8
|
+
# ==========================================================================
|
9
|
+
# service type private unpriv chroot wakeup maxproc command + args
|
10
|
+
# (yes) (yes) (yes) (never) (100)
|
11
|
+
# ==========================================================================
|
12
|
+
smtp inet n - - - - smtpd
|
13
|
+
#smtp inet n - - - 1 postscreen
|
14
|
+
#smtpd pass - - - - - smtpd
|
15
|
+
#dnsblog unix - - - - 0 dnsblog
|
16
|
+
#tlsproxy unix - - - - 0 tlsproxy
|
17
|
+
submission inet n - - - - smtpd
|
18
|
+
-o syslog_name=postfix/submission
|
19
|
+
-o smtpd_tls_security_level=encrypt
|
20
|
+
# -o smtpd_sasl_auth_enable=yes
|
21
|
+
# -o smtpd_reject_unlisted_recipient=no
|
22
|
+
# -o smtpd_client_restrictions=$mua_client_restrictions
|
23
|
+
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
24
|
+
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
25
|
+
# -o smtpd_recipient_restrictions=
|
26
|
+
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
27
|
+
# -o milter_macro_daemon_name=ORIGINATING
|
28
|
+
smtps inet n - - - - smtpd
|
29
|
+
-o syslog_name=postfix/smtps
|
30
|
+
# -o smtpd_tls_wrappermode=yes
|
31
|
+
# -o smtpd_sasl_auth_enable=yes
|
32
|
+
# -o smtpd_reject_unlisted_recipient=no
|
33
|
+
# -o smtpd_client_restrictions=$mua_client_restrictions
|
34
|
+
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
35
|
+
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
36
|
+
# -o smtpd_recipient_restrictions=
|
37
|
+
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
38
|
+
# -o milter_macro_daemon_name=ORIGINATING
|
39
|
+
#628 inet n - - - - qmqpd
|
40
|
+
pickup unix n - - 60 1 pickup
|
41
|
+
cleanup unix n - - - 0 cleanup
|
42
|
+
qmgr unix n - n 300 1 qmgr
|
43
|
+
#qmgr unix n - n 300 1 oqmgr
|
44
|
+
tlsmgr unix - - - 1000? 1 tlsmgr
|
45
|
+
rewrite unix - - - - - trivial-rewrite
|
46
|
+
bounce unix - - - - 0 bounce
|
47
|
+
defer unix - - - - 0 bounce
|
48
|
+
trace unix - - - - 0 bounce
|
49
|
+
verify unix - - - - 1 verify
|
50
|
+
flush unix n - - 1000? 0 flush
|
51
|
+
proxymap unix - - n - - proxymap
|
52
|
+
proxywrite unix - - n - 1 proxymap
|
53
|
+
smtp unix - - - - - smtp
|
54
|
+
relay unix - - - - - smtp
|
55
|
+
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
56
|
+
showq unix n - - - - showq
|
57
|
+
error unix - - - - - error
|
58
|
+
retry unix - - - - - error
|
59
|
+
discard unix - - - - - discard
|
60
|
+
local unix - n n - - local
|
61
|
+
virtual unix - n n - - virtual
|
62
|
+
lmtp unix - - - - - lmtp
|
63
|
+
anvil unix - - - - 1 anvil
|
64
|
+
scache unix - - - - 1 scache
|
65
|
+
#
|
66
|
+
# ====================================================================
|
67
|
+
# Interfaces to non-Postfix software. Be sure to examine the manual
|
68
|
+
# pages of the non-Postfix software to find out what options it wants.
|
69
|
+
#
|
70
|
+
# Many of the following services use the Postfix pipe(8) delivery
|
71
|
+
# agent. See the pipe(8) man page for information about ${recipient}
|
72
|
+
# and other message envelope options.
|
73
|
+
# ====================================================================
|
74
|
+
#
|
75
|
+
# maildrop. See the Postfix MAILDROP_README file for details.
|
76
|
+
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
77
|
+
#
|
78
|
+
maildrop unix - n n - - pipe
|
79
|
+
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
80
|
+
#
|
81
|
+
# ====================================================================
|
82
|
+
#
|
83
|
+
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
84
|
+
#
|
85
|
+
# Specify in cyrus.conf:
|
86
|
+
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
87
|
+
#
|
88
|
+
# Specify in main.cf one or more of the following:
|
89
|
+
# mailbox_transport = lmtp:inet:localhost
|
90
|
+
# virtual_transport = lmtp:inet:localhost
|
91
|
+
#
|
92
|
+
# ====================================================================
|
93
|
+
#
|
94
|
+
# Cyrus 2.1.5 (Amos Gouaux)
|
95
|
+
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
96
|
+
#
|
97
|
+
#cyrus unix - n n - - pipe
|
98
|
+
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
99
|
+
#
|
100
|
+
# ====================================================================
|
101
|
+
# Old example of delivery via Cyrus.
|
102
|
+
#
|
103
|
+
#old-cyrus unix - n n - - pipe
|
104
|
+
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
105
|
+
#
|
106
|
+
# ====================================================================
|
107
|
+
#
|
108
|
+
# See the Postfix UUCP_README file for configuration details.
|
109
|
+
#
|
110
|
+
uucp unix - n n - - pipe
|
111
|
+
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
112
|
+
#
|
113
|
+
# Other external delivery methods.
|
114
|
+
#
|
115
|
+
ifmail unix - n n - - pipe
|
116
|
+
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
117
|
+
bsmtp unix - n n - - pipe
|
118
|
+
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
119
|
+
scalemail-backend unix - n n - 2 pipe
|
120
|
+
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
121
|
+
mailman unix - n n - - pipe
|
122
|
+
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
123
|
+
${nexthop} ${user}
|
124
|
+
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# DanarchyDeploy crontab
|
2
|
+
SHELL=<%= @variables[:shell] || '/bin/bash' %>
|
3
|
+
PATH=<%= @variables[:path] || '/bin:/usr/bin' %>
|
4
|
+
BASH_ENV=<%= @variables[:env] || '~/.bashrc' %>
|
5
|
+
|
6
|
+
<% @variables[:jobs].each do |job| -%>
|
7
|
+
<%= "#{job[:schedule]}\t#{job[:command]}" %>
|
8
|
+
<% end -%>
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# DanarchyDeploy dmcrypt
|
2
|
+
# How long to wait for each timeout (in seconds).
|
3
|
+
dmcrypt_key_timeout=1
|
4
|
+
|
5
|
+
# Max number of checks to perform (see dmcrypt_key_timeout).
|
6
|
+
#dmcrypt_max_timeout=300
|
7
|
+
|
8
|
+
# Number of password retries.
|
9
|
+
dmcrypt_retries=2
|
10
|
+
|
11
|
+
<% @variables.each do |device, volume| -%>
|
12
|
+
<%= "# Encrypted volume name|volgroup|device: #{device}" %>
|
13
|
+
<% volume[:variables].each do |key, value| -%>
|
14
|
+
<%= key -%>=<%= value %>
|
15
|
+
<% end -%>
|
16
|
+
<%# intentionally left blank %>
|
17
|
+
<% end -%>
|