@drumee/setup-infra 1.0.0

package/templates/etc/jitsi/web/interface_config.js

@@ -0,0 +1,273 @@
+/* eslint-disable no-unused-vars, no-var, max-len */
+/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
+
+/**
+ * !!!IMPORTANT!!!
+ *
+ * This file is considered deprecated. All options will eventually be moved to
+ * config.js, and no new options should be added here.
+ */
+
+var interfaceConfig = {
+    APP_NAME: 'Jitsi Meet',
+    AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
+    AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
+
+    /**
+     * A UX mode where the last screen share participant is automatically
+     * pinned. Valid values are the string "remote-only" so remote participants
+     * get pinned but not local, otherwise any truthy value for all participants,
+     * and any falsy value to disable the feature.
+     *
+     * Note: this mode is experimental and subject to breakage.
+     */
+    AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
+    BRAND_WATERMARK_LINK: '',
+
+    CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
+
+    DEFAULT_BACKGROUND: '#040404',
+    DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
+
+    DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
+
+    /**
+     * If true, notifications regarding joining/leaving are no longer displayed.
+     */
+    DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
+
+    /**
+     * If true, presence status: busy, calling, connected etc. is not displayed.
+     */
+    DISABLE_PRESENCE_STATUS: false,
+
+    /**
+     * Whether the ringing sound in the call/ring overlay is disabled. If
+     * {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_RINGING: false,
+
+    /**
+     * Whether the speech to text transcription subtitles panel is disabled.
+     * If {@code undefined}, defaults to {@code false}.
+     *
+     * @type {boolean}
+     */
+    DISABLE_TRANSCRIPTION_SUBTITLES: false,
+
+    /**
+     * Whether or not the blurred video background for large video should be
+     * displayed on browsers that can support it.
+     */
+    DISABLE_VIDEO_BACKGROUND: false,
+
+    DISPLAY_WELCOME_FOOTER: true,
+    DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
+    DISPLAY_WELCOME_PAGE_CONTENT: false,
+    DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
+
+    ENABLE_DIAL_OUT: true,
+
+    // DEPRECATED. Animation no longer supported.
+    // ENABLE_FEEDBACK_ANIMATION: false,
+
+    FILM_STRIP_MAX_HEIGHT: 120,
+
+    GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
+
+    /**
+     * Hide the invite prompt in the header when alone in the meeting.
+     */
+    HIDE_INVITE_MORE_HEADER: false,
+
+    JITSI_WATERMARK_LINK: 'https://jitsi.org',
+
+    LANG_DETECTION: true, // Allow i18n to detect the system language
+    LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
+
+    /**
+     * Maximum coefficient of the ratio of the large video to the visible area
+     * after the large video is scaled to fit the window.
+     *
+     * @type {number}
+     */
+    MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
+
+    /**
+     * Whether the mobile app Jitsi Meet is to be promoted to participants
+     * attempting to join a conference in a mobile Web browser. If
+     * {@code undefined}, defaults to {@code true}.
+     *
+     * @type {boolean}
+     */
+    MOBILE_APP_PROMO: true,
+
+    // Names of browsers which should show a warning stating the current browser
+    // has a suboptimal experience. Browsers which are not listed as optimal or
+    // unsupported are considered suboptimal. Valid values are:
+    // chrome, chromium, edge, electron, firefox, nwjs, opera, safari
+    OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
+
+    POLICY_LOGO: null,
+    PROVIDER_NAME: 'Jitsi',
+
+    /**
+     * If true, will display recent list
+     *
+     * @type {boolean}
+     */
+    RECENT_LIST_ENABLED: true,
+    REMOTE_THUMBNAIL_RATIO: 1, // 1:1
+
+    SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds', 'more' ],
+
+    /**
+     * Specify which sharing features should be displayed. If the value is not set
+     * all sharing features will be shown. You can set [] to disable all.
+     */
+    // SHARING_FEATURES: ['email', 'url', 'dial-in', 'embed'],
+
+    SHOW_BRAND_WATERMARK: false,
+
+    /**
+     * Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
+     * If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
+     * being already installed is done before rendering.
+     */
+    SHOW_CHROME_EXTENSION_BANNER: false,
+
+    SHOW_JITSI_WATERMARK: true,
+    SHOW_POWERED_BY: false,
+    SHOW_PROMOTIONAL_CLOSE_PAGE: false,
+
+    /*
+     * If indicated some of the error dialogs may point to the support URL for
+     * help.
+     */
+    SUPPORT_URL: 'https://community.jitsi.org/',
+
+    // Browsers, in addition to those which do not fully support WebRTC, that
+    // are not supported and should show the unsupported browser page.
+    UNSUPPORTED_BROWSERS: [],
+
+    /**
+     * Whether to show thumbnails in filmstrip as a column instead of as a row.
+     */
+    VERTICAL_FILMSTRIP: true,
+
+    // Determines how the video would fit the screen. 'both' would fit the whole
+    // screen, 'height' would fit the original video height to the height of the
+    // screen, 'width' would fit the original video width to the width of the
+    // screen respecting ratio, 'nocrop' would make the video as large as
+    // possible and preserve aspect ratio without cropping.
+    VIDEO_LAYOUT_FIT: 'both',
+
+    /**
+     * If true, hides the video quality label indicating the resolution status
+     * of the current large video.
+     *
+     * @type {boolean}
+     */
+    VIDEO_QUALITY_LABEL_DISABLED: false,
+
+    /**
+     * How many columns the tile view can expand to. The respected range is
+     * between 1 and 5.
+     */
+    // TILE_VIEW_MAX_COLUMNS: 5,
+
+    // List of undocumented settings
+    /**
+     INDICATOR_FONT_SIZES
+     PHONE_NUMBER_REGEX
+    */
+
+    // -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
+
+    /**
+     * Specify URL for downloading ios mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
+
+    /**
+     * Specify custom URL for downloading android mobile app.
+     */
+    // MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
+
+    /**
+     * Specify mobile app scheme for opening the app from the mobile browser.
+     */
+    // APP_SCHEME: 'org.jitsi.meet',
+
+    // NATIVE_APP_NAME: 'Jitsi Meet',
+
+    /**
+     * Specify Firebase dynamic link properties for the mobile apps.
+     */
+    // MOBILE_DYNAMIC_LINK: {
+    //    APN: 'org.jitsi.meet',
+    //    APP_CODE: 'w2atb',
+    //    CUSTOM_DOMAIN: undefined,
+    //    IBI: 'com.atlassian.JitsiMeet.ios',
+    //    ISI: '1165103905'
+    // },
+
+    /**
+     * Hide the logo on the deep linking pages.
+     */
+    // HIDE_DEEP_LINKING_LOGO: false,
+
+    /**
+     * Specify the Android app package name.
+     */
+    // ANDROID_APP_PACKAGE: 'org.jitsi.meet',
+
+    /**
+     * Specify custom URL for downloading f droid app.
+     */
+    // MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
+
+    // Connection indicators (
+    // CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
+    // CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
+    // CONNECTION_INDICATOR_DISABLED) got moved to config.js.
+
+    // Please use disableModeratorIndicator from config.js
+    // DISABLE_FOCUS_INDICATOR: false,
+
+    // Please use defaultLocalDisplayName from config.js
+    // DEFAULT_LOCAL_DISPLAY_NAME: 'me',
+
+    // Please use defaultLogoUrl from config.js
+    // DEFAULT_LOGO_URL: 'images/watermark.svg',
+
+    // Please use defaultRemoteDisplayName from config.js
+    // DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
+
+    // Moved to config.js as `toolbarConfig.initialTimeout`.
+    // INITIAL_TOOLBAR_TIMEOUT: 20000,
+
+    // Please use `liveStreaming.helpLink` from config.js
+    // Documentation reference for the live streaming feature.
+    // LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
+
+    // Moved to config.js as `toolbarConfig.alwaysVisible`.
+    // TOOLBAR_ALWAYS_VISIBLE: false,
+
+    // This config was moved to config.js as `toolbarButtons`.
+    // TOOLBAR_BUTTONS: [],
+
+    // Moved to config.js as `toolbarConfig.timeout`.
+    // TOOLBAR_TIMEOUT: 4000,
+
+    // Allow all above example options to include a trailing comma and
+    // prevent fear when commenting out the last value.
+    // eslint-disable-next-line sort-keys
+    makeJsonParserHappy: 'even if last key had a trailing comma'
+
+    // No configuration value should follow this line.
+};
+
+/* eslint-enable no-unused-vars, no-var, max-len */

package/templates/etc/mail/dkim.key

@@ -0,0 +1 @@
+*@<%= domain %>:<%= domain %>:/etc/opendkim/keys/<%= domain %>/private.pem

package/templates/etc/mailname

@@ -0,0 +1 @@
+<%= domain %>

package/templates/etc/mysql/mariadb.conf.d/50-server.cnf

@@ -0,0 +1,120 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+
+#user                   = mysql
+pid-file                = /run/mysqld/mysqld.pid
+basedir                 = /usr
+datadir                 = <%= db_dir %>/run
+#tmpdir                 = /tmp
+
+# Broken reverse DNS slows down connections considerably and name resolve is
+# safe to skip if there are no "host by domain name" access grants
+#skip-name-resolve
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 127.0.0.1
+
+#
+# * Fine Tuning
+#
+
+#key_buffer_size        = 128M
+#max_allowed_packet     = 1G
+#thread_stack           = 192K
+#thread_cache_size      = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+#myisam_recover_options = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+
+#
+# * Logging and Replication
+#
+
+# Note: The configured log file or its directory need to be created
+# and be writable by the mysql user, e.g.:
+# $ sudo mkdir -m 2750 /var/log/mysql
+# $ sudo chown mysql /var/log/mysql
+
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# Recommend only changing this at runtime for short testing periods if needed!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+
+# When running under systemd, error logging goes via stdout/stderr to journald
+# and when running legacy init error logging goes to syslog due to
+# /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf
+# Enable this if you want to have error logging into a separate file
+#log_error = /var/log/mysql/error.log
+# Enable the slow query log to see queries with especially long duration
+#log_slow_query_file    = /var/log/mysql/mariadb-slow.log
+#log_slow_query_time    = 10
+#log_slow_verbosity     = query_plan,explain
+#log-queries-not-using-indexes
+#log_slow_min_examined_row_limit = 1000
+
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+#max_binlog_size        = 100M
+
+#
+# * SSL/TLS
+#
+
+# For documentation, please read
+# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#require-secure-transport = on
+
+#
+# * Character sets
+#
+
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * InnoDB
+#
+
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# Most important is to give InnoDB 80 % of the system RAM for buffer use:
+# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
+#innodb_buffer_pool_size = 8G
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+transaction_isolation=READ-COMMITTED
+
+# This group is only read by MariaDB-10.11 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.11]

package/templates/etc/nginx/modules-enabled/90-turn-relay.conf

@@ -0,0 +1,27 @@
+stream {
+    map $ssl_preread_server_name $name {
+        <%= jitsi_domain %> web_backend;
+        turn-jitsi.<%= jitsi_domain %> turn_backend;
+    }
+
+    upstream web_backend {
+        server 127.0.0.1:4444;
+    }
+
+    upstream turn_backend {
+        server <%= public_ip4 %>:5349;
+    }
+
+    server {
+        listen 443;
+        listen [::]:443;
+
+        # since 1.11.5
+        ssl_preread on;
+
+        proxy_pass $name;
+
+        # Increase buffer to serve video
+        proxy_buffer_size 10m;
+    }
+}

package/templates/etc/nginx/modules-enabled/90-turn-relay.conf.tpl

@@ -0,0 +1,27 @@
+stream {
+    map $ssl_preread_server_name $name {
+        turn.<%= jitsi_domain %> web_backend;
+        turn-jitsi.<%= jitsi_domain %> turn_backend;
+    }
+
+    upstream web_backend {
+        server 127.0.0.1:3478;
+    }
+
+    upstream turn_backend {
+        server <%= public_ip4 %>:5349;
+    }
+
+    server {
+        listen 443 udp;
+        listen [::]:443 udp;
+
+        # since 1.11.5
+        ssl_preread on;
+
+        proxy_pass $name;
+
+        # Increase buffer to serve video
+        proxy_buffer_size 10m;
+    }
+}

package/templates/etc/nginx/nginx.conf

@@ -0,0 +1,65 @@
+
+user www-data;
+worker_processes 4;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	client_max_body_size 0;
+
+	resolver <%= local_address %>;
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /dev/stdout;
+	error_log /dev/stderr;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_types text/plain text/css application/javascript application/json;
+	gzip_vary on;
+	gzip_min_length 860;
+
+	##
+	# Connection header for WebSocket reverse proxy
+	##
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		''      close;
+	}
+
+	##
+	# Virtual Host Configs
+	##
+	include /etc/nginx/sites-enabled/*.conf;
+}
+
+
+#daemon off;

package/templates/etc/nginx/sites-enabled/drumee.conf.tpl

@@ -0,0 +1,33 @@
+
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <infra-setup>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : <%= domain %>
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+
+proxy_cache_path <%= cache_dir %>/<%= domain %> levels=1:2 keys_zone=<%= domain %>_keys_zone:10m max_size=10g inactive=60m;
+server {
+	listen 80;
+	listen [::]:80;
+	server_name <%= domain %>; 
+	location / {
+		return  301 https://$host$request_uri;
+	}
+}
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;	
+	#
+	root <%= server_dir %>;
+	server_name _; 
+	client_max_body_size <%= max_body_size %>;
+	include /etc/drumee/ssl/main.conf;
+	include /etc/drumee/infrastructure/routes/*.conf;
+	include /etc/drumee/infrastructure/internals/*.conf;
+	include /etc/drumee/infrastructure/mfs.conf;
+}
+
+

package/templates/etc/nginx/sites-enabled/jitsi.conf.tpl

@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# !!!!!!! DO NOT EDIT !!!!!!!!
+# Config file automatically generated by <infra-setup>
+# Purpose     : Provide Nginx config to a specific server
+# Server name : <%= domain %>
+# Date        : <%= date %>
+# -------------------------------------------------------------
+
+map $http_upgrade $connection_upgrade {
+	default upgrade;
+	''      close;
+}
+
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+    server_name *.<%= jitsi_domain %>;
+	include /etc/jitsi/meet.conf;
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name *.<%= jitsi_domain %>; 
+	include /etc/jitsi/ssl.conf;
+	include /etc/jitsi/meet.conf;
+}
+

package/templates/etc/nginx/sites-enabled/turnrelay.conf.tpl

@@ -0,0 +1,9 @@
+server {
+    listen 4444 ssl;
+    listen [::]:4444 ssl;
+    server_name turn.<%= jitsi_domain %>;
+    ssl_certificate_key <%= certs_dir %>/<%= jitsi_domain %>_ecc/<%= jitsi_domain %>.key;
+    ssl_certificate <%= certs_dir %>/<%= jitsi_domain %>_ecc/fullchain.cer;
+    ssl_trusted_certificate <%= certs_dir %>/<%= jitsi_domain %>_ecc/ca.cer;
+}
+

package/templates/etc/opendkim/KeyTable

@@ -0,0 +1 @@
+mail._domainkey.<%= domain %> <%= domain %>:mail:/etc/opendkim/keys/<%= domain %>/private.pem

package/templates/etc/postfix/main.cf

@@ -0,0 +1,76 @@
+# Configs generated by drumee-infra-setup
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html 
+# fresh installs.
+compatibility_level = 3.7
+
+#Reject unproper client
+smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname, reject_unknown_sender_domain
+smtpd_helo_required = yes
+smtpd_helo_restrictions = 
+    permit_mynetworks
+    permit_sasl_authenticated
+    reject_invalid_helo_hostname
+    reject_non_fqdn_helo_hostname
+    reject_unknown_helo_hostname
+smtpd_client_restrictions = permit_mynetworks, reject
+
+# TLS parameters
+smtpd_tls_cert_file=<%= certs_dir %>/<%= domain %>_ecc/fullchain.cer
+smtpd_tls_key_file=<%= certs_dir %>/<%= domain %>_ecc/<%= domain %>.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = <%= smptd_cache_db %>{data_directory}/smtpd_scache
+smtp_tls_session_cache_database = <%= smptd_cache_db %>{data_directory}/smtp_scache
+smtp_tls_security_level = may
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+mydomain = <%= domain %>
+myhostname = smtp.<%= domain %>
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = localhost, localhost.localdomain, <%= domain %>
+relayhost = 
+mynetworks = 127.0.0.0/8, 192.168.5.0/24, [::ffff:127.0.0.0]/104
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+#inet_protocols = all
+inet_protocols = ipv4
+#inet_protocols = ipv4, ipv6
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
+virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
+virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
+local_recipient_maps =
+
+milter_default_action = accept
+milter_protocol = 2
+
+smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
+non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
+maximal_queue_lifetime = 1d
+minimal_backoff_time = 300s
+maximal_backoff_time = 4000s
+message_size_limit = 26214400
+maillog_file = /var/log/postfix.log

package/templates/etc/postfix/mysql-virtual-alias-maps.cf

@@ -0,0 +1,5 @@
+user = <%= mail_user %>
+password = <%= mail_password %>
+hosts = 127.0.0.1
+dbname = mailserver
+query = SELECT destination FROM aliases WHERE source='%s'

package/templates/etc/postfix/mysql-virtual-mailbox-domains.cf

@@ -0,0 +1,5 @@
+user = <%= mail_user %>
+password = <%= mail_password %>
+hosts = 127.0.0.1
+dbname = mailserver
+query = SELECT 1 FROM domains WHERE name='%s'

package/templates/etc/postfix/mysql-virtual-mailbox-maps.cf

@@ -0,0 +1,5 @@
+user = <%= mail_user %>
+password = <%= mail_password %>
+hosts = 127.0.0.1
+dbname = mailserver
+query = SELECT 1 FROM users WHERE email='%s'