- rule tmpfs_configure
- sudo service php5-fpm restart
- }
-rule_postfix_configure () {
- local hint="run vm_remote postfix_key_send before"
- assert "test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint
- warn "lors de l'installation Debian, ne sélectionner aucune configuration pour postfix"
- rule apt_get_install postfix
- sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF
- *.db
- EOF
- sudo install -d -m 770 -o root -g root \
- /etc/postfix/$vm_domainname/ \
- /etc/postfix/$vm_domainname/smtp \
- /etc/postfix/$vm_domainname/smtp/x509 \
- /etc/postfix/$vm_domainname/smtp/x509/ca \
- /etc/postfix/$vm_domainname/smtpd \
- /etc/postfix/$vm_domainname/smtpd/x509 \
- /etc/postfix/$vm_domainname/smtpd/x509/ca
- sudo install -d -m 770 -o root -g root \
- /etc/postfix/$vm_domainname/ \
- /etc/postfix/$vm_domainname/smtp \
- /etc/postfix/$vm_domainname/smtp/x509 \
- /etc/postfix/$vm_domainname/smtp/x509/ca \
- /etc/postfix/$vm_domainname/smtpd \
- /etc/postfix/$vm_domainname/smtpd/x509 \
- /etc/postfix/$vm_domainname/smtpd/x509/ca
- sudo ln -fns \
- ../crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/ca/crt.pem
- sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
- sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt.pem
- sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+ca.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+ca.pem
- sudo install -m 400 -o root -g root \
- "$tool"/var/pub/x509/$vm_domainname/smtpd/crt+crl.self-signed.pem \
- /etc/postfix/$vm_domainname/smtpd/x509/crt+crl.self-signed.pem
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/header_checks \
- /etc/postfix/$vm_domainname/header_checks
- sudo install -m 664 -o root -g root /dev/stdin \
- /etc/postfix/aliases <<-EOF
- # See man 5 aliases for format
- abuse: root
- admin: root
- contact: root
- postmaster: root
- root: $(getent group sudo | cut -f 4 -d : | tr , ' ')
- EOF
- sudo newaliases -oA/etc/postfix/aliases
- cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF |
- mydomain = $vm_domainname
- myorigin = \$mydomain
- myhostname = $vm_hostname.\$mydomain
- mail_name = \$myhostname
- mydestination = $vm_hostname \$myhostname \$myorigin
- EOF
- sudo install -m 664 -o root -g root /dev/stdin \
- /etc/postfix/main.cf
- sudo install -m 664 -o root -g root \
- "$tool"/etc/postfix/master.cf \
- /etc/postfix/master.cf
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtp/x509/policy \
- /etc/postfix/$vm_domainname/smtp/x509/policy
- sudo postmap hash:/etc/postfix/$vm_domainname/smtp/x509/policy
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtp/header_checks \
- /etc/postfix/$vm_domainname/smtp/header_checks
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/sender_access \
- /etc/postfix/$vm_domainname/smtpd/sender_access
- sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/sender_access
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/client_blacklist \
- /etc/postfix/$vm_domainname/smtpd/client_blacklist
- sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/client_blacklist
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/smtpd/relay_clientcerts \
- /etc/postfix/$vm_domainname/smtpd/relay_clientcerts
- sudo postmap hash:/etc/postfix/$vm_domainname/smtpd/relay_clientcerts
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/transport \
- /etc/postfix/$vm_domainname/transport
- sudo postmap hash:/etc/postfix/$vm_domainname/transport
- sudo install -m 660 -o root -g root \
- "$tool"/etc/postfix/$vm_domainname/virtual_alias \
- /etc/postfix/$vm_domainname/virtual_alias
- sudo postmap hash:/etc/postfix/$vm_domainname/virtual_alias
- sudo service postfix restart
- }
-rule_postgrey_configure () {
- rule apt_get_install postgrey
- sudo service postgrey restart
- }
-rule_procmail_configure () {
- rule apt_get_install procmail
- sudo install -d -m 770 -o root -g adm \
- /etc/skel/etc/mail \
- /etc/skel/var/cache/mail \
- /etc/skel/var/log/mail \
- /etc/skel/var/mail
- sudo install -m 660 -o root -g adm \
- "$tool"/etc/skel/etc/mail/delivery.procmailrc \
- /etc/skel/etc/mail/delivery.procmailrc
- }
-rule_ssh_configure () {
- ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" RSA") return 0; break;; esac
- done; return 1 ) ||
- sudo ssh-keygen -t rsa -b 4096 -N '' -f /etc/ssh/ssh_host_rsa_key
- sudo rm -f \
- /etc/ssh/ssh_host_dsa_key \
- /etc/ssh/ssh_host_dsa_key.pub \
- /etc/ssh/ssh_host_ecdsa_key \
- /etc/ssh/ssh_host_ecdsa_key.pub
- # NOTE: clefs générées par Debian
- sudo install -m 644 -o root -g root /dev/stdin /etc/ssh/sshd_config <<-EOF
- Port 22
- ListenAddress $vm_ipv4
- #ListenAddress ::
- Protocol 2
- Compression yes
- HostKey /etc/ssh/ssh_host_rsa_key
- UsePrivilegeSeparation yes
- KeyRegenerationInterval 3600
- ServerKeyBits 768
- SyslogFacility AUTH
- LogLevel INFO
- LoginGraceTime 120
- PermitRootLogin yes
- StrictModes yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- AuthorizedKeysFile %h/etc/ssh/authorized_keys
- IgnoreRhosts yes
- RhostsRSAAuthentication no
- HostbasedAuthentication no
- IgnoreUserKnownHosts no
- PermitEmptyPasswords no
- ChallengeResponseAuthentication no
- PasswordAuthentication no
- KerberosAuthentication no
- GSSAPIAuthentication no
- X11Forwarding no
- X11DisplayOffset 10
- PrintMotd no
- DebianBanner no
- PrintLastLog yes
- TCPKeepAlive yes
- ClientAliveInterval 0
- AcceptEnv LANG LC_*
- Subsystem sftp /usr/lib/openssh/sftp-server
- UsePAM yes
- EOF
- sudo service ssh restart