more postfix/rspamd stuff

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-03 22:38:06 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-03 22:38:06 -0400
commit: a1bddcb1de1053994fb445267ca5d1ffaecb0fb5 (patch)
tree: ba2f614ac93dabc6b148037fc604966c7907b384 /scripts/hostclass/smtp_server/10-rspamd
parent: 47f90d0916ac34ef132e3bb6da92a4a67dffbba8 (diff)
download: infrastructure-a1bddcb1de1053994fb445267ca5d1ffaecb0fb5.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/scripts/hostclass/smtp_server/10-rspamd b/scripts/hostclass/smtp_server/10-rspamd
index d104e9c..094dc8a 100644
--- a/scripts/hostclass/smtp_server/10-rspamd
+++ b/scripts/hostclass/smtp_server/10-rspamd
@@ -5,6 +5,7 @@
 : ${rspamd_domain_whitelist:=''}
 : ${rspamd_port:='11334'}
 : ${rspamd_redis_maxmemory:='1g'}
+: ${rspamd_admin_users:=''}
 : ${postfix_virtual_domains:="$email_domain"}
 
 postfix_user=postfix
@@ -22,6 +23,7 @@ rspamd_redis_data_dir="${redis_data_dir}/rspamd"
 rspamd_bayes_redis_data_dir="${redis_data_dir}/rspamd-bayes"
 rspamd_tls_cert=/usr/local/etc/nginx/rspamd.crt
 rspamd_tls_key=/usr/local/etc/nginx/rspamd.key
+nginx_keytab="${keytab_dir}/nginx.keytab"
 
 pkg install -y \
   postfix \
@@ -85,9 +87,15 @@ pw groupmod "$redis_user" -m "$rspamd_user"
 # Generate nginx configuration.
 install_template -m 0644 \
   /usr/local/etc/nginx/nginx.conf \
-  /usr/local/etc/nginx/acme.conf \
   /usr/local/etc/nginx/vhosts.conf
 
+# Create HTTP service principal and keytab.
+add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}"
+
+ktadd -k "$nginx_keytab" "HTTP/${fqdn}"
+chgrp "$nginx_user" "$nginx_keytab"
+chmod 640 "$nginx_keytab"
+
 # Copy TLS certificate for nginx.
 install_certificate     nginx "$rspamd_tls_cert"
 install_certificate_key nginx "$rspamd_tls_key"
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-03 22:38:06 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-03 22:38:06 -0400
commit	a1bddcb1de1053994fb445267ca5d1ffaecb0fb5 (patch)
tree	ba2f614ac93dabc6b148037fc604966c7907b384 /scripts/hostclass/smtp_server/10-rspamd
parent	47f90d0916ac34ef132e3bb6da92a4a67dffbba8 (diff)
download	infrastructure-a1bddcb1de1053994fb445267ca5d1ffaecb0fb5.tar.gz