diff options
Diffstat (limited to 'scripts/hostclass/smtp_server')
| -rw-r--r-- | scripts/hostclass/smtp_server/10-rspamd | 10 | ||||
| -rw-r--r-- | scripts/hostclass/smtp_server/20-postfix | 4 |
2 files changed, 9 insertions, 5 deletions
diff --git a/scripts/hostclass/smtp_server/10-rspamd b/scripts/hostclass/smtp_server/10-rspamd index d104e9c..094dc8a 100644 --- a/scripts/hostclass/smtp_server/10-rspamd +++ b/scripts/hostclass/smtp_server/10-rspamd @@ -5,6 +5,7 @@ : ${rspamd_domain_whitelist:=''} : ${rspamd_port:='11334'} : ${rspamd_redis_maxmemory:='1g'} +: ${rspamd_admin_users:=''} : ${postfix_virtual_domains:="$email_domain"} postfix_user=postfix @@ -22,6 +23,7 @@ rspamd_redis_data_dir="${redis_data_dir}/rspamd" rspamd_bayes_redis_data_dir="${redis_data_dir}/rspamd-bayes" rspamd_tls_cert=/usr/local/etc/nginx/rspamd.crt rspamd_tls_key=/usr/local/etc/nginx/rspamd.key +nginx_keytab="${keytab_dir}/nginx.keytab" pkg install -y \ postfix \ @@ -85,9 +87,15 @@ pw groupmod "$redis_user" -m "$rspamd_user" # Generate nginx configuration. install_template -m 0644 \ /usr/local/etc/nginx/nginx.conf \ - /usr/local/etc/nginx/acme.conf \ /usr/local/etc/nginx/vhosts.conf +# Create HTTP service principal and keytab. +add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}" + +ktadd -k "$nginx_keytab" "HTTP/${fqdn}" +chgrp "$nginx_user" "$nginx_keytab" +chmod 640 "$nginx_keytab" + # Copy TLS certificate for nginx. install_certificate nginx "$rspamd_tls_cert" install_certificate_key nginx "$rspamd_tls_key" diff --git a/scripts/hostclass/smtp_server/20-postfix b/scripts/hostclass/smtp_server/20-postfix index 6f891da..0d4830f 100644 --- a/scripts/hostclass/smtp_server/20-postfix +++ b/scripts/hostclass/smtp_server/20-postfix @@ -21,7 +21,6 @@ postfix_public_tls_cert="${acme_cert_dir}/postfix.crt" postfix_public_tls_key="${acme_cert_dir}/postfix.key" postfix_local_tls_cert="${postfix_conf_dir}/postfix.crt" postfix_local_tls_key="${postfix_conf_dir}/postfix.key" -postfix_dhparams="${postfix_conf_dir}/dhparams.pem" # Install packages. pkg install -y \ @@ -55,9 +54,6 @@ install_directory -m 0750 -o "$saslauthd_user" -g "$postfix_user" "$saslauthd_ru install_certificate -m 0644 -o root -g "$postfix_user" postfix "$postfix_local_tls_cert" install_certificate_key -m 0640 -o root -g "$postfix_user" postfix "$postfix_local_tls_key" -# Generate dhparams. -[ -f "$postfix_dhparams" ] || openssl dhparam -out "$postfix_dhparams" 2048 - if [ "$postfix_public_fqdn" != "$fqdn" ]; then # Acquire public TLS certificate. install_file /usr/local/etc/sudoers.d/acme |