Dockerize using phusion/baseimage and runit services
This commit is contained in:
parent
2b9ce85ba8
commit
1eb77c332b
44
Dockerfile
44
Dockerfile
|
@ -19,8 +19,14 @@ FROM phusion/baseimage:0.9.16
|
||||||
|
|
||||||
# Dockerfile metadata.
|
# Dockerfile metadata.
|
||||||
MAINTAINER Joshua Tauberer (http://razor.occams.info)
|
MAINTAINER Joshua Tauberer (http://razor.occams.info)
|
||||||
EXPOSE 25 53/udp 53/tcp 80 443 587 993
|
EXPOSE 25 53/udp 53/tcp 80 443 587 993 4190
|
||||||
VOLUME /data
|
VOLUME /home/user-data
|
||||||
|
|
||||||
|
# Use baseimage init system
|
||||||
|
CMD ["/sbin/my_init"]
|
||||||
|
|
||||||
|
# Create the user-data user, so the start script doesn't have to.
|
||||||
|
RUN useradd -m user-data
|
||||||
|
|
||||||
# Docker has a beautiful way to cache images after each step. The next few
|
# Docker has a beautiful way to cache images after each step. The next few
|
||||||
# steps of installing system packages are very intensive, so we take care
|
# steps of installing system packages are very intensive, so we take care
|
||||||
|
@ -35,20 +41,28 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
|
||||||
# Install packages needed by Mail-in-a-Box.
|
# Install packages needed by Mail-in-a-Box.
|
||||||
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
|
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
|
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y rsyslog
|
|
||||||
RUN rm -f /tmp/mailinabox_apt_package_list.txt
|
|
||||||
RUN apt-get clean
|
|
||||||
|
|
||||||
# Create the user-data user, so the start script doesn't have to.
|
|
||||||
RUN useradd -m user-data
|
|
||||||
|
|
||||||
# Now add Mail-in-a-Box to the system.
|
# Now add Mail-in-a-Box to the system.
|
||||||
ADD . /usr/local/mailinabox
|
ADD . /usr/local/mailinabox
|
||||||
|
|
||||||
# We can't know things like the IP address where the container will eventually
|
# Patch setup/functions.sh
|
||||||
# be deployed until the container is started. We also don't want to create any
|
RUN cp /usr/local/mailinabox/setup/functions.sh /usr/local/mailinabox/setup/functions.orig.sh
|
||||||
# private keys during the creation of the image --- that should wait until the
|
RUN echo "# Docker patches" >> /usr/local/mailinabox/setup/functions.sh && \
|
||||||
# container is started too. So our whole setup process is deferred until the
|
echo "source containers/docker/patch/setup/functions_docker.sh" >> /usr/local/mailinabox/setup/functions.sh
|
||||||
# container is started.
|
# Skip apt-get install
|
||||||
RUN mkdir -p /etc/my_init.d
|
RUN sed 's/PACKAGES=$@/PACKAGES=""/g' -i /usr/local/mailinabox/setup/functions.sh
|
||||||
RUN ln -s /usr/local/mailinabox/containers/docker/init.sh /etc/my_init.d/20-mailinabox.sh
|
|
||||||
|
# Install runit services
|
||||||
|
ADD containers/docker/runit/ /etc/service/
|
||||||
|
|
||||||
|
# LSB Compatibility
|
||||||
|
RUN /usr/local/mailinabox/containers/docker/tools/lsb_compat.sh
|
||||||
|
|
||||||
|
# Configure service logs
|
||||||
|
RUN /usr/local/mailinabox/containers/docker/tools/runit_logs.sh
|
||||||
|
|
||||||
|
# Disable services
|
||||||
|
RUN /usr/local/mailinabox/containers/docker/tools/disable_services.sh
|
||||||
|
|
||||||
|
# Add my_init scripts
|
||||||
|
ADD containers/docker/my_init.d/* /etc/my_init.d/
|
||||||
|
|
|
@ -1,79 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# This script is used within containers to turn it into a Mail-in-a-Box.
|
|
||||||
# It is referenced by the Dockerfile. You should not run it directly.
|
|
||||||
########################################################################
|
|
||||||
|
|
||||||
# Local configuration details were not known at the time the Docker
|
|
||||||
# image was created, so all setup is defered until the container
|
|
||||||
# is started. That's when this script runs.
|
|
||||||
|
|
||||||
# If we're not in an interactive shell, set defaults.
|
|
||||||
if [ ! -t 0 ]; then
|
|
||||||
export PUBLIC_IP=auto
|
|
||||||
export PUBLIC_IPV6=auto
|
|
||||||
export PRIMARY_HOSTNAME=auto
|
|
||||||
export CSR_COUNTRY=US
|
|
||||||
export NONINTERACTIVE=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# The phusion/baseimage base image we use for a working Ubuntu
|
|
||||||
# replaces the normal Upstart system service management with
|
|
||||||
# a ligher-weight service management system called runit that
|
|
||||||
# requires a different configuration. We need to create service
|
|
||||||
# run files that do not daemonize.
|
|
||||||
|
|
||||||
# For most of the services, there is a common pattern we can use:
|
|
||||||
# execute the init.d script that the Ubuntu package installs, and
|
|
||||||
# then poll for the termination of the daemon.
|
|
||||||
function make_runit_service {
|
|
||||||
INITD_NAME=$1
|
|
||||||
WAIT_ON_PROCESS_NAME=$2
|
|
||||||
mkdir -p /etc/service/$INITD_NAME
|
|
||||||
cat > /etc/service/$INITD_NAME/run <<EOF;
|
|
||||||
#!/bin/bash
|
|
||||||
source /usr/local/mailinabox/setup/functions.sh
|
|
||||||
hide_output /etc/init.d/$INITD_NAME restart
|
|
||||||
while [ \`ps a -C $WAIT_ON_PROCESS_NAME -o pid= | wc -l\` -gt 0 ]; do
|
|
||||||
sleep 30
|
|
||||||
done
|
|
||||||
echo $WAIT_ON_PROCESS_NAME died.
|
|
||||||
sleep 20
|
|
||||||
EOF
|
|
||||||
chmod +x /etc/service/$INITD_NAME/run
|
|
||||||
}
|
|
||||||
#make_runit_service bind9 named
|
|
||||||
#make_runit_service fail2ban fail2ban
|
|
||||||
#make_runit_service mailinabox mailinabox-daemon
|
|
||||||
#make_runit_service memcached memcached
|
|
||||||
#make_runit_service nginx nginx
|
|
||||||
#make_runit_service nsd nsd
|
|
||||||
#make_runit_service opendkim opendkim
|
|
||||||
#make_runit_service php5-fpm php5-fpm
|
|
||||||
#make_runit_service postfix postfix
|
|
||||||
#make_runit_service postgrey postgrey
|
|
||||||
#make_runit_service spampd spampd
|
|
||||||
|
|
||||||
# Dovecot doesn't provide an init.d script, but it does provide
|
|
||||||
# a way to launch without daemonization. We wrote a script for
|
|
||||||
# that specifically.
|
|
||||||
#
|
|
||||||
# We also want to use Ubuntu's stock rsyslog rather than syslog-ng
|
|
||||||
# that the base image provides. Our Dockerfile installs rsyslog.
|
|
||||||
rm -rf /etc/service/syslog-ng
|
|
||||||
for service in dovecot; do
|
|
||||||
mkdir -p /etc/service/$service
|
|
||||||
cp /usr/local/mailinabox/containers/docker/runit/$service.sh /etc/service/$service/run
|
|
||||||
chmod +x /etc/service/$service/run
|
|
||||||
done
|
|
||||||
|
|
||||||
# Rsyslog isn't starting automatically but we need it during setup.
|
|
||||||
service rsyslog start
|
|
||||||
|
|
||||||
# Start configuration. Using 'source' means an exit from inside
|
|
||||||
# also exits this script and terminates the container.
|
|
||||||
cd /usr/local/mailinabox
|
|
||||||
export IS_DOCKER=1
|
|
||||||
export DISABLE_FIREWALL=1
|
|
||||||
source setup/start.sh
|
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script is used within containers to turn it into a Mail-in-a-Box.
|
||||||
|
# It is referenced by the Dockerfile. You should not run it directly.
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# Local configuration details were not known at the time the Docker
|
||||||
|
# image was created, so all setup is defered until the container
|
||||||
|
# is started. That's when this script runs.
|
||||||
|
|
||||||
|
# If we're not in an interactive shell, set defaults.
|
||||||
|
if [ ! -t 0 ]; then
|
||||||
|
echo '*** Non interactive shell detected...'
|
||||||
|
export PUBLIC_IP=auto
|
||||||
|
export PUBLIC_IPV6=auto
|
||||||
|
export PRIMARY_HOSTNAME=auto
|
||||||
|
export CSR_COUNTRY=US
|
||||||
|
export NONINTERACTIVE=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ([ -z "$FORCE_INSTALL" ] && [ -f /var/lib/mailinabox/api.key ]); then
|
||||||
|
# Mailinabox is already installed and we don't want to reinstall
|
||||||
|
export SKIP_INSTALL=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If we are skipping install, reload from /etc/mailinabox.conf if exists
|
||||||
|
if ([ -f /var/lib/mailinabox/api.key ] && [ ! -z "$SKIP_INSTALL" ]); then
|
||||||
|
echo '*** Loading variables from "/etc/mailinabox.conf"...'
|
||||||
|
|
||||||
|
source /etc/mailinabox.conf
|
||||||
|
unset PRIVATE_IP
|
||||||
|
unset PRIVATE_IPV6
|
||||||
|
export SKIP_NETWORK_CHECKS=1
|
||||||
|
export NONINTERACTIVE=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
export DISABLE_FIREWALL=1
|
||||||
|
cd /usr/local/mailinabox
|
||||||
|
|
||||||
|
if [ -z "$SKIP_INSTALL" ]; then
|
||||||
|
# Disable all services.
|
||||||
|
/usr/local/mailinabox/containers/docker/tools/disable_services.sh
|
||||||
|
|
||||||
|
echo "*** Starting mailinabox installation..."
|
||||||
|
# Run in background to avoid blocking runit initialization while installing.
|
||||||
|
source setup/start.sh &
|
||||||
|
else
|
||||||
|
echo "*** Configuring mailinabox..."
|
||||||
|
# Run in foreground for services to be started after configuration.
|
||||||
|
source setup/configure.sh
|
||||||
|
fi
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
function save_function() {
|
||||||
|
local ORIG_FUNC=$(declare -f $1)
|
||||||
|
local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
|
||||||
|
eval "$NEWNAME_FUNC"
|
||||||
|
}
|
||||||
|
|
||||||
|
function enable_service {
|
||||||
|
if [ -f /etc/service/$1/down ]; then
|
||||||
|
# Runit service already exists, but is disabled with a down file. Remove it.
|
||||||
|
rm /etc/service/$1/down
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
save_function restart_service restart_service_orig
|
||||||
|
function restart_service {
|
||||||
|
# Make sure service is enabled
|
||||||
|
enable_service $1
|
||||||
|
|
||||||
|
# Call original method
|
||||||
|
restart_service_orig $1
|
||||||
|
}
|
|
@ -9,69 +9,94 @@
|
||||||
# packages and pulls in the Mail-in-a-Box source code. This is
|
# packages and pulls in the Mail-in-a-Box source code. This is
|
||||||
# defined in Dockerfile at the root of this repository.
|
# defined in Dockerfile at the root of this repository.
|
||||||
#
|
#
|
||||||
# A mailinabox-userdata container is started next. This container
|
# A mailinabox-data container is created next. This container
|
||||||
# contains nothing but a shared volume for storing user data.
|
# contains nothing but a shared volume for storing user data.
|
||||||
# It is segregated from the rest of the live system to make backups
|
# It is segregated from the rest of the live system to make backups
|
||||||
# easier.
|
# easier.
|
||||||
#
|
#
|
||||||
# The mailinabox-services container is started last. It is the
|
# The mailinabox container is started last. It is the
|
||||||
# real thing: it runs the mailinabox image. This container will
|
# real thing: it runs the mailinabox image. This container will
|
||||||
# initialize itself and will initialize the mailinabox-userdata
|
# initialize itself and will initialize the mailinabox-data
|
||||||
# volume if the volume is new.
|
# volume if the volume is new.
|
||||||
|
|
||||||
# Build or rebuild the image.
|
# Build or rebuild the image.
|
||||||
# Rebuilds are very fast.
|
# Rebuilds are very fast.
|
||||||
|
|
||||||
tput setaf 2
|
HOST_HTTP_PORT=${HOST_HTTP_PORT:-80}
|
||||||
echo "Building/updating base image (mailinabox)..."
|
HOST_HTTPS_PORT=${HOST_HTTPS_PORT:-443}
|
||||||
tput setaf 7
|
CONTAINER_NAME=${CONTAINER_NAME:-mailinabox}
|
||||||
|
CONTAINER_DATA_NAME=${CONTAINER_DATA_NAME:-${CONTAINER_NAME}-data}
|
||||||
|
|
||||||
docker build -q -t mailinabox .
|
if [ -z "$SKIP_BUILD" ]; then
|
||||||
|
|
||||||
if ! docker ps -a | grep mailinabox-userdata > /dev/null; then
|
|
||||||
tput setaf 2
|
tput setaf 2
|
||||||
echo
|
echo "Building/updating base image (mailinabox)..."
|
||||||
echo "Creating a new container for your data (mailinabox-userdata)..."
|
|
||||||
tput setaf 7
|
tput setaf 7
|
||||||
|
|
||||||
docker run -d \
|
docker build -q -t mailinabox .
|
||||||
--name mailinabox-userdata \
|
fi;
|
||||||
-v /home/user-data \
|
|
||||||
scratch /bin/does-not-exist-but-thats-ok
|
if ! docker inspect ${CONTAINER_DATA_NAME} > /dev/null; then
|
||||||
|
tput setaf 2
|
||||||
|
echo
|
||||||
|
echo "Creating a new container for your data (${CONTAINER_DATA_NAME})..."
|
||||||
|
tput setaf 7
|
||||||
|
|
||||||
|
docker create \
|
||||||
|
--name ${CONTAINER_DATA_NAME} \
|
||||||
|
$([ -z "$HOST_USERDATA_VOLUME" ] && echo "-v $HOST_USERDATA_VOLUME:/home/user-data" || echo "-v /home/user-data") \
|
||||||
|
phusion/baseimage:0.9.16
|
||||||
else
|
else
|
||||||
tput setaf 2
|
tput setaf 2
|
||||||
echo
|
echo
|
||||||
echo "Using existing container mailinabox-userdata for your data."
|
echo "Using existing container ${CONTAINER_DATA_NAME} for your data."
|
||||||
tput setaf 7
|
tput setaf 7
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# End a running container.
|
# End a running container.
|
||||||
|
if docker inspect ${CONTAINER_NAME} > /dev/null; then
|
||||||
if docker ps -a | grep mailinabox-services > /dev/null; then
|
|
||||||
tput setaf 2
|
tput setaf 2
|
||||||
echo
|
echo
|
||||||
echo "Destroying mailinabox-services container..."
|
echo "Destroying ${CONTAINER_NAME} container..."
|
||||||
tput setaf 7
|
tput setaf 7
|
||||||
|
|
||||||
docker rm -f mailinabox-services
|
docker rm -f ${CONTAINER_NAME}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start container.
|
# Start container.
|
||||||
|
|
||||||
tput setaf 2
|
tput setaf 2
|
||||||
echo
|
echo
|
||||||
echo "Starting new container (mailinabox-services)..."
|
echo "Starting new container (${CONTAINER_NAME})..."
|
||||||
tput setaf 7
|
tput setaf 7
|
||||||
|
|
||||||
|
# Run the services container
|
||||||
|
# detached if NONINTERACTIVE is set,
|
||||||
|
# interactively if NONINTERACTIVE is not set,
|
||||||
# Notes:
|
# Notes:
|
||||||
# * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing
|
# * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing
|
||||||
# on a residential network.
|
# on a residential network.
|
||||||
|
# * --privileged flag cause an issue with bind9/named failing to start in this case
|
||||||
|
# see docker/docker#7318
|
||||||
docker run \
|
docker run \
|
||||||
--privileged \
|
|
||||||
-v /dev/urandom:/dev/random \
|
-v /dev/urandom:/dev/random \
|
||||||
-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
|
-p 25:25 \
|
||||||
--name mailinabox-services \
|
$([ -z "$NODNS" ] && echo "-p 53:53/udp -p 53:53/tcp") \
|
||||||
--volumes-from mailinabox-userdata \
|
-p $HOST_HTTP_PORT:80 \
|
||||||
-e "SKIP_NETWORK_CHECKS=$SKIP_NETWORK_CHECKS" \
|
-p $HOST_HTTPS_PORT:443 \
|
||||||
|
-p 587:587 \
|
||||||
|
-p 993:993 \
|
||||||
|
-p 4190:4190 \
|
||||||
|
--name ${CONTAINER_NAME} \
|
||||||
|
--volumes-from ${CONTAINER_DATA_NAME} \
|
||||||
|
--restart always \
|
||||||
|
$([ ! -z "$NONINTERACTIVE" ] && echo "-d") \
|
||||||
|
-it \
|
||||||
mailinabox
|
mailinabox
|
||||||
|
|
||||||
|
if [ -z "$NONINTERACTIVE" ]; then
|
||||||
|
tput setaf 2
|
||||||
|
echo
|
||||||
|
echo "Restarting container ${CONTAINER_NAME}..."
|
||||||
|
tput setaf 7
|
||||||
|
|
||||||
|
docker restart ${CONTAINER_NAME}
|
||||||
|
fi
|
|
@ -0,0 +1,52 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
# for a chrooted server: "-u bind -t /var/lib/named"
|
||||||
|
# Don't modify this line, change or create /etc/default/bind9.
|
||||||
|
OPTIONS=""
|
||||||
|
RESOLVCONF=no
|
||||||
|
|
||||||
|
test -f /etc/default/bind9 && . /etc/default/bind9
|
||||||
|
|
||||||
|
test -x /usr/sbin/rndc || exit 0
|
||||||
|
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
check_network() {
|
||||||
|
if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
|
||||||
|
IFCONFIG_OPTS="-au"
|
||||||
|
else
|
||||||
|
IFCONFIG_OPTS=""
|
||||||
|
fi
|
||||||
|
if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
|
||||||
|
#log_action_msg "No networks configured."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
log_daemon_msg "Starting domain name service..." "bind9"
|
||||||
|
|
||||||
|
modprobe capability >/dev/null 2>&1 || true
|
||||||
|
|
||||||
|
# dirs under /var/run can go away on reboots.
|
||||||
|
mkdir -p /var/run/named
|
||||||
|
chmod 775 /var/run/named
|
||||||
|
chown root:bind /var/run/named >/dev/null 2>&1 || true
|
||||||
|
|
||||||
|
if [ ! -x /usr/sbin/named ]; then
|
||||||
|
log_action_msg "named binary missing - not starting"
|
||||||
|
log_end_msg 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! check_network; then
|
||||||
|
log_action_msg "no networks configured"
|
||||||
|
log_end_msg 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
|
||||||
|
echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec /usr/sbin/named -f $OPTIONS
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
exec /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
|
|
@ -0,0 +1,93 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
DESC="authentication failure monitor"
|
||||||
|
NAME=fail2ban
|
||||||
|
|
||||||
|
# fail2ban-client is not a daemon itself but starts a daemon and
|
||||||
|
# loads its with configuration
|
||||||
|
#DAEMON=/usr/bin/$NAME-client
|
||||||
|
DAEMON=/usr/bin/$NAME-server
|
||||||
|
SCRIPTNAME=/etc/init.d/$NAME
|
||||||
|
|
||||||
|
# Ad-hoc way to parse out socket file name
|
||||||
|
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
|
||||||
|
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
|
||||||
|
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
|
||||||
|
|
||||||
|
# Exit if the package is not installed
|
||||||
|
[ -x "$DAEMON" ] || exit 0
|
||||||
|
|
||||||
|
# Run as root by default.
|
||||||
|
FAIL2BAN_USER=root
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
DAEMON_ARGS="-f $FAIL2BAN_OPTS"
|
||||||
|
|
||||||
|
# Load the VERBOSE setting and other rcS variables
|
||||||
|
[ -f /etc/default/rcS ] && . /etc/default/rcS
|
||||||
|
|
||||||
|
# Predefine what can be missing from lsb source later on -- necessary to run
|
||||||
|
# on sarge. Just present it in a bit more compact way from what was shipped
|
||||||
|
log_daemon_msg () {
|
||||||
|
[ -z "$1" ] && return 1
|
||||||
|
echo -n "$1:"
|
||||||
|
[ -z "$2" ] || echo -n " $2"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Define LSB log_* functions.
|
||||||
|
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||||
|
# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
|
||||||
|
# so we must be ok
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
#
|
||||||
|
# Shortcut function for abnormal init script interruption
|
||||||
|
#
|
||||||
|
report_bug()
|
||||||
|
{
|
||||||
|
echo $*
|
||||||
|
echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Helper function to check if socket is present, which is often left after
|
||||||
|
# abnormal exit of fail2ban and needs to be removed
|
||||||
|
#
|
||||||
|
check_socket()
|
||||||
|
{
|
||||||
|
# Return
|
||||||
|
# 0 if socket is present and readable
|
||||||
|
# 1 if socket file is not present
|
||||||
|
# 2 if socket file is present but not readable
|
||||||
|
# 3 if socket file is present but is not a socket
|
||||||
|
[ -e "$SOCKFILE" ] || return 1
|
||||||
|
[ -r "$SOCKFILE" ] || return 2
|
||||||
|
[ -S "$SOCKFILE" ] || return 3
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -e "$SOCKFILE" ]; then
|
||||||
|
log_failure_msg "Socket file $SOCKFILE is present"
|
||||||
|
[ "$1" = "force-start" ] \
|
||||||
|
&& log_success_msg "Starting anyway as requested" \
|
||||||
|
|| return 2
|
||||||
|
DAEMON_ARGS="$DAEMON_ARGS -x"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Assure that /var/run/fail2ban exists
|
||||||
|
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
|
||||||
|
|
||||||
|
if [ "$FAIL2BAN_USER" != "root" ]; then
|
||||||
|
# Make the socket directory, IP lists and fail2ban log
|
||||||
|
# files writable by fail2ban
|
||||||
|
chown "$FAIL2BAN_USER" /var/run/fail2ban
|
||||||
|
# Create the logfile if it doesn't exist
|
||||||
|
touch /var/log/fail2ban.log
|
||||||
|
chown "$FAIL2BAN_USER" /var/log/fail2ban.log
|
||||||
|
find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec /sbin/setuser $FAIL2BAN_USER $DAEMON $DAEMON_ARGS
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
NAME=mailinabox
|
||||||
|
DAEMON=/usr/local/bin/mailinabox-daemon
|
||||||
|
|
||||||
|
export LANGUAGE=en_US.UTF-8
|
||||||
|
export LC_ALL=en_US.UTF-8
|
||||||
|
export LANG=en_US.UTF-8
|
||||||
|
export LC_TYPE=en_US.UTF-8
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
|
||||||
|
exec $DAEMON 2>&1
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/bin/memcached
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Edit /etc/default/memcached to change this.
|
||||||
|
ENABLE_MEMCACHED=no
|
||||||
|
test -r /etc/default/memcached && . /etc/default/memcached
|
||||||
|
|
||||||
|
echo -n "Starting $DESC: "
|
||||||
|
if [ $ENABLE_MEMCACHED = yes ]; then
|
||||||
|
exec /sbin/setuser memcache $DAEMON
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/sbin/nginx
|
||||||
|
NAME=nginx
|
||||||
|
DESC=nginx
|
||||||
|
|
||||||
|
# Include nginx defaults if available
|
||||||
|
if [ -r /etc/default/nginx ]; then
|
||||||
|
. /etc/default/nginx
|
||||||
|
fi
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
|
||||||
|
. /lib/init/vars.sh
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Check if the ULIMIT is set in /etc/default/nginx
|
||||||
|
if [ -n "$ULIMIT" ]; then
|
||||||
|
# Set the ulimits
|
||||||
|
ulimit $ULIMIT
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec $DAEMON $DAEMON_OPTS -g "daemon off;"
|
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||||
|
NAME=nsd # Introduce the short server's name here
|
||||||
|
DAEMON=/usr/sbin/$NAME # Introduce the server's location here
|
||||||
|
CONFFILE=/etc/nsd/nsd.conf
|
||||||
|
DAEMON_ARGS="-d -c $CONFFILE"
|
||||||
|
|
||||||
|
NSDC=/usr/sbin/nsd-control
|
||||||
|
|
||||||
|
# Exit if the package is not installed
|
||||||
|
[ -x $DAEMON ] || exit 0
|
||||||
|
|
||||||
|
PIDFILE=$(nsd-checkconf -o pidfile $CONFFILE)
|
||||||
|
|
||||||
|
prepare_environment() {
|
||||||
|
mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")"
|
||||||
|
chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")"
|
||||||
|
mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")"
|
||||||
|
chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")"
|
||||||
|
}
|
||||||
|
|
||||||
|
prepare_environment
|
||||||
|
|
||||||
|
# Check if daemon is running
|
||||||
|
nc -z -w 4 localhost 10222
|
||||||
|
/usr/local/mailinabox/tools/dns_update
|
||||||
|
|
||||||
|
exec $DAEMON $DAEMON_ARGS
|
|
@ -0,0 +1,71 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/sbin/opendkim
|
||||||
|
NAME=opendkim
|
||||||
|
DESC="OpenDKIM"
|
||||||
|
RUNDIR=/var/run/$NAME
|
||||||
|
USER=opendkim
|
||||||
|
GROUP=opendkim
|
||||||
|
SOCKET=local:$RUNDIR/$NAME.sock
|
||||||
|
PIDFILE=$RUNDIR/$NAME.pid
|
||||||
|
CONFFILE=/etc/$NAME.conf
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
test -f $CONFFILE || exit 0
|
||||||
|
|
||||||
|
# Check if mailinabox configuration files are there
|
||||||
|
test -f /etc/opendkim/SigningTable || exit 0
|
||||||
|
|
||||||
|
# Include LSB provided init functions
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Include opendkim defaults if available
|
||||||
|
if [ -f /etc/default/opendkim ] ; then
|
||||||
|
. /etc/default/opendkim
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f /etc/opendkim.conf ]; then
|
||||||
|
CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendkim.conf`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This can be set via Socket option in config file, so it's not required
|
||||||
|
if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then
|
||||||
|
DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DAEMON_OPTS="-f -x $CONFFILE -u $USER -P $PIDFILE $DAEMON_OPTS"
|
||||||
|
|
||||||
|
|
||||||
|
# Create the run directory if it doesn't exist
|
||||||
|
if [ ! -d "$RUNDIR" ]; then
|
||||||
|
install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2
|
||||||
|
[ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clean up stale sockets
|
||||||
|
if [ -f "$PIDFILE" ]; then
|
||||||
|
pid=`cat $PIDFILE`
|
||||||
|
if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then
|
||||||
|
rm "$PIDFILE"
|
||||||
|
TMPSOCKET=""
|
||||||
|
if [ -n "$SOCKET" ]; then
|
||||||
|
TMPSOCKET="$SOCKET"
|
||||||
|
elif [ -n "$CONFIG_SOCKET" ]; then
|
||||||
|
TMPSOCKET="$CONFIG_SOCKET"
|
||||||
|
fi
|
||||||
|
if [ -n "$TMPSOCKET" ]; then
|
||||||
|
# UNIX sockets may be specified with or without the
|
||||||
|
# local: prefix; handle both
|
||||||
|
t=`echo $SOCKET | cut -d: -f1`
|
||||||
|
s=`echo $SOCKET | cut -d: -f2`
|
||||||
|
if [ -e "$s" -a -S "$s" ]; then
|
||||||
|
if [ "$t" = "$s" -o "$t" = "local" ]; then
|
||||||
|
rm "$s"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec $DAEMON $DAEMON_OPTS
|
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/sbin/opendmarc
|
||||||
|
NAME=opendmarc
|
||||||
|
DESC="OpenDMARC"
|
||||||
|
RUNDIR=/var/run/$NAME
|
||||||
|
USER=opendmarc
|
||||||
|
GROUP=opendmarc
|
||||||
|
SOCKET=local:$RUNDIR/$NAME.sock
|
||||||
|
PIDFILE=$RUNDIR/$NAME.pid
|
||||||
|
CONFFILE=/etc/$NAME.conf
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
test -f $CONFFILE || exit 0
|
||||||
|
|
||||||
|
# Check if mailinabox configuration files are there
|
||||||
|
test -f /etc/opendkim/SigningTable || exit 0
|
||||||
|
|
||||||
|
# Include LSB provided init functions
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Include opendkim defaults if available
|
||||||
|
if [ -f /etc/default/opendmarc ] ; then
|
||||||
|
. /etc/default/opendmarc
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f /etc/opendmarc.conf ]; then
|
||||||
|
CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendmarc.conf`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This can be set via Socket option in config file, so it's not required
|
||||||
|
if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then
|
||||||
|
DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
DAEMON_OPTS="-f -c $CONFFILE -u $USER -P $PIDFILE $DAEMON_OPTS"
|
||||||
|
|
||||||
|
|
||||||
|
# Create the run directory if it doesn't exist
|
||||||
|
if [ ! -d "$RUNDIR" ]; then
|
||||||
|
install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2
|
||||||
|
[ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR"
|
||||||
|
fi
|
||||||
|
# Clean up stale sockets
|
||||||
|
if [ -f "$PIDFILE" ]; then
|
||||||
|
pid=`cat $PIDFILE`
|
||||||
|
if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then
|
||||||
|
rm "$PIDFILE"
|
||||||
|
TMPSOCKET=""
|
||||||
|
if [ -n "$SOCKET" ]; then
|
||||||
|
TMPSOCKET="$SOCKET"
|
||||||
|
elif [ -n "$CONFIG_SOCKET" ]; then
|
||||||
|
TMPSOCKET="$CONFIG_SOCKET"
|
||||||
|
fi
|
||||||
|
if [ -n "$TMPSOCKET" ]; then
|
||||||
|
# UNIX sockets may be specified with or without the
|
||||||
|
# local: prefix; handle both
|
||||||
|
t=`echo $SOCKET | cut -d: -f1`
|
||||||
|
s=`echo $SOCKET | cut -d: -f2`
|
||||||
|
if [ -e "$s" -a -S "$s" ]; then
|
||||||
|
if [ "$t" = "$s" -o "$t" = "local" ]; then
|
||||||
|
rm "$s"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec $DAEMON $DAEMON_OPTS
|
|
@ -0,0 +1,42 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||||
|
DESC="PHP5 FastCGI Process Manager"
|
||||||
|
NAME=php5-fpm
|
||||||
|
DAEMON=/usr/sbin/$NAME
|
||||||
|
DAEMON_ARGS="-F --fpm-config /etc/php5/fpm/php-fpm.conf"
|
||||||
|
PIDFILE=/var/run/php5-fpm.pid
|
||||||
|
SCRIPTNAME=/etc/init.d/$NAME
|
||||||
|
|
||||||
|
# Exit if the package is not installed
|
||||||
|
[ -x "$DAEMON" ] || exit 0
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
|
||||||
|
# Load the VERBOSE setting and other rcS variables
|
||||||
|
. /lib/init/vars.sh
|
||||||
|
|
||||||
|
# Define LSB log_* functions.
|
||||||
|
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Don't run if we are running upstart
|
||||||
|
if init_is_upstart; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function to check the correctness of the config file
|
||||||
|
#
|
||||||
|
do_check()
|
||||||
|
{
|
||||||
|
/usr/lib/php5/php5-fpm-checkconf || return 1
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# Read configuration variable file if it is present
|
||||||
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||||
|
|
||||||
|
do_check
|
||||||
|
exec $DAEMON $DAEMON_ARGS
|
|
@ -0,0 +1,144 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
exec 1>&2
|
||||||
|
|
||||||
|
PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||||
|
DAEMON=/usr/sbin/postfix
|
||||||
|
NAME=Postfix
|
||||||
|
TZ=
|
||||||
|
unset TZ
|
||||||
|
|
||||||
|
# Defaults - don't touch, edit /etc/default/postfix
|
||||||
|
SYNC_CHROOT="y"
|
||||||
|
|
||||||
|
test -f /etc/default/postfix && . /etc/default/postfix
|
||||||
|
|
||||||
|
test -x $DAEMON && test -f /etc/postfix/main.cf || exit 0
|
||||||
|
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
configure_instance() {
|
||||||
|
POSTCONF="postconf"
|
||||||
|
|
||||||
|
# if you set myorigin to 'ubuntu.com' or 'debian.org', it's wrong, and annoys the admins of
|
||||||
|
# those domains. See also sender_canonical_maps.
|
||||||
|
|
||||||
|
MYORIGIN=$($POSTCONF -h myorigin | tr 'A-Z' 'a-z')
|
||||||
|
if [ "X${MYORIGIN#/}" != "X${MYORIGIN}" ]; then
|
||||||
|
MYORIGIN=$(tr 'A-Z' 'a-z' < $MYORIGIN)
|
||||||
|
fi
|
||||||
|
if [ "X$MYORIGIN" = Xubuntu.com ] || [ "X$MYORIGIN" = Xdebian.org ]; then
|
||||||
|
log_failure_msg "Invalid \$myorigin ($MYORIGIN), refusing to start"
|
||||||
|
log_end_msg 1
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
config_dir=$($POSTCONF -h config_directory)
|
||||||
|
# see if anything is running chrooted.
|
||||||
|
NEED_CHROOT=$(awk '/^[0-9a-z]/ && ($5 ~ "[-yY]") { print "y"; exit}' ${config_dir}/master.cf)
|
||||||
|
|
||||||
|
if [ -n "$NEED_CHROOT" ] && [ -n "$SYNC_CHROOT" ]; then
|
||||||
|
# Make sure that the chroot environment is set up correctly.
|
||||||
|
oldumask=$(umask)
|
||||||
|
umask 022
|
||||||
|
queue_dir=$($POSTCONF -h queue_directory)
|
||||||
|
cd "$queue_dir"
|
||||||
|
|
||||||
|
# copy the CA path if specified
|
||||||
|
ca_path=$($POSTCONF -h smtp_tls_CApath)
|
||||||
|
case "$ca_path" in
|
||||||
|
'') :;; # no ca_path
|
||||||
|
$queue_dir/*) :;; # skip stuff already in chroot, (and to make vim syntax happy: */)
|
||||||
|
*)
|
||||||
|
if test -d "$ca_path"; then
|
||||||
|
dest_dir="$queue_dir/${ca_path#/}"
|
||||||
|
# strip any/all trailing /
|
||||||
|
while [ "${dest_dir%/}" != "${dest_dir}" ]; do
|
||||||
|
dest_dir="${dest_dir%/}"
|
||||||
|
done
|
||||||
|
new=0
|
||||||
|
if test -d "$dest_dir"; then
|
||||||
|
# write to a new directory ...
|
||||||
|
dest_dir="${dest_dir}.NEW"
|
||||||
|
new=1
|
||||||
|
fi
|
||||||
|
mkdir --parent ${dest_dir}
|
||||||
|
# handle files in subdirectories
|
||||||
|
(cd "$ca_path" && find . -name '*.pem' -print0 | cpio -0pdL --quiet "$dest_dir") 2>/dev/null ||
|
||||||
|
(log_failure_msg failure copying certificates; exit 1)
|
||||||
|
c_rehash "$dest_dir" >/dev/null 2>&1
|
||||||
|
if [ "$new" = 1 ]; then
|
||||||
|
# and replace the old directory
|
||||||
|
rm -rf "${dest_dir%.NEW}"
|
||||||
|
mv "$dest_dir" "${dest_dir%.NEW}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# if there is a CA file, copy it
|
||||||
|
ca_file=$($POSTCONF -h smtp_tls_CAfile)
|
||||||
|
case "$ca_file" in
|
||||||
|
$queue_dir/*) :;; # skip stuff already in chroot
|
||||||
|
'') # no ca_file
|
||||||
|
# or copy the bundle to preserve functionality
|
||||||
|
ca_bundle=/etc/ssl/certs/ca-certificates.crt
|
||||||
|
if [ -f $ca_bundle ]; then
|
||||||
|
mkdir --parent "$queue_dir/${ca_bundle%/*}"
|
||||||
|
cp -L "$ca_bundle" "$queue_dir/${ca_bundle%/*}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if test -f "$ca_file"; then
|
||||||
|
dest_dir="$queue_dir/${ca_path#/}"
|
||||||
|
mkdir --parent "$dest_dir"
|
||||||
|
cp -L "$ca_file" "$dest_dir"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# if we're using unix:passwd.byname, then we need to add etc/passwd.
|
||||||
|
local_maps=$($POSTCONF -h local_recipient_maps)
|
||||||
|
if [ "X$local_maps" != "X${local_maps#*unix:passwd.byname}" ]; then
|
||||||
|
if [ "X$local_maps" = "X${local_maps#*proxy:unix:passwd.byname}" ]; then
|
||||||
|
sed 's/^\([^:]*\):[^:]*/\1:x/' /etc/passwd > etc/passwd
|
||||||
|
chmod a+r etc/passwd
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
|
||||||
|
etc/nsswitch.conf etc/nss_mdns.config"
|
||||||
|
for file in $FILES; do
|
||||||
|
[ -d ${file%/*} ] || mkdir -p ${file%/*}
|
||||||
|
if [ -f /${file} ]; then rm -f ${file} && cp /${file} ${file}; fi
|
||||||
|
if [ -f ${file} ]; then chmod a+rX ${file}; fi
|
||||||
|
done
|
||||||
|
# ldaps needs this. debian bug 572841
|
||||||
|
(echo /dev/random; echo /dev/urandom) | cpio -pdL --quiet . 2>/dev/null || true
|
||||||
|
rm -f usr/lib/zoneinfo/localtime
|
||||||
|
mkdir -p usr/lib/zoneinfo
|
||||||
|
ln -sf /etc/localtime usr/lib/zoneinfo/localtime
|
||||||
|
|
||||||
|
LIBLIST=$(for name in gcc_s nss resolv; do
|
||||||
|
for f in /lib/*/lib${name}*.so* /lib/lib${name}*.so*; do
|
||||||
|
if [ -f "$f" ]; then echo ${f#/}; fi;
|
||||||
|
done;
|
||||||
|
done)
|
||||||
|
|
||||||
|
if [ -n "$LIBLIST" ]; then
|
||||||
|
for f in "$LIBLIST"; do
|
||||||
|
rm -f "$f"
|
||||||
|
done
|
||||||
|
tar cf - -C / $LIBLIST 2>/dev/null |tar xf -
|
||||||
|
fi
|
||||||
|
umask $oldumask
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
configure_instance
|
||||||
|
|
||||||
|
command_directory=`postconf -h command_directory`
|
||||||
|
daemon_directory=`$command_directory/postconf -h daemon_directory`
|
||||||
|
# make consistency check
|
||||||
|
$command_directory/postfix check
|
||||||
|
# run Postfix
|
||||||
|
exec $daemon_directory/master
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/sbin/postgrey
|
||||||
|
NAME=postgrey
|
||||||
|
DESC="postfix greylisting daemon"
|
||||||
|
|
||||||
|
PIDFILE=/var/run/$NAME.pid
|
||||||
|
SCRIPTNAME=/etc/init.d/$NAME
|
||||||
|
|
||||||
|
# Gracefully exit if the package has been removed.
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Read config file if it is present.
|
||||||
|
if [ -r /etc/default/$NAME ]
|
||||||
|
then
|
||||||
|
. /etc/default/$NAME
|
||||||
|
fi
|
||||||
|
|
||||||
|
POSTGREY_OPTS="--pidfile=$PIDFILE $POSTGREY_OPTS"
|
||||||
|
if [ -z "$POSTGREY_TEXT" ]; then
|
||||||
|
POSTGREY_TEXT_OPT=""
|
||||||
|
else
|
||||||
|
POSTGREY_TEXT_OPT="--greylist-text=$POSTGREY_TEXT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec $DAEMON $POSTGREY_OPTS "$POSTGREY_TEXT_OPT"
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
rsyslogd -n
|
|
|
@ -0,0 +1,98 @@
|
||||||
|
#!/bin/bash
|
||||||
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
|
||||||
|
DESC='spam checking proxy daemon'
|
||||||
|
NAME='spampd'
|
||||||
|
PROGRAM=/usr/sbin/spampd
|
||||||
|
#EXECUTABLE=`head -n 1 $PROGRAM | sed -e 's,^#![ ]*/,/,;s,[ ].*$,,'`
|
||||||
|
EXECUTABLE=/usr/bin/perl
|
||||||
|
PIDFILE=/var/run/spampd.pid
|
||||||
|
|
||||||
|
if [ -f $PIDFILE ]; then
|
||||||
|
# If can't delete pidfile, this means process is running ...
|
||||||
|
rm $PIDFILE || exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# set some important defaults (overridable via /etc/default/spampd)
|
||||||
|
USERID=spampd
|
||||||
|
GRPID=spampd
|
||||||
|
|
||||||
|
if [ -f /etc/default/$NAME ]; then
|
||||||
|
. /etc/default/$NAME
|
||||||
|
fi
|
||||||
|
|
||||||
|
istrue () {
|
||||||
|
ANS=$(echo $1 | tr A-Z a-z)
|
||||||
|
[ "$ANS" = 'yes' -o "$ANS" = 'true' -o "$ANS" = 'enable' -o "$ANS" = '1' ]
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# find out wether to start spampd or not
|
||||||
|
#
|
||||||
|
istrue ${STARTSPAMPD} && STARTSPAMPD='true'
|
||||||
|
|
||||||
|
#
|
||||||
|
# Check wether the program is actually there
|
||||||
|
#
|
||||||
|
# return 5 as demanded by LSB 2.1 when program isn't installed.
|
||||||
|
[ -x $PROGRAM ] || exit 5
|
||||||
|
|
||||||
|
#
|
||||||
|
# Calculate final commandline
|
||||||
|
#
|
||||||
|
S_TAGALL=''
|
||||||
|
S_AWL=''
|
||||||
|
S_LOCALONLY=''
|
||||||
|
|
||||||
|
istrue "$TAGALL" \
|
||||||
|
&& S_TAGALL='--tagall'
|
||||||
|
|
||||||
|
istrue "$AUTOWHITELIST" \
|
||||||
|
&& S_AWL='--auto-whitelist'
|
||||||
|
|
||||||
|
istrue "$LOCALONLY" \
|
||||||
|
&& S_LOCALONLY='--L'
|
||||||
|
|
||||||
|
istrue "$LOGINET" \
|
||||||
|
&& LOGTARGET="inet" \
|
||||||
|
|| LOGTARGET="unix"
|
||||||
|
|
||||||
|
ARGS="${S_LOCALONLY} ${S_AWL} ${S_TAGALL} "
|
||||||
|
|
||||||
|
[ -n "${LISTENPORT}" ] && ARGS="${ARGS} --port=${LISTENPORT}"
|
||||||
|
|
||||||
|
[ -n "${LISTENHOST}" ] && ARGS="${ARGS} --host=${LISTENHOST}"
|
||||||
|
|
||||||
|
[ -n "${DESTPORT}" ] && ARGS="${ARGS} --relayport=${DESTPORT}"
|
||||||
|
|
||||||
|
[ -n "${DESTHOST}" ] && ARGS="${ARGS} --relayhost=${DESTHOST}"
|
||||||
|
|
||||||
|
[ -n "${PIDFILE}" ] && ARGS="${ARGS} --pid=${PIDFILE}"
|
||||||
|
|
||||||
|
[ -n "${CHILDREN}" ] && ARGS="${ARGS} --children=${CHILDREN}"
|
||||||
|
|
||||||
|
[ -n "${USERID}" ] && ARGS="${ARGS} --user=${USERID}"
|
||||||
|
|
||||||
|
[ -n "${GRPID}" ] && ARGS="${ARGS} --group=${GRPID}"
|
||||||
|
|
||||||
|
[ -n "${LOGTARGET}" ] && ARGS="${ARGS} --logsock=${LOGTARGET}"
|
||||||
|
|
||||||
|
[ -n "${ADDOPTS}" ] && ARGS="${ARGS} ${ADDOPTS}"
|
||||||
|
|
||||||
|
# Don't daemonize
|
||||||
|
ARGS="${ARGS} --nodetach"
|
||||||
|
|
||||||
|
if ! istrue "${STARTSPAMPD}"; then
|
||||||
|
log_warning_msg "Starting $DESC: $NAME (disabled in /etc/default/$NAME)."
|
||||||
|
# LSB 2.1: 6 mean unconfigured. This seems appropriate here.
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
log_daemon_msg "Starting $DESC" "$NAME"
|
||||||
|
# if spampd is not installed, return 5 as demanded by LSB 2.1
|
||||||
|
if [ ! -x $EXECUTABLE ]; then
|
||||||
|
log_error_msg "failed! - executable not found"
|
||||||
|
exit 5
|
||||||
|
fi
|
||||||
|
# start daemon
|
||||||
|
exec $PROGRAM $ARGS
|
|
@ -0,0 +1,14 @@
|
||||||
|
SERVICES=/etc/service/*
|
||||||
|
|
||||||
|
for f in $SERVICES
|
||||||
|
do
|
||||||
|
service=$(basename "$f")
|
||||||
|
if [ "$service" = "syslog-ng" ]; then continue; fi;
|
||||||
|
if [ "$service" = "syslog-forwarder" ]; then continue; fi;
|
||||||
|
if [ "$service" = "ssh" ]; then continue; fi;
|
||||||
|
if [ "$service" = "cron" ]; then continue; fi;
|
||||||
|
if ([ -d /etc/service/$service ] && [ ! -f /etc/service/$service/down ]); then
|
||||||
|
echo "Creating down file for '$service'"
|
||||||
|
touch /etc/service/$service/down
|
||||||
|
fi
|
||||||
|
done
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This removes /etc/init.d service if service exists in runit.
|
||||||
|
# It also creates a symlink from /usr/bin/sv to /etc/init.d/$service
|
||||||
|
# to support SysV syntax: service $service <command> or /etc/init.d/$service <command>
|
||||||
|
|
||||||
|
SERVICES=/etc/service/*
|
||||||
|
|
||||||
|
for f in $SERVICES
|
||||||
|
do
|
||||||
|
service=$(basename "$f")
|
||||||
|
if [ -d /etc/service/$service ]; then
|
||||||
|
echo "LSB Compatibility for '$service'"
|
||||||
|
if [ -f /etc/init.d/$service ]; then
|
||||||
|
mv /etc/init.d/$service /etc/init.d/$service.lsb
|
||||||
|
chmod -x /etc/init.d/$service.lsb
|
||||||
|
fi
|
||||||
|
ln -s /usr/bin/sv /etc/init.d/$service
|
||||||
|
fi
|
||||||
|
done
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This adds a log/run file on each runit service directory.
|
||||||
|
# This file make services stdout/stderr output to svlogd log
|
||||||
|
# directory located in /var/log/runit/$service.
|
||||||
|
|
||||||
|
SERVICES=/etc/service/*
|
||||||
|
|
||||||
|
for f in $SERVICES
|
||||||
|
do
|
||||||
|
service=$(basename "$f")
|
||||||
|
if [ -d /etc/service/$service ]; then
|
||||||
|
echo "Creating log/run for '$service'"
|
||||||
|
mkdir -p /etc/service/$service/log
|
||||||
|
cat > /etc/service/$service/log/run <<EOF;
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir -p /var/log/runit
|
||||||
|
chmod o-wrx /var/log/runit
|
||||||
|
mkdir -p /var/log/runit/$service
|
||||||
|
chmod o-wrx /var/log/runit/$service
|
||||||
|
exec svlogd -tt /var/log/runit/$service/
|
||||||
|
EOF
|
||||||
|
chmod +x /etc/service/$service/log/run
|
||||||
|
fi
|
||||||
|
done
|
|
@ -113,3 +113,4 @@ chmod +x /etc/cron.daily/mailinabox-dnssec
|
||||||
|
|
||||||
ufw_allow domain
|
ufw_allow domain
|
||||||
|
|
||||||
|
restart_service nsd
|
|
@ -37,14 +37,8 @@ function apt_get_quiet {
|
||||||
}
|
}
|
||||||
|
|
||||||
function apt_install {
|
function apt_install {
|
||||||
PACKAGES=$@
|
|
||||||
|
|
||||||
if [ ! -z "$IS_DOCKER" ]; then
|
|
||||||
# Speed things up because packages are already installed by the image.
|
|
||||||
PACKAGES=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Report any packages already installed.
|
# Report any packages already installed.
|
||||||
|
PACKAGES=$@
|
||||||
TO_INSTALL=""
|
TO_INSTALL=""
|
||||||
ALREADY_INSTALLED=""
|
ALREADY_INSTALLED=""
|
||||||
for pkg in $PACKAGES; do
|
for pkg in $PACKAGES; do
|
||||||
|
@ -165,18 +159,6 @@ function ufw_allow {
|
||||||
}
|
}
|
||||||
|
|
||||||
function restart_service {
|
function restart_service {
|
||||||
# Restart a service quietly.
|
|
||||||
|
|
||||||
if [[ ! -z "$IS_DOCKER" && "$1" == "dovecot" ]]; then
|
|
||||||
# In Docker, sysvinit takes care of any services with an init.d
|
|
||||||
# script. The dovecot package provides an Upstart config only,
|
|
||||||
# and so it won't work this way. We make a new script for it
|
|
||||||
# elsewhere. We also cant do `sv restart dovecot` because runit
|
|
||||||
# is not running until after the setup scripts are run. So we
|
|
||||||
# will have to skip starting dovecot for now.
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
hide_output service $1 restart
|
hide_output service $1 restart
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -182,3 +182,4 @@ ufw_allow submission
|
||||||
# Restart services
|
# Restart services
|
||||||
|
|
||||||
restart_service postfix
|
restart_service postfix
|
||||||
|
restart_service postgrey
|
||||||
|
|
|
@ -16,10 +16,12 @@ rm -f /usr/local/bin/mailinabox-daemon
|
||||||
ln -s `pwd`/management/daemon.py /usr/local/bin/mailinabox-daemon
|
ln -s `pwd`/management/daemon.py /usr/local/bin/mailinabox-daemon
|
||||||
|
|
||||||
# Create an init script to start the management daemon and keep it
|
# Create an init script to start the management daemon and keep it
|
||||||
# running after a reboot.
|
# running after a reboot, if not runit service exists.
|
||||||
rm -f /etc/init.d/mailinabox
|
if [ ! -d /etc/service/mailinabox ]; then
|
||||||
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
|
rm -f /etc/init.d/mailinabox
|
||||||
hide_output update-rc.d mailinabox defaults
|
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
|
||||||
|
hide_output update-rc.d mailinabox defaults
|
||||||
|
fi
|
||||||
|
|
||||||
# Perform a daily backup.
|
# Perform a daily backup.
|
||||||
cat > /etc/cron.daily/mailinabox-backup << EOF;
|
cat > /etc/cron.daily/mailinabox-backup << EOF;
|
||||||
|
|
|
@ -172,4 +172,5 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud
|
||||||
|
|
||||||
# Enable PHP modules and restart PHP.
|
# Enable PHP modules and restart PHP.
|
||||||
php5enmod imap
|
php5enmod imap
|
||||||
|
restart_service memcached
|
||||||
restart_service php5-fpm
|
restart_service php5-fpm
|
||||||
|
|
|
@ -4,6 +4,7 @@ if [ -z "$NONINTERACTIVE" ]; then
|
||||||
# e.g. if we piped a bootstrapping install script to bash to get started. In that
|
# e.g. if we piped a bootstrapping install script to bash to get started. In that
|
||||||
# case, the nifty '[ -t 0 ]' test won't work. But with Vagrant we must suppress so we
|
# case, the nifty '[ -t 0 ]' test won't work. But with Vagrant we must suppress so we
|
||||||
# use a shell flag instead. Really supress any output from installing dialog.
|
# use a shell flag instead. Really supress any output from installing dialog.
|
||||||
|
apt_get_quiet update
|
||||||
apt_get_quiet install dialog
|
apt_get_quiet install dialog
|
||||||
message_box "Mail-in-a-Box Installation" \
|
message_box "Mail-in-a-Box Installation" \
|
||||||
"Hello and thanks for deploying a Mail-in-a-Box!
|
"Hello and thanks for deploying a Mail-in-a-Box!
|
||||||
|
|
|
@ -63,14 +63,6 @@ source setup/owncloud.sh
|
||||||
source setup/zpush.sh
|
source setup/zpush.sh
|
||||||
source setup/management.sh
|
source setup/management.sh
|
||||||
|
|
||||||
# In Docker, sysvinit services are started automatically. Runit services
|
|
||||||
# aren't started until after this setup script finishes. But we need
|
|
||||||
# Dovecot (which is Upstart-only) running in order to create the first
|
|
||||||
# mail user. So start dovecot now.
|
|
||||||
if [ ! -z "$IS_DOCKER" ]; then
|
|
||||||
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Ping the management daemon to write the DNS and nginx configuration files.
|
# Ping the management daemon to write the DNS and nginx configuration files.
|
||||||
until nc -z -w 4 localhost 10222
|
until nc -z -w 4 localhost 10222
|
||||||
do
|
do
|
||||||
|
|
Loading…
Reference in New Issue