From be907a0b9b780bb31344c8be0574204056ea7b4e Mon Sep 17 00:00:00 2001
From: Reza Jelveh <toyb0mb@gmx.net>
Date: Mon, 27 Nov 2017 10:14:58 +0100
Subject: [PATCH 1/4] SmartOS: add LX_ZONE detection

---
 setup/preflight.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/setup/preflight.sh b/setup/preflight.sh
index 2547c410..87bd7151 100644
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@@ -64,3 +64,13 @@ if [ "$ARCHITECTURE" != "x86_64" ] && [ "$ARCHITECTURE" != "i686" ]; then
 	echo "You are on your own."
 	echo
 fi
+
+
+# Check if we're running in a SmartOS LX zone and disable firewall and
+# accordingly.
+KERNEL_VERSION=$(uname -v)
+if [[ "$KERNEL_VERSION" =~ "BrandZ virtual linux" ]]; then
+	echo "WARNING: Mail-in-a-Box will disable firewall setttings please make sure to handle this yourself."
+  DISABLE_FIREWALL=1
+  LX_ZONE=1
+fi

From 86b6b7d97e9575eac7fab5e833d07653f6ebd32e Mon Sep 17 00:00:00 2001
From: Reza Jelveh <toyb0mb@gmx.net>
Date: Mon, 27 Nov 2017 10:19:41 +0100
Subject: [PATCH 2/4] SmartOS: add uuid binary since
 /proc/sys/kernel/random/uuid does not exist

---
 setup/web.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/setup/web.sh b/setup/web.sh
index ed37e5e3..d02ed8bd 100755
--- a/setup/web.sh
+++ b/setup/web.sh
@@ -64,12 +64,15 @@ tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \
 # nginx configuration at /mailinabox-mobileconfig.
 mkdir -p /var/lib/mailinabox
 chmod a+rx /var/lib/mailinabox
+if [[ -n "$LX_ZONE" ]]; then
+  apt_install uuid
+fi
 cat conf/ios-profile.xml \
 	| sed "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" \
-	| sed "s/UUID1/$(cat /proc/sys/kernel/random/uuid)/" \
-	| sed "s/UUID2/$(cat /proc/sys/kernel/random/uuid)/" \
-	| sed "s/UUID3/$(cat /proc/sys/kernel/random/uuid)/" \
-	| sed "s/UUID4/$(cat /proc/sys/kernel/random/uuid)/" \
+	| sed "s/UUID1/$(cat /proc/sys/kernel/random/uuid || uuid)/" \
+	| sed "s/UUID2/$(cat /proc/sys/kernel/random/uuid || uuid)/" \
+	| sed "s/UUID3/$(cat /proc/sys/kernel/random/uuid || uuid)/" \
+	| sed "s/UUID4/$(cat /proc/sys/kernel/random/uuid || uuid)/" \
 	 > /var/lib/mailinabox/mobileconfig.xml
 chmod a+r /var/lib/mailinabox/mobileconfig.xml
 

From 1bd0f79aae4dab154614796b7cd88193f53f0810 Mon Sep 17 00:00:00 2001
From: Reza Jelveh <toyb0mb@gmx.net>
Date: Mon, 27 Nov 2017 10:28:54 +0100
Subject: [PATCH 3/4] SmartOS: fix fail2ban to work with native ipfilter

---
 setup/system.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/setup/system.sh b/setup/system.sh
index ccc60231..0dedc957 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -346,6 +346,12 @@ cat conf/fail2ban/jails.conf \
 	> /etc/fail2ban/jail.d/mailinabox.conf
 cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
 
+if [[ -n "$LX_ZONE" ]]; then
+sed -i -e "s/iptables-allports/ipfilter/g" /etc/fail2ban/jail.conf
+sed -i -e "s/iptables-allports/ipfilter/g" /etc/fail2ban/jail.d/mailinabox.conf
+sed -i -e "s@/sbin/ipf@/native/usr/sbin/ipf@g" /etc/fail2ban/action.d/ipfilter.conf
+fi
+
 # On first installation, the log files that the jails look at don't all exist.
 # e.g., The roundcube error log isn't normally created until someone logs into
 # Roundcube for the first time. This causes fail2ban to fail to start. Later

From f7a0378fd17ca2890d465407d3d057fbe1674c4c Mon Sep 17 00:00:00 2001
From: Reza Jelveh <toyb0mb@gmx.net>
Date: Tue, 28 Nov 2017 00:42:55 +0100
Subject: [PATCH 4/4] SmartOS does not support ip-transparent

---
 setup/dns.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/setup/dns.sh b/setup/dns.sh
index 5d86227a..0822c37f 100755
--- a/setup/dns.sh
+++ b/setup/dns.sh
@@ -54,6 +54,10 @@ cat > /etc/logrotate.d/nsd <<EOF;
 }
 EOF
 
+if [[ -n "$LX_ZONE" ]]; then
+  sed -i -e "s/ip-transparent: yes/ip-transparent: no/" /etc/nsd/nsd.conf
+fi
+
 # Since we have bind9 listening on localhost for locally-generated
 # DNS queries that require a recursive nameserver, and the system
 # might have other network interfaces for e.g. tunnelling, we have