From 2cab02c8311d34fe845306147e9e5282e24d29b7 Mon Sep 17 00:00:00 2001 From: Stephan Brauer Date: Wed, 20 Aug 2014 23:51:10 +0200 Subject: [PATCH 1/4] Read timezone from /etc/timezone. --- setup/zpush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/zpush.sh b/setup/zpush.sh index a220b138..72ba0742 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -41,7 +41,7 @@ if [ $needs_update == 1 ]; then fi # Configure default config. -sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', 'Etc\/UTC');/" /usr/local/lib/z-push/config.php +sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /usr/local/lib/z-push/config.php sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php # Configure BACKEND From ff8413a6222366b444229a2fdf7be393d0a8763d Mon Sep 17 00:00:00 2001 From: Helmuth Gronewold Date: Sat, 23 Aug 2014 08:51:18 +0200 Subject: [PATCH 2/4] Better handling of hostname and email address recommendation. --- setup/start.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/setup/start.sh b/setup/start.sh index 9b2ca292..7d26466a 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -62,6 +62,12 @@ fi # The box needs a name. if [ -z "$PRIMARY_HOSTNAME" ]; then if [ -z "$DEFAULT_PRIMARY_HOSTNAME" ]; then + # We recommend to use box.example.com as this hosts name. The + # domain the user possibly wants to use is example.com then. + # We strip the string "box." from the hostname to get the mail + # domain. If the hostname differs, nothing happens here. + DEFAULT_DOMAIN_GUESS=$(echo $(get_default_hostname) | sed -e 's/^box\.//') + # This is the first run. Ask the user for his email address so we can # provide the best default for the box's hostname. echo @@ -75,7 +81,7 @@ if [ -z "$PRIMARY_HOSTNAME" ]; then echo "We've guessed an email address. Backspace it and type in what" echo "you really want." echo - read -e -i "me@`get_default_hostname`" -p "Email Address: " EMAIL_ADDR + read -e -i "me@$DEFAULT_DOMAIN_GUESS" -p "Email Address: " EMAIL_ADDR while ! management/mailconfig.py validate-email "$EMAIL_ADDR" do From a0b056ae2910d8090fb4b562c86be49f95df3471 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 23 Aug 2014 12:29:23 +0000 Subject: [PATCH 3/4] put a sterner warning in nginx local.conf about not modifying it --- conf/nginx-top.conf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/conf/nginx-top.conf b/conf/nginx-top.conf index 12aed60b..6be9b414 100644 --- a/conf/nginx-top.conf +++ b/conf/nginx-top.conf @@ -1,6 +1,10 @@ ## NOTE: This file is automatically generated by Mail-in-a-Box. -## Do not edit this file. It will be replaced each time -## Mail-in-a-Box needs to update the web configuration. +## Do not edit this file. It is continually updated by +## Mail-in-a-Box and your changes will be lost. +## +## Mail-in-a-Box machines are not meant to be modified. +## If you modify any system configuration you are on +## your own --- please do not ask for help from us. upstream php-fpm { server unix:/var/run/php5-fpm.sock; From 03bbd25a10fbac430187b97b2f51f086807cf4f6 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 23 Aug 2014 12:31:33 +0000 Subject: [PATCH 4/4] re-do allow apt to perform security updates on its own Move this into system.sh rather than anagement.sh. This reverts commit eab28c97ff4ff04b452d07dd2f7af882f76f0d33. --- setup/management.sh | 10 +--------- setup/system.sh | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/setup/management.sh b/setup/management.sh index b793b990..0f6e4d0a 100755 --- a/setup/management.sh +++ b/setup/management.sh @@ -2,7 +2,7 @@ source setup/functions.sh -apt_install python3-flask links duplicity libyaml-dev python3-dnspython unattended-upgrades +apt_install python3-flask links duplicity libyaml-dev python3-dnspython hide_output pip3 install rtyaml # Create a backup directory and a random key for encrypting backups. @@ -21,14 +21,6 @@ rm -f /etc/init.d/mailinabox ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox hide_output update-rc.d mailinabox defaults -# Allow apt to install system updates automatically every day. -cat > /etc/apt/apt.conf.d/02periodic < /etc/cron.daily/mailinabox-backup << EOF; #!/bin/bash diff --git a/setup/system.sh b/setup/system.sh index 8e7d5c54..fed23b00 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -11,18 +11,22 @@ hide_output apt-get -y upgrade # haveged: Provides extra entropy to /dev/random so it doesn't stall # when generating random numbers for private keys (e.g. during # ldns-keygen). +# unattended-upgrades: Apt tool to install security updates automatically. +# ntp: keeps the system time correct +# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall -apt_install python3 python3-pip wget curl bind9-host haveged +apt_install python3 python3-pip \ + wget curl bind9-host \ + haveged unattended-upgrades ntp fail2ban -# Turn on basic services: -# -# ntp: keeps the system time correct -# -# fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall -# -# These services don't need further configuration and are started immediately after installation. +# Allow apt to install system updates automatically every day. -apt_install ntp fail2ban +cat > /etc/apt/apt.conf.d/02periodic <