--- /dev/null
+#!/bin/sh
+
+
+export PAGER=
+
+
+sleep 1
+systemctl --quiet is-active NetworkManager.service
+NM_RC=$?
+CYCLES_WAITED=0
+while [ $NM_RC -ne 0 ]
+do
+ if [ $CYCLES_WAITED -ge 10 ]
+ then
+ exit 1
+ fi
+ if [ $CYCLES_WAITED -eq 0 ]
+ then
+ echo -n "Waiting for NetworkManager"
+ fi
+ echo -n .
+ sleep 1
+ CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+ systemctl --quiet is-active NetworkManager.service
+ NM_RC=$?
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+# wait for the two network connections to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+ | grep --invert-match ':$' | wc -l)
+CYCLES_WAITED=0
+while [ $CONNECTION_DEVICES_UP -lt 2 ]
+do
+ if [ $CYCLES_WAITED -ge 10 ]
+ then
+ echo
+ nmcli connection show
+ exit 1
+ fi
+ if [ $CYCLES_WAITED -eq 0 ]
+ then
+ echo -n "Waiting for the network connection"
+ fi
+ echo -n .
+ sleep 1
+ CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
+ CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+ | grep --invert-match ':$' | wc -l)
+done
+[ $CYCLES_WAITED -gt 0 ] && echo
+
+CONNECTIONS=$(nmcli --terse connection show | wc -l)
+if [ $CONNECTIONS -ne 2 ]
+then
+ echo "Number of connections: $CONNECTIONS instead of 2" >&2
+ exit 1
+fi
+
+CONNECTION_DEVICE="eth0"
+CONNECTION_ID="perimeter"
+CONNECTION_LINE=$(nmcli --terse connection show | grep ":${CONNECTION_DEVICE}$")
+CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+
+nmcli connection delete uuid "$CONNECTION_UUID"
+
+nmcli connection add \
+ connection.autoconnect yes \
+ connection.id $CONNECTION_ID \
+ connection.interface-name $CONNECTION_DEVICE \
+ connection.type 802-3-ethernet \
+ ipv4.addresses "192.168.173.154/24" \
+ ipv4.dns "192.168.173.223" \
+ ipv4.dns-search "pm.useribm.hu" \
+ ipv4.gateway "192.168.173.254" \
+ ipv4.method "manual" \
+ ipv4.routes "10.228.0.0/16 192.168.173.1" \
+ ipv6.addresses "2001:1aa1:000a:7c0c:000c:18ff:fe03:ad9a/64" \
+ ipv6.dns "2001:1aa1:000a:7c0c:000c:18ff:fe03:addf" \
+ ipv6.dns-search "pm.useribm.hu" \
+ ipv6.gateway "2001:1aa1:000a:7c0c:000c:18ff:fe03:adfe" \
+ ipv6.method "manual" \
+ ipv6.routes "2001:1aa1:000a:7dae::/64 2001:1aa1:000a:7c0c:000c:18ff:fe03:ad01" \
+ save yes
+
+cat <<EOF >/etc/NetworkManager/conf.d/${CONNECTION_DEVICE}.conf
+[device]
+match-device=interface-name:$CONNECTION_DEVICE
+allowed-connections=id:$CONNECTION_ID
+keep-configuration=no
+EOF
+
+nmcli connection show
+
+hostnamectl hostname mx.pm.useribm.hu
+hostnamectl
--- /dev/null
+#!/bin/sh
+
+
+sleep 1
+systemctl --quiet is-active dbus.service
+DBUS_RC=$?
+WAITED=0
+while [ $DBUS_RC -ne 0 ]
+do
+ echo -n .
+ sleep 1
+ WAITED=1
+ systemctl --quiet is-active dbus.service
+ DBUS_RC=$?
+done
+[ $WAITED -ne 0 ] && echo
+timedatectl set-timezone Europe/Budapest
--- /dev/null
+#!/bin/sh
+
+
+if [ -d /etc/letsencrypt ]
+then
+ mv /etc/letsencrypt /etc/letsencrypt.orig
+fi
+/usr/local/bin/getletsencrypt.sh
+if [ $? -eq 0 ]
+then
+ sed --in-place=.orig \
+ 's/^MAILTO=root$/MAILTO=siteadmin@useribm.hu/' \
+ /etc/crontab
+ echo >>/etc/crontab
+ echo '20 3 * * * root /usr/local/bin/getletsencrypt.sh' >>/etc/crontab
+fi
--- /dev/null
+#!/bin/sh
+set -x
+
+
+groupadd --gid 249 \
+ --system \
+ spamd
+useradd --comment "Spamassassin User" \
+ --create-home \
+ --gid 249 \
+ --system \
+ --uid 249 \
+ spamd
+
+LANG=C /usr/bin/sa-update
+
+groupadd --gid 250 \
+ --system \
+ vmail
+useradd --comment "Virtual Mail User" \
+ --home-dir /var/vmail \
+ --gid 250 \
+ --no-create-home \
+ --system \
+ --uid 250 \
+ vmail
+
+#sasldblistusers2
+#saslpasswd2 -c -u almabarat.hu almabarat (AppleFriend@)
+
+sed --in-place=.orig \
+ --expression='/^smtp \+inet \+n/a\
+ -o content_filter=spamassassin\
+spamassassin unix - n n - - pipe\
+ user=spamd argv=/usr/bin/spamc -f -e\
+ /usr/sbin/sendmail -oi -f ${sender} ${recipient}\
+policyd-spf unix - n n - 0 spawn\
+ user=policyd-spf argv=/usr/libexec/postfix/policyd-spf' \
+ --expression='s/^#\(submission \+inet \+n\)/\1/' \
+ /etc/postfix/master.cf
+
+echo "root: siteadmin@useribm.hu" >>/etc/aliases
+postalias /etc/aliases
+
+postmap /etc/postfix/vmail_aliases
+postmap /etc/postfix/vmail_maildirs
+
+# change existing parameters
+postconf inet_interfaces=all
+postconf smtpd_tls_cert_file=/etc/letsencrypt/live/useribm/fullchain.pem
+postconf smtpd_tls_key_file=/etc/letsencrypt/live/useribm/privkey.pem
+
+# add new parameters
+echo >>/etc/postfix/main.cf
+postconf mydomain=useribm.hu
+postconf myhostname=mx.useribm.hu
+postconf mynetworks="127.0.0.0/8, 192.168.173.0/24, 10.228.0.0/16"
+postconf myorigin='$mydomain'
+
+echo >>/etc/postfix/main.cf
+postconf mailbox_size_limit=0
+postconf virtual_mailbox_limit=0
+postconf message_size_limit=67108864
+
+echo >>/etc/postfix/main.cf
+postconf virtual_mailbox_base=/var/vmail
+postconf virtual_minimum_uid=250
+postconf virtual_uid_maps=static:250
+postconf virtual_gid_maps=static:250
+
+echo >>/etc/postfix/main.cf
+postconf virtual_mailbox_domains="almabarat.hu, useribm.hu"
+postconf virtual_mailbox_maps=hash:/etc/postfix/vmail_maildirs
+postconf virtual_alias_maps=hash:/etc/postfix/vmail_aliases
+
+echo >>/etc/postfix/main.cf
+postconf smtpd_sasl_path=smtpd
+postconf smtpd_sasl_auth_enable=yes
+
+echo >>/etc/postfix/main.cf
+postconf policyd-spf_time_limit=3600
+postconf smtpd_recipient_restrictions="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf"
+postconf smtpd_relay_restrictions="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+
+echo >>/etc/postfix/main.cf
+postconf default_destination_concurrency_failed_cohort_limit=10
+postconf default_destination_rate_delay=15s
+postconf default_destination_recipient_limit=20
+
+echo >>/etc/postfix/main.cf
+postconf smtpd_milters=inet:127.0.0.1:8891,inet:127.0.0.1:8893
+postconf non_smtpd_milters='$smtpd_milters'
+postconf milter_default_action=accept
--- /dev/null
+#!/bin/sh
+
+
+exit 0
+doveadm pw -l
+doveadm pw -s SHA512-CRYPT >>/etc/dovecot/passwd
--- /dev/null
+#!/bin/sh
+set -x
+
+
+useradd --comment "SPF User" \
+ --no-create-home \
+ --shell /bin/false \
+ --system \
+ --user-group \
+ policyd-spf
--- /dev/null
+#!/bin/sh
+set -x
+
+
+sed --in-place=.orig \
+ --expression='s/^Mode[ ]*v/Mode sv/' \
+ --expression='s/^#Socket[ ]*inet:/Socket inet:/' \
+ --expression='s/^Socket[ ]*local:/#Socket local:/' \
+ --expression='s/^KeyFile /# KeyFile /' \
+ --expression='s/^# KeyTable /KeyTable /' \
+ --expression='s/^# SigningTable /SigningTable /' \
+ --expression='s/^# ExternalIgnoreList /ExternalIgnoreList /' \
+ --expression='s/^# InternalHosts /InternalHosts /' \
+ /etc/opendkim.conf
+
+exit 0
+
+mkdir /etc/opendkim/keys/almabarat.hu
+opendkim-genkey \
+ --append-domain \
+ --bits=4096 \
+ --directory=/etc/opendkim/keys/almabarat.hu \
+ --domain=almabarat.hu \
+ --restrict \
+ --selector=default \
+ --verbose
+
+mkdir /etc/opendkim/keys/useribm.hu
+opendkim-genkey \
+ --append-domain \
+ --bits=4096 \
+ --directory=/etc/opendkim/keys/useribm.hu \
+ --domain=kolafirearms.com \
+ --restrict \
+ --selector=default \
+ --verbose
--- /dev/null
+#!/bin/sh
+set -x
+
+
+sed --in-place=.orig \
+ --expression='s/^# AuthservID name$/AuthservID OpenDMARC/' \
+ --expression='s/^# FailureReports false$/FailureReports true/' \
+ --expression='s/^# FailureReportsOnNone false$/FailureReportsOnNone true/' \
+ --expression='s/^# FailureReportsSentBy USER@HOSTNAME$/FailureReportsSentBy postmaster@useribm.hu/' \
+ --expression='s/^# HistoryFile /HistoryFile /' \
+ --expression='s/^# IgnoreAuthenticatedClients false$/IgnoreAuthenticatedClients true/' \
+ --expression='s/^# IgnoreHosts /IgnoreHosts /' \
+ --expression='s/^# RequiredHeaders false$/RequiredHeaders true/' \
+ --expression='s/^Socket .*$/Socket inet:8893@localhost/' \
+ /etc/opendmarc.conf
--- /dev/null
+#!/bin/sh
+
+
+systemctl enable crond.service
+systemctl start crond.service
+systemctl enable dovecot.service
+systemctl start dovecot.service
+systemctl enable opendkim.service
+systemctl start opendkim.service
+systemctl enable opendmarc.service
+systemctl start opendmarc.service
+systemctl enable postfix.service
+systemctl start postfix.service
+systemctl enable spamassassin.service
+systemctl start spamassassin.service
+systemctl enable NetworkManager-wait-online.service
+systemctl start NetworkManager-wait-online.service
+
+systemctl enable logrotate.timer
+systemctl start logrotate.timer
--- /dev/null
+# mode file (relative to /c3d)
+755 firstboot/scripts/*.sh
+640 postinstall/install-data/etc/opendkim/KeyTable
+640 postinstall/install-data/etc/opendkim/SigningTable
+640 postinstall/install-data/etc/opendkim/TrustedHosts
+600 postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
+600 postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
+755 postinstall/install-data/usr/local/bin/*.sh
+755 postinstall/scripts/*.sh
--- /dev/null
+# owner file (relative to /c3d)
+opendkim:opendkim postinstall/install-data/etc/opendkim/KeyTable
+opendkim:opendkim postinstall/install-data/etc/opendkim/SigningTable
+opendkim:opendkim postinstall/install-data/etc/opendkim/TrustedHosts
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/almabarat.hu
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/almabarat.hu/default.private
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/useribm.hu
+opendkim:opendkim postinstall/install-data/etc/opendkim/keys/useribm.hu/default.private
--- /dev/null
+##
+## SSL settings
+##
+
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
+ssl = required
+
+# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+# dropping root privileges, so keep the key file unreadable by anyone but
+# root. Included doc/mkcert.sh can be used to easily generate self-signed
+# certificate, just make sure to update the domains in dovecot-openssl.cnf
+ssl_cert = </etc/letsencrypt/live/useribm/fullchain.pem
+ssl_key = </etc/letsencrypt/live/useribm/privkey.pem
+
+# If key file is password protected, give the password here. Alternatively
+# give it when starting dovecot with -p parameter. Since this file is often
+# world-readable, you may want to place this setting instead to a different
+# root owned 0600 file by using ssl_key_password = <path.
+#ssl_key_password =
+
+# PEM encoded trusted certificate authority. Set this only if you intend to use
+# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
+# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
+#ssl_ca =
+
+# Require that CRL check succeeds for client certificates.
+#ssl_require_crl = yes
+
+# Directory and/or file for trusted SSL CA certificates. These are used only
+# when Dovecot needs to act as an SSL client (e.g. imapc backend or
+# submission service). The directory is usually /etc/pki/dovecot/certs in
+# Debian-based systems and the file is /etc/pki/tls/cert.pem in
+# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
+# large CA bundles, because it leads to excessive memory usage.
+#ssl_client_ca_dir =
+#ssl_client_ca_file =
+
+# Require valid cert when connecting to a remote server
+#ssl_client_require_valid_cert = yes
+
+# Request client to send a certificate. If you also want to require it, set
+# auth_ssl_require_client_cert=yes in auth section.
+#ssl_verify_client_cert = no
+
+# Which field from certificate to use for username. commonName and
+# x500UniqueIdentifier are the usual choices. You'll also need to set
+# auth_ssl_username_from_cert=yes.
+#ssl_cert_username_field = commonName
+
+# SSL DH parameters
+# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
+# Or migrate from old ssl-parameters.dat file with the command dovecot
+# gives on startup when ssl_dh is unset.
+#ssl_dh = </etc/dovecot/dh.pem
+
+# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
+# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
+#ssl_min_protocol = TLSv1
+
+# SSL ciphers to use, the default is:
+#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+# To disable non-EC DH, use:
+#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ssl_cipher_list = PROFILE=SYSTEM
+
+# Colon separated list of elliptic curves to use. Empty value (the default)
+# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
+# example of a valid value.
+#ssl_curve_list =
+
+# Prefer the server's order of ciphers over client's.
+#ssl_prefer_server_ciphers = no
+
+# SSL crypto device to use, for valid values run "openssl engine"
+#ssl_crypto_device =
+
+# SSL extra options. Currently supported options are:
+# compression - Enable compression.
+# no_ticket - Disable SSL session tickets.
+#ssl_options =
--- /dev/null
+## Dovecot configuration file
+
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
+
+# "doveconf -n" command gives a clean output of the changed settings. Use it
+# instead of copy&pasting files when posting to the Dovecot mailing list.
+
+# '#' character and everything after it is treated as comments. Extra spaces
+# and tabs are ignored. If you want to use either of these explicitly, put the
+# value inside quotes, eg.: key = "# char and trailing whitespace "
+
+# Most (but not all) settings can be overridden by different protocols and/or
+# source/destination IPs by placing the settings inside sections, for example:
+# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
+
+# Default values are shown for each setting, it's not required to uncomment
+# those. These are exceptions to this though: No sections (e.g. namespace {})
+# or plugin settings are added by default, they're listed only as examples.
+# Paths are also just examples with the real defaults being based on configure
+# options. The paths listed here are for configure --prefix=/usr
+# --sysconfdir=/etc --localstatedir=/var
+
+# Protocols we want to be serving.
+#protocols = imap pop3 lmtp
+
+# A comma separated list of IPs or hosts where to listen in for connections.
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+#listen = *, ::
+
+# Base directory where to store runtime data.
+#base_dir = /var/run/dovecot/
+
+# Name of this instance. In multi-instance setup doveadm and other commands
+# can use -i <instance_name> to select which instance is used (an alternative
+# to -c <config_path>). The instance name is also added to Dovecot processes
+# in ps output.
+#instance_name = dovecot
+
+# Greeting message for clients.
+#login_greeting = Dovecot ready.
+
+# Space separated list of trusted network ranges. Connections from these
+# IPs are allowed to override their IP addresses and ports (for logging and
+# for authentication checks). disable_plaintext_auth is also ignored for
+# these networks. Typically you'd specify your IMAP proxy servers here.
+#login_trusted_networks =
+
+# Space separated list of login access check sockets (e.g. tcpwrap)
+#login_access_sockets =
+
+# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
+# proxying. This isn't necessary normally, but may be useful if the destination
+# IP is e.g. a load balancer's IP.
+#auth_proxy_self =
+
+# Show more verbose process titles (in ps). Currently shows user name and
+# IP address. Useful for seeing who are actually using the IMAP processes
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
+#verbose_proctitle = no
+
+# Should all processes be killed when Dovecot master process shuts down.
+# Setting this to "no" means that Dovecot can be upgraded without
+# forcing existing client connections to close (although that could also be
+# a problem if the upgrade is e.g. because of a security fix).
+#shutdown_clients = yes
+
+# If non-zero, run mail commands via this many connections to doveadm server,
+# instead of running them directly in the same process.
+#doveadm_worker_count = 0
+# UNIX socket or host:port used for connecting to doveadm server
+#doveadm_socket_path = doveadm-server
+
+# Space separated list of environment variables that are preserved on Dovecot
+# startup and passed down to all of its child processes. You can also give
+# key=value pairs to always set specific settings.
+#import_environment = TZ
+
+##
+## Dictionary server settings
+##
+
+# Dictionary can be used to store key=value lists. This is used by several
+# plugins. The dictionary can be accessed either directly or though a
+# dictionary server. The following dict block maps dictionary names to URIs
+# when the server is used. These can then be referenced using URIs in format
+# "proxy::<name>".
+
+dict {
+ #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+ #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
+
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+#!include conf.d/*.conf
+!include conf.d/10-ssl.conf
+
+# A config file can also tried to be included without giving an error if
+# it's not found:
+#!include_try local.conf
+
+namespace {
+ inbox = yes
+ separator = /
+}
+
+first_valid_uid = 200
+mail_home = /var/vmail/%n
+mail_location = maildir:~/mail
+
+passdb {
+ driver = passwd-file
+ args = /etc/dovecot/passwd
+}
+
+userdb {
+ driver = static
+ args = uid=250 gid=250
+}
--- /dev/null
+almabarat:{SHA512-CRYPT}$6$vrvXVuoNX5BcOobV$x8d9HIf53cS5Wfue.CkSR4MEOPpxGj6Q8oDvKCSZvjga2gswYCcViyWxQ.ArAlv9iOWR0oFCmCMuNztowLdFU/
--- /dev/null
+# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
+# (see spamassassin(1) for details)
+
+# These should be safe assumptions and allow for simple visual sifting
+# without risking lost emails.
+
+dns_server 192.168.173.223
+required_hits 5
+report_safe 0
+rewrite_header Subject [SPAM](_SCORE_)
--- /dev/null
+# OPENDKIM KEY TABLE
+# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf,
+# then uncomment the following line and replace example.com with your domain
+# name, then restart OpenDKIM. Additional keys may be added on separate lines.
+
+default._domainkey.almabarat.hu almabarat.hu:default:/etc/opendkim/keys/almabarat.hu/default.private
--- /dev/null
+# OPENDKIM SIGNING TABLE
+# This table controls how to apply one or more signatures to outgoing messages based
+# on the address found in the From: header field. In simple terms, this tells
+# OpenDKIM "how" to apply your keys.
+
+# To use this file, uncomment the SigningTable option in /etc/opendkim.conf,
+# then uncomment one of the usage examples below and replace example.com with your
+# domain name, then restart OpenDKIM.
+
+# WILDCARD EXAMPLE
+# Enables signing for any address on the listed domain(s), but will work only if
+# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf.
+# Create additional lines for additional domains.
+
+*@almabarat.hu default._domainkey.almabarat.hu
+
+# NON-WILDCARD EXAMPLE
+# If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then
+# wildcards will not work. Instead, full user@host is checked first, then simply host,
+# then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
+# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
+# then .domain, then user@*, and finally *. See the opendkim.conf(5) man page under
+# "SigningTable" for more details.
+
+#example.com default._domainkey.example.com
--- /dev/null
+# OPENDKIM TRUSTED HOSTS
+# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
+# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
+# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
+# The localhost IP (127.0.0.1) should always be the first entry in this file.
+127.0.0.1
+::1
+mx.pm.useribm.hu
+#host.example.com
+#192.168.1.0/24
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC2Pb8HPZ+o1Bif
+ySkmj+pIk+Yq9/Jm61SgpsMaBa9mPumYv6rP/Nb+JCjHilCcNrV7nh5E5bLdE2zU
+uYNXcmCrm+YzSgo56Mj/BBgq648H1DnKXqNroZw5Eb2e8TrGAl9Fu7LdTsAGalCX
+vsj6wPhHrWhYI5nLUDLxE4O5TG+lJU6LYM9+1WpOlaUMfhpCKWrYv4sIphlkLQgB
+lyzDAndhE+onRd+LmyWk/IZNlHHEsJ1L1rqVGcny9ovHzbMfai8lWBBpNbd7Vxiz
+FIXnx17P126O/NfNeGpb5yWoirZb/e/qpUgZctZtsaFY7BdTKLydj21gaKHa9kA+
+baTa/62Zm45yIywI+DXNrki66ztHIcCtfqGafQOzqvgnwGdcgFAQMfujxXX++PH3
+F9fUbDEGhrAYHRpRE09O4DvKGL4N5FJIzuMW7QEwGTT+dQdFBvNawR1as+1HA1aP
+bcuP9u7BORij4GJD12mSruUTNq2nxmWT/kqoPXIT27Gzv6Ig+PStFgw0hSt1WS8e
+cwxS//9Qxy+vhxPt+peKTeN66G2oeCWMEsXcCBbCcLPorVaZUeAukuQ8LPmnqxDu
+I662chYh1dNMP4Eb4hVVSsmjp4/F2nhW8CJFafHMhYvub5lC++U+FQc587supLh0
+ChF/LjKsPBtZ5Nw8AlHbrVHqmlCW9wIDAQABAoICADyAfFKNkVtt6qzljk1Ymwm0
+XEYooeesOiDJrF0PxR73RPsqqq05PjEKVSWF1GRAP3kGUftCnOKLZ+apniKifNiM
+Pd0KOCHomA4d0F4zbP1G5la6m5uIgEJsEt1ZLc9+Cx4uBeA2HEck9ZOjSbsB5It7
+VPhp/U2D1x21Ala6uxgDLjPUlJ6BgLUNNknS9anAcVH7KU/aQPTChHVuuHQXdgWb
+JHIcXu5MuC8xjO7lmO2ZSudaJwCIGsUYN+jB8DU+Pd+ygGRFaqA+lpshdaEwzdfH
+qFM9OvHih8DyGMz/HDKnOAbZD3ovZ2PshGnum4HGtPPEIaZPpmh4t3RiV0hDeODE
+tcZO+PQ7fSwE1tQ0if9p8u1M0/Y9jpJt62StWj1KujZ2KsbPTgtFKTcfkb10RcBZ
+e9bzo7X4p1nLYMW6RYD3zQajejAWU0DOWcb4Y8NpZV/xEKgpTmNH06WSN1T/fAAd
+vmqviLmk8CVkmNKgjNJecF+gfWpL83K1ie7rVU+skTHb7VC6v5AwxAsSCX0BNQj4
++5vrRyZeXRf5zUjnv2aIu6EXKwMx/qpeBg1TXiCtyGo6XZjY97PLV/VcXpM3PBNc
+Lv6Odmns+OJXJ2OFX58mdAZile4/GMoYuk/zNozyZhEksqQpsv76hYhkLV+1pU83
+m3RbU3+vvPnFlxO1ebANAoIBAQD7RI0YM63aPkYK3YLNI6lVXaOGG/81k7WCps2V
+3/rc0+j7FlhunbRFXR9PaQ4fDIT/E3eOkIFxIPtaXVeC/WVaRxBz2szd8HSYRdRO
+6pXWRnc+JRazErrx4/7i64+6cIqCnJMscbBLTCMOeNpalCW8CiKJ1aueuUfu6tfr
+tfbci60VWDlML2TwCCx8SX9XWZMkOGmEtfdImSPOuRBbIJfQBA2r8sAxXmJZqUhN
+01zqAmL5H1D6qh62aSiytnkgXZyJ44m0UznkL2/ijVvIj9kLBIcZXhnb7A97fCXO
+1t702b7QKQQv52zjPYNTcVa/WMXOruvrsm6b9zInXkjTDuk1AoIBAQC5rGTfTZ9E
+SMG4q4yzDFPR5rE767Gm6NMR/mgAB+N6Oiw77EESiGrC9ziw02LKLZaDANDf1YA1
+VdNVvTUNyYPv9KLKk59Hvo0FRyK7+r3ZSRRD1PuB2CtcQ0owXyL0R2N61JCBopC3
+NexWjwwIVzLH/mh/JVzNn9bBdtmZ1K3qcPXq9RNBB3dUmZb1WTJO+9S1qUWEMuRs
+JR5Usuxv5OESwL/aTSjgHfcR4I2E2M3XVL6AceCVMSnor7F7cTYUVveZz9p7cse+
+OOzuXacyVMUR0pnj578tYyofSefrZDUa5mRzeFLPtAEKEJ4JZY700bxvc4BcPzjo
+zXIjv4E6GDD7AoIBAQCQoCJ+XbChv9pdAqb5IJ+k7SLkXFUHJ6AANbZ7n9IrLSYa
+7/+ym79ZdYJCGPvxzyj2EORuAKsgzJUgrD1kvimKTwEfTj9BN9hElVzgl5HrJeAY
+uwxXwl4sQMlDH8c4zvJKv4jOuhl5HbfH6rP0EvWtSEAdCgmgcJEA6deiarhOtW7I
+rGE+gsEcj/fbCgrr4jkZTgceRgaxmMPNhyPs79Ox/cNIx47sW6FMbm2ZriD66KjD
+L81SmnzXDaxJQVJy2K7zhy6JxqW5u7wwsKC1zmZlOxPv/APyW+uFbi3s4iyuzm5Q
+LmukjxZTreJbMw91T8l7b5+HqMqVpzENC+3q3dhJAoIBAQCDuPf/K7RX3z3/40R4
+KcC1YvJNzlJEVVyYoWHq063gIrEK+frYSQtksbr4R58IS/tBiSyl/3NrYy4A37Bp
+zZLagzWSfdQ8M8Ub/3F25tYU9rF3xfuADHoGhH53fqbvok3C8FZsgYYlVA4NAoLI
+0APoumYr/beu8TyMF+McLTQM5IKyY5d7RO61iBj+in8UZbhsAGCe/vPqfRLdh+oR
+H9FFWpVBLAhZpyiG+EWt/5lYsHhN63wmm7BdsXc6WgDBwUj7R+h6N93Y582+9ZYO
+MPF2SXB/rQOGEZnqhKYR6w95vAV7ndsyG0O5fjx/8hrPOJR0hP6FcxzOnCHjlpL5
+QfxNAoIBAFvk2XODLZ8vupTOVui0g6ZwIFjIL9GBF+Pmld1L02ypJ+lyBfHs913m
+Y03gChJ3SgbqwLax6clIcp66KfGZNx934ZtNPufjHMoCqINbf2pIUGhLFvodD7yx
+YenxIRcrgjLRKkuHXw2wCRYwCxXBVFN4PyCjOTbzvL7Fm8l97b+oYbbrXnZsyo9C
+7bmNtdN6duRCnGLEZjsXcXzlqZwpJemuID5cTYWq+8eA0no0Mhb/k5rK4arZX/nW
+OYr3GmgeO69AxO7jGhwhGsNcgu8xWOV2ZVtwyNKvSU6PWpRQa/eIqkJETazgZdb1
+AlkCM0u2+9PyYoGFlT7YKNFycNarOoc=
+-----END PRIVATE KEY-----
--- /dev/null
+default._domainkey.almabarat.hu. IN TXT ( "v=DKIM1; k=rsa; s=email; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtj2/Bz2fqNQYn8kpJo/qSJPmKvfyZutUoKbDGgWvZj7pmL+qz/zW/iQox4pQnDa1e54eROWy3RNs1LmDV3Jgq5vmM0oKOejI/wQYKuuPB9Q5yl6ja6GcORG9nvE6xgJfRbuy3U7ABmpQl77I+sD4R61oWCOZy1Ay8RODuUxvpSVOi2DPftVqTpWlDH4aQilq2L+LCKYZZC0IAZ"
+ "cswwJ3YRPqJ0Xfi5slpPyGTZRxxLCdS9a6lRnJ8vaLx82zH2ovJVgQaTW3e1cYsxSF58dez9dujvzXzXhqW+clqIq2W/3v6qVIGXLWbbGhWOwXUyi8nY9tYGih2vZAPm2k2v+tmZuOciMsCPg1za5Iuus7RyHArX6hmn0Ds6r4J8BnXIBQEDH7o8V1/vjx9xfX1GwxBoawGB0aURNPTuA7yhi+DeRSSM7jFu0BMBk0/nUHRQbzWsEdWrPt"
+ "RwNWj23Lj/buwTkYo+BiQ9dpkq7lEzatp8Zlk/5KqD1yE9uxs7+iIPj0rRYMNIUrdVkvHnMMUv//UMcvr4cT7fqXik3jeuhtqHgljBLF3AgWwnCz6K1WmVHgLpLkPCz5p6sQ7iOutnIWIdXTTD+BG+IVVUrJo6ePxdp4VvAiRWnxzIWL7m+ZQvvlPhUHOfO7LqS4dAoRfy4yrDwbWeTcPAJR261R6ppQlvcCAwEAAQ==" ) ; ----- DKIM key default for almabarat.hu
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDDAoNx47MRmWYG
+W1NNj8E2iZ6mlonq/qrcrAHxOR4AkIQ26rLOAwc2N+crLFou7mFnL97EpTZ36o2v
+mG/891DHDQt1Z8k/7qBSTAggfChw0EhoFQzegayejXsCu1t9uuvlIhfqmtsGm2KV
+DF3x0nBQBm+0n1VEwGLSMs5al2h9S2GrfaYREZ/YnInQMqymWXx2zd1TuiT0/Awo
+MDPNPoBpm9p3rzCSvydUrgLWIOjC3HdjoDOsqCX+QxZJajJDGQHWTgWiuEVB7CyE
+Dy6biAi/CIG/sOuJ5rcgfwfRjink4WWb2ldIRKXkYt7nPIuUqEq2LlS/G2qK7NlL
+GHyABjUVAZdXEMilVCPz/b4amXUivAiVKOsvL3YX3IMIYaR4HenKe0C4C2lI2imq
+FgY9TpKEk9JIyjpjOJQhTrT1HtVgxea9el4gzFVX0DNxxiSHG8by1gw9qZscPoVn
+M0m3i+r7MW/kMb1LzMbRPBhJWmuDCx3ua41CBEWZwK6Nb8X2sm8vHCjM8aFk4f52
+uI25y1hd8aqRLFjtgYWoTdpb9Ab7AUpSCqvx+eRtS0985wTvrbHHg/VkWdSXRq7t
+NgTG92o0jgUqKMmMpf8y/1i0ksGfDC1ApVa7rX9Vt1qUsxBKLEyDb3s8rm7ZJw5m
+57UeWK+5CuN4GUIeyPKhWrY/PG4uyQIDAQABAoICAAVEKZw8lnGOD3PHfpc/H8F4
+c54zEt6+PuCpDSpgV6o954bQzWsD05Yyv0hABorIPugkTPie2jrgd4VmRqFHD9mN
+mswdCpHH63DILdtWua7bk8D/zzJTv9TOTvlIFFSaZNQcw2w/VKqNLVsyE3gRg0fz
+TIv3q5FTkreeI0rOAPE1RRog/AhE+L3xnZp6QTBYL/oeCBvtOyHvNpLVQ74yBxIT
+C+d52y7Iq71n2kVsa8IWEGv9KmK/bbs765D9pbArL4yuhwzEZiu9aYcCyUhDowd+
+/tCtl0bI7L7GFMYjd90ppcP7iv+KybdtC3D6MRjJd1m2eZe+8UshfKLAXV2wYo7h
+Cdvo3vphk06ig9LUnAxXUtlgIF+cHOWk+1qN8mYd/EbtsErKDJyvxAuzCgbwp3z2
+wSFCFQADB4q68QXcHq3l5fXsdqYL589XhexdIQDE1BSgKQZ+T5DcVfrvTwkzc9hv
+GTaZkTt42+EYPD+iVbURg6PQ31FLdZ8yehdYet6msVhfcqx1HL3eELItp7pDsA+V
+gOq7QuZi+75I2DfXu5s2p7WKW6bJXVLaGZNcWSlYDE4Y7zFpr3z640bLlnSaEtj8
+g7MXX/MdQ9GsSi6qBkzrlNSKLwO9YTJz7rVCjBQEGSbUEQuaUf7VC03SKl9JhfVf
+VNhJuGZ2z64mFYPGomHJAoIBAQD239ZmDGfGFW4cUfaGYpZ76lbECf0dJxEs3V8I
+KsRInkeFO2pl86BPV3qHVUGW4DpFM2+DGMe9DUvyEtpuB29plBrQskU+nM3JhUiE
+V0S1dDH3IQvMUP34HFs5k91KAgw7v4731d1W4kKPwkKdZ8/BKhW1z4jsEAsQ+ieO
+ar4wNzVlusIkovN0DLEtZP2DXNyiS1Z4mosL3YDaxDE10yXZAIoRND6G/gffqIG5
+hm6jkK2MNfzweb11lEKBVOmL4PxAHL8j0tPNBhjW/PFsvjZFSzAcMBLwKyXU/Yzz
+Cyb/WKBXEGZefq5QpLuS4kqc4pXMJRptHmD7sbiOVO0+ga69AoIBAQDKN+I+8Rip
+j343Rqz98pBkNDmsJ4H9mWKmiN8jexdqMxpWov7DwND26R4Ez4G0yjAjpZ8G602c
+O60atc4OPYjwVzGDFqdHu5bTzHsejSv0pylFSEz8Ng9Xq54Gx+6U+nnmk3isFBLD
+/85G46dtrLvQqRbC7s5p+HhGplIT2uBWcIXO9vzfk4c6CAMQXjGmXYk7b0yczFh+
+8ZJUnTD+dPrAcXt+u0EH/YhKlkGPJr+LchtCUbAKpmFqqEwgb7X/7SlzJssmd7Mz
+DJcXn9+Q0NCsl/Cdd0lWIf6vi43x7CDodmSSDyGGEeVmzGLFf86QyB0/oNc8//aF
+Ub4KjfCZZVb9AoIBAD4B+OsG4KXbSh3o5F/asWuMb6Cr1ZyV7HV1YOI/Q6/tuY8Y
+XmAfMjvbgBYv7tqDlX8+LRsjhT/R8CpsW9rZGT3OinGy5TuVzQZ56L384XAmMEqf
+TURTb4b7MFqk7ichnor/UVykpgSlrgxHwc2hfohJFszkxMJuQSlRe9AEtaKMq2fS
+4eKr3zRd377EJ/zvvScyfxSp1JT1XOEV+DpJv67iuMsbcT0c30NpIrRDtNR2iXC3
+OsH4AgNfatjrSAHvT8yWq9fGo5ZSmridLdKfcCg1e28JECis3cLCsL13JqNqUlOr
+9dp0PTpaNhbtqcoAC5oME7gmsjtl5zIw2Kojjo0CggEAFMmT32aHY37VubbxN5XE
+1BguSY0yJrCq3HW7gnk32fnw3jEZQWRD1u314Qa3za7vLerroxlzO/lCfTltOjeH
+KTW9aD1e6tfU1GbzzRs0Bo1ch7u79j1UbG2+6/GHjBcHivVj9USG/VEBknX6kyKr
+l/KZ3WYRIAGj05drXpEkeJ5Okwz+x7jxsLx8HCWisvhwkASL+p5jBoGsyjfyfmXm
+FPxVdpynPbwJU6mIib+w9xO+y518HEwoPX+Ze8ggDHQDy8uUHJs3d6r2qT4NDGT6
+3pMr7/QAPPN3q/ILoG/mnh71jbIyfwa970hZavYNdQKtRwowthuV6vSRNaKLtikd
+vQKCAQEAhqBv7x6EJcNA21GFV8BRVX4cs5lfL1T1DR7EHaqcgqYHvpe9VhD7xJ8G
+yntIWWjwGRCDxXD1Bn7J3d3qCVpwiingCm2NVF126qmHSsTS2CKYUhKwS24jGJNl
+aMRDizcXv0VGkzi607ETQX06gT5qcT5Hw9jjdBQOik5AWFBkDA1lXlt8mzK5Uts3
+6H88jzp0Y6c/MyuyeIpTtAo3/dzuhp/LlYAftWex8PrPtyay7Pg246IQEcJz/EoI
+I6X/KxQFI5T3nqGplOAmSfDG/qo2ZgAMwZm3YKXEzXSqE4OR+n4WYEIKJnSGbLBV
+lWSGslSl1ByAno+TfZuRiqCYxVv3ZA==
+-----END PRIVATE KEY-----
--- /dev/null
+default._domainkey.useribm.hu. IN TXT ( "v=DKIM1; k=rsa; s=email; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwwKDceOzEZlmBltTTY/BNomeppaJ6v6q3KwB8TkeAJCENuqyzgMHNjfnKyxaLu5hZy/exKU2d+qNr5hv/PdQxw0LdWfJP+6gUkwIIHwocNBIaBUM3oGsno17Artbfbrr5SIX6prbBptilQxd8dJwUAZvtJ9VRMBi0jLOWpdofUthq32mERGf2JyJ0DKspll8ds3dU7ok9PwMKD"
+ "AzzT6AaZvad68wkr8nVK4C1iDowtx3Y6AzrKgl/kMWSWoyQxkB1k4ForhFQewshA8um4gIvwiBv7Driea3IH8H0Y4p5OFlm9pXSESl5GLe5zyLlKhKti5UvxtqiuzZSxh8gAY1FQGXVxDIpVQj8/2+Gpl1IrwIlSjrLy92F9yDCGGkeB3pyntAuAtpSNopqhYGPU6ShJPSSMo6YziUIU609R7VYMXmvXpeIMxVV9AzccYkhxvG8tYMPamb"
+ "HD6FZzNJt4vq+zFv5DG9S8zG0TwYSVprgwsd7muNQgRFmcCujW/F9rJvLxwozPGhZOH+driNuctYXfGqkSxY7YGFqE3aW/QG+wFKUgqr8fnkbUtPfOcE762xx4P1ZFnUl0au7TYExvdqNI4FKijJjKX/Mv9YtJLBnwwtQKVWu61/VbdalLMQSixMg297PK5u2ScOZue1HlivuQrjeBlCHsjyoVq2PzxuLskCAwEAAQ==" ) ; ----- DKIM key default for useribm.hu
--- /dev/null
+10.162.0.0/16
+127.0.0.1
+192.168.173.99
+192.168.173.249
+hs.pm.qqcs.org
+ws.pm.qqcs.org
--- /dev/null
+almabarat@almabarat.hu beszerzes@userrendszerhaz.hu
+postmaster@almabarat.hu beszerzes@userrendszerhaz.hu
--- /dev/null
+almabarat@almabarat.hu almabarat/mail/
--- /dev/null
+module(load="omrelp")
+
+if $syslogfacility-text == "mail" then {
+ action(type="omrelp" target="log.in.useribm.hu" port="2514")
+}
--- /dev/null
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
--- /dev/null
+#!/bin/sh
+
+
+# cases are:
+# 1: /etc/letsencrypt does not exist
+# 2: /etc/letsencrypt exists
+# 2.1: /etc/letsencrypt.staging does not exist
+# 2.1.1: /etc/letsencrypt.from-pki differs from /etc/letsencrypt
+# 2.1.2: /etc/letsencrypt.from-pki is the same as /etc/letsencrypt
+# 2.2: /etc/letsencrypt.staging exists
+# 2.2.1: /etc/letsencrypt.from-pki differs from /etc/letsencrypt.staging
+# 2.2.2: /etc/letsencrypt.from-pki is the same as /etc/letsencrypt.staging
+
+
+LE_DIRECTORY=/etc/letsencrypt
+LE_FP_DIRECTORY=${LE_DIRECTORY}.from-pki
+LE_OLD_DIRECTORY=${LE_DIRECTORY}.old
+LE_STAGING_DIRECTORY=${LE_DIRECTORY}.staging
+
+
+rm --force --recursive $LE_FP_DIRECTORY
+echo "getting letsencrypt directory from pki"
+/usr/bin/rsync \
+ --archive \
+ --delete-after \
+ --info=STATS \
+ pki.in.useribm.hu::letsencrypt \
+ $LE_FP_DIRECTORY
+if [ $? -ne 0 ]
+then
+ echo "cannot get letsencrypt directory from pki"
+ rm --force --recursive $LE_FP_DIRECTORY
+ exit 1
+fi
+
+if [ -d $LE_DIRECTORY ]
+then
+ # case 2
+ echo "$LE_DIRECTORY exists"
+ if [ -d $LE_STAGING_DIRECTORY ]
+ then
+ # case 2.2
+ echo " $LE_STAGING_DIRECTORY exists"
+ diff --brief --recursive $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+ DIFFERS=$?
+ if [ $DIFFERS -eq 0 ]
+ then
+ # case 2.2.2
+ echo " $LE_FP_DIRECTORY the same as $LE_STAGING_DIRECTORY"
+ echo " moving $LE_STAGING_DIRECTORY to $LE_DIRECTORY"
+ rm --force --recursive $LE_FP_DIRECTORY
+ rm --force --recursive $LE_OLD_DIRECTORY
+ mv $LE_DIRECTORY $LE_OLD_DIRECTORY
+ mv $LE_STAGING_DIRECTORY $LE_DIRECTORY
+ echo " restarting dovecot and postfix services"
+ systemctl restart dovecot.service
+ systemctl restart postfix.service
+ else
+ # case 2.2.1
+ echo " $LE_FP_DIRECTORY differs from $LE_STAGING_DIRECTORY"
+ echo " moving $LE_FP_DIRECTORY to $LE_STAGING_DIRECTORY"
+ rm --force --recursive $LE_STAGING_DIRECTORY
+ mv $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+ fi
+ else
+ # case 2.1
+ echo " $LE_STAGING_DIRECTORY does not exist"
+ diff --brief --recursive $LE_FP_DIRECTORY $LE_DIRECTORY
+ DIFFERS=$?
+ if [ $DIFFERS -eq 0 ]
+ then
+ # case 2.1.2
+ echo " $LE_FP_DIRECTORY is the same as $LE_DIRECTORY"
+ echo " removing $LE_FP_DIRECTORY"
+ rm --force --recursive $LE_FP_DIRECTORY
+ else
+ # case 2.1.1
+ echo " $LE_FP_DIRECTORY differs from $LE_DIRECTORY"
+ echo " moving $LE_FP_DIRECTORY to $LE_STAGING_DIRECTORY"
+ mv $LE_FP_DIRECTORY $LE_STAGING_DIRECTORY
+ fi
+ fi
+else
+ # case 1
+ echo "$LE_DIRECTORY does not exist"
+ echo "moving $LE_FP_DIRECTORY to $LE_DIRECTORY"
+ mv $LE_FP_DIRECTORY $LE_DIRECTORY
+fi
--- /dev/null
+#!/bin/sh
+
+
+sed --in-place=.orig \
+ '/^After=.*network\.target.*$/a After=network-online.target\nWants=network-online.target' \
+ /usr/lib/systemd/system/postfix.service
+
+sed --in-place=.orig \
+ '/^After=.*network\.target.*$/a After=network-online.target\nWants=network-online.target' \
+ /usr/lib/systemd/system/spamassassin.service
--- /dev/null
+#!/bin/sh
+
+
+systemctl disable crond.service
+systemctl disable dovecot.service
+systemctl disable opendkim.service
+systemctl disable opendmarc.service
+systemctl disable postfix.service
+systemctl disable spamassassin.service
+systemctl disable NetworkManager-wait-online.service
+
+systemctl disable logrotate.timer
--- /dev/null
+lxc.include = /usr/share/lxc/config/common.conf
+
+lxc.arch = x86_64
+lxc.uts.name = mx.pm.useribm.hu
+lxc.rootfs.path = __CONTAINER_PATH__/rootfs
+lxc.mount.auto = proc sys
+lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/vmail var/vmail none bind,create=dir 0 0
+
+lxc.net.0.type = veth
+lxc.net.0.flags = up
+lxc.net.0.link = brch-dev
+lxc.net.0.hwaddr = 02:0c:18:03:ad:9a
+
+lxc.autodev = 1
+
+lxc.cgroup2.devices.allow = a
+lxc.cgroup2.memory.high = 3G
+lxc.cgroup2.memory.max = 4G
+
+lxc.idmap = u 0 100000 100000
+lxc.idmap = g 0 100000 100000
+
+lxc.signal.halt = SIGRTMIN+4
+
+lxc.start.auto = 1
+lxc.start.order = __CONTAINER_START_ORDER__
+lxc.start.delay = 5
--- /dev/null
+DISTRIBUTION=Fedora
+DISTRIBUTION_VERSION=41
+SPEC_PACKAGES="cronie \
+ cyrus-sasl \
+ cyrus-sasl-md5 \
+ cyrus-sasl-plain \
+ cyrus-sasl-scram \
+ dovecot \
+ mailx \
+ opendkim \
+ opendkim-tools \
+ opendmarc \
+ postfix \
+ pypolicyd-spf \
+ python3-authres \
+ rsync \
+ spamassassin"
https://git.useribm.hu / user-lxc.git / commitdiff