From 87a84e83b30dd446a2a80a7847c6a72921aa16f0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Wed, 6 Apr 2022 16:36:45 +0200 Subject: [PATCH] Updated mx.in (converted to the new c3d format). --- .../firstboot/scripts}/01_setupnetworking.sh | 56 +++++++++++++------ .../firstboot/scripts}/02_settimezone.sh | 0 .../firstboot/scripts}/90_setupservices.sh | 0 sources/mx.in/c3d/mode.txt | 4 ++ .../install-data}/etc/postfix/main.cf | 47 ++++++++++++++-- .../postinstall/scripts/01_editfiles.sh} | 0 .../postinstall/scripts}/10_setupservices.sh | 0 sources/mx.in/firstboot/99_cleanup.sh | 6 -- sources/mx.in/postinstall/01_setownership.sh | 7 --- .../mx.in/postinstall/02_setpermissions.sh | 5 -- sources/mx.in/postinstall/03_installfiles.sh | 16 ------ sources/mx.in/postinstall/99_cleanup.sh | 6 -- 12 files changed, 84 insertions(+), 63 deletions(-) rename sources/mx.in/{firstboot => c3d/firstboot/scripts}/01_setupnetworking.sh (57%) rename sources/mx.in/{firstboot => c3d/firstboot/scripts}/02_settimezone.sh (100%) rename sources/mx.in/{firstboot => c3d/firstboot/scripts}/90_setupservices.sh (100%) create mode 100644 sources/mx.in/c3d/mode.txt rename sources/mx.in/{postinstall/install => c3d/postinstall/install-data}/etc/postfix/main.cf (94%) rename sources/mx.in/{postinstall/04_editfiles.sh => c3d/postinstall/scripts/01_editfiles.sh} (100%) rename sources/mx.in/{postinstall => c3d/postinstall/scripts}/10_setupservices.sh (100%) delete mode 100755 sources/mx.in/firstboot/99_cleanup.sh delete mode 100755 sources/mx.in/postinstall/01_setownership.sh delete mode 100755 sources/mx.in/postinstall/02_setpermissions.sh delete mode 100755 sources/mx.in/postinstall/03_installfiles.sh delete mode 100755 sources/mx.in/postinstall/99_cleanup.sh diff --git a/sources/mx.in/firstboot/01_setupnetworking.sh b/sources/mx.in/c3d/firstboot/scripts/01_setupnetworking.sh similarity index 57% rename from sources/mx.in/firstboot/01_setupnetworking.sh rename to sources/mx.in/c3d/firstboot/scripts/01_setupnetworking.sh index bddee6c..aa1ae7b 100755 --- a/sources/mx.in/firstboot/01_setupnetworking.sh +++ b/sources/mx.in/c3d/firstboot/scripts/01_setupnetworking.sh @@ -4,39 +4,61 @@ sleep 1 systemctl --quiet is-active NetworkManager.service NM_RC=$? -WAITED=0 +CYCLES_WAITED=0 while [ $NM_RC -ne 0 ] do + if [ $CYCLES_WAITED -ge 10 ] + then + exit 1 + fi + if [ $CYCLES_WAITED -eq 0 ] + then + echo -n "Waiting for NetworkManager" + fi echo -n . sleep 1 - WAITED=1 + CYCLES_WAITED=$(( $CYCLES_WAITED + 1 )) systemctl --quiet is-active NetworkManager.service NM_RC=$? done -[ $WAITED -eq 1 ] && echo +[ $CYCLES_WAITED -gt 0 ] && echo -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] +# wait for one/the network connection to come up +CONNECTION_DEVICES_UP=$(nmcli --terse connection show \ + | grep --invert-match ':$' | wc -l) +CYCLES_WAITED=0 +while [ $CONNECTION_DEVICES_UP -lt 1 ] do - echo "Number of connections: $CONNECTIONS" >&2 + if [ $CYCLES_WAITED -ge 10 ] + then + nmcli connection show + exit 1 + fi + if [ $CYCLES_WAITED -eq 0 ] + then + echo -n "Waiting for the network connection" + fi + echo -n . sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) + CYCLES_WAITED=$(( $CYCLES_WAITED + 1 )) + CONNECTION_DEVICES_UP=$(nmcli --terse connection show \ + | grep --invert-match ':$' | wc -l) done +[ $CYCLES_WAITED -gt 0 ] && echo -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done +CONNECTIONS=$(nmcli --terse connection show | wc -l) +if [ $CONNECTIONS -ne 1 ] +then + echo "Number of connections: $CONNECTIONS" >&2 + exit 1 +fi CONNECTION_LINE=$(nmcli --terse connection show) CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') +nmcli connection delete uuid "$CONNECTION_UUID" + nmcli connection add \ connection.autoconnect yes \ connection.id internal \ @@ -54,6 +76,4 @@ nmcli connection add \ ipv6.method "manual" \ save yes -nmcli connection delete uuid "$CONNECTION_UUID" - nmcli connection show diff --git a/sources/mx.in/firstboot/02_settimezone.sh b/sources/mx.in/c3d/firstboot/scripts/02_settimezone.sh similarity index 100% rename from sources/mx.in/firstboot/02_settimezone.sh rename to sources/mx.in/c3d/firstboot/scripts/02_settimezone.sh diff --git a/sources/mx.in/firstboot/90_setupservices.sh b/sources/mx.in/c3d/firstboot/scripts/90_setupservices.sh similarity index 100% rename from sources/mx.in/firstboot/90_setupservices.sh rename to sources/mx.in/c3d/firstboot/scripts/90_setupservices.sh diff --git a/sources/mx.in/c3d/mode.txt b/sources/mx.in/c3d/mode.txt new file mode 100644 index 0000000..57a6c20 --- /dev/null +++ b/sources/mx.in/c3d/mode.txt @@ -0,0 +1,4 @@ +# The format of this files is: +# mode file (relative to /c3d) +755 firstboot/scripts/*.sh +755 postinstall/scripts/*.sh diff --git a/sources/mx.in/postinstall/install/etc/postfix/main.cf b/sources/mx.in/c3d/postinstall/install-data/etc/postfix/main.cf similarity index 94% rename from sources/mx.in/postinstall/install/etc/postfix/main.cf rename to sources/mx.in/c3d/postinstall/install-data/etc/postfix/main.cf index 0118faa..d1cf24e 100644 --- a/sources/mx.in/postinstall/install/etc/postfix/main.cf +++ b/sources/mx.in/c3d/postinstall/install-data/etc/postfix/main.cf @@ -27,7 +27,7 @@ # # The level below is what should be used with new (not upgrade) installs. # -compatibility_level = 2 +compatibility_level = 3.6 # SOFT BOUNCE # @@ -93,7 +93,6 @@ mail_owner = postfix # #myhostname = host.domain.tld #myhostname = virtual.domain.tld -myhostname = mx.in.useribm.hu # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. @@ -254,7 +253,7 @@ unknown_local_recipient_reject_code = 550 # # By default (mynetworks_style = subnet), Postfix "trusts" SMTP # clients in the same IP subnetworks as the local machine. -# On Linux, this does works correctly only with interfaces specified +# On Linux, this works correctly only with interfaces specified # with the "ifconfig" command. # # Specify "mynetworks_style = class" when Postfix should "trust" SMTP @@ -281,7 +280,7 @@ unknown_local_recipient_reject_code = 550 # of listing the patterns here. Specify type:table for table-based lookups # (the value on the table right-hand side is not used). # -#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = 168.100.3.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 10.228.0.0/16, 192.168.42.0/24, 192.168.43.0/24 @@ -648,7 +647,7 @@ debugger_command = # >$config_directory/$process_name.$process_id.log & sleep 5 # # Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r +# To attach to the screen session, su root and run "screen -r # " where uniquely matches one of the detached # sessions (from "screen -list"). # @@ -698,6 +697,44 @@ sample_directory = /usr/share/doc/postfix/samples # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix/README_FILES + +# TLS CONFIGURATION +# +# Basic Postfix TLS configuration by default with self-signed certificate +# for inbound SMTP and also opportunistic TLS for outbound SMTP. + +# The full pathname of a file with the Postfix SMTP server RSA certificate +# in PEM format. Intermediate certificates should be included in general, +# the server certificate first, then the issuing CA(s) (bottom-up order). +# +smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem + +# The full pathname of a file with the Postfix SMTP server RSA private key +# in PEM format. The private key must be accessible without a pass-phrase, +# i.e. it must not be encrypted. +# +smtpd_tls_key_file = /etc/pki/tls/private/postfix.key + +# Announce STARTTLS support to remote SMTP clients, but do not require that +# clients use TLS encryption (opportunistic TLS inbound). +# +smtpd_tls_security_level = may + +# Directory with PEM format Certification Authority certificates that the +# Postfix SMTP client uses to verify a remote SMTP server certificate. +# +smtp_tls_CApath = /etc/pki/tls/certs + +# The full pathname of a file containing CA certificates of root CAs +# trusted to sign either remote SMTP server certificates or intermediate CA +# certificates. +# +smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + +# Use TLS if this is supported by the remote SMTP server, otherwise use +# plaintext (opportunistic TLS outbound). +# +smtp_tls_security_level = may meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix diff --git a/sources/mx.in/postinstall/04_editfiles.sh b/sources/mx.in/c3d/postinstall/scripts/01_editfiles.sh similarity index 100% rename from sources/mx.in/postinstall/04_editfiles.sh rename to sources/mx.in/c3d/postinstall/scripts/01_editfiles.sh diff --git a/sources/mx.in/postinstall/10_setupservices.sh b/sources/mx.in/c3d/postinstall/scripts/10_setupservices.sh similarity index 100% rename from sources/mx.in/postinstall/10_setupservices.sh rename to sources/mx.in/c3d/postinstall/scripts/10_setupservices.sh diff --git a/sources/mx.in/firstboot/99_cleanup.sh b/sources/mx.in/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/mx.in/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/mx.in/postinstall/01_setownership.sh b/sources/mx.in/postinstall/01_setownership.sh deleted file mode 100755 index f2e6b94..0000000 --- a/sources/mx.in/postinstall/01_setownership.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - -chown -R root.root $SOURCE_PATH/* diff --git a/sources/mx.in/postinstall/02_setpermissions.sh b/sources/mx.in/postinstall/02_setpermissions.sh deleted file mode 100755 index 241386a..0000000 --- a/sources/mx.in/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install diff --git a/sources/mx.in/postinstall/03_installfiles.sh b/sources/mx.in/postinstall/03_installfiles.sh deleted file mode 100755 index e4ee7ff..0000000 --- a/sources/mx.in/postinstall/03_installfiles.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --exclude=.placeholder \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/mx.in/postinstall/99_cleanup.sh b/sources/mx.in/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/mx.in/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH -- 2.54.0