From b2ecd180bba8997c7bfad8c68c3e2ee39c4d193d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Fri, 11 Feb 2022 14:39:18 +0100 Subject: [PATCH] Removed ins.in, ldap.in and svc.in. --- sources/ins.in/config | 21 - sources/ins.in/envvars | 5 - .../ins.in/firstboot/01_setupnetworking.sh | 59 -- sources/ins.in/firstboot/02_settimezone.sh | 21 - sources/ins.in/firstboot/03_setupldap.sh | 10 - sources/ins.in/firstboot/99_cleanup.sh | 6 - sources/ins.in/postinstall/01_setownership.sh | 9 - .../ins.in/postinstall/02_setpermissions.sh | 7 - sources/ins.in/postinstall/03_installfiles.sh | 16 - .../ins.in/postinstall/10_setupservices.sh | 7 - sources/ins.in/postinstall/99_cleanup.sh | 6 - .../ins.in/postinstall/install/etc/named.conf | 243 ------ sources/ldap.in/config | 21 - sources/ldap.in/envvars | 6 - .../ldap.in/firstboot/01_setupnetworking.sh | 55 -- sources/ldap.in/firstboot/02_settimezone.sh | 21 - .../ldap.in/firstboot/10_createldapcert.sh | 23 - sources/ldap.in/firstboot/11_createusers.sh | 59 -- sources/ldap.in/firstboot/20_setupldap.sh | 57 -- sources/ldap.in/firstboot/99_cleanup.sh | 6 - sources/ldap.in/firstboot/USERS.txt | 16 - sources/ldap.in/firstboot/pwd.txt | 2 - sources/ldap.in/firstboot/replacerootpw.ldif | 4 - sources/ldap.in/firstboot/setup0config.ldif | 9 - sources/ldap.in/firstboot/setup1monitor.ldif | 7 - sources/ldap.in/firstboot/setup2mdb.ldif | 32 - sources/ldap.in/firstboot/setupdomain.ldif | 19 - sources/ldap.in/firstboot/setuptls.ldif | 10 - sources/ldap.in/firstboot/user_template.ldif | 24 - .../ldap.in/postinstall/01_setownership.sh | 11 - .../ldap.in/postinstall/02_setpermissions.sh | 11 - .../ldap.in/postinstall/03_installfiles.sh | 16 - .../ldap.in/postinstall/10_setupservices.sh | 9 - .../ldap.in/postinstall/20_setupsshldap.sh | 5 - sources/ldap.in/postinstall/99_cleanup.sh | 6 - sources/ldap.in/postinstall/copy.list | 1 - .../install/etc/openldap/ldap.conf | 30 - .../install/etc/pki/tls/certs/slapd.crt | 20 - .../install/etc/pki/tls/certs/slapd.key | 27 - .../postinstall/install/etc/ssh/ldap.conf | 95 --- .../install/etc/ssh/ssh_host_ecdsa_key | 8 - .../install/etc/ssh/ssh_host_ecdsa_key.pub | 1 - .../install/etc/ssh/ssh_host_ed25519_key | 7 - .../etc/ssh/ssh_host_ed25519_key-cert.pub | 1 - .../install/etc/ssh/ssh_host_ed25519_key.pub | 1 - .../install/etc/ssh/ssh_host_rsa_key | 27 - .../install/etc/ssh/ssh_host_rsa_key.pub | 1 - .../etc/ssh/sshd_config.d/99-host-cert.conf | 1 - .../etc/ssh/sshd_config.d/99-user-CA.conf | 1 - .../install/etc/ssh/trusted-user-ca.keys | 2 - .../postinstall/install/etc/sssd/sssd.conf | 18 - .../postinstall/install/root/backupldapdb.sh | 6 - .../install/var/lib/ldap/DB_CONFIG | 28 - sources/ldap.in/postinstall/run.list | 1 - sources/svc.in/config | 21 - sources/svc.in/envvars | 5 - .../svc.in/firstboot/01_setupnetworking.sh | 59 -- sources/svc.in/firstboot/02_settimezone.sh | 21 - sources/svc.in/firstboot/03_setupldap.sh | 10 - sources/svc.in/firstboot/10_setuppostfix.sh | 5 - sources/svc.in/firstboot/99_cleanup.sh | 6 - sources/svc.in/postinstall/01_setownership.sh | 9 - .../svc.in/postinstall/02_setpermissions.sh | 7 - sources/svc.in/postinstall/03_installfiles.sh | 16 - sources/svc.in/postinstall/04_editfiles.sh | 10 - .../svc.in/postinstall/10_setupservices.sh | 10 - sources/svc.in/postinstall/99_cleanup.sh | 6 - .../postinstall/install/etc/dhcp/dhcpd.conf | 617 --------------- .../svc.in/postinstall/install/etc/named.conf | 243 ------ .../postinstall/install/etc/postfix/main.cf | 704 ------------------ 70 files changed, 2864 deletions(-) delete mode 100644 sources/ins.in/config delete mode 100644 sources/ins.in/envvars delete mode 100755 sources/ins.in/firstboot/01_setupnetworking.sh delete mode 100755 sources/ins.in/firstboot/02_settimezone.sh delete mode 100755 sources/ins.in/firstboot/03_setupldap.sh delete mode 100755 sources/ins.in/firstboot/99_cleanup.sh delete mode 100755 sources/ins.in/postinstall/01_setownership.sh delete mode 100755 sources/ins.in/postinstall/02_setpermissions.sh delete mode 100755 sources/ins.in/postinstall/03_installfiles.sh delete mode 100755 sources/ins.in/postinstall/10_setupservices.sh delete mode 100755 sources/ins.in/postinstall/99_cleanup.sh delete mode 100644 sources/ins.in/postinstall/install/etc/named.conf delete mode 100644 sources/ldap.in/config delete mode 100644 sources/ldap.in/envvars delete mode 100755 sources/ldap.in/firstboot/01_setupnetworking.sh delete mode 100755 sources/ldap.in/firstboot/02_settimezone.sh delete mode 100755 sources/ldap.in/firstboot/10_createldapcert.sh delete mode 100755 sources/ldap.in/firstboot/11_createusers.sh delete mode 100755 sources/ldap.in/firstboot/20_setupldap.sh delete mode 100755 sources/ldap.in/firstboot/99_cleanup.sh delete mode 100644 sources/ldap.in/firstboot/USERS.txt delete mode 100644 sources/ldap.in/firstboot/pwd.txt delete mode 100644 sources/ldap.in/firstboot/replacerootpw.ldif delete mode 100644 sources/ldap.in/firstboot/setup0config.ldif delete mode 100644 sources/ldap.in/firstboot/setup1monitor.ldif delete mode 100644 sources/ldap.in/firstboot/setup2mdb.ldif delete mode 100644 sources/ldap.in/firstboot/setupdomain.ldif delete mode 100644 sources/ldap.in/firstboot/setuptls.ldif delete mode 100644 sources/ldap.in/firstboot/user_template.ldif delete mode 100755 sources/ldap.in/postinstall/01_setownership.sh delete mode 100755 sources/ldap.in/postinstall/02_setpermissions.sh delete mode 100755 sources/ldap.in/postinstall/03_installfiles.sh delete mode 100755 sources/ldap.in/postinstall/10_setupservices.sh delete mode 100755 sources/ldap.in/postinstall/20_setupsshldap.sh delete mode 100755 sources/ldap.in/postinstall/99_cleanup.sh delete mode 100644 sources/ldap.in/postinstall/copy.list delete mode 100644 sources/ldap.in/postinstall/install/etc/openldap/ldap.conf delete mode 100644 sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.crt delete mode 100644 sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.key delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ldap.conf delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key.pub delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf delete mode 100644 sources/ldap.in/postinstall/install/etc/ssh/trusted-user-ca.keys delete mode 100644 sources/ldap.in/postinstall/install/etc/sssd/sssd.conf delete mode 100755 sources/ldap.in/postinstall/install/root/backupldapdb.sh delete mode 100644 sources/ldap.in/postinstall/install/var/lib/ldap/DB_CONFIG delete mode 100644 sources/ldap.in/postinstall/run.list delete mode 100644 sources/svc.in/config delete mode 100644 sources/svc.in/envvars delete mode 100755 sources/svc.in/firstboot/01_setupnetworking.sh delete mode 100755 sources/svc.in/firstboot/02_settimezone.sh delete mode 100755 sources/svc.in/firstboot/03_setupldap.sh delete mode 100755 sources/svc.in/firstboot/10_setuppostfix.sh delete mode 100755 sources/svc.in/firstboot/99_cleanup.sh delete mode 100755 sources/svc.in/postinstall/01_setownership.sh delete mode 100755 sources/svc.in/postinstall/02_setpermissions.sh delete mode 100755 sources/svc.in/postinstall/03_installfiles.sh delete mode 100755 sources/svc.in/postinstall/04_editfiles.sh delete mode 100755 sources/svc.in/postinstall/10_setupservices.sh delete mode 100755 sources/svc.in/postinstall/99_cleanup.sh delete mode 100644 sources/svc.in/postinstall/install/etc/dhcp/dhcpd.conf delete mode 100644 sources/svc.in/postinstall/install/etc/named.conf delete mode 100644 sources/svc.in/postinstall/install/etc/postfix/main.cf diff --git a/sources/ins.in/config b/sources/ins.in/config deleted file mode 100644 index 0d401a1..0000000 --- a/sources/ins.in/config +++ /dev/null @@ -1,21 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = ins.in.useribm.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = bri-dev -lxc.net.0.hwaddr = 02:0c:18:03:6d:68 - -lxc.autodev = 1 - -lxc.cgroup2.devices.allow = a - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = __CONTAINER_START_ORDER__ -lxc.start.delay = 5 diff --git a/sources/ins.in/envvars b/sources/ins.in/envvars deleted file mode 100644 index 875dfc1..0000000 --- a/sources/ins.in/envvars +++ /dev/null @@ -1,5 +0,0 @@ -DISTRIBUTION=Fedora -DISTRIBUTION_VERSION=35 -ROOT_PACKAGES="hostname initscripts iproute rootfiles systemd-udev" -BASE_PACKAGES="NetworkManager iputils logrotate rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils" diff --git a/sources/ins.in/firstboot/01_setupnetworking.sh b/sources/ins.in/firstboot/01_setupnetworking.sh deleted file mode 100755 index 4b7757f..0000000 --- a/sources/ins.in/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.104/16" \ - ipv4.dns "10.228.109.159, 10.228.92.159" \ - ipv4.dns-search "in.useribm.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6d68/64" \ - ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d9f, 2a02:d400:0000:f268:000c:18ff:fe03:5c9f" \ - ipv6.dns-search "in.useribm.hu" \ - ipv6.gateway "2a02:d400:0000:f268:000c:18ff:fe03:6dfe" \ - ipv6.method "manual" \ - save yes - -nmcli connection show diff --git a/sources/ins.in/firstboot/02_settimezone.sh b/sources/ins.in/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ins.in/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ins.in/firstboot/03_setupldap.sh b/sources/ins.in/firstboot/03_setupldap.sh deleted file mode 100755 index 415d6db..0000000 --- a/sources/ins.in/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.252/16" \ - ipv4.dns "10.228.109.159, 10.228.92.159" \ - ipv4.dns-search "in.useribm.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.method "auto" \ - save yes - -nmcli connection show diff --git a/sources/ldap.in/firstboot/02_settimezone.sh b/sources/ldap.in/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/ldap.in/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/ldap.in/firstboot/10_createldapcert.sh b/sources/ldap.in/firstboot/10_createldapcert.sh deleted file mode 100755 index 3ad9be8..0000000 --- a/sources/ldap.in/firstboot/10_createldapcert.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -x - -read -n 1 -p "Recreate ldap certificate? y/[n] " -t 5 RECREATE -if [ "$RECREATE" = "y" ] -then - cd /etc/pki/tls/certs - openssl genrsa -aes128 2048 >tmp.key - openssl rsa -in tmp.key -out slapd.key - openssl req -utf8 -new -key slapd.key -out slapd.csr - openssl x509 -in slapd.csr -out slapd.crt -req -signkey slapd.key -days 3650 - chmod 600 slapd.key - rm -f slapd.csr tmp.key -fi - -cp -p /etc/pki/tls/certs/slapd.key \ - /etc/pki/tls/certs/slapd.crt \ - /etc/pki/tls/certs/ca-bundle.crt \ - /etc/openldap/certs/ - -chown ldap.ldap /etc/openldap/certs/slapd.key \ - /etc/openldap/certs/slapd.crt \ - /etc/openldap/certs/ca-bundle.crt diff --git a/sources/ldap.in/firstboot/11_createusers.sh b/sources/ldap.in/firstboot/11_createusers.sh deleted file mode 100755 index 1a1e94d..0000000 --- a/sources/ldap.in/firstboot/11_createusers.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(realpath $(dirname $0)) - - ->$REAL_PATH/SEED.txt ->$REAL_PATH/UIDS.txt -cat $REAL_PATH/USERS.txt | while read LINE -do - COMPACT_LINE=$(echo $LINE | sed 's/, /,/g') - LOGIN=$(echo $COMPACT_LINE | cut -f 1 -d ',') - LOGIN_MD5SUM=$(echo $LOGIN | md5sum | awk '{print $1}') - UID_POSITION=30 - UID_IS_UNIQUE=0 - while [ $UID_IS_UNIQUE -eq 0 ] - do - LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3) - grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 - if [ $? -eq 1 ] - then - INT_UID=$(python -c "print(10000 + int('$LOGIN_UID', 16))") - HEX_UID=$(python -c "print(hex($INT_UID))") - #echo $LOGIN $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID - echo $LOGIN_UID >>$REAL_PATH/SEED.txt - echo "${INT_UID},${HEX_UID},$COMPACT_LINE" >>$REAL_PATH/UIDS.txt - UID_IS_UNIQUE=1 - else - UID_POSITION=$(( $UID_POSITION - 1 )) - echo "shifted $LOGIN to $UID_POSITION" - if [ $UID_POSITION -eq 0 ] - then - echo "Cannot generate unique uid for $LOGIN" >&2 - exit 1 - fi - fi - done - #echo $LOGIN $LOGIN_UID $INT_UID $LOGIN_MD5SUM -done - ->$REAL_PATH/setupusers.ldif -cat $REAL_PATH/UIDS.txt | while read LINE -do - INT_UID=$(echo $LINE | cut -f 1 -d ',') - HEX_UID=$(echo $LINE | cut -f 2 -d ',') - LOGIN=$(echo $LINE | cut -f 3 -d ',') - FIRSTNAME=$(echo $LINE | cut -f 4 -d ',') - LASTNAME=$(echo $LINE | cut -f 5 -d ',') - MAIL_ADDRESS=$(echo $LINE | cut -f 6 -d ',') - MOBILE_NUMBER=$(echo $LINE | cut -f 7 -d ',') - sed -e "s/__UID__/$INT_UID/" \ - -e "s/__LOGIN__/$LOGIN/" \ - -e "s/__FIRSTNAME__/$FIRSTNAME/" \ - -e "s/__LASTNAME__/$LASTNAME/" \ - -e "s/__MAIL__/$MAIL_ADDRESS/" \ - -e "s/__MOBILE__/$MOBILE_NUMBER/" \ - <$REAL_PATH/user_template.ldif \ - >>$REAL_PATH/setupusers.ldif -done diff --git a/sources/ldap.in/firstboot/20_setupldap.sh b/sources/ldap.in/firstboot/20_setupldap.sh deleted file mode 100755 index 36365f9..0000000 --- a/sources/ldap.in/firstboot/20_setupldap.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -set -x - -REAL_PATH=$(realpath $(dirname $0)) -SLAPD_RUNNING=0 - - -while [ $SLAPD_RUNNING -ne 1 ] -do - echo -n '.' - sleep 1 - systemctl --quiet is-active slapd.service - SLAPD_RUNNING=$(( $? + 1 )) -done - -read -n 1 -p "Recreate ldap database? y/[n] " -t 5 RECREATE - -ldapadd -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup0config.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif -ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup1monitor.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup2mdb.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setupppolicymodule.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setupppolicyconfig.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setupppolicydefault.ldif -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setuptls.ldif -if [ "$RECREATE" = "y" ] -then - ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupdomain.ldif - ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupusers.ldif -fi -ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/replacerootpw.ldif - -if [ "$RECREATE" != "y" ] -then - systemctl stop slapd.service - slapadd -n 2 -l $REAL_PATH/data.ldif - chown -R ldap.ldap /var/lib/ldap - systemctl start slapd.service -fi - -authselect select sssd with-mkhomedir --force -systemctl restart oddjobd.service -systemctl restart sssd.service - -# back up passwords -#ldapsearch -x -D cn=Manager,dc=user,dc=hu -W -b "ou=People,dc=user,dc=hu" "objectClass=*" userPassword shadowLastChange - -# back up openldap -#slapcat -n 0 >/tmp/config.ldif -#slapcat -n 2 >/tmp/data.ldif - -# restore openldap -#slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/config.ldif -#slapadd -n 2 -F /etc/openldap/slapd.d -l /tmp/data.ldif diff --git a/sources/ldap.in/firstboot/99_cleanup.sh b/sources/ldap.in/firstboot/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ldap.in/firstboot/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ldap.in/firstboot/USERS.txt b/sources/ldap.in/firstboot/USERS.txt deleted file mode 100644 index 15f2e58..0000000 --- a/sources/ldap.in/firstboot/USERS.txt +++ /dev/null @@ -1,16 +0,0 @@ -akosztolanyi, Árpád, Kosztolányi, arpad.kosztolanyi@userrendszerhaz.hu, +36 20 583 7539 -csgulyas, Csaba, Gulyás, csaba.gulyas@userrendszerhaz.hu, +36 30 374 4065 -cslevai, Csilla, Lévai, csilla.levai@userrendszerhaz.hu, +36 30 280 8517 -dhorvath, Dénes, Horváth, denes.horvath@userrendszerhaz.hu, +36 30 971 8563 -dvasary, Dániel, Vásáry, daniel.vasary@userrendszerhaz.hu, +36 30 515 9417 -fritter, Ferenc, Ritter, ferenc.ritter@userrendszerhaz.hu, +36 20 937 8022 -fschnell, Ferenc, Schnellbach, ferenc.schnellbach@userrendszerhaz.hu, +36 30 950 2529 -khorvath, Kálmán, Horváth, kalman.horvath@userrendszerhaz.hu, +36 20 444 8693 -kkancz, Krisztián, Káncz, krisztian.kancz@userrendszerhaz.hu, +36 70 666 2663 -kvajda, Krisztina, Vajda, krisztina.vajda@userrendszerhaz.hu, +36 20 313 0028 -mszabo, Marcell, Szabó, marcell.szabo@userrendszerhaz.hu, +36 70 458 1234 -osweidan, Omár, Sweidan, omar.sweidan@userrendszerhaz.hu, +36 70 382 4621 -ppazmandi, Péter, Pázmándi, peter.pazmandi@userrendszerhaz.hu, +36 30 731 3717 -rrendek, Róbert, Rendek, robert.rendek@userrendszerhaz.hu, +36 30 977 5888 -tlevai, Tibor, Lévai, tibor.levai@userrendszerhaz.hu, +36 30 297 6481 -zfelleg, Zoltán, Felleg, zoltan.felleg@userrendszerhaz.hu, +36 20 954 1513 diff --git a/sources/ldap.in/firstboot/pwd.txt b/sources/ldap.in/firstboot/pwd.txt deleted file mode 100644 index d096bb7..0000000 --- a/sources/ldap.in/firstboot/pwd.txt +++ /dev/null @@ -1,2 +0,0 @@ -temp (pwd): {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc -final : {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.in/firstboot/replacerootpw.ldif b/sources/ldap.in/firstboot/replacerootpw.ldif deleted file mode 100644 index 275d24c..0000000 --- a/sources/ldap.in/firstboot/replacerootpw.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcRootPW -olcRootPW: {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.in/firstboot/setup0config.ldif b/sources/ldap.in/firstboot/setup0config.ldif deleted file mode 100644 index 15347ac..0000000 --- a/sources/ldap.in/firstboot/setup0config.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: olcDatabase={0}config,cn=config -changetype: modify -add: olcRootPW -olcRootPW: {SSHA}Qta8GXQLA1k8WpxRd9FQ2qzi3jcJBfob - -#dn: cn=config -#changetype: modify -#replace: olcLogLevel -#olcLogLevel: Conns ACL diff --git a/sources/ldap.in/firstboot/setup1monitor.ldif b/sources/ldap.in/firstboot/setup1monitor.ldif deleted file mode 100644 index 4f225c2..0000000 --- a/sources/ldap.in/firstboot/setup1monitor.ldif +++ /dev/null @@ -1,7 +0,0 @@ -dn: olcDatabase={1}monitor,cn=config -changetype: modify -replace: olcAccess -olcAccess: {0}to * - by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read - by dn.base="cn=Manager,dc=user,dc=hu" read - by * none diff --git a/sources/ldap.in/firstboot/setup2mdb.ldif b/sources/ldap.in/firstboot/setup2mdb.ldif deleted file mode 100644 index 690f1da..0000000 --- a/sources/ldap.in/firstboot/setup2mdb.ldif +++ /dev/null @@ -1,32 +0,0 @@ -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcSuffix -olcSuffix: dc=user,dc=hu - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -replace: olcRootDN -olcRootDN: cn=Manager,dc=user,dc=hu - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -add: olcRootPW -olcRootPW: {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc - -dn: olcDatabase={2}mdb,cn=config -changetype: modify -add: olcAccess -olcAccess: {0}to attrs=userPassword - by dn="cn=Manager,dc=user,dc=hu" write - by anonymous auth - by self write - by * none -olcAccess: {1}to attrs=shadowLastChange - by dn="cn=Manager,dc=user,dc=hu" write - by self write - by * read -olcAccess: {2}to dn.base="" - by * read -olcAccess: {3}to * - by dn="cn=Manager,dc=user,dc=hu" write - by * read diff --git a/sources/ldap.in/firstboot/setupdomain.ldif b/sources/ldap.in/firstboot/setupdomain.ldif deleted file mode 100644 index aaa0ccc..0000000 --- a/sources/ldap.in/firstboot/setupdomain.ldif +++ /dev/null @@ -1,19 +0,0 @@ -dn: dc=user,dc=hu -objectClass: top -objectClass: dcObject -objectclass: organization -o: USER Sytemhouse -dc: user - -dn: cn=Manager,dc=user,dc=hu -objectClass: organizationalRole -cn: Manager -description: Directory Manager - -dn: ou=People,dc=user,dc=hu -objectClass: organizationalUnit -ou: People - -dn: ou=Group,dc=user,dc=hu -objectClass: organizationalUnit -ou: Group diff --git a/sources/ldap.in/firstboot/setuptls.ldif b/sources/ldap.in/firstboot/setuptls.ldif deleted file mode 100644 index 141428c..0000000 --- a/sources/ldap.in/firstboot/setuptls.ldif +++ /dev/null @@ -1,10 +0,0 @@ -dn: cn=config -changetype: modify -add: olcTLSCACertificateFile -olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt -- -replace: olcTLSCertificateFile -olcTLSCertificateFile: /etc/openldap/certs/slapd.crt -- -replace: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: /etc/openldap/certs/slapd.key diff --git a/sources/ldap.in/firstboot/user_template.ldif b/sources/ldap.in/firstboot/user_template.ldif deleted file mode 100644 index 4693f52..0000000 --- a/sources/ldap.in/firstboot/user_template.ldif +++ /dev/null @@ -1,24 +0,0 @@ -# __LOGIN__ -dn: uid=__LOGIN__,ou=People,dc=user,dc=hu -objectClass: inetOrgPerson -objectClass: posixAccount -objectClass: shadowAccount -cn: __FIRSTNAME__ __LASTNAME__ -givenName: __FIRSTNAME__ -sn: __LASTNAME__ -mail: __MAIL__ -mobile: __MOBILE__ -loginShell: /bin/bash -uidNumber: __UID__ -gidNumber: __UID__ -homeDirectory: /home/__LOGIN__ -userPassword: {SSHA}Be0QldINCqu8gM+Fii1cR2fpjCzSqEcO -shadowLastChange: 0 -shadowMax: 3650 - -dn: cn=__LOGIN__,ou=Group,dc=user,dc=hu -objectClass: posixGroup -cn: __LOGIN__ -gidNumber: __UID__ -memberUid: __LOGIN__ - diff --git a/sources/ldap.in/postinstall/01_setownership.sh b/sources/ldap.in/postinstall/01_setownership.sh deleted file mode 100755 index 0dd1234..0000000 --- a/sources/ldap.in/postinstall/01_setownership.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - - -chown -R root.root $SOURCE_PATH -chown -R ldap.ldap $SOURCE_PATH/var/lib/ldap - -chgrp ssh_keys $SOURCE_PATH/etc/ssh/*_key diff --git a/sources/ldap.in/postinstall/02_setpermissions.sh b/sources/ldap.in/postinstall/02_setpermissions.sh deleted file mode 100755 index 6779033..0000000 --- a/sources/ldap.in/postinstall/02_setpermissions.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) -SOURCE_PATH=$REAL_PATH/install - - -chmod 600 $SOURCE_PATH/etc/pki/tls/certs/slapd.key -chmod 400 $SOURCE_PATH/etc/ssh/*_key -chmod 444 $SOURCE_PATH/etc/ssh/*.pub -chmod 600 $SOURCE_PATH/etc/sssd/sssd.conf diff --git a/sources/ldap.in/postinstall/03_installfiles.sh b/sources/ldap.in/postinstall/03_installfiles.sh deleted file mode 100755 index e4ee7ff..0000000 --- a/sources/ldap.in/postinstall/03_installfiles.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -tar --create \ - --directory=$REAL_PATH \ - --exclude=.placeholder \ - --to-stdout \ - install \ - | tar --extract \ - --backup \ - --directory=/ \ - --no-overwrite-dir \ - --strip-components=1 \ - --suffix=.orig diff --git a/sources/ldap.in/postinstall/10_setupservices.sh b/sources/ldap.in/postinstall/10_setupservices.sh deleted file mode 100755 index dfaa348..0000000 --- a/sources/ldap.in/postinstall/10_setupservices.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - - -systemctl enable oddjobd.service -systemctl enable slapd.service -systemctl enable sssd.service -systemctl enable NetworkManager-wait-online.service - -systemctl enable logrotate.timer diff --git a/sources/ldap.in/postinstall/20_setupsshldap.sh b/sources/ldap.in/postinstall/20_setupsshldap.sh deleted file mode 100755 index 177e4db..0000000 --- a/sources/ldap.in/postinstall/20_setupsshldap.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - - -echo "AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper" >>/etc/ssh/sshd_config -echo "AuthorizedKeysCommandUser nobody" >>/etc/ssh/sshd_config diff --git a/sources/ldap.in/postinstall/99_cleanup.sh b/sources/ldap.in/postinstall/99_cleanup.sh deleted file mode 100755 index b87f2f4..0000000 --- a/sources/ldap.in/postinstall/99_cleanup.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -REAL_PATH=$(dirname $(realpath $0)) - -echo rm -Rf $REAL_PATH diff --git a/sources/ldap.in/postinstall/copy.list b/sources/ldap.in/postinstall/copy.list deleted file mode 100644 index f113c9a..0000000 --- a/sources/ldap.in/postinstall/copy.list +++ /dev/null @@ -1 +0,0 @@ -ldap.in.useribm.hu /tmp/data.ldif firstboot diff --git a/sources/ldap.in/postinstall/install/etc/openldap/ldap.conf b/sources/ldap.in/postinstall/install/etc/openldap/ldap.conf deleted file mode 100644 index 0a7696a..0000000 --- a/sources/ldap.in/postinstall/install/etc/openldap/ldap.conf +++ /dev/null @@ -1,30 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -#BASE dc=example,dc=com -#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never - -# When no CA certificates are specified the Shared System Certificates -# are in use. In order to have these available along with the ones specified -# by TLS_CACERTDIR one has to include them explicitly: -#TLS_CACERT /etc/pki/tls/cert.pem - -# System-wide Crypto Policies provide up to date cipher suite which should -# be used unless one needs a finer grinded selection of ciphers. Hence, the -# PROFILE=SYSTEM value represents the default behavior which is in place -# when no explicit setting is used. (see openssl-ciphers(1) for more info) -#TLS_CIPHER_SUITE PROFILE=SYSTEM - -# Turning this off breaks GSSAPI used with krb5 when rdns = false -SASL_NOCANON on - -BASE dc=user,dc=hu -URI ldap://ldap.in.useribm.hu diff --git a/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.crt b/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.crt deleted file mode 100644 index 23e110a..0000000 --- a/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMjCCAhoCCQC4bVg+Y9rSOjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJI -VTERMA8GA1UEBwwIQnVkYXBlc3QxHjAcBgNVBAoMFVVTRVIgU3lzdGVtaG91c2Ug -THRkLjEZMBcGA1UEAwwQbGRhcC51c3IudXNlci5odTAeFw0xODEwMDEwOTU0MjJa -Fw0yODA5MjgwOTU0MjJaMFsxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVz -dDEeMBwGA1UECgwVVVNFUiBTeXN0ZW1ob3VzZSBMdGQuMRkwFwYDVQQDDBBsZGFw -LnVzci51c2VyLmh1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1g5 -LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZFjlZQlMZURlP3lBntSpz -7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPMw8hi2WD88/jVcigbdQL+ -jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/LDRW9rJzGrUwf1k0IYfnL -/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb38/aPKYVEP4vZavCW/G1 -B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt85httRF+rNOtHg6LqviH6 -ZKsbkjsALnyWj1FnwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADOaFtkRiO3pSn -5BGeWYIPu0iE0ADaZDjMIxd+7fQyMb8jx7S114ylWvdpmQAhUPqDgojW4xrSteR+ -fGIY2ai2ZBoVHgFqhDGcg/iAv/BeblspD81AdYy9/OGLkmNi2nvggmNQ5pEATqAO -CavZ6DIZp/i1Y2dxKvlnkKFo9jwpZVIqZdFYLsybq9xIcI5L942I0LVYL0Mgyhr0 -3VF1uwxva0apM7yl0KZ/MNcwsJU1s6ObnWyeybNwTnCKlyIStfhV3e3KJ5bHQLaI -snX6owJIAve99AmVw6aneGu27qlKYbuENYC06K+RuYrbYHRzrjbF5SGEHcLAhFVN -/Cb2K+qe ------END CERTIFICATE----- diff --git a/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.key b/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.key deleted file mode 100644 index 195323b..0000000 --- a/sources/ldap.in/postinstall/install/etc/pki/tls/certs/slapd.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAm1g5LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZ -FjlZQlMZURlP3lBntSpz7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPM -w8hi2WD88/jVcigbdQL+jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/L -DRW9rJzGrUwf1k0IYfnL/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb -38/aPKYVEP4vZavCW/G1B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt8 -5httRF+rNOtHg6LqviH6ZKsbkjsALnyWj1FnwQIDAQABAoIBABvNOUZLc/UW+uGx -frcg7n37O1UoSIKSvpquDtKbJ0xpqaI5t6Irl1bwalqCTjH6b+UTePXvNyhfkviL -NR22h3vtyF5Fj3h9o1uc/hzJgS0tNsFStsXfShmfawX65bBtjyRs6cPi6aDJYQLu -FSddRJvaD0osPDNbm5CXR8e6/SXR+zdDsdOTFnnM6KsNqw0SQgNVBoTHIHMGKU// -SprTYNgP5Jhib4kuUNa+iaNwv/I8BEzooRG+JXJezhtbUecM0poI1izyKhPTlFgx -KTJ0FmzpPtypOGWnPazt710wIUU/O4dODOKB/J6eF578QkHoOZ4Z0Ykes9p6RWMF -oPqb07ECgYEAzJKOf6fNWrWjzZksiP6NB5jvfEF3Fb3IyclH3z0cYLJ40DHYehp7 -Qs2/2BikPd4zsZHLCcp08gjlT8LsZQwYdJK4BsQ80xHVsiZY3Gfqm867EJJlnZ7b -Le1h0iCXmrkh9KeNHeWZdOpttJPo/5kvf9TdNL1dk3VHxXuVy9mBat0CgYEAwmWQ -Xh3egaIPYNdlPAeK8Q67CrQ0CKriwJMUeyMzU+IhbyRQgus5dWOnvdS0Jt8tT7dA -thrfWDQCaeSjsXW8vNdQxK9WMZoCYSI5gayu0WmlX9Vcgp1LSxuRkGpJvqdU4SlU -XGoP7NuIqxvDJ3TiWVV+1nufk74XLhlEKhuG6DUCgYAHQE6iwbzqsTOMLxjABl3T -Xh1nBx8Ee0SpumO8yvq9hrX3kzy8H0ItPQPG0iDIPJ8SdTuALlf02FHggOVGM6aO -Q0EYpE4PoTs05F0T+u769Nn2nWnSq3XTa+2iuBsHlfZZKLM80w2cck7PLsr8fF6N -pmrs2qV9e5O+sUG/BweqVQKBgFfvtaS9gj/F3YsDJMpI5zMwZK/s4HTjSHuwjN0/ -CSLy8gjitoDigzV1BRY8N9o1rruWu/Ekqs+th0H7qYjHJ7+M7v5qCmWZs2XZI4Zj -ZRlZ3vNBAv4axUqOiAR58C4MZ7sLBRxg5h9RF7u/bUJV/2ZF5ICFn6Qnozi5OTqL -BTXZAoGAS8bsX6GVqWd/FkBJCqFVbUQcbawQKy0ZVlEIPg06hPtxRcmNZt+dtOWT -6W/yoer/7oGGUoSHE1y6a5SX0vHOvtkToYy4zUjESaMsa9Wr/DoP9RDkCqUJijxY -zG3XPCj7maygTKSC77ao2bCyQqKYyjIU80CjmI8X8ybAQIkdgAo= ------END RSA PRIVATE KEY----- diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ldap.conf b/sources/ldap.in/postinstall/install/etc/ssh/ldap.conf deleted file mode 100644 index 30358af..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ldap.conf +++ /dev/null @@ -1,95 +0,0 @@ -# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $ -# -# This is the example configuration file for the OpenSSH -# LDAP backend -# -# see ssh-ldap.conf(5) -# - -# URI with your LDAP server name. This allows to use -# Unix Domain Sockets to connect to a local LDAP Server. -uri ldap://127.0.0.1/ -#uri ldaps://127.0.0.1/ -#uri ldapi://%2fvar%2frun%2fldapi_sock/ -# Note: %2f encodes the '/' used as directory separator - -# Another way to specify your LDAP server is to provide an -# host name and the port of our LDAP server. Host name -# must be resolvable without using LDAP. -# Multiple hosts may be specified, each separated by a -# space. How long nss_ldap takes to failover depends on -# whether your LDAP client library supports configurable -# network or connect timeouts (see bind_timelimit). -#host 127.0.0.1 - -# The port. -# Optional: default is 389. -#port 389 - -# The distinguished name to bind to the server with. -# Optional: default is to bind anonymously. -#binddn cn=openssh_keys,dc=example,dc=org - -# The credentials to bind with. -# Optional: default is no credential. -#bindpw TopSecret - -# The distinguished name of the search base. -#base dc=example,dc=org - -# The LDAP version to use (defaults to 3 -# if supported by client library) -#ldap_version 3 - -# The search scope. -#scope sub -#scope one -#scope base - -# Search timelimit -#timelimit 30 - -# Bind/connect timelimit -#bind_timelimit 30 - -# Reconnect policy: hard (default) will retry connecting to -# the software with exponential backoff, soft will fail -# immediately. -#bind_policy hard - -# SSL setup, may be implied by URI also. -ssl no -#ssl on -#ssl start_tls - -# OpenLDAP SSL options -# Require and verify server certificate (yes/no) -# Default is to use libldap's default behavior, which can be configured in -# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for -# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". -#tls_checkpeer hard - -# CA certificates for server certificate verification -# At least one of these are required if tls_checkpeer is "yes" -#tls_cacertfile /etc/ssl/ca.cert -#tls_cacertdir /etc/pki/tls/certs - -# Seed the PRNG if /dev/urandom is not provided -#tls_randfile /var/run/egd-pool - -# SSL cipher suite -# See man ciphers for syntax -#tls_ciphers TLSv1 - -# Client certificate and key -# Use these, if your server requires client authentication. -#tls_cert -#tls_key - -# OpenLDAP search_format -# format used to search for users in LDAP directory using substitution -# for %u for user name and %f for SSH_Filter option (optional, empty by default) -#search_format (&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f) - -#AccountClass posixAccount - diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key deleted file mode 100644 index 495ef44..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS -1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRNhyIFsn1XHUZl3cXseM3xVxjVTDL4 -wBFyEQELvVGAEGmxqhETsNPb0xzFGXstoNZkQeBO72huapDROPbs72JXAAAAoLbGMeS2xj -HkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXd -xex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYl -cAAAAhALkbjaiJrtAkV7WAjDoFzCcjYavVqLSDWyq549QfKliMAAAAAAECAwQFBgc= ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub deleted file mode 100644 index d1e2908..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXdxex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYlc= diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key deleted file mode 100644 index 5c432d4..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxwAAAIgiYFM1ImBT -NQAAAAtzc2gtZWQyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxw -AAAEDv3ANgLBg7Rq+8xAZZLTCknzJn4WtmPtyQ9aqJUqFJMQ+qL7znNNlRFw7TtkSQr/5Z -s8TSN6puzl7Mh5+uJsXHAAAAAAECAwQF ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub deleted file mode 100644 index c8ec98e..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key-cert.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILjtjMrHvSbyzjUu5OhxkAnSTtnDUo0J2qVnUJHq7OwfAAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXHAAAAAAAAAAAAAAACAAAAEmxkYXAuaW4udXNlcmlibS5odQAAABYAAAASbGRhcC5pbi51c2VyaWJtLmh1AAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgRdggjOtRLHz8FDr+22RKvmgTIHkXliDhunUM6SoM430AAABTAAAAC3NzaC1lZDI1NTE5AAAAQCwoXaZKKq1b0072iGhd0C+DAbpxuEnrGCYSQRjS3epMcdX8jsDgXfql0s0y+PX12leqzNvpjADJQRzznCBcXAM= ssh_host_ed25519_key.pub diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub deleted file mode 100644 index 139e2f2..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXH diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key deleted file mode 100644 index 9cf34b0..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn -NhAAAAAwEAAQAAAQEAl33xHJr1IacdKzig31rgBuKL4kfuvLmXPzHgftSlH0q1r0zMizAE -aPcXMRHZ5w/TVUegd3qk2tNVQcJSPoqTjOFC2+tTpYYO6uJ7i5iDvP5v2Akm0VlSL3zwdv -k/TYBwpp3qXtLz4TNhcCjFpup63QgPCVlhZj7WyES4fWstR56ePAyBGydWUkwz1d4pZo8G -ChrSflt3F9nHcfTkgoZPD5GMQnm521rpL+yeuyUOmkO0DTkh00CP8nm9rhXUN99uGlYxDM -+lMcNn/1PV/8/BYMzhgeI1qJz10yXwPKQb5fxXdk/6qa4I9AKzscTV23/QAwgmz4bSYlzz -ypYlt0enEQAAA7h06oRJdOqESQAAAAdzc2gtcnNhAAABAQCXffEcmvUhpx0rOKDfWuAG4o -viR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Ol -hg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRL -h9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6a -Q7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/ -qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cRAAAAAwEAAQAAAQA3Q7aF3PG4CSLW9Z2a -XaiEWnj1X5B0QLAwWZ2wJxrlw3dsL/QegrHZKOrI994qMNfDsJGVhKRHP/lGOAGQ1zTkm/ -isCblGFRW0ElNHpafJdniOsyf6Dz+wG0AN5vd06nouDkXFuedGLFxLclRIhBm2MI5rtrOV -fS8VeBxlhIfMLD2QGy6tZytksdqTIf8egAYv5QGn/LAYmjtiXfyWIGwN4LUKV6jeQUz9mk -P0UzY9VyOwXAthWE43MDM3zllzXF7Yw8vf2EJuOKLzXqbuKzNPAyNrOXMXYHMt2ZlJuy0b -JThk72tmR7aCiyKOsHxWPjwMad9hBvjV7Kg475UD+WkRAAAAgQCPim2W3nzD8i1mq89jr7 -VkQQWsmKmbeS/cufuHoJ23JqNyoO3dxfRT1GHupBYJXvjwQS9Dt/v2+GTVZa6Ldbx9T1Ew -COetJS1ZnrTUPbT6fesSuFZnCBDwGjx02bOcPbhDutTMDqCTPh8J45kIpw8U4UynWTIe9w -ZhObgUeKh2rQAAAIEAyJS2/z7CpwN7gtzRovSuaPFMtxBGlmkHDBa/AA9oCSleoXABMSiI -GE7Mfl6B3q+ryvLJMNj9ILSfPhBORMvO6RhKVV3qR0hUKuqFxy9p8e8e69N1QoYVgBsEtR -q+iij76B1cnwsV6wf4kxHKRHmivHATfKFPgZONmr4E9SST4ncAAACBAMFZHe0EdpReZGw4 -ARCyj6fvGLOu3ApM+PreNyVLXETNxvPIsqn1JTAPsMrX/82HKxD78c6nu1Ki0qJ7BuTEBQ -Rq6SiGjEEaW3skoppOK0md5cj7xNBY7eJFVbVAFmiudQaEbQlorf63jd0ErzIu0xKEi0Kg -l5RXrm5GsNIiwly3AAAAAAEC ------END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key.pub b/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key.pub deleted file mode 100644 index 7efa1e9..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXffEcmvUhpx0rOKDfWuAG4oviR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Olhg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRLh9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6aQ7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cR diff --git a/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf b/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf deleted file mode 100644 index 173b545..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-host-cert.conf +++ /dev/null @@ -1 +0,0 @@ -HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub diff --git a/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf b/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf deleted file mode 100644 index 115882b..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/sshd_config.d/99-user-CA.conf +++ /dev/null @@ -1 +0,0 @@ -TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys diff --git a/sources/ldap.in/postinstall/install/etc/ssh/trusted-user-ca.keys b/sources/ldap.in/postinstall/install/etc/ssh/trusted-user-ca.keys deleted file mode 100644 index 59a754e..0000000 --- a/sources/ldap.in/postinstall/install/etc/ssh/trusted-user-ca.keys +++ /dev/null @@ -1,2 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdSgSmeOIwnP90z5zXAK1x5jMpg4PU5iOVxJeTbndC7 user-CA (qqcs) -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcf/XXU8dNVtbveGmwbdnRJfYIItzxKmgRkzlp0k6r5 user-CA (user) diff --git a/sources/ldap.in/postinstall/install/etc/sssd/sssd.conf b/sources/ldap.in/postinstall/install/etc/sssd/sssd.conf deleted file mode 100644 index 6f40aa8..0000000 --- a/sources/ldap.in/postinstall/install/etc/sssd/sssd.conf +++ /dev/null @@ -1,18 +0,0 @@ -[domain/default] -id_provider = ldap -autofs_provider = ldap -auth_provider = ldap -chpass_provider = ldap -ldap_uri = ldap://ldap.usr.user.hu/ -ldap_search_base = dc=user,dc=hu -ldap_id_use_start_tls = True -ldap_tls_cacertdir = /etc/openldap/certs -cache_credentials = True -ldap_tls_reqcert = allow - -[sssd] -services = nss, pam, autofs -domains = default - -[nss] -homedir_substring = /home diff --git a/sources/ldap.in/postinstall/install/root/backupldapdb.sh b/sources/ldap.in/postinstall/install/root/backupldapdb.sh deleted file mode 100755 index 0e05fce..0000000 --- a/sources/ldap.in/postinstall/install/root/backupldapdb.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - - -systemctl stop slapd.service -slapcat -n 2 >/tmp/data.ldif -systemctl start slapd.service diff --git a/sources/ldap.in/postinstall/install/var/lib/ldap/DB_CONFIG b/sources/ldap.in/postinstall/install/var/lib/ldap/DB_CONFIG deleted file mode 100644 index d0f2c68..0000000 --- a/sources/ldap.in/postinstall/install/var/lib/ldap/DB_CONFIG +++ /dev/null @@ -1,28 +0,0 @@ -# $OpenLDAP$ -# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. -# -# See the Oracle Berkeley DB documentation -# -# for detail description of DB_CONFIG syntax and semantics. -# -# Hints can also be found in the OpenLDAP Software FAQ -# -# in particular: -# - -# Note: most DB_CONFIG settings will take effect only upon rebuilding -# the DB environment. - -# one 0.25 GB cache -set_cachesize 0 268435456 1 - -# Data Directory -#set_data_dir db - -# Transaction Log settings -set_lg_regionmax 262144 -set_lg_bsize 2097152 -#set_lg_dir logs - -# Note: special DB_CONFIG flags are no longer needed for "quick" -# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/sources/ldap.in/postinstall/run.list b/sources/ldap.in/postinstall/run.list deleted file mode 100644 index 07e3d36..0000000 --- a/sources/ldap.in/postinstall/run.list +++ /dev/null @@ -1 +0,0 @@ -ldap.in.useribm.hu root /root/backupldapdb.sh diff --git a/sources/svc.in/config b/sources/svc.in/config deleted file mode 100644 index 5b1e014..0000000 --- a/sources/svc.in/config +++ /dev/null @@ -1,21 +0,0 @@ -lxc.include = /usr/share/lxc/config/common.conf - -lxc.arch = x86_64 -lxc.uts.name = svc.in.useribm.hu -lxc.rootfs.path = __CONTAINER_PATH__/rootfs -lxc.mount.auto = proc:rw sys:ro - -lxc.net.0.type = veth -lxc.net.0.flags = up -lxc.net.0.link = bri-dev -lxc.net.0.hwaddr = 02:0c:18:03:6d:fd - -lxc.autodev = 1 - -lxc.cgroup2.devices.allow = a - -lxc.signal.halt = SIGRTMIN+4 - -lxc.start.auto = 1 -lxc.start.order = __CONTAINER_START_ORDER__ -lxc.start.delay = 5 diff --git a/sources/svc.in/envvars b/sources/svc.in/envvars deleted file mode 100644 index c521c31..0000000 --- a/sources/svc.in/envvars +++ /dev/null @@ -1,5 +0,0 @@ -DISTRIBUTION=Fedora -DISTRIBUTION_VERSION=35 -ROOT_PACKAGES="hostname initscripts iproute rootfiles systemd-udev" -BASE_PACKAGES="NetworkManager iputils logrotate rsyslog tar vim-minimal" -SPEC_PACKAGES="bind bind-utils dhcp-server postfix python3 python3-dbus" diff --git a/sources/svc.in/firstboot/01_setupnetworking.sh b/sources/svc.in/firstboot/01_setupnetworking.sh deleted file mode 100755 index 86112d2..0000000 --- a/sources/svc.in/firstboot/01_setupnetworking.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active NetworkManager.service -NM_RC=$? -WAITED=0 -while [ $NM_RC -ne 0 ] -do - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active NetworkManager.service - NM_RC=$? -done -[ $WAITED -eq 1 ] && echo - -CONNECTIONS=$(nmcli --terse connection show | wc -l) -while [ $CONNECTIONS -ne 1 ] -do - echo "Number of connections: $CONNECTIONS" >&2 - sleep 1 - CONNECTIONS=$(nmcli --terse connection show | wc -l) -done - -nmcli --terse connection show | grep ':$' >/dev/null -ALL_CONNECTION_DEVICES_KNOWN=$? -while [ $ALL_CONNECTION_DEVICES_KNOWN -eq 0 ] -do - echo "Not all connection devices are known yet" >&2 - sleep 1 - nmcli --terse connection show | grep ':$' >/dev/null - ALL_CONNECTION_DEVICES_KNOWN=$? -done - -CONNECTION_LINE=$(nmcli --terse connection show) -CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':') -CONNECTION_DEVICE=$(echo $CONNECTION_LINE | cut -f 4 -d ':') - -nmcli connection delete uuid "$CONNECTION_UUID" - -nmcli connection add \ - connection.autoconnect yes \ - connection.id internal \ - connection.interface-name $CONNECTION_DEVICE \ - connection.type 802-3-ethernet \ - ipv4.addresses "10.228.109.253/16" \ - ipv4.dns "10.228.109.159, 10.228.92.159" \ - ipv4.dns-search "in.useribm.hu" \ - ipv4.gateway "10.228.109.254" \ - ipv4.method "manual" \ - ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6dfd/64" \ - ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d9f, 2a02:d400:0000:f268:000c:18ff:fe03:5c9f" \ - ipv6.dns-search "in.useribm.hu" \ - ipv6.gateway "2a02:d400:0000:f268:000c:18ff:fe03:6dfe" \ - ipv6.method "manual" \ - save yes - -nmcli connection show diff --git a/sources/svc.in/firstboot/02_settimezone.sh b/sources/svc.in/firstboot/02_settimezone.sh deleted file mode 100755 index 20b2a71..0000000 --- a/sources/svc.in/firstboot/02_settimezone.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - - -sleep 1 -systemctl --quiet is-active dbus.service -DBUS_RC=$? -WAITED=0 -while [ $DBUS_RC -ne 0 ] -do - if [ $WAITED -eq 0 ] - then - echo -n "Waiting for dbus.service" - fi - echo -n . - sleep 1 - WAITED=1 - systemctl --quiet is-active dbus.service - DBUS_RC=$? -done -[ $WAITED -ne 0 ] && echo -timedatectl set-timezone Europe/Budapest diff --git a/sources/svc.in/firstboot/03_setupldap.sh b/sources/svc.in/firstboot/03_setupldap.sh deleted file mode 100755 index 415d6db..0000000 --- a/sources/svc.in/firstboot/03_setupldap.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - - -exit 0 -authselect select sssd with-mkhomedir --force - -cat >>/etc/openldap/ldap.conf <Firstname.Lastname mapping. - -# ADDRESS REDIRECTION (VIRTUAL DOMAIN) -# -# The VIRTUAL_README document gives information about the many forms -# of domain hosting that Postfix supports. - -# "USER HAS MOVED" BOUNCE MESSAGES -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# TRANSPORT MAP -# -# See the discussion in the ADDRESS_REWRITING_README document. - -# ALIAS DATABASE -# -# The alias_maps parameter specifies the list of alias databases used -# by the local delivery agent. The default list is system dependent. -# -# On systems with NIS, the default is to search the local alias -# database, then the NIS alias database. See aliases(5) for syntax -# details. -# -# If you change the alias database, run "postalias /etc/aliases" (or -# wherever your system stores the mail alias file), or simply run -# "newaliases" to build the necessary DBM or DB file. -# -# It will take a minute or so before changes become visible. Use -# "postfix reload" to eliminate the delay. -# -#alias_maps = dbm:/etc/aliases -alias_maps = hash:/etc/aliases -#alias_maps = hash:/etc/aliases, nis:mail.aliases -#alias_maps = netinfo:/aliases - -# The alias_database parameter specifies the alias database(s) that -# are built with "newaliases" or "sendmail -bi". This is a separate -# configuration parameter, because alias_maps (see above) may specify -# tables that are not necessarily all under control by Postfix. -# -#alias_database = dbm:/etc/aliases -#alias_database = dbm:/etc/mail/aliases -alias_database = hash:/etc/aliases -#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases - -# ADDRESS EXTENSIONS (e.g., user+foo) -# -# The recipient_delimiter parameter specifies the separator between -# user names and address extensions (user+foo). See canonical(5), -# local(8), relocated(5) and virtual(5) for the effects this has on -# aliases, canonical, virtual, relocated and .forward file lookups. -# Basically, the software tries user+foo and .forward+foo before -# trying user and .forward. -# -#recipient_delimiter = + - -# DELIVERY TO MAILBOX -# -# The home_mailbox parameter specifies the optional pathname of a -# mailbox file relative to a user's home directory. The default -# mailbox file is /var/spool/mail/user or /var/mail/user. Specify -# "Maildir/" for qmail-style delivery (the / is required). -# -#home_mailbox = Mailbox -#home_mailbox = Maildir/ - -# The mail_spool_directory parameter specifies the directory where -# UNIX-style mailboxes are kept. The default setting depends on the -# system type. -# -#mail_spool_directory = /var/mail -#mail_spool_directory = /var/spool/mail - -# The mailbox_command parameter specifies the optional external -# command to use instead of mailbox delivery. The command is run as -# the recipient with proper HOME, SHELL and LOGNAME environment settings. -# Exception: delivery for root is done as $default_user. -# -# Other environment variables of interest: USER (recipient username), -# EXTENSION (address extension), DOMAIN (domain part of address), -# and LOCAL (the address localpart). -# -# Unlike other Postfix configuration parameters, the mailbox_command -# parameter is not subjected to $parameter substitutions. This is to -# make it easier to specify shell syntax (see example below). -# -# Avoid shell meta characters because they will force Postfix to run -# an expensive shell process. Procmail alone is expensive enough. -# -# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN -# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. -# -#mailbox_command = /some/where/procmail -#mailbox_command = /some/where/procmail -a "$EXTENSION" - -# The mailbox_transport specifies the optional transport in master.cf -# to use after processing aliases and .forward files. This parameter -# has precedence over the mailbox_command, fallback_transport and -# luser_relay parameters. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" -# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. -#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp - -# If using the cyrus-imapd IMAP server deliver local mail to the IMAP -# server using LMTP (Local Mail Transport Protocol), this is prefered -# over the older cyrus deliver program by setting the -# mailbox_transport as below: -# -# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp -# -# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via -# these settings. -# -# local_destination_recipient_limit = 300 -# local_destination_concurrency_limit = 5 -# -# Of course you should adjust these settings as appropriate for the -# capacity of the hardware you are using. The recipient limit setting -# can be used to take advantage of the single instance message store -# capability of Cyrus. The concurrency limit can be used to control -# how many simultaneous LMTP sessions will be permitted to the Cyrus -# message store. -# -# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and -# subsequent line in master.cf. -#mailbox_transport = cyrus - -# The fallback_transport specifies the optional transport in master.cf -# to use for recipients that are not found in the UNIX passwd database. -# This parameter has precedence over the luser_relay parameter. -# -# Specify a string of the form transport:nexthop, where transport is -# the name of a mail delivery transport defined in master.cf. The -# :nexthop part is optional. For more details see the sample transport -# configuration file. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must update the "local_recipient_maps" setting in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp -#fallback_transport = - -# The luser_relay parameter specifies an optional destination address -# for unknown recipients. By default, mail for unknown@$mydestination, -# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned -# as undeliverable. -# -# The following expansions are done on luser_relay: $user (recipient -# username), $shell (recipient shell), $home (recipient home directory), -# $recipient (full recipient address), $extension (recipient address -# extension), $domain (recipient domain), $local (entire recipient -# localpart), $recipient_delimiter. Specify ${name?value} or -# ${name:value} to expand value only when $name does (does not) exist. -# -# luser_relay works only for the default Postfix local delivery agent. -# -# NOTE: if you use this feature for accounts not in the UNIX password -# file, then you must specify "local_recipient_maps =" (i.e. empty) in -# the main.cf file, otherwise the SMTP server will reject mail for -# non-UNIX accounts with "User unknown in local recipient table". -# -#luser_relay = $user@other.host -#luser_relay = $local@other.host -#luser_relay = admin+$local - -# JUNK MAIL CONTROLS -# -# The controls listed here are only a very small subset. The file -# SMTPD_ACCESS_README provides an overview. - -# The header_checks parameter specifies an optional table with patterns -# that each logical message header is matched against, including -# headers that span multiple physical lines. -# -# By default, these patterns also apply to MIME headers and to the -# headers of attached messages. With older Postfix versions, MIME and -# attached message headers were treated as body text. -# -# For details, see "man header_checks". -# -#header_checks = regexp:/etc/postfix/header_checks - -# FAST ETRN SERVICE -# -# Postfix maintains per-destination logfiles with information about -# deferred mail, so that mail can be flushed quickly with the SMTP -# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". -# See the ETRN_README document for a detailed description. -# -# The fast_flush_domains parameter controls what destinations are -# eligible for this service. By default, they are all domains that -# this server is willing to relay mail to. -# -#fast_flush_domains = $relay_domains - -# SHOW SOFTWARE VERSION OR NOT -# -# The smtpd_banner parameter specifies the text that follows the 220 -# code in the SMTP server's greeting banner. Some people like to see -# the mail version advertised. By default, Postfix shows no version. -# -# You MUST specify $myhostname at the start of the text. That is an -# RFC requirement. Postfix itself does not care. -# -#smtpd_banner = $myhostname ESMTP $mail_name -#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) - -# PARALLEL DELIVERY TO THE SAME DESTINATION -# -# How many parallel deliveries to the same user or domain? With local -# delivery, it does not make sense to do massively parallel delivery -# to the same user, because mailbox updates must happen sequentially, -# and expensive pipelines in .forward files can cause disasters when -# too many are run at the same time. With SMTP deliveries, 10 -# simultaneous connections to the same domain could be sufficient to -# raise eyebrows. -# -# Each message delivery transport has its XXX_destination_concurrency_limit -# parameter. The default is $default_destination_concurrency_limit for -# most delivery transports. For the local delivery agent the default is 2. - -#local_destination_concurrency_limit = 2 -#default_destination_concurrency_limit = 20 - -# DEBUGGING CONTROL -# -# The debug_peer_level parameter specifies the increment in verbose -# logging level when an SMTP client or server host name or address -# matches a pattern in the debug_peer_list parameter. -# -debug_peer_level = 2 - -# The debug_peer_list parameter specifies an optional list of domain -# or network patterns, /file/name patterns or type:name tables. When -# an SMTP client or server host name or address matches a pattern, -# increase the verbose logging level by the amount specified in the -# debug_peer_level parameter. -# -#debug_peer_list = 127.0.0.1 -#debug_peer_list = some.domain - -# The debugger_command specifies the external command that is executed -# when a Postfix daemon program is run with the -D option. -# -# Use "command .. & sleep 5" so that the debugger can attach before -# the process marches on. If you use an X-based debugger, be sure to -# set up your XAUTHORITY environment variable before starting Postfix. -# -debugger_command = - PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin - ddd $daemon_directory/$process_name $process_id & sleep 5 - -# If you can't use X, use this to capture the call stack when a -# daemon crashes. The result is in a file in the configuration -# directory, and is named after the process name and the process ID. -# -# debugger_command = -# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; -# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 -# >$config_directory/$process_name.$process_id.log & sleep 5 -# -# Another possibility is to run gdb under a detached screen session. -# To attach to the screen sesssion, su root and run "screen -r -# " where uniquely matches one of the detached -# sessions (from "screen -list"). -# -# debugger_command = -# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen -# -dmS $process_name gdb $daemon_directory/$process_name -# $process_id & sleep 1 - -# INSTALL-TIME CONFIGURATION INFORMATION -# -# The following parameters are used when installing a new Postfix version. -# -# sendmail_path: The full pathname of the Postfix sendmail command. -# This is the Sendmail-compatible mail posting interface. -# -sendmail_path = /usr/sbin/sendmail.postfix - -# newaliases_path: The full pathname of the Postfix newaliases command. -# This is the Sendmail-compatible command to build alias databases. -# -newaliases_path = /usr/bin/newaliases.postfix - -# mailq_path: The full pathname of the Postfix mailq command. This -# is the Sendmail-compatible mail queue listing command. -# -mailq_path = /usr/bin/mailq.postfix - -# setgid_group: The group for mail submission and queue management -# commands. This must be a group name with a numerical group ID that -# is not shared with other accounts, not even with the Postfix account. -# -setgid_group = postdrop - -# html_directory: The location of the Postfix HTML documentation. -# -html_directory = no - -# manpage_directory: The location of the Postfix on-line manual pages. -# -manpage_directory = /usr/share/man - -# sample_directory: The location of the Postfix sample configuration files. -# This parameter is obsolete as of Postfix 2.1. -# -sample_directory = /usr/share/doc/postfix/samples - -# readme_directory: The location of the Postfix README files. -# -readme_directory = /usr/share/doc/postfix/README_FILES -meta_directory = /etc/postfix -shlib_directory = /usr/lib64/postfix - -message_size_limit = 67108864 -- 2.54.0