Add initial configuration and instructions

2016-02-23 22:05:00 -05:00 · 2016-02-23 22:05:00 -05:00 · eaa66d6d5e
commit eaa66d6d5e
13 changed files with 249 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,51 @@
 # Base Config
 Note: The Mail Server requires SSL certificates 
 ## Web Server
 ### Package Requirements (FIXME: other php packages)
 nginx, php, php-fpm, mariadb, bower, gulp, letsencrypt
 ### Folders (FIXME: add php folder and configs)
 nginx, php, systemd
 ### Setup Instructions (FIXME: add mysql setup instructions)
 1. Install the packages in the `Package Requirements` above
 2. Copy the folders above that aren't already configured to their equivalent location in `/etc`
 3. In `/etc/nginx/sites-available/REPLACEME.TLD.conf` and `/etc/systemd/system/letsencrypt.service`, replace instances of `REPLACEME.TLD` with the FQDN
 4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN
 5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN)
 6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN)
 7. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors
 8. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the web services at boot
 9. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates
 10. Run `systemctl enable letsencrypt.timer` to enable the auto-renewal process
 ## Mail Server
 ### Package Requirements
 dovecot, postfix, procmail
 ### Folders
 dovecot, pam.d, postfix, procmailrc, skel, systemd
 ### Setup Instructions
 1. Install the packages in the `Package Requirements` above
 2. Copy the folders above that aren't already configured to their equivalent location in `/etc`
 3. In `/etc/dovecot/dovecot.conf` and `/etc/postfix/main.cf`, replace instances of `REPLACEME.TLD` with the FQDN
 4. In `/etc/postfix/aliases`, replace the instance of `REPLACEME` with the user that should receive domain-level emails
 5. Run `newaliases` to update the aliases database with the contents of `/etc/postfix/aliases`
 6. Run `systemctl start postfix dovecot` to start the mail services and `systemctl status postfix` and `systemctl status dovecot` to check for errors
 7. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the mail services at boot
 ### Add Accounts
 1. Create an account by running `useradd -m -d /home/REPLACEME -s /bin/bash REPLACEME` (replacing `REPLACEME` with the username associated with the mail account)
 2. Set the password by running `passwd REPLACEME` (replacing `REPLACEME` with the username associated with the mail account)
--- a/dovecot/dovecot.conf
+++ b/dovecot/dovecot.conf
@ -0,0 +1,48 @@
 protocols = imap pop3
 listen = *
 base_dir = /var/run/dovecot/
 auth_mechanisms = plain login
 log_path = syslog
 log_timestamp = "%b %d %H:%M:%S "
 mail_location = maildir:~/Mail
 default_login_user = dovenull
 default_internal_user = dovecot
 disable_plaintext_auth = yes
 ssl = required
 ssl_cert = </etc/letsencrypt/live/REPLACEME.TLD/fullchain.pem
 ssl_key = </etc/letsencrypt/live/REPLACEME.TLD/privkey.pem
 passdb {
    driver = pam
    args = session=yes dovecot
 }
 userdb {
    driver = passwd
 }
 service pop3-login {
    inet_listener pop3s {
        port = 995
        ssl = yes
    }
 }
 service imap-login {
    inet_listener imaps {
        port = 993
        ssl = yes
    }
 }
 service auth {
    unix_listener /var/spool/postfix/private/auth {
        user = postfix
        group = postfix
        mode = 0660
    }
    user = root
 }
 !include_try conf.d/*.conf
--- a/1
+++ b/1
@ -0,0 +1 @@
 Subproject commit 23f8ec7ad5e8cb53143241cf39837eaddac08046
--- a/pam.d/dovecot
+++ b/pam.d/dovecot
@ -0,0 +1,2 @@
 auth    required pam_unix.so nullok
 account required pam_unix.so
--- a/postfix/aliases
+++ b/postfix/aliases
@ -0,0 +1,33 @@
 #
 #   >>>>>>>>>>   The program "newaliases" must be run after
 #   >> NOTE >>   this file is updated for any changes to
 #   >>>>>>>>>>   show through to Postfix.
 #
 # Person who should get root's mail. Don't receive mail as root!
 root:          REPLACEME
 # Basic system aliases -- these MUST be present
 MAILER-DAEMON: postmaster
 postmaster:    root
 # General redirections for pseudo accounts
 bin:           root
 daemon:        root
 named:         root
 nobody:        root
 uucp:          root
 www:           root
 ftp-bugs:      root
 postfix:       root
 # Put your local aliases here.
 # Well-known aliases
 manager:       root
 dumper:        root
 operator:      root
 abuse:         postmaster
 # trap decode to catch security attacks
 decode:        root
--- a/postfix/main.cf
+++ b/postfix/main.cf
@ -0,0 +1,43 @@
 myhostname = mail.REPLACEME.TLD
 compatibility_level = 2
 mail_owner = postfix
 setgid_group = postdrop
 myorigin = $mydomain
 inet_interfaces = all
 inet_protocols = ipv4
 mydestination = localhost, $mydomain, $myhostname
 relay_domains = $mydestination
 unknown_local_recipient_reject_code = 450
 mynetworks_style = host
 alias_database = $alias_maps
 home_mailbox = Mail/
 smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 alias_maps = hash:/etc/postfix/aliases
 queue_directory = /var/spool/postfix
 command_directory = /usr/bin
 daemon_directory = /usr/lib/postfix/bin
 data_directory = /var/lib/postfix
 manpage_directory = /usr/share/man
 readme_directory = /usr/share/doc/postfix
 meta_directory = /etc/postfix
 shlib_directory = /usr/lib/postfix
 sendmail_path = /usr/bin/sendmail
 newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
 mailbox_command = /usr/bin/procmail
 html_directory = no
 smtpd_tls_loglevel = 1
 smtpd_use_tls = yes
 smtpd_tls_protocols = !SSLv2, !SSLv3
 smtpd_tls_ciphers = high
 smtpd_tls_cert_file = /etc/letsencrypt/live/$mydomain/fullchain.pem
 smtpd_tls_key_file = /etc/letsencrypt/live/$mydomain/privkey.pem
 smtpd_tls_security_level = encrypt
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = /var/spool/postfix/private/auth
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
 smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks
--- a/postfix/master.cf
+++ b/postfix/master.cf
@ -0,0 +1,30 @@
 # ==========================================================================
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 smtp      inet  n       -       n       -       -       smtpd
 587       inet  n       -       n       -       -       smtpd
 pickup    unix  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 tlsmgr    unix  -       -       n       1000?   1       tlsmgr
 rewrite   unix  -       -       n       -       -       trivial-rewrite
 bounce    unix  -       -       n       -       0       bounce
 defer     unix  -       -       n       -       0       bounce
 trace     unix  -       -       n       -       0       bounce
 verify    unix  -       -       n       -       1       verify
 flush     unix  n       -       n       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
 smtp      unix  -       -       n       -       -       smtp
 relay     unix  -       -       n       -       -       smtp
 showq     unix  n       -       n       -       -       showq
 error     unix  -       -       n       -       -       error
 retry     unix  -       -       n       -       -       error
 discard   unix  -       -       n       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
--- a/15
+++ b/15
@ -0,0 +1,15 @@
 VERBOSE=off
 PMDIR=$HOME/Mail/.procmail
 MAILDIR=$HOME/Mail/
 INBOX=$MAILDIR
 LOGFILE=$PMDIR/log
 DROPPRIVS=yes
 ################ aliases ################
 #:0
 #* ^TO.*your_login_name@your.domain.*
 #! your_logname@other.domain
 # Add everything to the inbox
 :0
 $INBOX
--- a/skel/.bash_logout
+++ b/skel/.bash_logout
@ -0,0 +1,3 @@
 #
 # ~/.bash_logout
 #
--- a/skel/.bash_profile
+++ b/skel/.bash_profile
@ -0,0 +1,5 @@
 #
 # ~/.bash_profile
 #
 [[ -f ~/.bashrc ]] && . ~/.bashrc
--- a/skel/.bashrc
+++ b/skel/.bashrc
@ -0,0 +1,3 @@
 #
 # ~/.bashrc
 #
--- a/systemd/system/letsencrypt.service
+++ b/systemd/system/letsencrypt.service
@ -0,0 +1,6 @@
 [Unit]
 Description=Letsencrypt manual renewal
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/letsencrypt certonly --agree-tos --renew-by-default --email nickogris@gmail.com --webroot -w /srv/http/REPLACEME.TLD/public -d REPLACEME.TLD,mail.REPLACEME.tld
--- a/systemd/system/letsencrypt.timer
+++ b/systemd/system/letsencrypt.timer
@ -0,0 +1,9 @@
 [Unit]
 Description=Monthly renewal on letsencrypt's certificates
 [Timer]
 OnCalendar=monthly
 Persistent=true
 [Install]
 WantedBy=timers.target
		`@ -0,0 +1 @@`
							`Subproject commit 23f8ec7ad5e8cb53143241cf39837eaddac08046`
		`@ -0,0 +1,2 @@`
							`auth required pam_unix.so nullok`
							`account required pam_unix.so`