summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
authorroot@culturestrings <root@culturestrings>2020-08-29 00:17:21 +0000
committerroot@culturestrings <root@culturestrings>2020-08-29 00:17:21 +0000
commit72d73f05769ff86b80a8da71e275ac8174a328dc (patch)
tree9ff074bb995c826976452bfba257e2013c5d1c33 /public
parent2212c085c96f20716dc3bcd3e4efd789e551bc72 (diff)
downloadculturestrings-72d73f05769ff86b80a8da71e275ac8174a328dc.tar.bz2
culturestrings-72d73f05769ff86b80a8da71e275ac8174a328dc.tar.xz
dovecot: initial configuration (imap only, require client certificate).
Diffstat (limited to 'public')
-rw-r--r--public/fs/etc/dovecot/conf.d/10-auth.conf19
-rw-r--r--public/fs/etc/dovecot/conf.d/10-ssl.conf6
-rwxr-xr-xpublic/fs/etc/dovecot/dovecot-conf.sh13
-rw-r--r--public/fs/etc/dovecot/dovecot.conf.in7
4 files changed, 45 insertions, 0 deletions
diff --git a/public/fs/etc/dovecot/conf.d/10-auth.conf b/public/fs/etc/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..73d15c4
--- /dev/null
+++ b/public/fs/etc/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,19 @@
+auth_debug = yes
+auth_debug_passwords = yes
+
+auth_ssl_require_client_cert = yes
+auth_ssl_username_from_cert = yes
+
+auth_mechanisms = plain external
+
+passdb {
+ driver = passwd-file
+ args = scheme=PLAIN username_format=%u /etc/dovecot/users
+ mechanisms = plain external
+ override_fields = nopassword
+}
+
+userdb {
+ driver = passwd-file
+ args = /etc/passwd
+}
diff --git a/public/fs/etc/dovecot/conf.d/10-ssl.conf b/public/fs/etc/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 0000000..ae9669b
--- /dev/null
+++ b/public/fs/etc/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,6 @@
+ssl_ca = </etc/dovecot/ssl/ca.pem
+ssl_cert = </etc/dovecot/ssl/fullchain.pem
+ssl_key = </etc/dovecot/ssl/privkey.pem
+
+ssl_require_crl = yes
+ssl_verify_client_cert = yes
diff --git a/public/fs/etc/dovecot/dovecot-conf.sh b/public/fs/etc/dovecot/dovecot-conf.sh
new file mode 100755
index 0000000..c0d6366
--- /dev/null
+++ b/public/fs/etc/dovecot/dovecot-conf.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+sitezone="$1"
+
+cfg_script="$0"
+cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
+
+source /root/config/private/config/hostinfo/${sitezone}
+
+sed -e 's/@imaphost@/'"${imaphost}"'/g' \
+ "${cfg_srcdir}/dovecot.conf.in"
diff --git a/public/fs/etc/dovecot/dovecot.conf.in b/public/fs/etc/dovecot/dovecot.conf.in
new file mode 100644
index 0000000..6526c58
--- /dev/null
+++ b/public/fs/etc/dovecot/dovecot.conf.in
@@ -0,0 +1,7 @@
+hostname = @imaphost@
+protocols = imap
+
+ssl = required
+verbose_ssl = yes
+
+!include conf.d/*.conf