[D-community-commits] r46 - in trunk/fai-config-dir: class doc files files/etc files/etc/postfix files/etc/postfix/main.cf package_config scripts scripts/DEFAULT scripts/MAILSERVER

Fri Mar 23 09:53:51 CET 2007

Author: h01ger-guest
Date: 2007-03-23 08:53:51 +0000 (Fri, 23 Mar 2007)
New Revision: 46

Added:
   trunk/fai-config-dir/files/etc/
   trunk/fai-config-dir/files/etc/postfix/
   trunk/fai-config-dir/files/etc/postfix/main.cf/
   trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER
   trunk/fai-config-dir/package_config/FIREWALL
   trunk/fai-config-dir/scripts/DEFAULT/30-munin-node
   trunk/fai-config-dir/scripts/DEFAULT/31-munin-node
   trunk/fai-config-dir/scripts/MAILSERVER/
   trunk/fai-config-dir/scripts/MAILSERVER/10-postfix
   trunk/fai-config-dir/scripts/MAILSERVER/20-postgrey
   trunk/fai-config-dir/scripts/MAILSERVER/40-munin-node
Modified:
   trunk/fai-config-dir/class/50-host-classes
   trunk/fai-config-dir/doc/manual_adminwork.txt
   trunk/fai-config-dir/doc/todo
   trunk/fai-config-dir/package_config/DEFAULT
   trunk/fai-config-dir/package_config/MAILSERVER
Log:
- setup + configure munin 
- setup + prepare mail
- setup logwatch, cron-apt
- prepare shorewall


Modified: trunk/fai-config-dir/class/50-host-classes
===================================================================

--- trunk/fai-config-dir/class/50-host-classes	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/class/50-host-classes	2007-03-23 08:53:51 UTC (rev 46)
@@ -5,7 +5,7 @@
 # use a list of classes for our demo machine
 case $HOSTNAME in
     bikeshed)
-	echo "IKIWIKI MAILSERVER" ;;
+	echo "FIREWALL MAILSERVER IKIWIKI" ;;
     *)
 	echo "DEFAULT" ;;
 esac

Modified: trunk/fai-config-dir/doc/manual_adminwork.txt
===================================================================
--- trunk/fai-config-dir/doc/manual_adminwork.txt	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/doc/manual_adminwork.txt	2007-03-23 08:53:51 UTC (rev 46)
@@ -14,11 +14,8 @@
 
 4. the following steps were done manually, some should still go into fai:
 
-tzconfig
+tzconfig	# to UTC
 aptitude install fai-client subversion
-vi /etc/munin/munin-node.conf
-cd /etc/munin/plugins/                                                                      
-rm exim_mailqueue exim_mailstats irqstats      
 echo 'FAI_CONFIG_SRC="svn://svn.debian.org/svn/d-community/trunk/fai-config-dir"' >> /etc/fai/fai.conf
 mkdir /var/lib/fai/config
 #fixed #415875 in /usr/lib/fai/get-config-dir-svn

Modified: trunk/fai-config-dir/doc/todo
===================================================================
--- trunk/fai-config-dir/doc/todo	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/doc/todo	2007-03-23 08:53:51 UTC (rev 46)
@@ -1,9 +1,9 @@
-setup postfix
-setup munin with fai
+finish postfix config
+configure shorewall
 setup timezone with fai
 document fai-setup a bit better
 setup logwatch
 setup sudo+sudoers
 setup ikiwiki
 get rid of apt's pdiff 
-
+setup backup

Added: trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/files/etc/postfix/main.cf/MAILSERVER	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,67 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = bikeshed.debian-community.org
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = bikeshed.debian-community.org, localhost
+relayhost = 
+mynetworks = 127.0.0.0/8
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+smtpd_sender_restrictions =
+        permit_mynetworks
+        check_client_access hash:/var/lib/pop-before-smtp/hosts
+        reject_unauth_destination
+        reject_unknown_sender_domain
+        reject_rbl_client
+        reject_unknown_client
+        reject_unknown_sender_domain
+        reject_non_fqdn_sender
+
+smtpd_recipient_restrictions =
+        permit_mynetworks
+        check_client_access hash:/var/lib/pop-before-smtp/hosts
+        reject_unknown_sender_domain
+        reject_unknown_recipient_domain
+        reject_unauth_pipelining
+        reject_non_fqdn_sender
+        reject_unauth_destination
+        check_policy_service inet:212.12.48.56:60000
+
+
+smtpd_data_restrictions =
+        reject_unauth_pipelining
+
+maps_rbl_domains = relays.ordb.org
+
+access_map_reject_code = 550
+

Modified: trunk/fai-config-dir/package_config/DEFAULT
===================================================================
--- trunk/fai-config-dir/package_config/DEFAULT	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/package_config/DEFAULT	2007-03-23 08:53:51 UTC (rev 46)
@@ -1,6 +1,6 @@
 PACKAGES aptitude 
 sl vim screen ccze
-apt-listchanges logwatch
+cron-apt apt-listchanges logwatch
 ntpdate munin-node 
 
 PACKAGES remove

Added: trunk/fai-config-dir/package_config/FIREWALL
===================================================================
--- trunk/fai-config-dir/package_config/FIREWALL	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/package_config/FIREWALL	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,3 @@
+PACKAGES aptitude 
+shorewall
+

Modified: trunk/fai-config-dir/package_config/MAILSERVER
===================================================================
--- trunk/fai-config-dir/package_config/MAILSERVER	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/package_config/MAILSERVER	2007-03-23 08:53:51 UTC (rev 46)
@@ -1,3 +1,4 @@
 PACKAGES aptitude 
-postfix
+postfix postfix-tls postfix-doc postgrey
+pop-before-smtp ca-certificates
 

Added: trunk/fai-config-dir/scripts/DEFAULT/30-munin-node
===================================================================
--- trunk/fai-config-dir/scripts/DEFAULT/30-munin-node	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/scripts/DEFAULT/30-munin-node	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,16 @@
+#! /usr/sbin/cfagent -f
+
+control:
+   any::
+   actionsequence = ( files directories editfiles )
+   EditFileSize = ( 30000 )
+
+files:
+   any::
+
+editfiles:
+   any::
+	{ ${target}/etc/munin/munin-node.conf
+	  AppendIfNoSuchLine 'allow ^217\.114\.79\.21$'
+	}
+


Property changes on: trunk/fai-config-dir/scripts/DEFAULT/30-munin-node
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/fai-config-dir/scripts/DEFAULT/31-munin-node
===================================================================
--- trunk/fai-config-dir/scripts/DEFAULT/31-munin-node	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/scripts/DEFAULT/31-munin-node	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,21 @@
+#! /bin/sh
+
+#
+#        (c) 2007 Holger Levsen         holger at layer-acht.org
+#        GPL2 licenced
+#
+
+# remove unwanted plugins
+for i in exim_mailqueue exim_mailstats ; do 
+    $ROOTCMD rm -f /etc/munin/plugins/$i
+done
+
+# add wanted plugins
+for i in uptime ; do 
+  $ROOTCMD ln -s /usr/share/munin/plugins/$i /etc/munin/plugins/$i
+done
+
+# restart munin-node
+$ROOTCMD /etc/init.d/munin-node restart
+
+


Property changes on: trunk/fai-config-dir/scripts/DEFAULT/31-munin-node
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/fai-config-dir/scripts/MAILSERVER/10-postfix
===================================================================
--- trunk/fai-config-dir/scripts/MAILSERVER/10-postfix	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/scripts/MAILSERVER/10-postfix	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+#
+#        (c) 2006 Holger Levsen         holger at layer-acht.org
+#        GPL2 licenced
+#
+
+echo "bikeshed.debian-community.org" > $target/etc/mailname
+#fcopy -M /etc/pop-before-smtp/pop-before-smtp.conf 
+fcopy -r -M /etc/postfix
+$ROOTCMD postmap /etc/postfix/virtual_alias
+$ROOTCMD postmap /etc/postfix/virtual_mailbox
+$ROOTCMD /etc/init.d/postfix restart
+
+


Property changes on: trunk/fai-config-dir/scripts/MAILSERVER/10-postfix
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/fai-config-dir/scripts/MAILSERVER/20-postgrey
===================================================================
--- trunk/fai-config-dir/scripts/MAILSERVER/20-postgrey	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/scripts/MAILSERVER/20-postgrey	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,12 @@
+#! /bin/sh
+
+#
+#        (c) 2006 Holger Levsen         holger at layer-acht.org
+#        GPL2 licenced
+#
+
+fcopy -M /etc/default/postgrey
+fcopy -M /etc/postgrey/whitelist_clients
+$ROOTCMD /etc/init.d/postgrey restart
+
+


Property changes on: trunk/fai-config-dir/scripts/MAILSERVER/20-postgrey
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/fai-config-dir/scripts/MAILSERVER/40-munin-node
===================================================================
--- trunk/fai-config-dir/scripts/MAILSERVER/40-munin-node	2007-03-23 08:03:33 UTC (rev 45)
+++ trunk/fai-config-dir/scripts/MAILSERVER/40-munin-node	2007-03-23 08:53:51 UTC (rev 46)
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+#
+#        (c) 2007 Holger Levsen         holger at layer-acht.org
+#        GPL2 licenced
+#
+
+
+for i in postfix_mailqueue postfix_mailstats postfix_mailvolume ; do 
+  $ROOTCMD ln -s /usr/share/munin/plugins/$i /etc/munin/plugins/$i
+done
+$ROOTCMD /etc/init.d/munin-node restart
+
+


Property changes on: trunk/fai-config-dir/scripts/MAILSERVER/40-munin-node
___________________________________________________________________
Name: svn:executable
   + *


