def opendkim(): check_root() config = get_config()['general'] domain = config['domain'] user = config['docker_user'] package_list = ['opendkim', 'opendkim-tools'] install_packages(package_list) Path("/var/log/postfix").mkdir(parents=True, exist_ok=True) Path("/var/log/dovecot").mkdir(parents=True, exist_ok=True) os.system("chmod -R 770 /etc/opendkim") os.system(f"usermod -aG opendkim {user}") os.system( f"opendkim-genkey -b 2048 -r -h rsa-sha256 -d {domain} -s /etc/opendkim/mail" ) shutil.move("/etc/opendkim/mail.private", "/etc/opendkim/mail") uid = pwd.getpwnam("opendkim").pw_uid gid = grp.getgrnam("opendkim").gr_gid chown_recursive("/etc/opendkim", uid, gid) os.system("chmod -R go-rwx /etc/opendkim") print( "Please add the DNS entry listed in /etc/opendkim/mail.txt to your DNS" )
def clean(): check_root() files = [i for i in os.listdir(service_enabled_path) if os.path.isfile(os.path.join(service_enabled_path,i)) and 'libertas@' in i] if not files: if os.path.exists(service_file_target): os.remove(service_file_target) else: print("There are still services enabled, please disable first.")
def install(target): check_root() if not os.path.exists(service_file_target): check_rendered(service_file_source) shutil.copyfile(service_file_source, service_file_target) drop_privileges() command = 'systemctl --user enable libertas@' + target os.system(command)
def dependencies(): check_root() package_list = [ "docker-compose", "python3-toml", "python3-jinja2", "uidmap" ] os.system("modprobe bridge") os.system("modprobe overlay permit_mounts_in_userns=1") with open('/etc/sysctl.conf', 'a') as file: file.write('net.ipv4.ip_unprivileged_port_start=0\n') os.system("sysctl --system") user_name = get_config()['general']['docker_user'] os.system(f"loginctl enable-linger {user_name}") install_packages(package_list) drop_privileges() install_docker_rootless()
def letsencrypt(): check_root() package_list = ['certbot'] domain = get_config()['general']['domain'] install_packages(package_list) os.system(f"certbot certonly -d {domain}") with open("/var/spool/cron/crontabs/root", 'a') as file: file.write("0 4 1 * * letsencrypt renew") # TODO: people will be happier when this is more strict # TODO: fix UID in service template # TODO: fix dmarc permissions # TODO: fix fail2ban os.system("chmod -R 777 /etc/letsencrypt/live") os.system("chmod -R 777 /etc/letsencrypt/archive")
def fail2ban(): check_root() package_list = ['fail2ban'] install_packages(package_list) containers = ['dovecot', 'postfix'] for item in containers: copy(f"./extras/fail2ban/fail2ban-{item}-action.conf", "/etc/fail2ban/action.d/") copy(f"./extras/fail2ban/fail2ban-{item}-filter.conf", "/etc/fail2ban/filter.d/") copy("./extras/fail2ban/jail.local", "/etc/fail2ban/") ssh_port = input("ssh port?") with fileinput.FileInput("/etc/fail2ban/jail.local", inplace=True, backup='.bak') as file: for line in file: line.replace("port = ssh", "port = " + ssh_port)
def bcrypt(): check_root() package_list = ['python3-passlib', 'python3-bcrypt'] install_packages(package_list)