From 72d73f05769ff86b80a8da71e275ac8174a328dc Mon Sep 17 00:00:00 2001
From: "root@culturestrings" <root@culturestrings>
Date: Sat, 29 Aug 2020 00:17:21 +0000
Subject: dovecot: initial configuration (imap only, require client
 certificate).

---
 public/fs/etc/dovecot/conf.d/10-auth.conf | 19 +++++++++++++++++++
 public/fs/etc/dovecot/conf.d/10-ssl.conf  |  6 ++++++
 public/fs/etc/dovecot/dovecot-conf.sh     | 13 +++++++++++++
 public/fs/etc/dovecot/dovecot.conf.in     |  7 +++++++
 4 files changed, 45 insertions(+)
 create mode 100644 public/fs/etc/dovecot/conf.d/10-auth.conf
 create mode 100644 public/fs/etc/dovecot/conf.d/10-ssl.conf
 create mode 100755 public/fs/etc/dovecot/dovecot-conf.sh
 create mode 100644 public/fs/etc/dovecot/dovecot.conf.in

(limited to 'public/fs/etc')

diff --git a/public/fs/etc/dovecot/conf.d/10-auth.conf b/public/fs/etc/dovecot/conf.d/10-auth.conf
new file mode 100644
index 0000000..73d15c4
--- /dev/null
+++ b/public/fs/etc/dovecot/conf.d/10-auth.conf
@@ -0,0 +1,19 @@
+auth_debug                      = yes
+auth_debug_passwords            = yes
+
+auth_ssl_require_client_cert    = yes
+auth_ssl_username_from_cert     = yes
+
+auth_mechanisms                 = plain external
+
+passdb {
+    driver              = passwd-file
+    args                = scheme=PLAIN username_format=%u /etc/dovecot/users
+    mechanisms          = plain external
+    override_fields     = nopassword
+}
+
+userdb {
+    driver              = passwd-file
+    args                = /etc/passwd
+}
diff --git a/public/fs/etc/dovecot/conf.d/10-ssl.conf b/public/fs/etc/dovecot/conf.d/10-ssl.conf
new file mode 100644
index 0000000..ae9669b
--- /dev/null
+++ b/public/fs/etc/dovecot/conf.d/10-ssl.conf
@@ -0,0 +1,6 @@
+ssl_ca                      = </etc/dovecot/ssl/ca.pem
+ssl_cert                    = </etc/dovecot/ssl/fullchain.pem
+ssl_key                     = </etc/dovecot/ssl/privkey.pem
+
+ssl_require_crl             = yes
+ssl_verify_client_cert      = yes
diff --git a/public/fs/etc/dovecot/dovecot-conf.sh b/public/fs/etc/dovecot/dovecot-conf.sh
new file mode 100755
index 0000000..c0d6366
--- /dev/null
+++ b/public/fs/etc/dovecot/dovecot-conf.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+sitezone="$1"
+
+cfg_script="$0"
+cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P)
+
+source /root/config/private/config/hostinfo/${sitezone}
+
+sed -e 's/@imaphost@/'"${imaphost}"'/g' \
+	"${cfg_srcdir}/dovecot.conf.in"
diff --git a/public/fs/etc/dovecot/dovecot.conf.in b/public/fs/etc/dovecot/dovecot.conf.in
new file mode 100644
index 0000000..6526c58
--- /dev/null
+++ b/public/fs/etc/dovecot/dovecot.conf.in
@@ -0,0 +1,7 @@
+hostname                = @imaphost@
+protocols               = imap
+
+ssl                     = required
+verbose_ssl             = yes
+
+!include conf.d/*.conf
-- 
cgit v1.2.3