-
Notifications
You must be signed in to change notification settings - Fork 216
/
global
706 lines (584 loc) · 21.8 KB
/
global
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
#!/usr/bin/env bash
# Author: Zhang Huangbin (zhb _at_ iredmail.org)
#---------------------------------------------------------------------
# This file is part of iRedMail, which is an open source mail server
# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedMail is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedMail is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedMail. If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------
export PROG_NAME='iRedMail'
export PROG_NAME_LOWERCASE='iredmail'
export PROG_VERSION='1.7.1'
export DATE="$(/bin/date +%Y.%m.%d.%H.%M.%S)"
# For perl and run-time locale setting.
export LC_ALL=C
export LC_CTYPE=C
export LANG=C
# Tells ncurses (dialog) to use Unicode values which correspond to the VT100
# line-drawing glyphs.
export NCURSES_NO_UTF8_ACS=1
# Debug mode: YES, NO.
export IREDMAIL_DEBUG="${IREDMAIL_DEBUG:=NO}"
# -----------------
# ---- Generic ----
# -----------------
# Maildir style: hashed, normal.
export MAILDIR_STYLE='hashed'
# Mailboxes will be stored under sub-directory ${STORAGE_NODE} of vmail user's
# home directory. e.g. home directory is /var/vmail, the mailboxes will be
# /var/vmail/vmail1.
export STORAGE_NODE="${STORAGE_NODE:=vmail1}"
# Enabled backends.
export ENABLE_BACKEND_OPENLDAP='YES'
export ENABLE_BACKEND_PGSQL='YES'
export ENABLE_BACKEND_MARIADB='YES'
# For better distributed deployment
#
# IP address of localhost.
# Usually it's 127.0.0.1, but not in FreeBSD Jail.
export LOCAL_ADDRESS="${LOCAL_ADDRESS:=127.0.0.1}"
# LDAP server
export LDAP_SERVER_HOST="${LDAP_SERVER_HOST:=${LOCAL_ADDRESS}}"
export LDAP_SERVER_PORT="${LDAP_SERVER_PORT:=389}"
# MySQL server
export MYSQL_SERVER_ADDRESS="${MYSQL_SERVER_ADDRESS:=${LOCAL_ADDRESS}}"
export MYSQL_SERVER_PORT="${MYSQL_SERVER_PORT:=3306}"
export MYSQL_ROOT_USER="${MYSQL_ROOT_USER:=root}"
# Use existing MySQL server, no matter it's local or remote.
export USE_EXISTING_MYSQL="${USE_EXISTING_MYSQL:=NO}"
# Create required SQL databases and records for applications
# Should be set to NO if you're installing iRedMail with a MySQL cluster, and
# you're installing on second or later nodes.
export INITIALIZE_SQL_DATA="${INITIALIZE_SQL_DATA:=YES}"
# PGSQL server
export PGSQL_SERVER_ADDRESS="${PGSQL_SERVER_ADDRESS:=${LOCAL_ADDRESS}}"
export PGSQL_SERVER_PORT="${PGSQL_SERVER_PORT:=5432}"
# host address used in ~postgres/.pgpass
export PGSQL_PGPASS_HOST='localhost'
if [ X"${LOCAL_ADDRESS}" != X'127.0.0.1' ]; then
export PGSQL_PGPASS_HOST="${LOCAL_ADDRESS}"
fi
# Dovecot: POP3, IMAP, managesieve
export IMAP_SERVER="${IMAP_SERVER:=${LOCAL_ADDRESS}}"
export LMTP_BIND_ADDRESS="${LMTP_BIND_ADDRESS:=${LOCAL_ADDRESS}}"
export LMTP_BIND_PORT="${LMTP_BIND_PORT:=24}"
export MANAGESIEVE_BIND_HOST="${MANAGESIEVE_BIND_HOST:=${LOCAL_ADDRESS}}"
export MANAGESIEVE_BIND_PORT="${MANAGESIEVE_BIND_PORT:=4190}"
export MANAGESIEVE_SERVER="${MANAGESIEVE_SERVER:=${LOCAL_ADDRESS}}"
export MANAGESIEVE_PORT="${MANAGESIEVE_PORT:=4190}"
export DOVECOT_SERVICE_QUOTA_STATUS_BIND_ADDRESS="${DOVECOT_QUOTA_STATUS_BIND_ADDRESS:=127.0.0.1}"
# SMTP server (Postfix)
export SMTP_SERVER="${SMTP_SERVER:=${LOCAL_ADDRESS}}"
# php-fpm
export PHP_FPM_BIND_HOST="${PHP_FPM_BIND_HOST:=${LOCAL_ADDRESS}}"
export PHP_FPM_PORT="${PHP_FPM_PORT:=9999}"
# Amavisd
export AMAVISD_SERVER="${LOCAL_ADDRESS}"
# ClamAV
export CLAMD_BIND_HOST="${LOCAL_ADDRESS}"
# iRedAPD
export IREDAPD_BIND_HOST="${LOCAL_ADDRESS}"
export IREDAPD_SERVER_ADDRESS="${IREDAPD_SERVER_ADDRESS:=${IREDAPD_BIND_HOST}}"
# mlmmjadmin
export MLMMJADMIN_BIND_HOST="${LOCAL_ADDRESS}"
export MLMMJADMIN_SERVER_ADDRESS="${MLMMJADMIN_SERVER_ADDRESS:=${MLMMJADMIN_BIND_HOST}}"
# For managesieve service and software.
export USE_MANAGESIEVE='YES'
# vmail user/group name, uid and gid.
export SYS_USER_VMAIL='vmail'
export SYS_GROUP_VMAIL='vmail'
# netdata
export SYS_USER_NETDATA='netdata'
export SYS_GROUP_NETDATA='netdata'
# Specify UID/GID for system accounts. Required if you have multiple LDA/LMTP
# servers access same mailbox storage. e.g. cluster environment.
# vmail
export SYS_USER_VMAIL_UID='2000'
export SYS_GROUP_VMAIL_GID='2000'
# iredadmin
export SYS_USER_IREDADMIN_UID='2001'
export SYS_GROUP_IREDADMIN_GID='2001'
# netdata
export SYS_USER_IREDAPD_UID='2002'
export SYS_GROUP_IREDAPD_GID='2002'
# mlmmj
export SYS_USER_MLMMJ_UID='2003'
export SYS_GROUP_MLMMJ_GID='2003'
# netdata
export SYS_USER_NETDATA_UID='2004'
export SYS_GROUP_NETDATA_GID='2004'
# Default SQL database name used to store mail accounts.
export VMAIL_DB_NAME='vmail'
export VMAIL_DB_BIND_USER='vmail'
export VMAIL_DB_ADMIN_USER='vmailadmin'
# Default virtual domain admin name without domain name (@example.com).
export DOMAIN_ADMIN_NAME='postmaster'
# Directory used to store mailboxes
export STORAGE_BASE_DIR="${STORAGE_BASE_DIR:=/var/vmail}"
# Tools.
export CONFIG_VIA_DIALOG="${DIALOG_DIR}/config_via_dialog.sh"
# Note: config file will be sourced in file 'conf/core', function 'check_env()'.
export IREDMAIL_CONFIG_FILE="${ROOTDIR}/config"
export TIP_FILE="${ROOTDIR}/${PROG_NAME}.tips"
export DOC_FILE="${ROOTDIR}/Documentations"
export STATUS_FILE="${RUNTIME_DIR}/install.status"
export INSTALL_LOG="${RUNTIME_DIR}/install.log"
export PKG_INSTALL_LOG="${RUNTIME_DIR}/pkg.install.log"
# Directory used to store kv files (one value in one file).
export IREDMAIL_KV_DIR='/root/.iredmail/kv'
# Output flag.
export _INFO_FLAG="[ INFO ]"
export _SKIP_FLAG="< SKIP >"
export _ERROR_FLAG="<< ERROR >>"
export _QUESTION_FLAG="< Question >"
export _BACKUP_FLAG=" + < Backup >"
export _DEBUG_FLAG=" + < DEBUG >"
export CONF_MSG="#
# File generated by ${PROG_NAME} (${DATE}):
#
# Version: ${PROG_VERSION}
# Project: https://www.iredmail.org/
#
# Community: https://forum.iredmail.org/
#
"
# TERM.
if [ X"${TERM}" == X"" ]; then
export TERM='xterm'
fi
# Logrotate configuration directory.
export LOGROTATE_DIR='/etc/logrotate.d'
# Kernel name, in upper cases.
export KERNEL_NAME="$(uname -s | tr '[a-z]' '[A-Z]')"
# Command used to genrate a random string.
# Usage: str="$(${RANDOM_STRING})"
if [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then
export RANDOM_STRING='eval </dev/random tr -cd [:alnum:] | fold -w 32 | head -1'
elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then
export RANDOM_STRING='eval </dev/urandom LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 32'
else
# Linux/FreeBSD
export RANDOM_STRING='eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 32)'
fi
# Global variable to store missing packages before installing all mail
# services related packages.
export MISSING_PKGS=""
# command: dialog.
export BIN_DIALOG="dialog"
export PKG_DIALOG="dialog"
# command: bzip2.
export BIN_BZIP2='bzip2'
export PKG_BZIP2='bzip2'
# Shells
export SHELL_NOLOGIN='/sbin/nologin'
export SHELL_BASH='/bin/bash'
# Path to some programs
export CMD_PYTHON3='python3'
export CMD_PIP3='pip3'
# Default password scheme for SQL backends.
# LDAP backend will use SSHA instead (defined in dialog/config_via_dialog.sh)
# for easier third-party application integrations.
export DEFAULT_PASSWORD_SCHEME='SSHA512'
# Check distribution.
# - DISTRO
# - DISTRO_VERSION
# - DISTRO_CODENAME
#
# UNSUPPORTED_RELEASE will be set to 'YES' if current Linux/BSD release is
# an old release and unsupported anymore.
export UNSUPPORTED_RELEASE='NO'
# Detect distro name and release version.
if [ X"${KERNEL_NAME}" == X'LINUX' ]; then
export DISTRO_VERSION=$(awk -F'"' '/^VERSION_ID=/ {print $2}' /etc/os-release)
# Debian:
# - 12: bookworm
# Ubuntu:
# - 22.04: jammy
# - 24.04: noble
export DISTRO_CODENAME=$(awk -F'=' '/^VERSION_CODENAME=/ {print $2}' /etc/os-release)
# Directory of RC scripts.
export DIR_RC_SCRIPTS='/etc/init.d'
if [ -f /etc/redhat-release ]; then
# RHEL/CentOS/Rocky/Alma
export DISTRO='RHEL'
# RedHat has minor version number in `VERSION_ID` line, e.g. `VERSION_ID="8.3"`.
export DISTRO_VERSION="$(echo ${DISTRO_VERSION} | awk -F'.' '{print $1}')"
if [[ X"${DISTRO_VERSION}" != X'8' ]] && [[ X"${DISTRO_VERSION}" != X'9' ]]; then
export UNSUPPORTED_RELEASE='YES'
fi
export CMD_UWSGI='/usr/sbin/uwsgi'
export UWSGI_PLUGIN_PYTHON="python3"
# Get distribution name as DISTRO_CODENAME
if [ -e /etc/rocky-release ]; then
export DISTRO_CODENAME='rocky'
elif [ -e /etc/almalinux-release ]; then
export DISTRO_CODENAME='alma'
elif [ -e /etc/centos-release ]; then
# CentOS Stream is ok, but not CentOS Linux.
if grep -i 'CentOS Stream release' /etc/centos-release &>/dev/null; then
export DISTRO_CODENAME='stream'
else
export UNSUPPORTED_RELEASE='YES'
fi
else
if grep -i '^Red Hat Enterprise Linux' /etc/redhat-release &>/dev/null; then
# RHEL
export DISTRO_CODENAME='rhel'
else
export UNSUPPORTED_RELEASE='YES'
fi
fi
elif [ -f /etc/lsb-release ] && grep -i 'DISTRIB_ID=Ubuntu' /etc/lsb-release &>/dev/null; then
# Ubuntu
export DISTRO='UBUNTU'
# Supported releases: 22.04, 24.04.
if echo "${DISTRO_VERSION}" | grep -E '^(22.04|24.04)' &>/dev/null ; then
:
else
export UNSUPPORTED_RELEASE='YES'
fi
elif [ -f /etc/debian_version ]; then
# Debian
export DISTRO='DEBIAN'
echo "${DISTRO_VERSION}" | grep -E '^(12)' &>/dev/null
if [[ $? != 0 ]]; then
export UNSUPPORTED_RELEASE='YES'
fi
else
export UNSUPPORTED_RELEASE='YES'
fi
elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then
export DISTRO='FREEBSD'
export DISTRO_VERSION="$(uname -r |awk -F'[.-]' '{print $1}')"
# Directory of RC scripts.
export DIR_RC_SCRIPTS='/usr/local/etc/rc.d'
export RC_CONF_LOCAL='/etc/rc.conf.local'
export CMD_PYTHON3='/usr/local/bin/python3'
# Unsupported releases: 7, 8, 9, 10, 11.
if echo "${DISTRO_VERSION}" | grep -E '^(7|8|9|10|11)' &>/dev/null ; then
export UNSUPPORTED_RELEASE='YES'
fi
export SHELL_BASH='/usr/local/bin/bash'
# Default password scheme.
export DEFAULT_PASSWORD_SCHEME='BCRYPT'
elif [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then
export DISTRO='OPENBSD'
export DISTRO_VERSION="$(uname -r)"
# Default password scheme.
export DEFAULT_PASSWORD_SCHEME='BCRYPT'
# Directory of RC scripts.
export DIR_RC_SCRIPTS='/etc/rc.d'
export RC_CONF_LOCAL='/etc/rc.conf.local'
export SHELL_BASH='/usr/local/bin/bash'
export PYTHON_VERSION='3.10'
export CMD_PYTHON3='/usr/local/bin/python3'
export CMD_PIP3="pip${PYTHON_VERSION}"
# Supported release: 7.6
echo "${DISTRO_VERSION}" | grep '^7\.6$' &>/dev/null
if [[ X"$?" != X"0" ]]; then
export UNSUPPORTED_RELEASE='YES'
fi
else
# Not support *BSD and other distrobutions yet.
echo "Error: Your OS is not supported yet."
exit 255
fi
# Exit and prompt to use a supported Linux/BSD distribution
if [ X"${UNSUPPORTED_RELEASE}" == X'YES' ]; then
cat <<EOF
********* ERROR *********
Release version of the operating system on this server is unsupported by
iRedMail, please access below link to get the latest iRedMail and a list
of supported Linux/BSD distributions and release versions.
http://www.iredmail.org/download.html
*************************
EOF
exit 255
fi
# Check processor type.
if [ X"${DISTRO}" == X'DEBIAN' ]; then
arch="$(uname -m)"
else
arch="$(uname -p)"
fi
case $arch in
i[3456]86) export OS_ARCH='i386' ;;
x86_64|amd64) export OS_ARCH='x86_64' ;;
*) export OS_ARCH="${arch}" ;;
esac
# Hostname.
if [ X"${IREDMAIL_HOSTNAME}" != X'' ]; then
# Read from 'IREDMAIL_HOSTNAME'
export HOSTNAME="${IREDMAIL_HOSTNAME}"
else
if [ X"${DISTRO}" == X'OPENBSD' ]; then
export HOSTNAME="$(hostname)"
else
export HOSTNAME="$(hostname -f)"
fi
fi
# root user/group name. Note: not all OSes have group 'root'.
export SYS_USER_ROOT='root'
export SYS_GROUP_ROOT='root'
# Syslog
export USE_RSYSLOG='YES'
export USE_BSD_SYSLOG='NO'
export SYS_USER_SYSLOG='root'
export SYS_GROUP_SYSLOG='root'
export SYSLOG_POSTROTATE_CMD='/usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true'
export SYSLOG_SOCKET='/dev/log'
export IREDMAIL_SYSLOG_FACILITY='local5'
# rsyslog
export SYSLOG_CONF_DIR='/etc/rsyslog.d'
# Use systemd
export USE_SYSTEMD='YES'
export SYSTEMD_SERVICE_DIR='/lib/systemd/system'
# install_pkg: function used to install packages without confirm.
# remove_pkg: function used to remove packages without confirm.
# LIST_ALL_PKGS: command used to list all installed packages.
# LIST_FILES_IN_PKG: command used to list files installed by special package.
if [ X"${DISTRO}" == X'RHEL' ]; then
# RHEL/CentOS.
# Package management.
if [ X"${YUM}" != X"" ]; then
export YUM="${YUM}"
else
export YUM="yum -d 2"
fi
export install_pkg='install_pkg_rhel'
export remove_pkg="remove_pkg_rhel"
export LIST_ALL_PKGS='rpm -qa'
export LIST_FILES_IN_PKG='rpm -ql'
# Directory /etc/sysconfig/ on RHEL/CentOS.
export ETC_SYSCONFIG_DIR='/etc/sysconfig'
# Firewalld
export USE_FIREWALLD='YES'
export FIREWALLD_CONF_DIR='/etc/firewalld'
export FIREWALLD_CONF='/etc/firewalld/firewalld.conf'
export FIREWALL_RULE_CONF="${FIREWALLD_CONF_DIR}/zones/iredmail.xml"
# main config file
export SYSLOG_CONF='/etc/rsyslog.conf'
# SSHD log file
export SSHD_LOGFILE='/var/log/secure'
# Crontab related.
export CRON_SPOOL_DIR='/var/spool/cron'
# Directory used to store SSL/TLS key/cert file.
export SSL_FILE_DIR="/etc/pki/tls"
export SSL_CA_FILE="/etc/pki/tls/certs/ca-bundle.crt"
# Yum repository related.
export YUM_REPOS_DIR='/etc/yum.repos.d'
export LOCAL_REPO_NAME="${PROG_NAME}"
export LOCAL_REPO_FILE="${YUM_REPOS_DIR}/${LOCAL_REPO_NAME}.repo"
# Override default value.
export PKG_DIALOG="dialog"
export PKG_BZIP2="bzip2"
elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
# Ubuntu & Debian.
export DEBIAN_FRONTEND='noninteractive'
export SHELL_NOLOGIN='/usr/sbin/nologin'
# Package management.
if [ X"${APTGET}" != X"" ]; then
export APTGET="${APTGET}"
else
# "WARNING: `apt` does not have a stable CLI interface. Use with caution in scripts."
export APTGET='apt-get'
fi
# Package management.
export install_pkg='install_pkg_debian'
export remove_pkg='remove_pkg_debian'
export LIST_ALL_PKGS="dpkg -l |awk '{print $2}'"
export LIST_FILES_IN_PKG='dpkg -L'
# Syslog
export SYS_GROUP_SYSLOG='adm'
if [ X"${DISTRO}" == X'DEBIAN' ]; then
export SYSLOG_CONF='/etc/rsyslog.conf'
elif [ X"${DISTRO}" == X'UBUNTU' ]; then
export SYS_USER_SYSLOG='syslog'
export SYSLOG_CONF='/etc/rsyslog.d/iredmail.conf'
fi
# SSHD log file
export SSHD_LOGFILE='/var/log/auth.log'
# Crontab related.
export CRON_SPOOL_DIR='/var/spool/cron/crontabs'
# Directory /etc/default/ on Debian/Ubuntu.
export ETC_SYSCONFIG_DIR='/etc/default'
export USE_NFTABLES='YES'
export NFTABLES_CONF='/etc/nftables.conf'
export FIREWALL_RULE_CONF="${NFTABLES_CONF}"
# Directory used to store SSL/TLS key/cert file.
export SSL_FILE_DIR="/etc/ssl"
export SSL_CA_FILE="/etc/ssl/certs/ca-certificates.crt"
# `python3` is a symbol link to `python3X`.
export UWSGI_PY3_PLUGIN_NAME='python3'
elif [ X"${DISTRO}" == X'FREEBSD' ]; then
export USE_SYSTEMD='NO'
export SYS_GROUP_ROOT='wheel'
export SYSLOG_SOCKET='/var/run/log'
# sysrc: safely edit system rc files
export SYSRC='/usr/sbin/sysrc'
# Package management.
if [ X"${PKGADD}" != X"" ]; then
export PKGADD="${PKGADD}"
else
export PKGADD="pkg_add"
fi
if [ X"${DISTRO_VERSION}" == X'9' ]; then
export LIST_ALL_PKGS="pkg_info | awk '{print $1}'"
export LIST_FILES_IN_PKG='pkg_info -L'
else
# use pkgng on FreeBSD 10 and later releases.
export LIST_ALL_PKGS="pkg info | awk '{print $1}'"
export LIST_FILES_IN_PKG='pkg query "%Fp"'
fi
# Port directory
export PORT_WORKDIRPREFIX='/usr/ports'
# Syslog (newsyslog)
export USE_RSYSLOG='NO'
export USE_BSD_SYSLOG='YES'
export SYS_GROUP_SYSLOG='wheel'
export SYSLOG_CONF='/etc/syslog.conf'
export SYSLOG_CONF_DIR='/usr/local/etc/syslog.d'
# SSHD log file
export SSHD_LOGFILE='/var/log/auth.log'
# Crontab related.
export CRON_SPOOL_DIR='/var/cron/tabs'
export ETC_SYSCONFIG_DIR='/etc/defaults'
export FREEBSD_MAKE_CONF='/etc/make.conf'
# IPFW rule file.
export FIREWALL_RULE_CONF="${ETC_SYSCONFIG_DIR}/ipfw.rules"
# Directory used to store SSL/TLS key/cert file.
export SSL_FILE_DIR="/etc/ssl"
export SSL_CA_FILE="/etc/ssl/cert.pem"
# Logrotate directory.
export LOGROTATE_DIR='/usr/local/etc/newsyslog.conf.d'
elif [ X"${DISTRO}" == X'OPENBSD' ]; then
export USE_SYSTEMD='NO'
export SYS_GROUP_ROOT='wheel'
# Package management.
export install_pkg='install_pkg_openbsd'
export remove_pkg='pkg_delete'
export LIST_ALL_PKGS="pkg_info -a | awk '{print $1}'"
export LIST_FILES_IN_PKG='pkg_info -L'
# Syslog (newsyslog)
export USE_RSYSLOG='NO'
export USE_BSD_SYSLOG='YES'
export SYS_GROUP_SYSLOG='wheel'
export SYSLOG_CONF='/etc/syslog.conf'
# SSHD log file
export SSHD_LOGFILE='/var/log/authlog'
# Crontab related.
export CRON_SPOOL_DIR='/var/cron/tabs'
# PF rule file.
export FIREWALL_RULE_CONF="/etc/pf.conf"
# Directory used to store SSL/TLS key/cert file.
export SSL_FILE_DIR="/etc/ssl"
export SSL_CA_FILE="/etc/ssl/cert.pem"
else
# Not support yet.
echo "Your distrobution is not supported yet."
exit 255
fi
# Use a seperated directory to store iRedMail certs/keys.
if [ X"${DISTRO}" == X'OPENBSD' ]; then
export SSL_CERT_DIR="${SSL_FILE_DIR}"
export SSL_KEY_DIR="${SSL_FILE_DIR}"
else
export SSL_CERT_DIR="${SSL_FILE_DIR}/certs"
export SSL_KEY_DIR="${SSL_FILE_DIR}/private"
fi
# Root's cron file
export CRON_FILE_ROOT="${CRON_SPOOL_DIR}/${SYS_USER_ROOT}"
# dhparam file required to fix 'The Logjam Attack'.
export SSL_DH512_PARAM_FILE="${SSL_FILE_DIR}/dh512_param.pem"
export SSL_DH1024_PARAM_FILE="${SSL_FILE_DIR}/dh2048_param.pem"
# use of the most secure ciphers first and gradually fall back to
# less-preferred ciphers should the client not support them.
export SSL_CIPHERS='EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH'
# SSL key.
export OPENSSL_CONF="${SSL_FILE_DIR}/openssl.cnf"
export SSL_CERT_FILE="${SSL_CERT_DIR}/iRedMail.crt"
export SSL_KEY_FILE="${SSL_KEY_DIR}/iRedMail.key"
export TLS_COUNTRY='CN'
export TLS_STATE='GuangDong'
export TLS_CITY='ShenZhen'
export TLS_COMPANY="${HOSTNAME}"
export TLS_DEPARTMENT='IT'
export TLS_HOSTNAME="${HOSTNAME}"
export TLS_ADMIN="root@${HOSTNAME}"
# Default SSL key size in bits
export SSL_KEY_SIZE='4096'
default_ssl_key_size="$(awk '/^default_bits/ {print $3}' ${OPENSSL_CONF} 2>/dev/null)"
if [ -z ${default_ssl_key_size} ]; then
:
elif [ ${default_ssl_key_size} -ge ${SSL_KEY_SIZE} ]; then
export SSL_KEY_SIZE="${default_ssl_key_size}"
fi
# Location of sshd_config
export SSHD_CONFIG='/etc/ssh/sshd_config'
if [[ -f ${SSHD_CONFIG} ]]; then
export SSHD_PORT="$(awk '/^Port/ {print $2}' ${SSHD_CONFIG} | head -1)"
export SSHD_PORT2="$(awk '/^Port/ {print $2}' ${SSHD_CONFIG} | tail -1)"
fi
if [ X"${SSHD_PORT}" == X'' ]; then
# No port number defined, use default port number (22).
export SSHD_PORT='22'
export SSHD_PORT2='22'
fi
export SSHD_PORTS_WITH_COMMA="${SSHD_PORT}"
export SSHD_PORTS_WITH_SPACE="${SSHD_PORT}"
if [ X"${SSHD_PORT}" != X'' -a X"${SSHD_PORT2}" != X'' -a X"${SSHD_PORT}" != X"${SSHD_PORT2}" ]; then
export SSHD_PORTS_WITH_COMMA="${SSHD_PORT},${SSHD_PORT2}"
export SSHD_PORTS_WITH_SPACE="${SSHD_PORT} ${SSHD_PORT2}"
fi
# sysctl.conf
export SYSCTL_CONF='/etc/sysctl.conf'
# Command use to fetch source tarballs.
if [ X"${DISTRO}" == X'FREEBSD' ]; then
if [ -f /usr/local/etc/ssl/cert.pem ]; then
# require package/port 'security/ca_root_nss'
FETCH_CMD='fetch'
else
FETCH_CMD='fetch --no-verify-hostname --no-verify-peer'
fi
elif [ X"${DISTRO}" == X'OPENBSD' ]; then
# -i: Turns off interactive prompting during multiple file transfers.
# -V: Disable verbose and progress
FETCH_CMD='ftp -iV'
else
# -c: Continue getting a partially-downloaded file.
FETCH_CMD="wget -c --timeout=30"
if [ X"${DISTRO}" == X'RHEL' ]; then
FETCH_CMD="${FETCH_CMD} --ca-certificate=${SSL_CERT_DIR}/ca-bundle.crt"
fi
fi
# Detect IPv6 support with `ping6`.
export IREDMAIL_HAS_IPV6='NO'
ping6 -c 1 ::1 &>/dev/null
if [ X"$?" == X'0' ]; then
IREDMAIL_HAS_IPV6='YES'
fi
# Backup script file names.
export BACKUP_SCRIPT_LDAP_NAME='backup_openldap.sh'
export BACKUP_SCRIPT_MYSQL_NAME='backup_mysql.sh'
export BACKUP_SCRIPT_PGSQL_NAME='backup_pgsql.sh'
#
# Mirror sites
#
# Where to fetch/store binary packages and source tarball.
export IREDMAIL_MIRROR="${IREDMAIL_MIRROR:=https://dl.iredmail.org}"
# Ubuntu mirror site. For example: https://archive.ubuntu.com/ubuntu
export UBUNTU_MIRROR_SITE="${UBUNTU_MIRROR_SITE:=}"
# pip mirror site. Use `pypi.org` if not set.
export PIP_MIRROR_SITE="${PIP_MIRROR_SITE:=}"
export PIP_TRUSTED_HOST="${PIP_TRUSTED_HOST:=}"