software/dovecot: Updated

software/dovecot/buildout.hash.cfg

@@ -15,13 +15,28 @@
 
 [template]
 filename = instance.cfg.in
-md5sum = 8269f0e38474f8946720b4ed051fc875
+md5sum = 4fb2401a7e181c3b4ddd737917f58335
 
 [template-dovecot]
 filename = instance-dovecot.cfg.in
-md5sum = 7525cf6b67754d23ca147fb9fe669fa1
+md5sum = 16b3ba167f55e33233a393a42ff62873
 
 [template-postfix]
-filename = instance-postfix.cfg.in
-md5sum = 8f7bfca893a01c390df7a3dc9c2410e1
+filename = instance-postfix.cfg.jinja2.in
+md5sum = 19a0dd212ddc41ab971850d941db2111
 
+[template-postfix-master-cf]
+filename = postfix_master.cf.jinja2.in
+md5sum = ef164517e3f7170d03499967d625c3bb
+
+[template-postfix-main-cf]
+filename = postfix_main.cf.jinja2.in
+md5sum = e9f03c66627beb4054d45123450162d2
+
+[template-postfix-aliases]
+filename = postfix_aliases.jinja2.in
+md5sum = 0969fbb25b05c02ef3c2d437b2f4e1a0
+
+[template-dovecot-main-conf]
+filename = dovecot_main.conf.in
+md5sum = 446bfa9103220c74207baad1fb7bd8d2

software/dovecot/dovecot_main.conf.in

+## Dovecot configuration file
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
+
+# Enable installed protocols
+!include_try /usr/share/dovecot/protocols.d/*.protocol
+
+# A comma separated list of IPs or hosts where to listen in for connections.
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+listen = *, ::
+
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+!include conf.d/*.conf
+

software/dovecot/instance-dovecot-input-schema.json

+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "description": "",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "tcpv4-port": {
+      "allOf": [
+        {
+          "$ref": "./schemas-definitions.json#/tcpv4port"
+        },
+        {
+          "description": "Start allocating ports at this value, going upward"
+        }
+      ]
+    },
+    "postmaster": {
+      "description": "Mail address to send technical mails to. Non-empty value required for smptd relay service to be deployed. Values will be put in alias-dict as 'postmaster' key (alias-dict takes precedence)",
+      "default": "",
+      "type": "string"
+    },
+    "alias-dict": {
+      "description": "Mail alias support",
+      "default": {},
+      "patternProperties": {
+        ".*": {
+          "description": "List of addresses alias expands to",
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "relay": {
+      "description": "Forward outgoing mails to a specific relay. If enabled, relay must support TLS-encrypted SASL authentication.",
+      "dependencies": {
+        "host": [
+          "sasl-credential"
+        ]
+      },
+      "properties": {
+        "host": {
+          "description": "Host name or address of relay, with optional port (ex: '[example.com]:submission'). Enclosing hostname with [] prevents MX lookup.",
+          "type": "string"
+        },
+        "sasl-credential": {
+          "description": "SASL credential, in the login:password form",
+          "type": "string"
+        }
+      },
+      "default": {},
+      "type": "object"
+    },
+    "divert": {
+      "description": "Intercept all mails and send them to given addresses instead of original recipient",
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true
+    }
+  }
+}

software/dovecot/instance-dovecot-output-schema.json

+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "description": "",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "tcpv4-port": {
+      "allOf": [
+        {
+          "$ref": "./schemas-definitions.json#/tcpv4port"
+        },
+        {
+          "description": "Start allocating ports at this value, going upward"
+        }
+      ]
+    },
+    "postmaster": {
+      "description": "Mail address to send technical mails to. Non-empty value required for smptd relay service to be deployed. Values will be put in alias-dict as 'postmaster' key (alias-dict takes precedence)",
+      "type": "string"
+    },
+    "alias-dict": {
+      "description": "Mail alias support",
+      "patternProperties": {
+        ".*": {
+          "description": "List of addresses alias expands to",
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "relay": {
+      "description": "Forward outgoing mails to a specific relay. If enabled, relay must support TLS-encrypted SASL authentication.",
+      "dependencies": {
+        "host": [
+          "sasl-credential"
+        ]
+      },
+      "properties": {
+        "host": {
+          "description": "Host name or address of relay, with optional port (ex: '[example.com]:submission'). Enclosing hostname with [] prevents MX lookup.",
+          "type": "string"
+        },
+        "sasl-credential": {
+          "description": "SASL credential, in the login:password form",
+          "type": "string"
+        }
+      },
+      "default": {},
+      "type": "object"
+    },
+    "divert": {
+      "description": "Intercept all mails and send them to given addresses instead of original recipient",
+      "type": "array",
+      "items": {
+        "type": "string"
+      },
+      "uniqueItems": true
+    }
+  }
+}

software/dovecot/instance-dovecot.cfg.in

+[buildout]
+parts =
+extends =
+
 [dovecot-ssl]
 recipe = plone.recipe.command
 cert-file = $${directory:data}/cert.pem

software/dovecot/instance.cfg.in

 [buildout]
 parts =
-#   publish-connection-parameter
-# extends = {{ template_monitor }}
+  switch-softwaretype
 
 eggs-directory = ${buildout:eggs-directory}
 develop-eggs-directory = ${buildout:develop-eggs-directory}
 offline = true
 
+
 [default-dynamic-template-parameters]
-bin-directory = {{ bin_directory }}
-buildout-bin-directory = {{ buildout_bin_directory }}
+bin-directory = ${buildout:bin-directory}
+buildout-bin-directory = ${buildout:bin-directory}
 
 [dynamic-template-postfix-parameters]
 <= default-dynamic-template-parameters
-openssl = {{ openssl_location }}
-postfix-location = {{ postfix_location }}
-
-
+cyrus-sasl-location = ${cyrus-sasl:location}
+openssl = ${openssl:location}
+postfix-location = ${postfix:location}
+template-postfix-aliases = ${template-postfix-aliases:target}
+template-postfix-main-cf = ${template-postfix-main-cf:target}
+template-postfix-master-cf = ${template-postfix-master-cf:target}
+xz-utils-location =  ${xz-utils:location}
 
 [dynamic-template-postfix]
-< = jinja2-template-base
-url = {{ template_postfix }}
+recipe = slapos.recipe.template:jinja2
+url = ${template-postfix:output}
 filename = instance-postfix.cfg
+output = ${buildout:directory}/${:filename}
 extensions = jinja2.ext.do
-extra-context =
-    section parameter_dict dynamic-template-postfix-parameters
+context =
     import urllib urllib
-
-
-# [publish-connection-parameter]
-# recipe = slapos.cookbook:publish
-# <= monitor-publish
-
+    section parameter_dict dynamic-template-postfix-parameters
+    key slapparameter_dict slap-configuration:configuration
+    key ipv6_set slap-configuration:ipv6
+    raw template_monitor ${monitor2-template:output}
 
 [slap-configuration]
-recipe = slapos.cookbook:slapconfiguration
+recipe = slapos.cookbook:slapconfiguration.serialised
 computer = $${slap-connection:computer-id}
 partition = $${slap-connection:partition-id}
 url = $${slap-connection:server-url}
 key = $${slap-connection:key-file}
 cert = $${slap-connection:cert-file}
 
-# [directory]
-# recipe = slapos.cookbook:mkdirectory
-# etc = $${buildout:directory}/etc
-# var = $${buildout:directory}/var
-# srv = $${buildout:directory}/srv
-# bin = $${buildout:directory}/bin
-# tmp = $${buildout:directory}/tmp
-# run = $${:var}/run
-
-# services   = $${:etc}/service
-# data       = $${:srv}/data
-# groups     = $${:srv}/groups
-# recordings = $${:srv}/recordings
-
-
-
-
-# cyrus-sasl-location = {{ cyrus_sasl_location }}
-# template-postfix-aliases = {{ template_postfix_aliases }}
-# template-postfix-main-cf = {{ template_postfix_main_cf }}
-# template-postfix-master-cf = {{ template_postfix_master_cf }}
-# xz-utils-location =  {{ xz_utils_location }}
+[switch-softwaretype]
+recipe = slapos.cookbook:switch-softwaretype
+default = dynamic-template-postfix:output
+RootSoftwareInstance = $${:default}

software/dovecot/postfix_aliases.jinja2.in

+# See http://www.postfix.org/aliases.5.html for format
+{% for name, alias_list in alias_dict.items() -%}
+{{ name }}: {{ alias_list | join(', ') }}
+{% endfor %}

software/dovecot/postfix_main.cf.jinja2.in

+# http://www.postfix.org/STANDARD_CONFIGURATION_README.html
+# http://www.postfix.org/postconf.5.html
+queue_directory = {{ queue_directory }}
+command_directory = {{ bin_directory }}
+daemon_directory = {{ usr_directory }}/libexec/postfix
+data_directory = {{ data_directory }}
+mail_owner = {{ mail_owner }}
+alias_maps = {{ aliases }}
+alias_database = {{ aliases }}
+mail_spool_directory = {{ spool_directory }}
+sendmail_path = {{ bin_directory }}/sendmail
+newaliases_path = {{ bin_directory }}/newaliases
+mailq_path = {{ bin_directory }}/mailq
+setgid_group = {{ setgid_group }}
+html_directory = no
+manpage_directory = {{ postfix_location }}/usr/local/man
+sample_directory = {{ postfix_location }}/etc/postfix
+readme_directory = no
+inet_interfaces = {{ inet_interfaces }}
+smtp_bind_address = 0.0.0.0
+smtp_bind_address6 = ::
+compatibility_level = 3.6
+smtputf8_enable = no
+
+# Compared to default:
+# - remove X-related variables, irrelevant for slapos, to be concise
+# - add SASL_CONF_PATH to have per-partition cyrus-sasl configuration
+import_environment =
+  MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ LANG=C
+  SASL_CONF_PATH
+
+# Mandatory sasl auth over TLS
+# XXX: no man-in-the-middle protection
+smtpd_tls_cert_file = {{ cert }}
+smtpd_tls_key_file = {{ key }}
+smtpd_tls_dh512_param_file = {{ dh_512 }}
+{#
+  Note: 1024 vs. 2048 is not a typo, but what is actually recommended in
+  postfix documentation
+-#}
+smtpd_tls_dh1024_param_file = {{ dh_2048 }}
+
+smtpd_tls_security_level = encrypt
+smtpd_sasl_auth_enable = yes
+# Reject as many bogus cases as soon as possible, so errors are visible to ERP5
+# developper rather than relying on bounces.
+smtpd_recipient_restrictions =
+  reject_non_fqdn_recipient
+  reject_unknown_recipient_domain
+  permit_sasl_authenticated
+  reject
+# Do not allow mynetworks to send mails, only authenticated clients.
+smtpd_relay_restrictions =
+  permit_sasl_authenticated
+  defer_unauth_destination
+
+# We do not pass mail address in command lines, so accept those starting with
+# a dash.
+allow_min_user = yes
+
+# Disable local delivery
+local_transport = error
+
+smtpd_milters ={{ '\n  '.join(milter_list) }}
+
+{% if relayhost -%}
+relayhost = {{ relayhost }}
+smtp_tls_security_level = encrypt
+smtp_tls_session_cache_database = btree:{{ data_directory }}/smtp_scache
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = {{ sasl_passwd }}
+smtp_sasl_tls_security_options = noanonymous
+{%- endif %}
+
+maillog_file = {{ log_directory }}/postfix.log
+maillog_file_compressor = {{ xz_utils_location }}/bin/xz
+maillog_file_prefixes = {{ log_directory }}

software/dovecot/postfix_master.cf.jinja2.in

+# http://www.postfix.org/master.5.html
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+{{ smtp }}      inet  n       -       n       -       -       smtpd
+pickup    unix  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd

software/dovecot/software.cfg

 [buildout]
 extends =
-  ../../component/openssl/buildout.cfg
-  ../../component/python3/buildout.cfg
+  ../../component/xz-utils/buildout.cfg
   ../../component/postfix/buildout.cfg
   ../../stack/monitor/buildout.cfg
   ../../stack/slapos.cfg
   buildout.hash.cfg
 
-parts +=
+parts =
   slapos-cookbook
   dovecot
   template
-  eggs
-
-[eggs]
-recipe = zc.recipe.egg
-eggs +=
-  plone.recipe.command
-  collective.recipe.template
-scripts =
 
 [dovecot]
 recipe = slapos.recipe.cmmi
 url = https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz
 location = @@LOCATION@@
-# md5sum = 4340e59915605e30dcdb70aa9eb06acb
 configure-command = ./configure
 configure-options =
   --prefix=${:location}
@@ -35,15 +25,6 @@ post-install = cp -r ${:location}/share/doc/dovecot/example-config/* ${:location
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/${:filename}
 output = ${buildout:directory}/template.cfg
-context =
-  key template_postfix template-postfix:target
-  key template_dovecot template-dovecot:target
-  key bin_directory buildout:bin-directory
-  key buildout_bin_directory buildout:bin-directory
-  key postfix_location postfix:location
-  key openssl_location openssl:location
-  raw openssl_bin ${openssl:location}/bin/openssl
-  raw template_monitor ${monitor2-template:output}
 
 [download-base]
 recipe = slapos.recipe.build:download
@@ -53,4 +34,19 @@ url = ${:_profile_base_location_}/${:filename}
 <=download-base
 
 [template-postfix]
+recipe = slapos.recipe.template
+url = ${:_profile_base_location_}/${:filename}
+output = ${buildout:directory}/instance-postfix.cfg.jinja2
+
+[template-postfix-master-cf]
+< = download-base
+
+[template-postfix-main-cf]
 < = download-base
+
+[template-postfix-aliases]
+< = download-base
+
+[template-dovecot-main-conf]
+< = download-base
+

software/dovecot/software.cfg.json

+{
+  "name": "ERP5",
+  "description": "ERP5, Open-Source ERP",
+  "serialisation": "json-in-xml",
+  "software-type": {
+    "default": {
+      "title": "Default",
+      "software-type": "default",
+      "request": "instance-dovecot-input-schema.json",
+      "response": "instance-dovecot-output-schema.json",
+      "index": 0
+    }
+  }
+}