re-make the maddy package

Signed-off-by: Jeff Carr <jcarr@wit.com>
2023-01-29 15:54:22 -06:00 · 2023-01-29 15:54:22 -06:00 · 3b6caca1a7
parent 7a7a121212
commit 3b6caca1a7
6 changed files with 27 additions and 367 deletions
--- a/InvokeAI/Makefile
+++ b/InvokeAI/Makefile
@ -1,4 +1,11 @@
-VERSION=2023-notsure
+.PHONY: control
 # https://github.com/invoke-ai/InvokeAI/releases # download the current version from here
 # https://github.com/invoke-ai/InvokeAI/releases/tag/v2.2.5p2
 # https://github.com/invoke-ai/InvokeAI/releases/download/v2.2.5p2/InvokeAI-installer-v2.2.5p2-linux.zip
 VERSION=2.2.5p2
 BASENAME=invokeai
 all: clean extract DEBIAN build
--- a/maddy/Makefile
+++ b/maddy/Makefile
@ -1,17 +1,23 @@
 .PHONY: control
-VERSION=0.6.2
+# ~/go/src/github.com/foxcpp/maddy/build/maddy version
 VERSION=0.6.2+9a87d73
 BASENAME=maddy
 all: clean extract DEBIAN build
 help:
 	@echo
 	@echo "make all     # to attempt to download, extract and build the .deb package using dpkg"
 	@echo
-all: download clean extract DEBIAN build
+source:
-
+	GO111MODULE="off" go get -v -u github.com/foxcpp/maddy
-# uses 'ar' to make a .deb file
+	echo
-raw: download clean extract DEBIAN tar-ar
+	echo "cd ~/go/src/github.com/foxcpp/maddy/ && ./build.sh"
 	echo
 	# https://github.com/foxcpp/maddy.git
 clean:
 	rm -rf ../files
@ -19,15 +25,14 @@ clean:
 	rm -f ../*.tar.xz data.tar.xz
 	rm -rf DEBIAN
 download:
 	@echo
 	@echo This uses the binary /usr/local/bin/maddy
 	@echo
 extract:
-	cp -a files ../
+	# cp -a files ../
 	mkdir -p ../files/usr/bin
-	cp /usr/local/bin/maddy ../files/usr/bin
+	cp ~/go/src/github.com/foxcpp/maddy/build/maddy ../files/usr/bin
 	mkdir -p ../files/etc/maddy
 	cp ~/go/src/github.com/foxcpp/maddy/build/maddy.conf ../files/etc/maddy/
 	mkdir -p ../files/lib/systemd/system
 	cp ~/go/src/github.com/foxcpp/maddy/build/systemd/maddy* ../files/lib/systemd/system/
 # makes the DEBIAN/ directory
 DEBIAN:
@ -40,7 +45,7 @@ DEBIAN:
 	# make the control there
 	mkdir -p DEBIAN
 	cp control DEBIAN/
-	# echo Version: ${VERSION} >>DEBIAN/control
+	echo Version: ${VERSION} >>DEBIAN/control
 	cp postinst DEBIAN
@ -48,15 +53,3 @@ build:
 	mv DEBIAN ../files/
 	cd .. && dpkg-deb --build files ${BASENAME}_${VERSION}_amd64.deb
 	cd .. && dpkg-deb --info ${BASENAME}_${VERSION}_amd64.deb
 # how to make a debian package "raw" just using tar and ar
 #
 # READ THIS AGAIN:
 #
 # A .deb file is just output from 'ar rcs'
 #
 tar-ar: control
 	cd DEBIAN && tar --ignore-failed-read -cvJf ../control.tar.xz .
 	cd files && tar -cvJf ../data.tar.xz .
 	ar rcs ${BASENAME}_${VERSION}_amd64.deb debian-binary control.tar.xz data.tar.xz
 	dpkg-deb --info ${BASENAME}_${VERSION}_amd64.deb
--- a/maddy/control
+++ b/maddy/control
@ -1,9 +1,8 @@
 Source: maddy
 Build-Depends: golang
 Package: maddy
 Version: 0.6.2
 Maintainer: Jeff Carr <jcarr@wit.com>
-Architecture: any
+Architecture: amd64
 Depends:
 Description: A modern mail server written in GO
 Maddy Mail Server implements all functionality required to run a e-mail server.
--- a/maddy/files/etc/maddy/maddy.conf
+++ b/maddy/files/etc/maddy/maddy.conf
@ -1,181 +0,0 @@
 ## Maddy Mail Server - default configuration file (2022-06-18)
 # Suitable for small-scale deployments. Uses its own format for local users DB,
 # should be managed via maddyctl utility.
 #
 # See tutorials at https://maddy.email for guidance on typical
 # configuration changes.
 # ----------------------------------------------------------------------------
 # Base variables
 $(hostname) = example.org
 $(primary_domain) = example.org
 $(local_domains) = $(primary_domain)
 tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
 # ----------------------------------------------------------------------------
 # Local storage & authentication
 # pass_table provides local hashed passwords storage for authentication of
 # users. It can be configured to use any "table" module, in default
 # configuration a table in SQLite DB is used.
 # Table can be replaced to use e.g. a file for passwords. Or pass_table module
 # can be replaced altogether to use some external source of credentials (e.g.
 # PAM, /etc/shadow file).
 #
 # If table module supports it (sql_table does) - credentials can be managed
 # using 'maddyctl creds' command.
 auth.pass_table local_authdb {
    table sql_table {
        driver sqlite3
        dsn credentials.db
        table_name passwords
    }
 }
 # imapsql module stores all indexes and metadata necessary for IMAP using a
 # relational database. It is used by IMAP endpoint for mailbox access and
 # also by SMTP & Submission endpoints for delivery of local messages.
 #
 # IMAP accounts, mailboxes and all message metadata can be inspected using
 # imap-* subcommands of maddyctl utility.
 storage.imapsql local_mailboxes {
    driver sqlite3
    dsn imapsql.db
 }
 # ----------------------------------------------------------------------------
 # SMTP endpoints + message routing
 hostname $(hostname)
 table.chain local_rewrites {
    optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
    optional_step static {
        entry postmaster postmaster@$(primary_domain)
    }
    optional_step file /etc/maddy/aliases
 }
 msgpipeline local_routing {
    # Insert handling for special-purpose local domains here.
    # e.g.
    # destination lists.example.org {
    #     deliver_to lmtp tcp://127.0.0.1:8024
    # }
    destination postmaster $(local_domains) {
        modify {
            replace_rcpt &local_rewrites
        }
        deliver_to &local_mailboxes
    }
    default_destination {
        reject 550 5.1.1 "User doesn't exist"
    }
 }
 smtp tcp://0.0.0.0:25 {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections.
        all rate 20 1s
        all concurrency 10
    }
    dmarc yes
    check {
        require_mx_record
        dkim
        spf
    }
    source $(local_domains) {
        reject 501 5.1.8 "Use Submission for outgoing SMTP"
    }
    default_source {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }
 }
 submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
    limits {
        # Up to 50 msgs/sec across any amount of SMTP connections.
        all rate 50 1s
    }
    auth &local_authdb
    source $(local_domains) {
        check {
            authorize_sender {
                prepare_email &local_rewrites
                user_to_email identity
            }
        }
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            modify {
                dkim $(primary_domain) $(local_domains) default
            }
            deliver_to &remote_queue
        }
    }
    default_source {
        reject 501 5.1.8 "Non-local sender domain"
    }
 }
 target.remote outbound_delivery {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections
        # for each recipient domain.
        destination rate 20 1s
        destination concurrency 10
    }
    mx_auth {
        dane
        mtasts {
            cache fs
            fs_dir mtasts_cache/
        }
        local_policy {
            min_tls_level encrypted
            min_mx_level none
        }
    }
 }
 target.queue remote_queue {
    target &outbound_delivery
    autogenerated_msg_domain $(primary_domain)
    bounce {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
        }
    }
 }
 # ----------------------------------------------------------------------------
 # IMAP endpoints
 imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
    auth &local_authdb
    storage &local_mailboxes
 }
--- a/maddy/files/lib/systemd/system/maddy.service
+++ b/maddy/files/lib/systemd/system/maddy.service
@ -1,81 +0,0 @@
 [Unit]
 Description=maddy mail server
 Documentation=man:maddy(1)
 Documentation=man:maddy.conf(5)
 Documentation=https://maddy.email
 After=network.target
 [Service]
 Type=notify
 NotifyAccess=main
 User=maddy
 Group=maddy
 # cd to state directory to make sure any relative paths
 # in config will be relative to it unless handled specially.
 WorkingDirectory=/var/lib/maddy
 ConfigurationDirectory=maddy
 RuntimeDirectory=maddy
 StateDirectory=maddy
 LogsDirectory=maddy
 ReadOnlyPaths=/usr/lib/maddy
 ReadWritePaths=/var/lib/maddy
 # Strict sandboxing. You have no reason to trust code written by strangers from GitHub.
 PrivateTmp=true
 ProtectHome=true
 ProtectSystem=strict
 ProtectKernelTunables=true
 ProtectHostname=true
 ProtectClock=true
 ProtectControlGroups=true
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 # Additional sandboxing. You need to disable all of these options
 # for privileged helper binaries (for system auth) to work correctly.
 NoNewPrivileges=true
 PrivateDevices=true
 DeviceAllow=/dev/syslog
 RestrictSUIDSGID=true
 ProtectKernelModules=true
 MemoryDenyWriteExecute=true
 RestrictNamespaces=true
 RestrictRealtime=true
 LockPersonality=true
 # Graceful shutdown with a reasonable timeout.
 TimeoutStopSec=7s
 KillMode=mixed
 KillSignal=SIGTERM
 # Required to bind on ports lower than 1024.
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 # Force all files created by maddy to be only readable by it.
 UMask=0027
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and
 # slowly timing out).
 LimitNOFILE=131072
 # Limit processes count to something reasonable to
 # prevent resources exhausting due to big amounts of helper
 # processes launched.
 LimitNPROC=512
 # Restart server on any problem.
 Restart=on-failure
 # ... Unless it is a configuration problem.
 RestartPreventExitStatus=2
 ExecStart=/usr/local/bin/maddy run
 ExecReload=/bin/kill -USR1 $MAINPID
 ExecReload=/bin/kill -USR2 $MAINPID
 [Install]
 WantedBy=multi-user.target
--- a/maddy/files/lib/systemd/system/maddy@.service
+++ b/maddy/files/lib/systemd/system/maddy@.service
@ -1,77 +0,0 @@
 [Unit]
 Description=maddy mail server (using %i.conf)
 Documentation=man:maddy(1)
 Documentation=man:maddy.conf(5)
 Documentation=https://maddy.email
 After=network.target
 [Service]
 Type=notify
 NotifyAccess=main
 User=maddy
 Group=maddy
 ConfigurationDirectory=maddy
 RuntimeDirectory=maddy
 StateDirectory=maddy
 LogsDirectory=maddy
 ReadOnlyPaths=/usr/lib/maddy
 ReadWritePaths=/var/lib/maddy
 # Strict sandboxing. You have no reason to trust code written by strangers from GitHub.
 PrivateTmp=true
 PrivateHome=true
 ProtectSystem=strict
 ProtectKernelTunables=true
 ProtectHostname=true
 ProtectClock=true
 ProtectControlGroups=true
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 DeviceAllow=/dev/syslog
 # Additional sandboxing. You need to disable all of these options
 # for privileged helper binaries (for system auth) to work correctly.
 NoNewPrivileges=true
 PrivateDevices=true
 RestrictSUIDSGID=true
 ProtectKernelModules=true
 MemoryDenyWriteExecute=true
 RestrictNamespaces=true
 RestrictRealtime=true
 LockPersonality=true
 # Graceful shutdown with a reasonable timeout.
 TimeoutStopSec=7s
 KillMode=mixed
 KillSignal=SIGTERM
 # Required to bind on ports lower than 1024.
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 # Force all files created by maddy to be only readable by it.
 UMask=0027
 # Bump FD limitations. Even idle mail server can have a lot of FDs open (think
 # of idle IMAP connections, especially ones abandoned on the other end and
 # slowly timing out).
 LimitNOFILE=131072
 # Limit processes count to something reasonable to
 # prevent resources exhausting due to big amounts of helper
 # processes launched.
 LimitNPROC=512
 # Restart server on any problem.
 Restart=on-failure
 # ... Unless it is a configuration problem.
 RestartPreventExitStatus=2
 ExecStart=/usr/local/bin/maddy --config /etc/maddy/%i.conf run
 ExecReload=/bin/kill -USR1 $MAINPID
 ExecReload=/bin/kill -USR2 $MAINPID
 [Install]
 WantedBy=multi-user.target