LinuxWarez
/
docker-hybrid
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

services work, adding the rest of roles, added postfix for services (signup)

This commit is contained in:
*****DEAD ACCOUNT 2020-11-09 17:34:11 +00:00
parent 449edc2a5f
commit 632475104d
No known key found for this signature in database
GPG Key ID: 6682B58F2E96EA33
46 changed files with 2618 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/anope/botserv.conf
View File

@ -5,7 +5,7 @@
service
{
nick = "BOTSERV"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "Bot Service"
modes = "+o"

4
config/anope/chanserv.conf
View File

@ -5,8 +5,8 @@
service
{
nick = "CHANSERV"
user = "s3rv1c3z"
host = "n3tw3rk.1ns3cur1ty.c0rp"
user = "svc"
host = "s3rv1c3z"
gecos = "Channel Registration Service"
modes = "+o"
channels = "@#services"

2
config/anope/global.conf
View File

@ -5,7 +5,7 @@
service
{
nick = "GLOBAL"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "Global Noticer"
modes = "+o"

2
config/anope/hostserv.conf
View File

@ -6,7 +6,7 @@ service
{
nick = "HOSTSERV"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "vHost Service"
modes = "+o"

2
config/anope/memoserv.conf
View File

@ -5,7 +5,7 @@
service
{
nick = "MEMOSERV"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "Memo Service"
modes = "+o"

2
config/anope/nickserv.conf
View File

@ -1,7 +1,7 @@
service
{
nick = "NICKSERV"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "Nickname Registration Service"
modes = "+o"

2
config/anope/operserv.conf
View File

@ -2,7 +2,7 @@ service
{
nick = "OPERSERV"
user = "s3rv1c3z"
user = "svc"
host = "n3tw3rk.1ns3cur1ty.c0rp"
gecos = "Operator Service"
modes = "+o"

12
hb_hub/ircd.conf → config/hybrid/hub.conf
View File

@ -20,6 +20,7 @@
.include <hb_conf/hub.resv.conf>
.include <hb_conf/hub.services.conf>
.include <hb_conf/hub.shared.conf>
.include <hb_conf/hub.serverhide.conf>
serverinfo {
name = "hub.n3tw3rk.1ns3cur1ty.c0rp";
@ -33,16 +34,6 @@ serverinfo {
max_topic_length = 192;
};
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = no;
hide_servers = yes;
hide_services = yes;
hidden_name = "*.your.real-dns.name";
hide_server_ips = yes;
};
connect {
name = "g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp";
host = "100.64.64.3";
@ -106,7 +97,6 @@ connect {
listen {
host = "100.64.64.42"; # Oper bouncer
port = 6666;
#
host = "100.64.64.50"; # Console
port = 6667;
host = "100.64.64.34"; # Services

5
config/hybrid/hub.serverhide.conf Normal file
View File

@ -0,0 +1,5 @@
/* Configuration example located at
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <include/serverhide.conf>

13
config/hybrid/include/serverhide.conf Normal file
View File

@ -0,0 +1,13 @@
/* Configuration example located at
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
serverhide {
disable_remote_commands = no;
flatten_links = no;
hidden = no;
hide_servers = yes;
hide_services = yes;
hidden_name = "*.your.real-dns.name";
hide_server_ips = yes;
};

45
config/hybrid/tor-dmz.conf Executable file
View File

@ -0,0 +1,45 @@
/* Configuration example located at
* https://gittor-dmz.com/ircd-hybrid/ircd-hybrid/blob/master/doc/reference.conf
*/
.include <hb_conf/tor-dmz.admin.conf>
.include <hb_conf/tor-dmz.auth.conf>
.include <hb_conf/tor-dmz.channels.conf>
.include <hb_conf/tor-dmz.classes.conf>
.include <hb_conf/tor-dmz.cluster.conf>
.include <hb_conf/tor-dmz.deny.conf>
.include <hb_conf/tor-dmz.exempt.conf>
.include <hb_conf/tor-dmz.gecos.conf>
.include <hb_conf/tor-dmz.general.conf>
.include <hb_conf/tor-dmz.kill.conf>
.include <hb_conf/tor-dmz.log.conf>
.include <hb_conf/tor-dmz.modules.conf>
.include <hb_conf/tor-dmz.motd.conf>
.include <hb_conf/tor-dmz.oper.conf>
.include <hb_conf/tor-dmz.pseudo.conf>
.include <hb_conf/tor-dmz.resv.conf>
.include <hb_conf/tor-dmz.services.conf>
.include <hb_conf/tor-dmz.shared.conf>
.include <hb_conf/tor-dmz.serverhide.conf>
serverinfo {
name = "tor-dmz.n3tw3rk.1ns3cur1ty.c0rp";
sid = "13X";
description = "n3tw3rk 1ns3cur1ty c0rp0r4t10n t0r dmz";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_description = "General-purpose internet relay chat network";
hub = no;
default_max_clients = 65465;
max_nick_length = 30;
max_topic_length = 192;
};
listen {
host = "100.64.64.42"; # Oper bouncer
port = 6666;
#
host = "100.64.64.50"; # Console
port = 6667;
};

1
config/postfix/postfix/dynamicmaps.cf Normal file
View File

@ -0,0 +1 @@
# dict-type so-name (pathname) dict-function mkmap-function

29
config/postfix/postfix/main.cf Normal file
View File

@ -0,0 +1,29 @@
smtpd_banner = $myhostname ESMTP $mail_name (Netwerk)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_cert_file = /etc/ssl/certs/postfix.n3tw3rk.1ns3cur1ty.c0rp.crt
smtpd_tls_key_file = /etc/ssl/private/postfix.n3tw3rk.1ns3cur1ty.c0rp.key
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = postfix
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 100.64.65.64/26
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
#virtual_transport = lmtp:inet:198.18.66.227:2003 # TODO remote SMTP relay
virtual_mailbox_domains = mysql:/postfix/configs/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps = mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps = mysql:/postfix/configs/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/postfix/configs/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

17
config/postfix/postfix/main.cf.proto Normal file
View File

@ -0,0 +1,17 @@
compatibility_level = 2
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
smtpd_banner = $myhostname ESMTP $mail_name (n3tw3rk 1ns3cur1ty c0rp0r4t10n)
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path =
newaliases_path =
mailq_path =
setgid_group =
html_directory =
manpage_directory =
sample_directory =
readme_directory =
inet_protocols = ipv4

1
config/postfix/postfix/makedefs.out Symbolic link
View File

@ -0,0 +1 @@
/usr/share/postfix/makedefs.out

38
config/postfix/postfix/master.cf Normal file
View File

@ -0,0 +1,38 @@
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

38
config/postfix/postfix/master.cf.proto Normal file
View File

@ -0,0 +1,38 @@
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

925
config/postfix/postfix/post-install Executable file
View File

@ -0,0 +1,925 @@
#!/bin/sh
# To view the formatted manual page of this file, type:
# POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man
#++
# NAME
# post-install
# SUMMARY
# Postfix post-installation script
# SYNOPSIS
# postfix post-install [name=value] command ...
# DESCRIPTION
# The post-install script performs the finishing touch of a Postfix
# installation, after the executable programs and configuration
# files are installed. Usage is one of the following:
# .IP o
# While installing Postfix from source code on the local machine, the
# script is run by the postfix-install script to update selected file
# or directory permissions and to update Postfix configuration files.
# .IP o
# While installing Postfix from a pre-built package, the script is run
# by the package management procedure to set all file or directory
# permissions and to update Postfix configuration files.
# .IP o
# The script can be used to change installation parameter settings such
# as mail_owner or setgid_group after Postfix is already installed.
# .IP o
# The script can be used to upgrade configuration files and to upgrade
# file/directory permissions of a secondary Postfix instance.
# .IP o
# At Postfix start-up time, the script is run from "postfix check" to
# create missing queue directories.
# .PP
# The post-install script is controlled by installation parameters.
# Specific parameters are described at the end of this document.
# All installation parameters must be specified ahead of time via
# one of the methods described below.
#
# Arguments
# .IP create-missing
# Create missing queue directories with ownerships and permissions
# according to the contents of $meta_directory/postfix-files
# and optionally in $meta_directory/postfix-files.d/*, using
# the mail_owner and setgid_group parameter settings from the
# command line, process environment or from the installed
# main.cf file.
#
# This is required at Postfix start-up time.
# .IP set-permissions
# Set all file/directory ownerships and permissions according to the
# contents of $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when installing Postfix from a pre-built package,
# or when changing the mail_owner or setgid_group installation parameter
# settings after Postfix is already installed.
# .IP upgrade-permissions
# Update ownership and permission of existing files/directories as
# specified in $meta_directory/postfix-files and optionally
# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-configuration
# Edit the installed main.cf and master.cf files, in order to account
# for missing services and to fix deprecated parameter settings.
#
# This is required when upgrading an existing Postfix instance.
# .IP upgrade-source
# Short-hand for: upgrade-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from source code.
# .IP upgrade-package
# Short-hand for: set-permissions upgrade-configuration.
#
# This is recommended when upgrading Postfix from a pre-built package.
# .IP first-install-reminder
# Remind the user that they still need to configure main.cf and the
# aliases file, and that newaliases still needs to be run.
#
# This is recommended when Postfix is installed for the first time.
# MULTIPLE POSTFIX INSTANCES
# .ad
# .fi
# Multiple Postfix instances on the same machine can share command and
# daemon program files but must have separate configuration and queue
# directories.
#
# To create a secondary Postfix installation on the same machine,
# copy the configuration files from the primary Postfix instance to
# a secondary configuration directory and execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# queue_directory=secondary-queue-directory \e
# .br
# create-missing
# .PP
# This creates secondary Postfix queue directories, sets their access
# permissions, and saves the specified installation parameters to the
# secondary main.cf file.
#
# Be sure to list the secondary configuration directory in the
# alternate_config_directories parameter in the primary main.cf file.
#
# To upgrade a secondary Postfix installation on the same machine,
# execute:
#
# postfix post-install config_directory=secondary-config-directory \e
# .in +4
# upgrade-permissions upgrade-configuration
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
# Parameter settings can be specified through a variety of
# mechanisms. In order of decreasing precedence these are:
# .IP "command line"
# Parameter settings can be given as name=value arguments on
# the post-install command line. These have the highest precedence.
# Settings that override the installed main.cf file are saved.
# .IP "process environment"
# Parameter settings can be given as name=value environment
# variables.
# Settings that override the installed main.cf file are saved.
# .IP "installed configuration files"
# If a parameter is not specified via the command line or via the
# process environment, post-install will attempt to extract its
# value from the already installed Postfix main.cf configuration file.
# These settings have the lowest precedence.
# INSTALLATION PARAMETER DESCRIPTION
# .ad
# .fi
# The description of installation parameters is as follows:
# .IP config_directory
# The directory for Postfix configuration files.
# .IP daemon_directory
# The directory for Postfix daemon programs. This directory
# should not be in the command search path of any users.
# .IP command_directory
# The directory for Postfix administrative commands. This
# directory should be in the command search path of adminstrative users.
# .IP queue_directory
# The directory for Postfix queues.
# .IP data_directory
# The directory for Postfix writable data files (caches, etc.).
# .IP sendmail_path
# The full pathname for the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
# .IP newaliases_path
# The full pathname for the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases
# for the Postfix local delivery agent.
# .IP mailq_path
# The full pathname for the Postfix mailq command.
# This is the Sendmail-compatible command to list the mail queue.
# .IP mail_owner
# The owner of the Postfix queue. Its numerical user ID and group ID
# must not be used by any other accounts on the system.
# .IP setgid_group
# The group for mail submission and for queue management commands.
# Its numerical group ID must not be used by any other accounts on the
# system, not even by the mail_owner account.
# .IP html_directory
# The directory for the Postfix HTML files.
# .IP manpage_directory
# The directory for the Postfix on-line manual pages.
# .IP sample_directory
# The directory for the Postfix sample configuration files.
# This feature is obsolete as of Postfix 2.1.
# .IP readme_directory
# The directory for the Postfix README files.
# .IP shlib_directory
# The directory for the Postfix shared-library files, and for
# the Postfix dabatase plugin files with a relative pathname
# in the file dynamicmaps.cf.
# .IP meta_directory
# The directory for non-executable files that are shared
# among multiple Postfix instances, such as postfix-files,
# dynamicmaps.cf, as well as the multi-instance template files
# main.cf.proto and master.cf.proto.
# SEE ALSO
# postfix-install(1) Postfix primary installation script.
# FILES
# $config_directory/main.cf, Postfix installation parameters.
# $meta_directory/postfix-files, installation control file.
# $meta_directory/postfix-files.d/*, optional control files.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
umask 022
PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
SHELL=/bin/sh
IFS="
"
BACKUP_IFS="$IFS"
debug=:
#debug=echo
MOST_PARAMETERS="command_directory daemon_directory data_directory
html_directory mail_owner mailq_path manpage_directory
newaliases_path queue_directory readme_directory sample_directory
sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"
USAGE="Usage: $0 [name=value] command
create-missing Create missing queue directories.
upgrade-source When installing or upgrading from source code.
upgrade-package When installing or upgrading from pre-built package.
first-install-reminder Remind of mandatory first-time configuration steps.
name=value Specify an installation parameter".
# Process command-line options and parameter settings. Work around
# brain damaged shells. "IFS=value command" should not make the
# IFS=value setting permanent. But some broken standard allows it.
create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
obsolete=; keep_list=;
for arg
do
case $arg in
*[" "]*) echo $0: "Error: argument contains whitespace: '$arg'"
exit 1;;
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
create-missing) create=1;;
set-perm*) create=1; set_perms=1;;
upgrade-perm*) create=1; upgrade_perms=1;;
upgrade-conf*) upgrade_conf=1;;
upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
first-install*) first_install_reminder=1;;
*) echo "$0: Error: $USAGE" 1>&2; exit 1;;
esac
shift
done
# Sanity checks.
test -n "$create$upgrade_conf$first_install_reminder" || {
echo "$0: Error: $USAGE" 1>&2
exit 1
}
# Bootstrapping problem.
if [ -n "$command_directory" ]
then
POSTCONF="$command_directory/postconf"
else
POSTCONF="postconf"
fi
$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
echo $0: Error: no $POSTCONF command found. 1>&2
echo Re-run this command as $0 command_directory=/some/where. 1>&2
exit 1
}
# Also used to require license etc. files only in the default instance.
def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
test -n "$config_directory" ||
config_directory="$def_config_directory"
test -d "$config_directory" || {
echo $0: Error: $config_directory is not a directory. 1>&2
exit 1
}
# If this is a secondary instance, don't touch shared files.
# XXX Solaris does not have "test -e".
instances=`test ! -f $def_config_directory/main.cf ||
$POSTCONF -c $def_config_directory -h multi_instance_directories |
sed 's/,/ /'` || exit 1
update_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") update_shared_files=; break;;
esac
done
test -f $meta_directory/postfix-files || {
echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
exit 1
}
# SunOS5 fmt(1) truncates lines > 1000 characters.
fake_fmt() {
sed '
:top
/^\( *\)\([^ ][^ ]*\) */{
s//\1\2\
\1/
P
D
b top
}
' | fmt
}
case `uname -s` in
HP-UX*) FMT=cat;;
SunOS*) FMT=fake_fmt;;
*) FMT=fmt;;
esac
# If a parameter is not set via the command line or environment,
# try to use settings from installed configuration files.
# Extract parameter settings from the obsolete install.cf file, as
# a transitional aid.
grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
test -f $config_directory/install.cf && {
for name in sendmail_path newaliases_path mailq_path setgid manpages
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
|| exit 1
done
: ${setgid_group=$setgid}
: ${manpage_directory=$manpages}
}
}
# Extract parameter settings from the installed main.cf file.
test -f $config_directory/main.cf && {
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
"") eval unset $name;;
esac
eval : \${$name=\`$POSTCONF -c $config_directory -h $name\`} || exit 1
done
}
# Sanity checks
case $manpage_directory in
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac
case $setgid_group in
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
"$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
"$meta_directory"
do
case "$path" in
/*) ;;
*) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
esac
done
for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
case "$path" in
/*) ;;
no) ;;
*) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
esac
done
# Find out what parameters were not specified via command line,
# via environment, or via installed configuration files.
missing=
for name in $MOST_PARAMETERS
do
eval test -n \"\$$name\" || missing="$missing $name"
done
# All parameters must be specified at this point.
test -n "$non_interactive" -a -n "$missing" && {
cat <<EOF | ${FMT} 1>&2
$0: Error: some required installation parameters are not defined.
- Either the parameters need to be given in the $config_directory/main.cf
file from a recent Postfix installation,
- Or the parameters need to be specified through the process
environment.
- Or the parameters need to be specified as name=value arguments
on the $0 command line,
The following parameters were missing:
$missing
EOF
exit 1
}
POSTCONF="$command_directory/postconf"
# Save settings, allowing command line/environment override.
# Undo MAIL_VERSION expansion at the end of a parameter value. If
# someone really wants the expanded mail version in main.cf, then
# we're sorry.
# Confine side effects from mail_version unexpansion within a subshell.
(case "$mail_version" in
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
esac
for name in $MOST_PARAMETERS
do
eval junk=\$$name
case "$junk" in
*"$mail_version"*)
case "$pattern" in
"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
esac
val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
eval ${name}='"$val"'
esac
done
# XXX Maybe update main.cf only with first install, upgrade, set
# permissions, and what else? Should there be a warning otherwise?
override=
for name in $MOST_PARAMETERS
do
eval junk=\"\$$name\"
test "$junk" = "`$POSTCONF -c $config_directory -h $name`" || {
override=1
break
}
done
test -n "$override" && {
$POSTCONF -c $config_directory -e \
"daemon_directory = $daemon_directory" \
"command_directory = $command_directory" \
"queue_directory = $queue_directory" \
"data_directory = $data_directory" \
"mail_owner = $mail_owner" \
"setgid_group = $setgid_group" \
"sendmail_path = $sendmail_path" \
"mailq_path = $mailq_path" \
"newaliases_path = $newaliases_path" \
"html_directory = $html_directory" \
"manpage_directory = $manpage_directory" \
"sample_directory = $sample_directory" \
"readme_directory = $readme_directory" \
"shlib_directory = $shlib_directory" \
"meta_directory = $meta_directory" \
|| exit 1
} || exit 0) || exit 1
# Use file/directory status information in $meta_directory/postfix-files.
test -n "$create" && {
postfix_files_d=$meta_directory/postfix-files.d
for postfix_file in $meta_directory/postfix-files \
`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
do
exec <$postfix_file || exit 1
while IFS=: read path type owner group mode flags junk
do
IFS="$BACKUP_IFS"
set_permission=
# Skip comments. Skip shared files, if updating a secondary instance.
case $path in
[$]*) case "$update_shared_files" in
1) $debug keep non-shared or shared $path;;
*) non_shared=
for name in $NON_SHARED
do
case $path in
"\$$name"*) non_shared=1; break;;
esac
done
case "$non_shared" in
1) $debug keep non-shared $path;;
*) $debug skip shared $path; continue;;
esac;;
esac;;
*) continue;;
esac
# Skip hard links and symbolic links.
case $type in
[hl]) continue;;
[df]) ;;
*) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
esac
# Expand $name, and canonicalize null fields.
for name in path owner group flags
do
eval junk=\${$name}
case $junk in
[$]*) eval $name=$junk;;
-) eval $name=;;
*) ;;
esac
done
# Skip uninstalled files.
case $path in
no|no/*) continue;;
esac
# Pick up the flags.
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
case $flags in *r*) recursive="-R";; *) recursive=;; esac
case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
"$def_config_directory" && continue;; esac
# Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
if [ -n "$obsolete_flag" ]
then
test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
continue;
else
keep_list="$keep_list $path"
fi
# Create missing directories with proper owner/group/mode settings.
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
then
mkdir $path || exit 1
set_permission=1
# Update all owner/group/mode settings.
elif [ -n "$set_perms" ]
then
set_permission=1
# Update obsolete owner/group/mode settings.
elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
then
set_permission=1
fi
test -n "$set_permission" && {
chown $recursive $owner $path || exit 1
test -z "$group" || chgrp $recursive $group $path || exit 1
# Don't "chmod -R"; queue file status is encoded in mode bits.
if [ "$type" = "d" -a -n "$recursive" ]
then
find $path -type d -exec chmod $mode "{}" ";"
else
chmod $mode $path
fi || exit 1
}
done
IFS="$BACKUP_IFS"
done
}
# Upgrade existing Postfix configuration files if necessary.
test -n "$upgrade_conf" && {
# Postfix 2.0.
# Add missing relay service to master.cf.
grep '^relay' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for relay service
cat >>$config_directory/master.cf <<EOF || exit 1
relay unix - - n - - smtp
EOF
}
# Postfix 1.1.
# Add missing flush service to master.cf.
grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for flush service
cat >>$config_directory/master.cf <<EOF || exit 1
flush unix - - n 1000? 0 flush
EOF
}
# Postfix 2.1.
# Add missing trace service to master.cf.
grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for trace service
cat >>$config_directory/master.cf <<EOF || exit 1
trace unix - - n - 0 bounce
EOF
}
# Postfix 2.1.
# Add missing verify service to master.cf.
grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for verify service
cat >>$config_directory/master.cf <<EOF || exit 1
verify unix - - n - 1 verify
EOF
}
# Postfix 2.1.
# Fix verify service process limit.
grep '^verify.*[ ]0[ ]*verify' \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting verify process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^verify.*[ ]0[ ]*verify/
s/\([ ]\)0\([ ]\)/\11\2/
p
w
q
EOF
}
# Postfix 1.1.
# Change privileged pickup service into unprivileged.
grep "^pickup[ ]*fifo[ ]*n[ ]*n" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the pickup service unprivileged
ed $config_directory/master.cf <<EOF || exit 1
/^pickup[ ]*fifo[ ]*n[ ]*n/
s/\(n[ ]*\)n/\1-/
p
w
q
EOF
}
# Postfix 1.1.
# Change private cleanup and flush services into public.
for name in cleanup flush
do
grep "^$name[ ]*unix[ ]*[-y]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, making the $name service public
ed $config_directory/master.cf <<EOF || exit 1
/^$name[ ]*unix[ ]*[-y]/
s/[-y]/n/
p
w
q
EOF
}
done
# Postfix 2.2.
# File systems have improved since Postfix came out, and all we
# require now is that defer and deferred are hashed because those
# can contain lots of files.
found=`$POSTCONF -c $config_directory -h hash_queue_names`
missing=
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
test -n "$missing" && {
echo fixing main.cf hash_queue_names for missing $missing
$POSTCONF -c $config_directory -e hash_queue_names="$found$missing" ||
exit 1
}
# Turn on safety nets for new features that could bounce mail that
# would be accepted by a previous Postfix version.
# [The "unknown_local_recipient_reject_code = 450" safety net,
# introduced with Postfix 2.0 and deleted after Postfix 2.3.]
# Postfix 2.0.
# Add missing proxymap service to master.cf.
grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxymap service
cat >>$config_directory/master.cf <<EOF || exit 1
proxymap unix - - n - - proxymap
EOF
}
# Postfix 2.1.
# Add missing anvil service to master.cf.
grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for anvil service
cat >>$config_directory/master.cf <<EOF || exit 1
anvil unix - - n - 1 anvil
EOF
}
# Postfix 2.2.
# Add missing scache service to master.cf.
grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for scache service
cat >>$config_directory/master.cf <<EOF || exit 1
scache unix - - n - 1 scache
EOF
}
# Postfix 2.2.
# Add missing discard service to master.cf.
grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for discard service
cat >>$config_directory/master.cf <<EOF || exit 1
discard unix - - n - - discard
EOF
}
# Postfix 2.2.
# Update the tlsmgr fifo->unix service.
grep "^tlsmgr[ ]*fifo[ ]" \
$config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
ed $config_directory/master.cf <<EOF || exit 1
/^tlsmgr[ ]*fifo[ ]/
s/fifo/unix/
s/[0-9][0-9]*/&?/
p
w
q
EOF
}
# Postfix 2.2.
# Add missing tlsmgr service to master.cf.
grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
cat >>$config_directory/master.cf <<EOF || exit 1
tlsmgr unix - - n 1000? 1 tlsmgr
EOF
}
# Postfix 2.2.
# Add missing retry service to master.cf.
grep '^retry.*error' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for retry service
cat >>$config_directory/master.cf <<EOF || exit 1
retry unix - - n - - error
EOF
}
# Postfix 2.5.
# Add missing proxywrite service to master.cf.
grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
cat >>$config_directory/master.cf <<EOF || exit 1
proxywrite unix - - n - 1 proxymap
EOF
}
# Postfix 2.5.
# Fix a typo in the default master.cf proxywrite entry.
grep '^proxywrite.*-[ ]*proxymap' $config_directory/master.cf >/dev/null && {
echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
ed $config_directory/master.cf <<EOF || exit 1
/^proxywrite.*-[ ]*proxymap/
s/-\([ ]*proxymap\)/1\1/
p
w
q
EOF
}
# Postfix 2.8.
# Add missing postscreen service to master.cf.
grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtp inet n - n - 1 postscreen
EOF
}
# Postfix 2.8.
# Add missing smtpd (unix-domain) service to master.cf.
grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#smtpd pass - - n - - smtpd
EOF
}
# Postfix 2.8.
# Add temporary dnsblog (unix-domain) service to master.cf.
grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#dnsblog unix - - n - 0 dnsblog
EOF
}
# Postfix 2.8.
# Add tlsproxy (unix-domain) service to master.cf.
grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
cat >>$config_directory/master.cf <<EOF || exit 1
#tlsproxy unix - - n - 0 tlsproxy
EOF
}
# Report (but do not remove) obsolete files.
test -n "$obsolete" && {
cat <<EOF | ${FMT}
Note: the following files or directories still exist but are
no longer part of Postfix:
$obsolete
EOF
}
# Postfix 2.9.
# Safety net for incompatible changes in IPv6 defaults.
# PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
# UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
# BEFORE 2.9.
# This code assumes that the default is "inet_protocols = ipv4"
# when IPv6 support is not compiled in. See util/sys_defs.h.
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
test -n "`$POSTCONF -c $config_directory -n inet_protocols`" || {
cat <<EOF | ${FMT}
COMPATIBILITY: editing $config_directory/main.cf, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you
want to enable IPv6.
In a future release IPv6 will be enabled by default.
EOF
$POSTCONF -c $config_directory inet_protocols=ipv4 || exit 1
}
# Disabled because unhelpful down-stream maintainers disable the safety net.
# # Postfix 2.10.
# # Safety net for incompatible changes due to the introduction
# # of the smtpd_relay_restrictions feature to separate the
# # mail relay policy from the spam blocking policy.
# # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
# # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
# # POSTFIX BEFORE 2.10.
# test -n "`$POSTCONF -c $config_directory -n smtpd_relay_restrictions`" || {
# cat <<EOF | ${FMT}
# COMPATIBILITY: editing $config_directory/main.cf, overriding
# smtpd_relay_restrictions to prevent inbound mail from
# unexpectedly bouncing.
# Specify an empty smtpd_relay_restrictions value to keep using
# smtpd_recipient_restrictions as before.
#EOF
# $POSTCONF -c $config_directory "smtpd_relay_restrictions = \
# permit_mynetworks permit_sasl_authenticated \
# defer_unauth_destination" || exit 1
# }
# Postfix 3.4
# Add a postlog service entry.
grep '^postlog' $config_directory/master.cf >/dev/null || {
echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
cat >>$config_directory/master.cf <<EOF || exit 1
postlog unix-dgram n - n - 1 postlogd
EOF
}
}
# A reminder if this is the first time Postfix is being installed.
test -n "$first_install_reminder" && {
ALIASES=`$POSTCONF -c $config_directory -h alias_database | sed 's/^[^:]*://'`
NEWALIASES_PATH=`$POSTCONF -c $config_directory -h newaliases_path`
cat <<EOF | ${FMT}
Warning: you still need to edit myorigin/mydestination/mynetworks
parameter settings in $config_directory/main.cf.
See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
for information about dialup sites or about sites inside a
firewalled network.
BTW: Check your $ALIASES file and be sure to set up aliases
that send mail for root and postmaster to a real person, then
run $NEWALIASES_PATH.
EOF
}
exit 0

223
config/postfix/postfix/postfix-files Normal file
View File

@ -0,0 +1,223 @@
#
# Do not edit this file.
#
# This file controls the postfix-install script for installation of
# Postfix programs, configuration files and documentation, as well
# as the post-install script for setting permissions and for updating
# Postfix configuration files. See the respective manual pages within
# the script files.
#
# Do not list $command_directory or $shlib_directory in this file,
# or it will be blown away by a future Postfix uninstallation
# procedure. You would not want to lose all files in /usr/sbin or
# /usr/local/lib.
#
# Each record in this file describes one file or directory.
# Fields are separated by ":". Specify a null field as "-".
# Missing fields or separators at the end are OK.
#
# File format:
# name:type:owner:group:permission:flags
# No group means don't change group ownership.
#
# File types:
# d=directory
# f=regular file
# h=hard link (*)
# l=symbolic link (*)
#
# (*) With hard links and symbolic links, the owner field becomes the
# source pathname, while the group and permissions are ignored.
#
# File flags:
# No flag means the flag is not active.
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
# r=apply owner/group recursively (post-install set/upgrade-permissions).
# o=obsolete, no longer part of Postfix
# 1=optional for non-default instance (config_dir != built-in default).
#
# Note: the "u" flag is for upgrading the permissions of existing files
# or directories after changes in Postfix architecture. For robustness
# it is a good idea to "u" all the files that have special ownership or
# permissions, so that running "make install" fixes any glitches.
#
# Note: order matters. Update shared libraries and database plugins
# before daemon/command-line programs.
$config_directory:d:root:-:755:u
$data_directory:d:$mail_owner:-:700:uc
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$queue_directory/active:d:$mail_owner:-:700:ucr
$queue_directory/bounce:d:$mail_owner:-:700:ucr
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
$queue_directory/defer:d:$mail_owner:-:700:ucr
$queue_directory/deferred:d:$mail_owner:-:700:ucr
$queue_directory/flush:d:$mail_owner:-:700:ucr
$queue_directory/hold:d:$mail_owner:-:700:ucr
$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/trace:d:$mail_owner:-:700:ucr
# Update shared libraries and plugins before daemon or command-line programs.
$shlib_directory/libpostfix-util.so:f:root:-:755
$shlib_directory/libpostfix-global.so:f:root:-:755
$shlib_directory/libpostfix-dns.so:f:root:-:755
$shlib_directory/libpostfix-tls.so:f:root:-:755
$shlib_directory/libpostfix-master.so:f:root:-:755
$meta_directory/dynamicmaps.cf.d:d:root:-:755
$meta_directory/dynamicmaps.cf:f:root:-:644
$meta_directory/main.cf.proto:f:root:-:644
$meta_directory/makedefs.out:f:root:-:644
$meta_directory/master.cf.proto:f:root:-:644
$meta_directory/postfix-files.d:d:root:-:755
$meta_directory/postfix-files:f:root:-:644
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/discard:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
$daemon_directory/local:f:root:-:755
$daemon_directory/main.cf:f:root:-:644:o
$daemon_directory/master.cf:f:root:-:644:o
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
$daemon_directory/pipe:f:root:-:755
$daemon_directory/post-install:f:root:-:755
# In case meta_directory == daemon_directory.
#$daemon_directory/postfix-files:f:root:-:644:o
#$daemon_directory/postfix-files.d:d:root:-:755:o
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-tls-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$daemon_directory/postlogd:f:root:-:755
$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
$daemon_directory/qmqpd:f:root:-:755
$daemon_directory/scache:f:root:-:755
$daemon_directory/showq:f:root:-:755
$daemon_directory/smtp:f:root:-:755
$daemon_directory/smtpd:f:root:-:755
$daemon_directory/spawn:f:root:-:755
$daemon_directory/tlsproxy:f:root:-:755
$daemon_directory/tlsmgr:f:root:-:755
$daemon_directory/trivial-rewrite:f:root:-:755
$daemon_directory/verify:f:root:-:755
$daemon_directory/virtual:f:root:-:755
$daemon_directory/nqmgr:h:$daemon_directory/qmgr
$daemon_directory/lmtp:h:$daemon_directory/smtp
$command_directory/postalias:f:root:-:755
$command_directory/postcat:f:root:-:755
$command_directory/postconf:f:root:-:755
$command_directory/postfix:f:root:-:755
$command_directory/postkick:f:root:-:755
$command_directory/postlock:f:root:-:755
$command_directory/postlog:f:root:-:755
$command_directory/postmap:f:root:-:755
$command_directory/postmulti:f:root:-:755
$command_directory/postsuper:f:root:-:755
$command_directory/postdrop:f:root:$setgid_group:2755:u
$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:$sendmail_path
$mailq_path:l:$sendmail_path
# Empty files not shipped in Debian
#$config_directory/access:f:root:-:644:p1
#$config_directory/aliases:f:root:-:644:p1
#$config_directory/bounce.cf.default:f:root:-:644:1
#$config_directory/canonical:f:root:-:644:p1
#$config_directory/cidr_table:f:root:-:644:o
#$config_directory/generic:f:root:-:644:p1
#$config_directory/generics:f:root:-:644:o
#$config_directory/header_checks:f:root:-:644:p1
#$config_directory/install.cf:f:root:-:644:o
#$config_directory/main.cf.default:f:root:-:644:1
$config_directory/main.cf:f:root:-:644:p
$config_directory/master.cf:f:root:-:644:p
#$config_directory/regexp_table:f:root:-:644:o
#$config_directory/relocated:f:root:-:644:p1
#$config_directory/tcp_table:f:root:-:644:o
#$config_directory/transport:f:root:-:644:p1
#$config_directory/virtual:f:root:-:644:p1
$config_directory/postfix-script:f:root:-:755:o
#$config_directory/postfix-script-sgid:f:root:-:755:o
#$config_directory/postfix-script-nosgid:f:root:-:755:o
$config_directory/post-install:f:root:-:755:o
$manpage_directory/man1/mailq.1.gz:f:root:-:644
$manpage_directory/man1/newaliases.1.gz:f:root:-:644
$manpage_directory/man1/postalias.1.gz:f:root:-:644
$manpage_directory/man1/postcat.1.gz:f:root:-:644
$manpage_directory/man1/postconf.1.gz:f:root:-:644
$manpage_directory/man1/postdrop.1.gz:f:root:-:644
$manpage_directory/man1/postfix.1.gz:f:root:-:644
$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644
$manpage_directory/man1/postkick.1.gz:f:root:-:644
$manpage_directory/man1/postlock.1.gz:f:root:-:644
$manpage_directory/man1/postlog.1.gz:f:root:-:644
$manpage_directory/man1/postmap.1.gz:f:root:-:644
$manpage_directory/man1/postmulti.1.gz:f:root:-:644
$manpage_directory/man1/postqueue.1.gz:f:root:-:644
$manpage_directory/man1/postsuper.1.gz:f:root:-:644
$manpage_directory/man1/sendmail.1.gz:f:root:-:644
$manpage_directory/man5/access.5.gz:f:root:-:644
$manpage_directory/man5/aliases.5.gz:f:root:-:644
$manpage_directory/man5/body_checks.5.gz:f:root:-:644
$manpage_directory/man5/bounce.5.gz:f:root:-:644
$manpage_directory/man5/canonical.5.gz:f:root:-:644
$manpage_directory/man5/cidr_table.5.gz:f:root:-:644
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
$manpage_directory/man5/generic.5.gz:f:root:-:644
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
$manpage_directory/man5/master.5.gz:f:root:-:644
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644
$manpage_directory/man5/postconf.5.gz:f:root:-:644
$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644
$manpage_directory/man5/regexp_table.5.gz:f:root:-:644
$manpage_directory/man5/relocated.5.gz:f:root:-:644
$manpage_directory/man5/tcp_table.5.gz:f:root:-:644
$manpage_directory/man5/transport.5.gz:f:root:-:644
$manpage_directory/man5/virtual.5.gz:f:root:-:644
$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644
$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644
$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644
$manpage_directory/man8/defer.8postfix.gz:f:root:-:644
$manpage_directory/man8/discard.8postfix.gz:f:root:-:644
$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644
$manpage_directory/man8/error.8postfix.gz:f:root:-:644
$manpage_directory/man8/flush.8postfix.gz:f:root:-:644
$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/local.8postfix.gz:f:root:-:644
$manpage_directory/man8/master.8postfix.gz:f:root:-:644
$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o
$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644:
$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644
$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644
$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644
$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644
$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644
$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644
$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/scache.8postfix.gz:f:root:-:644
$manpage_directory/man8/showq.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644
$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644
$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644
$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644
$manpage_directory/man8/trace.8postfix.gz:f:root:-:644
$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644
$manpage_directory/man8/verify.8postfix.gz:f:root:-:644
$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644

478
config/postfix/postfix/postfix-script Executable file
View File

@ -0,0 +1,478 @@
#!/bin/sh
#++
# NAME
# postfix-script 1
# SUMMARY
# execute Postfix administrative commands
# SYNOPSIS
# \fBpostfix-script\fR \fIcommand\fR
# DESCRIPTION
# The \fBpostfix-script\fR script executes Postfix administrative
# commands in an environment that is set up by the \fBpostfix\fR(1)
# command.
# SEE ALSO
# master(8) Postfix master program
# postfix(1) Postfix administrative interface
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
# Avoid POSIX death due to SIGHUP when some parent process exits.
trap '' 1
case $daemon_directory in
"") echo This script must be run by the postfix command. 1>&2
echo Do not run directly. 1>&2
exit 1
esac
LOGGER="$command_directory/postlog -t $MAIL_LOGTAG/postfix-script"
INFO="$LOGGER -p info"
WARN="$LOGGER -p warn"
ERROR="$LOGGER -p error"
FATAL="$LOGGER -p fatal"
PANIC="$LOGGER -p panic"
if [ "X${1#quiet-}" != "X${1}" ]; then
INFO=:
x=${1#quiet-}
shift
set -- $x "$@"
fi
umask 022
SHELL=/bin/sh
#
# Can't do much without these in place.
#
cd $command_directory || {
$FATAL no Postfix command directory $command_directory!
exit 1
}
cd $daemon_directory || {
$FATAL no Postfix daemon directory $daemon_directory!
exit 1
}
test -f master || {
$FATAL no Postfix master program $daemon_directory/master!
exit 1
}
cd $config_directory || {
$FATAL no Postfix configuration directory $config_directory!
exit 1
}
case $shlib_directory in
no) ;;
*) cd $shlib_directory || {
$FATAL no Postfix shared-library directory $shlib_directory!
exit 1
}
esac
cd $meta_directory || {
$FATAL no Postfix meta directory $meta_directory!
exit 1
}
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
def_config_directory=`$command_directory/postconf -dh config_directory` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
# If this is a secondary instance, don't touch shared files.
instances=`test ! -f $def_config_directory/main.cf ||
$command_directory/postconf -c $def_config_directory \
-h multi_instance_directories | sed 's/,/ /'` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
check_shared_files=1
for name in $instances
do
case "$name" in
"$def_config_directory") ;;
"$config_directory") check_shared_files=; break;;
esac
done
#
# Parse JCL
#
case $1 in
start_msg)
echo "Start postfix"
;;
stop_msg)
echo "Stop postfix"
;;
quick-start)
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
$daemon_directory/postfix-script quick-check || {
$FATAL Postfix integrity check failed!
exit 1
}
$INFO starting the Postfix mail system
$daemon_directory/master &
;;
start|start-fg)
$daemon_directory/master -t 2>/dev/null || {
$FATAL the Postfix mail system is already running
exit 1
}
if [ -f $queue_directory/quick-start ]
then
rm -f $queue_directory/quick-start
else
$daemon_directory/postfix-script check-fatal || {
$FATAL Postfix integrity check failed!
exit 1
}
# Foreground this so it can be stopped. All inodes are cached.
$daemon_directory/postfix-script check-warn
fi
$INFO starting the Postfix mail system || exit 1
case $1 in
start)
# NOTE: wait in foreground process to get the initialization status.
$daemon_directory/master -w || {
$FATAL "mail system startup failed"
exit 1
}
;;
start-fg)
# Foreground start-up is incompatible with multi-instance mode.
# Use "exec $daemon_directory/master" only if PID == 1.
# Otherwise, doing so would break process group management,
# and "postfix stop" would kill too many processes.
case $instances in
"") case $$ in
1) exec $daemon_directory/master -i
$FATAL "cannot start-fg the master daemon"
exit 1;;
*) $daemon_directory/master -s;;
esac
;;
*) $FATAL "start-fg does not support multi_instance_directories"
exit 1
;;
esac
;;
esac
;;
drain)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO stopping the Postfix mail system
kill -9 `sed 1q pid/master.pid`
;;
quick-stop)
$daemon_directory/postfix-script stop
touch $queue_directory/quick-start
;;
stop)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 0
}
$INFO stopping the Postfix mail system
kill `sed 1q pid/master.pid`
for i in 5 4 3 2 1
do
$daemon_directory/master -t && exit 0
$INFO waiting for the Postfix mail system to terminate
sleep 1
done
$WARN stopping the Postfix mail system with force
pid=`awk '{ print $1; exit 0 } END { exit 1 }' pid/master.pid` &&
kill -9 -$pid
;;
abort)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 0
}
$INFO aborting the Postfix mail system
kill `sed 1q pid/master.pid`
;;
reload)
$daemon_directory/master -t 2>/dev/null && {
$FATAL the Postfix mail system is not running
exit 1
}
$INFO refreshing the Postfix mail system
$command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
$command_directory/postsuper &
;;
flush)
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
}
$command_directory/postqueue -f
;;
check)
$daemon_directory/postfix-script check-fatal || exit 1
$daemon_directory/postfix-script check-warn
exit 0
;;
status)
$daemon_directory/master -t 2>/dev/null && {
$INFO the Postfix mail system is not running
exit 1
}
$INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
exit 0
;;
quick-check)
# This command is NOT part of the public interface.
$SHELL $daemon_directory/post-install create-missing || {
$WARN unable to create missing queue directories
exit 1
}
# Look for incomplete installations.
test -f $config_directory/master.cf || {
$FATAL no $config_directory/master.cf file found
exit 1
}
exit 0
;;
check-fatal)
# This command is NOT part of the public interface.
$daemon_directory/postfix-script quick-check
maillog_file=`$command_directory/postconf -h maillog_file` || {
$FATAL cannot execute $command_directory/postconf!
exit 1
}
test -n "$maillog_file" && {
$command_directory/postconf -M postlog/unix-dgram 2>/dev/null \
| grep . >/dev/null || {
$FATAL "missing 'postlog' service in master.cf - run 'postfix upgrade-configuration'"
exit 1
}
}
# See if all queue files are in the right place. This is slow.
# We must scan all queues for mis-named queue files before the
# mail system can run.
$command_directory/postsuper || exit 1
exit 0
;;
check-warn)
# This command is NOT part of the public interface.
# Check Postfix root-owned directory owner/permissions.
find $queue_directory/. $queue_directory/pid \
-prune ! -user root \
-exec $WARN not owned by root: {} \;
find $queue_directory/. $queue_directory/pid \
-prune \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix root-owned directory tree owner/permissions.
todo="$config_directory/."
test -n "$check_shared_files" && {
todo="$daemon_directory/. $meta_directory/. $todo"
test "$shlib_directory" = "no" ||
todo="$shlib_directory/. $todo"
}
todo=`echo "$todo" | tr ' ' '\12' | sort -u`
find $todo ! -user root \
-exec $WARN not owned by root: {} \;
# Handle symlinks separately
find -L $todo \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
find $todo -type l | while read f; do \
readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \
done; \
# Check Postfix mail_owner-owned directory tree owner/permissions.
find $data_directory/. ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
find $data_directory/. \( -perm -020 -o -perm -002 \) \
-exec $WARN group or other writable: {} \;
# Check Postfix mail_owner-owned directory tree owner.
find `ls -d $queue_directory/* | \
egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
# WARNING: this should not descend into the maildrop directory.
# maildrop is the least trusted Postfix directory.
find $queue_directory/maildrop -prune ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
# Check Postfix setgid_group-owned directory and file group/permissions.
todo="$queue_directory/public $queue_directory/maildrop"
test -n "$check_shared_files" &&
todo="$command_directory/postqueue $command_directory/postdrop $todo"
find $todo \
-prune ! -group $setgid_group \
-exec $WARN not owned by group $setgid_group: {} \;
test -n "$check_shared_files" &&
find $command_directory/postqueue $command_directory/postdrop \
-prune ! -perm -02111 \
-exec $WARN not set-gid or not owner+group+world executable: {} \;
# Check non-Postfix root-owned directory tree owner/content.
for dir in bin etc lib sbin usr
do
test -d $dir && {
find $dir ! -user root \
-exec $WARN not owned by root: $queue_directory/{} \;
find $dir -type f -print | while read path
do
test -f /$path && {
cmp -s $path /$path ||
$WARN $queue_directory/$path and /$path differ
}
done
}
done
find corrupt -type f -exec $WARN damaged message: {} \;
# Check for non-Postfix MTA remnants.
test -n "$check_shared_files" -a -f /usr/sbin/sendmail -a \
-f /usr/lib/sendmail && {
cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
$WARN Replace one by a symbolic link to the other
}
}
exit 0
;;
set-permissions|upgrade-configuration)
$daemon_directory/post-install create-missing "$@"
;;
post-install)
# Currently not part of the public interface.
shift
$daemon_directory/post-install "$@"
;;
tls)
shift
$daemon_directory/postfix-tls-script "$@"
;;
/*)
# Currently not part of the public interface.
"$@"
;;
logrotate)
case $# in
1) ;;
*) $FATAL "usage postfix $1 (no arguments)"; exit 1;;
esac
for name in maillog_file maillog_file_compressor \
maillog_file_rotate_suffix
do
value="`$command_directory/postconf -h $name`"
case "$value" in
"") $FATAL "empty '$name' parameter value - logfile rotation failed"
exit 1;;
esac
eval $name='"$value"';
done
case "$maillog_file" in
/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
esac
errors=`(
suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
mv "$maillog_file" "$maillog_file.$suffix" || exit 1
$daemon_directory/master -t 2>/dev/null ||
kill -HUP \`sed 1q pid/master.pid\` || exit 1
sleep 1
"$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
) 2>&1` || {
$FATAL "logfile '$maillog_file' rotation failed: $errors"
exit 1
}
;;
*)
$FATAL "unknown command: '$1'. Usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration, logrotate)"
exit 1
;;
esac

5
config/postfix/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = root
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

5
config/postfix/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = postfix
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

5
config/postfix/postfix/sql/mysql_virtual_alias_domain_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = postfix
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

5
config/postfix/postfix/sql/mysql_virtual_alias_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = postfix
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

5
config/postfix/postfix/sql/mysql_virtual_domains_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = postfix
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

5
config/postfix/postfix/sql/mysql_virtual_mailbox_maps.cf Normal file
View File

@ -0,0 +1,5 @@
user = postfix
password =
hosts = 100.64.64.138
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

6
config/postfix/rsyslog.conf Normal file
View File

@ -0,0 +1,6 @@
$ModLoad imuxsock
$WorkDirectory /
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$OmitLocalLogging off
*.* -/dev/stdout
& stop

8
config/postfix/supervisor/conf.d/postfix.ini Normal file
View File

@ -0,0 +1,8 @@
[program:postfix]
process_name = master
command = /usr/lib/postfix/sbin/master -d -c /etc/postfix -s
startsecs = 0
autorestart = true
stdout_logfile = /dev/fd/1
stdout_logfile_maxbytes = 0
exitcodes = 0

6
config/postfix/supervisor/conf.d/rsyslog.ini Normal file
View File

@ -0,0 +1,6 @@
[program:rsyslog]
command = /usr/sbin/rsyslogd -n
startsecs = 5
autorestart = true
stdout_logfile = /dev/fd/1
stdout_logfile_maxbytes = 0

8
config/postfix/supervisor/supervisord.conf Normal file
View File

@ -0,0 +1,8 @@
[supervisord]
loglevel = info
pidfile = /var/run/supervisord.pid
nodaemon = true
minfds = 1024
minprocs = 200
[include]
files = /postfix/configs/supervisor/conf.d/*.ini

15
config/tor/torrc Normal file
View File

@ -0,0 +1,15 @@
RunAsDaemon 0
SocksPort 0
DNSPort 0
TransPort 0
HiddenServiceDir /var/lib/tor/leaf_6667/
HiddenServicePort 6667 100.64.65.3:6667
HiddenServiceDir /var/lib/tor/hub_6667/
HiddenServicePort 6667 100.64.65.15:6667

50
hb_edge/docker-compose.yml Normal file
View File

@ -0,0 +1,50 @@
version: "3.8"
networks:
default:
ipam:
driver: default
config:
- subnet: 198.18.55.8/30
hub:
external:
name: rb_hub_edge_leaf
console:
external:
name: rb_console_edge
tor:
external:
name: rb_tor_edge_leaf
services:
edge:
restart: unless-stopped
hostname: edge
domainname: netwerk.insecurity.corp
userns_mode: "host"
build:
context: ../ratbox
dockerfile: Dockerfile
image: ratbox:latest
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
environment:
LANG: en_US.utf8
TZ: UTC
NICK_LEN: 32
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
networks:
default:
ipv4_address: 198.18.55.10
hub:
ipv4_address: 198.18.70.27
console:
ipv4_address: 198.18.70.42
volumes:
- ../etc/:/usr/local/ircd/etc:rw
- ./edge.conf:/usr/local/ircd/etc/ircd.conf:ro
- ../ephemeral/logs:/usr/local/ircd/logs:rw
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw

88
hb_edge/edge.conf Normal file
View File

@ -0,0 +1,88 @@
.include <admin.conf>
.include <modules.all.conf>
.include <general.edge.conf>
.include <classes.conf>
.include <server.classes.conf>
.include <channel.conf>
serverinfo {
name = "edge.netwerk.insecurity.corp";
sid = "15X";
description = "Site border hub for up-link";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_desc = "General-purpose internet relay chat network";
hub = yes;
default_max_clients = 102400;
bandb = "ephemeral/db/edge.ban.db";
};
serverhide {
flatten_links = no;
links_delay = 16 seconds;
hidden = yes;
disable_hidden = no;
};
cluster {
name = "*";
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
};
shared {
oper = "*@*", "*";
flags = all;
};
service {
name = "n3tw3rk.services";
};
auth {
spoof = "console.netwerk.insecurity.corp";
user = "*@198.18.70.43";
class = "admins";
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
gline_exempt, kline_exempt, exceed_limit;
};
operator "edge_admin" {
user = "*@198.18.70.43";
password = "password";
umodes = cconn, cconnext, debug, full, skill, nchange,
rej, external, operwall, locops, unauth;
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
rehash, admin, xline, resv, operwall;
};
connect "hub.netwerk.insecurity.corp" {
host = "198.18.70.26";
send_password = "password";
accept_password = "password";
port = 7003;
aftype = ipv4;
class = "hub_server";
hub_mask = "*";
flags = topicburst;
};
service {
name = "ratbox.services";
};
listen {
host = "198.18.55.10";
port = 6667;
sslport = 6697;
host = "198.18.70.42";
port = 6667;
sslport = 6697;
host = "198.18.70.27";
port = 7003;
sslport = 7103;
};
exempt {
ip = "198.18.70.0/25";
ip = "127.0.0.0/8";
};

47
hb_general/docker-compose.yml Normal file
View File

@ -0,0 +1,47 @@
version: "3.8"
networks:
general_default:
ipam:
driver: default
config:
- subnet: 198.18.55.0/30
hub:
external:
name: rb_hub_general_leaf
console:
external:
name: rb_console_general
services:
general:
restart: unless-stopped
hostname: general
domainname: netwerk.insecurity.corp
userns_mode: "host"
build:
context: ../ratbox
dockerfile: Dockerfile
image: ratbox:latest
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
environment:
LANG: en_US.utf8
TZ: UTC
NICK_LEN: 32
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
networks:
general_default:
ipv4_address: 198.18.55.2
hub:
ipv4_address: 198.18.70.3
console:
ipv4_address: 198.18.70.50
volumes:
- ../etc/:/usr/local/ircd/etc:rw
- ./general.conf:/usr/local/ircd/etc/ircd.conf:ro
- ../ephemeral/logs:/usr/local/ircd/logs:rw
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw

94
hb_general/general.conf Normal file
View File

@ -0,0 +1,94 @@
.include <admin.conf>
.include <modules.all.conf>
.include <general.general.conf>
.include <classes.conf>
.include <server.classes.conf>
.include <channel.conf>
serverinfo {
name = "general.netwerk.insecurity.corp";
sid = "11X";
description = "General access link";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_desc = "General-purpose internet relay chat network";
hub = no;
default_max_clients = 102400;
bandb = "ephemeral/db/general.ban.db";
};
serverhide {
flatten_links = no;
links_delay = 16 seconds;
hidden = no;
disable_hidden = no;
};
cluster {
name = "*";
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
};
shared {
oper = "*@*", "*";
flags = all;
};
service {
name = "n3tw3rk.services";
};
auth {
spoof = "console.netwerk.insecurity.corp";
user = "*@198.18.70.51";
class = "admins";
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
gline_exempt, kline_exempt, exceed_limit;
};
operator "general_admin" {
user = "*@198.18.70.51";
password = "password";
umodes = cconn, cconnext, debug, full, skill, nchange,
rej, external, operwall, locops, unauth;
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
rehash, admin, xline, resv, operwall;
};
connect "hub.netwerk.insecurity.corp" {
host = "198.18.70.2";
send_password = "password";
accept_password = "password";
port = 7000;
aftype = ipv4;
class = "hub_server";
hub_mask = "*";
flags = autoconn, topicburst;
};
blacklist {
host = "dnsbl.dronebl.org";
reject_reason = "Your IP is listed in DroneBL. To connect from this address, connect to this work on port 6668 or TLS 6698";
};
service {
name = "ratbox.services";
};
listen {
host = "198.18.55.2";
port = 6667;
sslport = 6697;
host = "198.18.70.50";
port = 6667;
sslport = 6697;
host = "198.18.70.3";
port = 7000;
sslport = 7100;
};
exempt {
ip = "198.18.70.0/25";
ip = "127.0.0.0/8";
};

15
hb_hub/docker-compose.yml
View File

@ -52,6 +52,12 @@ networks:
config:
- subnet: 100.64.64.48/29
internal: true
tor_edge_leaf:
ipam:
driver: default
config:
- subnet: 100.64.64.56/29
internal: true
services:
hub:
@ -61,7 +67,7 @@ services:
context: ../hybrid
dockerfile: Dockerfile
image: hybrid:latest
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/ircd.conf -logfile /dev/stdout"
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/hb_conf/hub.conf -logfile /dev/stdout"
environment:
LANG: en_US.utf8
TZ: UTC
@ -87,14 +93,15 @@ services:
ipv4_address: 100.64.64.42
console:
ipv4_address: 100.64.64.50
tor_edge_leaf:
ipv4_address: 100.64.64.58
volumes:
- type: volume
source: hb_hub_ephemeral
source: ephemeral
target: /usr/local/ircd/var
volume:
nocopy: false
- ../config/hybrid:/usr/local/ircd/etc/hb_conf:ro
- ./ircd.conf:/usr/local/ircd/etc/ircd.conf:ro
volumes:
hb_hub_ephemeral:
ephemeral:

19
hb_mysql/docker-compose.yml
View File

@ -1,3 +1,5 @@
# https://docs.docker.com/compose/compose-file/
# 100.64.0.4/30 100.64.64.128/26
version: "2.4"
@ -13,11 +15,16 @@ networks:
driver: default
config:
- subnet: 100.64.64.128/29
postfix:
ipam:
driver: default
config:
- subnet: 100.64.64.136/29
services:
mysql:
restart: unless-stopped
hostname: mysql.mysql.n3tw3rk.1ns3cur1ty.c0rp
hostname: mysql.n3tw3rk.1ns3cur1ty.c0rp
image: mariadb:latest
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
@ -26,8 +33,14 @@ services:
ipv4_address: 100.64.0.6
anope:
ipv4_address: 100.64.64.130
postfix:
ipv4_address: 100.64.64.138
volumes:
- mysql_data:/var/lib/mysql:rw
- type: volume
source: ephemeral
target: /var/lib/mysql
volume:
nocopy: false
ulimits:
nproc: 65535
nofile:
@ -35,4 +48,4 @@ services:
hard: 1024000
volumes:
mysql_data:
ephemeral:

52
hb_postfix/docker-compose.yml Normal file
View File

@ -0,0 +1,52 @@
# https://docs.docker.com/compose/compose-file/
# 100.64.48.4/30 100.64.65.64/26
version: "3.8"
networks:
default:
ipam:
driver: default
config:
- subnet: 100.64.48.4/30
mysql:
external:
name: hb_mysql_postfix
anope:
ipam:
driver: default
config:
- subnet: 100.64.65.64/29
internal: true
services:
postfix:
restart: unless-stopped
hostname: p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
build:
context: ../postfix
image: postfix:latest
command: "supervisord -c /postfix/configs/supervisor/supervisord.conf"
networks:
default:
ipv4_address: 100.64.48.6
mysql:
ipv4_address: 100.64.64.139
anope:
ipv4_address: 100.64.65.66
volumes:
- type: volume
source: ephemeral
target: /var/lib/postfix
volume:
nocopy: false
- ../config/postfix:/postfix/configs:ro
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
volumes:
ephemeral:

47
hb_proxy_dmz/docker-compose.yml Normal file
View File

@ -0,0 +1,47 @@
version: "3.8"
networks:
default:
ipam:
driver: default
config:
- subnet: 198.18.55.12/30
hub:
external:
name: rb_hub_proxy_leaf
console:
external:
name: rb_console_proxy_dmz
services:
proxy_dmz:
restart: unless-stopped
hostname: proxy-dmz
domainname: netwerk.insecurity.corp
userns_mode: "host"
build:
context: ../ratbox
dockerfile: Dockerfile
image: ratbox:latest
command: "/usr/local/ircd/bin/ircd -pidfile /run/ircd.pid -foreground || /usr/local/ircd/bin/ircd -conftest"
environment:
LANG: en_US.utf8
TZ: UTC
NICK_LEN: 32
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
networks:
default:
ipv4_address: 198.18.55.14
hub:
ipv4_address: 198.18.70.19
console:
ipv4_address: 198.18.70.66
volumes:
- ../etc/:/usr/local/ircd/etc:rw
- ./proxy-dmz.conf:/usr/local/ircd/etc/ircd.conf:ro
- ../ephemeral/logs:/usr/local/ircd/logs:rw
- ../ephemeral/db:/usr/local/ircd/ephemeral/db:rw

92
hb_proxy_dmz/proxy-dmz.conf Normal file
View File

@ -0,0 +1,92 @@
.include <admin.conf>
.include <modules.all.conf>
.include <general.proxy.dmz.conf>
.include <classes.conf>
.include <server.classes.conf>
.include <channel.conf>
serverinfo {
name = "proxy-dmz.netwerk.insecurity.corp";
sid = "12X";
description = "Proxy & DronesBL friendly link";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_desc = "General-purpose internet relay chat network";
hub = no;
default_max_clients = 102400;
bandb = "ephemeral/db/proxy-dmz.ban.db";
};
serverhide {
flatten_links = no;
links_delay = 16 seconds;
hidden = no;
disable_hidden = no;
};
cluster {
name = "*";
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
};
shared {
oper = "*@*", "*";
flags = all;
};
service {
name = "n3tw3rk.services";
};
auth {
spoof = "dmz.netwerk.insecurity.corp";
user = "*@*";
class = "proxy_dmz_users";
flags = spambot_exempt, no_tilde, gline_exempt, kline_exempt;
};
auth {
spoof = "console.netwerk.insecurity.corp";
user = "*@198.18.70.67";
class = "admins";
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
gline_exempt, kline_exempt, exceed_limit;
};
operator "proxy_dmz_admin" {
user = "*@198.18.70.67";
password = "password";
umodes = cconn, cconnext, debug, full, skill, nchange,
rej, external, operwall, locops, unauth;
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
rehash, admin, xline, resv, operwall;
};
connect "hub.netwerk.insecurity.corp" {
host = "198.18.70.18";
send_password = "password";
accept_password = "password";
port = 7002;
aftype = ipv4;
class = "hub_server";
hub_mask = "*";
flags = autoconn, topicburst;
};
listen {
host = "198.18.70.66";
port = 6667;
sslport = 6697;
host = "198.18.55.14";
port = 6668;
sslport = 6698;
host = "198.18.70.19";
port = 7002;
sslport = 7102;
};
exempt {
ip = "198.18.70.0/25";
ip = "127.0.0.0/8";
};

10
hb_services/docker-compose.yml
View File

@ -16,6 +16,10 @@ networks:
hub:
external:
name: hb_hub_services
smtp:
external:
name: hb_postfix_anope
services:
services:
@ -37,13 +41,15 @@ services:
ipv4_address: 100.64.64.131
hub:
ipv4_address: 100.64.64.35
smtp:
ipv4_address: 100.64.65.67
volumes:
- type: volume
source: hb_services_ephemeral
source: ephemeral
target: /anope/data
volume:
nocopy: false
- ../config/anope:/anope/conf:ro
volumes:
hb_services_ephemeral:
ephemeral:

59
hb_tor/docker-compose.yml Normal file
View File

@ -0,0 +1,59 @@
# https://docs.docker.com/compose/compose-file/
# 100.64.48.0/30 100.64.65.0/26
version: "3.8"
networks:
default:
ipam:
driver: default
config:
- subnet: 100.64.48.0/30
leaf:
ipam:
driver: default
config:
- subnet: 100.64.65.0/29
internal: true
hub:
ipam:
driver: default
config:
- subnet: 100.64.65.12/29
internal: true
services:
tor:
restart: unless-stopped
hostname: t0r.n3tw3rk.1ns3cur1ty.c0rp
build:
context: ../tor
dockerfile: Dockerfile
image: tor:latest
command: "tor -f /tor/configs/torrc"
environment:
LANG: en_US.utf8
TZ: UTC
networks:
default:
ipv4_address: 100.64.48.2
leaf:
ipv4_address: 100.64.65.2
hub:
ipv4_address: 100.64.65.14
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
volumes:
- type: volume
source: ephemeral
target: /var/lib/tor
volume:
nocopy: false
- ../config/tor/torrc:/tor/configs/torrc:ro
volumes:
ephemeral:

60
hb_tor_dmz/docker-compose.yml Normal file
View File

@ -0,0 +1,60 @@
# https://docs.docker.com/compose/compose-file/
# 100.64.0.12/30 100.64.65.128/27
version: "3.8"
networks:
default:
ipam:
driver: default
config:
- subnet: 100.64.0.14
console:
ipam:
driver: default
config:
- subnet: 100.64.65.128/29
hub:
external:
name: hb_hub_tor_leaf
tor:
external:
name: hb_tor_tor_leaf
services:
tor_dmz:
restart: unless-stopped
hostname: tor-dmz.n3tw3rk.1ns3cur1ty.c0rp
build:
context: ../hybrid
dockerfile: Dockerfile
image: hybrid:latest
command: "/usr/local/ircd/bin/ircd -foreground -pidfile /dev/shm/ircd.pid -configfile /usr/local/ircd/etc/hb_conf/tor-dmz.conf -logfile /dev/stdout"
environment:
LANG: en_US.utf8
TZ: UTC
ulimits:
nproc: 65535
nofile:
soft: 1024000
hard: 1024000
networks:
default:
ipv4_address: 100.64.0.16
console:
ipv4_address: 100.64.65.130
hub:
ipv4_address: 100.64.64.11
tor:
ipv4_address: 100.64.65.3
volumes:
- type: volume
source: ephemeral
target: /usr/local/ircd/var
volume:
nocopy: false
- ../config/hybrid:/usr/local/ircd/etc/hb_conf:ro
volumes:
ephemeral:

91
hb_tor_dmz/tor-dmz.conf Normal file
View File

@ -0,0 +1,91 @@
.include <admin.conf>
.include <modules.all.conf>
.include <general.tor.dmz.conf>
.include <classes.conf>
.include <server.classes.conf>
.include <channel.conf>
serverinfo {
name = "tor-dmz.netwerk.insecurity.corp";
sid = "13X";
description = "Tor hidden service access link";
network_name = "𝓷3𝓽𝔀3𝓻𝓴";
network_desc = "General-purpose internet relay chat network";
hub = no;
default_max_clients = 102400;
bandb = "ephemeral/db/tor.ban.db";
};
serverhide {
flatten_links = no;
links_delay = 16 seconds;
hidden = no;
disable_hidden = no;
};
cluster {
name = "*";
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
};
shared {
oper = "*@*", "*";
flags = all;
};
service {
name = "n3tw3rk.services";
};
auth {
spoof = "console.netwerk.insecurity.corp";
user = "*@198.18.70.59";
class = "admins";
flags = spambot_exempt, shide_exempt, jupe_exempt, no_tilde,
gline_exempt, kline_exempt, exceed_limit;
};
auth {
spoof = "dmz.netwerk.insecurity.corp";
user = "*@198.18.70.82";
class = "tor_dmz_users";
flags = spambot_exempt, no_tilde, gline_exempt, kline_exempt;
};
operator "tor_dmz_admin" {
user = "*@198.18.70.59";
password = "password";
umodes = cconn, cconnext, debug, full, skill, nchange,
rej, external, operwall, locops, unauth;
flags = ~encrypted, global_kill, remote, kline, unkline, gline,
rehash, admin, xline, resv, operwall;
};
connect "hub.netwerk.insecurity.corp" {
host = "198.18.70.11";
send_password = "password";
accept_password = "password";
port = 7001;
aftype = ipv4;
class = "hub_server";
hub_mask = "*";
flags = autoconn, topicburst;
};
listen {
host = "198.18.70.83";
port = 6667;
host = "198.18.70.58";
port = 6667;
sslport = 6697;
host = "198.18.70.12";
port = 7001;
sslport = 7101;
};
exempt {
ip = "198.18.70.0/25";
ip = "127.0.0.0/8";
};

4
postfix/Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM debian:latest
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y install postfix supervisor rsyslog

4
tor/Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM debian:latest
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get -y install tor iputils-ping net-tools iproute2 iftop tcpdump mtr