625 lines
23 KiB
Bash
625 lines
23 KiB
Bash
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
# --- Farbschema für whiptail (libnewt) – hohe Lesbarkeit (dunkler Input, schwarze Schrift) ---
|
||
export NEWT_COLORS='
|
||
root=,blue
|
||
border=black,lightgray
|
||
window=black,lightgray
|
||
textbox=black,lightgray
|
||
label=black,lightgray
|
||
entry=black,cyan
|
||
button=black,cyan
|
||
actlistbox=black,cyan
|
||
actsellistbox=black,cyan
|
||
'
|
||
|
||
# optionales Backtitle (erscheint oben)
|
||
export DIALOGOPTS="--backtitle MailWolt Setup"
|
||
|
||
# ──────────────────────────────────────────────────────────────
|
||
# MailWolt – Interaktiver Bootstrap (whiptail + Fallback)
|
||
# ──────────────────────────────────────────────────────────────
|
||
|
||
DEV_MODE=0
|
||
PROXY_MODE=0
|
||
NPM_IP=""
|
||
while [[ $# -gt 0 ]]; do
|
||
case "$1" in
|
||
-dev) DEV_MODE=1 ;;
|
||
-proxy) PROXY_MODE=1; NPM_IP="${2:-}"; shift ;;
|
||
esac
|
||
shift
|
||
done
|
||
|
||
APP_ENV="${APP_ENV:-$([[ $DEV_MODE -eq 1 ]] && echo local || echo production)}"
|
||
APP_DEBUG="${APP_DEBUG:-$([[ $DEV_MODE -eq 1 ]] && echo true || echo false)}"
|
||
export DEV_MODE PROXY_MODE NPM_IP APP_ENV APP_DEBUG
|
||
|
||
DB_PASS="${DB_PASS:-$(openssl rand -hex 16)}"
|
||
REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}"
|
||
export DB_PASS REDIS_PASS
|
||
|
||
cd "$(dirname "$0")"
|
||
source ./lib.sh
|
||
require_root
|
||
header
|
||
|
||
# ── Defaults ──────────────────────────────────────────────────
|
||
APP_NAME="${APP_NAME:-MailWolt}"
|
||
APP_USER="${APP_USER:-mailwolt}"
|
||
APP_GROUP="${APP_GROUP:-www-data}"
|
||
APP_USER_PREFIX="${APP_USER_PREFIX:-mw}"
|
||
APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"
|
||
|
||
BASE_DOMAIN="${BASE_DOMAIN:-example.com}"
|
||
UI_SUB="${UI_SUB:-ui}"
|
||
WEBMAIL_SUB="${WEBMAIL_SUB:-webmail}"
|
||
MTA_SUB="${MTA_SUB:-mx}"
|
||
|
||
DB_NAME="${DB_NAME:-${APP_USER}}"
|
||
DB_USER="${DB_USER:-${APP_USER}}"
|
||
|
||
SERVER_PUBLIC_IPV4="$(detect_ip)"
|
||
SERVER_PUBLIC_IPV6="$(detect_ipv6)"
|
||
DEFAULT_TZ="$(detect_timezone)"
|
||
DEFAULT_LOCALE="$(guess_locale_from_tz "$DEFAULT_TZ")"
|
||
|
||
echo -e "${GREY}Erkannte IP (v4): ${SERVER_PUBLIC_IPV4} v6: ${SERVER_PUBLIC_IPV6:-–}${NC}"
|
||
|
||
# ── Helpers ───────────────────────────────────────────────────
|
||
have_whiptail(){ command -v whiptail >/dev/null 2>&1; }
|
||
|
||
#valid_fqdn(){
|
||
# [[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?\.)+[a-z]{2,}$ ]]
|
||
#}
|
||
|
||
# ── Host-Validierung & DEV-Erkennung ────────────────────────────────────────
|
||
valid_fqdn_prod(){ [[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?\.)+[a-z]{2,}$ ]]; }
|
||
valid_host_dev(){
|
||
# erlaubt: single-label (ui, webmail), FQDNs, IPv4
|
||
[[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9-]+)*$ ]] || [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]
|
||
}
|
||
is_local_like(){
|
||
local h="$(echo "$1" | tr '[:upper:]' '[:lower:]')"
|
||
[[ "$h" =~ \.local$ || "$h" =~ \.loc$ || "$h" =~ \.dev$ || "$h" =~ \.test$ || "$h" = "localhost" ]] && return 0
|
||
[[ "$h" =~ ^10\. || "$h" =~ ^192\.168\. || "$h" =~ ^172\.(1[6-9]|2[0-9]|3[0-1])\. || "$h" =~ ^127\. ]] && return 0
|
||
return 1
|
||
}
|
||
normalize_host(){
|
||
# $1=input $2=default (nutzt DEV_MODE für die passende Prüflogik)
|
||
local inp="$1" def="$2"
|
||
if [[ "${DEV_MODE}" = "1" ]]; then
|
||
valid_host_dev "$inp" && { echo "$inp"; return; }
|
||
else
|
||
valid_fqdn_prod "$inp" && { echo "$inp"; return; }
|
||
fi
|
||
echo "$def"
|
||
}
|
||
|
||
ask_tty_domain(){
|
||
local label="$1" example="$2" def="$3" outvar="$4" inp
|
||
echo -e "${CYAN}${label}${NC}"
|
||
echo -e " z.B. ${YELLOW}${example}${NC}"
|
||
echo -e " Default: ${GREY}${def}${NC}"
|
||
read -r -p " Eingabe (Enter=Default): " inp || true
|
||
inp="${inp:-$def}"
|
||
if ! valid_fqdn "$inp"; then
|
||
echo -e "${YELLOW}[!] Ungültiger FQDN, nehme Default: ${def}${NC}"
|
||
inp="$def"
|
||
fi
|
||
eval "$outvar='$inp'"
|
||
}
|
||
|
||
# ── Interaktive Eingaben (whiptail oder Fallback) ─────────────
|
||
MTA_DEFAULT="${MTA_SUB}.${BASE_DOMAIN}"
|
||
UI_DEFAULT="${UI_SUB}.${BASE_DOMAIN}"
|
||
WEBMAIL_DEFAULT="${WEBMAIL_SUB}.${BASE_DOMAIN}"
|
||
|
||
CLAMAV_ENABLE=1
|
||
OPENDMARC_ENABLE=1
|
||
FAIL2BAN_ENABLE=1
|
||
|
||
if command -v whiptail >/dev/null 2>&1; then
|
||
TITLE="MailWolt Setup"
|
||
|
||
# Hinweise zu erlaubten DEV-Hosts
|
||
MSG_SUFFIX="\n\nHinweis: Im DEV-Modus sind auch single-label Hosts (z.B. ui, webmail), *.local/*.dev und IPs erlaubt."
|
||
|
||
_mta_in="$(whiptail --title "$TITLE" --inputbox "Mailserver-Host (MX)\nBeispiele: mx.domain.tld | mx.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$MTA_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
_ui_in="$(whiptail --title "$TITLE" --inputbox "UI / Admin-Panel Host\nBeispiele: ui.domain.tld | ui.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$UI_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
_wm_in="$(whiptail --title "$TITLE" --inputbox "Webmail Host\nBeispiele: webmail.domain.tld | web.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$WEBMAIL_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
|
||
# ZUERST provisorisch prüfen, ob „lokal“ → DEV erzwingen
|
||
if is_local_like "$_mta_in" || is_local_like "$_ui_in" || is_local_like "$_wm_in"; then
|
||
DEV_MODE=1; APP_ENV="local"; APP_DEBUG="true"
|
||
fi
|
||
export DEV_MODE APP_ENV APP_DEBUG
|
||
|
||
# Jetzt mit passender Logik normalisieren
|
||
MTA_FQDN="$(normalize_host "$_mta_in" "$MTA_DEFAULT")"
|
||
UI_FQDN="$(normalize_host "$_ui_in" "$UI_DEFAULT")"
|
||
WEBMAIL_FQDN="$(normalize_host "$_wm_in" "$WEBMAIL_DEFAULT")"
|
||
|
||
CHOICES="$(whiptail --title "$TITLE" --checklist "Optionale Dienste aktivieren" 15 70 6 \
|
||
"ClamAV" "Virenscan (clamd/clamav-daemon)" ON \
|
||
"OpenDMARC" "DMARC-Auswertung" ON \
|
||
"Fail2Ban" "Brute-Force-Schutz" ON \
|
||
3>&1 1>&2 2>&3)" || true
|
||
CLAMAV_ENABLE=0; [[ "$CHOICES" == *"ClamAV"* ]] && CLAMAV_ENABLE=1
|
||
OPENDMARC_ENABLE=0; [[ "$CHOICES" == *"OpenDMARC"* ]] && OPENDMARC_ENABLE=1
|
||
FAIL2BAN_ENABLE=0; [[ "$CHOICES" == *"Fail2Ban"* ]] && FAIL2BAN_ENABLE=1
|
||
|
||
else
|
||
echo -e "${GREY}[i] whiptail nicht gefunden – TTY-Fallback.${NC}\n"
|
||
read -r -p "Mailserver-Host (MX) [${MTA_DEFAULT}]: " _mta_in; _mta_in="${_mta_in:-$MTA_DEFAULT}"
|
||
read -r -p "UI / Admin-Panel Host [${UI_DEFAULT}]: " _ui_in; _ui_in="${_ui_in:-$UI_DEFAULT}"
|
||
read -r -p "Webmail Host [${WEBMAIL_DEFAULT}]: " _wm_in; _wm_in="${_wm_in:-$WEBMAIL_DEFAULT}"
|
||
|
||
if is_local_like "$_mta_in" || is_local_like "$_ui_in" || is_local_like "$_wm_in"; then
|
||
DEV_MODE=1; APP_ENV="local"; APP_DEBUG="true"
|
||
fi
|
||
export DEV_MODE APP_ENV APP_DEBUG
|
||
|
||
MTA_FQDN="$(normalize_host "$_mta_in" "$MTA_DEFAULT")"
|
||
UI_FQDN="$(normalize_host "$_ui_in" "$UI_DEFAULT")"
|
||
WEBMAIL_FQDN="$(normalize_host "$_wm_in" "$WEBMAIL_DEFAULT")"
|
||
|
||
read -r -p "ClamAV aktivieren? (1/0, Enter=1): " CLAMAV_ENABLE; CLAMAV_ENABLE="${CLAMAV_ENABLE:-1}"
|
||
read -r -p "OpenDMARC aktivieren? (1/0, Enter=1): " OPENDMARC_ENABLE; OPENDMARC_ENABLE="${OPENDMARC_ENABLE:-1}"
|
||
read -r -p "Fail2Ban aktivieren? (1/0, Enter=1): " FAIL2BAN_ENABLE; FAIL2BAN_ENABLE="${FAIL2BAN_ENABLE:-1}"
|
||
fi
|
||
|
||
#if have_whiptail; then
|
||
# TITLE="MailWolt Setup"
|
||
#
|
||
# MTA_FQDN="$(whiptail --title "$TITLE" --inputbox "Mailserver-FQDN (MX)\nBeispiel: mx.domain.tld" 11 70 "$MTA_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
# valid_fqdn "$MTA_FQDN" || MTA_FQDN="$MTA_DEFAULT"
|
||
#
|
||
# UI_FQDN="$(whiptail --title "$TITLE" --inputbox "UI / Admin-Panel FQDN\nBeispiel: ui.domain.tld" 11 70 "$UI_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
# valid_fqdn "$UI_FQDN" || UI_FQDN="$UI_DEFAULT"
|
||
#
|
||
# WEBMAIL_FQDN="$(whiptail --title "$TITLE" --inputbox "Webmail FQDN\nBeispiel: webmail.domain.tld" 11 70 "$WEBMAIL_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||
# valid_fqdn "$WEBMAIL_FQDN" || WEBMAIL_FQDN="$WEBMAIL_DEFAULT"
|
||
#
|
||
# CHOICES="$(whiptail --title "$TITLE" --checklist "Optionale Dienste aktivieren" 15 70 6 \
|
||
# "ClamAV" "Virenscan (clamd/clamav-daemon)" ON \
|
||
# "OpenDMARC" "DMARC-Auswertung" ON \
|
||
# "Fail2Ban" "Brute-Force-Schutz" ON \
|
||
# 3>&1 1>&2 2>&3)" || true
|
||
#
|
||
# CLAMAV_ENABLE=0; [[ "$CHOICES" == *"ClamAV"* ]] && CLAMAV_ENABLE=1
|
||
# OPENDMARC_ENABLE=0; [[ "$CHOICES" == *"OpenDMARC"* ]] && OPENDMARC_ENABLE=1
|
||
# FAIL2BAN_ENABLE=0; [[ "$CHOICES" == *"Fail2Ban"* ]] && FAIL2BAN_ENABLE=1
|
||
#
|
||
# whiptail --title "$TITLE" --msgbox "Zusammenfassung:
|
||
#
|
||
#MX : $MTA_FQDN
|
||
#UI : $UI_FQDN
|
||
#Webmail : $WEBMAIL_FQDN
|
||
#
|
||
#ClamAV : $([[ $CLAMAV_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||
#OpenDMARC : $([[ $OPENDMARC_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||
#Fail2Ban : $([[ $FAIL2BAN_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||
#" 16 70
|
||
#
|
||
#else
|
||
# echo -e "${GREY}[i] whiptail nicht gefunden – nutze TTY-Prompts.${NC}\n"
|
||
# ask_tty_domain "Mailserver-FQDN (MX)" "mx.domain.tld" "$MTA_DEFAULT" MTA_FQDN
|
||
# ask_tty_domain "UI / Admin-Panel FQDN" "ui.domain.tld" "$UI_DEFAULT" UI_FQDN
|
||
# ask_tty_domain "Webmail FQDN" "webmail.domain.tld" "$WEBMAIL_DEFAULT" WEBMAIL_FQDN
|
||
#
|
||
# read -r -p "ClamAV aktivieren? (1/0, Enter=1): " CLAMAV_ENABLE; CLAMAV_ENABLE="${CLAMAV_ENABLE:-1}"
|
||
# read -r -p "OpenDMARC aktivieren? (1/0, Enter=1): " OPENDMARC_ENABLE; OPENDMARC_ENABLE="${OPENDMARC_ENABLE:-1}"
|
||
# read -r -p "Fail2Ban aktivieren? (1/0, Enter=1): " FAIL2BAN_ENABLE; FAIL2BAN_ENABLE="${FAIL2BAN_ENABLE:-1}"
|
||
#fi
|
||
|
||
# ── Defaults/Kompatibilität ──────────────────────────────────
|
||
MTA_FQDN="${MTA_FQDN:-${MTA_DEFAULT}}"
|
||
UI_FQDN="${UI_FQDN:-${UI_DEFAULT}}"
|
||
WEBMAIL_FQDN="${WEBMAIL_FQDN:-${WEBMAIL_DEFAULT}}"
|
||
DKIM_ENABLE="${DKIM_ENABLE:-1}"
|
||
DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}"
|
||
DKIM_GENERATE="${DKIM_GENERATE:-1}"
|
||
|
||
# BASE_DOMAIN/Subs aus FQDNs ableiten
|
||
if [[ "$MTA_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then MTA_SUB="${BASH_REMATCH[1]}"; BASE_DOMAIN="${BASH_REMATCH[2]}"; fi
|
||
if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then UI_SUB="${BASH_REMATCH[1]}"; fi
|
||
if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then WEBMAIL_SUB="${BASH_REMATCH[1]}"; fi
|
||
|
||
SYSMAIL_SUB="${SYSMAIL_SUB:-sysmail}"
|
||
SYSMAIL_DOMAIN="${SYSMAIL_SUB}.${BASE_DOMAIN}"
|
||
|
||
MAIL_HOSTNAME="${MTA_FQDN}"
|
||
UI_HOST="${UI_FQDN}"
|
||
WEBMAIL_HOST="${WEBMAIL_FQDN}"
|
||
|
||
APP_TZ="${APP_TZ:-$DEFAULT_TZ}"
|
||
APP_LOCALE="${APP_LOCALE:-$DEFAULT_LOCALE}"
|
||
|
||
# ── Export & persist ─────────────────────────────────────────
|
||
export APP_NAME APP_USER APP_GROUP APP_USER_PREFIX APP_DIR
|
||
export BASE_DOMAIN UI_SUB WEBMAIL_SUB MTA_SUB
|
||
export SYSMAIL_SUB SYSMAIL_DOMAIN DKIM_ENABLE DKIM_SELECTOR DKIM_GENERATE
|
||
export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME
|
||
export DB_NAME DB_USER
|
||
export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
||
export CLAMAV_ENABLE OPENDMARC_ENABLE FAIL2BAN_ENABLE
|
||
|
||
install -d -m 0755 /etc/mailwolt
|
||
cat >/etc/mailwolt/installer.env <<EOF
|
||
BASE_DOMAIN=${BASE_DOMAIN}
|
||
MTA_SUB=${MTA_SUB}
|
||
UI_SUB=${UI_SUB}
|
||
WEBMAIL_SUB=${WEBMAIL_SUB}
|
||
|
||
MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||
UI_HOST=${UI_HOST}
|
||
WEBMAIL_HOST=${WEBMAIL_HOST}
|
||
|
||
SYSMAIL_SUB=${SYSMAIL_SUB}
|
||
SYSMAIL_DOMAIN=${SYSMAIL_DOMAIN}
|
||
|
||
DKIM_ENABLE=${DKIM_ENABLE}
|
||
DKIM_SELECTOR=${DKIM_SELECTOR}
|
||
DKIM_GENERATE=${DKIM_GENERATE}
|
||
|
||
DB_HOST=127.0.0.1
|
||
DB_NAME=${DB_NAME}
|
||
DB_USER=${DB_USER}
|
||
DB_PASS=${DB_PASS}
|
||
REDIS_PASS=${REDIS_PASS}
|
||
|
||
SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4}
|
||
SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6}
|
||
APP_ENV=${APP_ENV}
|
||
|
||
CLAMAV_ENABLE=${CLAMAV_ENABLE}
|
||
OPENDMARC_ENABLE=${OPENDMARC_ENABLE}
|
||
FAIL2BAN_ENABLE=${FAIL2BAN_ENABLE}
|
||
|
||
BACKUP_ONCALENDAR="${BACKUP_ONCALENDAR:-*-*-* 03:00:00}"
|
||
BACKUP_ENABLED=0
|
||
BACKUP_INTERVAL=daily
|
||
BACKUP_RETENTION_DAYS=7
|
||
BACKUP_DIR=/var/backups/mailwolt
|
||
BACKUP_USE_ZSTD=1
|
||
EOF
|
||
chmod 600 /etc/mailwolt/installer.env
|
||
|
||
# ── Installer-Sequenz ────────────────────────────────────────
|
||
for STEP in \
|
||
10-provision \
|
||
20-ssl 21-le-deploy-hook 22-dkim-helper \
|
||
30-db 40-postfix 50-dovecot \
|
||
60-rspamd-opendkim 61-opendmarc 62-clamav 63-fail2ban 64-apply-milters \
|
||
70-nginx 75-le-issue 80-app 88-update-wrapper 90-services \
|
||
92-sudoers-npm 93-backup-tools 95-woltguard 98-motd 99-summary
|
||
do
|
||
log ">>> Running ${STEP}.sh"
|
||
bash "./${STEP}.sh"
|
||
done
|
||
|
||
##!/usr/bin/env bash
|
||
#set -euo pipefail
|
||
#
|
||
## --- Flags / Modi ---
|
||
#DEV_MODE=0
|
||
#PROXY_MODE=0
|
||
#NPM_IP=""
|
||
#
|
||
#while [[ $# -gt 0 ]]; do
|
||
# case "$1" in
|
||
# -dev) DEV_MODE=1 ;;
|
||
# -proxy) PROXY_MODE=1; NPM_IP="${2:-}"; shift ;;
|
||
# esac
|
||
# shift
|
||
#done
|
||
#
|
||
#APP_ENV="${APP_ENV:-$([[ $DEV_MODE -eq 1 ]] && echo local || echo production)}"
|
||
#APP_DEBUG="${APP_DEBUG:-$([[ $DEV_MODE -eq 1 ]] && echo true || echo false)}"
|
||
#export DEV_MODE PROXY_MODE NPM_IP APP_ENV APP_DEBUG
|
||
#
|
||
#DB_PASS="${DB_PASS:-$(openssl rand -hex 16)}"
|
||
#REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}"
|
||
#
|
||
#export DB_PASS REDIS_PASS
|
||
#
|
||
#cd "$(dirname "$0")"
|
||
#source ./lib.sh
|
||
#require_root
|
||
#header
|
||
#
|
||
## ── Defaults ────────────────────────────────────────────────────────────────
|
||
#APP_NAME="${APP_NAME:-MailWolt}"
|
||
#APP_USER="${APP_USER:-mailwolt}"
|
||
#APP_GROUP="${APP_GROUP:-www-data}"
|
||
#APP_USER_PREFIX="${APP_USER_PREFIX:-mw}"
|
||
#APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"
|
||
#
|
||
#BASE_DOMAIN="${BASE_DOMAIN:-example.com}"
|
||
#UI_SUB="${UI_SUB:-ui}"
|
||
#WEBMAIL_SUB="${WEBMAIL_SUB:-webmail}"
|
||
#MTA_SUB="${MTA_SUB:-mx}"
|
||
#
|
||
#DB_NAME="${DB_NAME:-${APP_USER}}"
|
||
#DB_USER="${DB_USER:-${APP_USER}}"
|
||
#
|
||
#SERVER_PUBLIC_IPV4="$(detect_ip)"
|
||
#SERVER_PUBLIC_IPV6="$(detect_ipv6)"
|
||
#DEFAULT_TZ="$(detect_timezone)"
|
||
#DEFAULT_LOCALE="$(guess_locale_from_tz "$DEFAULT_TZ")"
|
||
#
|
||
#echo -e "${GREY}Erkannte IP (v4): ${SERVER_PUBLIC_IPV4} v6: ${SERVER_PUBLIC_IPV6:-–}${NC}"
|
||
#
|
||
## ── Schöne, farbige Abfragen ────────────────────────────────────────────────
|
||
#echo -e "${CYAN}"
|
||
#echo "──────────────────────────────────────────────"
|
||
#echo -e " 📧 MailWolt Setup – Domain Konfiguration"
|
||
#echo "──────────────────────────────────────────────"
|
||
#echo -e "${NC}"
|
||
#
|
||
#MTA_DEFAULT="${MTA_SUB}.${BASE_DOMAIN}"
|
||
#UI_DEFAULT="${UI_SUB}.${BASE_DOMAIN}"
|
||
#WEBMAIL_DEFAULT="${WEBMAIL_SUB}.${BASE_DOMAIN}"
|
||
#
|
||
#ask_domain() {
|
||
# local __outvar="$1" label="$2" example="$3" defval="$4" input=""
|
||
# echo -e "${GREEN}[?]${NC} ${label}"
|
||
# echo -e " z.B. ${YELLOW}${example}${NC}"
|
||
# echo -e " Default: ${CYAN}${defval}${NC}"
|
||
# echo -ne " → Eingabe: ${CYAN}"
|
||
# read -r input
|
||
# echo -e "${NC}"
|
||
# if [[ -z "$input" ]]; then
|
||
# eval "$__outvar='$defval'"
|
||
# else
|
||
# eval "$__outvar='$input'"
|
||
# fi
|
||
#}
|
||
#
|
||
#ask_toggle() {
|
||
# local __outvar="$1" label="$2" defval="${3:-1}" input=""
|
||
# echo -ne "${GREEN}[?]${NC} ${label} (${CYAN}1${NC}=Ja / ${YELLOW}0${NC}=Nein) [Enter=${defval}]: "
|
||
# read -r input
|
||
# input="${input:-$defval}"
|
||
# case "$input" in
|
||
# 1|0) ;;
|
||
# *) echo -e "${YELLOW}Ungültig, nehme Default=${defval}.${NC}"; input="$defval" ;;
|
||
# esac
|
||
# eval "$__outvar='$input'"
|
||
#}
|
||
#
|
||
#ask_domain "MTA_FQDN" "Mailserver-FQDN (MX)" "mx.domain.tld" "$MTA_DEFAULT"
|
||
#ask_domain "UI_FQDN" "UI / Admin-Panel" "ui.domain.tld" "$UI_DEFAULT"
|
||
#ask_domain "WEBMAIL_FQDN" "Webmail-FQDN" "webmail.domain.tld" "$WEBMAIL_DEFAULT"
|
||
#
|
||
#echo -e "${CYAN}"
|
||
#echo "──────────────────────────────────────────────"
|
||
#echo -e " 🛡 Optionale Dienste"
|
||
#echo "──────────────────────────────────────────────"
|
||
#echo -e "${NC}"
|
||
#
|
||
#ask_toggle "CLAMAV_ENABLE" "ClamAV Virenscan aktivieren?" 1
|
||
#ask_toggle "OPENDMARC_ENABLE" "OpenDMARC auswerten?" 1
|
||
#ask_toggle "FAIL2BAN_ENABLE" "Fail2Ban aktivieren?" 1
|
||
#echo
|
||
#
|
||
## Defaults, wenn Enter gedrückt (Abwärtskompatibilität)
|
||
#MTA_FQDN="${MTA_FQDN:-${MTA_SUB}.${BASE_DOMAIN}}"
|
||
#UI_FQDN="${UI_FQDN:-${UI_SUB}.${BASE_DOMAIN}}"
|
||
#WEBMAIL_FQDN="${WEBMAIL_FQDN:-${WEBMAIL_SUB}.${BASE_DOMAIN}}"
|
||
#DKIM_ENABLE="${DKIM_ENABLE:-1}"
|
||
#DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}"
|
||
#DKIM_GENERATE="${DKIM_GENERATE:-1}"
|
||
#
|
||
## BASE_DOMAIN und Sub-Labels aus MTA/UI/WEBMAIL ableiten (robust)
|
||
#if [[ "$MTA_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
# MTA_SUB="${BASH_REMATCH[1]}"
|
||
# BASE_DOMAIN="${BASH_REMATCH[2]}"
|
||
#fi
|
||
#if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
# UI_SUB="${BASH_REMATCH[1]}"
|
||
#fi
|
||
#if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
# WEBMAIL_SUB="${BASH_REMATCH[1]}"
|
||
#fi
|
||
#
|
||
#SYSMAIL_SUB="${SYSMAIL_SUB:-sysmail}"
|
||
#SYSMAIL_DOMAIN="${SYSMAIL_SUB}.${BASE_DOMAIN}"
|
||
## Kanonische Host-Variablen (NIE wieder zusammenbauen – nimm die FQDNs)
|
||
#MAIL_HOSTNAME="${MTA_FQDN}"
|
||
#UI_HOST="${UI_FQDN}"
|
||
#WEBMAIL_HOST="${WEBMAIL_FQDN}"
|
||
#
|
||
## Zeitzone/Locale sinnvoll setzen
|
||
#APP_TZ="${APP_TZ:-$DEFAULT_TZ}"
|
||
#APP_LOCALE="${APP_LOCALE:-$DEFAULT_LOCALE}"
|
||
#
|
||
## ── Variablen exportieren ───────────────────────────────────────────────────
|
||
#export APP_NAME APP_USER APP_GROUP APP_USER_PREFIX APP_DIR
|
||
#export BASE_DOMAIN UI_SUB WEBMAIL_SUB MTA_SUB
|
||
#export SYSMAIL_SUB SYSMAIL_DOMAIN DKIM_ENABLE DKIM_SELECTOR DKIM_GENERATE
|
||
#export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME
|
||
#export DB_NAME DB_USER
|
||
#export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
||
#export CLAMAV_ENABLE OPENDMARC_ENABLE FAIL2BAN_ENABLE
|
||
#
|
||
#install -d -m 0755 /etc/mailwolt
|
||
#cat >/etc/mailwolt/installer.env <<EOF
|
||
#BASE_DOMAIN=${BASE_DOMAIN}
|
||
#MTA_SUB=${MTA_SUB}
|
||
#UI_SUB=${UI_SUB}
|
||
#WEBMAIL_SUB=${WEBMAIL_SUB}
|
||
#
|
||
#MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||
#UI_HOST=${UI_HOST}
|
||
#WEBMAIL_HOST=${WEBMAIL_HOST}
|
||
#
|
||
#SYSMAIL_SUB=${SYSMAIL_SUB}
|
||
#SYSMAIL_DOMAIN=${SYSMAIL_DOMAIN}
|
||
#
|
||
#DKIM_ENABLE=${DKIM_ENABLE}
|
||
#DKIM_SELECTOR=${DKIM_SELECTOR}
|
||
#DKIM_GENERATE=${DKIM_GENERATE}
|
||
#
|
||
#DB_HOST=127.0.0.1
|
||
#DB_NAME=${DB_NAME}
|
||
#DB_USER=${DB_USER}
|
||
#DB_PASS=${DB_PASS}
|
||
#REDIS_PASS=${REDIS_PASS}
|
||
#
|
||
#SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4}
|
||
#SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6}
|
||
#APP_ENV=${APP_ENV}
|
||
#
|
||
#CLAMAV_ENABLE=${CLAMAV_ENABLE}
|
||
#OPENDMARC_ENABLE=${OPENDMARC_ENABLE}
|
||
#FAIL2BAN_ENABLE=${FAIL2BAN_ENABLE}
|
||
#EOF
|
||
#
|
||
#chmod 600 /etc/mailwolt/installer.env
|
||
#
|
||
## ── Sequenz ────────────────────────────────────────────────────────────────
|
||
#for STEP in 10-provision 20-ssl 21-le-deploy-hook 22-dkim-helper 30-db 40-postfix 50-dovecot 60-rspamd-opendkim 61-opendmarc 62-clamav 63-fail2ban 70-nginx 75-le-issue 80-app 90-services 95-woltguard 98-motd 99-summary
|
||
#do
|
||
# log ">>> Running ${STEP}.sh"
|
||
# bash "./${STEP}.sh"
|
||
#done
|
||
###!/usr/bin/env bash
|
||
##set -euo pipefail
|
||
##
|
||
### --- Flags / Modi ---
|
||
##DEV_MODE=0
|
||
##PROXY_MODE=0
|
||
##NPM_IP=""
|
||
##
|
||
##while [[ $# -gt 0 ]]; do
|
||
## case "$1" in
|
||
## -dev) DEV_MODE=1 ;;
|
||
## -proxy) PROXY_MODE=1; NPM_IP="${2:-}"; shift ;;
|
||
## esac
|
||
## shift
|
||
##done
|
||
##
|
||
##APP_ENV="${APP_ENV:-$([[ $DEV_MODE -eq 1 ]] && echo local || echo production)}"
|
||
##APP_DEBUG="${APP_DEBUG:-$([[ $DEV_MODE -eq 1 ]] && echo true || echo false)}"
|
||
##export DEV_MODE PROXY_MODE NPM_IP APP_ENV APP_DEBUG
|
||
##
|
||
##DB_PASS="${DB_PASS:-$(openssl rand -hex 16)}"
|
||
##REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}"
|
||
##
|
||
##export DB_PASS REDIS_PASS
|
||
##
|
||
##cd "$(dirname "$0")"
|
||
##source ./lib.sh
|
||
##require_root
|
||
##header
|
||
##
|
||
### ── Defaults ────────────────────────────────────────────────────────────────
|
||
##APP_NAME="${APP_NAME:-MailWolt}"
|
||
##APP_USER="${APP_USER:-mailwolt}"
|
||
##APP_GROUP="${APP_GROUP:-www-data}"
|
||
##APP_USER_PREFIX="${APP_USER_PREFIX:-mw}"
|
||
##APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"
|
||
##
|
||
##BASE_DOMAIN="${BASE_DOMAIN:-example.com}"
|
||
##UI_SUB="${UI_SUB:-ui}"
|
||
##WEBMAIL_SUB="${WEBMAIL_SUB:-webmail}"
|
||
##MTA_SUB="${MTA_SUB:-mx}"
|
||
##
|
||
##DB_NAME="${DB_NAME:-${APP_USER}}"
|
||
##DB_USER="${DB_USER:-${APP_USER}}"
|
||
##
|
||
##SERVER_PUBLIC_IPV4="$(detect_ip)"
|
||
##SERVER_PUBLIC_IPV6="$(detect_ipv6)"
|
||
##DEFAULT_TZ="$(detect_timezone)"
|
||
##DEFAULT_LOCALE="$(guess_locale_from_tz "$DEFAULT_TZ")"
|
||
##
|
||
##echo -e "${GREY}Erkannte IP (v4): ${SERVER_PUBLIC_IPV4} v6: ${SERVER_PUBLIC_IPV6:-–}${NC}"
|
||
##
|
||
### ── FQDNs abfragen ───────────────────────────────────────────────────────────
|
||
##read -r -p "Mailserver FQDN (MX, z.B. mx.domain.tld) [Enter=${MTA_SUB}.${BASE_DOMAIN}]: " MTA_FQDN
|
||
##read -r -p "UI / Admin-Panel FQDN (z.B. ui.domain.tld) [Enter=${UI_SUB}.${BASE_DOMAIN}]: " UI_FQDN
|
||
##read -r -p "Webmail FQDN (z.B. webmail.domain.tld) [Enter=${WEBMAIL_SUB}.${BASE_DOMAIN}]: " WEBMAIL_FQDN
|
||
##
|
||
### Defaults, wenn Enter gedrückt
|
||
##MTA_FQDN="${MTA_FQDN:-${MTA_SUB}.${BASE_DOMAIN}}"
|
||
##UI_FQDN="${UI_FQDN:-${UI_SUB}.${BASE_DOMAIN}}"
|
||
##WEBMAIL_FQDN="${WEBMAIL_FQDN:-${WEBMAIL_SUB}.${BASE_DOMAIN}}"
|
||
##DKIM_ENABLE="${DKIM_ENABLE:-1}"
|
||
##DKIM_SELECTOR="${DKIM_SELECTOR:-mwl1}"
|
||
##DKIM_GENERATE="${DKIM_GENERATE:-1}"
|
||
##
|
||
### BASE_DOMAIN und Sub-Labels aus MTA/UI/WEBMAIL ableiten (robust)
|
||
##if [[ "$MTA_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
## MTA_SUB="${BASH_REMATCH[1]}"
|
||
## BASE_DOMAIN="${BASH_REMATCH[2]}"
|
||
##fi
|
||
##if [[ "$UI_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
## UI_SUB="${BASH_REMATCH[1]}"
|
||
##fi
|
||
##if [[ "$WEBMAIL_FQDN" =~ ^([^.]+)\.(.+)$ ]]; then
|
||
## WEBMAIL_SUB="${BASH_REMATCH[1]}"
|
||
##fi
|
||
##
|
||
##SYSMAIL_SUB="${SYSMAIL_SUB:-sysmail}"
|
||
##SYSMAIL_DOMAIN="${SYSMAIL_SUB}.${BASE_DOMAIN}"
|
||
### Kanonische Host-Variablen (NIE wieder zusammenbauen – nimm die FQDNs)
|
||
##MAIL_HOSTNAME="${MTA_FQDN}"
|
||
##UI_HOST="${UI_FQDN}"
|
||
##WEBMAIL_HOST="${WEBMAIL_FQDN}"
|
||
##
|
||
### Zeitzone/Locale sinnvoll setzen (könntest du auch noch abfragen)
|
||
##APP_TZ="${APP_TZ:-$DEFAULT_TZ}"
|
||
##APP_LOCALE="${APP_LOCALE:-$DEFAULT_LOCALE}"
|
||
##
|
||
### ── Variablen exportieren ───────────────────────────────────────────────────
|
||
##export APP_NAME APP_USER APP_GROUP APP_USER_PREFIX APP_DIR
|
||
##export BASE_DOMAIN UI_SUB WEBMAIL_SUB MTA_SUB
|
||
##export SYSMAIL_SUB SYSMAIL_DOMAIN DKIM_ENABLE DKIM_SELECTOR DKIM_GENERATE
|
||
##export UI_HOST WEBMAIL_HOST MAIL_HOSTNAME
|
||
##export DB_NAME DB_USER
|
||
##export SERVER_PUBLIC_IPV4 SERVER_PUBLIC_IPV6 APP_TZ APP_LOCALE
|
||
##
|
||
##install -d -m 0755 /etc/mailwolt
|
||
##cat >/etc/mailwolt/installer.env <<EOF
|
||
##BASE_DOMAIN=${BASE_DOMAIN}
|
||
##MTA_SUB=${MTA_SUB}
|
||
##UI_SUB=${UI_SUB}
|
||
##WEBMAIL_SUB=${WEBMAIL_SUB}
|
||
##
|
||
##MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||
##UI_HOST=${UI_HOST}
|
||
##WEBMAIL_HOST=${WEBMAIL_HOST}
|
||
##
|
||
##SYSMAIL_SUB=${SYSMAIL_SUB}
|
||
##SYSMAIL_DOMAIN=${SYSMAIL_DOMAIN}
|
||
##
|
||
##DKIM_ENABLE=${DKIM_ENABLE}
|
||
##DKIM_SELECTOR=${DKIM_SELECTOR}
|
||
##DKIM_GENERATE=${DKIM_GENERATE}
|
||
##
|
||
##DB_HOST=127.0.0.1
|
||
##DB_NAME=${DB_NAME}
|
||
##DB_USER=${DB_USER}
|
||
##DB_PASS=${DB_PASS}
|
||
##REDIS_PASS=${REDIS_PASS}
|
||
##
|
||
##SERVER_PUBLIC_IPV4=${SERVER_PUBLIC_IPV4}
|
||
##SERVER_PUBLIC_IPV6=${SERVER_PUBLIC_IPV6}
|
||
##APP_ENV=${APP_ENV}
|
||
##
|
||
##CLAMAV_ENABLE=1
|
||
##OPENDMARC_ENABLE=1
|
||
##FAIL2BAN_ENABLE=1
|
||
##EOF
|
||
##
|
||
##chmod 600 /etc/mailwolt/installer.env
|
||
##
|
||
### ── Sequenz ────────────────────────────────────────────────────────────────
|
||
##for STEP in 10-provision 20-ssl 21-le-deploy-hook 22-dkim-helper 30-db 40-postfix 50-dovecot 60-rspamd-opendkim 61-opendmarc 62-clamav 63-fail2ban 70-nginx 75-le-issue 80-app 90-services 95-woltguard 98-motd 99-summary
|
||
##do
|
||
## log ">>> Running ${STEP}.sh"
|
||
## bash "./${STEP}.sh"
|
||
##done |