mailwolt-installer/scripts/10-provision.sh

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh

log "Pakete installieren …"
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
# Minimal aber vollständig
apt-get -y -o Dpkg::Options::="--force-confdef" \
           -o Dpkg::Options::="--force-confold" install \
  postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql \
  mariadb-server mariadb-client redis-server \
  rspamd opendkim opendkim-tools \
  nginx php php-fpm php-cli php-mbstring php-xml php-curl php-zip php-mysql php-redis php-gd \
  unzip curl composer git certbot python3-certbot-nginx \
  ca-certificates rsyslog sudo openssl monit acl netcat-openbsd

# <<< Apache konsequent entfernen >>>
systemctl disable --now apache2 >/dev/null 2>&1 || true
apt-get -y purge 'apache2*' >/dev/null 2>&1 || true
apt-get -y autoremove >/dev/null 2>&1 || true

log "Systemuser/Dirs …"
id vmail >/dev/null 2>&1 || adduser --system --group --home /var/mail vmail
id "$APP_USER" >/dev/null 2>&1 || adduser --disabled-password --gecos "" "$APP_USER"
usermod -a -G "$APP_GROUP" "$APP_USER" || true
install -d -m 0755 -o root -g root /var/www
install -d -m 0775 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR"

log "MariaDB include-fix …"
mkdir -p /etc/mysql/mariadb.conf.d
[[ -f /etc/mysql/mariadb.cnf ]] || echo '!include /etc/mysql/mariadb.conf.d/*.cnf' > /etc/mysql/mariadb.cnf

log "Redis absichern …"
REDIS_CONF="/etc/redis/redis.conf"
REDIS_PASS="${REDIS_PASS:-$(openssl rand -hex 16)}"
sed -i 's/^\s*#\?\s*bind .*/bind 127.0.0.1/' "$REDIS_CONF"
sed -i 's/^\s*#\?\s*protected-mode .*/protected-mode yes/' "$REDIS_CONF"
grep -qE '^\s*#?\s*requirepass ' "$REDIS_CONF" \
  && sed -i "s/^\s*#\?\s*requirepass .*/requirepass ${REDIS_PASS}/" "$REDIS_CONF" \
  || printf "\nrequirepass %s\n" "${REDIS_PASS}" >> "$REDIS_CONF"
systemctl enable --now redis-server
systemctl restart redis-server || true