Correction & update scripts

add_domain_with_acme.sh

@@ -4,24 +4,23 @@
 gen_nginx_acme_conf(){
     domain=$1
     alt_domain=$2
-    nginx_run=`rcctl check nginx`
-
-    if [ "$nginx_run" == "nginx(ok)" ]; then
-        cat > test/$domain <<EOF
+    nginx_conf_file="/etc/nginx/sites-enabled/$domain"
+    [ ! -f $nginx_conf_file ] || rm $nginx_conf_file;
+    
+    mkdir /var/www/htdocs/$domain
+    rcctl check nginx
+    if [ $? == 0 ]; then
+        cat > $nginx_conf_file <<EOF
 server {
     listen 80;
     server_name $alt_domain $domain;
-
     include snippets/acme-challenge.conf;
-
-    root /htdocs;
-
+    root /htdocs/$domain;
 }
 EOF
-
-#        rcctl restart nginx
+        rcctl reload nginx
     else
-        echo "Service NGINX not runnig"
+        echo "Service NGINX not running"
         exit 1
     fi
 
@@ -30,8 +29,12 @@ EOF
 gen_acme_client_conf(){
     domain=$1
     alt_domain=$2
+    acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
+    # If the file exist, do nothing
+    [ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
+
     if [ "$alt_domain" == "" ]; then
-        cat >> my_configuration/ssl/$domain-acme-client.conf <<EOF
+        cat >> $acme_conf_file <<EOF
 
 domain $domain {
         domain key "/etc/ssl/private/$domain.key"
@@ -41,7 +44,7 @@ domain $domain {
 
 EOF
     else
-        cat >> my_configuration/ssl/$domain-acme-client.conf <<EOF
+        cat >> $acme_conf_file <<EOF
 
 domain $domain {
         alternative names { $alt_domain }
@@ -55,40 +58,39 @@ EOF
 
 }
 
+add_acme_domain_to_conf(){
+    domain=$1
+    egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
+    cp -v /etc/acme-client.conf /etc/acme-client.conf.old
+    cp -v /tmp/acme-client.conf /etc/acme-client.conf
+}
+
 install_utils(){
     cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
     chmod u+x /usr/local/bin/renew_https_certificate
 }
 
-get_certificate(){
+get_certificate()
+{
     domain=$1
-
     /usr/local/bin/renew_https_certificate $domain
 }
 
-usage(){
+usage()
+{
     print "This program ask 3 arguments : \n"
     print "First is email with domain name the second is list of alternatives domains with \" \"  \n"
     print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
     print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
-
 }
 
 
-
 if [ -z $1 ];
 then
     usage
     exit 3;
 fi
 
-if [ -e /etc/acme-client.conf ]; then
-    echo ok
-else
-    echo nok
-fi
-
-
 domain=$1
 alt_domain=$2
 

configure_firewall.sh

@@ -2,7 +2,7 @@
 
 . ./myserver.conf
 
-install_package(){
+install_firewall_packages(){
     pkg_add ssh_guard curl
     useradd -s /sbin/nologin -d /var/empty _pfbadhost
     ftp https://geoghegan.ca/pub/pf-badhost/0.5/pf-badhost.sh
@@ -32,60 +32,36 @@ EOF
 
 
 set_basic_configuration(){
-    cat > my_configuration/pf.conf <<EOF
-#Filtres badhosts et sshguard
-table <pfbadhost> persist file "/etc/pf-badhost.txt"
-table <sshguard> persist
-
-## Table pour les batards de bruteforceurs
-table <bruteforce> persist
-
-
-set block-policy drop                  # bloque silencieusement
-set skip on lo                         # En local on s'en fou on surveille rien
-set limit table-entries 400000
-set limit states 100000
-
-
-
-## Traitement des paquets ##
-# Paquets partiels on vire
-match all scrub (max-mss 1440 no-df random-id reassemble tcp)
-antispoof quick for egress         # Protection vol d'ip
-antispoof quick for lo0            # Protection vol d'ip
-
-# Port build user does not need network
-block return out log proto {tcp udp} user _pbuild
-
-# On bloque tout par défault
-block
-
-block quick on egress from <pfbadhost>
-block in from <sshguard>
-block log quick from <bruteforce> label "brutes"
-
-pass out on egress proto { tcp udp icmp ipv6-icmp } modulate state
-
-EOF
-
+    cp -v default_configruation/pf.conf my_configuration/pf.conf
 }
 
 set_open_service(){
     cat >> my_configuration/pf.conf <<EOF
 #déclaration des variables
 web_ports = "{ http https }"
+
+#On évite les bruteforces
+pass in quick on egress proto { tcp, udp } from <whitelist> to port $web_ports
+pass in on egress proto tcp to port $web_ports flags S/SA keep state \
+                                (max-src-conn 100, max-src-conn-rate 15/5, \
+                                 overload <http_abusive_hosts> flush)
+
 EOF
 
-    if [ "$SERVICE_MAIL" == "yes" ]; then
+    cat >> my_configuration/pf.conf
+    EOF
+    
+    [ "$SERVICE_MAIL" == "yes" ] &&
         echo "mail_ports = \"{ smtp submission imap }\"" >> default_configuration/pf.conf
-    fi
 
-    if [ "$SERVICE_XMPP" == "yes" ]; then
+    [ "$SERVICE_XMPP" == "yes" ] &&
         echo "xmmp_ports = \"{ 5222 5269 }\"" >> default_configuration/pf.conf
-    fi
 
     echo "ssh_port = \"$SSH_PORT\"" >> default_configuration/pf.conf
 
+    [ "$SERVICE_TURN" == "yes" ] &&
+	echo "turn_port = \"TURN_PORT\"" >> default_configuration/pf.conf
+    
     cat >> my_configuration/pf.conf <<EOF
 
 ## Anti bruteforce
@@ -95,13 +71,14 @@ EOF
 pass in on egress proto tcp to port \$ssh_port modulate state \\
   (max-src-conn 5, max-src-conn-rate 15/5, overload <bruteforce> flush global)
 
-#web
-pass in on egress proto tcp to port \$web_ports modulate state \\
-    (max-src-conn 60, max-src-conn-rate 60/1, overload <bruteforce> flush global)
+pass in quick on egress proto { tcp, udp } from <whitelist> to port $web_ports
+pass in on egress proto tcp to port $web_ports flags S/SA keep state \
+     	   	  	   (max-src-conn 100, max-src-conn-rate 15/5, \
+			   overload <http_abusive_hosts> flush)			    
 
 EOF
 
-    if [ "$SERVICE_MAIL" == "yes" ]; then
+    [ "$SERVICE_MAIL" == "yes" ] &&
         cat >> my_configuration/pf.conf <<EOF
 # mails
 ## antispam
@@ -110,19 +87,27 @@ pass in on egress proto tcp to port \$mail_ports modulate state \\
 pass out log on egress proto tcp to any port smtp
 
 EOF
-    fi
 
-    if [ "$SERVICE_XMPP" == "yes" ]; then
+    [ "$SERVICE_XMPP" == "yes" ] &&
         cat >> my_configuration/pf.conf <<EOF
 # XMPP
 pass in on egress proto tcp to port \$xmpp_ports modulate state \\
   (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)
 EOF
-    fi
+
+
+    [ "$SERVICE_TURN" == "yes" ] &&
+	cat >> my_configuration/pf.conf <<EOF
+pass in on egress proto tcp to port $turn_port modulate state \
+  (max-src-conn 20, max-src-conn-rate 30/1, overload <bruteforce> flush global)
+
+pass in on egress proto udp to port $turn_port 
+
+EOF
 
 }
 
-install_pf_and_enable(){
+install_conf_and_enable(){
     pfctl -nf my_configuration/pf.conf
     if [ $? == 0 ]; then
         cp -v /etc/pf.conf /etc/pf.old
@@ -134,5 +119,14 @@ install_pf_and_enable(){
 
 }
 
-set_basic_configuration
-set_open_service
+if [ "$1" == "gen-config-only" ];
+then
+    set_basic_configuration
+    set_open_service
+elif [ "$1" == "install" ];
+then
+    install_firewall_packages
+    set_basic_configuration
+    set_open_service
+    install_conf_and_enable
+fi

configure_mail_service.sh

@@ -5,176 +5,21 @@
 
 install_mails_services_pkg()
 {
-    pkg_add dovecot dovecot-pigeonhole opensmtpd-filter-rspamd \
-            opensmtpd-extras-6.7.1v0 opensmtpd-filter-dkimsign-0.5 rspamd-3.2
+    pkg_add dovecot dovecot-pigeonhole opensmtpd-filter-rspamd redis-6.2.12\
+            opensmtpd-extras-6.7.1v0 opensmtpd-filter-dkimsign-0.5 rspamd-3.2 
 }
 
 gen_mails_service_configuration()
 {
-
-    #Generate opensmtpd configuration
-    cat > my_configuration/mail/smtpd.conf <<EOF
-# See smtpd.conf(5) for more information.
-
-
-# To accept external mail, replace with: listen on all
-#
-
-# les Certificats
-pki "cert_mail" cert "/etc/ssl/$DOMAIN.crt"
-pki "cert_mail" key "/etc/ssl/private/$DOMAIN.key"
-
-table aliases file:/etc/mail/aliases
-table passwd file:/etc/mail/passwd
-table virtuals file:/etc/mail/virtuals
-
-filter "rspamd" proc-exec "filter-rspamd"
-filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/$DOMAIN-private.key" user _dkimsign group _dkimsign
-
-# Activation du check du reverse DNS
-#filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
-#filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
-
-# To accept external mail, replace with: listen on all
-
-
-listen on all tls pki "cert_mail" hostname "$DOMAIN" filter  rspamd
-listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
-
-action "local_mail" mbox alias <aliases>
-action "domain_mail" maildir "/var/vmail/$DOMAIN/%{dest.user:lowercase}" virtual <virtuals>
-action "outbound" relay
-
-
-# Uncomment the following to accept external mail for domain "example.org"
-match from any for domain "$DOMAIN" action "domain_mail"
-match from local for local action "local_mail"
-
-match auth from any for any action "outbound"
-
-EOF
-
-    #Generate spamd configuration
-    cat > my_configuration/mail/spamd.conf <<EOF
-
-all:\
-        :nixspam:
-
-# Nixspam recent sources list.
-# Mirrored from http://www.heise.de/ix/nixspam
-nixspam:\
-        :black:\
-        :msg="Your address %A is in the nixspam list\n\
-        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
-        :method=https:\
-        :file=www.openbsd.org/spamd/nixspam.gz
-
-# An example of a list containing addresses which should not talk to spamd.
-#
-#override:\
-#       :white:\
-#       :method=file:\
-#       :file=/var/db/override.txt:
-
-EOF
-
-    ## Generate Dovecot configuration
-    cat > my_configuration/dovecot/local.conf <<EOF
-listen = *
-protocols = imap
-first_valid_uid = 1000
-first_valid_gid = 1000
-mail_location = maildir:/var/vmail/%d/%n
-mail_plugin_dir = /usr/local/lib/dovecot
-disable_plaintext_auth = yes
-
-managesieve_notify_capability = mailto
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex  imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
-
-mbox_write_locks = fcntl
-mmap_disable = yes
-namespace inbox {
-  inbox = yes
-  location =
-  mailbox Archive {
-  auto = subscribe
-  special_use = \Archive
-  }
-  mailbox Drafts {
-  auto = subscribe
-  special_use = \Drafts
-  }
-  mailbox Junk {
-  auto = subscribe
-  special_use = \Junk
-  }
-  mailbox Sent {
-  auto = subscribe
-  special_use = \Sent
-  }
-  mailbox Trash {
-  auto = subscribe
-  special_use = \Trash
-  }
-  prefix =
+    cp -v default_configuration/opensmtpd/smtpd.conf.example my_configuration/opensmtpd/smtpd.conf
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/opensmtpd/smtpd.conf
+    cp -v default_configuration/opensmtpd/spamd.conf.example my_configuration/opensmtpd/spamd.conf
+    cp -v default_configuration/dovecot/dovecot.conf.example my_configuration/dovecot/dovecot.conf
+    cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/dovecot.conf
 }
 
-service auth {
-    user = $default_internal_user
-    group = _maildaemons
-}
-
-passdb {
-  args = scheme=blf-crypt /etc/mail/passwd
-  driver = passwd-file
-}
-
-plugin {
-  imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
-  imapsieve_mailbox1_causes = COPY
-  imapsieve_mailbox1_name = Junk
-  imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
-  imapsieve_mailbox2_causes = COPY
-  imapsieve_mailbox2_from = Junk
-  imapsieve_mailbox2_name = *
-  sieve = file:~/sieve;active=~/.dovecot.sieve
-  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
-  sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
-  sieve_plugins = sieve_imapsieve sieve_extprograms
-}
-
-
-protocols = imap sieve
-service imap-login {
-  inet_listener imap {
-  port = 143
-  }
-}
-
-ssl = required
-
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = EECDH+AESGCM
-ssl_prefer_server_ciphers = yes
-#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
-
-ssl_cert = </etc/ssl/$DOMAIN.crt
-ssl_key = </etc/ssl/private/$DOMAIN.key
-
-userdb {
-    driver = static
-    args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
-}
-
-protocol imap {
-  mail_plugins = " imap_sieve"
-}
-
-EOF
-
-}
-
-gen_dkim_keys(){
+gen_dkim_keys()
+{
     # Generate dkim key
     openssl genrsa -out my_configuration/mail/$DOMAIN-private.key 2048
     openssl rsa -in my_configuration/mail/$DOMAIN-private.key -pubout | \
@@ -237,11 +82,12 @@ EOF
 
 install_mails_services_configuration()
 {
-    cp my_configuration/mail/smtpd.conf /etc/mail/smtpd.conf
-    cp my_configuration/dovecot/local.conf /etc/dovecot/local.conf
+    cp -v my_configuration/mail/smtpd.conf /etc/mail/smtpd.conf
+    cp -v my_configuration/dovecot/dovecot.conf /etc/dovecot/
+    cp -v my_configuration/dovecot/local.conf /etc/dovecot/local.conf
     mkdir /etc/mail/dkim/
-    cp my_configuration/mail/$DOMAIN-private.key /etc/mail/dkim/
-    cp my_configuration/mail/$DOMAIN-public.key /etc/mail/dkim/
+    cp -v my_configuration/mail/$DOMAIN-private.key /etc/mail/dkim/
+    cp -v my_configuration/mail/$DOMAIN-public.key /etc/mail/dkim/
     chown -R _dkimsign /etc/mail/dkim/
     touch /etc/mail/virtuals
     touch /etc/mail/passwd
@@ -259,7 +105,7 @@ make_system_mails_services_requirements()
     usermod -G _maildaemons _dovecot
     usermod -G _maildaemons _smtpd
 
-    cp /etc/login.conf /etc/login.conf.old
+    cp /etc/login.conf /etc/login.conf.orig
     cat >> /etc/login.conf <<EOF
 dovecot:\
     :openfiles-cur=1024:\
@@ -269,15 +115,23 @@ EOF
 
 }
 
-mkdir my_configuration/mail
-mkdir my_configuration/dovecot
+make_directory_configuration()
+{
+    mkdir my_configuration/mail
+    mkdir my_configuration/dovecot
+}
 
-install_mails_services_pkg
-gen_mails_service_configuration
-gen_dkim_keys
-gen_mails_service_utils
-install_mails_services_configuration
-make_system_mails_services_requirements
-rcctl enable redis
-rcctl start redis
-restart_mails_service
+if [ "$1" == "gen-config-only" ];
+then
+    gen_mails_service_configuration
+    gen_dkim_keys
+elif [ "$1" == "install" ];
+then
+    install_mails_services_pkg
+    gen_mails_service_configuration
+    gen_dkim_keys
+    install_mails_services_configuration
+    make_system_mails_services_requirements
+    rcctl enable redis
+    rcctl start redis
+    restart_mails_service

default_configuration/dovecot/dovecot.conf.example

@@ -0,0 +1,101 @@
+## Dovecot configuration file
+
+# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
+
+# "doveconf -n" command gives a clean output of the changed settings. Use it
+# instead of copy&pasting files when posting to the Dovecot mailing list.
+
+# '#' character and everything after it is treated as comments. Extra spaces
+# and tabs are ignored. If you want to use either of these explicitly, put the
+# value inside quotes, eg.: key = "# char and trailing whitespace  "
+
+# Most (but not all) settings can be overridden by different protocols and/or
+# source/destination IPs by placing the settings inside sections, for example:
+# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
+
+# Default values are shown for each setting, it's not required to uncomment
+# those. These are exceptions to this though: No sections (e.g. namespace {})
+# or plugin settings are added by default, they're listed only as examples.
+# Paths are also just examples with the real defaults being based on configure
+# options. The paths listed here are for configure --prefix=/usr
+# --sysconfdir=/etc --localstatedir=/var
+
+# Protocols we want to be serving.
+protocols = imap 
+
+# A comma separated list of IPs or hosts where to listen in for connections. 
+# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
+# If you want to specify non-default ports or anything more complex,
+# edit conf.d/master.conf.
+listen = *, ::
+
+# Base directory where to store runtime data.
+#base_dir = /var/dovecot/
+
+# Name of this instance. In multi-instance setup doveadm and other commands
+# can use -i <instance_name> to select which instance is used (an alternative
+# to -c <config_path>). The instance name is also added to Dovecot processes
+# in ps output.
+#instance_name = dovecot
+
+# Greeting message for clients.
+#login_greeting = Dovecot ready.
+
+# Space separated list of trusted network ranges. Connections from these
+# IPs are allowed to override their IP addresses and ports (for logging and
+# for authentication checks). disable_plaintext_auth is also ignored for
+# these networks. Typically you'd specify your IMAP proxy servers here.
+#login_trusted_networks =
+
+# Space separated list of login access check sockets (e.g. tcpwrap)
+#login_access_sockets = 
+
+# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
+# proxying. This isn't necessary normally, but may be useful if the destination
+# IP is e.g. a load balancer's IP.
+#auth_proxy_self =
+
+# Show more verbose process titles (in ps). Currently shows user name and
+# IP address. Useful for seeing who are actually using the IMAP processes
+# (eg. shared mailboxes or if same uid is used for multiple accounts).
+#verbose_proctitle = no
+
+# Should all processes be killed when Dovecot master process shuts down.
+# Setting this to "no" means that Dovecot can be upgraded without
+# forcing existing client connections to close (although that could also be
+# a problem if the upgrade is e.g. because of a security fix).
+#shutdown_clients = yes
+
+# If non-zero, run mail commands via this many connections to doveadm server,
+# instead of running them directly in the same process.
+#doveadm_worker_count = 0
+# UNIX socket or host:port used for connecting to doveadm server
+#doveadm_socket_path = doveadm-server
+
+# Space separated list of environment variables that are preserved on Dovecot
+# startup and passed down to all of its child processes. You can also give
+# key=value pairs to always set specific settings.
+#import_environment = TZ
+
+##
+## Dictionary server settings
+##
+
+# Dictionary can be used to store key=value lists. This is used by several
+# plugins. The dictionary can be accessed either directly or though a
+# dictionary server. The following dict block maps dictionary names to URIs
+# when the server is used. These can then be referenced using URIs in format
+# "proxy::<name>".
+
+dict {
+  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
+}
+
+# Most of the actual configuration gets included below. The filenames are
+# first sorted by their ASCII value and parsed in that order. The 00-prefixes
+# in filenames are intended to make it easier to understand the ordering.
+#!include conf.d/*.conf
+
+# A config file can also tried to be included without giving an error if
+# it's not found:
+!include_try local.conf

default_configuration/dovecot/local.conf.example

@@ -0,0 +1,89 @@
+listen = *
+protocols = imap
+first_valid_uid = 1000
+first_valid_gid = 1000
+mail_location = maildir:/var/vmail/%d/%n
+mail_plugin_dir = /usr/local/lib/dovecot
+disable_plaintext_auth = yes
+
+managesieve_notify_capability = mailto
+managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex  imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
+
+mbox_write_locks = fcntl
+mmap_disable = yes
+namespace inbox {
+  inbox = yes
+  location =
+  mailbox Archive {
+  auto = subscribe
+  special_use = \Archive
+  }
+  mailbox Drafts {
+  auto = subscribe
+  special_use = \Drafts
+  }
+  mailbox Junk {
+  auto = subscribe
+  special_use = \Junk
+  }
+  mailbox Sent {
+  auto = subscribe
+  special_use = \Sent
+  }
+  mailbox Trash {
+  auto = subscribe
+  special_use = \Trash
+  }
+  prefix =
+}
+
+service auth {
+    user = $default_internal_user
+    group = _maildaemons
+}
+
+passdb {
+  args = scheme=blf-crypt /etc/mail/passwd
+  driver = passwd-file
+}
+
+plugin {
+  imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve/report-spam.sieve
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve/report-ham.sieve
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_name = *
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
+  sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+}
+
+
+protocols = imap sieve
+service imap-login {
+  inet_listener imap {
+  port = 143
+  }
+}
+
+ssl = required
+
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = EECDH+AESGCM
+ssl_prefer_server_ciphers = yes
+#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+
+ssl_cert = </etc/ssl/kitoy.me.crt
+ssl_key = </etc/ssl/private/kitoy.me.key
+
+userdb {
+    driver = static
+    args = uid=vmail gid=vmail home=/var/vmail/%d/%n/ 
+}
+
+protocol imap {
+  mail_plugins = " imap_sieve"
+}

default_configuration/nginx/nginx.conf.example

@@ -0,0 +1,52 @@
+
+user www;
+worker_processes auto;
+pid /var/www/run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log /var/www/logs/nginx/access.log;
+        error_log /var/www/logs/nginx/error.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+         ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/sites-enabled/*;
+}

default_configuration/nginx/nginx.conf.example~

@@ -0,0 +1,52 @@
+
+user www;
+worker_processes auto;
+pid /var/www/run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log /var/www/logsnginx/access.log;
+        error_log /var/www/logs/nginx/error.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+         ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/sites-enabled/*;
+}

default_configuration/nginx/site-available/example

@@ -0,0 +1,39 @@
+server {
+        listen 80;
+        server_name __DOMAIN__;
+
+        #Ajout pour les certificats letsencrypt
+        include snippets/acme-challenge.conf;
+
+        return 301 https://$http_host$request_uri;
+
+        root /html/$DOMAIN;
+
+}
+
+server {
+    listen 443 ssl http2;
+    server_name __DOMAIN__;
+
+
+    ssl_certificate         /etc/ssl/__DOMAIN__.crt;
+    ssl_certificate_key     /etc/ssl/private/__DOMAIN__.key;
+
+   #Ajout d'une configuration ssl securise
+   include snippets/secure-ssl.conf;
+
+    # Speeds things up a little bit when resuming a session
+    # ssl_session_timeout 5m;
+    # ssl_session_cache shared:SSL:5m;
+
+        # Ajout pour le certificat letsencrypt
+        include snippets/acme-challenge.conf;
+
+        # Ajout pour securiser les headers
+        include snippets/secure-headers.conf;
+}
+
+    # Path to the root of your installation
+   root /html/$DOMAIN;
+
+}

default_configuration/nginx/site-available/example~

@@ -0,0 +1,39 @@
+server {
+        listen 80;
+        server_name $DOMAIN;
+
+        #Ajout pour les certificats letsencrypt
+        include snippets/acme-challenge.conf;
+
+        return 301 https://$http_host$request_uri;
+
+        root /html/$DOMAIN;
+
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $DOMAIN;
+
+
+    ssl_certificate         /etc/ssl/$DOMAIN.crt;
+    ssl_certificate_key     /etc/ssl/private/$DOMAIN.key;
+
+   #Ajout d'une configuration ssl securise
+   include snippets/secure-ssl.conf;
+
+    # Speeds things up a little bit when resuming a session
+    # ssl_session_timeout 5m;
+    # ssl_session_cache shared:SSL:5m;
+
+        # Ajout pour le certificat letsencrypt
+        include snippets/acme-challenge.conf;
+
+        # Ajout pour securiser les headers
+        include snippets/secure-headers.conf;
+}
+
+    # Path to the root of your installation
+   root /html/$DOMAIN;
+
+}

default_configuration/opensmtpd/smtpd.conf.example

@@ -0,0 +1,31 @@
+# See smtpd.conf(5) for more information.
+# To accept external mail, replace with: listen on all
+#
+# Les certificats
+
+pki "cert_mail" cert "/etc/ssl/__DOMAIN__.crt"
+pki "cert_mail" key "/etc/ssl/private/__DOMAIN__.key"
+
+table aliases file:/etc/mail/aliases
+table passwd file:/etc/mail/passwd
+table virtuals file:/etc/mail/virtuals
+
+filter "rspamd" proc-exec "filter-rspamd"
+filter "dkimsign" proc-exec "filter-dkimsign -d __DOMAIN__ -s dkim -k /etc/mail/dkim/__DOMAIN__-private.key" user _dkimsign group _dkimsign
+
+# Activation du check du reverse DNS
+#filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
+#filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
+
+listen on all tls pki "cert_mail" hostname "__DOMAIN__" filter  rspamd
+listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
+
+action "local_mail" mbox alias <aliases>
+action "domain_mail" maildir "/var/vmail/__DOMAIN__/%{dest.user:lowercase}" virtual <virtuals>
+action "outbound" relay
+
+
+match from any for domain "__DOMAIN__" action "domain_mail"
+match from local for local action "local_mail"
+
+match auth from any for any action "outbound"

default_configuration/opensmtpd/smtpd.conf.example~

@@ -0,0 +1,37 @@
+# See smtpd.conf(5) for more information.
+
+
+# To accept external mail, replace with: listen on all
+#
+
+# les Certificats
+pki "cert_mail" cert "/etc/ssl/__DOMAIN__.crt"
+pki "cert_mail" key "/etc/ssl/private/__DOMAIN__.key"
+
+table aliases file:/etc/mail/aliases
+table passwd file:/etc/mail/passwd
+table virtuals file:/etc/mail/virtuals
+
+filter "rspamd" proc-exec "filter-rspamd"
+filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/__DOMAIN__-private.key" user _dkimsign group _dkimsign
+
+# Activation du check du reverse DNS
+#filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
+#filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
+
+# To accept external mail, replace with: listen on all
+
+
+listen on all tls pki "cert_mail" hostname "__DOMAIN__" filter  rspamd
+listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
+
+action "local_mail" mbox alias <aliases>
+action "domain_mail" maildir "/var/vmail/__DOMAIN__/%{dest.user:lowercase}" virtual <virtuals>
+action "outbound" relay
+
+
+# Uncomment the following to accept external mail for domain "example.org"
+match from any for domain "__DOMAIN__" action "domain_mail"
+match from local for local action "local_mail"
+
+match auth from any for any action "outbound"

default_configuration/opensmtpd/smtpd.conf~

@@ -0,0 +1,37 @@
+# See smtpd.conf(5) for more information.
+
+
+# To accept external mail, replace with: listen on all
+#
+
+# les Certificats
+pki "cert_mail" cert "/etc/ssl/$DOMAIN.crt"
+pki "cert_mail" key "/etc/ssl/private/$DOMAIN.key"
+
+table aliases file:/etc/mail/aliases
+table passwd file:/etc/mail/passwd
+table virtuals file:/etc/mail/virtuals
+
+filter "rspamd" proc-exec "filter-rspamd"
+filter "dkimsign" proc-exec "filter-dkimsign -d $DOMAIN -s dkim -k /etc/mail/dkim/$DOMAIN-private.key" user _dkimsign group _dkimsign
+
+# Activation du check du reverse DNS
+#filter check_rdns phase connect match !rdns disconnect "550 no rDNS available"
+#filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS available"
+
+# To accept external mail, replace with: listen on all
+
+
+listen on all tls pki "cert_mail" hostname "$DOMAIN" filter  rspamd
+listen on all port submission tls-require pki "cert_mail" auth <passwd> filter dkimsign
+
+action "local_mail" mbox alias <aliases>
+action "domain_mail" maildir "/var/vmail/$DOMAIN/%{dest.user:lowercase}" virtual <virtuals>
+action "outbound" relay
+
+
+# Uncomment the following to accept external mail for domain "example.org"
+match from any for domain "$DOMAIN" action "domain_mail"
+match from local for local action "local_mail"
+
+match auth from any for any action "outbound"

default_configuration/opensmtpd/spamd.conf.example

@@ -0,0 +1,19 @@
+all:\
+        :nixspam:
+
+# Nixspam recent sources list.
+# Mirrored from http://www.heise.de/ix/nixspam
+nixspam:\
+        :black:\
+        :msg="Your address %A is in the nixspam list\n\
+        See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
+        :method=https:\
+        :file=www.openbsd.org/spamd/nixspam.gz
+
+# An example of a list containing addresses which should not talk to spamd.
+#
+#override:\
+#       :white:\
+#       :method=file:\
+#       :file=/var/db/override.txt:
+

default_configuration/pf.conf

@@ -1,14 +1,16 @@
+
 #Filtres badhosts et sshguard
 table <pfbadhost> persist file "/etc/pf-badhost.txt"
 table <sshguard> persist
+table <whitelist> persist
 
 ## Table pour les batards de bruteforceurs
 table <bruteforce> persist
-
+table <http_abusive_hosts> persist
 
 set block-policy drop                  # bloque silencieusement
 set skip on lo                         # En local on s'en fou on surveille rien
-set limit table-entries 400000
+set limit table-entries 400000   
 set limit states 100000
 
 
@@ -30,30 +32,3 @@ block in from <sshguard>
 block log quick from <bruteforce> label "brutes"
 
 pass out on egress proto { tcp udp icmp ipv6-icmp } modulate state
-
-#déclaration des variables
-web_ports = "{ http https }"
-mail_ports = "{ smtp submission imap }"
-xmpp_ports = "{ 5222 5269 }"
-ssh_port = "42420"
-
-## Anti bruteforce
-### SSH
-#### Limite à 5 connexions simultanne par IP source
-#### Limite à 15 tentatives de connexion toutes les 5 minutes
-pass in on egress proto tcp to port $ssh_port  modulate state \
-  (max-src-conn 5, max-src-conn-rate 15/5, overload <bruteforce> flush global)
-
-#web
-pass in on egress proto tcp to port $web_ports modulate state \
-    (max-src-conn 60, max-src-conn-rate 60/1, overload <bruteforce> flush global)
-
-# mails
-## antispam
-pass in on egress proto tcp to port  $mail_ports modulate state \
-  (max-src-conn-rate 20/5, overload <bruteforce> flush global)
-pass out log on egress proto tcp to any port smtp
-
-# XMPP
-pass in on egress proto tcp to port $xmpp_ports modulate state \
-  (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)

default_configuration/php/php-fpm.conf

@@ -15,10 +15,10 @@ listen.owner = www
 listen.group = www
 listen.mode = 0660
 pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
+pm.max_children = 10
+pm.start_servers = 4
 pm.min_spare_servers = 1
-pm.max_spare_servers = 3
+pm.max_spare_servers = 6
 chroot = /var/www
 env[HOSTNAME] = $HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin

default_configuration/pywallter/pywallter.rc

@@ -1,15 +1,11 @@
 #!/bin/ksh
 
-daemon="/usr/local/bin/python3"
-daemon_flags="wsgi.py"
+daemon="/usr/local/bin/python3 wsgi.py"
+daemon_execdir="/home/pywallter/pywallter"
 daemon_user="pywallter"
-location="/home/pywallter/pywallter"
 
 . /etc/rc.d/rc.subr
 
-rc_start() {
-        ${rcexec} "cd ${location}; ${daemon} ${daemon_flags}"
-}
 
 rc_bg=YES
 rc_cmd $1

install_nextcloud.sh

@@ -5,24 +5,24 @@
 
 install_package_nextcloud()
 {
-    pkg_add php-bz2-8.0.26 php-curl-8.0.26 php-gd-8.0.26 php-gmp-8.0.26 \
-            php-intl-8.0.26 php-pdo_pgsql-8.0.26 php-zip-8.0.26 \
+    pkg_add php-bz2-8.1.18 php-curl-8.1.18 php-gd-8.1.18 php-gmp-8.1.18 \
+            php-intl-8.1.18 php-pdo_pgsql-8.1.18 php-zip-8.1.18 \
             pecl80-imagick-3.7.0p1 pecl80-redis-5.3.7p0 \
-            nextcloud-24.0.5
+            nextcloud-25.0.6
 }
 
 enable_nextlcoud_php_modules(){
     #enable modules
-    ln -s /etc/php-8.0.sample/gd.ini /etc/php-8.0/gd.ini
-    ln -s /etc/php-8.0.sample/imagick.ini /etc/php-8.0/imagick.ini
-    ln -s /etc/php-8.0.sample/opcache.ini /etc/php-8.0/opcache.ini
-    ln -s /etc/php-8.0.sample/curl.ini /etc/php-8.0/curl.ini
-    ln -s /etc/php-8.0.sample/gmp.ini /etc/php-8.0/gmp.ini
-    ln -s /etc/php-8.0.sample/intl.ini /etc/php-8.0/intl.ini
-    ln -s /etc/php-8.0.sample/redis.ini /etc/php-8.0/redis.ini
-    ln -s /etc/php-8.0.sample/bz2.ini /etc/php-8.0/bz2.ini
-    ln -s /etc/php-8.0.sample/zip.ini /etc/php-8.0/zip.ini
-    ln -s /etc/php-8.0.sample/pdo_pgsql.ini /etc/php-8.0/pdo_pgsql.ini
+    ln -s /etc/php-8.1.sample/gd.ini /etc/php-8.1/gd.ini
+    ln -s /etc/php-8.1.sample/imagick.ini /etc/php-8.1/imagick.ini
+    ln -s /etc/php-8.1.sample/opcache.ini /etc/php-8.1/opcache.ini
+    ln -s /etc/php-8.1.sample/curl.ini /etc/php-8.1/curl.ini
+    ln -s /etc/php-8.1.sample/gmp.ini /etc/php-8.1/gmp.ini
+    ln -s /etc/php-8.1.sample/intl.ini /etc/php-8.1/intl.ini
+    ln -s /etc/php-8.1.sample/redis.ini /etc/php-8.1/redis.ini
+    ln -s /etc/php-8.1.sample/bz2.ini /etc/php-8.1/bz2.ini
+    ln -s /etc/php-8.1.sample/zip.ini /etc/php-8.1/zip.ini
+    ln -s /etc/php-8.1.sample/pdo_pgsql.ini /etc/php-8.1/pdo_pgsql.ini
     restart_php_service
 }
 
@@ -34,8 +34,8 @@ configure_nginx_service(){
 create_nextcloud_db(){
     psql template1 postgres -c "CREATE USER $nextcloud_db_user WITH PASSWORD '$nextcloud_db_pass' CREATEDB ;"
     psql template1 postgres -c "CREATE DATABASE $nextcloud_db_name TEMPLATE template1 ENCODING 'UTF8' ;"
-    psql template1 postgres -c "GRANT ALL PRIVILEGES ON DATABASE $nextcloud_db_name TO $nextcloud_db_user ;"
-    psql template1 postgres -c "GRANT ALL PRIVILEGES ON SCHEMA public TO $nextcloud_db_user ;"
+    psql template1 postgres -c "GRANT ALL PRIVILEGES ON DATABASE $nextcloud_db_name TO $nextcloud_db_user;"
+    psql template1 postgres -c "ALTER DATABASE $nextcloud_db_name OWNER TO nextcloud_db_user;"
 }
 
 
@@ -79,14 +79,23 @@ install_nextcloud(){
          /var/cron/tabs/root
 
 }
-
-
 mkdir my_configuration/nextcloud
-check_services_for_nextlcoud
-install_package_nextcloud
-enable_nextlcoud_php_modules
-configure_nginx_service
-create_nextcloud_db
-install_configuration_files_nextcloud
-install_nextcloud
-restart_webserver_service
+
+if [ "$1" == "gen-config-only" ];
+then
+    check_services_for_nextcloud
+    configure_nginx_service    
+elif [ "$1" == "install" ];
+then
+    check_services_for_nextcloud
+    configure_nginx_service
+    install_package_nextcloud
+    enable_nextlcoud_php_modules
+    create_nextcloud_db
+    install_configuration_files_nextcloud
+    install_nextcloud
+    restart_webserver_service
+fi
+
+
+

install_nginx_service.sh

@@ -10,61 +10,8 @@ install_nginx_package()
 
 gen_nginx_configuration()
 {
-    cat > my_configuration/nginx/nginx.conf <<EOF
-user www;
-worker_processes auto;
-pid /var/www/run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-        worker_connections 768;
-        # multi_accept on;
-}
-
-http {
-
-        ##
-        # Basic Settings
-        ##
-
-        sendfile on;
-        tcp_nopush on;
-        tcp_nodelay on;
-        keepalive_timeout 65;
-        types_hash_max_size 2048;
-        # server_tokens off;
-
-        include /etc/nginx/mime.types;
-        default_type application/octet-stream;
-
-        ##
-        # SSL Settings
-        ##
-
-        ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
-        ssl_prefer_server_ciphers on;
-
-        ##
-        # Logging Settings
-        ##
-
-        access_log /var/www/logsnginx/access.log;
-        error_log /var/www/logs/nginx/error.log;
-
-        ##
-        # Gzip Settings
-        ##
-
-        gzip on;
-         ##
-        # Virtual Host Configs
-        ##
-
-        include /etc/nginx/sites-enabled/*;
-}
-EOF
-
-    openssl dhparam -out default_configuration/nginx/dhparam.pem 2048
+    cp -v default_configuration/nginx/nginx.conf.example my_configuration/nginx/nginx.conf
+    openssl dhparam -out my_configuration/nginx/dhparam.pem 2048
 
 }
 
@@ -72,57 +19,18 @@ EOF
 
 make_default_homepage()
 {
-    cat > my_configuration/nginx/site-available/$DOMAIN <<EOF
-server {
-        listen 80;
-        server_name $DOMAIN;
-
-        #Ajout pour les certificats letsencrypt
-        include snippets/acme-challenge.conf;
-
-        return 301 https://$http_host$request_uri;
-
-        root /html/$DOMAIN;
-
-}
-
-server {
-    listen 443 ssl http2;
-    server_name $DOMAIN;
-
-
-    ssl_certificate         /etc/ssl/$DOMAIN.crt;
-    ssl_certificate_key     /etc/ssl/private/$DOMAIN.key;
-
-   #Ajout d'une configuration ssl securise
-   include snippets/secure-ssl.conf;
-
-    # Speeds things up a little bit when resuming a session
-    # ssl_session_timeout 5m;
-    # ssl_session_cache shared:SSL:5m;
-
-        # Ajout pour le certificat letsencrypt
-        include snippets/acme-challenge.conf;
-
-        # Ajout pour securiser les headers
-        include snippets/secure-headers.conf;
-}
-
-    # Path to the root of your installation
-   root /html/$DOMAIN;
-
-}
-EOF
-
+    cp -v default_configuration/nginx/site-avalaible/example \
+       my_configuration/nginx/site-available/$DOMAIN
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/nginx/site-available/$DOMAIN
 }
 
 install_nginx_configuration(){
-    mkdir /etc/nginx/sites-enabled/
-    mkdir /etc/nginx/sites-available/
-    mkdir /etc/nginx/snippets/
-    cp my_configuration/nginx/nginx.conf /etc/nginx/nginx.conf
-    cp my_configuration/nginx/dhparam.pem /etc/nginx/dhparam.pem
-    cp my_configuration/nginx/snippets/* /etc/nginx/snippets/
+    mkdir -v /etc/nginx/sites-enabled/
+    mkdir -v /etc/nginx/sites-available/
+    mkdir -v /etc/nginx/snippets/
+    cp -v my_configuration/nginx/nginx.conf /etc/nginx/nginx.conf
+    cp -v my_configuration/nginx/dhparam.pem /etc/nginx/dhparam.pem
+    cp -v my_configuration/nginx/snippets/* /etc/nginx/snippets/
 }
 
 install_chroot_env()
@@ -130,23 +38,21 @@ install_chroot_env()
     mkdir /var/www/etc/ssl/
     install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc/
     install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/
-
 }
 
 add_logs_to_newssyslog(){
     cp -v /etc/newsyslog.conf /etc/newsyslog.conf.old
-    egrep -v "nginx" /etc/newsyslog.conf > /tmp/newsyslog.conf
+    egrep -v "nginx|httpd" /etc/newsyslog.conf > /tmp/newsyslog.conf
     cat >> /tmp/newsyslog.conf <<EOF
 /var/www/logs/access.log                644  2     *    \$W0   Z /var/www/run/nginx.pid SIGUSR1
 /var/www/logs/error.log                 644  2     250  *     Z /var/www/run/nginx.pid SIGUSR1
-
 EOF
     mv /tmp/newsyslog.conf /etc/newsyslog.conf
 }
 
 mkdir my_configuration/nginx/
-install_nginx_package
+#install_nginx_package
 gen_nginx_configuration
-install_chroot_env
-install_nginx_configuration
-restart_webserver_service
+#install_chroot_env
+#install_nginx_configuration
+#restart_webserver_service

install_php.sh

@@ -2,42 +2,11 @@
 
 install_php_package()
 {
-    pkg_add php-8.0.26
+    pkg_add php-8.1.18
 }
 
 gen_php_configuration(){
-    cat > my_configuration/php/php-fpm.conf <<EOF
-;;;;;;;;;;;;;;;;;;;;;
-; FPM Configuration ;
-;;;;;;;;;;;;;;;;;;;;;
-[global]
-error_log = log/php-fpm.log
-;;;;;;;;;;;;;;;;;;;;
-; Pool Definitions ;
-;;;;;;;;;;;;;;;;;;;;
-include=/etc/php-fpm.d/*.conf
-[www]
-user = www
-group = www
-listen = /var/www/run/php-fpm.sock
-listen.owner = www
-listen.group = www
-listen.mode = 0660
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
-chroot = /var/www
-env[HOSTNAME] = \$HOSTNAME
-env[PATH] = /usr/local/bin:/usr/bin:/bin
-env[TMP] = /tmp
-env[TMPDIR] = /tmp
-env[TEMP] = /tmp
-
-
-EOF
-
+    cp -v default_configuration/php/php-fpm.conf my_configuration/php/php-fpm.conf 
 }
 
 install_configurations_files()
@@ -53,7 +22,13 @@ start_php_service()
 }
 
 mkdir my_configuration/php/
-install_php_package
-gen_php_configuration
-install_configurations_files
-start_php_service
+if [ "$1" == "gen-config-only" ];
+then
+    gen_php_configuration
+elif [ "$1" == "install" ];
+then
+    install_php_package
+    gen_php_configuration
+    install_configurations_files
+    start_php_service
+fi

install_postgresql_service.sh

@@ -2,46 +2,41 @@
 
 install_postresql_packages()
 {
-    pkg_add postgresql-client-14.5 postgresql-server-14.5
+    pkg_add postgresql-client-15.2 postgresql-server-15.2
 }
 
 configure_postgresql_service()
 {
-    cat > my_configuration/postgresql/pg_hba.conf <<EOF
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
-
-local   all     postgres        trust
-# "local" is for Unix domain socket connections only
-#local   all             all                                     md5
-# IPv4 local connections:
-host    all             all             127.0.0.1/32            md5
-
-
-# IPv6 local connections:
-host    all             all             ::1/128                 md5
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-local   replication     all                                     md5
-host    replication     all             127.0.0.1/32            md5
-host    replication     all             ::1/128                 md5
-
-EOF
-    su -m _postgresql -c "mkdir /var/postgresql/data"
-    echo $postgresql_root_password > /tmp/passwordpsql.txt
-    su -m _postgresql -c "initdb -D /var/postgresql/data -U postgres -A md5 -E UTF8 --pwfile=/tmp/passwordpsql.txt"
-    rm /tmp/passwordpsql.txt
+    cp -v default_configuration/postgresql/pg_hba.conf my_configuration/postgresql/pg_hba.conf    
 }
 
-install_postgresql_configurations_files(){
+make_data_directory()
+{
+    su -m _postgresql -c "mkdir /var/postgresql/data"
+    echo $postgresql_root_password > /tmp/passwordpsql.txt
+    [ ! -d "/var/postgresql/data" ] || mv /var/postgresql/data /var/postgresql/data.old
+    su -m _postgresql -c "initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 --pwfile=/tmp/passwordpsql.txt"
+    rm /tmp/passwordpsql.txt 
+}
+
+install_postgresql_configurations_files()
+{
     cp -v my_configuration/postgresql/pg_hba.conf /var/postgresql/data/pg_hba.conf
 }
 
-start_postgresql_service(){
+start_postgresql_service()
+{
     rcctl start postgresql
 }
 
-mkdir my_configuration/postgresql/
-#install_postresql_packages
-configure_postgresql_service
-install_postgresql_configurations_files
-start_postgresql_service
+
+if [ "$1" == "gen-config-only" ];
+then
+    configure_postgresql_service
+elif [ "$1" == "install" ];
+then
+    install_postresql_packages
+    configure_postgresql_service
+    install_postgresql_configurations_files
+    start_postgresql_service
+fi

install_pywallter.sh

@@ -28,11 +28,22 @@ DOSSIER_APP = "./users/"
 DATABASE = "./base.db"
 EXT_IMG= {'.jpg', '.JPG', '.png', '.PNG', '.gif', '.GIF', '.bmp', '.BMP', '.jpeg', '.JPEG' }
 SIGNIN_ENABLE = True
-XMPP_SERVER = True
-MAIL_SERVER = True
 SETUID='doas'
 EOF
 
+    if [ SERVICE_MAIL = "yes" ];
+       then
+	   echo "MAIL_SERVER = True" >> my_configuration/pywallter/config.py
+       else
+	   echo "MAIL_SERVER = False" >> my_configuration/pywallter/config.py
+    fi
+
+    if [ SERVICE_XMPP = "yes" ];
+    then
+	echo "XMPP_SERVER = True" >> my_configuration/pywallter/config.py
+    else
+	echo "XMPP_SERVER = False" >> myconfiguration/pywallter/config.py
+    fi
 }
 
 
@@ -58,7 +69,15 @@ EOF
 }
 
 mkdir my_configuration/pywallter/
-gen_pywallter_configuration_app
-gen_nginx_pywallter_app
-install_pywallter_app
-install_pywallter_configuration_files
+
+if [ "$1" == "gen-config-only" ];
+then
+    gen_pywallter_configuration_app
+    gen_nginx_pywallter_app
+elif [ "$1" == "install" ];
+then
+    gen_pywallter_configuration_app
+    gen_nginx_pywallter_app
+    install_pywallter_app
+    install_pywallter_configuration_files
+fi

install_xmpp_service.sh

@@ -13,11 +13,11 @@ install_prosody_package(){
 
 gen_prosody_configuration(){
 
-    cp -v default_configuration/xmpp/prosody.cfg.lua.example default_configuration/xmpp/prosody.cfg.lua
-    sed -i "s/__DOMAIN__/$DOMAIN/g" default_configuration/xmpp/prosody.cfg.lua
-    cp -v default_configuration/xmpp/virtualHosts/example.com.conf default_configuration/xmpp/virtualHosts/$DOMAIN.conf
-    sed -i "s/__DOMAIN__/$DOMAIN/g" default_configuration/xmpp/virtualHosts/$DOMAIN.conf
-    sed -i "s/__xmpp_passphrase_for_filesuploads__/$xmpp_passphrase_for_filesuploads/g" default_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    cp -v default_configuration/xmpp/prosody.cfg.lua.example my_configuration/xmpp/prosody.cfg.lua
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/prosody.cfg.lua
+    cp -v default_configuration/xmpp/virtualHosts/example.com.conf my_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/virtualHosts/$DOMAIN.conf
+    sed -i "s/__xmpp_passphrase_for_filesuploads__/$xmpp_passphrase_for_filesuploads/g" my_configuration/xmpp/virtualHosts/$DOMAIN.conf
 
 
 }
@@ -28,7 +28,6 @@ install_xmpp_certs_ssl(){
     install -o _prosody -g _prosody my_configuration/xmpp/dh-2048.pem /etc/prosody/certs/dh-2048.pem
     install -o _prosody -g _prosody /etc/ssl/private/"$DOMAIN".key /etc/prosody/certs/"$DOMAIN".key;
     install -o _prosody -g _prosody /etc/ssl/"$DOMAIN".crt /etc/prosody/certs/"$DOMAIN".crt;
-
 }
 
 install_prosody_modules(){
@@ -45,7 +44,6 @@ install_prosody_modules(){
 
 
 gen_nginx_configuration_files_upload(){
-
     cp -v default_configuration/xmpp/nginx.conf.sample my_configuration/xmpp/upload.$DOMAIN
     cp -v default_configuration/xmpp/share.php.sample my_configuration/xmpp/share.php
     sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/xmpp/upload.$DOMAIN
@@ -82,6 +80,7 @@ install_xmpp_configurations_files(){
 
 
 mkdir my_configuration/xmpp
+
 if [ "$1" == "gen-config-only" ];
 then
     gen_prosody_configuration
@@ -97,3 +96,11 @@ then
     rcctl enable prosody
     rcctl start prosody
 fi
+
+if [ "$1" == "gen-config-only" ];
+then
+    #code
+elif [ "$1" == "install" ];
+then
+    #Code
+fi

myserver.conf

@@ -1,5 +1,5 @@
 
-## Par défault le domain est le nom d'hote de la machine maisil est possible de le personnaliser
+## Par défault le domain est le nom d'hote de la machine mais il est possible de le personnaliser
 ## comme l'exemple ce-dessous
 # DOMAIN="example.com"
 DOMAIN=`hostname`

utils.sh

@@ -6,7 +6,7 @@ restart_mails_service()
 }
 
 restart_php_service(){
-    rcctl restart php80_fpm
+    rcctl restart php81_fpm
 }
 
 restart_postgresql_service(){