mailgw: general update

This commit is contained in:
Jörg Deckert 2020-04-11 12:24:31 +02:00
parent f9970bc0db
commit b38725937f
10 changed files with 44 additions and 168 deletions

View File

@ -1,9 +1,9 @@
OT_VER ?= 0.54.2
OT_SUBVER ?= b
OT_VER ?= 0.55
OT_SUBVER ?=
OT_TARBALL = oletools-$(OT_VER).tar.gz
OT_URL = https://github.com/decalage2/oletools/releases/download/v$(OT_VER)$(OT_SUBVER)/$(OT_TARBALL)
OF_COMMIT ?= 7929bd927eaa93d1d67a0cfa6da7bed2be57ca15
OF_COMMIT ?= d66e8aeda9b906e0af946218c7460161aa094f61
OF_TARBALL = $(OF_COMMIT).tar.gz
OF_URL = https://github.com/HeinleinSupport/olefy/archive/$(OF_TARBALL)
@ -22,12 +22,6 @@ preinstall:
$(inroot) $(EMERGE) $(USEPKG) --emptytree @world
$(inroot) bash -c 'yes YES | etc-update --automode -9'
# Unitas-Portage-Overlay einbinden
$(inroot) $(EMERGE) -n $(USEPKG) app-portage/layman
sed -i 's/check_official : Yes/check_official : No/' $(CHROOT)/etc/layman/layman.cfg
wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml
$(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas
install_oletools:
$(inroot) test -f /usr/portage/distfiles/$(OT_TARBALL) || \
$(inroot) wget -P /usr/portage/distfiles $(OT_URL)
@ -37,23 +31,38 @@ install_olefy:
$(inroot) test -f /usr/portage/distfiles/$(OF_TARBALL) || \
$(inroot) wget -P /usr/portage/distfiles $(OF_URL)
$(inroot) sh -c 'tar xf /usr/portage/distfiles/$(OF_TARBALL) -C /tmp && cd /tmp/olefy-$(OF_COMMIT) && cp olefy.py /usr/bin && cp olefy.conf /etc && cp olefy.service /etc/systemd/system'
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/usr/bin/olefy.py
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/olefy.conf
sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/olefy.service
postinstall: timesyncd.conf firstboot.start
postinstall: base/timesyncd.conf base/firstboot.start
# Konfigurationen anpassen
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
mkdir -p $(CHROOT)/etc/local.d
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start
touch $(CHROOT)/firstboot
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
$(inroot) useradd -m -G users,wheel -s /bin/bash admin
sed -i 's#^auth.*$$#auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth include system-auth#' $(CHROOT)/etc/pam.d/sudo
echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
$(inroot) passwd -d admin; $(inroot) passwd -e admin
$(inroot) systemctl enable tmux@root.service
cp base/tmux.conf $(CHROOT)/root/.tmux.conf
# Beispiel feste IP-Adresse
cp 00-eth0.network $(CHROOT)/00-eth0.network.example
cp base/00-eth0.network $(CHROOT)/00-eth0.network.example
# MariaDB-Konfiguration
cp mariadb/my.cnf $(CHROOT)/etc/mysql/my.cnf
# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_buffer_pool_size = 256M" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
chmod 0600 $(CHROOT)/root/.my.cnf
rm -rf $(CHROOT)/var/lib/mysql/*

3
mailgw/base/tmux.conf Normal file
View File

@ -0,0 +1,3 @@
set -g mouse on
set-option -g set-titles on
set-option -g set-titles-string "#S / #T"

View File

@ -1,14 +1,15 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.19.44-gentoo Kernel Configuration
# Linux/x86 4.19.97-gentoo Kernel Configuration
#
#
# Compiler: gcc (Gentoo Hardened 8.3.0-r1 p1.1) 8.3.0
# Compiler: gcc (Gentoo 9.2.0-r2 p3) 9.2.0
#
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=80300
CONFIG_GCC_VERSION=90200
CONFIG_CLANG_VERSION=0
CONFIG_CC_HAS_ASM_GOTO=y
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_EXTABLE_SORT=y
CONFIG_THREAD_INFO_IN_TASK=y
@ -337,6 +338,9 @@ CONFIG_X86_SMAP=y
CONFIG_X86_INTEL_UMIP=y
# CONFIG_X86_INTEL_MPX is not set
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
CONFIG_X86_INTEL_TSX_MODE_OFF=y
# CONFIG_X86_INTEL_TSX_MODE_ON is not set
# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
# CONFIG_EFI is not set
CONFIG_SECCOMP=y
# CONFIG_HZ_100 is not set
@ -557,7 +561,7 @@ CONFIG_FIRMWARE_MEMMAP=y
CONFIG_DMIID=y
# CONFIG_DMI_SYSFS is not set
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
# CONFIG_ISCSI_IBFT_FIND is not set
# CONFIG_ISCSI_IBFT is not set
CONFIG_FW_CFG_SYSFS=y
# CONFIG_FW_CFG_SYSFS_CMDLINE is not set
# CONFIG_GOOGLE_FIRMWARE is not set
@ -1157,7 +1161,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
CONFIG_XEN_BLKDEV_FRONTEND=y
# CONFIG_XEN_BLKDEV_BACKEND is not set
CONFIG_VIRTIO_BLK=y
# CONFIG_VIRTIO_BLK_SCSI is not set
CONFIG_VIRTIO_BLK_SCSI=y
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set
@ -1477,6 +1481,7 @@ CONFIG_NET_CORE=y
# CONFIG_MACVLAN is not set
# CONFIG_IPVLAN is not set
# CONFIG_VXLAN is not set
# CONFIG_GENEVE is not set
# CONFIG_GTP is not set
# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
@ -1600,7 +1605,7 @@ CONFIG_PHYLIB=y
#
# CONFIG_AMD_PHY is not set
# CONFIG_AQUANTIA_PHY is not set
# CONFIG_ASIX_PHY is not set
# CONFIG_AX88796B_PHY is not set
# CONFIG_AT803X_PHY is not set
# CONFIG_BCM7XXX_PHY is not set
# CONFIG_BCM87XX_PHY is not set
@ -1799,14 +1804,14 @@ CONFIG_HVC_DRIVER=y
CONFIG_HVC_IRQ=y
CONFIG_HVC_XEN=y
CONFIG_HVC_XEN_FRONTEND=y
# CONFIG_VIRTIO_CONSOLE is not set
CONFIG_VIRTIO_CONSOLE=y
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=y
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
CONFIG_HW_RANDOM_INTEL=y
# CONFIG_HW_RANDOM_AMD is not set
# CONFIG_HW_RANDOM_VIA is not set
CONFIG_HW_RANDOM_VIRTIO=y
# CONFIG_HW_RANDOM_VIRTIO is not set
# CONFIG_NVRAM is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
@ -1966,7 +1971,6 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
# CONFIG_INTEL_SOC_PMIC_CHTWC is not set
# CONFIG_MFD_INTEL_LPSS_ACPI is not set
# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
@ -2004,7 +2008,6 @@ CONFIG_BCMA_POSSIBLE=y
# CONFIG_TPS6507X is not set
# CONFIG_MFD_TPS65086 is not set
# CONFIG_MFD_TPS65090 is not set
# CONFIG_MFD_TPS68470 is not set
# CONFIG_MFD_TI_LP873X is not set
# CONFIG_MFD_TPS6586X is not set
# CONFIG_MFD_TPS65912_I2C is not set

View File

@ -16,3 +16,5 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
ENABLE_SSHD = YES
TIMEZONE=Europe/Berlin
LOCALE=de_DE.utf8
REPO_NAMES = unitas
REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git

View File

@ -1,6 +1,6 @@
CFLAGS="-O2 -pipe"
CXXFLAGS="-O2 -pipe"
USE="hardened justify pie ssp urandom xattr xtpax -fortran -pch -pic -prelink -profile -tcc"
USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc"
MAKEOPTS="-j5"
ACCEPT_LICENSE="*"
PYTHON_TARGETS="python3_6"

View File

@ -1,142 +0,0 @@
# /etc/mysql/my.cnf: The global mysql configuration file.
# The following options will be passed to all MySQL clients
[client]
#password = your_password
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysql]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqladmin]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlcheck]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqldump]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlimport]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[mysqlshow]
character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8
[myisamchk]
character-sets-dir=/usr/share/mariadb/charsets
[myisampack]
character-sets-dir=/usr/share/mariadb/charsets
# use [safe_mysqld] with mysql-3
[mysqld_safe]
err-log = /var/log/mysql/mysql.err
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
[mysqld]
character-set-server = utf8
user = mysql
port = 3306
socket = /var/run/mysqld/mysqld.sock
pid-file = /var/run/mysqld/mysqld.pid
log-error = /var/log/mysql/mysqld.err
basedir = /usr
datadir = /var/lib/mysql
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 4M
table_open_cache = 400
sort_buffer_size = 512K
net_buffer_length = 16K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
lc_messages_dir = /usr/share/mariadb
#Set this to your desired error message language
lc_messages = en_US
# security:
# using "localhost" in connects uses sockets by default
# skip-networking
bind-address = 127.0.0.1
##log-bin
server-id = 1
# point the following paths to different dedicated disks
tmpdir = /tmp/
#log-update = /path-to-dedicated-directory/hostname
# you need the debug USE flag enabled to use the following directives,
# if needed, uncomment them, start the server and issue
# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace
# this will show you *exactly* what's happening in your server ;)
#log = /tmp/mysqld.sql
#gdb
#debug = d:t:i:o,/tmp/mysqld.trace
#one-thread
# the rest of the innodb config follows:
# don't eat too much memory, we're trying to be safe on 64Mb boxes
# you might want to bump this up a bit on boxes with more RAM
innodb_buffer_pool_size = 128M
#
# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-(
# and upstream wants things to be under /var/lib/mysql/, so that's the route
# we have to take for the moment
#innodb_data_home_dir = /var/lib/mysql/
#innodb_log_arch_dir = /var/lib/mysql/
#innodb_log_group_home_dir = /var/lib/mysql/
# you may wish to change this size to be more suitable for your system
# the max is there to avoid run-away growth on your machine
innodb_data_file_path = ibdata1:10M:autoextend:max:128M
# we keep this at around 25% of of innodb_buffer_pool_size
# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size)
innodb_log_file_size = 48M
# this is the default, increase it if you have very large transactions going on
innodb_log_buffer_size = 8M
# this is the default and won't hurt you
# you shouldn't need to tweak it
innodb_log_files_in_group=2
# see the innodb config docs, the other options are not always safe
innodb_flush_log_at_trx_commit = 1
innodb_lock_wait_timeout = 50
innodb_file_per_table
# Uncomment this to get FEDERATED engine support
#plugin-load=federated=ha_federated.so
loose-federated
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
# uncomment the next directive if you are not familiar with SQL
#safe-updates
[isamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer_size = 2M
write_buffer_size = 2M
[mysqlhotcopy]
interactive-timeout
[mariadb]

View File

@ -1,6 +1,7 @@
app-admin/logrotate
app-admin/sudo
app-emulation/open-vm-tools
app-emulation/qemu-guest-agent
app-misc/mc
app-misc/tmuxservice
net-analyzer/zabbix