first release

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 VA
+Copyright (c) 2024 Unitas Network GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

Makefile

@@ -0,0 +1,75 @@
+OT_VER ?= 0.60.2
+OT_SUBVER ?= 
+OT_TARBALL = v$(OT_VER).tar.gz
+OT_URL = https://github.com/decalage2/oletools/archive/refs/tags/$(OT_TARBALL)
+
+OF_COMMIT ?= e9e593bf29799e3f61023125cbfd5cd3c1338cf4
+OF_TARBALL = $(OF_COMMIT).tar.gz
+OF_URL = https://github.com/HeinleinSupport/olefy/archive/$(OF_TARBALL)
+
+RF_COMMIT ?= 66c24d19222f7a21e4cb7c38f1618c909fba47f9
+RF_TARBALL = $(RF_COMMIT).tar.gz
+RF_URL = https://github.com/HeinleinSupport/razorfy/archive/$(RF_TARBALL)
+
+preinstall:
+	# hardcoded users and groups
+	$(inroot) useradd --system --comment="created from appliance building - olefy user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 603 --user-group olefy
+	$(inroot) useradd --system --comment="created from appliance building - razorfy user" --home-dir="/dev/null" --shell="/sbin/nologin" --no-create-home --uid 608 --user-group razorfy
+
+install_oletools:
+	# oletools zur Office-Macro-Erkennung in rspamd
+	$(inroot) test -f /usr/portage/distfiles/$(OT_TARBALL) || \
+		$(inroot) wget -P /usr/portage/distfiles $(OT_URL)
+	$(inroot) sh -c 'tar xf /usr/portage/distfiles/$(OT_TARBALL) -C /tmp && cd /tmp/oletools-$(OT_VER) && python setup.py install'
+
+install_olefy:
+	$(inroot) test -f /usr/portage/distfiles/$(OF_TARBALL) || \
+		$(inroot) wget -P /usr/portage/distfiles $(OF_URL)
+	$(inroot) sh -c 'tar xf /usr/portage/distfiles/$(OF_TARBALL) -C /tmp && cd /tmp/olefy-$(OF_COMMIT) && cp olefy.py /usr/bin && cp olefy.conf /etc && cp olefy.service /etc/systemd/system'
+	sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/usr/bin/olefy.py
+	sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/olefy.conf
+	sed -i 's#OLEFY_LOGLVL=30#OLEFY_LOGLVL=20#' $(CHROOT)/etc/olefy.conf
+	sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/olefy.service
+
+install_razorfy:
+	# razorfy zur Razor-Einbindung in rspamd
+	$(inroot) test -f /usr/portage/distfiles/$(RF_TARBALL) || \
+		$(inroot) wget -P /usr/portage/distfiles $(RF_URL)
+	$(inroot) sh -c 'tar xf /usr/portage/distfiles/$(RF_TARBALL) -C /tmp && cd /tmp/razorfy-$(RF_COMMIT) && cp razorfy.pl /usr/bin && cp razorfy.conf /etc && cp razorfy.service /etc/systemd/system'
+	sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/razorfy.service
+
+configure_redis:
+	sed -i 's#maxmemory 64MB#maxmemory 512MB#' $(CHROOT)/etc/redis/redis.conf
+	sed -i 's#maxmemory-policy noeviction#maxmemory-policy noeviction\nmaxmemory-policy volatile-ttl#' $(CHROOT)/etc/redis/redis.conf
+
+$(CHROOT)/etc/sysctl.d/99-rspamd.conf:
+	mkdir -p $(CHROOT)/etc/sysctl.d
+	echo "# Empfehlung für rspamd" > $@
+	echo "vm.overcommit_memory = 1" >> $@
+
+$(CHROOT)/var/lib/mysql: mariadb/my.cnf.root
+	# MariaDB-Konfiguration ($$, weil make ein $ entfernt)
+	sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "innodb_buffer_pool_size = 256M" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	echo "innodb_strict_mode = OFF" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf
+	cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf
+	chmod 0600 $(CHROOT)/root/.my.cnf
+	rm -rf $(CHROOT)/var/lib/mysql/*
+	RUN bash -c 'yes gentoo | emerge --config dev-db/mariadb'
+
+postinstall: install_oletools install_olefy install_razorfy configure_redis $(CHROOT)/etc/sysctl.d/99-rspamd.conf $(CHROOT)/var/lib/mysql
+##	# Wegen razorfy muß Perl mit USE=ithreads gebaut werden.
+##	# Deswegen müssen auch alle Module neu erstellt werden.
+##	$(inroot)perl-cleaner --reallyall
+
+	# Anpassungen
+	$(inroot) usermod -a -G clamav rspamd
+
+clean:

make.conf

@@ -0,0 +1 @@
+PERL_FEATURES="ithreads"

mariadb/my.cnf.root

@@ -0,0 +1,11 @@
+[mysqladmin]
+user        = root
+password    = gentoo
+
+[mysql]
+user        = root
+password    = gentoo
+
+[client]
+user        = root
+password    = gentoo

package.accept_keywords

@@ -0,0 +1,19 @@
+# Grundsystem
+app-emulation/open-vm-tools
+sys-auth/pam_ssh_agent_auth
+
+# rspamd + Zusatztools
+mail-filter/dcc
+mail-filter/rspamd
+
+# ClamAV Zusatz-Signaturen
+app-antivirus/clamav-unofficial-sigs
+
+# SOGo
+gnustep-base/gnustep-make
+gnustep-libs/sope
+gnustep-apps/sogo
+
+# Kalenderabfrage
+dev-python/recurring-ical-events
+dev-python/x-wr-timezone

package.use

@@ -0,0 +1,44 @@
+app-admin/sudo -sendmail
+app-editors/nano ncurses
+app-emulation/open-vm-tools pic -modules
+app-misc/mc -slang
+dev-lang/python ssl threads xml
+dev-libs/libpcre cxx jit
+dev-libs/libpcre2 jit
+dev-util/pkgconfig internal-glib
+dev-vcs/git -gpg -iconv -pcre -pcre-jit -perl -python -threads -webdav
+net-misc/openssh ssl
+net-misc/wget ssl
+sys-apps/hwids udev
+sys-apps/kmod tools
+sys-apps/net-tools hostname
+sys-apps/portage ipc
+sys-auth/pambase nullok sha512
+sys-devel/gcc cxx nptl
+sys-kernel/gentoo-sources symlink
+
+# Monitoring
+net-analyzer/zabbix agent
+
+# rspamd
+dev-db/redis jemalloc
+dev-libs/jemalloc stats
+dev-libs/vectorscan cpu_flags_x86_sse4_2
+dev-lua/lpeg luajit
+mail-filter/pyzor pyzord redis
+mail-filter/rspamd gd jemalloc pcre2
+media-libs/gd jpeg
+
+# Mail
+mail-mta/postfix cdb dovecot-sasl ldap mysql vda
+net-mail/dovecot ldap lucene managesieve mysql sieve suid
+net-nds/openldap overlays perl sasl
+
+# SOGo
+sys-devel/gcc objc
+x11-libs/cairo X
+gnustep-libs/sope ldap mysql
+gnustep-apps/sogo activesync sodium
+
+# Apache
+www-servers/apache apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_connect apache2_modules_proxy_http apache2_modules_proxy_wstunnel

va-mail.cfg

@@ -0,0 +1,2 @@
+REPO_NAMES += unitas-mail
+REPO_URI_unitas-mail = https://git.unitas-network.de/Gentoo/unitas-mail.git

world

@@ -0,0 +1,36 @@
+acct-group/ldap
+acct-user/ldap
+acct-group/memcached
+acct-user/memcached
+app-admin/logrotate
+app-admin/sudo
+app-emulation/open-vm-tools
+app-emulation/qemu-guest-agent
+app-misc/mc
+app-misc/tmuxservice
+net-analyzer/zabbix
+sys-auth/pam_ssh_agent_auth
+sys-fs/mdadm
+sys-power/acpid
+app-antivirus/clamav
+app-antivirus/clamav-unofficial-sigs
+app-crypt/certbot-apache
+dev-db/mariadb
+dev-db/redis
+gnustep-apps/sogo
+mail-filter/dcc
+mail-filter/pyzor
+mail-filter/razor
+mail-filter/rspamd
+mail-mta/postfix
+net-dns/pdns-recursor
+net-mail/dovecot
+net-mail/imapsync
+net-misc/netkit-telnetd
+net-nds/openldap
+www-servers/apache
+dev-python/python-magic
+dev-python/pyparsing
+dev-python/olefile
+dev-python/recurring-ical-events
+dev-vcs/git

world.README.md

@@ -0,0 +1,18 @@
+# net-nds/openldap und net-misc/memcached haben das nur als BDEPEND:
+acct-group/ldap
+acct-user/ldap
+acct-group/memcached
+acct-user/memcached
+
+# für https://github.com/HeinleinSupport/olefy:
+dev-python/python-magic
+
+# für https://github.com/decalage2/oletools:
+dev-python/pyparsing
+dev-python/olefile
+
+# für mergeCalendars.py-Script (Inkplate-Kalender):
+dev-python/recurring-ical-events
+
+# für Zertifikatesupdate
+dev-vcs/git