wk2: account management tooling

target/scripts/build/db.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+sudo -u postgres createdb mails
+sudo -u postgres psql mails -f ./build/mail-create-tables.sql

target/scripts/build/libpam-pgsql.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+apt install -y build-essential pkg-config m4 libtool automake autoconf libgcrypt20-dev libtool libpam0g-dev libpq-dev
+
+git clone https://github.com/pam-pgsql/pam-pgsql
+cd pam-pgsql
+
+autoreconf --install
+chmod +x ./configure
+./configure
+make
+
+# sleep .5
+# printf "\n\n\n"
+# sleep .5
+#
+# make install
+#
+# exit 1

target/scripts/build/mail-create-tables.sql

@@ -0,0 +1,50 @@
+CREATE TABLE transport (
+    domain VARCHAR(128) NOT NULL,
+    transport VARCHAR(128) NOT NULL,
+    PRIMARY KEY (domain)
+);
+
+CREATE TABLE users (
+    userid VARCHAR(128) NOT NULL,
+    password VARCHAR(128),
+    realname VARCHAR(128),
+    uid INTEGER NOT NULL,
+    gid INTEGER NOT NULL,
+    home VARCHAR(128),
+    mail VARCHAR(255),
+    PRIMARY KEY (userid)
+);
+
+CREATE TABLE virtual (
+    address VARCHAR(255) NOT NULL,
+    userid VARCHAR(255) NOT NULL,
+    PRIMARY KEY (address)
+);
+
+create view postfix_mailboxes as
+select userid, home||'/' as mailbox from users
+union all
+select domain as userid, 'dummy' as mailbox from transport;
+
+create view postfix_virtual as
+select userid, userid as address from users
+union all
+select userid, address from virtual;
+
+-- TODO: we MUST NOT include default passwords in this script.
+-- in future, it would be nice to generate these accounts as part of setup,
+-- using credentials provided to us by the user.
+-- `mailreader` could be randomly-generated, though.
+CREATE USER mailreader PASSWORD 'mailreader-secret';
+grant select on transport, users, virtual, postfix_mailboxes, postfix_virtual to mailreader;
+
+create user mailwriter password 'mailwriter-secret';
+grant select, insert, update, delete on transport, users, virtual, postfix_mailboxes, postfix_virtual to mailwriter;
+
+-- TODO: remove example users
+insert into transport (domain, transport) values ('domain.org', 'virtual:');
+insert into transport (domain, transport) values ('foo.org', 'virtual:');
+insert into users (userid, uid, gid, home) values ('user@domain.org', 1001, 1001, 'domain.org/mails/user');
+insert into users (userid, uid, gid, home) values ('user2@domain.org', 1001, 1001, 'domain.org/mails/user2');
+insert into users (userid, uid, gid, home) values ('user@foo.org', 1002, 1002, 'foo.org/mails/user');
+insert into virtual (address, userid) values ('foo@foo.org', 'user@foo.org');

target/scripts/build/packages.sh

@@ -1,8 +1,12 @@
 #!/bin/bash
 
+set -e
+
 DEBUG_PACKAGES=(procps)
-POSTFIX_PACKAGES=(postfix)
-DOVECOT_PACKAGES=(dovecot-core dovecot-imapd dovecot-ldap)
+# libpam-pgsql is only available in debian sid at the moment; building in compile step
+DB_PACKAGES=(sasl2-bin libsasl2-modules postgresql)
+POSTFIX_PACKAGES=(postfix postfix-pgsql)
+DOVECOT_PACKAGES=(dovecot-core dovecot-imapd dovecot-pgsql)
 RSPAMD_PACKAGES=(rspamd redis-server)
 FAIL2BAN_PACKAGES=(fail2ban)
 
@@ -10,6 +14,7 @@ PACKAGES=(
     tini
     supervisor
     ${DEBUG_PACKAGES[@]}
+    ${DB_PACKAGES[@]}
     ${POSTFIX_PACKAGES[@]}
     ${DOVECOT_PACKAGES[@]}
     # ${RSPAMD_PACKAGES[@]}