install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cc193c7339
mailsystem/DOC/schleuder3/install_schleuder3_maually.txt

247 lines
7.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ====================
# - Install schleuder3 manually
# ====================
# - See README.md of repository:
# -
# - https://0xacab.org/schleuder/schleuder-deb
# -
# - Requirements
# -
# - ruby >=2.1
# - gnupg >=2.0
# - gpgme
# - sqlite3
# - openssl
# -
apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
apt-get install haveged
# - Additionally these rubygems are required (will be installed automatically unless present):
# -
# - rake
# - active_record
# - sqlite3
# - thor
# - thin
# - mail-gpg
# - sinatra
# - sinatra-contrib
# -----
# - Installing Schleuder
# -----
mkdir /usr/local/src/schleuder3
cd /usr/local/src/schleuder3
# - Download the gem and the OpenPGP-signature and verify:
# -
wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem
wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem.sig
gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
gpg --verify schleuder-3.2.1.gem.sig
# - If all went well install the gem:
# -
gem install schleuder-3.2.1.gem
# - Set up schleuder:
# -
schleuder install
# - Output command 'schleuder install':
# -
root@schleuder3:/usr/local/src/schleuder3 # schleuder install
-- create_table("lists", {:force=>:cascade})
-> 0.0119s
-- create_table("subscriptions", {:force=>:cascade})
-> 0.0060s
-- add_index("subscriptions", ["email", "list_id"], {:name=>"index_subscriptions_on_email_and_list_id", :unique=>true})
-> 0.0053s
-- add_index("subscriptions", ["list_id"], {:name=>"index_subscriptions_on_list_id"})
-> 0.0056s
-- initialize_schema_migrations_table()
-> 0.0113s
NOTE: The database was prepared using sqlite. If you prefer to use a different DBMS please edit the 'database'-section in /etc/schleuder/schleuder.yml, create the database, install the corresponding ruby-library (e.g. `gem install mysql`) and run this current command again
Private key written to: /etc/schleuder/schleuder-private-key.pem
Certificate written to: /etc/schleuder/schleuder-certificate.pem
Fingerprint of generated certificate: 9c70d382a0780904b2cd3a71b453ef689ea06ce18f46258bb668399742d2a794
Have this fingerprint included into the configuration-file of all clients that want to connect to your Schleuder API.
! Warning: this process was run as root — please make sure the above files are accessible by the user that is running `schleuder-api-daemon`.
Schleuder has been set up. You can now create a new list using `schleuder-cli`.
We hope you enjoy!
# -----
# - Installing schleuder-cli (to manage lists from the command line)
# -----
cd /usr/local/src/schleuder3
# - Download the gem and the OpenPGP-signature and verify:
# -
wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem
wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem.sig
gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
gpg --verify schleuder-cli-0.1.0.gem.sig
cd /etc/postfix
ln -s /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/postfix/schleuder_sqlite.cf
cat <<EOF > /etc/postfix/transport_schleuder
cryptolists.mail36.net schleuder:
EOF
postmap btree:/etc/postfix/transport_schleuder/
if ! grep -A 3 -E "^\s*transport_maps" /etc/postfix/main.cf | grep -q "btree:/etc/postfix/transport_schleuder" ; then
perl -i -n -p -e "s#^(\s*transport_maps\s*=.*)#\1\n btree:/etc/postfix/transport_schleuder#" /etc/postfix/main.cf
fi
groupadd -r schleuder
useradd -r -M -d /noexistent -s /bin/false -g schleuder schleuder
chown -R schleuder:schleuder /var/lib/schleuder /etc/schleuder
systemctl stop postfix
rm -fr /var/lib/postfix/verify_cache.db
systemctl start postfix
# -----
# - Configure schleuder-api-daemon systemd service
# -----
cp /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/schleuder-api-daemon.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable schleuder-api-daemon.service
systemctl start schleuder-api-daemon.service
# ---
# - Enable user schleuder for managing lists
# ---
backup_date="$(date +%Y-%m-%d-%H%M)"
schleuder_config="/etc/schleuder/schleuder.yml"
user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
# - Create API Key for user schleuder
# -
api_key="$(schleuder new_api_key)"
# - Add the generated API Key to the list of valid api keys at
# - configuration file $schleuder_config
# -
if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
perl -i.$backup_date -n -p \
-e "s/(^(\s*)valid_api_keys:.*)/\1\n\2 - ${api_key}/" \
$schleuder_config
fi
# - Add generated API Key to schleuder's configuration file
# - '${user_schleuder_config}'
# -
# - If no configuration file present, create a new default one.
# -
have_dot_schleuder_cli_yml=true
if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
have_dot_schleuder_cli_yml=false
elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
# - If the directory is present, no default configuration file (see below)
# - will be written
# -
mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
have_dot_schleuder_cli_yml=false
fi
if ! $have_dot_schleuder_cli_yml ; then
# Creates a default configuration file '${user_schleuder_config}'
#
su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
fi
# - Now, add the API Key..
# -
perl -i.$backup_date -n -p \
-e "s/^(\s*api_key:).*/\1 ${api_key}/" \
${user_schleuder_config}
# - Get tls fingerprint of configured certificate
# -
cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
# - Add the fingerprint to schleuder users private configuration file
# -
if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
perl -i.$backup_date -n -p \
-e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
${user_schleuder_config}
fi
# - Restart 'schleuder-api-daemon'
# -
systemctl restart schleuder-api-daemon
# -----
# - Maintenance
# -----
# - Please take care to have the following commands run by the user that owns the
# - directory of schleuder lists (by default /var/lib/schleuder/lists) to avoid
# - running into file permission problems!
# - Schleuder can check all keys that are present in the lists keyrings for
# - (upcoming) expiration dates, revocation, or other reasons for not being
# - usable.
# -
# - Note: take care tcp port 11371 is open for calling pgp-keyservers
# -
# - Call this command weekly from cron to automate the check and have the
# - results sent to the respective list-admins:
# -
# - schleuder check_keys
# -
su schleuder -c "/usr/local/bin/schleuder check_keys" -s /bin/bash
# - Schleuder can also refresh all keys in the same manner. Each key of each
# - list will be refreshed from a keyserver one by one. If youre using gpg 2.1,
# - its possible to configure a TOR onion service to be used as keyserver! See
# - the config for an example.
# -
# - Call this command weekly from cron to automate the check and have the results
# - sent to the respective list-admins:
# -
# - schleuder refresh_keys
# -
su schleuder -c "/usr/local/bin/schleuder schleuder refresh_keys" -s /bin/bash
Reference in New Issue View Git Blame Copy Permalink