-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloud_init_2.cfg
61 lines (61 loc) · 2.38 KB
/
cloud_init_2.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#cloud-config
users:
- name: ${VM_USER}
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: users, admin
home: /home/${VM_USER}
shell: /bin/bash
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1y...
ssh_pwauth: True
disable_root: false
chpasswd:
list: |
${VM_USER}:linux
expire: False
package_update: true
package_upgrade: true
packages:
- postfix
- mailutils
- libsasl2-2
- libsasl2-modules
- ca-certificates
- unzip
- postfixadmin
- certbot
- python3-certbot-apache
growpart:
mode: auto
devices: ['/']
fqdn: ${VM_HOSTNAME}
hostname: ${VM_HOSTNAME}
write_files:
- path: /etc/postfix/sasl_passwd
content: |
[smtp.gmail.com]:587 gmail_username:gmail_password
owner: root:root
permissions: 0400
runcmd:
- sed -i -e '$aAllowUsers ${VM_USER}' /etc/ssh/sshd_config
- restart ssh
- sudo sed -i 's/relayhost =/relayhost = [smtp.gmail.com]:587/g' /etc/postfix/main.cf
- sudo sed -i 's/inet_protocols =/inet_protocols = ipv4' /etc/postfix/main.cf
- echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf
- echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf
- echo "smtp_sasl_security_options = noanonymous" >> /etc/postfix/main.cf
- echo "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt" >> /etc/postfix/main.cf
- echo "smtp_use_tls = yes" >> /etc/postfix/main.cf
- sudo postmap /etc/postfix/sasl_passwd
- sudo chmod 0400 /etc/postfix/sasl_passwd.db
- sudo wget -O /etc/ssl/certs/thawte_Primary_Root_CA.pem https://www.thawte.com/roots/thawte_Primary_Root_CA.pem
- sudo cat /etc/ssl/certs/thawte_Primary_Root_CA.pem >> /etc/postfix/cacert.pem
- sudo systemctl restart postfix
- sudo touch /etc/apache2/sites-available/mail.your_domain_here.net.conf
- sudo echo "<VirtualHost *:80>" >> /etc/apache2/sites-available/mail.your_domain_here.net.conf
- sudo echo " ServerName mail.your_domain_here.net" >> /etc/apache2/sites-available/mail.your_domain_here.net.conf
- sudo echo " DocumentRoot /var/www/html/" >> /etc/apache2/sites-available/mail.your_domain_here.net.conf
- sudo echo "</VirtualHost>" >> /etc/apache2/sites-available/mail.your_domain_here.net.conf
- sudo a2ensite mail.your_domain_here.net
- sudo systemctl reload apache2
- sudo certbot certonly -a apache --agree-tos --no-eff-email --staple-ocsp --email username@your_domain_here.net -d mail.your_domain_here.net