Alpine Linux - User contributions [en]

Setting up dovecot with imap and tls

2024-01-21T09:39:42Z

GrumpyMeow: provided alternative

== General ==
Dovecot should be configured to let users fetch their mail through SSL. The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.

Have a look at [[Hosting_services_on_Alpine#Mail]] for various alternatives and instructions.

== Initial Setup ==
This document is referring to [[Setting_up_postfix_with_virtual_domains]]. You would benefit if you start by reading/following those instructions before you continue with these instructions.

== Dovecot ==

=== Install ===

{{Cmd|apk add dovecot}}

=== Prepare ===
The upcoming configuration is going to need some certificates.

==== Certificates ====
During the installation of Dovecot some default certificates were generated, which we will replace.
We want to keep things clean, so we create a dovecot folder for it's certs/keys

{{Cmd|mkdir /etc/ssl/dovecot}}

Now we start creating the certs

{{Cmd|cd /etc/ssl/dovecot
openssl genrsa 1024 > server.pem # Choose 512 or 1024 as key length
openssl req -new -key server.pem -out request.pem # You will get prompted for various information that is added the the file
openssl genrsa 2048 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem}}

=== Configuration ===
For now I just dump whatever I have.

I will clean up these notes soon.

==== /etc/dovecot/dovecot.conf ====
<pre>
## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/spool/mail
protocols lda { # This line is not changed - it's here to help you know where to make edits
postmaster_address = postmaster@example.net
} # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default { # This line is not changed - it's here to help you know where to make edits
mechanism = plain login digest-md5
passdb passwd-file {
args = /etc/dovecot/dovecot-passwd
}
userdb passwd-file {
args = /etc/dovecot/dovecot-users
}
socket listen {
path = /var/spool/postfix/private/auth
user = postfix
group = postfix
mode = 0660
}
} # This line is not changed - it's here to help you know where to make edits
</pre>

==== /etc/dovecot/dovecot-users ====
The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')

user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::

==== /etc/dovecot/dovecot-passwd ====
To generate the passwords you can use the dovecotpw command. The output can be used to create a password for your 'dovecot-passwd'

{{Cmd|dovecotpw -s MD5-CRYPT}}
or
{{Cmd|doveadm pw -s MD5-CRYPT}}

The /etc/dovecot/passwd file should look like this:

user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0

=== Start dovecot ===
It's time to start. Hopefully it works!

{{Cmd|rc-service dovecot start}}

=== Debugging ===
In case something goes wrong you should have a look in your syslog. Personally I use to tail the logfile while debugging

{{Cmd|tail -f /var/log/dovecot}}

=== Adding/Removing users ===
To add or remove users you need to edit the following files (they are described above):
* [[#.2Fetc.2Fdovecot.2Fdovecot-users|/etc/dovecot/dovecot-users]]
* [[#.2Fetc.2Fdovecot.2Fdovecot-passwd|/etc/dovecot/dovecot-passwd]]
Nothing else should be needed.

[[Category:Mail]]

Setting up dovecot with imap and tls

2024-01-21T09:35:21Z

GrumpyMeow: Minor fixes to make things more clear

== General ==
Dovecot should be configured to let users fetch their mail through SSL. The aim is also to be able to fetch mail with your favorite email-client or mobile devices eg. mobile phones.

Have a look at [[Hosting_services_on_Alpine#Mail]] for various alternatives and instructions.

== Initial Setup ==
This document is referring to [[Setting_up_postfix_with_virtual_domains]]. You would benefit if you start by reading/following those instructions before you continue with these instructions.

== Dovecot ==

=== Install ===

{{Cmd|apk add dovecot}}

=== Prepare ===
The upcoming configuration is going to need some certificates.

==== Certificates ====
During the installation of Dovecot some default certificates were generated, which we will replace.
We want to keep things clean, so we create a dovecot folder for it's certs/keys

{{Cmd|mkdir /etc/ssl/dovecot}}

Now we start creating the certs

{{Cmd|cd /etc/ssl/dovecot
openssl genrsa 1024 > server.pem # Choose 512 or 1024 as key length
openssl req -new -key server.pem -out request.pem # You will get prompted for various information that is added the the file
openssl genrsa 2048 > server.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.pem}}

=== Configuration ===
For now I just dump whatever I have.

I will clean up these notes soon.

==== /etc/dovecot/dovecot.conf ====
<pre>
## These settings varies from the default configuration ##
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/dovecot/server.pem
ssl_key_file = /etc/ssl/dovecot/server.key
ssl_parameters_regenerate = 168
verbose_ssl = yes
login_chroot = yes
login_greeting = Dovecot ready.
mail_location = maildir:/var/spool/mail/vhosts/%d/%n
mail_privileged_group = mail
mail_debug = no
verbose_proctitle = no
valid_chroot_dirs = /var/spool/mail
protocols lda { # This line is not changed - it's here to help you know where to make edits
postmaster_address = postmaster@example.net
} # This line is not changed - it's here to help you know where to make edits
auth_verbose = yes
auth_debug = yes
auth_worker_max_count = 30
auth default { # This line is not changed - it's here to help you know where to make edits
mechanism = plain login digest-md5
passdb passwd-file {
args = /etc/dovecot/dovecot-passwd
}
userdb passwd-file {
args = /etc/dovecot/dovecot-users
}
socket listen {
path = /var/spool/postfix/private/auth
user = postfix
group = postfix
mode = 0660
}
} # This line is not changed - it's here to help you know where to make edits
</pre>

==== /etc/dovecot/dovecot-users ====
The uid/gid number below '1000' should match your 'vmail' account (the account that owns '/var/spool/mail/vhosts')

user1@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::
user2@example.net::1000:1000::/var/spool/vhosts/example.net/:/bin/false::

==== /etc/dovecot/dovecot-passwd ====
To generate the passwords you can use the dovecotpw command. The output can be used to create a password for your 'dovecot-passwd'

{{Cmd|dovecotpw -s MD5-CRYPT}}

The /etc/dovecot/passwd file should look like this:

user1@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0
user2@example.net:$1$tz5sbjAD$Wq9.NkSyNo/oElzFgI68.0

=== Start dovecot ===
It's time to start. Hopefully it works!

{{Cmd|rc-service dovecot start}}

=== Debugging ===
In case something goes wrong you should have a look in your syslog. Personally I use to tail the logfile while debugging

{{Cmd|tail -f /var/log/dovecot}}

=== Adding/Removing users ===
To add or remove users you need to edit the following files (they are described above):
* [[#.2Fetc.2Fdovecot.2Fdovecot-users|/etc/dovecot/dovecot-users]]
* [[#.2Fetc.2Fdovecot.2Fdovecot-passwd|/etc/dovecot/dovecot-passwd]]
Nothing else should be needed.

[[Category:Mail]]

NZBGet

2023-08-15T12:35:49Z

GrumpyMeow: Fixes some minor issue

{{DISPLAYTITLE:NZBGet}}
{{TOC right}}

== Introduction ==

* This guide explains how to install the popular service [https://nzbget.net/ NZBGet] on Alpine Linux. Specifically, the environment used is 3.18 running in an LXC container. This guide should still work in a standard Alpine Linux install.
* This guide sets up NZBGet as a standard rc init service.
* The path {{path|/opt}} is used in this guide, however the choice of path is immaterial to the outcome, for example, {{path|/srv}} should work fine.
* This guide assumes all commands are run as root unless specified.

== Download and install nzbget ==

Fetch and install the latest NZBGet install script. (If you have security concerns, NZBGet code is available to inspect on [https://github.com/nzbget/nzbget GitHub]).

{{Cmd|$ wget https://nzbget.net/download/nzbget-latest-bin-linux.run}}

Run the install script.

{{Cmd|$ chmod +x nzbget-latest-bin-linux.run && ./nzbget-latest-bin-linux.run}}

Move the nzbget directory to {{path|/opt}}}

{{Cmd|# mv nzbget /opt/}}

== Create NZBGet Service ==

Create the NZBGet init file:

{{Cat|/etc/init.d/nzbget|#!/sbin/openrc-run

depend() {
need net
}

start() {
/opt/nzbget/nzbget -D
}

stop() {
/opt/nzbget/nzbget -Q
}
}}

Notice that the commands <code>/opt/nzbget/nzbget -D</code> and <code>/opt/nzbget/nzbget -Q</code> are used to cleanly start and stop the service.

Make the service file executable:

{{Cmd|# chmod +x /etc/init.d/nzbget}}

Add the service to rc init:

{{Cmd|# rc-update add nzbget}}

Start the service:

{{Cmd|# rc-service nzbget start}}

== Notes ==

* At this point, you should be able to reach nzbget at '''http://<YOURIP>:6789'''. You should be able to start and stop the nzbget service and the service should start after a system restart/reboot:

{{Cmd|# rc-service nzbget start}}

{{Cmd|# rc-service nzbget stop}}

* Any further configs can be set using the webgui or in {{path|/opt/nzbget/nzbget.conf}}.
* Of note is the line in {{path|/opt/nzbget/nzbget.conf}}:

<code>DaemonUsername=root</code>

This allows the service to start and run as a specific user, which is a common setup if NZBGet is used in conjunction with other media managers and shared storage. Note that any working directories specified in the settings will require their permissions updated to work correctly.
* NZBGet is quite descriptive in its logs. Check NZBGet's '''Messages''' section for errors, including permissions and paths.

== Updating NZBGet ==

As of version 21.2, the certificate that ships with NZBGet for updating from nzbget.net is expired and updates will consequently fail until it is updated. Fortunately, this can be rectified:

Stop the nzbget service:

{{Cmd|# rc-service nzbget stop}}

If you run the nzbget service under any other user than root, change this back to root temporarily for the update in {{path|/opt/nzbget/nzbget.conf}}:

<code>DaemonUsername=root</code>

Fetch the new and valid certificate:

{{Cmd|$ curl --remote-name --time-cond cacert.pem https://nzbget.net/info/cacert.pem}}

Move the new certificate to the correct path:

{{Cmd|# mv cacert.pem /opt/nzbget/cacert.pem}}

Start the NZBGet service:

{{Cmd|# rc-service nzbget start}}

Navigate to your instance of NZBGet, Settings, System, Update NZBGet:

[[File:2023-07-04 01-07.png|thumb|right|100px|nzbget update screenshot]]

If required, stop the nzbget service again and revert the <code>DaemonUsername</code> to its normal value in {{path|/opt/nzbget/nzbget.conf}}.

[[category:Networking]]

UniFi Controller

2022-10-01T12:46:58Z

GrumpyMeow: Wrong path probably due to copy/paste

{{TOC right}}

= Introduction =

This guide explains how to install the generic Unix UniFi Controller, as available from [http://www.ui.com/ Ubiquiti Networks]. At the time of writing this, a native Alpine Linux package is not available.

Furthermore, this guide uses the incredibly reliable and efficient [http://www.skarnet.org/software/s6/ s6] supervision suite to start and control the UniFi Controller.

A summarized schematic of what will be installed on the filesystem.

The choice of {{path|/srv}} for the UniFi Controller's root directory is based on the fact that it contains both run-time and configuration data, so installing to {{path|/usr/local}}, {{path|/opt}} or {{path|/home}} didn't seem appropriate. Feel free to adjust the steps below, replacing {{path|/srv/unifi}} with wherever you would prefer to install the UniFi Controller software.

<pre>
/
`--etc
|-- unifi
| `-- log
|-- srv
| `-- unifi
| |-- bin
| |-- conf
| |-- data
| |-- dl
| |-- lib
| |-- logs
| |-- run
| `-- webapps
|-- run
| `-- openrc
| `-- s6-scan
| `-- unifi --> /etc/unifi
`-- var
`-- log
`-- unifi
</pre>

= Prerequisite Packages =

== OpenJDK 8 JRE ==

Install <code>openjdk8-jre</code> from the community repository.

Edit <code>/etc/apk/repositories</code> and uncomment the appropriate community repository for your Alpine version:

<code><nowiki>http://host.name/alpine_version/community</nowiki></code>

Update the package cache.

<code>apk update</code>

Install the package.

<code>apk add openjdk8-jre</code>

== MongoDB ==

Install MongoDB

<code>apk add mongodb</code>

== s6 ==

Install [http://www.skarnet.org/software/s6/ s6]

<code>apk add s6</code> which is a service supervision suite, for reliably and efficiently starting, stopping and keeping services running.

The below shows a schematic process tree of how the UniFi Controller will be started and supervised by s6. The controller is written in Java, hence the Java process and it in turn, launches a dedicated instance of MongoDB to store its configuration and run-time data.

<pre>
init
`-- s6-svscan
`-- s6-supervise
|-- s6-log
`-- java
`-- mongod
</pre>

= Install UniFi Controller =

Create the <code>unifi</code> user and group.

<code>adduser -D -H -h /srv/unifi unifi</code>

Change to the parent folder within which you wish to install the UniFi Controller.

<code>cd /srv</code>

Download the generic unix archive of the <code>VERSION</code> you wish to install.

<code>wget http://www.ubnt.com/downloads/unifi/VERSION/UniFi.unix.zip</code>

Unpack the archive.

<code>unzip UniFi.unix.zip</code>

Rename the unpacked directory.

<code>mv UniFi unifi</code>

Change ownership.

<code>chown -R unifi:unifi unifi</code>

Lock down permissions.

<code>chmod o-rwx unifi</code>

Change into the UniFi bin directory.

<code>cd /srv/unifi/bin</code>

Remove the existing file.

<code>rm mongod</code>

Create a symlink to <code>/usr/bin/mongod</code>

<code>ln -s /usr/bin/mongod</code>

= Configure Service Management =

== Create UniFi Service Directory and Files ==

Create an s6 service directory for UniFi.

<code>mkdir -p /etc/unifi/log</code>

Add the <code>run</code> script, using your favourite editor.

<code>vim /etc/unifi/run</code>

Copy and paste the following into it.

<pre>
#!/bin/ash

user='unifi'
group='unifi'

exec 2>&1

base='/srv/unifi'

if [ -d $base ]; then
cd $base
chown -R $user:$group .
version=`head -1 webapps/ROOT/app-unifi/.version`
echo "Starting UniFi Controller $version"
exec s6-setuidgid $user java -jar lib/ace.jar start
else
echo "Missing $base ... aborting"
touch down
fi
</pre>

Ensure that the <code>run</code> script is executable:

<code>chmod 755 /etc/unifi/run</code>

Add the <code>log/run</code> script, using your favourite editor.

<code>vim /etc/unifi/log/run</code>

Copy and paste the following into it.

<pre>
#!/bin/ash

log_user='log'

exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi
</pre>

Ensure that the log/run script is executable:

<code>chmod 755 /etc/unifi/log/run</code>

== Create log User and Directory ==

Create the <code>log</code> user and group.

<code>adduser -D -H -h /var/log log</code>

Create the <code>/var/log/unifi</code> directory

<code>mkdir -p /var/log/unifi</code>

Update the directory ownership.

<code>chown log:log /var/log/unifi</code>

Lock down the permissions.

<code>chmod 750 /var/log/unifi</code>

== Create the OpenRC Service Script ==

Open the script file using your favourite editor.

<code>vim /etc/init.d/unifi</code>

Paste the following into it.

<pre>
#!/sbin/openrc-run

name="unifi"
supervisor=s6
s6_service_path="${RC_SVCDIR}/s6-scan/${name}"

depend() {
need net s6-svscan
after firewall
}

start_pre() {
if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then
ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}"
fi
}
</pre>

Ensure that the script is executable.

<code>chmod 755 /etc/init.d/unifi</code>

== Start the UniFi Controller Service ==

<code>rc-service unifi start</code>

== Configure the UniFi Controller Service to start on boot ==

<code>rc-update add unifi boot</code>

= Simple Backup Script =

Create <code>/usr/local/bin/unifi-backup</code> using your favourite editor.

'''Note:''' This script assumes the use of s6-svc to control unifi. I will modify it in time, to use rc-service instead.

Paste the following into the file.

<pre>
#!/bin/ash

conf_dir='/etc/unifi'
backup_dir='/srv/backup/unifi'
service_dir='/run/openrc/s6-scan/unifi'

start_state='down'

if s6-svok $service_dir; then
if s6-svstat -o up,ready $service_dir | grep -q true; then
echo 'Stopping the UniFi Controller'
start_state='up'
s6-svc -d $service_dir
sleep 3
fi
else
echo 'Warning: The UniFi Controller is not supervised'
exit 1
fi

if s6-svstat -o up $service_dir | grep -q false; then
echo 'Success: The UniFi Controller was stopped'
else
echo 'Error: The UniFi Controller is still running'
exit 1
fi

stamp=`date +%Y-%m-%d_%H%M%S`

mkdir -p $backup_dir
cd $backup_dir
mkdir "data-$stamp"

echo "Backing up to /srv/backup/unifi/data-$stamp.tar.gz"

if rsync -az /srv/unifi/data/ "data-$stamp"; then
echo '* rsync succeeded'
if tar czf "data-$stamp.tar.gz" "data-$stamp"; then
echo '* tar succeeded'
rm -rf "data-$stamp"
echo 'Backup succeeded'
else
echo 'Backup failed: tar failed'
exit 1
fi
fi

if [ "$start_state" == 'up' ]; then
echo 'Starting the UniFi Controller'
s6-svc -u $service_dir
sleep 5
s6-svstat $service_dir
fi
</pre>

[[category:Networking]]