diff --git a/cookbooks/fb_cyrus/.delivery/project.toml b/cookbooks/fb_cyrus/.delivery/project.toml new file mode 100644 index 000000000..3a12ab52d --- /dev/null +++ b/cookbooks/fb_cyrus/.delivery/project.toml @@ -0,0 +1,32 @@ +# Delivery for Local Phases Execution +# +# This file allows you to execute test phases locally on a workstation or +# in a CI pipeline. The delivery-cli will read this file and execute the +# command(s) that are configured for each phase. You can customize them +# by just modifying the phase key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# + +[local_phases] +unit = "echo skipping unit phase." +lint = "chef exec cookstyle" +# foodcritic has been deprecated in favor of cookstyle so we skip the syntax +# phase now. +syntax = "echo skipping syntax phase. Use lint phase instead." +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Instead of the local phases above, you may specify a remote URI location for +# the `project.toml` file. This is useful for teams that wish to centrally +# manage the behavior of the `delivery local` command across many different +# projects. +# +# remote_file = "https://url/project.toml" diff --git a/cookbooks/fb_cyrus/.gitignore b/cookbooks/fb_cyrus/.gitignore new file mode 100644 index 000000000..f1e57b87f --- /dev/null +++ b/cookbooks/fb_cyrus/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/cookbooks/fb_cyrus/README.md b/cookbooks/fb_cyrus/README.md new file mode 100644 index 000000000..966546d3f --- /dev/null +++ b/cookbooks/fb_cyrus/README.md @@ -0,0 +1,41 @@ +fb_cyrus Cookbook +================= + +Requirements +------------ + +Attributes +---------- +* node['fb_cyrus']['manage_packages'] +* node['fb_cyrus']['configs']['cyrus'][$SERVICE][$CONFIG] +* node['fb_cyrus']['configs']['imapd'][$KEY] + +Usage +----- + +### Packages + +This cookbook will install the necessary packages and keep them up-to-date. If +you don't want that, you can set `node['fb_cyrus']['manage_packages']` to +`false`. + +Note that this cookbook only sets up the `imapd` services and thus only +installs the core, administrative, and imap packages - it does not install or +setup pop3 or nntp at this time. + +### Configuration + +The default configuration for cyrus.conf is in `node['fb_cyrus']['configs']['cyrus']`, and you can easily add to it. For example, to enable pop3, you could do: + +```ruby +node.default['fb_cyrus']['configs']['cyrus']['SERVICES']['pops3'] = { + ... +} +``` + +The configuration for imapd.conf is in `node['fb_cyrus']['configs']['imapd']`, and you can easily add your certificates with: + +```ruby +node.default['fb_cyrus']['configs']['imapd']['tls_server_cert'] = '...' +node.default['fb_cyrus']['configs']['imapd']['tls_server_key'] = '...' +``` diff --git a/cookbooks/fb_cyrus/attributes/default.rb b/cookbooks/fb_cyrus/attributes/default.rb new file mode 100644 index 000000000..2f3614bb1 --- /dev/null +++ b/cookbooks/fb_cyrus/attributes/default.rb @@ -0,0 +1,117 @@ +default['fb_cyrus'] = { + 'manage_packages' => true, + 'configs' => { + 'cyrus' => { + 'START' => { + 'recover' => { + 'cmd' => '/usr/sbin/cyrus ctl_cyrusdb -r', + }, + 'idled' => { + 'cmd' => 'idled', + }, + 'delprune' => { + 'cmd' => '/usr/sbin/cyrus expire -E 3', + }, + 'tlsprune' => { + 'cmd' => '/usr/sbin/cyrus tls_prune', + }, + 'deleteprune' => { + 'cmd' => '/usr/sbin/cyrus expire -E 4 -D 28', + 'at' => '0430', + }, + 'expungeprune' => { + 'cmd' => '/usr/sbin/cyrus expire -E 4 -X 28', + 'at' => '0445', + }, + }, + 'SERVICES' => { + # required for admin services, but force to listen + # on localhost + 'imap' => { + 'cmd' => 'imapd -U 30', + 'listen' => 'localhost:imap', + 'prefork' => 0, + 'maxchild' => 100, + }, + 'imaps' => { + 'cmd' => 'imapd -s -U 30', + 'listen' => 'imaps', + 'prefork' => 1, + 'maxchild' => 100, + }, + 'lmtpunix' => { + 'cmd' => 'lmtpd', + 'listen' => '/run/cyrus/socket/lmtp', + 'prefork' => 0, + 'maxchild' => 20, + }, + 'sieve' => { + 'cmd' => 'timsieved', + 'listen' => 'localhost:sieve', + 'prefork' => 0, + 'maxchild' => 100, + }, + 'notify' => { + 'cmd' => 'notifyd', + 'listen' => '/run/cyrus/socket/notify', + 'proto' => 'udp', + 'prefork' => 1, + }, + }, + 'EVENTS' => { + 'checkpoint' => { + 'cmd' => '/usr/sbin/cyrus ctl_cyrusdb -c', + 'period' => 30, + }, + 'delprune' => { + 'cmd' => '/usr/sbin/cyrus expire -E 3', + 'at' => '0401', + }, + 'tlsprune' => { + 'cmd' => '/usr/sbin/cyrus tls_prune', + 'at' => '0401', + }, + 'squatter1' => { + 'cmd' => '/usr/bin/ionice -c idle /usr/lib/cyrus/bin/squatter -i', + 'period' => 120, + }, + 'squattera' => { + 'cmd' => '/usr/lib/cyrus/bin/squatter', + 'at' => '0517', + }, + }, + }, + 'imapd' => { + 'configdirectory' => '/var/lib/cyrus', + 'proc_path' => '/run/cyrus/proc', + 'mboxname_lockpath' => '/run/cyrus/lock', + 'defaultpartition' => 'default', + 'partition-default' => '/var/spool/cyrus/mail', + 'partition-news' => '/var/spool/cyrus/news', + 'newsspool' => '/var/spool/news', + 'altnamespace' => 'yes', + 'unixhierarchysep' => 'no', + 'lmtp_downcase_rcpt' => 'yes', + 'admins' => 'cyrus', + 'allowanonymouslogin' => 'no', + 'popminpoll' => 0, + 'autocreate_quota' => 0, + 'umask' => '077', + 'sieveusehomedir' => 'false', + 'sievedir' => '/var/spool/sieve', + 'httpmodules' => 'caldav carddav', + 'hashimapspool' => 'true', + 'allowplaintext' => 'no', + 'sasl_pwcheck_method' => 'auxprop', + 'sasl_auxprop_plugin' => 'sasldb', + 'sasl_auto_transition' => 'no', + 'tls_client_ca_dir' => '/etc/ssl/certs', + 'tls_session_timeout' => 1440, + 'lmtpsocket' => '/run/cyrus/socket/lmtp', + 'idlesocket' => '/run/cyrus/socket/idle', + 'notifysocket' => '/run/cyrus/socket/notify', + 'syslog_prefix' => 'cyrus', + 'debug' => 'yes', + }, + }, +} diff --git a/cookbooks/fb_cyrus/metadata.rb b/cookbooks/fb_cyrus/metadata.rb new file mode 100644 index 000000000..8c279e6e8 --- /dev/null +++ b/cookbooks/fb_cyrus/metadata.rb @@ -0,0 +1,6 @@ +name 'fb_cyrus' +maintainer 'Meta Platforms, Inc.' +maintainer_email 'noreply@facebook.com' +license 'Apache-2.0' +description 'Manages Cyrus Mail Services' +version '0.1.0' diff --git a/cookbooks/fb_cyrus/recipes/default.rb b/cookbooks/fb_cyrus/recipes/default.rb new file mode 100644 index 000000000..636854150 --- /dev/null +++ b/cookbooks/fb_cyrus/recipes/default.rb @@ -0,0 +1,50 @@ +# +# Cookbook:: fb_cyrus +# Recipe:: default +# +# Copyright (c) 2025-present, Facebook, Inc. +# Copyright (c) 2025-present, Phil Dibowitz +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +packages = %w{ + cyrus-admin + cyrus-clients + cyrus-imapd +} + +package 'cyrus packages' do + only_if { node['fb_cyrus']['manage_packages'] } + package_name packages + action :upgrade +end + +template '/etc/cyrus.conf' do + owner 'root' + group 'root' + mode '0644' + notifies :restart, 'service[cyrus-imapd]' +end + +template '/etc/imapd.conf' do + owner 'root' + group 'root' + mode '0644' + notifies :restart, 'service[cyrus-imapd]' +end + +service 'cyrus-imapd' do + action [:enable, :start] +end diff --git a/cookbooks/fb_cyrus/templates/cyrus.conf.erb b/cookbooks/fb_cyrus/templates/cyrus.conf.erb new file mode 100644 index 000000000..d511f114e --- /dev/null +++ b/cookbooks/fb_cyrus/templates/cyrus.conf.erb @@ -0,0 +1,8 @@ +# This file managed by Chef - do not modify! +<% node['fb_cyrus']['configs']['cyrus'].each do |section, config| %> +<%= section.upcase %> { +<% config.each do |entry, options| %> + <%= entry %> <%= options.map { |x, y| "#{x}=#{y.is_a?(Integer) ? y : "\"#{y}\""}" }.join(' ') %> +<% end %> +} +<% end %> diff --git a/cookbooks/fb_cyrus/templates/imapd.conf.erb b/cookbooks/fb_cyrus/templates/imapd.conf.erb new file mode 100644 index 000000000..ffe8bd977 --- /dev/null +++ b/cookbooks/fb_cyrus/templates/imapd.conf.erb @@ -0,0 +1,4 @@ +# This file is controlled by Chef - do not edit! +<% node['fb_cyrus']['configs']['imapd'].each do |key, val| %> +<%= key %>: <%= val %> +<% end %> diff --git a/cookbooks/fb_smartmon/metadata.rb b/cookbooks/fb_smartmon/metadata.rb index 3cda4075e..ed17e9e76 100644 --- a/cookbooks/fb_smartmon/metadata.rb +++ b/cookbooks/fb_smartmon/metadata.rb @@ -5,7 +5,6 @@ license 'All Rights Reserved' source_url 'https://github.com/facebook/chef-cookbooks/' description 'Installs/Configures fb_smartmon' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) # never EVER change this number, ever. version '0.1.0' depends 'fb_helpers'