additional improvements

onemarcfifty · onemarcfifty · commit 2891883c922f · 2023-03-20T18:30:17.000+01:00
added rootCA to the mail server and changed setpwd

Signed-off-by: Marc Ahlgrim &lt;marc@onemarcfifty.com&gt;
diff --git a/deploy-sandbox.sh b/deploy-sandbox.sh
@@ -148,7 +148,8 @@ echo -e "\n ##### configuring the containers \n"
 
 # create a non-root user
 pct exec $CLIENTID -- useradd -m -s /bin/bash -G sudo $NONROOTUSER
-pct exec $CLIENTID -- bash -c "echo -e '$NONROOTPASSWD\n$NONROOTPASSWD\n' | passwd $NONROOTUSER"
+#pct exec $CLIENTID -- bash -c "echo -e '$NONROOTPASSWD\n$NONROOTPASSWD\n' | passwd $NONROOTUSER"
+pct exec $CLIENTID -- bash -c "echo '$NONROOTUSER:$NONROOTPASSWD' | chpasswd"
 
 # push dhcp settings to avoid routing over the ingress interface
 pct push $CLIENTID exc-client/dhclient.conf /etc/dhcp/dhclient.conf
diff --git a/exc-docker/init-script.sh b/exc-docker/init-script.sh
@@ -55,6 +55,7 @@ docker compose create
 # copy certificates to the docker cert volume
 docker cp /etc/certificates/${DOMAIN}/imap_fullchain.crt imap:/etc/ssl/certs/ssl-cert-imap.pem
 docker cp /etc/certificates/${DOMAIN}/imap.key imap:/etc/ssl/private/ssl-cert-imap.key
+docker cp /etc/certificates/${DOMAIN}/rootCA.crt imap:/etc/ssl/certs/rootCA.pem
 
 # bring up the mail server
 docker compose up -d
@@ -65,6 +66,7 @@ sleep 10
 # just fix the certificate location for postfix
 docker exec imap postconf -e smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-imap.pem
 docker exec imap postconf -e smtpd_tls_key_file=/etc/ssl/private/ssl-cert-imap.key 
+docker exec imap postconf -e smtp_tls_CApath=/etc/ssl/certs/rootCA.pem
 docker exec imap /etc/init.d/postfix reload
 
 # last but not least let's enable root ssh access with username and password.
