mail/config/user-patches.sh

#!/bin/sh

set -e

secret() {
    seed=$(cat /run/secrets/seed)
    printf "%s:%40s" "${seed}" "$*" | sha256sum | sed 's/[[:space:]].*//'
}

# Add local containers as trusted for postfix relaying.
add_mynetworks_hosts() {
    myhosts=
    for host in mailserver "$@"; do
        IP=$(host ${host} | sed -n 's/.*has address //p')
        myhosts="${myhosts} ${IP}/32"
    done
    postconf "mynetworks =${myhosts}"
}

# Create given users, requires a seed file for secret()
add_users_with_passwd() {
    for user in "$@"; do
        if [ ! -d /var/mail/${HOSTNAME#mail.}/${user} ]; then
            setup email add ${user}@${HOSTNAME#mail.} $(secret mail:${user})
        else
            setup email update ${user}@${HOSTNAME#mail.} $(secret mail:${user})
        fi
    done
}

{
    add_users_with_passwd gerrit keycloak

    # Restrict gerrit@ sending to local IP:
    if ! grep -q gerrit /tmp/docker-mailserver/user.access 2>/dev/null; then
        echo "gerrit@${HOSTNAME#mail.} gerrit_sender_check" >>/tmp/docker-mailserver/user.access
        postmap /tmp/docker-mailserver/user.access
    fi
    IP=$(host gerrit | sed -n 's/.*has address //p')
    echo "${IP} permit_sasl_authenticated"  >/tmp/docker-mailserver/gerrit-client.access
    postmap /tmp/docker-mailserver/gerrit-client.access
}