#!/usr/bin/env bash

# Author:   Zhang Huangbin (zhb _at_ iredmail.org)

#---------------------------------------------------------------------
# This file is part of iRedMail, which is an open source mail server
# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedMail is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedMail is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedMail.  If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------

export PROG_NAME='iRedMail'
export PROG_NAME_LOWERCASE='iredmail'
export PROG_VERSION='0.9.3'

export DATE="$(/bin/date +%Y.%m.%d.%H.%M.%S)"

# For perl and run-time locale setting.
export LC_ALL=C

# Debug mode: YES, NO.
export IREDMAIL_DEBUG="${IREDMAIL_DEBUG:=NO}"

# -----------------
# ---- Generic ----
# -----------------

# Maildir format: Maildir. Mbox format was deprecated since version 0.7.3.
export MAILBOX_FORMAT='Maildir'

# Maildir style: hashed, normal.
export MAILDIR_STYLE='hashed'

# Mailboxes will be stored under sub-directory ${STORAGE_NODE} of vmail user's
# home directory. e.g. home directory is /var/vmail, the mailboxes will be
# /var/vmail/vmail1.
export STORAGE_NODE='vmail1'

# Enabled backends.
export ENABLE_BACKEND_OPENLDAP='YES'
export ENABLE_BACKEND_MYSQL='YES'
export ENABLE_BACKEND_PGSQL='YES'
export ENABLE_BACKEND_MARIADB='NO'
# OpenBSD built-in LDAP daemon
export ENABLE_BACKEND_LDAPD='NO'

# For better distributed deployment
#
# IP address of localhost.
# Usually it's 127.0.0.1, but not in FreeBSD Jail.
export LOCAL_ADDRESS="${LOCAL_ADDRESS:=127.0.0.1}"

# Hostname or IP address used in MySQL GRANT command (allow remote access from
# this hostname/IP).
# Usually it's 'localhost', but not in FreeBSD Jail (use ${LOCAL_ADDRESS} or
# hostname of Jail instead).
if [ X"${LOCAL_ADDRESS}" == X'127.0.0.1' ]; then
    # Pre-define MYSQL_GRANT_HOST while running iRedMail to use a remote MySQL
    # server. For example:
    # MYSQL_GRANT_HOST='192.168.1.2' bash iRedMail.sh
    export MYSQL_GRANT_HOST="${MYSQL_GRANT_HOST:=localhost}"
else
    export MYSQL_GRANT_HOST="${LOCAL_ADDRESS}"
fi

# LDAP server
export LDAP_SERVER_HOST="${LDAP_SERVER_HOST:=${LOCAL_ADDRESS}}"
export LDAP_SERVER_PORT="${LDAP_SERVER_PORT:=389}"
# MySQL server
export MYSQL_SERVER_ADDRESS="${MYSQL_SERVER_ADDRESS:=${LOCAL_ADDRESS}}"
export MYSQL_SERVER_PORT="${MYSQL_SERVER_PORT:=3306}"
export MYSQL_ROOT_USER="${MYSQL_ROOT_USER:=root}"
# PGSQL server
export PGSQL_SERVER_ADDRESS="${PGSQL_SERVER_ADDRESS:=${LOCAL_ADDRESS}}"
export PGSQL_SERVER_PORT="${PGSQL_SERVER_PORT:=5432}"
# SQL databases we should backup
export MYSQL_BACKUP_DATABASES=''
export PGSQL_BACKUP_DATABASES=''

export USE_LOCAL_MYSQL_SERVER='YES'
if [ X"${MYSQL_SERVER_ADDRESS}" != X"${LOCAL_ADDRESS}" ]; then
    export USE_LOCAL_MYSQL_SERVER='NO'
fi

# Dovecot: POP3, IMAP, managesieve
export IMAP_SERVER="${LOCAL_ADDRESS}"
export MANAGESIEVE_BIND_HOST="${LOCAL_ADDRESS}"
export MANAGESIEVE_PORT='4190'
# SMTP server (Postfix)
export SMTP_SERVER="${LOCAL_ADDRESS}"
# Amavisd
export AMAVISD_SERVER="${LOCAL_ADDRESS}"
# ClamAV
export CLAMD_BIND_HOST="${LOCAL_ADDRESS}"
# iRedAPD
export IREDAPD_BIND_HOST="${LOCAL_ADDRESS}"
# Memcached
export MEMCACHED_BIND_HOST="${LOCAL_ADDRESS}"

# For managesieve service and software.
export USE_MANAGESIEVE='YES'    # Use managesieve service.

# vmail user/group name, uid and gid.
export VMAIL_USER_NAME='vmail'
export VMAIL_GROUP_NAME='vmail'

# Specify UID/GID for system accounts: vmail, iredadmin, iredapd.
# Required by cluster environment. e.g. GlusterFS.
export VMAIL_USER_UID='2000'
export VMAIL_USER_GID='2000'
export IREDADMIN_USER_UID='2001'
export IREDADMIN_USER_GID='2001'
export IREDAPD_DAEMON_USER_UID='2002'
export IREDAPD_DAEMON_USER_GID='2002'

# Default SQL database name used to store mail accounts.
export VMAIL_DB='vmail'
export VMAIL_DB_BIND_USER='vmail'
export VMAIL_DB_ADMIN_USER='vmailadmin'

# Default virtual domain admin name without domain name (@example.com).
export DOMAIN_ADMIN_NAME='postmaster'

# Tools.
export CONFIG_VIA_DIALOG="${DIALOG_DIR}/config_via_dialog.sh"
# Note: config file will be sourced in file 'conf/core', function 'check_env()'.
export IREDMAIL_CONFIG_FILE="${ROOTDIR}/config"
export TIP_FILE="${ROOTDIR}/${PROG_NAME}.tips"
export DOC_FILE="${ROOTDIR}/Documentations"
export RUNTIME_DIR="${ROOTDIR}/runtime"
export STATUS_FILE="${RUNTIME_DIR}/install.status"
export INSTALL_LOG="${RUNTIME_DIR}/install.log"
export PKG_INSTALL_LOG="${RUNTIME_DIR}/pkg.install.log"

# Output flag.
export _INFO_FLAG="[ INFO ]"
export _SKIP_FLAG="< SKIP >"
export _ERROR_FLAG="<< ERROR >>"
export _QUESTION_FLAG="< Question >"
export _BACKUP_FLAG=" + < Backup >"
export _DEBUG_FLAG=" + < DEBUG >"

export CONF_MSG="#
# File generated by ${PROG_NAME} (${DATE}):
#
# Version:  ${PROG_VERSION}
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#
"

# TERM.
if [ X"${TERM}" == X"" ]; then
    export TERM='xterm'
fi

# Logrotate configuration directory.
export LOGROTATE_DIR='/etc/logrotate.d'

# Kernel name, in upper cases.
export KERNEL_NAME="$(uname -s | tr '[a-z]' '[A-Z]')"

# Command used to genrate a random string.
# Usage: str="$(${RANDOM_STRING})"
export RANDOM_STRING='eval </dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &>/dev/null || head -c 30)'

# command: dialog.
export BIN_DIALOG="dialog"
export PKG_DIALOG="dialog"

# command: bzip2.
export BIN_BZIP2='bzip2'
export PKG_BZIP2='bzip2'

# Shells
export SHELL_NOLOGIN='/sbin/nologin'
export SHELL_BASH='/bin/bash'

# Check hardware architecture.
arch="$(uname -m)"
case $arch in
    i[3456]86) export OS_ARCH='i386' ;;
    x86_64|amd64) export OS_ARCH='x86_64' ;;
    armv6l|arm7l|armv7l)
        # Debian ARM platform and Raspberry Pi.
        export OS_ARCH='armhf' ;;
    *)
        echo "Your architecture is not supported yet: ${arch}."
        echo "Both i386 and x86_64 are supported by ${PROG_NAME}."
        exit 255
        ;;
esac

# Path to some programs
export PYTHON_BIN='python'
export PERL_BIN='/usr/bin/perl'

# Default password scheme for SQL backends.
# LDAP backend will use SSHA instead (defined in file
# dialog/config_via_dialog.sh), because many applications need to bind as user.
export DEFAULT_PASSWORD_SCHEME='SSHA512'

# Check distribution.
#   - DISTRO
#   - DISTRO_VERSION
#   - DISTRO_CODENAME
#
# UNSUPPORTED_RELEASE will be set to 'YES' if current Linux/BSD release is
# an old release and unsupported anymore.
export UNSUPPORTED_RELEASE='NO'

# Check whether it's Debian or Ubuntu.

# Detect distro name and release version.
if [ X"${KERNEL_NAME}" == X'LINUX' ]; then
    # Directory of RC scripts.
    export DIR_RC_SCRIPTS='/etc/init.d'

    if [ -f /etc/redhat-release ]; then
        # RHEL/CentOS
        export DISTRO='RHEL'

        # Get distribution version
        if grep '\ 6' /etc/redhat-release &>/dev/null; then
            # version 6.x
            export DISTRO_VERSION='6'
        elif grep '\ 7' /etc/redhat-release &>/dev/null; then
            # version 7.x
            export DISTRO_VERSION='7'
        else
            export UNSUPPORTED_RELEASE='YES'
        fi

        # Get distribution name as DISTRO_CODENAME
        if grep '^Red' /etc/redhat-release &>/dev/null; then
            # RHEL
            export DISTRO_CODENAME='rhel'
        elif grep '^CentOS' /etc/redhat-release &>/dev/null; then
            # CentOS
            export DISTRO_CODENAME='centos'
        elif grep '^Scientific' /etc/redhat-release &>/dev/null; then
            # Scientific Linux
            export DISTRO_CODENAME='scientific'
        else
            export UNSUPPORTED_RELEASE='YES'
        fi

    elif [ -f /etc/lsb-release ] && grep -i 'DISTRIB_ID=Ubuntu' /etc/lsb-release &>/dev/null; then
        # Ubuntu
        export DISTRO='UBUNTU'

        # Ubuntu version number and code name:
        #   - 14.04: trusty
        #   - 15.10: wily
        export DISTRO_ID="$(grep 'DISTRIB_ID' /etc/lsb-release | awk -F'=' '{print $2}')"
        export DISTRO_VERSION="$(grep 'DISTRIB_RELEASE' /etc/lsb-release | awk -F'=' '{print $2}')"
        export DISTRO_CODENAME="$(grep 'DISTRIB_CODENAME' /etc/lsb-release | awk -F'=' '{print $2}')"

        # Unsupported releases: 12.x, 13.x, 14.10, 15.04
        if echo "${DISTRO_VERSION}" | grep -E '^(12|13|14\.10|15\.04)' &>/dev/null ; then
            export UNSUPPORTED_RELEASE='YES'
        fi
    elif [ -f /etc/debian_version ]; then
        # Debian
        export DISTRO='DEBIAN'

        # Get major release version number
        export DISTRO_VERSION="$(cat /etc/debian_version)"

        # Set distro code name and unsupported releases.
        if grep '^7' /etc/debian_version &>/dev/null || \
            grep -i '^wheezy' /etc/debian_version &>/dev/null; then
            export DISTRO_VERSION='7'
            export DISTRO_CODENAME='wheezy'
        elif grep '^8' /etc/debian_version &>/dev/null || \
            grep -i '^jessie' /etc/debian_version &>/dev/null; then
            export DISTRO_VERSION='8'
            export DISTRO_CODENAME='jessie'
        else
            export UNSUPPORTED_RELEASE='YES'
        fi

        # Override settings.
        export SHELL_NOLOGIN='/usr/sbin/nologin'
    else
        export UNSUPPORTED_RELEASE='YES'
    fi
elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then
    export DISTRO='FREEBSD'
    export DISTRO_VERSION="$(uname -r |awk -F'[.-]' '{print $1}')"

    # Directory of RC scripts.
    export DIR_RC_SCRIPTS='/usr/local/etc/rc.d'

    export PYTHON_BIN='/usr/local/bin/python'
    export PERL_BIN='/usr/local/bin/perl'

    # Unsupported releases: 7, 8.
    if echo "${DISTRO_VERSION}" | grep '^[78]' &>/dev/null ; then
        export UNSUPPORTED_RELEASE='YES'
    fi

    export SHELL_BASH='/usr/local/bin/bash'

    # Default password scheme.
    export DEFAULT_PASSWORD_SCHEME='BCRYPT'

elif [ X"${KERNEL_NAME}" == X'OPENBSD' ]; then
    export DISTRO='OPENBSD'
    export DISTRO_VERSION="$(uname -r)"

    # Directory of RC scripts.
    export DIR_RC_SCRIPTS='/etc/rc.d'
    export RC_CONF_LOCAL='/etc/rc.conf.local'
    export SHELL_BASH='/usr/local/bin/bash'
    export PYTHON_BIN='/usr/local/bin/python'

    export RANDOM_STRING='eval echo $RANDOM | md5'

    # Unsupported release: 5.7 and earlier versions.
    if echo "${DISTRO_VERSION}" | grep '^5.[1234567]' &>/dev/null ; then
        export UNSUPPORTED_RELEASE='YES'
    fi

    # Default password scheme.
    export DEFAULT_PASSWORD_SCHEME='BCRYPT'

else
    # Not support *BSD and other distrobutions yet.
    echo "Error: Your OS is not supported yet."
    exit 255
fi

# Exit and prompt to use a supported Linux/BSD distribution
if [ X"${UNSUPPORTED_RELEASE}" == X'YES' ]; then
    cat <<EOF
********* ERROR *********
Release version of the operating system on this server is unsupported by
iRedMail, please access below link to get the latest iRedMail and a list
of supported Linux/BSD distributions and release versions.

http://www.iredmail.org/download.html

*************************
EOF

    exit 255
fi

# Hostname.
if [ X"${DISTRO}" == X'OPENBSD' ]; then
    export HOSTNAME="$(hostname)"
else
    export HOSTNAME="$(hostname -f)"
fi

# root user/group name. Note: not all OSes have group 'root'.
export SYS_ROOT_USER='root'
export SYS_ROOT_GROUP='root'

# postrotate command.
export SYSLOG_POSTROTATE_CMD=''

# Use systemd
export USE_SYSTEMD='NO'

# install_pkg: function used to install packages without confirm.
# remove_pkg: function used to remove packages without confirm.
# LIST_ALL_PKGS: command used to list all installed packages.
# LIST_FILES_IN_PKG: command used to list files installed by special package.
if [ X"${DISTRO}" == X'RHEL' ]; then
    # RHEL/CentOS.
    # Package management.
    if [ X"${YUM}" != X"" ]; then
        export YUM="${YUM}"
    else
        export YUM="yum -d 2"
    fi
    export install_pkg='install_pkg_rhel'
    export remove_pkg="remove_pkg_rhel"
    export LIST_ALL_PKGS='rpm -qa'
    export LIST_FILES_IN_PKG='rpm -ql'

    # Directory /etc/sysconfig/ on RHEL/CentOS.
    export ETC_SYSCONFIG_DIR='/etc/sysconfig'

    if [ X"${DISTRO_VERSION}" == X'6' ]; then
        ENABLE_BACKEND_MYSQL='YES'
        ENABLE_BACKEND_MARIADB='NO'

        # iptables rule file.
        export FIREWALL_RULE_CONF="${ETC_SYSCONFIG_DIR}/iptables"
    else
        export USE_SYSTEMD='YES'

        # No MySQL available since RHEL/CentOS 7.
        ENABLE_BACKEND_MYSQL='NO'
        ENABLE_BACKEND_MARIADB='YES'

        # iptables rule file.
        export USE_FIREWALLD='YES'
        export FIREWALLD_CONF_DIR='/etc/firewalld'
        export FIREWALLD_CONF='/etc/firewalld/firewalld.conf'
        export FIREWALL_RULE_CONF="${FIREWALLD_CONF_DIR}/zones/iredmail.xml"
    fi

    # Syslog config file: rsyslog.
    export SYSLOG_CONF='/etc/rsyslog.conf'
    export SYSLOG_POSTROTATE_CMD='/bin/kill -HUP $(cat /var/run/syslogd.pid 2>/dev/null) 2>/dev/null || true'

    # SSHD log file
    export SSHD_LOGFILE='/var/log/secure'

    # Crontab related.
    export CRON_SPOOL_DIR='/var/spool/cron'

    # Directory used to store SSL/TLS key/cert file.
    export SSL_FILE_DIR="/etc/pki/tls"

    # Yum repository related.
    export YUM_REPOS_DIR='/etc/yum.repos.d'
    export LOCAL_REPO_NAME="${PROG_NAME}"
    export LOCAL_REPO_FILE="${YUM_REPOS_DIR}/${LOCAL_REPO_NAME}.repo"

    # Override default value.
    export PKG_DIALOG="dialog"
    export PKG_BZIP2="bzip2"

elif [ X"${DISTRO}" == X'DEBIAN' -o X"${DISTRO}" == X'UBUNTU' ]; then
    # Ubuntu & Debian.
    export DEBIAN_FRONTEND='noninteractive'

    # Package management.
    if [ X"${APTGET}" != X"" ]; then
        export APTGET="${APTGET}"
    else
        export APTGET="apt-get"
    fi

    # Package management.
    export install_pkg='install_pkg_debian'
    export remove_pkg='remove_pkg_debian'
    export LIST_ALL_PKGS="dpkg -l |awk '{print $2}'"
    export LIST_FILES_IN_PKG='dpkg -L'

    if [ X"${DISTRO}" == X'DEBIAN' ]; then
        export SYSLOG_CONF='/etc/rsyslog.conf'
        export SYSLOG_POSTROTATE_CMD='invoke-rc.d rsyslog rotate > /dev/null'

        if [ X"${DISTRO_CODENAME}" == X'jessie' ]; then
            export USE_SYSTEMD='YES'
            export ENABLE_BACKEND_MARIADB='YES'
        fi
    elif [ X"${DISTRO}" == X'UBUNTU' ]; then
        # Syslog config: rsyslog.
        export SYSLOG_CONF='/etc/rsyslog.d/iredmail.conf'
        export SYSLOG_POSTROTATE_CMD='reload rsyslog &>/dev/null || true'

        # MariaDB support requires Ubuntu >= 14.04
        export ENABLE_BACKEND_MARIADB='YES'

        if [ X"${DISTRO_CODENAME}" == X'wily' ]; then
            export USE_SYSTEMD='YES'
        fi
    fi

    # SSHD log file
    export SSHD_LOGFILE='/var/log/auth.log'

    # Crontab related.
    export CRON_SPOOL_DIR='/var/spool/cron/crontabs'

    # Directory /etc/default/ on Debian/Ubuntu.
    export ETC_SYSCONFIG_DIR='/etc/default'

    # iptables rule file.
    export FIREWALL_RULE_CONF="${ETC_SYSCONFIG_DIR}/iptables"

    # Directory used to store SSL/TLS key/cert file.
    export SSL_FILE_DIR="/etc/ssl"

elif [ X"${DISTRO}" == X'FREEBSD' ]; then
    export SYS_ROOT_GROUP='wheel'

    # Package management.
    if [ X"${PKGADD}" != X"" ]; then
        export PKGADD="${PKGADD}"
    else
        export PKGADD="pkg_add"
    fi

    if [ X"${DISTRO_VERSION}" == X'9' ]; then
        export LIST_ALL_PKGS="pkg_info | awk '{print $1}'"
        export LIST_FILES_IN_PKG='pkg_info -L'
    else
        # use pkgng on FreeBSD 10 and later releases.
        export LIST_ALL_PKGS="pkg info | awk '{print $1}'"
        export LIST_FILES_IN_PKG='pkg query "%Fp"'
    fi

    # Enable MariaDB support.
    export ENABLE_BACKEND_MARIADB='YES'

    # Port directory
    export PORT_WRKDIRPREFIX='/usr/ports'

    # Syslog config: rsyslog.
    export SYSLOG_CONF='/etc/syslog.conf'

    # SSHD log file
    export SSHD_LOGFILE='/var/log/auth.log'

    # Crontab related.
    export CRON_SPOOL_DIR='/var/cron/tabs'

    export ETC_SYSCONFIG_DIR='/etc/defaults'
    export FREEBSD_MAKE_CONF='/etc/make.conf'

    # IPFW rule file.
    export FIREWALL_RULE_CONF="${ETC_SYSCONFIG_DIR}/ipfw.rules"

    # Directory used to store SSL/TLS key/cert file.
    export SSL_FILE_DIR="/etc/ssl"

    # Logrotate directory.
    export LOGROTATE_DIR="/usr/local/etc/logrotate.d"

elif [ X"${DISTRO}" == X'OPENBSD' ]; then
    export SYS_ROOT_GROUP='wheel'

    export ENABLE_BACKEND_LDAPD='YES'
    export ENABLE_BACKEND_MARIADB='YES'
    export ENABLE_BACKEND_MYSQL='NO'

    # Package management.
    if [ X"${PKG_PATH}" == X"" ]; then
        # Reference: http://www.openbsd.org/faq/faq15.html#Easy
        export PKG_PATH="ftp://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(machine -a)/"
    fi

    # Package management.
    export install_pkg='install_pkg_openbsd'
    export remove_pkg='pkg_delete'
    export LIST_ALL_PKGS="pkg_info -a | awk '{print $1}'"
    export LIST_FILES_IN_PKG='pkg_info -L'

    # Syslog config: rsyslog.
    export SYSLOG_CONF='/etc/syslog.conf'

    # SSHD log file
    export SSHD_LOGFILE='/var/log/authlog'

    # Crontab related.
    export CRON_SPOOL_DIR='/var/cron/tabs'

    # PF rule file.
    export FIREWALL_RULE_CONF="/etc/pf.conf"

    # Directory used to store SSL/TLS key/cert file.
    export SSL_FILE_DIR="/etc/ssl"
else
    # Not support yet.
    echo "Your distrobution is not supported yet."
    exit 255
fi

# Use a seperated directory to store iRedMail certs/keys.
if [ X"${DISTRO}" == X'OPENBSD' ]; then
    export SSL_CERT_DIR="${SSL_FILE_DIR}"
    export SSL_KEY_DIR="${SSL_FILE_DIR}"
else
    export SSL_CERT_DIR="${SSL_FILE_DIR}/certs"
    export SSL_KEY_DIR="${SSL_FILE_DIR}/private"
fi
# dhparam file required to fix 'The Logjam Attack'.
export SSL_DHPARAM_FILE="${SSL_FILE_DIR}/dhparams.pem"
export SSL_CIPHERS='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'

# SSL key.
export OPENSSL_CONF="${SSL_FILE_DIR}/openssl.cnf"
export SSL_CERT_FILE="${SSL_CERT_DIR}/iRedMail.crt"
export SSL_KEY_FILE="${SSL_KEY_DIR}/iRedMail.key"
export TLS_COUNTRY='CN'
export TLS_STATE='GuangDong'
export TLS_CITY='ShenZhen'
export TLS_COMPANY="${HOSTNAME}"
export TLS_DEPARTMENT='IT'
export TLS_HOSTNAME="${HOSTNAME}"
export TLS_ADMIN="root@${HOSTNAME}"

# Default SSL key size in bits
export SSL_KEY_SIZE='2048'
default_ssl_key_size="$(grep '^default_bits' ${OPENSSL_CONF} 2>/dev/null | awk -F'=' '{print $2}' | awk '{print $1}')"
if [ -z ${default_ssl_key_size} ]; then
    :
elif [ ${default_ssl_key_size} -ge ${SSL_KEY_SIZE} ]; then
    export SSL_KEY_SIZE="${default_ssl_key_size}"
fi

# Location of sshd_config
export SSHD_CONFIG='/etc/ssh/sshd_config'

# Command use to fetch source tarballs.
if [ X"${DISTRO}" == X'FREEBSD' -o X"${DISTRO}" == X'OPENBSD' ]; then
    # -i: Turns off interactive prompting during multiple file transfers.
    # -V: Disable verbose and progress
    FETCH_CMD='ftp -iV'
else
    # -c: Continue getting a partially-downloaded file.
    # -q: Turn off Wget's output.
    FETCH_CMD="wget -cq --timeout=30"
fi

# Where to fetch/store binary packages and source tarball.
export IREDMAIL_MIRROR="${IREDMAIL_MIRROR:=http://iredmail.org}"
