New cookbook: fb_cyrus (facebook#249)

Summary:
This cookbook manages Cyrus mail services (IMAP).

Signed-off-by: Phil Dibowitz <phil@ipom.com>

Pull Request resolved: facebook#249

Test Plan:
This
Imported from GitHub, without a `Test Plan:` line.

Differential Revision: D69054376

fbshipit-source-id: 85951f377e0759188da670b3fa02d1d0baa8a069

Author: jaymzh

cookbooks/fb_cyrus/.delivery/project.toml

@@ -0,0 +1,32 @@
+# Delivery for Local Phases Execution
+#
+# This file allows you to execute test phases locally on a workstation or
+# in a CI pipeline. The delivery-cli will read this file and execute the
+# command(s) that are configured for each phase. You can customize them
+# by just modifying the phase key on this file.
+#
+# By default these phases are configured for Cookbook Workflow only
+#
+
+[local_phases]
+unit = "echo skipping unit phase."
+lint = "chef exec cookstyle"
+# foodcritic has been deprecated in favor of cookstyle so we skip the syntax
+# phase now.
+syntax = "echo skipping syntax phase. Use lint phase instead."
+provision = "chef exec kitchen create"
+deploy = "chef exec kitchen converge"
+smoke = "chef exec kitchen verify"
+# The functional phase is optional, you can define it by uncommenting
+# the line below and running the command: `delivery local functional`
+# functional = ""
+cleanup = "chef exec kitchen destroy"
+
+# Remote project.toml file
+#
+# Instead of the local phases above, you may specify a remote URI location for
+# the `project.toml` file. This is useful for teams that wish to centrally
+# manage the behavior of the `delivery local` command across many different
+# projects.
+#
+# remote_file = "https://url/project.toml"

cookbooks/fb_cyrus/.gitignore

@@ -0,0 +1,25 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+kitchen.local.yml
+
+# Chef Infra
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json
+
+.idea/
+

cookbooks/fb_cyrus/README.md

@@ -0,0 +1,44 @@
+fb_cyrus Cookbook
+=================
+
+Requirements
+------------
+
+Attributes
+----------
+* node['fb_cyrus']['manage_packages']
+* node['fb_cyrus']['configs']['cyrus'][$SERVICE][$CONFIG]
+* node['fb_cyrus']['configs']['imapd'][$KEY]
+
+Usage
+-----
+
+### Packages
+
+This cookbook will install the necessary packages and keep them up-to-date.  If
+you don't want that, you can set `node['fb_cyrus']['manage_packages']` to
+`false`.
+
+Note that this cookbook only sets up the `imapd` services and thus only
+installs the core, administrative, and imap packages - it does not install or
+setup pop3 or nntp at this time.
+
+### Configuration
+
+The default configuration for cyrus.conf is in
+`node['fb_cyrus']['configs']['cyrus']`, and you can easily add to it. For
+example, to enable pop3, you could do:
+
+```ruby
+node.default['fb_cyrus']['configs']['cyrus']['SERVICES']['pops3'] = {
+  ...
+}
+```
+
+The configuration for imapd.conf is in `node['fb_cyrus']['configs']['imapd']`,
+and you can easily add your certificates with:
+
+```ruby
+node.default['fb_cyrus']['configs']['imapd']['tls_server_cert'] = '...'
+node.default['fb_cyrus']['configs']['imapd']['tls_server_key'] = '...'
+```

cookbooks/fb_cyrus/attributes/default.rb

@@ -0,0 +1,117 @@
+default['fb_cyrus'] = {
+  'manage_packages' => true,
+  'configs' => {
+    'cyrus' => {
+      'START' => {
+        'recover' => {
+          'cmd' => '/usr/sbin/cyrus ctl_cyrusdb -r',
+        },
+        'idled' => {
+          'cmd' => 'idled',
+        },
+        'delprune' => {
+          'cmd' => '/usr/sbin/cyrus expire -E 3',
+        },
+        'tlsprune' => {
+          'cmd' => '/usr/sbin/cyrus tls_prune',
+        },
+        'deleteprune' => {
+          'cmd' => '/usr/sbin/cyrus expire -E 4 -D 28',
+          'at' => '0430',
+        },
+        'expungeprune' => {
+          'cmd' => '/usr/sbin/cyrus expire -E 4 -X 28',
+          'at' => '0445',
+        },
+      },
+    'SERVICES' => {
+      # required for admin services, but force to listen
+      # on localhost
+      'imap' => {
+        'cmd' => 'imapd -U 30',
+        'listen' => 'localhost:imap',
+        'prefork' => 0,
+        'maxchild' => 100,
+      },
+      'imaps' => {
+        'cmd' => 'imapd -s -U 30',
+        'listen' => 'imaps',
+        'prefork' => 1,
+        'maxchild' => 100,
+      },
+      'lmtpunix' => {
+        'cmd' => 'lmtpd',
+        'listen' => '/run/cyrus/socket/lmtp',
+        'prefork' => 0,
+        'maxchild' => 20,
+      },
+      'sieve' => {
+        'cmd' => 'timsieved',
+        'listen' => 'localhost:sieve',
+        'prefork' => 0,
+        'maxchild' => 100,
+      },
+      'notify' => {
+        'cmd' => 'notifyd',
+        'listen' => '/run/cyrus/socket/notify',
+        'proto' => 'udp',
+        'prefork' => 1,
+      },
+    },
+    'EVENTS' => {
+      'checkpoint' => {
+        'cmd' => '/usr/sbin/cyrus ctl_cyrusdb -c',
+        'period' => 30,
+      },
+      'delprune' => {
+        'cmd' => '/usr/sbin/cyrus expire -E 3',
+        'at' => '0401',
+      },
+      'tlsprune' => {
+        'cmd' => '/usr/sbin/cyrus tls_prune',
+        'at' => '0401',
+      },
+      'squatter1' => {
+        'cmd' => '/usr/bin/ionice -c idle /usr/lib/cyrus/bin/squatter -i',
+        'period' => 120,
+      },
+      'squattera' => {
+        'cmd' => '/usr/lib/cyrus/bin/squatter',
+        'at' => '0517',
+      },
+    },
+    },
+    'imapd' => {
+      'configdirectory' => '/var/lib/cyrus',
+      'proc_path' => '/run/cyrus/proc',
+      'mboxname_lockpath' => '/run/cyrus/lock',
+      'defaultpartition' => 'default',
+      'partition-default' => '/var/spool/cyrus/mail',
+      'partition-news' => '/var/spool/cyrus/news',
+      'newsspool' => '/var/spool/news',
+      'altnamespace' => 'yes',
+      'unixhierarchysep' => 'no',
+      'lmtp_downcase_rcpt' => 'yes',
+      'admins' => 'cyrus',
+      'allowanonymouslogin' => 'no',
+      'popminpoll' => 0,
+      'autocreate_quota' => 0,
+      'umask' => '077',
+      'sieveusehomedir' => 'false',
+      'sievedir' => '/var/spool/sieve',
+      'httpmodules' => 'caldav carddav',
+      'hashimapspool' => 'true',
+      'allowplaintext' => 'no',
+      'sasl_pwcheck_method' => 'auxprop',
+      'sasl_auxprop_plugin' => 'sasldb',
+      'sasl_auto_transition' => 'no',
+      'tls_client_ca_dir' => '/etc/ssl/certs',
+      'tls_session_timeout' => 1440,
+      'lmtpsocket' => '/run/cyrus/socket/lmtp',
+      'idlesocket' => '/run/cyrus/socket/idle',
+      'notifysocket' => '/run/cyrus/socket/notify',
+      'syslog_prefix' => 'cyrus',
+      'debug' => 'yes',
+    },
+  },
+}

cookbooks/fb_cyrus/metadata.rb

@@ -0,0 +1,6 @@
+name 'fb_cyrus'
+maintainer 'Meta Platforms, Inc.'
+maintainer_email 'noreply@facebook.com'
+license 'Apache-2.0'
+description 'Manages Cyrus Mail Services'
+version '0.1.0'

cookbooks/fb_cyrus/recipes/default.rb

@@ -0,0 +1,50 @@
+#
+# Cookbook:: fb_cyrus
+# Recipe:: default
+#
+# Copyright (c) 2025-present, Facebook, Inc.
+# Copyright (c) 2025-present, Phil Dibowitz
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+packages = %w{
+  cyrus-admin
+  cyrus-clients
+  cyrus-imapd
+}
+
+package 'cyrus packages' do
+  only_if { node['fb_cyrus']['manage_packages'] }
+  package_name packages
+  action :upgrade
+end
+
+template '/etc/cyrus.conf' do
+  owner node.root_user
+  group node.root_group
+  mode '0644'
+  notifies :restart, 'service[cyrus-imapd]'
+end
+
+template '/etc/imapd.conf' do
+  owner node.root_user
+  group node.root_group
+  mode '0644'
+  notifies :restart, 'service[cyrus-imapd]'
+end
+
+service 'cyrus-imapd' do
+  action [:enable, :start]
+end

cookbooks/fb_cyrus/templates/cyrus.conf.erb

@@ -0,0 +1,8 @@
+# This file managed by Chef - do not modify!
+<% node['fb_cyrus']['configs']['cyrus'].each do |section, config| %>
+<%=  section.upcase %> {
+<%   config.each do |entry, options| %>
+    <%= entry %>  <%= options.map { |x, y| "#{x}=#{y.is_a?(Integer) ? y : "\"#{y}\""}" }.join(' ') %>
+<%   end %>
+}
+<% end %>

cookbooks/fb_cyrus/templates/imapd.conf.erb

@@ -0,0 +1,4 @@
+# This file is controlled by Chef - do not edit!
+<% node['fb_cyrus']['configs']['imapd'].each do |key, val| %>
+<%=  key %>: <%= val %>
+<% end %>