LXC Container support

[nameduser0]

LXC Container support with a few other fixes:

• Adds a Platform Type question for Hardware vs LXC
• Adds prompt question for LXC pre-requisites
• Adds firewall question
• Moves platform specific setup into separate files
• Removes dss/dsa key support from build_sshfp_records() (caused an error on fresh install)
• Fixes bug in provision_certificates()
• Issues Let's Encrypt certificate for PRIMARY_HOSTNAME before setup exits
• Gives execute permissions on shell scripts

Needs more testing on existing installs - mine's fresh

[ddavness]

Hi! I feel that this PR is definitely aligned with the scope of the project as it literally makes it possible installing it on a wider range of machines and configurations. This said - I have some questions and concerns that need to be addressed first.

(Also, do you by any chance know or tried to test this on Docker as well? Given that I feel some folks may have stopped by asking for this before).

Regardless, thanks for this awesome work!

[nameduser0]

Okay I'll try to make this more generic and look into autodetection.

Never used docker sorry.

I figured if they were running in a container they're more likely to be a power user anyway.

The bug is described in the commit. Basically if you have a zone domain.com and a domain domain.com and your miab box is called miab.domain.com, the logic means the miab host name will be overwritten in the else clause due to the domain sort order and there being no leading dot in domain.com.

[nameduser0]

Ran into a problem with docker due to this error:

Updating system packages...
Installing system packages...
rm: cannot remove '/etc/resolv.conf': Device or resource busy

Described here:
https://stackoverflow.com/questions/60549775/device-or-resource-busy-when-i-try-move-etc-resolv-conf-in-ubuntu18-04-how

We're probably 90% of the way there though

[nameduser0]

I think this is worth another look now and a test if possible. A few additional tweaks:

• fix: management UI redirects to allow nginx to sit behind port forwarding and maintain the port
• feat: configurable HTTPS port (not a question, just change the configuration file and regenerate the nginx config)
• feat: regenerate nginx config from the command line
• feat: platform autodetection
• fix: rephrase questions, fix default logic
• fix: add migration to patch existing install configuration
• fix: add basic apt package requirement checks

[nameduser0]

Have changed the System status checks to look like this. If the service is running it's a warning, only if it isn't running at all is it an error. The first line is only displayed for an LXC container:

System

? The following checks try to connect to each service on your public IP, which may not work on your platform type.
✖ Public DNS (nsd4) is not running (port 53).
? Incoming Mail (SMTP/postfix) is running but is not publicly accessible at PUBLIC_IP:25.
? Outgoing Mail (SMTP 465/postfix) is running but is not publicly accessible at PUBLIC_IP:465.
? Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at PUBLIC_IP:587.
? IMAPS (dovecot) is running but is not publicly accessible at PUBLIC_IP:993.
? Mail Filters (Sieve/dovecot) is running but is not publicly accessible at PUBLIC_IP:4190.
? HTTP Web (nginx) is running but is not publicly accessible at PUBLIC_IP:80.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
? HTTPS Web (nginx) is running but is not publicly accessible at PUBLIC_IP:8443.
✓ SSH disallows password-based login.
✓ System software is up to date.

• You are running version Mail-in-a-Box v56.4. Mail-in-a-Box version check disabled by privacy setting.
  ✓ System administrator address exists as a mail alias. [[email protected] ↦ [email protected]]
  ? The disk has 1.33 GB space remaining.
  ✓ System memory is 30% free.

[casesolved-co-uk]

Any news on this?
(I changed my account btw)

[casesolved-co-uk]

There are still a few broken admin page links if the HTTPS port number is changed from 443. I'll fix if you're going to merge.

[casesolved-co-uk]

@ddavness I've rebased onto your latest changes. Are there any more issues with this?

[ddavness]

I'll review this later - as you can understand this is quite a bit of a change, so I'll take a further deep dive on it when I have a proper chunk of time :)