#!/bin/bash

# ================================
# Script installation serveur mail
# ================================

# Variables à modifier
DOMAIN="mon-domaine.com"
EMAIL_ADMIN="admin@mon-domaine.com"
MAIL_USER="usermail"

# Mise à jour du système
apt update && apt upgrade -y

# Installation des paquets nécessaires
apt install -y postfix dovecot-core dovecot-imapd dovecot-pop3d certbot python3-certbot-nginx mailutils ufw

# -------------------------------
# 1️⃣ Postfix configuration
# -------------------------------
debconf-set-selections <<< "postfix postfix/mailname string mail.$DOMAIN"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"

# Configuration principale Postfix
cat > /etc/postfix/main.cf <<EOL
myhostname = mail.$DOMAIN
mydomain = $DOMAIN
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = ipv4
mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain
home_mailbox = Maildir/
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.$DOMAIN/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.$DOMAIN/privkey.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
EOL

# Redémarrage Postfix
systemctl restart postfix

# -------------------------------
# 2️⃣ Dovecot configuration
# -------------------------------
cat > /etc/dovecot/dovecot.conf <<EOL
mail_location = maildir:~/Maildir
protocols = imap pop3
!include conf.d/*.conf
EOL

# SSL Dovecot
cat > /etc/dovecot/conf.d/10-ssl.conf <<EOL
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.$DOMAIN/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.$DOMAIN/privkey.pem
EOL

# Redémarrage Dovecot
systemctl restart dovecot

# -------------------------------
# 3️⃣ Créer l'utilisateur mail
# -------------------------------
adduser --disabled-password --gecos "" $MAIL_USER
mkdir -p /home/$MAIL_USER/Maildir
chown -R $MAIL_USER:$MAIL_USER /home/$MAIL_USER/Maildir
chmod -R 700 /home/$MAIL_USER/Maildir

# -------------------------------
# 4️⃣ Firewall (optionnel mais recommandé)
# -------------------------------
ufw allow OpenSSH
ufw allow 25
ufw allow 143
ufw allow 993
ufw enable

# -------------------------------
# 5️⃣ Obtenir SSL Let’s Encrypt
# -------------------------------
certbot certonly --standalone -d mail.$DOMAIN --email $EMAIL_ADMIN --agree-tos --non-interactive

# Redémarrage services après SSL
systemctl restart postfix dovecot

echo "Installation terminée !"
echo "Utilisateur mail créé : $MAIL_USER@$DOMAIN"
echo "Configure ton client mail avec IMAP/POP3 et SMTP sur mail.$DOMAIN"