🔧 Update configuration files 🔧

Dockerfile .env.scripts README.md rootfs/root/docker/setup/05-custom.sh rootfs/usr/local/bin/blueonyx-env-config
2026-02-11 02:04:16 -05:00 · 2026-02-02 17:12:26 -05:00
parent a5316c77da
commit 614f2305c5
5 changed files with 1057 additions and 148 deletions
--- a/rootfs/root/docker/setup/05-custom.sh
+++ b/rootfs/root/docker/setup/05-custom.sh
@@ -1,14 +1,14 @@
 #!/usr/bin/env bash
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-##@Version           :  202409061236-git
+##@Version           :  202602021541-git
 # @@Author           :  CasjaysDev
 # @@Contact          :  CasjaysDev <docker-admin@casjaysdev.pro>
 # @@License          :  MIT
-# @@ReadME           :
-# @@Copyright        :  Copyright 2023 CasjaysDev
-# @@Created          :  Mon Aug 28 06:48:42 PM EDT 2023
+# @@ReadME           :  BlueOnyx 5212R installation for Docker/systemd
+# @@Copyright        :  Copyright 2026 CasjaysDev
+# @@Created          :  Sun Feb 02 03:41:00 PM EST 2026
 # @@File             :  05-custom.sh
-# @@Description      :  script to run custom
+# @@Description      :  Install and configure BlueOnyx 5212R control panel
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # shellcheck shell=bash
 # shellcheck disable=SC2016
@@ -24,15 +24,338 @@ set -o pipefail
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set env variables
 exitCode=0
+BLUEONYX_VERSION="${BLUEONYX_VERSION:-5212R}"
+BLUEONYX_HOSTNAME="${BLUEONYX_HOSTNAME:-blueonyx}"
+BLUEONYX_DOMAIN="${BLUEONYX_DOMAIN:-local}"

 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Predifined actions
+# Predefined actions
+
+echo "=========================================="
+echo "Installing BlueOnyx ${BLUEONYX_VERSION}"
+echo "=========================================="
+
+# Disable SELinux (required by BlueOnyx)
+echo "Disabling SELinux..."
+if [ -f /etc/selinux/config ]; then
+  sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
+  setenforce 0 2>/dev/null || true
+fi
+
+# Install BlueOnyx YUM repository
+echo "Installing BlueOnyx repository..."
+if ! dnf install -y http://devel.blueonyx.it/pub/${BLUEONYX_VERSION}.rpm; then
+  echo "ERROR: Failed to install BlueOnyx repository" >&2
+  exitCode=1
+  exit $exitCode
+fi
+
+# Install BlueOnyx and all dependencies (~900-1200 RPMs)
+echo "Installing BlueOnyx packages (this will take several minutes)..."
+if ! dnf groupinstall -y blueonyx; then
+  echo "ERROR: Failed to install BlueOnyx packages" >&2
+  exitCode=1
+  exit $exitCode
+fi
+
+echo "BlueOnyx packages installed successfully"
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Configure BlueOnyx for container environment
+
+echo "Configuring BlueOnyx for container environment..."
+
+# Create network configuration script wrapper (non-interactive)
+cat > /usr/local/bin/blueonyx-network-setup << 'NETSCRIPT'
+#!/usr/bin/env bash
+# Non-interactive network setup for BlueOnyx in containers
+
+HOSTNAME="${BLUEONYX_HOSTNAME:-blueonyx}"
+DOMAIN="${BLUEONYX_DOMAIN:-local}"
+FQDN="${HOSTNAME}.${DOMAIN}"
+
+# Set hostname
+hostnamectl set-hostname "$FQDN" 2>/dev/null || echo "$FQDN" > /etc/hostname
+
+# Update /etc/hosts
+if ! grep -q "$FQDN" /etc/hosts; then
+  echo "127.0.0.1   $FQDN $HOSTNAME localhost" > /etc/hosts
+  echo "::1         $FQDN $HOSTNAME localhost" >> /etc/hosts
+fi
+
+# Set server name in BlueOnyx config if CCEd is available
+if [ -x /usr/sausalito/sbin/cced ]; then
+  sleep 2
+  /usr/sausalito/bin/cceclient set System.hostname "$HOSTNAME" 2>/dev/null || true
+  /usr/sausalito/bin/cceclient set System.domainname "$DOMAIN" 2>/dev/null || true
+fi
+
+echo "Network configuration set: $FQDN"
+NETSCRIPT
+
+chmod +x /usr/local/bin/blueonyx-network-setup
+
+# Create systemd service for BlueOnyx network setup
+cat > /etc/systemd/system/blueonyx-network-setup.service << 'SYSTEMDNET'
+[Unit]
+Description=BlueOnyx Network Setup for Container
+After=network.target cced.service
+Before=httpd.service admserv.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/blueonyx-network-setup
+RemainAfterExit=yes
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+SYSTEMDNET
+
+# Initialize BlueOnyx services
+echo "Initializing BlueOnyx services..."
+if [ -x /usr/sausalito/scripts/initServices.sh ]; then
+  /usr/sausalito/scripts/initServices.sh || {
+    echo "WARNING: initServices.sh returned non-zero, continuing anyway..."
+  }
+else
+  echo "ERROR: initServices.sh not found" >&2
+  exitCode=1
+  exit $exitCode
+fi
+
+# Fix Apache configuration - load mod_authnz_external
+echo "Configuring Apache modules..."
+if [ -f /etc/httpd/conf.modules.d/10-auth_external.conf ]; then
+  echo "LoadModule authnz_external_module modules/mod_authnz_external.so" >> /etc/httpd/conf.modules.d/10-auth_external.conf
+fi
+
+# Generate Dovecot SSL certificates and DH parameters
+echo "Configuring Dovecot SSL..."
+mkdir -p /etc/pki/dovecot/certs /etc/pki/dovecot/private
+
+# Generate DH parameters (required for SSL)
+if [ ! -f /etc/dovecot/dh.pem ]; then
+  echo "Generating Dovecot DH parameters (this may take a few minutes)..."
+  openssl dhparam -out /etc/dovecot/dh.pem 2048 2>/dev/null || \
+    cp /usr/share/dovecot/dh.pem /etc/dovecot/dh.pem 2>/dev/null || \
+    echo "Warning: Could not generate DH parameters"
+fi
+
+# Generate self-signed CA and certificates if they don't exist
+if [ ! -f /etc/pki/dovecot/certs/ca.pem ]; then
+  echo "Generating Dovecot CA and certificates..."
+  # Generate CA
+  openssl req -new -x509 -days 3650 -nodes \
+    -out /etc/pki/dovecot/certs/ca.pem \
+    -keyout /etc/pki/dovecot/private/ca-key.pem \
+    -subj "/C=US/ST=State/L=City/O=BlueOnyx/OU=IT/CN=Dovecot CA" 2>/dev/null || true
+  
+  # Generate server certificate
+  openssl req -new -nodes \
+    -out /etc/pki/dovecot/certs/dovecot.csr \
+    -keyout /etc/pki/dovecot/private/dovecot.key \
+    -subj "/C=US/ST=State/L=City/O=BlueOnyx/OU=IT/CN=localhost" 2>/dev/null || true
+  
+  openssl x509 -req -in /etc/pki/dovecot/certs/dovecot.csr \
+    -CA /etc/pki/dovecot/certs/ca.pem \
+    -CAkey /etc/pki/dovecot/private/ca-key.pem \
+    -CAcreateserial -days 3650 \
+    -out /etc/pki/dovecot/certs/dovecot.pem 2>/dev/null || true
+  
+  # Create symlink for private key (Dovecot config expects dovecot.pem)
+  ln -sf dovecot.key /etc/pki/dovecot/private/dovecot.pem 2>/dev/null || true
+  
+  # Set permissions
+  chmod 600 /etc/pki/dovecot/private/* 2>/dev/null || true
+  chmod 644 /etc/pki/dovecot/certs/* 2>/dev/null || true
+fi
+
+# Enable BlueOnyx services
+echo "Enabling BlueOnyx systemd services..."
+systemctl enable cced.service 2>/dev/null || true
+systemctl enable admserv.service 2>/dev/null || true
+systemctl enable httpd.service 2>/dev/null || true
+systemctl enable mysqld.service 2>/dev/null || true
+systemctl enable named.service 2>/dev/null || true
+systemctl enable dovecot.service 2>/dev/null || true
+systemctl enable postfix.service 2>/dev/null || true
+systemctl enable proftpd.service 2>/dev/null || true
+systemctl enable valkey.service 2>/dev/null || true
+systemctl enable blueonyx-network-setup.service 2>/dev/null || true
+
+# Create startup info script
+cat > /usr/local/bin/blueonyx-info << 'INFOEOF'
+#!/usr/bin/env bash
+# Display BlueOnyx access information
+
+HOSTNAME=$(hostname -f 2>/dev/null || hostname)
+IP_ADDR=$(hostname -I 2>/dev/null | awk '{print $1}')
+
+cat << INFO
+
+========================================
+BlueOnyx Control Panel Ready
+========================================
+
+Web Interface (HTTPS):
+  https://${IP_ADDR}:444/
+  https://${HOSTNAME}:444/
+
+Admin Login:
+  Username: admin
+  Password: (set on first login)
+
+Root SSH Access:
+  Username: root
+  Password: blueonyx
+
+Services Status:
+  CCEd:       $(systemctl is-active cced 2>/dev/null || echo "unknown")
+  AdmServ:    $(systemctl is-active admserv 2>/dev/null || echo "unknown")
+  Apache:     $(systemctl is-active httpd 2>/dev/null || echo "unknown")
+  MySQL:      $(systemctl is-active mysqld 2>/dev/null || echo "unknown")
+
+========================================
+
+For more info: https://www.blueonyx.it/
+
+INFO
+INFOEOF
+
+chmod +x /usr/local/bin/blueonyx-info
+
+# Create container startup wrapper
+cat > /usr/local/bin/blueonyx-startup << 'STARTEOF'
+#!/usr/bin/env bash
+# BlueOnyx container startup tasks
+
+# Wait for key services to be ready (systemctl is-system-running may never return "running" in containers)
+echo "Waiting for core services to start..."
+timeout=120
+count=0
+while [ $count -lt $timeout ]; do
+  # Check if cced.init is active (most important service)
+  if systemctl is-active --quiet cced.init 2>/dev/null; then
+    echo "CCEd is active, proceeding with configuration..."
+    sleep 2  # Give it a moment to fully initialize
+    break
+  fi
+  sleep 1
+  count=$((count + 1))
+done
+
+if [ $count -ge $timeout ]; then
+  echo "WARNING: CCEd did not start within timeout, continuing anyway..."
+fi
+
+# Run network setup
+/usr/local/bin/blueonyx-network-setup
+
+# Apply environment variable configuration
+/usr/local/bin/blueonyx-env-config
+
+# Display info
+/usr/local/bin/blueonyx-info
+STARTEOF
+
+chmod +x /usr/local/bin/blueonyx-startup
+
+# Create systemd service to run startup tasks
+cat > /etc/systemd/system/blueonyx-startup.service << 'SYSTEMDSTART'
+[Unit]
+Description=BlueOnyx Container Startup Tasks
+After=multi-user.target cced.init.service admserv.service mariadb.service
+Wants=cced.init.service admserv.service mariadb.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/bin/blueonyx-startup
+StandardOutput=journal+console
+StandardError=journal+console
+TimeoutStartSec=300
+
+[Install]
+WantedBy=multi-user.target
+SYSTEMDSTART
+
+systemctl enable blueonyx-startup.service 2>/dev/null || true
+
+# Create persistent data directories
+mkdir -p /data/db/mariadb
+mkdir -p /data/db/valkey
+mkdir -p /data/home
+mkdir -p /data/www
+mkdir -p /data/mail
+mkdir -p /data/dns
+mkdir -p /config/blueonyx
+mkdir -p /config/mariadb
+mkdir -p /config/apache
+mkdir -p /config/nginx
+mkdir -p /config/postfix
+mkdir -p /config/dovecot
+mkdir -p /config/bind
+mkdir -p /config/proftpd
+mkdir -p /config/ssl/certs
+mkdir -p /config/ssl/private
+mkdir -p /logs
+
+# Create volume mount info
+cat > /usr/local/share/template-files/config/README-volumes.txt << 'VOLEOF'
+BlueOnyx Container Volumes
+==========================
+
+Required volumes for persistent data:
+
+/data/db/mariadb  - MariaDB/MySQL databases
+/data/db/valkey   - Valkey (Redis) data
+/data/home        - User home directories
+/data/www         - Web hosting files
+/data/mail        - Mail data (Dovecot)
+/data/dns         - BIND DNS zone files
+/config/blueonyx  - BlueOnyx configuration
+/config/mariadb   - MariaDB configuration
+/config/apache    - Apache configuration
+/config/nginx     - Nginx configuration
+/config/postfix   - Postfix configuration
+/config/dovecot   - Dovecot configuration
+/config/bind      - BIND configuration
+/config/proftpd   - ProFTPD configuration
+/config/ssl       - SSL/TLS certificates (self-signed and Let's Encrypt)
+  ├── certs/      - Certificate files
+  ├── private/    - Private keys
+  └── letsencrypt/ - Let's Encrypt certificates
+/logs             - All service logs
+  └── letsencrypt/ - Certbot logs
+
+Example docker run:
+  -v blueonyx-data:/data
+  -v blueonyx-config:/config
+  -v blueonyx-logs:/logs
+
+VOLEOF

 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Main script

+echo ""
+echo "=========================================="
+echo "BlueOnyx ${BLUEONYX_VERSION} installation complete!"
+echo "=========================================="
+echo ""
+echo "IMPORTANT: This container requires:"
+echo "  - Privileged mode: --privileged"
+echo "  - Cgroup access: -v /sys/fs/cgroup:/sys/fs/cgroup:rw"
+echo "  - Port mapping: -p 444:444 -p 81:81"
+echo ""
+echo "On first start, admin user will be created."
+echo "Access the web interface at https://IP:444/"
+echo ""
+
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Set the exit code
-exitCode=$?
+# exitCode is already set above on errors
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 exit $exitCode
--- a/rootfs/usr/local/bin/blueonyx-env-config
+++ b/rootfs/usr/local/bin/blueonyx-env-config
@@ -0,0 +1,334 @@
+#!/usr/bin/env bash
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+##@Version           :  202602021746-git
+# @@Author           :  CasjaysDev
+# @@Contact          :  CasjaysDev <docker-admin@casjaysdev.pro>
+# @@License          :  MIT
+# @@Copyright        :  Copyright 2026 CasjaysDev
+# @@File             :  blueonyx-env-config
+# @@Description      :  BlueOnyx environment variable configuration handler
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Apply all environment variable configurations to BlueOnyx at runtime
+set -e
+
+# Wait for CCEd to be ready (check for cced.init service, not cceclient)
+wait_for_cced() {
+  local timeout=120
+  local count=0
+  
+  # Wait for cced.init service to be active
+  while [ $count -lt $timeout ]; do
+    if systemctl is-active --quiet cced.init 2>/dev/null; then
+      # Give it a few extra seconds to fully initialize
+      sleep 3
+      return 0
+    fi
+    sleep 1
+    count=$((count + 1))
+  done
+  
+  echo "WARNING: CCEd not ready after ${timeout}s, continuing anyway..." >&2
+  return 1
+}
+
+# Get Docker gateway IP for default relay
+get_docker_gateway() {
+  ip route | grep default | awk '{print $3}' | head -1
+}
+
+echo "Configuring BlueOnyx from environment variables..."
+
+# Network Configuration
+BLUEONYX_HOSTNAME="${BLUEONYX_HOSTNAME:-blueonyx}"
+BLUEONYX_DOMAIN="${BLUEONYX_DOMAIN:-local}"
+BLUEONYX_IPV4="${BLUEONYX_IPV4:-$(hostname -I 2>/dev/null | awk '{print $1}')}"
+BLUEONYX_IPV6="${BLUEONYX_IPV6:-}"
+BLUEONYX_GATEWAY="${BLUEONYX_GATEWAY:-$(get_docker_gateway)}"
+BLUEONYX_NAMESERVER="${BLUEONYX_NAMESERVER:-8.8.8.8}"
+
+# Admin Configuration
+BLUEONYX_ADMIN_USER="${BLUEONYX_ADMIN_USER:-admin}"
+BLUEONYX_ADMIN_PASS="${BLUEONYX_ADMIN_PASS:-}"
+BLUEONYX_ADMIN_EMAIL="${BLUEONYX_ADMIN_EMAIL:-admin@${BLUEONYX_DOMAIN}}"
+
+# Mail Configuration
+BLUEONYX_MTA="${BLUEONYX_MTA:-postfix}"
+BLUEONYX_POSTFIX_MODE="${BLUEONYX_POSTFIX_MODE:-satellite}"
+BLUEONYX_POSTFIX_RELAY="${BLUEONYX_POSTFIX_RELAY:-$(get_docker_gateway)}"
+BLUEONYX_POSTFIX_RELAY_PORT="${BLUEONYX_POSTFIX_RELAY_PORT:-25}"
+BLUEONYX_POSTFIX_RELAY_USER="${BLUEONYX_POSTFIX_RELAY_USER:-}"
+BLUEONYX_POSTFIX_RELAY_PASS="${BLUEONYX_POSTFIX_RELAY_PASS:-}"
+BLUEONYX_MAIL_RELAY="${BLUEONYX_MAIL_RELAY:-${BLUEONYX_POSTFIX_RELAY}}"
+BLUEONYX_MAIL_RELAY_PORT="${BLUEONYX_MAIL_RELAY_PORT:-${BLUEONYX_POSTFIX_RELAY_PORT}}"
+BLUEONYX_ENABLE_SPAM_FILTER="${BLUEONYX_ENABLE_SPAM_FILTER:-yes}"
+BLUEONYX_ENABLE_ANTIVIRUS="${BLUEONYX_ENABLE_ANTIVIRUS:-yes}"
+BLUEONYX_ENABLE_DKIM="${BLUEONYX_ENABLE_DKIM:-yes}"
+BLUEONYX_ENABLE_DOVECOT="${BLUEONYX_ENABLE_DOVECOT:-yes}"
+
+# Database Configuration
+BLUEONYX_DB_TYPE="${BLUEONYX_DB_TYPE:-mariadb}"
+BLUEONYX_DB_ROOT_PASS="${BLUEONYX_DB_ROOT_PASS:-}"
+BLUEONYX_ENABLE_POSTGRES="${BLUEONYX_ENABLE_POSTGRES:-no}"
+
+# Valkey/Redis Configuration
+BLUEONYX_ENABLE_VALKEY="${BLUEONYX_ENABLE_VALKEY:-yes}"
+BLUEONYX_VALKEY_PORT="${BLUEONYX_VALKEY_PORT:-6379}"
+BLUEONYX_VALKEY_MAXMEM="${BLUEONYX_VALKEY_MAXMEM:-256mb}"
+
+# Web Server Configuration
+BLUEONYX_WEB_PROXY="${BLUEONYX_WEB_PROXY:-nginx}"
+BLUEONYX_HTTP2_ENABLED="${BLUEONYX_HTTP2_ENABLED:-yes}"
+BLUEONYX_TLS_VERSION="${BLUEONYX_TLS_VERSION:-1.3}"
+BLUEONYX_ENABLE_SSL="${BLUEONYX_ENABLE_SSL:-yes}"
+BLUEONYX_SSL_TYPE="${BLUEONYX_SSL_TYPE:-selfsigned}"
+
+# Certbot/Let's Encrypt Configuration
+BLUEONYX_CERTBOT_ENABLED="${BLUEONYX_CERTBOT_ENABLED:-no}"
+BLUEONYX_CERTBOT_EMAIL="${BLUEONYX_CERTBOT_EMAIL:-${BLUEONYX_ADMIN_EMAIL}}"
+BLUEONYX_CERTBOT_DOMAINS="${BLUEONYX_CERTBOT_DOMAINS:-}"
+BLUEONYX_CERTBOT_WEBROOT="${BLUEONYX_CERTBOT_WEBROOT:-/var/www/html}"
+
+# DNS Configuration
+BLUEONYX_ENABLE_DNS="${BLUEONYX_ENABLE_DNS:-yes}"
+BLUEONYX_DNS_FORWARDERS="${BLUEONYX_DNS_FORWARDERS:-8.8.8.8 8.8.4.4}"
+
+# FTP Configuration
+BLUEONYX_ENABLE_FTP="${BLUEONYX_ENABLE_FTP:-yes}"
+BLUEONYX_FTP_PASSIVE_PORTS="${BLUEONYX_FTP_PASSIVE_PORTS:-30000-30100}"
+
+# Virtual Hosts (comma-separated list: domain1.com,domain2.com)
+BLUEONYX_VHOSTS="${BLUEONYX_VHOSTS:-}"
+
+# Feature Toggles
+BLUEONYX_ENABLE_CALDAV="${BLUEONYX_ENABLE_CALDAV:-yes}"
+BLUEONYX_ENABLE_DOCKER="${BLUEONYX_ENABLE_DOCKER:-yes}"
+BLUEONYX_ENABLE_WEBALIZER="${BLUEONYX_ENABLE_WEBALIZER:-yes}"
+
+# Wait for CCEd
+if wait_for_cced; then
+  echo "CCEd is ready, applying configuration..."
+  
+  # Note: CCEd client commands may not work in initial boot, so we configure files directly
+  # This ensures configuration happens even if cceclient is unavailable
+  
+  # Generate passwords if not provided
+  if [ -z "$BLUEONYX_ADMIN_PASS" ]; then
+    BLUEONYX_ADMIN_PASS="$(openssl rand -base64 16)"
+    echo "Generated admin password: $BLUEONYX_ADMIN_PASS" > /data/ADMIN_PASSWORD.txt
+    chmod 600 /data/ADMIN_PASSWORD.txt
+    echo "Admin password saved to: /data/ADMIN_PASSWORD.txt"
+  fi
+  
+  if [ -z "$BLUEONYX_DB_ROOT_PASS" ]; then
+    BLUEONYX_DB_ROOT_PASS="$(openssl rand -base64 16)"
+    echo "Generated MySQL root password: $BLUEONYX_DB_ROOT_PASS" > /data/MYSQL_ROOT_PASSWORD.txt
+    chmod 600 /data/MYSQL_ROOT_PASSWORD.txt
+    echo "MySQL root password saved to: /data/MYSQL_ROOT_PASSWORD.txt"
+  fi
+  
+  # Configure MySQL root password if MySQL is running
+  if systemctl is-active mysqld >/dev/null 2>&1 || systemctl is-active mariadb >/dev/null 2>&1; then
+    mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${BLUEONYX_DB_ROOT_PASS}';" 2>/dev/null || true
+  fi
+  
+  # Configure admin user
+  if id "$BLUEONYX_ADMIN_USER" >/dev/null 2>&1; then
+    echo "$BLUEONYX_ADMIN_USER:$BLUEONYX_ADMIN_PASS" | chpasswd 2>/dev/null || true
+  fi
+  
+  # Configure Postfix (satellite mode by default)
+  if [ -f /etc/postfix/main.cf ]; then
+    echo "Configuring Postfix in ${BLUEONYX_POSTFIX_MODE} mode..."
+    
+    if [ "$BLUEONYX_POSTFIX_MODE" = "satellite" ]; then
+      postconf -e "relayhost = [${BLUEONYX_POSTFIX_RELAY}]:${BLUEONYX_POSTFIX_RELAY_PORT}"
+      postconf -e "inet_interfaces = loopback-only"
+      postconf -e "mydestination = localhost"
+      
+      # Configure SASL auth if credentials provided
+      if [ -n "$BLUEONYX_POSTFIX_RELAY_USER" ] && [ -n "$BLUEONYX_POSTFIX_RELAY_PASS" ]; then
+        echo "[${BLUEONYX_POSTFIX_RELAY}]:${BLUEONYX_POSTFIX_RELAY_PORT} ${BLUEONYX_POSTFIX_RELAY_USER}:${BLUEONYX_POSTFIX_RELAY_PASS}" > /etc/postfix/sasl_passwd
+        postmap /etc/postfix/sasl_passwd
+        chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
+        postconf -e "smtp_sasl_auth_enable = yes"
+        postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
+        postconf -e "smtp_sasl_security_options = noanonymous"
+        postconf -e "smtp_tls_security_level = may"
+      fi
+    fi
+    
+    systemctl reload postfix 2>/dev/null || true
+  fi
+  
+  # Configure Dovecot SSL certificates
+  if [ "$BLUEONYX_ENABLE_DOVECOT" = "yes" ] && [ ! -f /config/ssl/certs/dovecot.pem ]; then
+    echo "Generating self-signed SSL certificates for Dovecot..."
+    mkdir -p /config/ssl/certs /config/ssl/private
+    
+    openssl req -new -x509 -days 3650 -nodes \
+      -out /config/ssl/certs/dovecot.pem \
+      -keyout /config/ssl/private/dovecot.key \
+      -subj "/C=US/ST=State/L=City/O=BlueOnyx/OU=Mail/CN=${BLUEONYX_HOSTNAME}.${BLUEONYX_DOMAIN}" 2>/dev/null || true
+    
+    chmod 644 /config/ssl/certs/dovecot.pem
+    chmod 600 /config/ssl/private/dovecot.key
+    
+    # Update Dovecot to use /config/ssl certificates
+    if [ -f /etc/dovecot/conf.d/10-ssl.conf ]; then
+      sed -i "s|ssl_cert = .*|ssl_cert = </config/ssl/certs/dovecot.pem|" /etc/dovecot/conf.d/10-ssl.conf
+      sed -i "s|ssl_key = .*|ssl_key = </config/ssl/private/dovecot.key|" /etc/dovecot/conf.d/10-ssl.conf
+      sed -i "s|ssl_ca = .*|#ssl_ca = |" /etc/dovecot/conf.d/10-ssl.conf
+    fi
+    
+    systemctl enable dovecot 2>/dev/null || true
+    systemctl restart dovecot 2>/dev/null || true
+  fi
+  
+  # Configure Valkey/Redis
+  if [ "$BLUEONYX_ENABLE_VALKEY" = "yes" ]; then
+    if [ -f /etc/valkey/valkey.conf ]; then
+      echo "Configuring Valkey..."
+      sed -i "s/^port .*/port ${BLUEONYX_VALKEY_PORT}/" /etc/valkey/valkey.conf
+      sed -i "s/^# maxmemory .*/maxmemory ${BLUEONYX_VALKEY_MAXMEM}/" /etc/valkey/valkey.conf
+      sed -i "s/^# maxmemory-policy .*/maxmemory-policy allkeys-lru/" /etc/valkey/valkey.conf
+      systemctl enable valkey 2>/dev/null || true
+      systemctl restart valkey 2>/dev/null || true
+    fi
+  else
+    systemctl disable valkey 2>/dev/null || true
+    systemctl stop valkey 2>/dev/null || true
+  fi
+  
+  # Configure Certbot for Let's Encrypt
+  if [ "$BLUEONYX_CERTBOT_ENABLED" = "yes" ] && [ -n "$BLUEONYX_CERTBOT_DOMAINS" ]; then
+    echo "Setting up Certbot for Let's Encrypt..."
+    
+    # Split comma-separated domains
+    IFS=',' read -ra DOMAINS <<< "$BLUEONYX_CERTBOT_DOMAINS"
+    DOMAIN_ARGS=""
+    for domain in "${DOMAINS[@]}"; do
+      domain=$(echo "$domain" | xargs) # trim whitespace
+      DOMAIN_ARGS="$DOMAIN_ARGS -d $domain"
+    done
+    
+    # Request certificates (webroot mode) - store in /config/ssl
+    certbot certonly --webroot -w "$BLUEONYX_CERTBOT_WEBROOT" \
+      $DOMAIN_ARGS \
+      --email "$BLUEONYX_CERTBOT_EMAIL" \
+      --agree-tos --non-interactive \
+      --keep-until-expiring \
+      --config-dir /config/ssl/letsencrypt \
+      --work-dir /var/lib/letsencrypt \
+      --logs-dir /logs/letsencrypt 2>/dev/null || {
+      echo "WARNING: Certbot certificate request failed, continuing with self-signed"
+    }
+    
+    # Set up auto-renewal cron
+    echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q --config-dir /config/ssl/letsencrypt --work-dir /var/lib/letsencrypt --logs-dir /logs/letsencrypt" > /etc/cron.d/certbot-renew
+  fi
+  
+  # Process Virtual Hosts
+  if [ -n "$BLUEONYX_VHOSTS" ]; then
+    echo "Configuring virtual hosts..."
+    IFS=',' read -ra VHOSTS <<< "$BLUEONYX_VHOSTS"
+    for vhost in "${VHOSTS[@]}"; do
+      vhost=$(echo "$vhost" | xargs) # trim whitespace
+      if [ -n "$vhost" ]; then
+        echo "  - Creating vhost: $vhost"
+        
+        # Create document root
+        mkdir -p "/var/www/vhosts/$vhost/httpdocs"
+        mkdir -p "/var/www/vhosts/$vhost/logs"
+        
+        # Create basic index.html
+        if [ ! -f "/var/www/vhosts/$vhost/httpdocs/index.html" ]; then
+          cat > "/var/www/vhosts/$vhost/httpdocs/index.html" << VHOSTHTML
+<!DOCTYPE html>
+<html>
+<head><title>$vhost</title></head>
+<body>
+<h1>Welcome to $vhost</h1>
+<p>This site is hosted on BlueOnyx.</p>
+</body>
+</html>
+VHOSTHTML
+        fi
+        
+        # Set permissions
+        chown -R apache:apache "/var/www/vhosts/$vhost" 2>/dev/null || true
+        
+        # Create Apache vhost config
+        cat > "/etc/httpd/conf.d/vhost_${vhost}.conf" << VHOSTCONF
+<VirtualHost *:80>
+    ServerName ${vhost}
+    DocumentRoot /var/www/vhosts/${vhost}/httpdocs
+    
+    <Directory /var/www/vhosts/${vhost}/httpdocs>
+        AllowOverride All
+        Require all granted
+    </Directory>
+    
+    ErrorLog /var/www/vhosts/${vhost}/logs/error_log
+    CustomLog /var/www/vhosts/${vhost}/logs/access_log combined
+</VirtualHost>
+VHOSTCONF
+      fi
+    done
+    
+    # Reload Apache
+    systemctl reload httpd 2>/dev/null || true
+  fi
+  
+  # Enable/disable remaining services
+  [ "$BLUEONYX_ENABLE_DNS" = "yes" ] && systemctl enable named 2>/dev/null || systemctl disable named 2>/dev/null
+  [ "$BLUEONYX_ENABLE_FTP" = "yes" ] && systemctl enable proftpd 2>/dev/null || systemctl disable proftpd 2>/dev/null
+  [ "$BLUEONYX_ENABLE_SPAM_FILTER" = "yes" ] && systemctl enable spamassassin 2>/dev/null || true
+  [ "$BLUEONYX_ENABLE_ANTIVIRUS" = "yes" ] && systemctl enable clamd@scan 2>/dev/null || true
+  
+  # Configure FTP passive ports
+  if [ -f /etc/proftpd.conf ] && [ "$BLUEONYX_ENABLE_FTP" = "yes" ]; then
+    if ! grep -q "PassivePorts" /etc/proftpd.conf; then
+      echo "PassivePorts $BLUEONYX_FTP_PASSIVE_PORTS" >> /etc/proftpd.conf
+      systemctl reload proftpd 2>/dev/null || true
+    fi
+  fi
+  
+  # Configure DNS forwarders
+  if [ -f /etc/named.conf ] && [ "$BLUEONYX_ENABLE_DNS" = "yes" ]; then
+    if ! grep -q "forwarders" /etc/named.conf; then
+      sed -i "/options {/a \        forwarders { $(echo $BLUEONYX_DNS_FORWARDERS | sed 's/ /; /g'); };" /etc/named.conf
+      systemctl reload named 2>/dev/null || true
+    fi
+  fi
+  
+  echo ""
+  echo "============================================"
+  echo "BlueOnyx Configuration Complete!"
+  echo "============================================"
+  echo ""
+  echo "System Configuration:"
+  echo "  Hostname: $BLUEONYX_HOSTNAME.$BLUEONYX_DOMAIN"
+  echo "  Admin User: $BLUEONYX_ADMIN_USER"
+  echo "  Admin Email: $BLUEONYX_ADMIN_EMAIL"
+  echo "  IPv4: $BLUEONYX_IPV4"
+  echo ""
+  echo "Services:"
+  echo "  Postfix Mode: $BLUEONYX_POSTFIX_MODE"
+  echo "  Postfix Relay: $BLUEONYX_POSTFIX_RELAY:$BLUEONYX_POSTFIX_RELAY_PORT"
+  echo "  DNS: $([ "$BLUEONYX_ENABLE_DNS" = "yes" ] && echo "Enabled" || echo "Disabled")"
+  echo "  FTP: $([ "$BLUEONYX_ENABLE_FTP" = "yes" ] && echo "Enabled" || echo "Disabled")"
+  echo "  Valkey: $([ "$BLUEONYX_ENABLE_VALKEY" = "yes" ] && echo "Enabled (port $BLUEONYX_VALKEY_PORT)" || echo "Disabled")"
+  echo "  Dovecot: $([ "$BLUEONYX_ENABLE_DOVECOT" = "yes" ] && echo "Enabled" || echo "Disabled")"
+  echo "  Certbot: $([ "$BLUEONYX_CERTBOT_ENABLED" = "yes" ] && echo "Enabled" || echo "Disabled")"
+  echo ""
+  if [ -n "$BLUEONYX_VHOSTS" ]; then
+    echo "Virtual Hosts: $BLUEONYX_VHOSTS"
+    echo ""
+  fi
+  echo "============================================"
+  echo ""
+else
+  echo "WARNING: CCEd not ready, skipping configuration"
+fi
+
+exit 0