##-------------##
#    Postfix    #
##-------------##

sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$hostname', localhost.'$hostname', '$hostname'/g' /etc/postfix/main.cf
echo "bounce_notice_recipient = info@$domain" >> /etc/postfix/main.cf
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster:    root
root:          $email
EOF
newaliases

##-------##
#   UFW   #
##-------##

sed -i '/IPV6=/c\IPV6=yes' /etc/default/ufw
ufw default deny incoming > $OUTPUT 2>&1
ufw default allow outgoing > $OUTPUT 2>&1
ufw allow 80/tcp > $OUTPUT 2>&1
ufw allow 443/tcp > $OUTPUT 2>&1
ufw limit 4242/tcp > $OUTPUT 2>&1
echo "y" | ufw enable > $OUTPUT 2>&1

##------------##
#   Fail2Ban   #
##------------##

#General config
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/jail.local -O /etc/fail2ban/jail.local

#Custom Fiters
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/nextcloud.filter -O /etc/fail2ban/filter.d/nextcloud.local
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Filters/phpmyadmin-authlog.filter -O /etc/fail2ban/filter.d/phpmyadmin-authlog.local
wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-hard.conf -O /etc/fail2ban/filter.d/wordpress-hard.local
wget -q -t7 https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/wordpress-soft.conf -O /etc/fail2ban/filter.d/wordpress-soft.local

#General jails
wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/sshd.jail -O /etc/fail2ban/jail.d/sshd.local
if [ -z $disbackendcms ]; then
 wget -q -t7 "$repo"/raw/branch/"$branch"/config/fail2ban/Jails/phpmyadmin.jail -O /etc/fail2ban/jail.d/phpmyadmin.local
fi