feat: enhance setup scripts for multi-domain support and improve configuration handling

[Aravinda-HWK]

📌 Description

This PR is to change the script to support multiple domains with their subdomains.

• Closes [FEATURE] Support primary domains and subdomains in the email platform #294

---

🔍 Changes Made

• Update setup.sh
• Update the cert generation script
• Update the DKIM files generation logics

---

✅ Checklist (Email System)

• Core services tested (SMTP, IMAP, mail storage, end-to-end delivery)
• Security & compliance verified (auth via Thunder IDP, TLS, DKIM/SPF/DMARC, spam/virus filtering)
• Configuration & deployment checked (configs generated, Docker/Compose updated)
• Reliability confirmed (error handling, logging, monitoring)
• Documentation & usage notes updated (README, deployment, API)

---

🧪 Testing Instructions

---

📷 Screenshots / Logs (if applicable)

---

⚠️ Notes for Reviewers

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the Silver Mail system's setup process by introducing robust multi-domain support and improving configuration management. The changes enable the system to seamlessly handle multiple email domains, generate wildcard SSL certificates for each, and correctly configure OpenDKIM for all associated subdomains, streamlining the deployment and maintenance of a flexible email infrastructure.

Highlights

• Multi-Domain Support: The setup script (setup.sh) and configuration generation scripts (gen-certbot-certs.sh, gen-opendkim-conf.sh) have been updated to properly handle multiple email domains defined in silver.yaml.
• Wildcard Certificate Generation: The Certbot script (gen-certbot-certs.sh) now generates wildcard SSL certificates for each configured domain using the DNS challenge method, replacing the previous multi-domain HTTP-01 challenge.
• Enhanced OpenDKIM Configuration: The OpenDKIM configuration script (gen-opendkim-conf.sh) was refactored to correctly generate TrustedHosts, SigningTable, and KeyTable entries for all configured domains and their subdomains.
• Improved Setup Script Logic: The main setup script (setup.sh) now includes better domain validation, skips cloning the config repository if it already exists, and provides clearer output.

Changelog

• scripts/setup/setup.sh
  • Updated the script's header comments for clarity.
  • Refined comments for directory definitions.
  • Modified domain configuration to extract and validate all domains from silver.yaml instead of just the primary one.
  • Introduced a loop to validate each configured domain.
  • Updated the config repository cloning step to check for existing directories and skip cloning if present.
  • Added a success message upon completion of the setup process.
• services/config-scripts/gen-certbot-certs.sh
  • Revised the script's purpose to explicitly mention wildcard certificate support for all domains.
  • Removed unused constants CONFIGS_PATH and DKIM_KEY_SIZE.
  • Eliminated the concept of a single PRIMARY_DOMAIN for certificate generation.
  • Implemented a loop to process each domain individually for certificate requests.
  • Updated the certificate renewal logic to be per-domain and interactive.
  • Switched the Certbot challenge method from standalone (HTTP-01) to manual (DNS) to support wildcard certificates.
  • Modified the email used for Certbot registration to admin@${DOMAIN} for each domain.
  • Adjusted the Certbot command to request both the base domain and its wildcard (-d "${DOMAIN}" -d "*.${DOMAIN}").
  • Updated success messages and the reported location of generated certificates.
• services/config-scripts/gen-opendkim-conf.sh
  • Updated the script's header comment for better accuracy.
  • Removed the unused DKIM_KEY_SIZE constant.
  • Refactored the extract_domain_configs awk function for improved readability and efficiency, removing redundant comments and simplifying string manipulation.
  • Modified the TrustedHosts generation to include both the base domain and its wildcard (*.$DOMAIN).
  • Updated the SigningTable generation to include entries for both the base domain and its wildcard subdomains (@.$DOMAIN).
  • Streamlined the KeyTable generation.
  • Removed redundant null/empty checks for domain variables in loops.
  • Improved output messages for clarity and conciseness.

Activity

• No specific activity (comments, reviews, progress updates) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request enhances the setup scripts to support multiple domains and improves configuration handling. The main setup script now reads all configured domains, the certbot script generates wildcard certificates, and the OpenDKIM script supports subdomains. The changes are well-aligned with the goal. I've left one comment to improve the robustness of the YAML parsing logic in the OpenDKIM script.

[gemini-code-assist]

The logic to trim trailing whitespace from dkim-selector and dkim-key-size was removed. This makes the parsing less robust and inconsistent with how the domain value is parsed. Trailing whitespace in the YAML file could lead to incorrect values being used. It's recommended to restore the whitespace trimming for these fields to ensure consistent and correct behavior.

Suggested change

	if (line ~ /^[[:space:]]*dkim-selector:/) {
	selector = line
	sub(/^[[:space:]]*dkim-selector:[[:space:]]*/, "", selector)
	sub(/[[:space:]]*$/, "", selector)
	if (selector == "" || selector == "null") selector = "mail"
	}
	if (line ~ /^[[:space:]]*dkim-key-size:/) {
	keysize = line
	sub(/^[[:space:]]*dkim-key-size:[[:space:]]*/, "", keysize)
	sub(/[[:space:]]*$/, "", keysize)
	if (keysize == "" || keysize == "null") keysize = "2048"
	}
	if (line ~ /^[[:space:]]*dkim-selector:/) {
	selector = line
	sub(/^[[:space:]]*dkim-selector:[[:space:]]*/, "", selector)
	sub(/[[:space:]]*$/, "", selector)
	if (selector == "" || selector == "null") selector = "mail"
	}
	if (line ~ /^[[:space:]]*dkim-key-size:/) {
	keysize = line
	sub(/^[[:space:]]*dkim-key-size:[[:space:]]*/, "", keysize)
	sub(/[[:space:]]*$/, "", keysize)
	if (keysize == "" || keysize == "null") keysize = "2048"
	}

[maneeshaxyz]

LGTM.