rollback "sh script" to "script" direclty as sudo doesn't like the syntax, and...

PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2

WELCOME_SECRET=@@@generate@@@:20@

# fixed defaults

ENABLE_POP3=false;default

DISABLE_RATELIMITING=false;default

PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }')

WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')

WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" | awk -F= '{ print $NF }')

WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')

PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }')

PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }')

PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }')

    sed -i '/ADD_DOMAINS/d' "$ENVFILE"

    echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE"

fi

echo "WELCOME_SECRET_SHA=$(echo -n $WELCOME_SECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE"

echo "WEBSITE_SECRET=not_defined" >> "$ENVFILE"

source /mnt/repo-base/scripts/base.sh

DC_DIR="templates/docker-compose/"

echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized"

docker-compose restart

# needed to store accounts to create, and needs to be writable by welcome

touch /mnt/repo-base/volumes/accounts/auth.file

# needed to store created accounts, and needs to be writable by welcome

touch /mnt/repo-base/volumes/accounts/auth.file.done

ACCOUNTS_UID=$(docker-compose exec --user www-data welcome id -u | tr -d '\r')

chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file

chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file.done

printf "$(date): Waiting for Nextcloud to finish installation"

#!/bin/sh

# Script for removing a mailbox dir in ecloud

# The script looks at arguments 1 and 2, assuming that they 

# indicate username and domain, respectively.

# the script is actually run by the pfexec user

# the script handles deletion in a bind-mounted dir shared with eelomailserver

# so pfexec user has no right over it. it needs a specific sudo perm 

#to be able to only run this script

# the /etc/sudoers line added to the container during install :

# pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh

# The line states that the pfexec user may run the script without providing a password.

# where the mailbox dirs are bind-mounted on the container.

basedir=/var/mail/vhosts

if [[ -n "$1" && -n "$2" ]]; then

    # double check both arguments are provided

    if [ `echo $1 | fgrep '..'` ]; then

        # not permitted!!

        exit 1

    fi

    if [ `echo $2 | fgrep '..'` ]; then

        # not permitted!!

        exit 1

    fi

    maildir="${basedir}/$2/$1"

    if [ ! -e "$maildir" ]; then

        # not maildir empty, doing nothing

        exit 0

    fi

    rm -rf $maildir

else 

    # args are empty, do nothing

    exit 1

fi   

exit $?

 No newline at end of file

docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw

docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop

docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1

git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account

docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account

echo "Installing custom ecloud drop account plugin"

# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin

docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"

# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin

docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN"

git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account

docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account

echo "Installing Nextcloud theme"

wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz"

echo "Adding Postfix admin superadmin account"

docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin add $ALT_EMAIL --password $PFA_SUPERADMIN_PASSWORD --password2 $PFA_SUPERADMIN_PASSWORD --superadmin

# adding sudo to postfixadmin container

docker-compose exec -T postfixadmin apk add sudo

# giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script

docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers'

# Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason

echo "Adding domains to Postfix"

# The password_expiry parameter is only a workaround, and does not have any effect