Commit b6044ef7 authored by Arnau Vàzquez's avatar Arnau Vàzquez

Merge branch 'auto-delete-account' into 'master'

Auto delete account

See merge request !62
parents 20845ac9 894b30e8
......@@ -24,6 +24,8 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@
PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2
WELCOME_SECRET=@@@generate@@@:20@
# fixed defaults
ENABLE_POP3=false;default
DISABLE_RATELIMITING=false;default
......
......@@ -27,6 +27,10 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" | awk -F= '{ print $
PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }')
WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')
WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" | awk -F= '{ print $NF }')
WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')
PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }')
PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }')
PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }')
......
......@@ -50,6 +50,10 @@ elif ! echo "$VALIDATED_ADD_DOMAINS" | grep -q "$VALIDATED_DOMAIN" ; then
sed -i '/ADD_DOMAINS/d' "$ENVFILE"
echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE"
fi
echo "WELCOME_SECRET_SHA=$(echo -n $WELCOME_SECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE"
echo "WEBSITE_SECRET=not_defined" >> "$ENVFILE"
source /mnt/repo-base/scripts/base.sh
DC_DIR="templates/docker-compose/"
......@@ -186,9 +190,12 @@ docker-compose up -d
echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized"
docker-compose restart
# needed to store accounts to create, and needs to be writable by welcome
touch /mnt/repo-base/volumes/accounts/auth.file
# needed to store created accounts, and needs to be writable by welcome
touch /mnt/repo-base/volumes/accounts/auth.file.done
ACCOUNTS_UID=$(docker-compose exec --user www-data welcome id -u | tr -d '\r')
chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file
chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file.done
printf "$(date): Waiting for Nextcloud to finish installation"
......
#!/bin/sh
# Script for removing a mailbox dir in ecloud
# The script looks at arguments 1 and 2, assuming that they
# indicate username and domain, respectively.
# the script is actually run by the pfexec user
# the script handles deletion in a bind-mounted dir shared with eelomailserver
# so pfexec user has no right over it. it needs a specific sudo perm
#to be able to only run this script
# the /etc/sudoers line added to the container during install :
# pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
# The line states that the pfexec user may run the script without providing a password.
# where the mailbox dirs are bind-mounted on the container.
basedir=/var/mail/vhosts
if [[ -n "$1" && -n "$2" ]]; then
# double check both arguments are provided
if [ `echo $1 | fgrep '..'` ]; then
# not permitted!!
exit 1
fi
if [ `echo $2 | fgrep '..'` ]; then
# not permitted!!
exit 1
fi
maildir="${basedir}/$2/$1"
if [ ! -e "$maildir" ]; then
# not maildir empty, doing nothing
exit 0
fi
rm -rf $maildir
else
# args are empty, do nothing
exit 1
fi
exit $?
\ No newline at end of file
......@@ -31,6 +31,17 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta
docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw
docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop
docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account
docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account
echo "Installing custom ecloud drop account plugin"
# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin
docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"
# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin
docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN"
git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account
docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account
echo "Installing Nextcloud theme"
wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz"
......@@ -58,6 +69,11 @@ curl --silent -L https://mail.$DOMAIN/setup.php > /dev/null
echo "Adding Postfix admin superadmin account"
docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin add $ALT_EMAIL --password $PFA_SUPERADMIN_PASSWORD --password2 $PFA_SUPERADMIN_PASSWORD --superadmin
# adding sudo to postfixadmin container
docker-compose exec -T postfixadmin apk add sudo
# giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script
docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers'
# Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason
echo "Adding domains to Postfix"
# The password_expiry parameter is only a workaround, and does not have any effect
......
......@@ -51,6 +51,9 @@ services:
- POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
- SMTPHOST=${SMTP_HOST}
- ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD}
volumes:
- /mnt/repo-base/volumes/mail:/var/mail
- /mnt/repo-base/scripts/postfixadmin-mailbox-postdeletion.sh:/usr/local/bin/postfixadmin-mailbox-postdeletion.sh
depends_on:
- eelomailserver
- mariadb
......@@ -80,9 +83,10 @@ services:
command: redis-server --appendonly yes
volumes:
- /mnt/repo-base/volumes/redis/db:/data
- /mnt/repo-base/volumes/redis/tmp:/tmp/redis
welcome:
image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.0.1
image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.1.0
container_name: welcome
environment:
- DOMAINS=${VHOSTS_ACCOUNTS}
......@@ -92,6 +96,9 @@ services:
- PFDB_DB=${PFDB_DB}
- PFDB_USR=${PFDB_USR}
- PFDB_PW=${DBPASS}
- POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
- WELCOME_SECRET_SHA=${WELCOME_SECRET_SHA}
- WEBSITE_SECRET=${WEBSITE_SECRET}
- SMTP_HOST=${SMTP_HOST}
- SMTP_FROM=${SMTP_FROM}
- SMTP_PW=${SMTP_PW}
......@@ -117,6 +124,7 @@ services:
- /mnt/repo-base/volumes/nextcloud/data:/var/www/html/data/
- /mnt/repo-base/config-dynamic/nextcloud/x-fpm-overloads.conf:/usr/local/etc/php-fpm.d/x-fpm-overloads.conf
- /mnt/repo-base/config-dynamic/nextcloud/x-php-overloads.ini:/usr/local/etc/php/conf.d/x-php-overloads.ini
- /mnt/repo-base/volumes/redis/tmp:/tmp/redis/
depends_on:
- mariadb
......
......@@ -58,6 +58,7 @@ $CONFIG = array (
'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
'get_users' => 'select username as fqda from mailbox where username like :search or name like :search',
'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username',
'delete_user' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)',
'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username',
'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username',
'count_users' => 'SELECT COUNT(*) FROM mailbox',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment