Merge branch 'auto-delete-account' into 'master' (b6044ef7) · Commits · e / infra / ecloud-selfhosting

deployment/questionnaire/questionnaire.dat

+2 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,8 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@

		PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2

		WELCOME_SECRET=@@@generate@@@:20@

		# fixed defaults
		ENABLE_POP3=false;default
		DISABLE_RATELIMITING=false;default

scripts/base.sh

+4 −0

Original line number	Diff line number	Diff line
		@@ -27,6 +27,10 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" \| awk -F= '{ print $

		PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" \| awk -F= '{ print $NF }')

		WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" \| awk -F= '{ print $NF }')
		WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" \| awk -F= '{ print $NF }')
		WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" \| awk -F= '{ print $NF }')

		PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" \| awk -F= '{ print $NF }')
		PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" \| awk -F= '{ print $NF }')
		PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" \| awk -F= '{ print $NF }')

scripts/init-repo.sh

+7 −0

Original line number	Diff line number	Diff line
		@@ -50,6 +50,10 @@ elif ! echo "$VALIDATED_ADD_DOMAINS" \| grep -q "$VALIDATED_DOMAIN" ; then
		sed -i '/ADD_DOMAINS/d' "$ENVFILE"
		echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE"
		fi

		echo "WELCOME_SECRET_SHA=$(echo -n $WELCOME_SECRET \|sha1sum \| awk '{print $1}')" >> "$ENVFILE"
		echo "WEBSITE_SECRET=not_defined" >> "$ENVFILE"

		source /mnt/repo-base/scripts/base.sh

		DC_DIR="templates/docker-compose/"
		@@ -186,9 +190,12 @@ docker-compose up -d
		echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized"
		docker-compose restart

		# needed to store accounts to create, and needs to be writable by welcome
		touch /mnt/repo-base/volumes/accounts/auth.file
		# needed to store created accounts, and needs to be writable by welcome
		touch /mnt/repo-base/volumes/accounts/auth.file.done
		ACCOUNTS_UID=$(docker-compose exec --user www-data welcome id -u \| tr -d '\r')
		chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file
		chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file.done

		printf "$(date): Waiting for Nextcloud to finish installation"

scripts/postfixadmin-mailbox-postdeletion.sh

0 → 100755

+50 −0

Original line number	Diff line number	Diff line
		#!/bin/sh

		# Script for removing a mailbox dir in ecloud

		# The script looks at arguments 1 and 2, assuming that they
		# indicate username and domain, respectively.


		# the script is actually run by the pfexec user
		# the script handles deletion in a bind-mounted dir shared with eelomailserver
		# so pfexec user has no right over it. it needs a specific sudo perm
		#to be able to only run this script
		# the /etc/sudoers line added to the container during install :
		# pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh
		# The line states that the pfexec user may run the script without providing a password.


		# where the mailbox dirs are bind-mounted on the container.
		basedir=/var/mail/vhosts

		if [[ -n "$1" && -n "$2" ]]; then
		# double check both arguments are provided

		if [ `echo $1 \| fgrep '..'` ]; then
		# not permitted!!
		exit 1
		fi
		if [ `echo $2 \| fgrep '..'` ]; then
		# not permitted!!
		exit 1
		fi


		maildir="${basedir}/$2/$1"



		if [ ! -e "$maildir" ]; then
		# not maildir empty, doing nothing
		exit 0
		fi


		rm -rf $maildir
		else
		# args are empty, do nothing
		exit 1
		fi

		exit $?
		No newline at end of file

scripts/postinstall.sh

+16 −0

Original line number	Diff line number	Diff line
		@@ -31,6 +31,17 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
		git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account
		docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account

		echo "Installing custom ecloud drop account plugin"
		# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin
		docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"
		# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin
		docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN"
		git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account
		docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account


		echo "Installing Nextcloud theme"
		wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz"
		@@ -58,6 +69,11 @@ curl --silent -L https://mail.$DOMAIN/setup.php > /dev/null
		echo "Adding Postfix admin superadmin account"
		docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin add $ALT_EMAIL --password $PFA_SUPERADMIN_PASSWORD --password2 $PFA_SUPERADMIN_PASSWORD --superadmin

		# adding sudo to postfixadmin container
		docker-compose exec -T postfixadmin apk add sudo
		# giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script
		docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers'

		# Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason
		echo "Adding domains to Postfix"
		# The password_expiry parameter is only a workaround, and does not have any effect

Original line number	Diff line number	Diff line
		@@ -27,6 +27,10 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" \| awk -F= '{ print $

		PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" \| awk -F= '{ print $NF }')

		WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" \| awk -F= '{ print $NF }')
		WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" \| awk -F= '{ print $NF }')
		WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" \| awk -F= '{ print $NF }')

		PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" \| awk -F= '{ print $NF }')
		PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" \| awk -F= '{ print $NF }')
		PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" \| awk -F= '{ print $NF }')