diff --git a/init-repo.sh b/init-repo.sh index d25c1180915cd8bbdff640d044e2e51b1d88e851..3c803dde608b757fc21555cb71d79ef44ddea68e 100755 --- a/init-repo.sh +++ b/init-repo.sh @@ -59,6 +59,7 @@ echo "VIRTUAL_HOST=$VIRTUAL_HOST" >> "$ENVFILE" # finished .env file generation +mkdir letsencrypt/autorenew/ rm -f letsencrypt/autorenew/ssl-domains.dat # fille autorenew config echo "$VIRTUAL_HOST,dba.$DOMAIN,drive.$DOMAIN,mail.$DOMAIN,spam.$DOMAIN,webmail.$DOMAIN,welcome.$DOMAIN$OFFICE_DOMAIN" | tr "," "\n" | while read CURDOMAIN; do @@ -139,14 +140,18 @@ ssh-keygen -f /mnt/docker/accounts/id_rsa_postfixadmincontainer -N "" chown "33:33" /mnt/docker/accounts/id_rsa_postfixadmincontainer chown "1000:1000" /mnt/docker/accounts/id_rsa_postfixadmincontainer.pub - # needed to store created accounts, and needs to be writable by welcome touch /mnt/docker/accounts/auth.file.done chown "33:33" /mnt/docker/accounts/auth.file.done -# Run LE cert request -sh letsencrypt/autorenew/ssl-renew.sh +# Login to /e/ registry | not necessary when going public +docker login registry.gitlab.e.foundation:5000 + +cd /mnt/docker/ +docker-compose up -d +# Run LE cert request +sh scripts/ssl-renew.sh # verify LE status CTR_LE=$(find letsencrypt/certstore/live/dba.$DOMAIN/privkey.pem letsencrypt/certstore/live/drive.$DOMAIN/privkey.pem letsencrypt/certstore/live/mail.$DOMAIN/privkey.pem letsencrypt/certstore/live/spam.$DOMAIN/privkey.pem letsencrypt/certstore/live/webmail.$DOMAIN/privkey.pem letsencrypt/certstore/live/welcome.$DOMAIN/privkey.pem $OFFICE_LETSENCRYPT_KEY 2>/dev/null| wc -l) @@ -163,10 +168,4 @@ else exit 1 fi -# Login to /e/ registry | not necessary when going public -docker login registry.gitlab.e.foundation:5000 - -cd /mnt/docker/ -docker-compose up -d - bash /mnt/repo-base/postinstall.sh diff --git a/postinstall.sh b/postinstall.sh index 947460d8ad930b064b175711a260d8563fe488fd..1822fc573916e47c73990eb264fabe8d07a0b674 100755 --- a/postinstall.sh +++ b/postinstall.sh @@ -19,7 +19,14 @@ PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }') +# We need to wait until both the config exists and occ works. If we only do one of these, it might +# still not work. printf "Waiting for Nextcloud to be started" +while [ ! -f /mnt/docker/nextcloud/config/config.php ] +do + printf "." + sleep 0.1 +done while docker-compose exec --user www-data nextcloud php occ | grep "Nextcloud is not installed" > /dev/null; do printf "." diff --git a/scripts/check-update.sh b/scripts/check-update.sh new file mode 100755 index 0000000000000000000000000000000000000000..17a899e7b9bede981c75e1b79768e8fd658a8b84 --- /dev/null +++ b/scripts/check-update.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +ENVFILE="/mnt/docker/.env" +DOMAIN=$(grep ^DOMAIN= "$ENVFILE" | awk -F= '{ print $NF }') +ALT_EMAIL=$(grep ^ALT_EMAIL= "$ENVFILE" | awk -F= '{ print $NF }') +KNOWN_VERSION_FILE="/mnt/repo-base/config/latest-known-version" +# TODO: delete this once config folder is included in the repo +mkdir /mnt/repo-base/config/ || true +touch $KNOWN_VERSION_FILE + +CURRENT_VERSION_DATE=$(git show -s --format=%ci HEAD) +git fetch --tags +LATEST_TAG=$(git tag --sort=creatordate | tail -n 1) +LATEST_VERSION_DATE=$(git show -s --format=%ci "$LATEST_TAG") + +if [[ "$LATEST_VERSION_DATE" > "$CURRENT_VERSION_DATE" ]] +then + echo "New version $LATEST_TAG is available!" + if [ "$LATEST_TAG" != "$(cat $KNOWN_VERSION_FILE)" ] + then + echo "$LATEST_TAG" > "$KNOWN_VERSION_FILE" + cat "templates/mail/update-notification.txt" | \ + sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \ + docker-compose exec -T eelomailserver sendmail -f "drive@$DOMAIN" -t "$ALT_EMAIL" + fi +else + echo "No update available" +fi diff --git a/letsencrypt/autorenew/ssl-renew.sh b/scripts/ssl-renew.sh old mode 100644 new mode 100755 similarity index 97% rename from letsencrypt/autorenew/ssl-renew.sh rename to scripts/ssl-renew.sh index 7f6ba92852c95750e61aac1815fdc2f2fc111b8a..39e2f52ae523ca4c74246eb7e5ff2c77a47126c0 --- a/letsencrypt/autorenew/ssl-renew.sh +++ b/scripts/ssl-renew.sh @@ -30,7 +30,7 @@ cat "$CONFIG" | while read TYPE DOMAIN; do echo "Certificate for $DOMAIN renewed and is valid until: $NVALIDTHRU (was: $VALIDTHRU)" if [ "$DOMAIN" = "$MAILHOST" ] then - cd /mnt/docker/compose + cd /mnt/repo-base/ docker-compose restart eelomailserver fi :;done diff --git a/scripts/update.sh b/scripts/update.sh new file mode 100755 index 0000000000000000000000000000000000000000..4aaece50238140f871e3b520988e2a07a0760e0b --- /dev/null +++ b/scripts/update.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e + +CURRENT_VERSION_DATE=$(git show -s --format=%ci HEAD) +git fetch --tags +LATEST_TAG=$(git tag --sort=creatordate | tail -n 1) +LATEST_VERSION_DATE=$(git show -s --format=%ci "$LATEST_TAG") + +if [[ ! "$CURRENT_VERSION_DATE" < "$LATEST_VERSION_DATE" ]] +then + echo "No update available" + exit +fi + +echo "New version is $LATEST_TAG +Changelog: https://gitlab.e.foundation/e/priv/infra/compose/tags/$LATEST_TAG +Do you want to upgrade? [y/N]" +read answer + +# https://stackoverflow.com/a/27875395 +if [ "$answer" == "${answer#[Yy]}" ] ;then + echo "aborted" + exit +fi + +echo -e "\n\nUpdating git repository to latest version" +git checkout "$LATEST_TAG" + +echo -e "\n\nUpdating Docker images" +docker-compose pull +docker-compose up -d + +echo -e "\n\nUpdate complete. Consider running 'docker image prune --all' to reclaim space from old images" diff --git a/templates/mail/update-notification.txt b/templates/mail/update-notification.txt new file mode 100644 index 0000000000000000000000000000000000000000..04d42f8f2889cfb7d1d08e89166b8480c819a205 --- /dev/null +++ b/templates/mail/update-notification.txt @@ -0,0 +1,5 @@ +Subject:Update available for @@@DOMAIN@@@ +A new update is available. Please login via ssh and run the following +command: + +bash /mnt/repo-base/scripts/update.sh