From 7c1a0b1a0dde1fdf1879521e511add4f5ee809df Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 13 May 2019 14:34:45 +0200 Subject: [PATCH 1/9] Install Nextcloud with user_external plugin --- scripts/base.sh | 1 + scripts/generate-signup-link.sh | 6 +++-- scripts/init-repo.sh | 5 +--- scripts/postinstall.sh | 2 +- .../docker-compose/docker-compose-base.yml | 12 +++------ templates/nextcloud/config.php | 25 +++++-------------- .../plugin-config/user_sql_raw_config.conf | 21 ---------------- 7 files changed, 16 insertions(+), 56 deletions(-) delete mode 100644 templates/nextcloud/plugin-config/user_sql_raw_config.conf diff --git a/scripts/base.sh b/scripts/base.sh index f447bb8..8b3fd70 100755 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -36,6 +36,7 @@ SMTP_PW=$(grep ^SMTP_PW= "$ENVFILE" | awk -F= '{ print $NF }') SMTP_HOST=$(grep ^SMTP_HOST= "$ENVFILE" | awk -F= '{ print $NF }') +MYSQL_ROOT_PASSWORD=$(grep ^MYSQL_ROOT_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') # the encoding/decoding is taken from here: https://stackoverflow.com/questions/296536/how-to-urlencode-data-for-curl-command/10660730#10660730 urlencode() { diff --git a/scripts/generate-signup-link.sh b/scripts/generate-signup-link.sh index 359d6b3..21c2e10 100755 --- a/scripts/generate-signup-link.sh +++ b/scripts/generate-signup-link.sh @@ -24,6 +24,8 @@ echo "$EMAIL:$AUTH_SECRET" >> /mnt/repo-base/volumes/accounts/auth.file SIGNUP_URL="https://welcome.$DOMAIN/?authmail=$(urlencode "$EMAIL")&authsecret=$AUTH_SECRET" echo "The new user can sign up now at $SIGNUP_URL" -echo -e "Subject:Signup for $DOMAIN +echo -e "to:$EMAIL +from:drive@$DOMAIN +subject:Signup for $DOMAIN You can now sign up for your $DOMAIN account at $SIGNUP_URL" | \ -docker-compose exec -T eelomailserver sendmail -f "drive@$DOMAIN" -t "$EMAIL" + docker exec -i $(docker-compose ps -q eelomailserver) sendmail -t diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 9a7c091..7877747 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -173,10 +173,7 @@ fi # create nextcloud config mkdir -p "/mnt/repo-base/volumes/nextcloud/config/" cat /mnt/repo-base/templates/nextcloud/config.php | sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \ - sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" | sed "s/@@@MYSQL_PASSWORD_NC@@@/$MYSQL_PASSWORD_NC/g" | \ - sed "s/@@@MYSQL_DATABASE_NC@@@/$MYSQL_DATABASE_NC/g" | sed "s/@@@MYSQL_USER_NC@@@/$MYSQL_USER_NC/g" | \ - sed "s/@@@PFDB_DBPASS@@@/$PFDB_DBPASS/g" > \ - "/mnt/repo-base/volumes/nextcloud/config/config.php" + sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" > "/mnt/repo-base/volumes/nextcloud/config/config.php" chown www-data:www-data "/mnt/repo-base/volumes/nextcloud/" -R # Login to /e/ registry | not necessary when going public diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index c19f86c..c85d032 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -28,7 +28,7 @@ echo "Installing nextcloud plugins" docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install calendar docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install tasks docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install notes -docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_external docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1 diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index d190260..2ea627e 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -37,7 +37,7 @@ services: - redis postfixadmin: - image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:0.1.2 + image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:0.1.3 container_name: postfixadmin domainname: ${DOMAIN} hostname: mail @@ -46,6 +46,7 @@ services: - serverbase environment: - DBPASS=${DBPASS} + - DOMAIN=${DOMAIN} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} depends_on: - eelomailserver @@ -103,13 +104,6 @@ services: nextcloud: image: nextcloud:15.0.10 container_name: nextcloud - environment: - - MYSQL_DATABASE=${MYSQL_DATABASE_NC} - - MYSQL_USER=${MYSQL_USER_NC} - - MYSQL_PASSWORD=${MYSQL_PASSWORD_NC} - - MYSQL_HOST=mariadb - - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} restart: always networks: - serverbase @@ -136,7 +130,7 @@ services: - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf create-account: - image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:0.1.6 + image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:trigger-nextcloud-account container_name: create-account restart: always environment: diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php index e1dcc92..4816d1e 100644 --- a/templates/nextcloud/config.php +++ b/templates/nextcloud/config.php @@ -38,27 +38,14 @@ $CONFIG = array ( 'mail_smtpport' => '587', 'mail_smtpsecure' => 'tls', 'installed' => false, - 'user_backend_sql_raw' => - array ( - 'db_type' => 'mariadb', - 'db_host' => 'mariadb', - 'db_port' => '3306', - 'db_name' => 'postfix', - 'db_user' => 'postfix', - 'db_password' => '@@@PFDB_DBPASS@@@', - 'mariadb_charset' => 'utf8mb4', - 'queries' => - array ( - 'get_password_hash_for_user' => 'SELECT substr(password,15,3000) AS password_hash FROM mailbox WHERE username = BINARY :username', - 'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)', - 'get_users' => 'select username as fqda from mailbox where username like :search or name like :search', - 'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username', - 'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username', - 'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username', - 'count_users' => 'SELECT COUNT(*) FROM mailbox', + 'user_backends' => array( + array( + 'class' => 'OC_User_IMAP', + 'arguments' => array( + 'mail.@@@DOMAIN@@@', 993, 'ssl' ), - 'hash_algorithm_for_new_passwords' => 'sha512', ), + ), 'theme' => 'eelo', 'loglevel' => 2, 'preview_max_x' => 1024, diff --git a/templates/nextcloud/plugin-config/user_sql_raw_config.conf b/templates/nextcloud/plugin-config/user_sql_raw_config.conf deleted file mode 100644 index 08b54a8..0000000 --- a/templates/nextcloud/plugin-config/user_sql_raw_config.conf +++ /dev/null @@ -1,21 +0,0 @@ - 'user_backend_sql_raw' => - array ( - 'db_type' => 'mariadb', - 'db_host' => 'mariadb', - 'db_port' => '3306', - 'db_name' => '@@@DBNAME@@@', - 'db_user' => '@@@DBUSER@@@', - 'db_password' => '@@@DBPW@@@', - 'queries' => - array ( - 'get_password_hash_for_user' => 'SELECT substr(password,15,3000) AS password_hash FROM mailbox WHERE username = BINARY :username', - 'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)', - 'get_users' => 'select username as fqda from mailbox where username like :search or name like :search', - 'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username', - 'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username', - 'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username', - 'count_users' => 'SELECT COUNT(*) FROM mailbox', - ), - 'hash_algorithm_for_new_passwords' => 'sha512', - ) -); -- GitLab From 2bb3432fe37876124076294ee517f71c885cbbdd Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 31 May 2019 13:51:59 +0200 Subject: [PATCH 2/9] use patched postfixadmin --- templates/docker-compose/docker-compose-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 2ea627e..d5220a5 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -37,7 +37,7 @@ services: - redis postfixadmin: - image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:0.1.3 + image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:admin-smtp-password container_name: postfixadmin domainname: ${DOMAIN} hostname: mail -- GitLab From 02a05846da5fc3eabd452f81a368f4a68ab624cc Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 3 Jul 2019 13:41:49 +0200 Subject: [PATCH 3/9] connect to correct smtp host --- templates/docker-compose/docker-compose-base.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index d5220a5..e1fc2e8 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -48,6 +48,7 @@ services: - DBPASS=${DBPASS} - DOMAIN=${DOMAIN} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} + - SMTPHOST=${SMTP_HOST} depends_on: - eelomailserver - mariadb -- GitLab From 416d743fa25c8b650ac3acaddd2761531cc03b50 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 11 Jul 2019 16:24:48 +0200 Subject: [PATCH 4/9] set smtp password --- templates/docker-compose/docker-compose-base.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index e1fc2e8..d4d8078 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -49,6 +49,7 @@ services: - DOMAIN=${DOMAIN} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - SMTPHOST=${SMTP_HOST} + - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD} depends_on: - eelomailserver - mariadb -- GitLab From ff04773458a2e0a2d3605c511532b77da7b0110a Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 16 Jul 2019 14:58:59 +0200 Subject: [PATCH 5/9] Added workaround for password_expiry --- scripts/postinstall.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index c85d032..328437f 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -60,7 +60,9 @@ docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason echo "Adding domains to Postfix" -echo "$ADD_DOMAINS" | tr "," "\n" | while read line; do docker exec -t postfixadmin /postfixadmin/scripts/postfixadmin-cli domain add $line; done +# The password_expiry parameter is only a workaround, and does not have any effect +# https://github.com/postfixadmin/postfixadmin/issues/280#issuecomment-511788887 +echo "$ADD_DOMAINS" | tr "," "\n" | while read line; do docker exec -t postfixadmin /postfixadmin/scripts/postfixadmin-cli domain add $line --password_expiry 0; done echo "Adding email accounts used by system senders (drive, ...)" docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox add drive@$DOMAIN --password $DRIVE_SMTP_PASSWORD --password2 $DRIVE_SMTP_PASSWORD --name "drive" --email-other $ALT_EMAIL -- GitLab From 25e419dc5aeef88f27c02ef1bbafbf8a937d2c9d Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 17 Jul 2019 12:10:33 +0200 Subject: [PATCH 6/9] Revert "set smtp password" This reverts commit 416d743fa25c8b650ac3acaddd2761531cc03b50. --- templates/docker-compose/docker-compose-base.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index d4d8078..e1fc2e8 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -49,7 +49,6 @@ services: - DOMAIN=${DOMAIN} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - SMTPHOST=${SMTP_HOST} - - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD} depends_on: - eelomailserver - mariadb -- GitLab From 45979f80bbbf8bb890eeaafa058cbc02ededa9d7 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 22 Jul 2019 13:02:10 +0200 Subject: [PATCH 7/9] remove postfixadmin hostname in docker-compose --- templates/docker-compose/docker-compose-base.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index e1fc2e8..0f3f75e 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -40,7 +40,6 @@ services: image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:admin-smtp-password container_name: postfixadmin domainname: ${DOMAIN} - hostname: mail restart: always networks: - serverbase -- GitLab From 39a80872b2e17103e8452f090c578eed4395ef52 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 22 Jul 2019 15:12:04 +0200 Subject: [PATCH 8/9] set ADMIN_SMTP_PASSWORD --- templates/docker-compose/docker-compose-base.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 0f3f75e..07c768f 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -48,6 +48,7 @@ services: - DOMAIN=${DOMAIN} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - SMTPHOST=${SMTP_HOST} + - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD} depends_on: - eelomailserver - mariadb -- GitLab From ca63b628bc13f6f72f2833323626756841692e7b Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 29 Jul 2019 12:52:00 +0200 Subject: [PATCH 9/9] added script to sync emails from nc to pfa --- deployment/salt/base/docker-compose.sls | 7 +++++++ scripts/sync-emails.sh | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 scripts/sync-emails.sh diff --git a/deployment/salt/base/docker-compose.sls b/deployment/salt/base/docker-compose.sls index 16794e9..6a6b2b2 100644 --- a/deployment/salt/base/docker-compose.sls +++ b/deployment/salt/base/docker-compose.sls @@ -42,6 +42,13 @@ cron-check-updates: - special: '@daily' - identifier: 'check-updates' +cron-sync-emails: + cron.present: + - name: bash /mnt/repo-base/scripts/sync-emails.sh + - user: root + - special: '@hourly' + - identifier: 'sync-emails' + /etc/docker/daemon.json: file.managed: - source: salt://docker-daemon.json diff --git a/scripts/sync-emails.sh b/scripts/sync-emails.sh new file mode 100644 index 0000000..7198c04 --- /dev/null +++ b/scripts/sync-emails.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -e + +source /mnt/repo-base/scripts/base.sh + +QUERY_RESULT=$(docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --database=$MYSQL_DATABASE_NC -N -B \ + -e "SELECT uid,json_unquote(json_extract(data,'$.email.value')) AS email FROM accounts;") + +UPDATE_QUERY="UPDATE mailbox SET email_other = CASE username " +while read -r line; do + USER=$(echo "$line" | cut -f1) + FALLBACK_EMAIL=$(echo "$line" | cut -f2) + if [ "$FALLBACK_EMAIL" = "null" ]; then + continue + fi + UPDATE_QUERY+="WHEN '$USER' THEN '$FALLBACK_EMAIL' " +done <<< "$QUERY_RESULT" +UPDATE_QUERY+="ELSE email_other END;" + +docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --database=postfix \ + -e "$UPDATE_QUERY" -- GitLab