From 80a4110429efa281087fbc03407dc27fe79ee4cb Mon Sep 17 00:00:00 2001 From: Felix Date: Fri, 14 Feb 2020 12:09:51 +0100 Subject: [PATCH 1/7] implement automated account deletion (fixes #64) --- group_vars/all | 1 + scripts/postinstall.sh | 8 +++----- templates/docker-compose/01-docker-compose-base.yml | 7 ++++++- templates/nginx/sites-enabled/nextcloud.conf | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/group_vars/all b/group_vars/all index 73572a6..951bca0 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,4 +1,5 @@ # MUST SPECIFY +# TODO: need to do something about these variables so they are not committed to git domain: "" additional_domains: [] contact_email: "" diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 94716e5..ed373e4 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -1,17 +1,15 @@ #!/usr/bin/env bash set -ex +# TODO: it looks like this script is executed twice when installing with ansible + source /mnt/repo-base/scripts/base.sh echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized" docker-compose restart printf "$(date): Waiting for Nextcloud to finish installation" -# sleep for 300 seconds -for i in {0..300}; do - sleep 1 - printf "." -done +sleep 300 # Create Nextcloud mysql database and user docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" \ diff --git a/templates/docker-compose/01-docker-compose-base.yml b/templates/docker-compose/01-docker-compose-base.yml index 4abf423..31d3f1e 100644 --- a/templates/docker-compose/01-docker-compose-base.yml +++ b/templates/docker-compose/01-docker-compose-base.yml @@ -134,7 +134,7 @@ services: - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf create-account: - image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:1.0.1 + image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:delete-account container_name: create-account restart: always environment: @@ -143,6 +143,11 @@ services: - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - DOMAIN=${DOMAIN} - CREATE_ACCOUNT_PASSWORD=${CREATE_ACCOUNT_PASSWORD} + - SMTP_HOST=${SMTP_HOST} + - SMTP_FROM=${SMTP_FROM} + - SMTP_PASSWORD=${SMTP_PW} + volumes: + - /mnt/repo-base/volumes/create-account:/data networks: - serverbase depends_on: diff --git a/templates/nginx/sites-enabled/nextcloud.conf b/templates/nginx/sites-enabled/nextcloud.conf index 38e8dcc..39be267 100644 --- a/templates/nginx/sites-enabled/nextcloud.conf +++ b/templates/nginx/sites-enabled/nextcloud.conf @@ -92,4 +92,7 @@ server { add_header Referrer-Policy no-referrer; access_log off; } + location ~ /(delete-account|delete-account-form|confirm-delete-account) { + proxy_pass http://create-account:9000; + } } -- GitLab From 97b7d2cd3458cbcd3187b2532864a12e2f3343e6 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 19 Feb 2020 13:55:24 +0100 Subject: [PATCH 2/7] fix #951 account deletion remove $ACCOUNT line from repo-base/volumes/accounts/auth.file.done --- scripts/delete-account.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/delete-account.sh b/scripts/delete-account.sh index c4d42af..c42b1a6 100755 --- a/scripts/delete-account.sh +++ b/scripts/delete-account.sh @@ -19,5 +19,15 @@ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then echo "Deleting email account" docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox delete "$ACCOUNT" + #Fix #951 + #sed pattern : \:$account$ = + # line ending with $ACCOUNT ($), + # and : before $account to prevent accidental deletion ex : if $ACCOUNT = doe do NOT delete all lines end with doe, johndoe, john-doe,... + # is this enough? + # do we enforce this with a dry run? if only one line deleted, we actually delete, if do not and and raise an alert? + FILE_MULTIPLE_REGISTRATION_CHECK=/mnt/repo-base/volumes/accounts/auth.file.done + echo "Removing $ACCOUNT from file $FILE_MULTIPLE_REGISTRATION_CHECK " + sed -i "/\:$ACCOUNT$/d" $FILE_MULTIPLE_REGISTRATION_CHECK + # TODO: delete onlyoffice account??? fi -- GitLab From 1df24ad0e465f6420f4285caa969bd8cd721bdcb Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 19 Feb 2020 14:14:47 +0100 Subject: [PATCH 3/7] change sed pattern as $ACCOUNT is the external mail used to register --- scripts/delete-account.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/scripts/delete-account.sh b/scripts/delete-account.sh index c42b1a6..3db4f2a 100755 --- a/scripts/delete-account.sh +++ b/scripts/delete-account.sh @@ -19,15 +19,14 @@ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then echo "Deleting email account" docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox delete "$ACCOUNT" - #Fix #951 - #sed pattern : \:$account$ = - # line ending with $ACCOUNT ($), - # and : before $account to prevent accidental deletion ex : if $ACCOUNT = doe do NOT delete all lines end with doe, johndoe, john-doe,... - # is this enough? - # do we enforce this with a dry run? if only one line deleted, we actually delete, if do not and and raise an alert? + # Fix #951 + # delete line with $ACCOUNT external mail + # sed pattern : ^$account\: = + # line beginning with $ACCOUNT (^), + # and ':' after $account as line pattern in the file is $ACCOUNT:key:login FILE_MULTIPLE_REGISTRATION_CHECK=/mnt/repo-base/volumes/accounts/auth.file.done echo "Removing $ACCOUNT from file $FILE_MULTIPLE_REGISTRATION_CHECK " - sed -i "/\:$ACCOUNT$/d" $FILE_MULTIPLE_REGISTRATION_CHECK + sed -i "/^$ACCOUNT\:/d" $FILE_MULTIPLE_REGISTRATION_CHECK # TODO: delete onlyoffice account??? fi -- GitLab From 9b2373afd70388f4776475fc64b635268fb0de7b Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 19 Feb 2020 16:14:19 +0100 Subject: [PATCH 4/7] fix #951 for manual deletion : last version with @e.email as input, and test before delete --- scripts/delete-account.sh | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/scripts/delete-account.sh b/scripts/delete-account.sh index 3db4f2a..669026e 100755 --- a/scripts/delete-account.sh +++ b/scripts/delete-account.sh @@ -20,13 +20,27 @@ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox delete "$ACCOUNT" # Fix #951 - # delete line with $ACCOUNT external mail - # sed pattern : ^$account\: = - # line beginning with $ACCOUNT (^), - # and ':' after $account as line pattern in the file is $ACCOUNT:key:login FILE_MULTIPLE_REGISTRATION_CHECK=/mnt/repo-base/volumes/accounts/auth.file.done - echo "Removing $ACCOUNT from file $FILE_MULTIPLE_REGISTRATION_CHECK " - sed -i "/^$ACCOUNT\:/d" $FILE_MULTIPLE_REGISTRATION_CHECK + + # delete line with $ACCOUNT : this is a e.email + # strip "e.email" suffix + MBOX=${ACCOUNT%"@e.email"} + + # sed pattern : \:$MBOX$ = + # line line ending with $MBOX ($), + # and ':' and : before $MBOX to prevent accidental deletion + # ex : if $MBOX = doe do NOT delete all lines ending with "doe", "johndoe", "john-doe", only delete ":doe" + # grep |wc -l >> count result, if one line delete + + if [[ $(grep -nR "\:$MBOX$" $FILE |wc -l) = "1" ]]; then + echo "Removing $MBOX from file $FILE_MULTIPLE_REGISTRATION_CHECK" + sed -i "/\:$MBOX$/d" $FILE + elif [[ $(grep -nR "\:$MBOX$" $FILE |wc -l) = "0" ]] + then + echo "$MBOX not found in $FILE_MULTIPLE_REGISTRATION_CHECK" + else + echo "More than one line to be deleted for $MBOX, check $FILE_MULTIPLE_REGISTRATION_CHECK please" + fi # TODO: delete onlyoffice account??? fi -- GitLab From fb5b4dddad7d0602f8d3c04fda5a0a6513442400 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 19 Feb 2020 17:52:55 +0100 Subject: [PATCH 5/7] missed some replacements : s/FILE/FILE_MULTIPLE_REGISTRATION_CHECK --- scripts/delete-account.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/delete-account.sh b/scripts/delete-account.sh index 669026e..fbd5bca 100755 --- a/scripts/delete-account.sh +++ b/scripts/delete-account.sh @@ -32,10 +32,10 @@ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then # ex : if $MBOX = doe do NOT delete all lines ending with "doe", "johndoe", "john-doe", only delete ":doe" # grep |wc -l >> count result, if one line delete - if [[ $(grep -nR "\:$MBOX$" $FILE |wc -l) = "1" ]]; then + if [[ $(grep -nR "\:$MBOX$" $FILE_MULTIPLE_REGISTRATION_CHECK |wc -l) = "1" ]]; then echo "Removing $MBOX from file $FILE_MULTIPLE_REGISTRATION_CHECK" - sed -i "/\:$MBOX$/d" $FILE - elif [[ $(grep -nR "\:$MBOX$" $FILE |wc -l) = "0" ]] + sed -i "/\:$MBOX$/d" $FILE_MULTIPLE_REGISTRATION_CHECK + elif [[ $(grep -nR "\:$MBOX$" $FILE_MULTIPLE_REGISTRATION_CHECK |wc -l) = "0" ]] then echo "$MBOX not found in $FILE_MULTIPLE_REGISTRATION_CHECK" else -- GitLab From 983dd745939a6437edb6ed46adec51e650f7d8ae Mon Sep 17 00:00:00 2001 From: Felix Date: Thu, 20 Feb 2020 07:50:12 +0100 Subject: [PATCH 6/7] Revert broken commits by vincent This reverts commit 97b7d2cd3458cbcd3187b2532864a12e2f3343e6. --- scripts/delete-account.sh | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/scripts/delete-account.sh b/scripts/delete-account.sh index fbd5bca..c4d42af 100755 --- a/scripts/delete-account.sh +++ b/scripts/delete-account.sh @@ -19,28 +19,5 @@ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then echo "Deleting email account" docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli mailbox delete "$ACCOUNT" - # Fix #951 - FILE_MULTIPLE_REGISTRATION_CHECK=/mnt/repo-base/volumes/accounts/auth.file.done - - # delete line with $ACCOUNT : this is a e.email - # strip "e.email" suffix - MBOX=${ACCOUNT%"@e.email"} - - # sed pattern : \:$MBOX$ = - # line line ending with $MBOX ($), - # and ':' and : before $MBOX to prevent accidental deletion - # ex : if $MBOX = doe do NOT delete all lines ending with "doe", "johndoe", "john-doe", only delete ":doe" - # grep |wc -l >> count result, if one line delete - - if [[ $(grep -nR "\:$MBOX$" $FILE_MULTIPLE_REGISTRATION_CHECK |wc -l) = "1" ]]; then - echo "Removing $MBOX from file $FILE_MULTIPLE_REGISTRATION_CHECK" - sed -i "/\:$MBOX$/d" $FILE_MULTIPLE_REGISTRATION_CHECK - elif [[ $(grep -nR "\:$MBOX$" $FILE_MULTIPLE_REGISTRATION_CHECK |wc -l) = "0" ]] - then - echo "$MBOX not found in $FILE_MULTIPLE_REGISTRATION_CHECK" - else - echo "More than one line to be deleted for $MBOX, check $FILE_MULTIPLE_REGISTRATION_CHECK please" - fi - # TODO: delete onlyoffice account??? fi -- GitLab From d0d99ad005987706cf41ab18c6c0ef09d9958356 Mon Sep 17 00:00:00 2001 From: Felix Date: Mon, 24 Feb 2020 12:14:04 +0100 Subject: [PATCH 7/7] use proper permission for create-account volume --- ansible.yml | 1 + templates/docker-compose/01-docker-compose-base.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible.yml b/ansible.yml index cb694ad..6aff86d 100644 --- a/ansible.yml +++ b/ansible.yml @@ -88,6 +88,7 @@ - { path: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew', owner: root } - { path: '/mnt/repo-base/config-dynamic/nginx/sites-enabled', owner: root } - { path: '/mnt/repo-base/volumes/accounts/', owner: www-data } + - { path: '/mnt/repo-base/volumes/create-account/', owner: 900 } # NOTE: This does not delete files that have been deleted from the repo, need to do that manually. - name: copy static config files diff --git a/templates/docker-compose/01-docker-compose-base.yml b/templates/docker-compose/01-docker-compose-base.yml index 31d3f1e..27a9b1d 100644 --- a/templates/docker-compose/01-docker-compose-base.yml +++ b/templates/docker-compose/01-docker-compose-base.yml @@ -134,7 +134,7 @@ services: - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf create-account: - image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:delete-account + image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:1.1.0 container_name: create-account restart: always environment: -- GitLab