From ce35f4de92aa0d84fd1b5af517e99c6fb6fd0d85 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 16 Mar 2020 19:20:52 +0100 Subject: [PATCH 01/15] modifications for adding the autodeletion feature in the ecosystem --- deployment/questionnaire/questionnaire.dat | 2 ++ scripts/base.sh | 2 ++ scripts/postinstall.sh | 8 ++++++++ templates/docker-compose/docker-compose-base.yml | 5 ++++- 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/deployment/questionnaire/questionnaire.dat b/deployment/questionnaire/questionnaire.dat index 3ada26b..74dff8e 100644 --- a/deployment/questionnaire/questionnaire.dat +++ b/deployment/questionnaire/questionnaire.dat @@ -24,6 +24,8 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@ PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2 +WELCOME_SECRET=@@@generate@@@:20@ + # fixed defaults ENABLE_POP3=false;default DISABLE_RATELIMITING=false;default diff --git a/scripts/base.sh b/scripts/base.sh index c179258..728b73e 100755 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -27,6 +27,8 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" | awk -F= '{ print $ PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') +WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }') + PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }') diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 1598a0f..785cb0b 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -32,6 +32,14 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1 +echo "Installing custom ecloud drop account plugin" +# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin +docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET" +git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account + +docker-compose exec -T --user www-data nextcloud php occ app:enable ecloud_drop_account + echo "Installing Nextcloud theme" wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz" tar -xzf "/tmp/nextcloud-theme.tar.gz" -C "volumes/nextcloud/html/themes/" --strip-components=1 diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 4b714e0..65d5d45 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -51,6 +51,8 @@ services: - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - SMTPHOST=${SMTP_HOST} - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD} + volumes: + - /mnt/repo-base/volumes/mail:/var/mail depends_on: - eelomailserver - mariadb @@ -82,7 +84,7 @@ services: - /mnt/repo-base/volumes/redis/db:/data welcome: - image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.0.1 + image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:auto-delete-account container_name: welcome environment: - DOMAINS=${VHOSTS_ACCOUNTS} @@ -92,6 +94,7 @@ services: - PFDB_DB=${PFDB_DB} - PFDB_USR=${PFDB_USR} - PFDB_PW=${DBPASS} + - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PW=${SMTP_PW} -- GitLab From a8c507c19404571dd4c33d1c1d5da04ca1193e3a Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 17 Mar 2020 17:36:07 +0100 Subject: [PATCH 02/15] generate welcome_secret_sha during install and pass is to docker welcome container --- scripts/base.sh | 1 + scripts/init-repo.sh | 3 +++ templates/docker-compose/docker-compose-base.yml | 1 + 3 files changed, 5 insertions(+) diff --git a/scripts/base.sh b/scripts/base.sh index 728b73e..0c326d7 100755 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -28,6 +28,7 @@ DRIVE_SMTP_PASSWORD=$(grep ^DRIVE_SMTP_PASSWORD= "$ENVFILE" | awk -F= '{ print $ PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }') WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }') +WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }') diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index ede5151..f30a8c5 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -50,6 +50,9 @@ elif ! echo "$VALIDATED_ADD_DOMAINS" | grep -q "$VALIDATED_DOMAIN" ; then sed -i '/ADD_DOMAINS/d' "$ENVFILE" echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE" fi + +echo "WELCOME_SECRET_SHA=$(echo -n $WSECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE" + source /mnt/repo-base/scripts/base.sh DC_DIR="templates/docker-compose/" diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 65d5d45..16e0ae2 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -95,6 +95,7 @@ services: - PFDB_USR=${PFDB_USR} - PFDB_PW=${DBPASS} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} + - WELCOME_SECRET_SHA=${WELCOME_SECRET_SHA} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PW=${SMTP_PW} -- GitLab From c3e9a9c18184b1505fb69eecf902ba6c998fb4ff Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 17 Mar 2020 18:33:46 +0100 Subject: [PATCH 03/15] adding https://framagit.org/tcit/drop_user app to NC during install --- scripts/postinstall.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 785cb0b..3670b30 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -31,6 +31,8 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1 +git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account +docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account echo "Installing custom ecloud drop account plugin" # Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin @@ -38,7 +40,6 @@ docker-compose exec -T --user www-data nextcloud php occ config:system:set e_wel git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account -docker-compose exec -T --user www-data nextcloud php occ app:enable ecloud_drop_account echo "Installing Nextcloud theme" wget "https://gitlab.e.foundation/api/v4/projects/315/repository/archive.tar.gz" -O "/tmp/nextcloud-theme.tar.gz" -- GitLab From 6288c8f27718f5f6303c4827902610cd78f4f57c Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 18 Mar 2020 12:45:35 +0100 Subject: [PATCH 04/15] mailbox deletion script to be launched by pfexec user during account deletion process --- scripts/postfixadmin-mailbox-postdeletion.sh | 50 +++++++++++++++++++ scripts/postinstall.sh | 5 ++ .../docker-compose/docker-compose-base.yml | 1 + 3 files changed, 56 insertions(+) create mode 100644 scripts/postfixadmin-mailbox-postdeletion.sh diff --git a/scripts/postfixadmin-mailbox-postdeletion.sh b/scripts/postfixadmin-mailbox-postdeletion.sh new file mode 100644 index 0000000..03f0608 --- /dev/null +++ b/scripts/postfixadmin-mailbox-postdeletion.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +# Script for removing a mailbox dir in ecloud + +# The script looks at arguments 1 and 2, assuming that they +# indicate username and domain, respectively. + + +# the script is actually run by the pfexec user +# the script handles deletion in a bind-mounted dir shared with eelomailserver +# so pfexec user has no right over it. it needs a specific sudo perm +#to be able to only run this script +# the /etc/sudoers line added to the container during install : +# pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh +# The line states that the pfexec user may run the script without providing a password. + + +# where the mailbox dirs are bind-mounted on the container. +basedir=/var/mail/vhosts + +if [[ -n "$1" && -n "$2" ]]; then + # double check both arguments are provided + + if [ `echo $1 | fgrep '..'` ]; then + # not permitted!! + exit 1 + fi + if [ `echo $2 | fgrep '..'` ]; then + # not permitted!! + exit 1 + fi + + + maildir="${basedir}/$2/$1" + + + + if [ ! -e "$maildir" ]; then + # not maildir empty, doing nothing + exit 1 + fi + + + rm -rf $maildir +else + # args are empty, do nothing + exit 1 +fi + +exit $? \ No newline at end of file diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 3670b30..620ef0c 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -67,6 +67,11 @@ curl --silent -L https://mail.$DOMAIN/setup.php > /dev/null echo "Adding Postfix admin superadmin account" docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin add $ALT_EMAIL --password $PFA_SUPERADMIN_PASSWORD --password2 $PFA_SUPERADMIN_PASSWORD --superadmin +# adding sudo to postfixadmin container +docker-compose exec -T postfixadmin apk add sudo +# giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script +docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers' + # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason echo "Adding domains to Postfix" # The password_expiry parameter is only a workaround, and does not have any effect diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 16e0ae2..8d2e1d0 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -53,6 +53,7 @@ services: - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD} volumes: - /mnt/repo-base/volumes/mail:/var/mail + - /mnt/repo-base/scripts/postfixadmin-mailbox-postdeletion.sh:/usr/local/bin/postfixadmin-mailbox-postdeletion.sh depends_on: - eelomailserver - mariadb -- GitLab From bdca6c01d403f8c3037b6e780a9473fa121076b7 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 18 Mar 2020 13:40:05 +0100 Subject: [PATCH 05/15] define useless website_secret --- deployment/questionnaire/questionnaire.dat | 1 + scripts/base.sh | 1 + templates/docker-compose/docker-compose-base.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/deployment/questionnaire/questionnaire.dat b/deployment/questionnaire/questionnaire.dat index 74dff8e..c9a4834 100644 --- a/deployment/questionnaire/questionnaire.dat +++ b/deployment/questionnaire/questionnaire.dat @@ -25,6 +25,7 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@ PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2 WELCOME_SECRET=@@@generate@@@:20@ +WEBSITE_SECRET=not_defined # fixed defaults ENABLE_POP3=false;default diff --git a/scripts/base.sh b/scripts/base.sh index 0c326d7..be318b2 100755 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -29,6 +29,7 @@ PFA_SUPERADMIN_PASSWORD=$(grep ^PFA_SUPERADMIN_PASSWORD= "$ENVFILE" | awk -F= '{ WELCOME_SECRET=$(grep ^WELCOME_SECRET= "$ENVFILE" | awk -F= '{ print $NF }') WELCOME_SECRET_SHA=$(grep ^WELCOME_SECRET_SHA= "$ENVFILE" | awk -F= '{ print $NF }') +WEBSITE_SECRET=$(grep ^WEBSITE_SECRET= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }') diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index 8d2e1d0..d55b637 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -97,6 +97,7 @@ services: - PFDB_PW=${DBPASS} - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD} - WELCOME_SECRET_SHA=${WELCOME_SECRET_SHA} + - WEBSITE_SECRET=${WEBSITE_SECRET} - SMTP_HOST=${SMTP_HOST} - SMTP_FROM=${SMTP_FROM} - SMTP_PW=${SMTP_PW} -- GitLab From 867a036891be6b68835594fdac8d45b1a1173b8c Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 20 Mar 2020 12:24:31 +0100 Subject: [PATCH 06/15] move definition of WEBSITE_SECRET in init-repo.sh script to prevent dirty echo during install --- deployment/questionnaire/questionnaire.dat | 1 - scripts/init-repo.sh | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/questionnaire/questionnaire.dat b/deployment/questionnaire/questionnaire.dat index c9a4834..74dff8e 100644 --- a/deployment/questionnaire/questionnaire.dat +++ b/deployment/questionnaire/questionnaire.dat @@ -25,7 +25,6 @@ CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@ PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2 WELCOME_SECRET=@@@generate@@@:20@ -WEBSITE_SECRET=not_defined # fixed defaults ENABLE_POP3=false;default diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index f30a8c5..7a608c4 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -51,7 +51,8 @@ elif ! echo "$VALIDATED_ADD_DOMAINS" | grep -q "$VALIDATED_DOMAIN" ; then echo "ADD_DOMAINS=$VALIDATED_ADD_DOMAINS,$VALIDATED_DOMAIN" >> "$ENVFILE" fi -echo "WELCOME_SECRET_SHA=$(echo -n $WSECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE" +echo "WELCOME_SECRET_SHA=$(echo -n $WELCOME_SECRET |sha1sum | awk '{print $1}')" >> "$ENVFILE" +echo "WEBSITE_SECRET=not_defined" >> "$ENVFILE" source /mnt/repo-base/scripts/base.sh -- GitLab From e5f220711d6b85e9438924b238b8f228d9bff8f3 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 20 Mar 2020 12:27:08 +0100 Subject: [PATCH 07/15] modify pfexec sudo permission --- scripts/postinstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 620ef0c..90222af 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -70,7 +70,7 @@ docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin # adding sudo to postfixadmin container docker-compose exec -T postfixadmin apk add sudo # giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script -docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers' +docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: sh /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers' # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason echo "Adding domains to Postfix" -- GitLab From 8e68cfa8d5e0e55e05033277f04ea9dd2fecb5ab Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 20 Mar 2020 12:33:40 +0100 Subject: [PATCH 08/15] chmod +x on added script --- scripts/postfixadmin-mailbox-postdeletion.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/postfixadmin-mailbox-postdeletion.sh diff --git a/scripts/postfixadmin-mailbox-postdeletion.sh b/scripts/postfixadmin-mailbox-postdeletion.sh old mode 100644 new mode 100755 -- GitLab From 9e34fbcd080317f71e33d45c13be2f815871872c Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 20 Mar 2020 12:48:35 +0100 Subject: [PATCH 09/15] rollback "sh script" to "script" direclty as sudo doesn't like the syntax, and now, script has exec perm, see commit 8e68cfa8 --- scripts/postinstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 90222af..620ef0c 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -70,7 +70,7 @@ docker-compose exec -T postfixadmin /postfixadmin/scripts/postfixadmin-cli admin # adding sudo to postfixadmin container docker-compose exec -T postfixadmin apk add sudo # giving pfexec user a specific sudo perm ONLY for launching the bind-mounted mailbox-postdeletion script -docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: sh /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers' +docker-compose exec -T postfixadmin bash -c 'echo "" >> /etc/sudoers && echo "#pfexec single command perm" >> /etc/sudoers && echo "pfexec ALL=(root) NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh" >> /etc/sudoers' # Adding domains to postfix is done by docker exec instead of docker-compose exec on purpose. Reason: with compose the loop aborts after the first item for an unknown reason echo "Adding domains to Postfix" -- GitLab From c907aec5f975b5d4d0e42b69927cc58c1c0fcbb7 Mon Sep 17 00:00:00 2001 From: diroots Date: Mon, 23 Mar 2020 17:06:18 +0100 Subject: [PATCH 10/15] correct ownership on auth.file for welcome to write on it --- scripts/init-repo.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 7a608c4..d5ca69d 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -190,9 +190,12 @@ docker-compose up -d echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized" docker-compose restart +# needed to store accounts to create, and needs to be writable by welcome +touch /mnt/repo-base/volumes/accounts/auth.file # needed to store created accounts, and needs to be writable by welcome touch /mnt/repo-base/volumes/accounts/auth.file.done ACCOUNTS_UID=$(docker-compose exec --user www-data welcome id -u | tr -d '\r') +chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file chown "$ACCOUNTS_UID:$ACCOUNTS_UID" /mnt/repo-base/volumes/accounts/auth.file.done printf "$(date): Waiting for Nextcloud to finish installation" -- GitLab From 442bc305a9a8eaeb98b7fd621fa39ba12a0e7805 Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 24 Mar 2020 14:46:59 +0100 Subject: [PATCH 11/15] add fake delete user query for NC's account deletion to really be done --- templates/nextcloud/config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php index 70174a3..c3311a7 100644 --- a/templates/nextcloud/config.php +++ b/templates/nextcloud/config.php @@ -58,6 +58,7 @@ $CONFIG = array ( 'user_exists' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)', 'get_users' => 'select username as fqda from mailbox where username like :search or name like :search', 'set_password_hash_for_user' => 'UPDATE mailbox SET password = CONCAT(\'{SHA512-CRYPT}\',:new_password_hash) WHERE username = BINARY :username', + 'delete_user' => 'SELECT EXISTS(SELECT 1 FROM mailbox WHERE username = :username)', 'get_display_name' => 'SELECT name FROM mailbox where username = BINARY :username', 'set_display_name' => 'UPDATE mailbox SET name = :new_display_name WHERE username = BINARY :username', 'count_users' => 'SELECT COUNT(*) FROM mailbox', -- GitLab From 4c6166a633e2dae970f56614fff4c992fb2161c7 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 25 Mar 2020 15:12:53 +0100 Subject: [PATCH 12/15] add e_welcome_domain var in NC's config file from .env --- scripts/postinstall.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 620ef0c..a7e9cdc 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -37,6 +37,8 @@ docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account echo "Installing custom ecloud drop account plugin" # Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET" +# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin +docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="$VHOST_ACCOUNTS" git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account -- GitLab From 8cfbb222f6a8d9a184947464d6d4da21085d13c3 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 25 Mar 2020 16:04:32 +0100 Subject: [PATCH 13/15] replace $VHOSTS_ACCOUNTS by 'static' welcome.$DOMAIN as $VHOSTS_ACCOUNTS is in the .env file, but not sourced by scripts/base.sh --- scripts/postinstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index a7e9cdc..78c204d 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -38,7 +38,7 @@ echo "Installing custom ecloud drop account plugin" # Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET" # Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin -docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="$VHOST_ACCOUNTS" +docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN" git clone --single-branch https://gitlab.e.foundation/e/infra/selfhost/nextcloud-apps/ecloud-drop-account.git volumes/nextcloud/custom_apps/ecloud_drop_account docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account -- GitLab From b603db5f76d6765d5bdc2eba9b166b181cc9cf3c Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 10 Apr 2020 09:08:18 +0200 Subject: [PATCH 14/15] non error exit if mail folder is not deleted because it does not exists --- scripts/postfixadmin-mailbox-postdeletion.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postfixadmin-mailbox-postdeletion.sh b/scripts/postfixadmin-mailbox-postdeletion.sh index 03f0608..f3c4781 100755 --- a/scripts/postfixadmin-mailbox-postdeletion.sh +++ b/scripts/postfixadmin-mailbox-postdeletion.sh @@ -37,7 +37,7 @@ if [[ -n "$1" && -n "$2" ]]; then if [ ! -e "$maildir" ]; then # not maildir empty, doing nothing - exit 1 + exit 0 fi -- GitLab From 217c9c0b761c43b2959ad1d74c97c7908cb1def9 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 10 Apr 2020 11:22:36 +0200 Subject: [PATCH 15/15] deploy with latest docker-welcome:1.1.0 image (preparation to merge on master) --- templates/docker-compose/docker-compose-base.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml index d55b637..dc1873e 100644 --- a/templates/docker-compose/docker-compose-base.yml +++ b/templates/docker-compose/docker-compose-base.yml @@ -83,9 +83,10 @@ services: command: redis-server --appendonly yes volumes: - /mnt/repo-base/volumes/redis/db:/data + - /mnt/repo-base/volumes/redis/tmp:/tmp/redis welcome: - image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:auto-delete-account + image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.1.0 container_name: welcome environment: - DOMAINS=${VHOSTS_ACCOUNTS} @@ -123,6 +124,7 @@ services: - /mnt/repo-base/volumes/nextcloud/data:/var/www/html/data/ - /mnt/repo-base/config-dynamic/nextcloud/x-fpm-overloads.conf:/usr/local/etc/php-fpm.d/x-fpm-overloads.conf - /mnt/repo-base/config-dynamic/nextcloud/x-php-overloads.ini:/usr/local/etc/php/conf.d/x-php-overloads.ini + - /mnt/repo-base/volumes/redis/tmp:/tmp/redis/ depends_on: - mariadb -- GitLab