From edd3692e49897e3298e9fe8b925a0d1b63b09ffc Mon Sep 17 00:00:00 2001 From: Nivesh Date: Wed, 8 Mar 2023 00:56:51 +0530 Subject: [PATCH 01/21] add migration guide --- templates/docker-compose/docker-compose.yml | 2 +- upgrade-guides/upgrade-to-24.0.10.7.md | 33 +++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 upgrade-guides/upgrade-to-24.0.10.7.md diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index fc54220..34c57dc 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -126,7 +126,7 @@ services: - "${DOMAIN}:${NC_HOST_IP}" nextcloud: - image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:24-0-8-7 + image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:main container_name: nextcloud restart: always networks: diff --git a/upgrade-guides/upgrade-to-24.0.10.7.md b/upgrade-guides/upgrade-to-24.0.10.7.md new file mode 100644 index 0000000..f0e6db5 --- /dev/null +++ b/upgrade-guides/upgrade-to-24.0.10.7.md @@ -0,0 +1,33 @@ +# To upgrade from ecloud 24.0.8.7 to 24.0.10.7 + +- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot + - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback + +- Go to `/mnt/repo_base`, then run: + - `docker-compose stop` + - `git pull origin master` + +- In your `docker-compose.yml` file update the following: + - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:main` + +- Run `docker-compose pull` +- If pulls are OK, run `docker-compose up -d` + +- Examine `docker-compose logs --tail=500 nextcloud` for the following messages: + - `nextcloud | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version) + - `nextcloud | Update successful` + +- Run: + - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` + + +- Snappymail is being intorduced in this version, so make sure that rainloop is disabled. + - Run `docker-compose exec -T --user www-data nextcloud php occ app:disable rainloop` + - Enable snappymail `docker-compose exec -T --user www-data nextcloud php occ app:enable snappymail` (you can pass --groups gid to limit access to specific group for testing) + - Import user data from rainloop to snappymail + - Go to settings > admin > additional and check `Import RainLoop data` and hit save. This will import all user data/settings from rainloop to snappymail + - Now go to snappymail admin panel and make sure to change default password and set theme to `Murena@nextcloud` and make changes to other settings where needed and click save + - If contacts address book was enabled in rainloop, you can use the same database for contacts in snappymail + - Go to extensions section in snappymail admin and install nextcloud plugin and enable it + +- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade \ No newline at end of file -- GitLab From c0b277b2d583e4e0390278b4304f9766be747b1f Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 14:00:55 +0200 Subject: [PATCH 02/21] update to latest mailserver version https://github.com/mailserver2/mailserver/releases/tag/v1.1.13 fixing a vlunerability in clamav --- templates/docker-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 34c57dc..8c07e30 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: mailserver: - image: mailserver2/mailserver:1.1.12 + image: mailserver2/mailserver:1.1.13 container_name: mailserver domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}. hostname: mail -- GitLab From b740a2c2c6d3e2116341272459e95708ce924217 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 16:07:56 +0200 Subject: [PATCH 03/21] enable and configure snappymail in postinstall script --- scripts/postinstall.sh | 14 +- templates/snappymail/application.ini | 322 ++++++++++++++++++++++++ templates/snappymail/domain-config.json | 88 +++++++ 3 files changed, 417 insertions(+), 7 deletions(-) create mode 100644 templates/snappymail/application.ini create mode 100644 templates/snappymail/domain-config.json diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 653522e..cf06b9a 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -42,7 +42,7 @@ echo "Enabling nextcloud apps" docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable calendar docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable notes docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable user_backend_sql_raw -docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable rainloop +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable snappymail docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable quota_warning docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable contacts docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable news @@ -51,7 +51,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enabl docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-theme-helper docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable murena_launcher docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable firstrunwizard -docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1 +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set snappymail snappymail-autologin-with-email --value 1 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install tasks docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install drop_account @@ -71,14 +71,14 @@ docker-compose exec -T --user www-data nextcloud php occ maintenance:mode --off echo "Restarting Nextcloud container" docker-compose restart nextcloud -echo "Configuring Rainloop" -mkdir -p "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/" +echo "Configuring Snappymail" +mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/" echo "$ADD_DOMAINS" | tr "," "\n" | while read add_domain; do - cp "templates/rainloop/domain-config.ini" "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/$add_domain.ini" + cp "templates/snappymail/domain-config.ini" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.ini" done -mkdir "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/configs/" -cat templates/rainloop/application.ini | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/configs/application.ini" +mkdir "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/" +cat templates/snappymail/application.ini | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/application.ini" chown www-data:www-data /mnt/repo-base/volumes/nextcloud/ -R diff --git a/templates/snappymail/application.ini b/templates/snappymail/application.ini new file mode 100644 index 0000000..dd3d2e0 --- /dev/null +++ b/templates/snappymail/application.ini @@ -0,0 +1,322 @@ +; SnappyMail configuration file +; Please don't add custom parameters here, those will be overwritten + +[webmail] +; Text displayed as page title +title = "Email - /e/" + +; Text displayed on startup +loading_description = "Email" +favicon_url = "" +app_path = "/custom_apps/snappymail/app/" + +; Theme used by default +theme = "Murena@nextcloud" + +; Allow theme selection on settings screen +allow_themes = On +allow_user_background = Off + +; Language used by default +language = "en" + +; Admin Panel interface language +language_admin = "en" + +; Allow language selection on settings screen +allow_languages_on_settings = On +allow_additional_accounts = On +allow_additional_identities = On + +; Number of messages displayed on page by default +messages_per_page = 20 + +; Mark message read after N seconds +message_read_delay = 5 + +; File size limit (MB) for file upload on compose screen +; 0 for unlimited. +attachment_size_limit = 25 + +[interface] +show_attachment_thumbnail = On + +[contacts] +; Enable contacts +enable = On +allow_sync = On +sync_interval = 20 +type = "sqlite" +pdo_dsn = "host=127.0.0.1;port=3306;dbname=snappymail" +pdo_user = "root" +pdo_password = "" +suggestions_limit = 20 + +[security] +custom_server_signature = "SnappyMail" +x_xss_protection_header = "1; mode=block" +openpgp = Off + +; Access settings +allow_admin_panel = On + +; Login and password for web admin panel +admin_login = "admin" +admin_password = "" +admin_totp = "" +admin_panel_host = "" +admin_panel_key = "admin" +force_https = Off +hide_x_mailer_header = On + +; https://en.m.wikipedia.org/wiki/Load_(computing) +max_sys_getloadavg = 0 + +; For example to allow all images use "img-src https:". More info at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives +content_security_policy = "" + +; Report CSP errors to PHP and/or SnappyMail Log +csp_report = Off + +; A valid cipher method from https://php.net/openssl_get_cipher_methods +encrypt_cipher = "aes-256-cbc-hmac-sha1" + +; Strict, Lax or None +cookie_samesite = "Strict" + +; Additional allowed Sec-Fetch combinations separated by ";". +; For example: +; * Allow iframe on same domain in any mode: dest=iframe,site=same-origin +; * Allow navigate to iframe on same domain: mode=navigate,dest=iframe,site=same-origin +; * Allow navigate to iframe on (sub)domain: mode=navigate,dest=iframe,site=same-site +; * Allow navigate to iframe from any domain: mode=navigate,dest=iframe,site=cross-site +; +; Default is "site=same-origin;site=none" +secfetch_allow = "" + +[admin_panel] +allow_update = Off + +[ssl] +; Require verification of SSL certificate used. +verify_certificate = On + +; Allow self-signed certificates. Requires verify_certificate. +allow_self_signed = Off + +; https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html +security_level = 1 + +; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt) +cafile = "" + +; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/) +capath = "" + +; Location of client certificate file (pem format with private key) on local filesystem +local_cert = "" + +; This can help mitigate the CRIME attack vector. +disable_compression = On + +[capa] +quota = On + +; Allow clear folder and delete messages without moving to trash +dangerous_actions = On + +; Allow download attachments as Zip (and optionally others) +attachments_actions = On + +[login] +; If someone logs in without "@domain.tld", this value will be used +; When this value is HTTP_HOST, the $_SERVER["HTTP_HOST"] value is used. +; When this value is SERVER_NAME, the $_SERVER["SERVER_NAME"] value is used. +; When this value is gethostname, the gethostname() value is used. +; +default_domain = "@@@DOMAIN@@@" + +; Allow language selection on webmail login screen +allow_languages_on_login = On + +; Detect language from browser header `Accept-Language` +determine_user_language = On + +; Like default_domain but then HTTP_HOST/SERVER_NAME without www. +determine_user_domain = Off +login_lowercase = On + +; This option allows webmail to remember the logged in user +; once they closed the browser window. +; +; Values: +; "DefaultOff" - can be used, disabled by default; +; "DefaultOn" - can be used, enabled by default; +; "Unused" - cannot be used +sign_me_auto = "DefaultOff" + +[plugins] +; Enable plugin support +enable = On + +; Comma-separated list of enabled plugins +enabled_list = "nextcloud" + +[defaults] +; Editor mode used by default (Plain, Html) +view_editor_type = "Html" + +; layout: 0 - no preview, 1 - side preview, 2 - bottom preview +view_layout = 1 +view_use_checkboxes = On +autologout = 30 +view_html = On +show_images = Off +contacts_autosave = On +mail_use_threads = Off +allow_draft_autosave = On +mail_reply_same_folder = Off + +[logs] +; Enable logging +enable = Off + +; Path where log files will be stored +path = "" + +; Log messages of set RFC 5424 section 6.2.1 Severity level and higher (0 = highest, 7 = lowest). +; 0 = Emergency +; 1 = Alert +; 2 = Critical +; 3 = Error +; 4 = Warning +; 5 = Notice +; 6 = Informational +; 7 = Debug +level = 4 + +; Required for development purposes only. +; Disabling this option is not recommended. +hide_passwords = On +time_zone = "UTC" + +; Log filename. +; For security reasons, some characters are removed from filename. +; Allows for pattern-based folder creation (see examples below). +; +; Patterns: +; {date:Y-m-d} - Replaced by pattern-based date +; Detailed info: http://www.php.net/manual/en/function.date.php +; {user:email} - Replaced by user's email address +; If user is not logged in, value is set to "unknown" +; {user:login} - Replaced by user's login (the user part of an email) +; If user is not logged in, value is set to "unknown" +; {user:domain} - Replaced by user's domain name (the domain part of an email) +; If user is not logged in, value is set to "unknown" +; {user:uid} - Replaced by user's UID regardless of account currently used +; +; {user:ip} +; {request:ip} - Replaced by user's IP address +; +; Others: +; {imap:login} {imap:host} {imap:port} +; {smtp:login} {smtp:host} {smtp:port} +; +; Examples: +; filename = "log-{date:Y-m-d}.txt" +; filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log" +; filename = "{user:email}-{date:Y-m-d}.txt" +; filename = "syslog" +; filename = "stderr" +filename = "log-{date:Y-m-d}.txt" + +; Enable auth logging in a separate file (for fail2ban) +auth_logging = Off +auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" +auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" + +; Enable auth logging to syslog for fail2ban +auth_syslog = Off + +[debug] +; Special option required for development purposes +enable = Off +javascript = Off +css = Off + +[cache] +; The section controls caching of the entire application. +; +; Enables caching in the system +enable = On + +; Path where cache files will be stored +path = "" + +; Additional caching key. If changed, cache is purged +index = "v1" + +; Can be: files, APCU, memcache, redis (beta) +fast_cache_driver = "files" + +; Additional caching key. If changed, fast cache is purged +fast_cache_index = "v1" + +; Browser-level cache. If enabled, caching is maintainted without using files +http = On + +; Browser-level cache time (seconds, Expires header) +http_expires = 3600 + +; Caching message UIDs when searching and sorting (threading) +server_uids = On +system_data = On + +[imap] +use_force_selection = Off +use_expunge_all_on_delete = Off +message_list_fast_simple_search = On +message_list_permanent_filter = "" +message_all_headers = Off +show_login_alert = On +fetch_new_messages = On + +[labs] +; Display message RFC 2822 date and time header, instead of the arrival internal date. +date_from_headers = On +allow_message_append = Off + +; When login fails, wait N seconds before responding +login_fault_delay = 5 +log_ajax_response_write_limit = 300 +smtp_show_server_errors = Off +sieve_auth_plain_initial = On +sieve_allow_fileinto_inbox = Off + +; PHP mail() remove To and Subject headers +mail_func_clear_headers = On + +; PHP mail() set -f emailaddress +mail_func_additional_parameters = Off +folders_spec_limit = 50 +curl_proxy = "" +curl_proxy_auth = "" +custom_login_link = "" +custom_logout_link = "" +http_client_ip_check_proxy = Off +fast_cache_memcache_host = "127.0.0.1" +fast_cache_memcache_port = 11211 +fast_cache_redis_host = "127.0.0.1" +fast_cache_redis_port = 6379 +use_local_proxy_for_external_images = On +image_exif_auto_rotate = Off +cookie_default_path = "" +cookie_default_secure = Off +replace_env_in_configuration = "" +boundary_prefix = "" +dev_email = "" +dev_password = "" + +[version] +current = "2.26.3" +saved = "Wed, 29 Mar 2023 13:35:19 +0000" \ No newline at end of file diff --git a/templates/snappymail/domain-config.json b/templates/snappymail/domain-config.json new file mode 100644 index 0000000..a8b12ae --- /dev/null +++ b/templates/snappymail/domain-config.json @@ -0,0 +1,88 @@ +{ + "name": "@@@DOMAIN@@@", + "IMAP": { + "host": "mail.@@@DOMAIN@@@", + "port": 993, + "type": 1, + "timeout": 300, + "shortLogin": false, + "sasl": [ + "SCRAM-SHA3-512", + "SCRAM-SHA-512", + "SCRAM-SHA-256", + "SCRAM-SHA-1", + "PLAIN", + "LOGIN" + ], + "ssl": { + "verify_peer": true, + "verify_peer_name": true, + "allow_self_signed": false, + "SNI_enabled": true, + "disable_compression": true, + "security_level": 1 + }, + "disable_list_status": false, + "disable_metadata": false, + "disable_move": false, + "disable_sort": false, + "disable_thread": false, + "use_expunge_all_on_delete": false, + "fast_simple_search": true, + "force_select": false, + "message_all_headers": false, + "message_list_limit": 0, + "search_filter": "" + }, + "SMTP": { + "host": "mail.@@@DOMAIN@@@", + "port": 587, + "type": 2, + "timeout": 60, + "shortLogin": false, + "sasl": [ + "SCRAM-SHA3-512", + "SCRAM-SHA-512", + "SCRAM-SHA-256", + "SCRAM-SHA-1", + "PLAIN", + "LOGIN" + ], + "ssl": { + "verify_peer": true, + "verify_peer_name": true, + "allow_self_signed": false, + "SNI_enabled": true, + "disable_compression": true, + "security_level": 1 + }, + "useAuth": true, + "setSender": false, + "usePhpMail": false + }, + "Sieve": { + "host": "mail.@@@DOMAIN@@@", + "port": 4190, + "type": 2, + "timeout": 10, + "shortLogin": false, + "sasl": [ + "SCRAM-SHA3-512", + "SCRAM-SHA-512", + "SCRAM-SHA-256", + "SCRAM-SHA-1", + "PLAIN", + "LOGIN" + ], + "ssl": { + "verify_peer": true, + "verify_peer_name": true, + "allow_self_signed": false, + "SNI_enabled": true, + "disable_compression": true, + "security_level": 1 + }, + "enabled": true + }, + "whiteList": "" +} -- GitLab From 5eb92743c4bf3f85eabc0f88b1f099c5787df2ce Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 16:11:27 +0200 Subject: [PATCH 04/21] optimise system cron by enabling apc cache for cli, for long running cron --- scripts/postinstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index cf06b9a..c3231c0 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -32,7 +32,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ backgroun # add crontab on the server to run cron.php every 5 minutes crontab -l | { cat - echo "*/5 * * * * cd /mnt/repo-base && /usr/bin/docker-compose exec -T -u www-data nextcloud php -f /var/www/html/cron.php 2>&1 | /usr/bin/logger -t NC_CRON" + echo "*/5 * * * * cd /mnt/repo-base && /usr/bin/docker-compose exec -T -u www-data nextcloud php --define apc.enable_cli=1 -f /var/www/html/cron.php 2>&1 | /usr/bin/logger -t NC_CRON" } | crontab - # Update theme -- GitLab From c10725f94fb9c5ce1ec36f663e57af88a665ffcc Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 16:23:32 +0200 Subject: [PATCH 05/21] activate ecloud dashboard and set it as default application, instead of nextcloud dashboard --- scripts/postinstall.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index c3231c0..1d31ab5 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -49,6 +49,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enabl docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable email-recovery docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-accounts docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-theme-helper +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-dashboard docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable murena_launcher docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable firstrunwizard docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set snappymail snappymail-autologin-with-email --value 1 @@ -57,6 +58,8 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set integrity.check.disabled --value='true' --type=boolean +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set defaultapp --value "'"ecloud-dashboard,files" + echo "Installing custom ecloud drop account plugin" # Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud-accounts plugin docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET" -- GitLab From 12f356d74e686d8811fad6c7bb09c25c00e279b1 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 16:41:22 +0200 Subject: [PATCH 06/21] update to nginx 1.22.1 stable alpine branch --- templates/docker-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 8c07e30..b69f3a8 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -167,7 +167,7 @@ services: - /mnt/repo-base/config/automx/automx.conf:/etc/automx.conf nginx: - image: nginx:1.20-alpine + image: nginx:stable-alpine container_name: nginx restart: unless-stopped networks: -- GitLab From 40f6afbdff45c9216372fcaf03b3aa337008f974 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 17:16:18 +0200 Subject: [PATCH 07/21] fix a typo when setting default app and fix snappymail configuration : wrong domain config filename and @@@DOMAIN@@@ value in the file not replaced --- scripts/postinstall.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 1d31ab5..42eb69a 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -58,7 +58,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set integrity.check.disabled --value='true' --type=boolean -docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set defaultapp --value "'"ecloud-dashboard,files" +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set defaultapp --value "ecloud-dashboard,files" echo "Installing custom ecloud drop account plugin" # Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud-accounts plugin @@ -77,7 +77,8 @@ docker-compose restart nextcloud echo "Configuring Snappymail" mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/" echo "$ADD_DOMAINS" | tr "," "\n" | while read add_domain; do - cp "templates/snappymail/domain-config.ini" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.ini" + cp "templates/snappymail/domain-config.json" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json" + sed -i "s/@@@DOMAIN@@@/$DOMAIN/g" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json" done mkdir "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/" -- GitLab From 519f05ea6b1ac5b391ef5900693d67effea85544 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 17:42:15 +0200 Subject: [PATCH 08/21] add -p option to mkdir to prevent error if existing --- scripts/postinstall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 42eb69a..c310ef9 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -81,7 +81,7 @@ echo "$ADD_DOMAINS" | tr "," "\n" | while read add_domain; do sed -i "s/@@@DOMAIN@@@/$DOMAIN/g" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json" done -mkdir "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/" +mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/" cat templates/snappymail/application.ini | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/application.ini" chown www-data:www-data /mnt/repo-base/volumes/nextcloud/ -R -- GitLab From 59f079422a80f336b663593cda2ca474996320c5 Mon Sep 17 00:00:00 2001 From: diroots Date: Wed, 29 Mar 2023 18:24:52 +0200 Subject: [PATCH 09/21] revert domainconfig.json to use docker internal mailserver hostname for imap/smtp/sieve and disable host check so snappy can connect --- templates/snappymail/domain-config.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/snappymail/domain-config.json b/templates/snappymail/domain-config.json index a8b12ae..009caed 100644 --- a/templates/snappymail/domain-config.json +++ b/templates/snappymail/domain-config.json @@ -1,7 +1,7 @@ { "name": "@@@DOMAIN@@@", "IMAP": { - "host": "mail.@@@DOMAIN@@@", + "host": "mailserver", "port": 993, "type": 1, "timeout": 300, @@ -15,8 +15,8 @@ "LOGIN" ], "ssl": { - "verify_peer": true, - "verify_peer_name": true, + "verify_peer": false, + "verify_peer_name": false, "allow_self_signed": false, "SNI_enabled": true, "disable_compression": true, @@ -35,7 +35,7 @@ "search_filter": "" }, "SMTP": { - "host": "mail.@@@DOMAIN@@@", + "host": "mailserver", "port": 587, "type": 2, "timeout": 60, @@ -49,8 +49,8 @@ "LOGIN" ], "ssl": { - "verify_peer": true, - "verify_peer_name": true, + "verify_peer": false, + "verify_peer_name": false, "allow_self_signed": false, "SNI_enabled": true, "disable_compression": true, @@ -61,7 +61,7 @@ "usePhpMail": false }, "Sieve": { - "host": "mail.@@@DOMAIN@@@", + "host": "mailserver", "port": 4190, "type": 2, "timeout": 10, -- GitLab From 222086df712171ecb75d09d5c92042a096a9e8a0 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 13:49:49 +0200 Subject: [PATCH 10/21] fix wrong dig command. this could lead to 127.0.0.1 because of local resolution, and break $NC_HOST_IP env var used by welcome container --- scripts/init-repo.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index d4bbbdc..395465f 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -138,7 +138,9 @@ do done # Verify DOMAIN lookup forward and reverse (very important) -IP=$(dig mail.$DOMAIN| grep mail.$DOMAIN | grep -v '^;' | awk '{ print $NF }') +# get the AUTHORITATIVE name server for the domain, best to trust +DNS_AUTHORITATIVE=$(dig NS $DOMAIN +short | head -n 1) +IP=$(dig @$DNS_AUTHORITATIVE mail.$DOMAIN +short) if [ -z "$IP" ] then -- GitLab From cf116ae0650af5736dd310d149bd21c34dc842e6 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 14:22:42 +0200 Subject: [PATCH 11/21] fix DNS resolution for mailserver in welcome, so it can send register and account confirmation mails from mail.$DOMAIN --- templates/docker-compose/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index b69f3a8..c435343 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -124,6 +124,7 @@ services: - /mnt/repo-base/config/welcome/apache2/remoteip.conf:/etc/apache2/conf-available/remoteip.conf extra_hosts: - "${DOMAIN}:${NC_HOST_IP}" + - "mail.${DOMAIN}:${NC_HOST_IP}" nextcloud: image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:main -- GitLab From e9ebff76e6c6b336f3c836114adb0c67df1c42f6 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 15:40:34 +0200 Subject: [PATCH 12/21] update salt-minion to latest 3004.2 to fix a cosmetic bug in ubuntu 22.04 with certain version of python3 --- scripts/bootstrap.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index e6a4ac1..372e8a0 100644 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -1,5 +1,13 @@ #!/bin/bash +# Install latest salt repo for ubuntu if Ubuntu version is 22.04 +UB_VERSION=$(cat /etc/lsb-release | grep DISTRIB_RELEASE | awk -F '=' '{print $2}') +if [ "$UB_VERSION" = "22.04" ] +then + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" | tee /etc/apt/sources.list.d/salt.list +fi + ################################################################################ apt-get update && apt install -y --asume-yes true git salt-minion ################################################################################ -- GitLab From 915875dd71545d922f5579d73ac58bea8e4f20b7 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 16:50:57 +0200 Subject: [PATCH 13/21] better salt repo intergration, for ubuntu 22/20/18 and debian 11/10 --- scripts/bootstrap.sh | 52 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 372e8a0..b54c815 100644 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -1,12 +1,50 @@ #!/bin/bash -# Install latest salt repo for ubuntu if Ubuntu version is 22.04 -UB_VERSION=$(cat /etc/lsb-release | grep DISTRIB_RELEASE | awk -F '=' '{print $2}') -if [ "$UB_VERSION" = "22.04" ] -then - curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg - echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" | tee /etc/apt/sources.list.d/salt.list -fi +# Install latest salt repo for ubuntu / debian from salt repo +LINUX_VERSION=$(lsb_release -is) +LINUX_RELEASE=$(lsb_release -rs) +case $LINUX_VERSION in + Ubuntu) + echo "Ubuntu detected" + case $LINUX_RELEASE in + 22.04) + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" | tee /etc/apt/sources.list.d/salt.list + ;; + 20.04) + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main" | tee /etc/apt/sources.list.d/salt.list + ;; + 18.04) + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/ubuntu/18.04/amd64/3004 bionic main" | tee /etc/apt/sources.list.d/salt.list + ;; + *) + # other ubuntu version, keep salt-minion from original repo + ;; + esac + ;; + Debian) + echo "Debian detected" + case $LINUX_RELEASE in + 11) + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3004 bullseye main" | tee /etc/apt/sources.list.d/salt.list + ;; + 10) + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/10/amd64/3004/salt-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/10/amd64/3004 buster main" | tee /etc/apt/sources.list.d/salt.list + ;; + *) + # other debian version, keep salt-minion from original repo + ;; + esac + ;; + *) + # other linux version + ;; +esac + ################################################################################ apt-get update && apt install -y --asume-yes true git salt-minion -- GitLab From 3010cabaac8c7471e285800bc441914ed277ce8b Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 16:52:42 +0200 Subject: [PATCH 14/21] Update readme, announce compatibility with Ubuntu 22.04 latest LTS --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c021cdf..d7d2f79 100644 --- a/README.md +++ b/README.md @@ -42,9 +42,9 @@ Systemd is required to handle the database backup scripts. ### Create an Ubuntu server instance -The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server...) version 20.04 +The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server...) version 22.04 latest LTS (Ubuntu 20.04 & 18.04 supported too) -Debian stable 11 works as well, it has been tested, but only once yet (more to come). +Debian Bullseye (11) stable works as well, it has been tested, but only once yet (more to come). Suggestions include (non-exhaustive list): - [Hetzner](https://www.hetzner.com/cloud) -- GitLab From a3a2cebeae40e941a6ad44b2409218218e96f615 Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 30 Mar 2023 16:54:01 +0200 Subject: [PATCH 15/21] update nextcloud image tag --- templates/docker-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index c435343..0c7e7c1 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -127,7 +127,7 @@ services: - "mail.${DOMAIN}:${NC_HOST_IP}" nextcloud: - image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:main + image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-24-0-10 container_name: nextcloud restart: always networks: -- GitLab From d8a7226b9385dd4d7b70a9f796facb5a95a4753d Mon Sep 17 00:00:00 2001 From: Akhil Date: Tue, 4 Apr 2023 17:47:06 +0530 Subject: [PATCH 16/21] Update upgrade guide Signed-off-by: Akhil --- upgrade-guides/upgrade-to-24.0.10.7.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/upgrade-guides/upgrade-to-24.0.10.7.md b/upgrade-guides/upgrade-to-24.0.10.7.md index f0e6db5..84b0192 100644 --- a/upgrade-guides/upgrade-to-24.0.10.7.md +++ b/upgrade-guides/upgrade-to-24.0.10.7.md @@ -8,8 +8,12 @@ - `git pull origin master` - In your `docker-compose.yml` file update the following: - - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:main` + - Set the mailserver image to `mailserver2/mailserver:1.1.13` + - In welcome "extra_hosts", add `- "mail.${DOMAIN}:${NC_HOST_IP}"` + - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-24-0-10` + - Set the nginx image to `nginx:stable-alpine` +- Run `crontab -e`, add `--define apc.enable_cli=1` after `"nextcloud php"` for your NextCloud entry - Run `docker-compose pull` - If pulls are OK, run `docker-compose up -d` @@ -19,15 +23,26 @@ - Run: - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` - + - `docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set defaultapp --value "ecloud-dashboard,files"` - Snappymail is being intorduced in this version, so make sure that rainloop is disabled. - Run `docker-compose exec -T --user www-data nextcloud php occ app:disable rainloop` - Enable snappymail `docker-compose exec -T --user www-data nextcloud php occ app:enable snappymail` (you can pass --groups gid to limit access to specific group for testing) + - Set auto-login with `docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set snappymail snappymail-autologin-with-email --value 1` - Import user data from rainloop to snappymail - Go to settings > admin > additional and check `Import RainLoop data` and hit save. This will import all user data/settings from rainloop to snappymail - - Now go to snappymail admin panel and make sure to change default password and set theme to `Murena@nextcloud` and make changes to other settings where needed and click save + - Now go to snappymail admin panel + - Make sure to change default password + - Set theme to Murena@nextcloud + - Disable all domains except yours + - In your domain settings, disable "Require verification of SSL certificate" in all tabs + - Make changes to other settings where needed and click save - If contacts address book was enabled in rainloop, you can use the same database for contacts in snappymail - - Go to extensions section in snappymail admin and install nextcloud plugin and enable it + - Go to extensions section then install nextcloud plugin and enable it + + - Advise users that they should review SnappyMail settings: + - Default theme (to be set to Murena) + - Contacts (copy/paste URL from Contacts app, enable) + - Filters - Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade \ No newline at end of file -- GitLab From b64cd92539fa09f29ac4a038138c30a009112489 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 7 Apr 2023 09:33:18 +0200 Subject: [PATCH 17/21] remove salt instruction from readme --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index d7d2f79..9b40141 100644 --- a/README.md +++ b/README.md @@ -80,8 +80,6 @@ In the following text, `$DOMAIN` refers to the domain (`youdomain.com`) that you Login to the server via ssh as root (on Linux/macOS the ssh client is available out of the box, on Windows you need to use an ssh client like [Putty](https://www.putty.org/) for example). -- Please note that for Ubuntu 20.04+, you will have to add the repository for "SaltStack" using the [instructions](https://repo.saltproject.io/#ubuntu) - Execute these commands and follow the on-screen instructions: ``` -- GitLab From b3d3b27ab9999bf0045555f35264669831ee1c83 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 7 Apr 2023 10:19:57 +0200 Subject: [PATCH 18/21] add -p to mkdir to prevent failing in case of folder existing --- scripts/init-repo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 395465f..f7005c9 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -177,7 +177,7 @@ fi # create nextcloud config mkdir -p /mnt/repo-base/volumes/nextcloud/{html,data,log} -mkdir "/mnt/repo-base/volumes/nextcloud/html/config/" +mkdir -p "/mnt/repo-base/volumes/nextcloud/html/config/" cat /mnt/repo-base/templates/nextcloud/config.php | sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \ sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" | sed "s/@@@PFDB_DB@@@/$PFDB_DB/g" | \ sed "s/@@@ECLOUD_ACCOUNTS_SECRET@@@/$ECLOUD_ACCOUNTS_SECRET/g" | \ -- GitLab From 0b335d736e2551a1c483f1af2c4553d44220fa0c Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 7 Apr 2023 10:22:01 +0200 Subject: [PATCH 19/21] install apparmor on debian buster for containers to start --- scripts/bootstrap.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index b54c815..00a102c 100644 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -30,6 +30,8 @@ case $LINUX_VERSION in 11) curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/11/amd64/3004/salt-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3004 bullseye main" | tee /etc/apt/sources.list.d/salt.list + # install apparmor as needed for docker + apt install apparmor ;; 10) curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/debian/10/amd64/3004/salt-archive-keyring.gpg -- GitLab From eb936b5545b51a11035c62dfaf1aee6273125f19 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 7 Apr 2023 10:38:39 +0200 Subject: [PATCH 20/21] complete DNS instructions improving deliverability for mails, ie set spf and dmarc --- scripts/postinstall.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index c310ef9..d0fb82c 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -131,12 +131,18 @@ systemctl enable mariadb-nc-backup.timer systemctl enable mariadb-pf-backup.timer echo "==> please read docs/SQL_backups.md to start SQL backups" -# display DKIM DNS setup info/instructions to the user +# display DKIM/DMARC/SPF DNS setup info/instructions to the user echo -e "\n\n\n" echo -e "Please add the following records to your domain's DNS configuration:\n" find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; do DOMAIN=$(basename $line) + DNS_AUTHORITATIVE=$(dig NS $DOMAIN +short | head -n 1) + IP=$(dig @$DNS_AUTHORITATIVE mail.$DOMAIN +short) echo " - DKIM record (TXT) for $DOMAIN:" && sed $'N;s/"\\n\t"//g' $line/mail.public.key + echo " - DMARC record (TXT) for $DOMAIN:" + echo "_dmarc IN TXT 'v=DMARC1;p=reject;sp=reject;pct=100;rua=mailto:postmaster@$DOMAIN;ri=86400;aspf=r;adkim=r;fo=1'" + echo " - SPF record (TXT) for $DOMAIN:" + echo "@ IN TXT 'v=spf1 a ip4:$IP ~all'" done echo "=================================================================================================================================" -- GitLab From fb4280f1b3285d751fb4d78688ed3a4c60c320ff Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 7 Apr 2023 11:23:33 +0200 Subject: [PATCH 21/21] update readme for debian compatibility, complete snappy setup. --- README.md | 2 +- scripts/postinstall.sh | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9b40141..35bc798 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ Systemd is required to handle the database backup scripts. The project should work with any Ubuntu server (Virtual Private Server (VPS), dedicated server...) version 22.04 latest LTS (Ubuntu 20.04 & 18.04 supported too) -Debian Bullseye (11) stable works as well, it has been tested, but only once yet (more to come). +Installation on Debian Bullseye (11) stable works as well. Suggestions include (non-exhaustive list): - [Hetzner](https://www.hetzner.com/cloud) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index d0fb82c..bb36407 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -76,6 +76,11 @@ docker-compose restart nextcloud echo "Configuring Snappymail" mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/" +# Disable all existing domains +echo -n "*," > /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/disabled +basename -s .json /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/* | tr "\n" "," >> /mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/disabled + +# Add all our domains echo "$ADD_DOMAINS" | tr "," "\n" | while read add_domain; do cp "templates/snappymail/domain-config.json" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json" sed -i "s/@@@DOMAIN@@@/$DOMAIN/g" "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/domains/$add_domain.json" @@ -84,6 +89,12 @@ done mkdir -p "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/" cat templates/snappymail/application.ini | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "/mnt/repo-base/volumes/nextcloud/data/appdata_snappymail/_data_/_default_/configs/application.ini" +# Get SnappyMail to regenerate a random admin password +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable snappymail +sleep 5 +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable snappymail + + chown www-data:www-data /mnt/repo-base/volumes/nextcloud/ -R echo "Creating postfix database schema" -- GitLab