cleaned up what php modules are needed, fix to not clobber the conf at every install

2016-07-02 18:19:11 -07:00 · 2016-07-02 18:19:11 -07:00 · 155ec51310
parent ea82722e55
commit 155ec51310
1 changed files with 48 additions and 367 deletions
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-# Webmail with Roundcube
+# Webmail with Rainloop
 # ----------------------
 source setup/functions.sh # load our functions
@ -15,10 +15,9 @@ source /etc/mailinabox.conf # load global vars
 echo "Installing Rainloop (webmail)..."
 apt_install \
 	dbconfig-common \
 	unzip \
-	php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \
+	php5 php5-mcrypt php5-cli php5-curl php5-sqlite php-net-sieve php5-common \
-	tinymce libjs-jquery libjs-jquery-mousewheel libmagic1
+	crudini
 apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
 # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
@ -37,6 +36,7 @@ needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/rainloop/version ]; then
 	# not installed yet #NODOC
 	needs_update=1 #NODOC
 	first_install=1
 elif [[ "$UPDATE_KEY" != "$(cat /usr/local/lib/rainloop/version)" ]]; then
 	# checks if the version is what we want
 	needs_update=1 #NODOC
@ -58,382 +58,60 @@ fi
 # ### Configuring Rainloop
-# Creating configs.
+# Create a configuration file.
 #
-# Rainloop has a default password set, not sure yet how to integrate with imap userlist
+
 # Some application paths are not created until the application is launched
 # this should include the internal process it has when upgrading between versions
 # Fix permissions
 find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
 find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
 chown -R www-data:www-data /usr/local/lib/rainloop
 # Fixing permissions needs to happen first or else curl gets
 # this error: [105] Missing version directory
 # works manually, not in cli?
 /usr/bin/php /usr/local/lib/rainloop/index.php > /dev/null
 if [ $first_install == 1 ]; then
 # Set customized configuration
 # Rainloop has a default password set, not sure yet how to integrate with userlist
 # for now we should change it from the default
 # Methods for changing password: https://github.com/RainLoop/rainloop-webmail/issues/28
 #
-# Untested: edit admin_password = "????" below
+#	Using the Rainloop API:
-#
+random_admin_pw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
 #	or use the Rainloop API:
 #	<?php
 #
 #	$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
 #	include '<path-to-rainloop-folder>/index.php';
 #
 #	$oConfig = \RainLoop\Api::Config();
 #	$oConfig->SetPassword('pa$$wOrd');
 #	echo $oConfig->Save() ? 'Done' : 'Error';
 #
 #	?>
-# This can be improved, need to take a look at editconf.py for multi line edits as
+echo "<?php
 # there are multiple "enable = On" but we should only edit them per category.
-# Some application paths are not created until the application is launched
+\$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
-# workaround by making paths for our configs
+include '/usr/local/lib/rainloop/index.php';
-mkdir -p /usr/local/lib/rainloop/data/_data_/_default_/configs/
+\$oConfig = \RainLoop\Api::Config();
-cat > /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini <<EOF;
+\$oConfig->SetPassword('$random_admin_pw');
-; RainLoop Webmail configuration file
+echo \$oConfig->Save() ? 'Done' : 'Error';
 ; Please don't add custom parameters here, those will be overwritten
-[webmail]
+?>" | /usr/bin/php
 ; Text displayed as page title
 title = "RainLoop Webmail"
 ; Text displayed on startup
 loading_description = "RainLoop"
 favicon_url = ""
-; Theme used by default
+crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
-theme = "Default"
+	contacts enable On
 crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
 	contacts allow_sync On
 crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
 	login determine_user_domain On
 crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
        login default_domain $PRIMARY_HOSTNAME
-; Allow theme selection on settings screen
+# Disable google imap login in Rainloop
-allow_themes = On
+echo -n ",gmail.com" >> /usr/local/lib/rainloop/data/_data_/_default_/domains/disabled
 allow_user_background = Off
 ; Language used by default
 language = "en"
 ; Admin Panel interface language
 language_admin = "en"
 ; Allow language selection on settings screen
 allow_languages_on_settings = On
 allow_additional_accounts = On
 allow_additional_identities = On
 ;  Number of messages displayed on page by default
 messages_per_page = 20
 ; File size limit (MB) for file upload on compose screen
 ; 0 for unlimited.
 attachment_size_limit = 25
 [interface]
 show_attachment_thumbnail = On
 use_native_scrollbars = Off
 [branding]
 login_logo = ""
 login_background = ""
 login_desc = ""
 login_css = ""
 login_powered = On
 user_css = ""
 user_logo = ""
 user_logo_title = ""
 user_logo_message = ""
 user_iframe_message = ""
 welcome_page_url = ""
 welcome_page_display = "none"
 [contacts]
 ; Enable contacts
 enable = On
 allow_sharing = On
 allow_sync = On
 sync_interval = 20
 type = "sqlite"
 pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=rainloop"
 pdo_user = "root"
 pdo_password = ""
 suggestions_limit = 30
 [security]
 ; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery)
 csrf_protection = On
 custom_server_signature = "RainLoop"
 x_frame_options_header = ""
 openpgp = Off
 openpgp_public_key_server = ""
 use_rsa_encryption = Off
 ; Login and password for web admin panel
 admin_login = "admin"
 admin_password = "$(openssl rand -base64 8)"
 ; Access settings
 allow_admin_panel = On
 allow_two_factor_auth = Off
 force_two_factor_auth = Off
 admin_panel_host = ""
 admin_panel_key = "admin"
 content_security_policy = ""
 core_install_access_domain = ""
 [ssl]
 ; Require verification of SSL certificate used.
 verify_certificate = Off
 ; Allow self-signed certificates. Requires verify_certificate.
 allow_self_signed = On
 ; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt)
 cafile = ""
 ; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/)
 capath = ""
 [capa]
 folders = On
 composer = On
 contacts = On
 settings = On
 quota = On
 help = On
 reload = On
 search = On
 search_adv = On
 filters = On
 x-templates = Off
 dangerous_actions = On
 message_actions = On
 messagelist_actions = On
 attachments_actions = On
 [login]
 default_domain = "$PRIMARY_HOSTNAME"
 ; Allow language selection on webmail login screen
 allow_languages_on_login = On
 determine_user_language = On
 determine_user_domain = Off
 welcome_page = Off
 forgot_password_link_url = ""
 registration_link_url = ""
 ; This option allows webmail to remember the logged in user
 ; once they closed the browser window.
 ; 
 ; Values:
 ;   "DefaultOff" - can be used, disabled by default;
 ;   "DefaultOn"  - can be used, enabled by default;
 ;   "Unused"     - cannot be used
 sign_me_auto = "DefaultOff"
 [plugins]
 ; Enable plugin support
 enable = Off
 ; List of enabled plugins
 enabled_list = ""
 [defaults]
 ; Editor mode used by default (Plain, Html, HtmlForced or PlainForced)
 view_editor_type = "Html"
 ; layout: 0 - no preview, 1 - side preview, 2 - bottom preview
 view_layout = 1
 view_use_checkboxes = On
 autologout = 30
 show_images = Off
 contacts_autosave = On
 mail_use_threads = Off
 mail_reply_same_folder = Off
 [logs]
 ; Enable logging
 enable = Off
 ; Logs entire request only if error occured (php requred)
 write_on_error_only = Off
 ; Logs entire request only if php error occured
 write_on_php_error_only = Off
 ; Logs entire request only if request timeout (in seconds) occured.
 write_on_timeout_only = 0
 ; Required for development purposes only.
 ; Disabling this option is not recommended.
 hide_passwords = On
 time_offset = 0
 session_filter = ""
 ; Log filename.
 ; For security reasons, some characters are removed from filename.
 ; Allows for pattern-based folder creation (see examples below).
 ; 
 ; Patterns:
 ;   {date:Y-m-d}  - Replaced by pattern-based date
 ;                   Detailed info: http://www.php.net/manual/en/function.date.php
 ;   {user:email}  - Replaced by user's email address
 ;                   If user is not logged in, value is set to "unknown"
 ;   {user:login}  - Replaced by user's login (the user part of an email)
 ;                   If user is not logged in, value is set to "unknown"
 ;   {user:domain} - Replaced by user's domain name (the domain part of an email)
 ;                   If user is not logged in, value is set to "unknown"
 ;   {user:uid}    - Replaced by user's UID regardless of account currently used
 ; 
 ;   {user:ip}
 ;   {request:ip}  - Replaced by user's IP address
 ; 
 ; Others:
 ;   {imap:login} {imap:host} {imap:port}
 ;   {smtp:login} {smtp:host} {smtp:port}
 ; 
 ; Examples:
 ;   filename = "log-{date:Y-m-d}.txt"
 ;   filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log"
 ;   filename = "{user:email}-{date:Y-m-d}.txt"
 filename = "log-{date:Y-m-d}.txt"
 ; Enable auth logging in a separate file (for fail2ban)
 auth_logging = Off
 auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt"
 auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
 [debug]
 ; Special option required for development purposes
 enable = Off
 [social]
 ; Google
 google_enable = Off
 google_enable_auth = Off
 google_enable_auth_fast = Off
 google_enable_drive = Off
 google_enable_preview = Off
 google_client_id = ""
 google_client_secret = ""
 google_api_key = ""
 ; Facebook
 fb_enable = Off
 fb_app_id = ""
 fb_app_secret = ""
 ; Twitter
 twitter_enable = Off
 twitter_consumer_key = ""
 twitter_consumer_secret = ""
 ; Dropbox
 dropbox_enable = Off
 dropbox_api_key = ""
 [cache]
 ; The section controls caching of the entire application.
 ; 
 ; Enables caching in the system
 enable = On
 ; Additional caching key. If changed, cache is purged
 index = "v1"
 ; Can be: files, APC, memcache, redis (beta)
 fast_cache_driver = "files"
 ; Additional caching key. If changed, fast cache is purged
 fast_cache_index = "v1"
 ; Browser-level cache. If enabled, caching is maintainted without using files
 http = On
 ; Caching message UIDs when searching and sorting (threading)
 server_uids = On
 [labs]
 ; Experimental settings. Handle with care.
 ; 
 allow_mobile_version = On
 ignore_folders_subscription = Off
 check_new_password_strength = On
 update_channel = "stable"
 allow_gravatar = On
 allow_prefetch = On
 allow_smart_html_links = On
 cache_system_data = On
 date_from_headers = Off
 autocreate_system_folders = On
 allow_message_append = Off
 disable_iconv_if_mbstring_supported = Off
 login_fault_delay = 1
 log_ajax_response_write_limit = 300
 allow_html_editor_source_button = Off
 allow_html_editor_biti_buttons = Off
 allow_ctrl_enter_on_compose = Off
 try_to_detect_hidden_images = Off
 hide_dangerous_actions = Off
 use_app_debug_js = Off
 use_app_debug_css = Off
 use_imap_sort = On
 use_imap_force_selection = Off
 use_imap_list_subscribe = On
 use_imap_thread = On
 use_imap_move = Off
 use_imap_expunge_all_on_delete = Off
 imap_forwarded_flag = "$Forwarded"
 imap_read_receipt_flag = "$ReadReceipt"
 imap_body_text_limit = 555000
 imap_message_list_fast_simple_search = On
 imap_message_list_count_limit_trigger = 0
 imap_message_list_date_filter = 0
 imap_message_list_permanent_filter = ""
 imap_message_all_headers = Off
 imap_large_thread_limit = 50
 imap_folder_list_limit = 200
 imap_show_login_alert = On
 imap_use_auth_plain = On
 imap_use_auth_cram_md5 = On
 smtp_show_server_errors = Off
 smtp_use_auth_plain = On
 smtp_use_auth_cram_md5 = On
 sieve_allow_raw_script = Off
 sieve_utf8_folder_name = On
 imap_timeout = 300
 smtp_timeout = 60
 sieve_timeout = 10
 domain_list_limit = 99
 mail_func_clear_headers = On
 mail_func_additional_parameters = Off
 favicon_status = On
 folders_spec_limit = 50
 owncloud_save_folder = "Attachments"
 curl_proxy = ""
 curl_proxy_auth = ""
 in_iframe = Off
 force_https = Off
 custom_login_link = ""
 custom_logout_link = ""
 allow_external_login = Off
 allow_external_sso = Off
 external_sso_key = ""
 http_client_ip_check_proxy = Off
 fast_cache_memcache_host = "127.0.0.1"
 fast_cache_memcache_port = 11211
 fast_cache_redis_host = "127.0.0.1"
 fast_cache_redis_port = 6379
 use_local_proxy_for_external_images = Off
 detect_image_exif_orientation = On
 cookie_default_path = ""
 cookie_default_secure = Off
 replace_env_in_configuration = ""
 startup_url = ""
 emogrifier = On
 dev_email = ""
 dev_password = ""
 [version]
 current = "1.10.1.127"
 saved = "Fri, 01 Jul 2016 03:41:58 +0000"
 EOF
 # Add localhost imap/smtp
-mkdir -p /usr/local/lib/rainloop/data/_data_/_default_/domains/
+
 cat > /usr/local/lib/rainloop/data/_data_/_default_/domains/default.ini <<EOF;
 imap_host = "127.0.0.1"
 imap_port = 993
@ -452,12 +130,15 @@ smtp_auth = On
 smtp_php_mail = Off
 EOF
 # Fix permissions after editing configs
 find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
 find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
 chown -R www-data:www-data /usr/local/lib/rainloop
 fi
 # Enable PHP modules.
 php5enmod mcrypt
 restart_service php5-fpm