merge master

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-12-28 23:33:22 +01:00
commit 73833e9e76
8 changed files with 53 additions and 44 deletions

View File

@ -20,7 +20,8 @@ Functionality changes and additions
* Configure domain names for which only www will be hosted * Configure domain names for which only www will be hosted
Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box) Edit /etc/miabwwwdomains.conf to configure. The box will handle incoming traffic asking for these domain names. The DNS entries are entered in an external DNS provider! If you want this box to handle the DNS entries, simply add a mail alias. (existing functionality of the vanilla Mail-in-a-Box)
* Add some munin plugins * Add some munin plugins
* Update nextcloud to 20.0.13 * Update nextcloud to 22.2.3
And updated apps
* Add nextcloud notes app * Add nextcloud notes app
* Update roundcube carddav plugin to 4.1.1 * Update roundcube carddav plugin to 4.1.1
* Add roundcube context menu plugin * Add roundcube context menu plugin

View File

@ -306,7 +306,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
# Append the DKIM TXT record to the zone as generated by DKIMpy. # Append the DKIM TXT record to the zone as generated by DKIMpy.
# Skip if the user has set a DKIM record already. # Skip if the user has set a DKIM record already.
dkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim2/box-rsa.dns') dkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/box-rsa.dns')
with open(dkim_record_file) as orf: with open(dkim_record_file) as orf:
m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S) m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
val = "".join(re.findall(r'"([^"]+)"', m.group(2))) val = "".join(re.findall(r'"([^"]+)"', m.group(2)))
@ -314,7 +314,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain)) records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain))
# Also add a ed25519 DKIM record # Also add a ed25519 DKIM record
dkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim2/box-ed25519.dns') dkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/box-ed25519.dns')
with open(dkim_record_file) as orf: with open(dkim_record_file) as orf:
m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S) m = re.match(r'(\S+)\s+IN\s+TXT\s+\( ((?:"[^"]+"\s+)+)\)', orf.read(), re.S)
val = "".join(re.findall(r'"([^"]+)"', m.group(2))) val = "".join(re.findall(r'"([^"]+)"', m.group(2)))
@ -830,8 +830,8 @@ def write_dkim_tables(domains, env):
# Append a record to DKIMpy's KeyTable and SigningTable for each domain # Append a record to DKIMpy's KeyTable and SigningTable for each domain
# that we send mail from (zones and all subdomains). # that we send mail from (zones and all subdomains).
dkim_rsa_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim2/box-rsa.key') dkim_rsa_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/box-rsa.key')
dkim_ed_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim2/box-ed25519.key') dkim_ed_key_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/box-ed25519.key')
if not os.path.exists(dkim_rsa_key_file) || not os.path.exists(dkim_ed_key_file): if not os.path.exists(dkim_rsa_key_file) || not os.path.exists(dkim_ed_key_file):
# Looks like DKIMpy is not installed. # Looks like DKIMpy is not installed.

View File

@ -549,8 +549,9 @@ def scan_postfix_submission_line(date, log, collector):
""" """
# Match both the 'plain' and 'login' sasl methods, since both authentication methods are # Match both the 'plain' and 'login' sasl methods, since both authentication methods are
# allowed by Dovecot # allowed by Dovecot. Exclude trailing comma after the username when additional fields
m = re.match("([A-Z0-9]+): client=(\S+), sasl_method=(PLAIN|LOGIN), sasl_username=(\S+)", log) # follow after.
m = re.match("([A-Z0-9]+): client=(\S+), sasl_method=(PLAIN|LOGIN), sasl_username=(\S+)(?<!,)", log)
if m: if m:
_, client, method, user = m.groups() _, client, method, user = m.groups()

View File

@ -663,7 +663,7 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False):
output.print_line("Option " + str(i+1) + ":") output.print_line("Option " + str(i+1) + ":")
output.print_line("----------") output.print_line("----------")
output.print_line("Key Tag: " + ds_suggestion['keytag']) output.print_line("Key Tag: " + ds_suggestion['keytag'])
output.print_line("Key Flags: KSK (256)") output.print_line("Key Flags: KSK / 257")
output.print_line("Algorithm: %s / %s" % (ds_suggestion['alg'], ds_suggestion['alg_name'])) output.print_line("Algorithm: %s / %s" % (ds_suggestion['alg'], ds_suggestion['alg_name']))
output.print_line("Digest Type: %s / %s" % (ds_suggestion['digalg'], ds_suggestion['digalg_name'])) output.print_line("Digest Type: %s / %s" % (ds_suggestion['digalg'], ds_suggestion['digalg_name']))
output.print_line("Digest: " + ds_suggestion['digest']) output.print_line("Digest: " + ds_suggestion['digest'])

View File

@ -15,7 +15,7 @@ apt_install dkimpy-milter opendmarc
# Make sure configuration directories exist. # Make sure configuration directories exist.
mkdir -p /etc/dkim; mkdir -p /etc/dkim;
mkdir -p $STORAGE_ROOT/mail/dkim2 mkdir -p $STORAGE_ROOT/mail/dkim
# Used in InternalHosts and ExternalIgnoreList configuration directives. # Used in InternalHosts and ExternalIgnoreList configuration directives.
# Not quite sure why. # Not quite sure why.
@ -48,21 +48,21 @@ fi
# in our DNS setup. Note that the files are named after the # in our DNS setup. Note that the files are named after the
# 'selector' of the key, which we can change later on to support # 'selector' of the key, which we can change later on to support
# key rotation. # key rotation.
if [ ! -f "$STORAGE_ROOT/mail/dkim2/box-rsa.key" ]; then if [ ! -f "$STORAGE_ROOT/mail/dkim/box-rsa.key" ]; then
# All defaults are supposed to be ok, default key for rsa is 2048 bit # All defaults are supposed to be ok, default key for rsa is 2048 bit
dknewkey --ktype rsa $STORAGE_ROOT/mail/dkim2/box-rsa dknewkey --ktype rsa $STORAGE_ROOT/mail/dkim/box-rsa
dknewkey --ktype ed25519 $STORAGE_ROOT/mail/dkim2/box-ed25519 dknewkey --ktype ed25519 $STORAGE_ROOT/mail/dkim/box-ed25519
# Force them into the format dns_update.py expects # Force them into the format dns_update.py expects
sed -i 's/v=DKIM1;/box-rsa._domainkey IN TXT ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim2/box-rsa.dns sed -i 's/v=DKIM1;/box-rsa._domainkey IN TXT ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim/box-rsa.dns
echo '" )' >> box-rsa.dns echo '" )' >> box-rsa.dns
sed -i 's/v=DKIM1;/box-ed25519._domainkey IN TXT ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim2/box-ed25519.dns sed -i 's/v=DKIM1;/box-ed25519._domainkey IN TXT ( "v=DKIM1; s=email;/' $STORAGE_ROOT/mail/dkim/box-ed25519.dns
echo '" )' >> box-ed25519.dns echo '" )' >> box-ed25519.dns
fi fi
# Ensure files are owned by the dkimpy-milter user and are private otherwise. # Ensure files are owned by the dkimpy-milter user and are private otherwise.
chown -R dkimpy-milter:dkimpy-milter $STORAGE_ROOT/mail/dkim2 chown -R dkimpy-milter:dkimpy-milter $STORAGE_ROOT/mail/dkim
chmod go-rwx $STORAGE_ROOT/mail/dkim2 chmod go-rwx $STORAGE_ROOT/mail/dkim
tools/editconf.py /etc/opendmarc.conf -s \ tools/editconf.py /etc/opendmarc.conf -s \
"Syslog=true" \ "Syslog=true" \

View File

@ -25,7 +25,7 @@ done
# #
# certbot installs EFF's certbot which we use to # certbot installs EFF's certbot which we use to
# provision free TLS certificates. # provision free TLS certificates.
apt_install duplicity python3-pip virtualenv certbot apt_install duplicity python3-pip virtualenv certbot rsync
# b2sdk is used for backblaze backups. # b2sdk is used for backblaze backups.
# boto is used for amazon aws backups. # boto is used for amazon aws backups.

View File

@ -100,8 +100,8 @@ InstallNextcloud() {
} }
# Nextcloud Version to install. Checks are done down below to step through intermediate versions. # Nextcloud Version to install. Checks are done down below to step through intermediate versions.
nextcloud_ver=20.0.14 nextcloud_ver=22.2.3
nextcloud_hash=92cac708915f51ee2afc1787fd845476fd090c81 nextcloud_hash=58d2d897ba22a057aa03d29c762c5306211fefd2
contacts_ver=4.0.0 contacts_ver=4.0.0
contacts_hash=f893ca57a543b260c9feeecbb5958c00b6998e18 contacts_hash=f893ca57a543b260c9feeecbb5958c00b6998e18
calendar_ver=2.2.2 calendar_ver=2.2.2
@ -167,28 +167,37 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
CURRENT_NEXTCLOUD_VER="15.0.8" CURRENT_NEXTCLOUD_VER="15.0.8"
fi fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then
InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="16.0.6" CURRENT_NEXTCLOUD_VER="16.0.6"
fi fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then
InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="17.0.6" CURRENT_NEXTCLOUD_VER="17.0.6"
fi fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then
echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db # Don't exit the install if this column already exists (see #2076)
InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a (echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true
CURRENT_NEXTCLOUD_VER="18.0.10" InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
fi CURRENT_NEXTCLOUD_VER="18.0.10"
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then fi
InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then
CURRENT_NEXTCLOUD_VER="19.0.4" InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
fi CURRENT_NEXTCLOUD_VER="19.0.4"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^19 ]]; then
InstallNextcloud 20.0.14 92cac708915f51ee2afc1787fd845476fd090c81 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="20.0.14"
# Nextcloud 20 needs to have some optional columns added
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then
InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="21.0.7"
fi
fi fi
InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash
# Nextcloud 20 needs to have some optional columns added
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns
fi fi
# ### Configuring Nextcloud # ### Configuring Nextcloud
@ -359,12 +368,6 @@ tools/editconf.py /etc/php/$(php_version)/cli/conf.d/10-opcache.ini -c ';' \
opcache.save_comments=1 \ opcache.save_comments=1 \
opcache.revalidate_freq=1 opcache.revalidate_freq=1
# If apc is explicitly disabled we need to enable it
if grep -q apc.enabled=0 /etc/php/$(php_version)/mods-available/apcu.ini; then
tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \
apc.enabled=1
fi
# Set up a cron job for Nextcloud. # Set up a cron job for Nextcloud.
cat > /etc/cron.d/mailinabox-nextcloud << EOF; cat > /etc/cron.d/mailinabox-nextcloud << EOF;
#!/bin/bash #!/bin/bash

View File

@ -63,6 +63,10 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
env[PATH]=/usr/local/bin:/usr/bin:/bin \ env[PATH]=/usr/local/bin:/usr/bin:/bin \
# Enable apc is required before installing nextcloud 21
tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \
apc.enabled=1
# Configure php-fpm based on the amount of memory the machine has # Configure php-fpm based on the amount of memory the machine has
# This is based on the nextcloud manual for performance tuning: https://docs.nextcloud.com/server/17/admin_manual/installation/server_tuning.html # This is based on the nextcloud manual for performance tuning: https://docs.nextcloud.com/server/17/admin_manual/installation/server_tuning.html
# Some synchronisation issues can occur when many people access the site at once. # Some synchronisation issues can occur when many people access the site at once.