From e636e6386288f4ea98296de52b8aa47a8b2ab702 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Fri, 14 Oct 2022 09:27:24 -0400 Subject: [PATCH] Setup fixes 1. Autodetect encryption-at-rest and run the correct setup in boostrap and /usr/local/bin/mailinabox 2. Fix bug where directories in the local mod folder are improperly executed causing setup to fail 3. Add a remote_nextcloud.sh setup mod cleanup function for cleaner removal of the mod --- README.md | 8 +++----- setup/bootstrap.sh | 21 +++++++++++++++++++-- setup/functions.sh | 13 +++++++++++++ setup/mods.available/remote-nextcloud.sh | 14 ++++++++++++-- setup/start.sh | 9 +++++---- 5 files changed, 52 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 50859294..0e83182a 100644 --- a/README.md +++ b/README.md @@ -20,17 +20,15 @@ Upstream changes are merged as they become available, and releases are numbered ## How to install -Decide what features you want to enable and add the corresponding values to bash: +Decide what features to enable and add the corresponding values to bash: ### Encryption-at-rest: add `ENCRYPTION_AT_REST=true`. -Enable encryption-at-rest the very first time setup is run on a fresh system, because it will create a new user-data area on an encrypted drive. To move existing user-data files to an encrypted drive, a manual step is required that involves renaming /home/user-data, running ehdd/create_hdd.sh, ehdd/mount.sh, and then copying everything into the newly created encrypted disk mounted at /home/user-data. - -Once encryption-at-rest is enabled, ENCRYPTION_AT_REST=true must be added every time bootstrap setup is run. +Enable encryption-at-rest the very first time setup is run on a new system to create a fresh user-data area (where mail is stored) on an encrypted drive. To enable encryption-at-rest for an existing server and retain the current user-data, manually create an encrypted drive with ehdd/create_hdd.sh, rename the old user-data directory so it won't conflict with the mounted encrypted drive at /home/user-data, then mount it with ehdd/mount.sh, and finally copy everything into it. ### Remote Nextcloud: add `REMOTE_NEXTCLOUD=true`. -This enables remote Nextcloud support and only needs to be done once. Once enabled, it will remain enabled until the symbolic link to the local setup mod (in the `local` directory), is manually removed or REMOTE_NEXTCLOUD=flase is given to boostrap setup. See the instructions below for more detail on using a remote Nextcloud. +This enables remote Nextcloud support. See the instructions below for more detail on using a remote Nextcloud. ### Some examples: diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index ae541043..abd2de94 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -28,6 +28,9 @@ # setup/mods.available/connect-nextcloud-to-miab.sh to the remote # Nextcloud system, then run it as root. # +# REMOTE_NEXTCLOUD and/or ENCRYPTION_AT_REST only need to be specified +# once as future bootstrap setup runs will automatically detect the +# setup options already installed. # ######################################################### @@ -108,8 +111,9 @@ if [ "$TAG" != $(git describe) ]; then echo fi -# Enable the remote Nextcloud setup mod -if [ "${REMOTE_NEXTCLOUD:-false}" = "true" ]; then +# Remote Nextcloud. +if [ "${REMOTE_NEXTCLOUD:-}" = "true" ]; then + # Enable the remote Nextcloud setup mod mkdir -p local if ! ln -sf ../setup/mods.available/remote-nextcloud.sh local/remote-nextcloud.sh; then echo "Unable to create the symbolic link required to enable the remote Nextcloud setup mod" @@ -117,9 +121,22 @@ if [ "${REMOTE_NEXTCLOUD:-false}" = "true" ]; then fi elif [ -e local/remote-nextcloud.sh -a "${REMOTE_NEXTCLOUD:-}" = "false" ]; then # Disable remote Nextcloud support - go back to the local Nextcloud + local/remote-nextcloud.sh cleanup rm -f local/remote-nextcloud.sh fi +# Encryption-at-rest. +if [ -z "${ENCRYPTION_AT_REST:-}" ]; then + source ehdd/ehdd_funcs.sh || exit 1 + hdd_exists && ENCRYPTION_AT_REST=true +elif [ "${ENCRYPTION_AT_REST:-}" = "false" ]; then + source ehdd/ehdd_funcs.sh || exit 1 + if hdd_exists; then + echo "Encryption-at-rest must be disabled manually" + exit 1 + fi +fi + # Start setup script. if [ "${ENCRYPTION_AT_REST:-false}" = "true" ]; then ehdd/start-encrypted.sh /dev/null } + +remove_hook_handler() { + local hook_py=$(basename "$1") + local dst="${LOCAL_MODS_DIR:-local}/management_hooks_d/$hook_py" + if [ -e "$dst" ]; then + rm -f "$dst" + # let the daemon know installed hooks have been updated + if systemctl is-active --quiet mailinabox; then + tools/hooks_update >/dev/null + fi + fi +} + diff --git a/setup/mods.available/remote-nextcloud.sh b/setup/mods.available/remote-nextcloud.sh index 0ac2411e..1f70e567 100755 --- a/setup/mods.available/remote-nextcloud.sh +++ b/setup/mods.available/remote-nextcloud.sh @@ -253,5 +253,15 @@ remote_nextcloud_handler() { tools/web_update } -remote_nextcloud_handler - +if [ $# -gt 0 ]; then + if [ "$1" = "cleanup" ]; then + [ -e /etc/mailinabox_mods.conf ] && \ + tools/editconf.py /etc/mailinabox_mods.conf "NC_HOST=" + remove_hook_handler "remote-nextcloud-mgmt-hooks.py" + else + echo "Unknown argument: $1" + exit 1 + fi +else + remote_nextcloud_handler +fi diff --git a/setup/start.sh b/setup/start.sh index 677bc069..50eed4a0 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -59,7 +59,7 @@ fi cat > /usr/local/bin/mailinabox << EOF; #!/bin/bash cd $(pwd) -source setup/start.sh +source $(source ehdd/ehdd_funcs.sh; if hdd_exists; then echo 'ehdd/start-encrypted.sh'; else echo 'setup/start.sh'; fi) EOF chmod +x /usr/local/bin/mailinabox @@ -176,10 +176,11 @@ fi # if [ -d "${LOCAL_MODS_DIR:-local}" ]; then for mod in $(ls "${LOCAL_MODS_DIR:-local}" | grep -v '~$'); do - if [ -x ${LOCAL_MODS_DIR:-local}/$mod ]; then + mod_path="${LOCAL_MODS_DIR:-local}/$mod" + if [ -f "$mod_path" -a -x "$mod_path" ]; then echo "" - echo "Running mod: ${LOCAL_MODS_DIR:-local}/$mod" - ${LOCAL_MODS_DIR:-local}/$mod + echo "Running mod: $mod_path" + "$mod_path" fi done fi