From f3bd2d9d42b4b65e401b2001918e27773e9ad7e0 Mon Sep 17 00:00:00 2001 From: Jaroslaw Wencel Date: Sun, 28 Aug 2022 09:44:45 +0200 Subject: [PATCH] NextClous&Webmail features to be disabled and shellcheck findings --- Vagrantfile | 7 +- setup/functions.sh | 6 +- setup/nextcloud.sh | 6 + setup/preflight.sh | 8 +- setup/questions.sh | 10 +- setup/start.sh | 32 +++--- setup/system.sh | 20 ++-- setup/webmail.sh | 280 +++++++++++++++++++++++---------------------- setup/zpush.sh | 134 +++++++++++----------- 9 files changed, 271 insertions(+), 232 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 757c2ec9..d9796ac8 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -19,7 +19,12 @@ Vagrant.configure("2") do |config| export PUBLIC_IP=auto export PUBLIC_IPV6=auto export PRIMARY_HOSTNAME=auto - #export SKIP_NETWORK_CHECKS=1 + + export SKIP_NETWORK_CHECKS=1 + + export NEXTCLOUD_ENABLE=0 + export WEBMAIL_ENABLE=0 + export ZPUSH_ENABLE=0 # Start the setup script. cd /vagrant diff --git a/setup/functions.sh b/setup/functions.sh index 151c5f40..15703c2f 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -1,10 +1,12 @@ +#!/bin/bash + # Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/. # -e: exit if any command unexpectedly fails. # -u: exit if we have a variable typo. # -o pipefail: don't ignore errors in the non-last command in a pipeline set -euo pipefail -PHP_VER=8.0 +export PHP_VER=8.0 function hide_output { # This function hides the output of a command unless the command fails @@ -16,7 +18,7 @@ function hide_output { # Execute command, redirecting stderr/stdout to the temporary file. Since we # check the return code ourselves, disable 'set -e' temporarily. set +e - "$@" &> $OUTPUT + "$@" &> "$OUTPUT" E=$? set -e diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 37181a83..5439c2bf 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -5,6 +5,10 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars +if [ "$NEXTCLOUD_ENABLE" -ne "1" ]; then + echo "Skipping Nextcloud installation." +else + # ### Installing Nextcloud echo "Installing Nextcloud (contacts/calendar)..." @@ -378,3 +382,5 @@ chmod +x /etc/cron.d/mailinabox-nextcloud # Enable PHP modules and restart PHP. restart_service php$PHP_VER-fpm + +fi \ No newline at end of file diff --git a/setup/preflight.sh b/setup/preflight.sh index bd6d65b7..26483e63 100644 --- a/setup/preflight.sh +++ b/setup/preflight.sh @@ -1,3 +1,5 @@ +#!/bin/bash + # Are we running as root? if [[ $EUID -ne 0 ]]; then echo "This script must be run as root. Please re-run like this:" @@ -7,7 +9,7 @@ if [[ $EUID -ne 0 ]]; then exit 1 fi -# Check that we are running on Ubuntu 20.04 LTS (or 20.04.xx). +# Check that we are running on Ubuntu 22.04 LTS (or 22.04.xx). if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:" echo @@ -26,7 +28,7 @@ fi # # Skip the check if we appear to be running inside of Vagrant, because that's really just for testing. TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}') -if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then +if [ "$TOTAL_PHYSICAL_MEM" -lt 490000 ]; then if [ ! -d /vagrant ]; then TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000) echo "Your Mail-in-a-Box needs more memory (RAM) to function properly." @@ -35,7 +37,7 @@ if [ ! -d /vagrant ]; then exit fi fi -if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then +if [ "$TOTAL_PHYSICAL_MEM" -lt 750000 ]; then echo "WARNING: Your Mail-in-a-Box has less than 768 MB of memory." echo " It might run unreliably when under heavy load." fi diff --git a/setup/questions.sh b/setup/questions.sh index bf382f49..a457e76c 100644 --- a/setup/questions.sh +++ b/setup/questions.sh @@ -1,3 +1,5 @@ +#!/bin/bash + if [ -z "${NONINTERACTIVE:-}" ]; then # Install 'dialog' so we can ask the user questions. The original motivation for # this was being able to ask the user for input even if stdin has been redirected, @@ -141,16 +143,20 @@ if [ -z "${PUBLIC_IPV6:-}" ]; then "Enter the public IPv6 address of this machine, as given to you by your ISP. \n\nLeave blank if the machine does not have an IPv6 address. \n\nPublic IPv6 address:" \ - ${DEFAULT_PUBLIC_IPV6:-} \ + "${DEFAULT_PUBLIC_IPV6:-}" \ PUBLIC_IPV6 - if [ ! $PUBLIC_IPV6_EXITCODE ]; then + if [ ! "$PUBLIC_IPV6_EXITCODE" ]; then # user hit ESC/cancel exit fi fi fi +export NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE +export WEBMAIL_ENABLE=$WEBMAIL_ENABLE +export ZPUSH_ENABLE=$ZPUSH_ENABLE + # Get the IP addresses of the local network interface(s) that are connected # to the Internet. We need these when we want to have services bind only to # the public network interfaces (not loopback, not tunnel interfaces). diff --git a/setup/start.sh b/setup/start.sh index 0626ab01..9c920efb 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -4,7 +4,7 @@ source setup/functions.sh # load our functions -# Check system setup: Are we running as root on Ubuntu 18.04 on a +# Check system setup: Are we running as root on Ubuntu 22.04 on a # machine with enough memory? Is /tmp mounted with exec. # If not, this shows an error and exits. source setup/preflight.sh @@ -35,11 +35,12 @@ if [ -f /etc/mailinabox.conf ]; then # Load the old .conf file to get existing configuration options loaded # into variables with a DEFAULT_ prefix. - cat /etc/mailinabox.conf | sed s/^/DEFAULT_/ > /tmp/mailinabox.prev.conf + sed s/^/DEFAULT_/ /etc/mailinabox.conf > /tmp/mailinabox.prev.conf + # shellcheck source=/dev/null source /tmp/mailinabox.prev.conf rm -f /tmp/mailinabox.prev.conf else - FIRST_TIME_SETUP=1 + export FIRST_TIME_SETUP=1 fi # Put a start script in a global location. We tell the user to run 'mailinabox' @@ -75,17 +76,17 @@ fi # migration (schema) number for the files stored there, assume this is a fresh # installation to that directory and write the file to contain the current # migration number for this version of Mail-in-a-Box. -if ! id -u $STORAGE_USER >/dev/null 2>&1; then - useradd -m $STORAGE_USER +if ! id -u "$STORAGE_USER" >/dev/null 2>&1; then + useradd -m "$STORAGE_USER" fi -if [ ! -d $STORAGE_ROOT ]; then - mkdir -p $STORAGE_ROOT +if [ ! -d "$STORAGE_ROOT" ]; then + mkdir -p "$STORAGE_ROOT" fi f=$STORAGE_ROOT while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done; -if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then - setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version - chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version +if [ ! -f "$STORAGE_ROOT/mailinabox.version" ]; then + setup/migrate.py --current > "$STORAGE_ROOT/mailinabox.version" + chown "$STORAGE_USER"."$STORAGE_USER" "$STORAGE_ROOT/mailinabox.version" fi # Save the global options in /etc/mailinabox.conf so that standalone @@ -101,6 +102,9 @@ PUBLIC_IPV6=$PUBLIC_IPV6 PRIVATE_IP=$PRIVATE_IP PRIVATE_IPV6=$PRIVATE_IPV6 MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce} +NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE +WEBMAIL_ENABLE=$WEBMAIL_ENABLE +ZPUSH_ENABLE=$ZPUSH_ENABLE EOF # Start service configuration. @@ -142,14 +146,14 @@ source setup/firstuser.sh # We'd let certbot ask the user interactively, but when this script is # run in the recommended curl-pipe-to-bash method there is no TTY and # certbot will fail if it tries to ask. -if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/ ]; then +if [ ! -d "$STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/" ]; then echo echo "-----------------------------------------------" echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates" echo "to enable HTTPS connections to your box. We're automatically" echo "agreeing you to their subscriber agreement. See https://letsencrypt.org." echo -certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt +certbot register --register-unsafely-without-email --agree-tos --config-dir "$STORAGE_ROOT/ssl/lets_encrypt" fi # Done. @@ -166,7 +170,7 @@ if management/status_checks.py --check-primary-hostname; then echo echo "If you have a DNS problem put the box's IP address in the URL" echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:" - openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\ + openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\ | sed "s/SHA256 Fingerprint=//" else echo https://$PUBLIC_IP/admin @@ -174,7 +178,7 @@ else echo You will be alerted that the website has an invalid certificate. Check that echo the certificate fingerprint matches: echo - openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\ + openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\ | sed "s/SHA256 Fingerprint=//" echo echo Then you can confirm the security exception and continue. diff --git a/setup/system.sh b/setup/system.sh index d0003f9c..af4b8fbb 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -1,3 +1,5 @@ +#!/bin/bash + source /etc/mailinabox.conf source setup/functions.sh # load our functions @@ -11,8 +13,8 @@ source setup/functions.sh # load our functions # # First set the hostname in the configuration file, then activate the setting -echo $PRIMARY_HOSTNAME > /etc/hostname -hostname $PRIMARY_HOSTNAME +echo "$PRIMARY_HOSTNAME" > /etc/hostname +hostname "$PRIMARY_HOSTNAME" # ### Fix permissions @@ -43,7 +45,7 @@ chmod g-w /etc /etc/default /usr # See https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04 # for reference -SWAP_MOUNTED=$(cat /proc/swaps | tail -n+2) +SWAP_MOUNTED=$(tail -n+2 /proc/swaps) SWAP_IN_FSTAB=$(grep "swap" /etc/fstab || /bin/true) ROOT_IS_BTRFS=$(grep "\/ .*btrfs" /proc/mounts || /bin/true) TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) @@ -53,14 +55,14 @@ if [ -z "$SWAP_IN_FSTAB" ] && [ ! -e /swapfile ] && [ -z "$ROOT_IS_BTRFS" ] && - [ $TOTAL_PHYSICAL_MEM -lt 1900000 ] && - [ $AVAILABLE_DISK_SPACE -gt 5242880 ] + [ "$TOTAL_PHYSICAL_MEM" -lt 1900000 ] && + [ "$AVAILABLE_DISK_SPACE" -gt 5242880 ] then echo "Adding a swap file to the system..." # Allocate and activate the swap file. Allocate in 1KB chuncks # doing it in one go, could fail on low memory systems - dd if=/dev/zero of=/swapfile bs=1024 count=$[1024*1024] status=none + dd if=/dev/zero of=/swapfile bs=1024 count=$((1024*1024)) status=none if [ -e /swapfile ]; then chmod 600 /swapfile hide_output mkswap /swapfile @@ -164,7 +166,7 @@ fi # not likely the user will want to change this, so we only ask on first # setup. if [ -z "${NONINTERACTIVE:-}" ]; then - if [ ! -f /etc/timezone ] || [ ! -z ${FIRST_TIME_SETUP:-} ]; then + if [ ! -f /etc/timezone ] || [ -n "${FIRST_TIME_SETUP:-}" ]; then # If the file is missing or this is the user's first time running # Mail-in-a-Box setup, run the interactive timezone configuration # tool. @@ -273,8 +275,8 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then if [ ! -z "$SSH_PORT" ]; then if [ "$SSH_PORT" != "22" ]; then - echo Opening alternate SSH port $SSH_PORT. #NODOC - ufw_limit $SSH_PORT #NODOC + echo Opening alternate SSH port "$SSH_PORT". #NODOC + ufw_limit "$SSH_PORT" #NODOC fi fi diff --git a/setup/webmail.sh b/setup/webmail.sh index 791bda57..bcd06505 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -5,131 +5,135 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -# ### Installing Roundcube +if [ "$WEBMAIL_ENABLE" -ne "1" ]; then + echo "Skipping Roundcube (webmail) installation." +else -# We install Roundcube from sources, rather than from Ubuntu, because: -# -# 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want. -# -# 2. The Roundcube shipped with Ubuntu is consistently out of date. -# -# 3. It's packaged incorrectly --- it seems to be missing a directory of files. -# -# So we'll use apt-get to manually install the dependencies of roundcube that we know we need, -# and then we'll manually install roundcube from source. + # ### Installing Roundcube -# These dependencies are from `apt-cache showpkg roundcube-core`. -echo "Installing Roundcube (webmail)..." -apt_install \ - dbconfig-common \ - php${PHP_VER}-cli php${PHP_VER}-sqlite3 php${PHP_VER}-intl php${PHP_VER}-common php${PHP_VER}-curl php${PHP_VER}-imap \ - php${PHP_VER}-gd php${PHP_VER}-pspell php${PHP_VER}-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1 + # We install Roundcube from sources, rather than from Ubuntu, because: + # + # 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want. + # + # 2. The Roundcube shipped with Ubuntu is consistently out of date. + # + # 3. It's packaged incorrectly --- it seems to be missing a directory of files. + # + # So we'll use apt-get to manually install the dependencies of roundcube that we know we need, + # and then we'll manually install roundcube from source. -# Install Roundcube from source if it is not already present or if it is out of date. -# Combine the Roundcube version number with the commit hash of plugins to track -# whether we have the latest version of everything. -# For the latest versions, see: -# https://github.com/roundcube/roundcubemail/releases -# https://github.com/mfreiholz/persistent_login/commits/master -# https://github.com/stremlau/html5_notifier/commits/master -# https://github.com/mstilkerich/rcmcarddav/releases -# The easiest way to get the package hashes is to run this script and get the hash from -# the error message. -VERSION=1.6.0 -HASH=fd84b4fac74419bb73e7a3bcae1978d5589c52de -PERSISTENT_LOGIN_VERSION=bde7b6840c7d91de627ea14e81cf4133cbb3c07a # version 5.2 -HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+ -CARDDAV_VERSION=4.4.3 -CARDDAV_HASH=74f8ba7aee33e78beb9de07f7f44b81f6071b644 + # These dependencies are from `apt-cache showpkg roundcube-core`. + echo "Installing Roundcube (webmail)..." + apt_install \ + dbconfig-common \ + php${PHP_VER}-cli php${PHP_VER}-sqlite3 php${PHP_VER}-intl php${PHP_VER}-common php${PHP_VER}-curl php${PHP_VER}-imap \ + php${PHP_VER}-gd php${PHP_VER}-pspell php${PHP_VER}-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1 -UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION + # Install Roundcube from source if it is not already present or if it is out of date. + # Combine the Roundcube version number with the commit hash of plugins to track + # whether we have the latest version of everything. + # For the latest versions, see: + # https://github.com/roundcube/roundcubemail/releases + # https://github.com/mfreiholz/persistent_login/commits/master + # https://github.com/stremlau/html5_notifier/commits/master + # https://github.com/mstilkerich/rcmcarddav/releases + # The easiest way to get the package hashes is to run this script and get the hash from + # the error message. + VERSION=1.6.0 + HASH=fd84b4fac74419bb73e7a3bcae1978d5589c52de + PERSISTENT_LOGIN_VERSION=bde7b6840c7d91de627ea14e81cf4133cbb3c07a # version 5.2 + HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+ + CARDDAV_VERSION=4.4.3 + CARDDAV_HASH=74f8ba7aee33e78beb9de07f7f44b81f6071b644 -# paths that are often reused. -RCM_DIR=/usr/local/lib/roundcubemail -RCM_PLUGIN_DIR=${RCM_DIR}/plugins -RCM_CONFIG=${RCM_DIR}/config/config.inc.php + UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION -needs_update=0 #NODOC -if [ ! -f /usr/local/lib/roundcubemail/version ]; then - # not installed yet #NODOC - needs_update=1 #NODOC -elif [[ "$UPDATE_KEY" != $(cat /usr/local/lib/roundcubemail/version) ]]; then - # checks if the version is what we want - needs_update=1 #NODOC -fi -if [ $needs_update == 1 ]; then - # if upgrading from 1.3.x, clear the temp_dir - if [ -f /usr/local/lib/roundcubemail/version ]; then - if [ "$(cat /usr/local/lib/roundcubemail/version | cut -c1-3)" == '1.3' ]; then - find /var/tmp/roundcubemail/ -type f ! -name 'RCMTEMP*' -delete - fi - fi + # paths that are often reused. + RCM_DIR=/usr/local/lib/roundcubemail + RCM_PLUGIN_DIR=${RCM_DIR}/plugins + RCM_CONFIG=${RCM_DIR}/config/config.inc.php - # install roundcube - wget_verify \ - https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \ - $HASH \ - /tmp/roundcube.tgz - tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz - rm -rf /usr/local/lib/roundcubemail - mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR - rm -f /tmp/roundcube.tgz + needs_update=0 #NODOC + if [ ! -f /usr/local/lib/roundcubemail/version ]; then + # not installed yet #NODOC + needs_update=1 #NODOC + elif [[ "$UPDATE_KEY" != $(cat /usr/local/lib/roundcubemail/version) ]]; then + # checks if the version is what we want + needs_update=1 #NODOC + fi + if [ $needs_update == 1 ]; then + # if upgrading from 1.3.x, clear the temp_dir + if [ -f /usr/local/lib/roundcubemail/version ]; then + if [ "$(cat /usr/local/lib/roundcubemail/version | cut -c1-3)" == '1.3' ]; then + find /var/tmp/roundcubemail/ -type f ! -name 'RCMTEMP*' -delete + fi + fi - # install roundcube persistent_login plugin - git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login + # install roundcube + wget_verify \ + https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \ + $HASH \ + /tmp/roundcube.tgz + tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz + rm -rf /usr/local/lib/roundcubemail + mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR + rm -f /tmp/roundcube.tgz - # install roundcube html5_notifier plugin - git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' ${RCM_PLUGIN_DIR}/html5_notifier + # install roundcube persistent_login plugin + git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login - # download and verify the full release of the carddav plugin - wget_verify \ - https://github.com/mstilkerich/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-v${CARDDAV_VERSION}.tar.gz \ - $CARDDAV_HASH \ - /tmp/carddav.tar.gz + # install roundcube html5_notifier plugin + git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' ${RCM_PLUGIN_DIR}/html5_notifier - # unzip and cleanup - tar -C ${RCM_PLUGIN_DIR} -zxf /tmp/carddav.tar.gz - rm -f /tmp/carddav.tar.gz + # download and verify the full release of the carddav plugin + wget_verify \ + https://github.com/mstilkerich/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-v${CARDDAV_VERSION}.tar.gz \ + $CARDDAV_HASH \ + /tmp/carddav.tar.gz - # record the version we've installed - echo $UPDATE_KEY > ${RCM_DIR}/version -fi + # unzip and cleanup + tar -C ${RCM_PLUGIN_DIR} -zxf /tmp/carddav.tar.gz + rm -f /tmp/carddav.tar.gz -# ### Configuring Roundcube + # record the version we've installed + echo $UPDATE_KEY > ${RCM_DIR}/version + fi -# Generate a secret key of PHP-string-safe characters appropriate -# for the cipher algorithm selected below. -SECRET_KEY=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 | sed s/=//g) + # ### Configuring Roundcube -# Create a configuration file. -# -# For security, temp and log files are not stored in the default locations -# which are inside the roundcube sources directory. We put them instead -# in normal places. -cat > $RCM_CONFIG </dev/null | base64 | sed s/=//g) + + # Create a configuration file. + # + # For security, temp and log files are not stored in the default locations + # which are inside the roundcube sources directory. We put them instead + # in normal places. + cat > $RCM_CONFIG < array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), - ); +'ssl' => array( + 'verify_peer' => false, + 'verify_peer_name' => false, +), +); \$config['imap_timeout'] = 15; \$config['smtp_host'] = 'tls://127.0.0.1'; \$config['smtp_conn_options'] = array( - 'ssl' => array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), - ); +'ssl' => array( + 'verify_peer' => false, + 'verify_peer_name' => false, +), +); \$config['support_url'] = 'https://mailinabox.email/'; \$config['product_name'] = '$PRIMARY_HOSTNAME Webmail'; \$config['cipher_method'] = 'AES-256-CBC'; # persistent login cookie and potentially other things @@ -147,8 +151,8 @@ cat > $RCM_CONFIG < EOF -# Configure CardDav -cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php < ${RCM_PLUGIN_DIR}/carddav/config.inc.php < ${RCM_PLUGIN_DIR}/carddav/config.inc.php < EOF -# Create writable directories. -mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube -chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube + # Create writable directories. + mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube + chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube -# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start. -sudo -u www-data touch /var/log/roundcubemail/errors.log + # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start. + sudo -u www-data touch /var/log/roundcubemail/errors.log -# Password changing plugin settings -# The config comes empty by default, so we need the settings -# we're not planning to change in config.inc.dist... -cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \ - ${RCM_PLUGIN_DIR}/password/config.inc.php + # Password changing plugin settings + # The config comes empty by default, so we need the settings + # we're not planning to change in config.inc.dist... + cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \ + ${RCM_PLUGIN_DIR}/password/config.inc.php -tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \ - "\$config['password_minimum_length']=8;" \ - "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ - "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ - "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ - "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ - "\$config['password_dovecotpw_with_method']=true;" + tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \ + "\$config['password_minimum_length']=8;" \ + "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ + "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ + "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ + "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ + "\$config['password_dovecotpw_with_method']=true;" -# so PHP can use doveadm, for the password changing plugin -usermod -a -G dovecot www-data + # so PHP can use doveadm, for the password changing plugin + usermod -a -G dovecot www-data -# set permissions so that PHP can use users.sqlite -# could use dovecot instead of www-data, but not sure it matters -chown root.www-data $STORAGE_ROOT/mail -chmod 775 $STORAGE_ROOT/mail -chown root.www-data $STORAGE_ROOT/mail/users.sqlite -chmod 664 $STORAGE_ROOT/mail/users.sqlite + # set permissions so that PHP can use users.sqlite + # could use dovecot instead of www-data, but not sure it matters + chown root.www-data $STORAGE_ROOT/mail + chmod 775 $STORAGE_ROOT/mail + chown root.www-data $STORAGE_ROOT/mail/users.sqlite + chmod 664 $STORAGE_ROOT/mail/users.sqlite -# Fix Carddav permissions: -chown -f -R root.www-data ${RCM_PLUGIN_DIR}/carddav -# root.www-data need all permissions, others only read -chmod -R 774 ${RCM_PLUGIN_DIR}/carddav + # Fix Carddav permissions: + chown -f -R root.www-data ${RCM_PLUGIN_DIR}/carddav + # root.www-data need all permissions, others only read + chmod -R 774 ${RCM_PLUGIN_DIR}/carddav -# Run Roundcube database migration script (database is created if it does not exist) -php$PHP_VER ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube -chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite -chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite + # Run Roundcube database migration script (database is created if it does not exist) + php$PHP_VER ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube + chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite + chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite -# Enable PHP modules. -phpenmod -v $PHP_VER imap -restart_service php$PHP_VER-fpm + # Enable PHP modules. + phpenmod -v $PHP_VER imap + restart_service php$PHP_VER-fpm + +fi \ No newline at end of file diff --git a/setup/zpush.sh b/setup/zpush.sh index 4fdfadc4..baf98ee4 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -13,81 +13,85 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -# Prereqs. +if [ "$ZPUSH_ENABLE" -ne "1" ]; then + echo "Skipping Roundcube (webmail) installation." +else -echo "Installing Z-Push (Exchange/ActiveSync server)..." -apt_install \ - php${PHP_VER}-soap php${PHP_VER}-imap libawl-php php$PHP_VER-xml + # Prereqs. -phpenmod -v $PHP_VER imap + echo "Installing Z-Push (Exchange/ActiveSync server)..." + apt_install \ + php${PHP_VER}-soap php${PHP_VER}-imap libawl-php php$PHP_VER-xml -# Copy Z-Push into place. -VERSION=2.6.2 -TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80 -needs_update=0 #NODOC -if [ ! -f /usr/local/lib/z-push/version ]; then - needs_update=1 #NODOC -elif [[ $VERSION != $(cat /usr/local/lib/z-push/version) ]]; then - # checks if the version - needs_update=1 #NODOC -fi -if [ $needs_update == 1 ]; then - # Download - wget_verify "https://github.com/Z-Hub/Z-Push/archive/refs/tags/$VERSION.zip" $TARGETHASH /tmp/z-push.zip + phpenmod -v $PHP_VER imap - # Extract into place. - rm -rf /usr/local/lib/z-push /tmp/z-push - unzip -q /tmp/z-push.zip -d /tmp/z-push - mv /tmp/z-push/*/src /usr/local/lib/z-push - rm -rf /tmp/z-push.zip /tmp/z-push + # Copy Z-Push into place. + VERSION=2.6.2 + TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80 + needs_update=0 #NODOC + if [ ! -f /usr/local/lib/z-push/version ]; then + needs_update=1 #NODOC + elif [[ $VERSION != $(cat /usr/local/lib/z-push/version) ]]; then + # checks if the version + needs_update=1 #NODOC + fi + if [ $needs_update == 1 ]; then + # Download + wget_verify "https://github.com/Z-Hub/Z-Push/archive/refs/tags/$VERSION.zip" $TARGETHASH /tmp/z-push.zip - rm -f /usr/sbin/z-push-{admin,top} - echo $VERSION > /usr/local/lib/z-push/version -fi + # Extract into place. + rm -rf /usr/local/lib/z-push /tmp/z-push + unzip -q /tmp/z-push.zip -d /tmp/z-push + mv /tmp/z-push/*/src /usr/local/lib/z-push + rm -rf /tmp/z-push.zip /tmp/z-push -# Configure default config. -sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /usr/local/lib/z-push/config.php -sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php -sed -i "s/define('USE_FULLEMAIL_FOR_LOGIN', .*/define('USE_FULLEMAIL_FOR_LOGIN', true);/" /usr/local/lib/z-push/config.php -sed -i "s/define('LOG_MEMORY_PROFILER', .*/define('LOG_MEMORY_PROFILER', false);/" /usr/local/lib/z-push/config.php -sed -i "s/define('BUG68532FIXED', .*/define('BUG68532FIXED', false);/" /usr/local/lib/z-push/config.php -sed -i "s/define('LOGLEVEL', .*/define('LOGLEVEL', LOGLEVEL_ERROR);/" /usr/local/lib/z-push/config.php + rm -f /usr/sbin/z-push-{admin,top} + echo $VERSION > /usr/local/lib/z-push/version + fi -# Configure BACKEND -rm -f /usr/local/lib/z-push/backend/combined/config.php -cp conf/zpush/backend_combined.php /usr/local/lib/z-push/backend/combined/config.php + # Configure default config. + sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /usr/local/lib/z-push/config.php + sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php + sed -i "s/define('USE_FULLEMAIL_FOR_LOGIN', .*/define('USE_FULLEMAIL_FOR_LOGIN', true);/" /usr/local/lib/z-push/config.php + sed -i "s/define('LOG_MEMORY_PROFILER', .*/define('LOG_MEMORY_PROFILER', false);/" /usr/local/lib/z-push/config.php + sed -i "s/define('BUG68532FIXED', .*/define('BUG68532FIXED', false);/" /usr/local/lib/z-push/config.php + sed -i "s/define('LOGLEVEL', .*/define('LOGLEVEL', LOGLEVEL_ERROR);/" /usr/local/lib/z-push/config.php -# Configure IMAP -rm -f /usr/local/lib/z-push/backend/imap/config.php -cp conf/zpush/backend_imap.php /usr/local/lib/z-push/backend/imap/config.php -sed -i "s%STORAGE_ROOT%$STORAGE_ROOT%" /usr/local/lib/z-push/backend/imap/config.php + # Configure BACKEND + rm -f /usr/local/lib/z-push/backend/combined/config.php + cp conf/zpush/backend_combined.php /usr/local/lib/z-push/backend/combined/config.php -# Configure CardDav -rm -f /usr/local/lib/z-push/backend/carddav/config.php -cp conf/zpush/backend_carddav.php /usr/local/lib/z-push/backend/carddav/config.php + # Configure IMAP + rm -f /usr/local/lib/z-push/backend/imap/config.php + cp conf/zpush/backend_imap.php /usr/local/lib/z-push/backend/imap/config.php + sed -i "s%STORAGE_ROOT%$STORAGE_ROOT%" /usr/local/lib/z-push/backend/imap/config.php -# Configure CalDav -rm -f /usr/local/lib/z-push/backend/caldav/config.php -cp conf/zpush/backend_caldav.php /usr/local/lib/z-push/backend/caldav/config.php + # Configure CardDav + rm -f /usr/local/lib/z-push/backend/carddav/config.php + cp conf/zpush/backend_carddav.php /usr/local/lib/z-push/backend/carddav/config.php -# Configure Autodiscover -rm -f /usr/local/lib/z-push/autodiscover/config.php -cp conf/zpush/autodiscover_config.php /usr/local/lib/z-push/autodiscover/config.php -sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /usr/local/lib/z-push/autodiscover/config.php -sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /usr/local/lib/z-push/autodiscover/config.php + # Configure CalDav + rm -f /usr/local/lib/z-push/backend/caldav/config.php + cp conf/zpush/backend_caldav.php /usr/local/lib/z-push/backend/caldav/config.php -# Some directories it will use. + # Configure Autodiscover + rm -f /usr/local/lib/z-push/autodiscover/config.php + cp conf/zpush/autodiscover_config.php /usr/local/lib/z-push/autodiscover/config.php + sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /usr/local/lib/z-push/autodiscover/config.php + sed -i "s^define('TIMEZONE', .*^define('TIMEZONE', '$(cat /etc/timezone)');^" /usr/local/lib/z-push/autodiscover/config.php -mkdir -p /var/log/z-push -mkdir -p /var/lib/z-push -chmod 750 /var/log/z-push -chmod 750 /var/lib/z-push -chown www-data:www-data /var/log/z-push -chown www-data:www-data /var/lib/z-push + # Some directories it will use. -# Add log rotation + mkdir -p /var/log/z-push + mkdir -p /var/lib/z-push + chmod 750 /var/log/z-push + chmod 750 /var/lib/z-push + chown www-data:www-data /var/log/z-push + chown www-data:www-data /var/lib/z-push -cat > /etc/logrotate.d/z-push < /etc/logrotate.d/z-push < /etc/logrotate.d/z-push <