external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-12 01:37:07 +00:00
Code Issues Releases Wiki Activity

NextClous&Webmail features to be disabled and shellcheck findings

Browse Source
This commit is contained in:
Jaroslaw Wencel 2022-08-28 09:44:45 +02:00
parent b8feb77ef4
commit f3bd2d9d42
9 changed files with 271 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Vagrantfile vendored
View File

@ -19,7 +19,12 @@ Vagrant.configure("2") do |config|
export PUBLIC_IP=auto export PUBLIC_IP=auto
export PUBLIC_IPV6=auto export PUBLIC_IPV6=auto
export PRIMARY_HOSTNAME=auto export PRIMARY_HOSTNAME=auto
#export SKIP_NETWORK_CHECKS=1
export SKIP_NETWORK_CHECKS=1
export NEXTCLOUD_ENABLE=0
export WEBMAIL_ENABLE=0
export ZPUSH_ENABLE=0
# Start the setup script. # Start the setup script.
cd /vagrant cd /vagrant

6
setup/functions.sh
View File

@ -1,10 +1,12 @@
#!/bin/bash
# Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/. # Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/.
# -e: exit if any command unexpectedly fails. # -e: exit if any command unexpectedly fails.
# -u: exit if we have a variable typo. # -u: exit if we have a variable typo.
# -o pipefail: don't ignore errors in the non-last command in a pipeline # -o pipefail: don't ignore errors in the non-last command in a pipeline
set -euo pipefail set -euo pipefail
PHP_VER=8.0 export PHP_VER=8.0
function hide_output { function hide_output {
# This function hides the output of a command unless the command fails # This function hides the output of a command unless the command fails
@ -16,7 +18,7 @@ function hide_output {
# Execute command, redirecting stderr/stdout to the temporary file. Since we # Execute command, redirecting stderr/stdout to the temporary file. Since we
# check the return code ourselves, disable 'set -e' temporarily. # check the return code ourselves, disable 'set -e' temporarily.
set +e set +e
"$@" &> $OUTPUT "$@" &> "$OUTPUT"
E=$? E=$?
set -e set -e

6
setup/nextcloud.sh
View File

@ -5,6 +5,10 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
if [ "$NEXTCLOUD_ENABLE" -ne "1" ]; then
echo "Skipping Nextcloud installation."
else
# ### Installing Nextcloud # ### Installing Nextcloud
echo "Installing Nextcloud (contacts/calendar)..." echo "Installing Nextcloud (contacts/calendar)..."
@ -378,3 +382,5 @@ chmod +x /etc/cron.d/mailinabox-nextcloud
# Enable PHP modules and restart PHP. # Enable PHP modules and restart PHP.
restart_service php$PHP_VER-fpm restart_service php$PHP_VER-fpm
fi

8
setup/preflight.sh
View File

@ -1,3 +1,5 @@
#!/bin/bash
# Are we running as root? # Are we running as root?
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root. Please re-run like this:" echo "This script must be run as root. Please re-run like this:"
@ -7,7 +9,7 @@ if [[ $EUID -ne 0 ]]; then
exit 1 exit 1
fi fi
# Check that we are running on Ubuntu 20.04 LTS (or 20.04.xx). # Check that we are running on Ubuntu 22.04 LTS (or 22.04.xx).
if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then
echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:" echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:"
echo echo
@ -26,7 +28,7 @@ fi
# #
# Skip the check if we appear to be running inside of Vagrant, because that's really just for testing. # Skip the check if we appear to be running inside of Vagrant, because that's really just for testing.
TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}') TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}')
if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then if [ "$TOTAL_PHYSICAL_MEM" -lt 490000 ]; then
if [ ! -d /vagrant ]; then if [ ! -d /vagrant ]; then
TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000) TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
echo "Your Mail-in-a-Box needs more memory (RAM) to function properly." echo "Your Mail-in-a-Box needs more memory (RAM) to function properly."
@ -35,7 +37,7 @@ if [ ! -d /vagrant ]; then
exit exit
fi fi
fi fi
if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then if [ "$TOTAL_PHYSICAL_MEM" -lt 750000 ]; then
echo "WARNING: Your Mail-in-a-Box has less than 768 MB of memory." echo "WARNING: Your Mail-in-a-Box has less than 768 MB of memory."
echo " It might run unreliably when under heavy load." echo " It might run unreliably when under heavy load."
fi fi

10
setup/questions.sh
View File

@ -1,3 +1,5 @@
#!/bin/bash
if [ -z "${NONINTERACTIVE:-}" ]; then if [ -z "${NONINTERACTIVE:-}" ]; then
# Install 'dialog' so we can ask the user questions. The original motivation for # Install 'dialog' so we can ask the user questions. The original motivation for
# this was being able to ask the user for input even if stdin has been redirected, # this was being able to ask the user for input even if stdin has been redirected,
@ -141,16 +143,20 @@ if [ -z "${PUBLIC_IPV6:-}" ]; then
"Enter the public IPv6 address of this machine, as given to you by your ISP. "Enter the public IPv6 address of this machine, as given to you by your ISP.
\n\nLeave blank if the machine does not have an IPv6 address. \n\nLeave blank if the machine does not have an IPv6 address.
\n\nPublic IPv6 address:" \ \n\nPublic IPv6 address:" \
${DEFAULT_PUBLIC_IPV6:-} \ "${DEFAULT_PUBLIC_IPV6:-}" \
PUBLIC_IPV6 PUBLIC_IPV6
if [ ! $PUBLIC_IPV6_EXITCODE ]; then if [ ! "$PUBLIC_IPV6_EXITCODE" ]; then
# user hit ESC/cancel # user hit ESC/cancel
exit exit
fi fi
fi fi
fi fi
export NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE
export WEBMAIL_ENABLE=$WEBMAIL_ENABLE
export ZPUSH_ENABLE=$ZPUSH_ENABLE
# Get the IP addresses of the local network interface(s) that are connected # Get the IP addresses of the local network interface(s) that are connected
# to the Internet. We need these when we want to have services bind only to # to the Internet. We need these when we want to have services bind only to
# the public network interfaces (not loopback, not tunnel interfaces). # the public network interfaces (not loopback, not tunnel interfaces).

32
setup/start.sh
View File

@ -4,7 +4,7 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
# Check system setup: Are we running as root on Ubuntu 18.04 on a # Check system setup: Are we running as root on Ubuntu 22.04 on a
# machine with enough memory? Is /tmp mounted with exec. # machine with enough memory? Is /tmp mounted with exec.
# If not, this shows an error and exits. # If not, this shows an error and exits.
source setup/preflight.sh source setup/preflight.sh
@ -35,11 +35,12 @@ if [ -f /etc/mailinabox.conf ]; then
# Load the old .conf file to get existing configuration options loaded # Load the old .conf file to get existing configuration options loaded
# into variables with a DEFAULT_ prefix. # into variables with a DEFAULT_ prefix.
cat /etc/mailinabox.conf | sed s/^/DEFAULT_/ > /tmp/mailinabox.prev.conf sed s/^/DEFAULT_/ /etc/mailinabox.conf > /tmp/mailinabox.prev.conf
# shellcheck source=/dev/null
source /tmp/mailinabox.prev.conf source /tmp/mailinabox.prev.conf
rm -f /tmp/mailinabox.prev.conf rm -f /tmp/mailinabox.prev.conf
else else
FIRST_TIME_SETUP=1 export FIRST_TIME_SETUP=1
fi fi
# Put a start script in a global location. We tell the user to run 'mailinabox' # Put a start script in a global location. We tell the user to run 'mailinabox'
@ -75,17 +76,17 @@ fi
# migration (schema) number for the files stored there, assume this is a fresh # migration (schema) number for the files stored there, assume this is a fresh
# installation to that directory and write the file to contain the current # installation to that directory and write the file to contain the current
# migration number for this version of Mail-in-a-Box. # migration number for this version of Mail-in-a-Box.
if ! id -u $STORAGE_USER >/dev/null 2>&1; then if ! id -u "$STORAGE_USER" >/dev/null 2>&1; then
useradd -m $STORAGE_USER useradd -m "$STORAGE_USER"
fi fi
if [ ! -d $STORAGE_ROOT ]; then if [ ! -d "$STORAGE_ROOT" ]; then
mkdir -p $STORAGE_ROOT mkdir -p "$STORAGE_ROOT"
fi fi
f=$STORAGE_ROOT f=$STORAGE_ROOT
while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done; while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then if [ ! -f "$STORAGE_ROOT/mailinabox.version" ]; then
setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version setup/migrate.py --current > "$STORAGE_ROOT/mailinabox.version"
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version chown "$STORAGE_USER"."$STORAGE_USER" "$STORAGE_ROOT/mailinabox.version"
fi fi
# Save the global options in /etc/mailinabox.conf so that standalone # Save the global options in /etc/mailinabox.conf so that standalone
@ -101,6 +102,9 @@ PUBLIC_IPV6=$PUBLIC_IPV6
PRIVATE_IP=$PRIVATE_IP PRIVATE_IP=$PRIVATE_IP
PRIVATE_IPV6=$PRIVATE_IPV6 PRIVATE_IPV6=$PRIVATE_IPV6
MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce} MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE
WEBMAIL_ENABLE=$WEBMAIL_ENABLE
ZPUSH_ENABLE=$ZPUSH_ENABLE
EOF EOF
# Start service configuration. # Start service configuration.
@ -142,14 +146,14 @@ source setup/firstuser.sh
# We'd let certbot ask the user interactively, but when this script is # We'd let certbot ask the user interactively, but when this script is
# run in the recommended curl-pipe-to-bash method there is no TTY and # run in the recommended curl-pipe-to-bash method there is no TTY and
# certbot will fail if it tries to ask. # certbot will fail if it tries to ask.
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/ ]; then if [ ! -d "$STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/" ]; then
echo echo
echo "-----------------------------------------------" echo "-----------------------------------------------"
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates" echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
echo "to enable HTTPS connections to your box. We're automatically" echo "to enable HTTPS connections to your box. We're automatically"
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org." echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
echo echo
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt certbot register --register-unsafely-without-email --agree-tos --config-dir "$STORAGE_ROOT/ssl/lets_encrypt"
fi fi
# Done. # Done.
@ -166,7 +170,7 @@ if management/status_checks.py --check-primary-hostname; then
echo echo
echo "If you have a DNS problem put the box's IP address in the URL" echo "If you have a DNS problem put the box's IP address in the URL"
echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:" echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\ openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
| sed "s/SHA256 Fingerprint=//" | sed "s/SHA256 Fingerprint=//"
else else
echo https://$PUBLIC_IP/admin echo https://$PUBLIC_IP/admin
@ -174,7 +178,7 @@ else
echo You will be alerted that the website has an invalid certificate. Check that echo You will be alerted that the website has an invalid certificate. Check that
echo the certificate fingerprint matches: echo the certificate fingerprint matches:
echo echo
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\ openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
| sed "s/SHA256 Fingerprint=//" | sed "s/SHA256 Fingerprint=//"
echo echo
echo Then you can confirm the security exception and continue. echo Then you can confirm the security exception and continue.

20
setup/system.sh
View File

@ -1,3 +1,5 @@
#!/bin/bash
source /etc/mailinabox.conf source /etc/mailinabox.conf
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
@ -11,8 +13,8 @@ source setup/functions.sh # load our functions
# #
# First set the hostname in the configuration file, then activate the setting # First set the hostname in the configuration file, then activate the setting
echo $PRIMARY_HOSTNAME > /etc/hostname echo "$PRIMARY_HOSTNAME" > /etc/hostname
hostname $PRIMARY_HOSTNAME hostname "$PRIMARY_HOSTNAME"
# ### Fix permissions # ### Fix permissions
@ -43,7 +45,7 @@ chmod g-w /etc /etc/default /usr
# See https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04 # See https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
# for reference # for reference
SWAP_MOUNTED=$(cat /proc/swaps | tail -n+2) SWAP_MOUNTED=$(tail -n+2 /proc/swaps)
SWAP_IN_FSTAB=$(grep "swap" /etc/fstab || /bin/true) SWAP_IN_FSTAB=$(grep "swap" /etc/fstab || /bin/true)
ROOT_IS_BTRFS=$(grep "\/ .*btrfs" /proc/mounts || /bin/true) ROOT_IS_BTRFS=$(grep "\/ .*btrfs" /proc/mounts || /bin/true)
TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true)
@ -53,14 +55,14 @@ if
[ -z "$SWAP_IN_FSTAB" ] && [ -z "$SWAP_IN_FSTAB" ] &&
[ ! -e /swapfile ] && [ ! -e /swapfile ] &&
[ -z "$ROOT_IS_BTRFS" ] && [ -z "$ROOT_IS_BTRFS" ] &&
[ $TOTAL_PHYSICAL_MEM -lt 1900000 ] && [ "$TOTAL_PHYSICAL_MEM" -lt 1900000 ] &&
[ $AVAILABLE_DISK_SPACE -gt 5242880 ] [ "$AVAILABLE_DISK_SPACE" -gt 5242880 ]
then then
echo "Adding a swap file to the system..." echo "Adding a swap file to the system..."
# Allocate and activate the swap file. Allocate in 1KB chuncks # Allocate and activate the swap file. Allocate in 1KB chuncks
# doing it in one go, could fail on low memory systems # doing it in one go, could fail on low memory systems
dd if=/dev/zero of=/swapfile bs=1024 count=$[1024*1024] status=none dd if=/dev/zero of=/swapfile bs=1024 count=$((1024*1024)) status=none
if [ -e /swapfile ]; then if [ -e /swapfile ]; then
chmod 600 /swapfile chmod 600 /swapfile
hide_output mkswap /swapfile hide_output mkswap /swapfile
@ -164,7 +166,7 @@ fi
# not likely the user will want to change this, so we only ask on first # not likely the user will want to change this, so we only ask on first
# setup. # setup.
if [ -z "${NONINTERACTIVE:-}" ]; then if [ -z "${NONINTERACTIVE:-}" ]; then
if [ ! -f /etc/timezone ] || [ ! -z ${FIRST_TIME_SETUP:-} ]; then if [ ! -f /etc/timezone ] || [ -n "${FIRST_TIME_SETUP:-}" ]; then
# If the file is missing or this is the user's first time running # If the file is missing or this is the user's first time running
# Mail-in-a-Box setup, run the interactive timezone configuration # Mail-in-a-Box setup, run the interactive timezone configuration
# tool. # tool.
@ -273,8 +275,8 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then
if [ ! -z "$SSH_PORT" ]; then if [ ! -z "$SSH_PORT" ]; then
if [ "$SSH_PORT" != "22" ]; then if [ "$SSH_PORT" != "22" ]; then
echo Opening alternate SSH port $SSH_PORT. #NODOC echo Opening alternate SSH port "$SSH_PORT". #NODOC
ufw_limit $SSH_PORT #NODOC ufw_limit "$SSH_PORT" #NODOC
fi fi
fi fi

6
setup/webmail.sh
View File

@ -5,6 +5,10 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
if [ "$WEBMAIL_ENABLE" -ne "1" ]; then
echo "Skipping Roundcube (webmail) installation."
else
# ### Installing Roundcube # ### Installing Roundcube
# We install Roundcube from sources, rather than from Ubuntu, because: # We install Roundcube from sources, rather than from Ubuntu, because:
@ -212,3 +216,5 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
# Enable PHP modules. # Enable PHP modules.
phpenmod -v $PHP_VER imap phpenmod -v $PHP_VER imap
restart_service php$PHP_VER-fpm restart_service php$PHP_VER-fpm
fi

6
setup/zpush.sh
View File

@ -13,6 +13,10 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
if [ "$ZPUSH_ENABLE" -ne "1" ]; then
echo "Skipping Roundcube (webmail) installation."
else
# Prereqs. # Prereqs.
echo "Installing Z-Push (Exchange/ActiveSync server)..." echo "Installing Z-Push (Exchange/ActiveSync server)..."
@ -105,3 +109,5 @@ restart_service php$PHP_VER-fpm
# Fix states after upgrade # Fix states after upgrade
hide_output php$PHP_VER /usr/local/lib/z-push/z-push-admin.php -a fixstates hide_output php$PHP_VER /usr/local/lib/z-push/z-push-admin.php -a fixstates
fi