NextClous&Webmail features to be disabled and shellcheck findings

Vagrantfile

@@ -19,7 +19,12 @@ Vagrant.configure("2") do |config|
     export PUBLIC_IP=auto
     export PUBLIC_IPV6=auto
     export PRIMARY_HOSTNAME=auto
-    #export SKIP_NETWORK_CHECKS=1
+
+    export SKIP_NETWORK_CHECKS=1
+    
+    export NEXTCLOUD_ENABLE=0
+    export WEBMAIL_ENABLE=0
+    export ZPUSH_ENABLE=0
 
     # Start the setup script.
     cd /vagrant

setup/functions.sh

@@ -1,10 +1,12 @@
+#!/bin/bash
+
 # Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/.
 # -e: exit if any command unexpectedly fails.
 # -u: exit if we have a variable typo.
 # -o pipefail: don't ignore errors in the non-last command in a pipeline
 set -euo pipefail
 
-PHP_VER=8.0
+export PHP_VER=8.0
 
 function hide_output {
 	# This function hides the output of a command unless the command fails
@@ -16,7 +18,7 @@ function hide_output {
 	# Execute command, redirecting stderr/stdout to the temporary file. Since we
 	# check the return code ourselves, disable 'set -e' temporarily.
 	set +e
-	"$@" &> $OUTPUT
+	"$@" &> "$OUTPUT"
 	E=$?
 	set -e
 

setup/nextcloud.sh

@@ -5,6 +5,10 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
+if [ "$NEXTCLOUD_ENABLE" -ne "1" ]; then
+	echo "Skipping Nextcloud installation."
+else
+
 # ### Installing Nextcloud
 
 echo "Installing Nextcloud (contacts/calendar)..."
@@ -378,3 +382,5 @@ chmod +x /etc/cron.d/mailinabox-nextcloud
 
 # Enable PHP modules and restart PHP.
 restart_service php$PHP_VER-fpm
+
+fi

setup/preflight.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Are we running as root?
 if [[ $EUID -ne 0 ]]; then
 	echo "This script must be run as root. Please re-run like this:"
@@ -7,7 +9,7 @@ if [[ $EUID -ne 0 ]]; then
 	exit 1
 fi
 
-# Check that we are running on Ubuntu 20.04 LTS (or 20.04.xx).
+# Check that we are running on Ubuntu 22.04 LTS (or 22.04.xx).
 if [ "$( lsb_release --id --short )" != "Ubuntu" ] || [ "$( lsb_release --release --short )" != "22.04" ]; then
 	echo "Mail-in-a-Box only supports being installed on Ubuntu 22.04, sorry. You are running:"
 	echo
@@ -26,7 +28,7 @@ fi
 #
 # Skip the check if we appear to be running inside of Vagrant, because that's really just for testing.
 TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}')
-if [ $TOTAL_PHYSICAL_MEM -lt 490000 ]; then
+if [ "$TOTAL_PHYSICAL_MEM" -lt 490000 ]; then
 if [ ! -d /vagrant ]; then
 	TOTAL_PHYSICAL_MEM=$(expr \( \( $TOTAL_PHYSICAL_MEM \* 1024 \) / 1000 \) / 1000)
 	echo "Your Mail-in-a-Box needs more memory (RAM) to function properly."
@@ -35,7 +37,7 @@ if [ ! -d /vagrant ]; then
 	exit
 fi
 fi
-if [ $TOTAL_PHYSICAL_MEM -lt 750000 ]; then
+if [ "$TOTAL_PHYSICAL_MEM" -lt 750000 ]; then
 	echo "WARNING: Your Mail-in-a-Box has less than 768 MB of memory."
 	echo "         It might run unreliably when under heavy load."
 fi

setup/questions.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 if [ -z "${NONINTERACTIVE:-}" ]; then
 	# Install 'dialog' so we can ask the user questions. The original motivation for
 	# this was being able to ask the user for input even if stdin has been redirected,
@@ -141,16 +143,20 @@ if [ -z "${PUBLIC_IPV6:-}" ]; then
 			"Enter the public IPv6 address of this machine, as given to you by your ISP.
 			\n\nLeave blank if the machine does not have an IPv6 address.
 			\n\nPublic IPv6 address:" \
-			${DEFAULT_PUBLIC_IPV6:-} \
+			"${DEFAULT_PUBLIC_IPV6:-}" \
 			PUBLIC_IPV6
 
-		if [ ! $PUBLIC_IPV6_EXITCODE ]; then
+		if [ ! "$PUBLIC_IPV6_EXITCODE" ]; then
 			# user hit ESC/cancel
 			exit
 		fi
 	fi
 fi
 
+export NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE
+export WEBMAIL_ENABLE=$WEBMAIL_ENABLE
+export ZPUSH_ENABLE=$ZPUSH_ENABLE
+
 # Get the IP addresses of the local network interface(s) that are connected
 # to the Internet. We need these when we want to have services bind only to
 # the public network interfaces (not loopback, not tunnel interfaces).

setup/start.sh

@@ -4,7 +4,7 @@
 
 source setup/functions.sh # load our functions
 
-# Check system setup: Are we running as root on Ubuntu 18.04 on a
+# Check system setup: Are we running as root on Ubuntu 22.04 on a
 # machine with enough memory? Is /tmp mounted with exec.
 # If not, this shows an error and exits.
 source setup/preflight.sh
@@ -35,11 +35,12 @@ if [ -f /etc/mailinabox.conf ]; then
 
 	# Load the old .conf file to get existing configuration options loaded
 	# into variables with a DEFAULT_ prefix.
-	cat /etc/mailinabox.conf | sed s/^/DEFAULT_/ > /tmp/mailinabox.prev.conf
+	sed s/^/DEFAULT_/ /etc/mailinabox.conf > /tmp/mailinabox.prev.conf
+	# shellcheck source=/dev/null
 	source /tmp/mailinabox.prev.conf
 	rm -f /tmp/mailinabox.prev.conf
 else
-	FIRST_TIME_SETUP=1
+	export FIRST_TIME_SETUP=1
 fi
 
 # Put a start script in a global location. We tell the user to run 'mailinabox'
@@ -75,17 +76,17 @@ fi
 # migration (schema) number for the files stored there, assume this is a fresh
 # installation to that directory and write the file to contain the current
 # migration number for this version of Mail-in-a-Box.
-if ! id -u $STORAGE_USER >/dev/null 2>&1; then
-	useradd -m $STORAGE_USER
+if ! id -u "$STORAGE_USER" >/dev/null 2>&1; then
+	useradd -m "$STORAGE_USER"
 fi
-if [ ! -d $STORAGE_ROOT ]; then
-	mkdir -p $STORAGE_ROOT
+if [ ! -d "$STORAGE_ROOT" ]; then
+	mkdir -p "$STORAGE_ROOT"
 fi
 f=$STORAGE_ROOT
 while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
-if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
-	setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version
-	chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
+if [ ! -f "$STORAGE_ROOT/mailinabox.version" ]; then
+	setup/migrate.py --current > "$STORAGE_ROOT/mailinabox.version"
+	chown "$STORAGE_USER"."$STORAGE_USER" "$STORAGE_ROOT/mailinabox.version"
 fi
 
 # Save the global options in /etc/mailinabox.conf so that standalone
@@ -101,6 +102,9 @@ PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
 MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
+NEXTCLOUD_ENABLE=$NEXTCLOUD_ENABLE
+WEBMAIL_ENABLE=$WEBMAIL_ENABLE
+ZPUSH_ENABLE=$ZPUSH_ENABLE
 EOF
 
 # Start service configuration.
@@ -142,14 +146,14 @@ source setup/firstuser.sh
 # We'd let certbot ask the user interactively, but when this script is
 # run in the recommended curl-pipe-to-bash method there is no TTY and
 # certbot will fail if it tries to ask.
-if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/ ]; then
+if [ ! -d "$STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/" ]; then
 echo
 echo "-----------------------------------------------"
 echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
 echo "to enable HTTPS connections to your box. We're automatically"
 echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
 echo
-certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
+certbot register --register-unsafely-without-email --agree-tos --config-dir "$STORAGE_ROOT/ssl/lets_encrypt"
 fi
 
 # Done.
@@ -166,7 +170,7 @@ if management/status_checks.py --check-primary-hostname; then
 	echo
 	echo "If you have a DNS problem put the box's IP address in the URL"
 	echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
-	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
+	openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
         	| sed "s/SHA256 Fingerprint=//"
 else
 	echo https://$PUBLIC_IP/admin
@@ -174,7 +178,7 @@ else
 	echo You will be alerted that the website has an invalid certificate. Check that
 	echo the certificate fingerprint matches:
 	echo
-	openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
+	openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
         	| sed "s/SHA256 Fingerprint=//"
 	echo
 	echo Then you can confirm the security exception and continue.

setup/system.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 source /etc/mailinabox.conf
 source setup/functions.sh # load our functions
 
@@ -11,8 +13,8 @@ source setup/functions.sh # load our functions
 #
 # First set the hostname in the configuration file, then activate the setting
 
-echo $PRIMARY_HOSTNAME > /etc/hostname
-hostname $PRIMARY_HOSTNAME
+echo "$PRIMARY_HOSTNAME" > /etc/hostname
+hostname "$PRIMARY_HOSTNAME"
 
 # ### Fix permissions
 
@@ -43,7 +45,7 @@ chmod g-w /etc /etc/default /usr
 # See https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04
 # for reference
 
-SWAP_MOUNTED=$(cat /proc/swaps | tail -n+2)
+SWAP_MOUNTED=$(tail -n+2 /proc/swaps)
 SWAP_IN_FSTAB=$(grep "swap" /etc/fstab || /bin/true)
 ROOT_IS_BTRFS=$(grep "\/ .*btrfs" /proc/mounts || /bin/true)
 TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true)
@@ -53,14 +55,14 @@ if
 	[ -z "$SWAP_IN_FSTAB" ] &&
 	[ ! -e /swapfile ] &&
 	[ -z "$ROOT_IS_BTRFS" ] &&
-	[ $TOTAL_PHYSICAL_MEM -lt 1900000 ] &&
-	[ $AVAILABLE_DISK_SPACE -gt 5242880 ]
+	[ "$TOTAL_PHYSICAL_MEM" -lt 1900000 ] &&
+	[ "$AVAILABLE_DISK_SPACE" -gt 5242880 ]
 then
 	echo "Adding a swap file to the system..."
 
 	# Allocate and activate the swap file. Allocate in 1KB chuncks
 	# doing it in one go, could fail on low memory systems
-	dd if=/dev/zero of=/swapfile bs=1024 count=$[1024*1024] status=none
+	dd if=/dev/zero of=/swapfile bs=1024 count=$((1024*1024)) status=none
 	if [ -e /swapfile ]; then
 		chmod 600 /swapfile
 		hide_output mkswap /swapfile
@@ -164,7 +166,7 @@ fi
 # not likely the user will want to change this, so we only ask on first
 # setup.
 if [ -z "${NONINTERACTIVE:-}" ]; then
-	if [ ! -f /etc/timezone ] || [ ! -z ${FIRST_TIME_SETUP:-} ]; then
+	if [ ! -f /etc/timezone ] || [ -n "${FIRST_TIME_SETUP:-}" ]; then
 		# If the file is missing or this is the user's first time running
 		# Mail-in-a-Box setup, run the interactive timezone configuration
 		# tool.
@@ -273,8 +275,8 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then
 	if [ ! -z "$SSH_PORT" ]; then
 	if [ "$SSH_PORT" != "22" ]; then
 
-	echo Opening alternate SSH port $SSH_PORT. #NODOC
-	ufw_limit $SSH_PORT #NODOC
+	echo Opening alternate SSH port "$SSH_PORT". #NODOC
+	ufw_limit "$SSH_PORT" #NODOC
 
 	fi
 	fi

setup/webmail.sh

@@ -5,6 +5,10 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
+if [ "$WEBMAIL_ENABLE" -ne "1" ]; then
+	echo "Skipping Roundcube (webmail) installation."
+else
+
 	# ### Installing Roundcube
 
 	# We install Roundcube from sources, rather than from Ubuntu, because:
@@ -212,3 +216,5 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
 	# Enable PHP modules.
 	phpenmod -v $PHP_VER imap
 	restart_service php$PHP_VER-fpm
+
+fi

setup/zpush.sh

@@ -13,6 +13,10 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
+if [ "$ZPUSH_ENABLE" -ne "1" ]; then
+	echo "Skipping Roundcube (webmail) installation."
+else
+
 	# Prereqs.
 
 	echo "Installing Z-Push (Exchange/ActiveSync server)..."
@@ -105,3 +109,5 @@ restart_service php$PHP_VER-fpm
 	# Fix states after upgrade
 
 	hide_output php$PHP_VER /usr/local/lib/z-push/z-push-admin.php -a fixstates
+
+fi