Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / d1f5b68b557869443f559de96824b2d2aee3b3e7 / . / mailcow / src / mailcow-dockerized / data / Dockerfiles / sogo / bootstrap-sogo.sh
blob: aa15525c96665cd5e0ecfea9bc51994dbe4b8184 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1#!/bin/bash
2
3# Wait for MySQL to warm-up
4while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
5 echo "Waiting for database to come up..."
6 sleep 2
7done
8
9# Wait until port becomes free and send sig
10until ! nc -z sogo-mailcow 20000;
11do
12 killall -TERM sogod
13 sleep 3
14done
15
16# Wait for updated schema
17DBV_NOW=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
18DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
19while [[ "${DBV_NOW}" != "${DBV_NEW}" ]]; do
20 echo "Waiting for schema update..."
21 DBV_NOW=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
22 DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
23 sleep 5
24done
25echo "DB schema is ${DBV_NOW}"
26
27# Recreate view
28if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
29 echo "We are master, preparing sogo_view..."
30 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
31 while [[ ${VIEW_OK} != 'OK' ]]; do
32 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
33CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) AS
34SELECT
35 mailbox.username,
36 mailbox.domain,
37 mailbox.username,
38 IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.force_pw_update')) = '0', IF(JSON_UNQUOTE(JSON_VALUE(attributes, '$.sogo_access')) = 1, password, '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'), '{SSHA256}A123A123A321A321A321B321B321B123B123B321B432F123E321123123321321'),
39 mailbox.name,
40 mailbox.username,
41 IFNULL(GROUP_CONCAT(ga.aliases ORDER BY ga.aliases SEPARATOR ' '), ''),
42 IFNULL(gda.ad_alias, ''),
43 IFNULL(external_acl.send_as_acl, ''),
44 mailbox.kind,
45 mailbox.multiple_bookings
46FROM
47 mailbox
48 LEFT OUTER JOIN
49 grouped_mail_aliases ga
50 ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
51 LEFT OUTER JOIN
52 grouped_domain_alias_address gda
53 ON gda.username = mailbox.username
54 LEFT OUTER JOIN
55 grouped_sender_acl_external external_acl
56 ON external_acl.username = mailbox.username
57WHERE
58 mailbox.active = '1'
59GROUP BY
60 mailbox.username;
61EOF
62 if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
63 VIEW_OK=OK
64 else
65 echo "Will retry to setup SOGo view in 3s..."
66 sleep 3
67 fi
68 done
69else
70 while [[ ${VIEW_OK} != 'OK' ]]; do
71 if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'sogo_view'") ]]; then
72 VIEW_OK=OK
73 else
74 echo "Waiting for SOGo view to be created by master..."
75 sleep 3
76 fi
77 done
78fi
79
80# Wait for static view table if missing after update and update content
81if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
82 echo "We are master, preparing _sogo_static_view..."
83 while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
84 if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
85 STATIC_VIEW_OK=OK
86 echo "Updating _sogo_static_view content..."
87 # If changed, also update init_db.inc.php
88 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "REPLACE INTO _sogo_static_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings) SELECT c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, ext_acl, kind, multiple_bookings from sogo_view;"
89 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "DELETE FROM _sogo_static_view WHERE c_uid NOT IN (SELECT username FROM mailbox WHERE active = '1')"
90 else
91 echo "Waiting for database initialization..."
92 sleep 3
93 fi
94 done
95else
96 while [[ ${STATIC_VIEW_OK} != 'OK' ]]; do
97 if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = '_sogo_static_view'") ]]; then
98 STATIC_VIEW_OK=OK
99 else
100 echo "Waiting for database initialization by master..."
101 sleep 3
102 fi
103 done
104fi
105
106
107# Recreate password update trigger
108if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
109 echo "We are master, preparing update trigger..."
110 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TRIGGER IF EXISTS sogo_update_password"
111 while [[ ${TRIGGER_OK} != 'OK' ]]; do
112 mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
113DELIMITER -
114CREATE TRIGGER sogo_update_password AFTER UPDATE ON _sogo_static_view
115FOR EACH ROW
116BEGIN
117UPDATE mailbox SET password = NEW.c_password WHERE NEW.c_uid = username;
118END;
119-
120DELIMITER ;
121EOF
122 if [[ ! -z $(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -B -e "SELECT 'OK' FROM INFORMATION_SCHEMA.TRIGGERS WHERE TRIGGER_NAME = 'sogo_update_password'") ]]; then
123 TRIGGER_OK=OK
124 else
125 echo "Will retry to setup SOGo password update trigger in 3s"
126 sleep 3
127 fi
128 done
129fi
130
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]131# cat /dev/urandom seems to hang here occasionally and is not recommended anyway, better use openssl
132RAND_PASS=$(openssl rand -base64 16 | tr -dc _A-Z-a-z-0-9)
133
134# Generate plist header with timezone data
135mkdir -p /var/lib/sogo/GNUstep/Defaults/
136cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
137<?xml version="1.0" encoding="UTF-8"?>
138<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
139<plist version="0.9">
140<dict>
141 <key>OCSAclURL</key>
142 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
143 <key>SOGoIMAPServer</key>
144 <string>imap://${IPV4_NETWORK}.250:143/?TLS=YES&amp;tlsVerifyMode=none</string>
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]145 <key>SOGoSieveServer</key>
146 <string>sieve://${IPV4_NETWORK}.250:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
147 <key>SOGoSMTPServer</key>
148 <string>smtp://${IPV4_NETWORK}.253:588/?TLS=YES&amp;tlsVerifyMode=none</string>
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]149 <key>SOGoTrustProxyAuthentication</key>
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]150 <string>YES</string>
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]151 <key>SOGoEncryptionKey</key>
152 <string>${RAND_PASS}</string>
153 <key>OCSCacheFolderURL</key>
154 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
155 <key>OCSEMailAlarmsFolderURL</key>
156 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_alarms_folder</string>
157 <key>OCSFolderInfoURL</key>
158 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_folder_info</string>
159 <key>OCSSessionsFolderURL</key>
160 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_sessions_folder</string>
161 <key>OCSStoreURL</key>
162 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_store</string>
163 <key>SOGoProfileURL</key>
164 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_user_profile</string>
165 <key>SOGoTimeZone</key>
166 <string>${TZ}</string>
167 <key>domains</key>
168 <dict>
169EOF
170
171# Generate multi-domain setup
172while read -r line gal
173 do
174 echo " <key>${line}</key>
175 <dict>
176 <key>SOGoMailDomain</key>
177 <string>${line}</string>
178 <key>SOGoUserSources</key>
179 <array>
180 <dict>
181 <key>MailFieldNames</key>
182 <array>
183 <string>aliases</string>
184 <string>ad_aliases</string>
185 <string>ext_acl</string>
186 </array>
187 <key>KindFieldName</key>
188 <string>kind</string>
189 <key>DomainFieldName</key>
190 <string>domain</string>
191 <key>MultipleBookingsFieldName</key>
192 <string>multiple_bookings</string>
193 <key>listRequiresDot</key>
194 <string>NO</string>
195 <key>canAuthenticate</key>
196 <string>YES</string>
197 <key>displayName</key>
198 <string>GAL ${line}</string>
199 <key>id</key>
200 <string>${line}</string>
201 <key>isAddressBook</key>
202 <string>${gal}</string>
203 <key>type</key>
204 <string>sql</string>
205 <key>userPasswordAlgorithm</key>
206 <string>${MAILCOW_PASS_SCHEME}</string>
207 <key>prependPasswordScheme</key>
208 <string>YES</string>
209 <key>viewURL</key>
210 <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/_sogo_static_view</string>
211 </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
212 # Generate alternative LDAP authentication dict, when SQL authentication fails
213 # This will nevertheless read attributes from LDAP
214 line=${line} envsubst < /etc/sogo/plist_ldap >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
215 echo " </array>
216 </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
217done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain, CASE gal WHEN '1' THEN 'YES' ELSE 'NO' END AS gal FROM domain;" -B -N)
218
219# Generate footer
220echo ' </dict>
221</dict>
222</plist>' >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
223
224# Fix permissions
225chown sogo:sogo -R /var/lib/sogo/
226chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
227
228# Patch ACLs
229#if [[ ${ACL_ANYONE} == 'allow' ]]; then
230# #enable any or authenticated targets for ACL
231# if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
232# patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
233# fi
234#else
235# #disable any or authenticated targets for ACL
236# if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
237# patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
238# fi
239#fi
240
241# Copy logo, if any
242[[ -f /etc/sogo/sogo-full.svg ]] && cp /etc/sogo/sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
243
244# Rsync web content
245echo "Syncing web content with named volume"
246rsync -a /usr/lib/GNUstep/SOGo/. /sogo_web/
247
248# Chown backup path
249chown -R sogo:sogo /sogo_backup
250
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]251exec gosu sogo /usr/sbin/sogod