bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Updated Roundcube SSO config

Browse Source
This commit is contained in:
root 2024-09-25 14:44:10 +00:00
parent 633d904ce9
commit 0e526af58a
1 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
lib/roundcube.sh
View File

@ -26,7 +26,6 @@ services:
ipv4_address: 172.99.0.47 ipv4_address: 172.99.0.47
extra_hosts: extra_hosts:
- "authelia.$DOMAIN:$EXTERNALIP" - "authelia.$DOMAIN:$EXTERNALIP"
- "mail.$DOMAIN:$EXTERNALIP"
env_file: env_file:
- ./.env - ./.env
volumes: volumes:
@ -133,6 +132,7 @@ uninstall_roundcube() {
# Delete the DNS record # Delete the DNS record
docker exec pdns pdnsutil delete-rrset $DOMAIN roundcube A docker exec pdns pdnsutil delete-rrset $DOMAIN roundcube A
docker exec pdns pdnsutil delete-rrset $DOMAIN webmail A
# Uninstall the SSO configuration if it exists in authelia (authelia must exist too) # Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
@ -162,11 +162,12 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
public: false public: false
authorization_policy: 'one_factor' authorization_policy: 'one_factor'
redirect_uris: redirect_uris:
- https://webmail.$DOMAIN/index.php/login/oauth - https://roundcube.$DOMAIN/index.php/login/oauth
scopes: scopes:
- 'openid' - 'openid'
- 'profile' - 'profile'
- 'email' - 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post' token_endpoint_auth_method: 'client_secret_post'
EOF EOF
@ -174,6 +175,10 @@ EOF
/federated/bin/stop authelia /federated/bin/stop authelia
/federated/bin/start authelia /federated/bin/start authelia
# Add in extra hosts config
[[ ! $(grep extra_hosts /federated/apps/roundcube/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/roundcube/docker-compose.yml
[[ ! $(grep extra_hosts /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/mail/docker-compose.yml
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\ sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
\$config['oauth_provider_name'] = 'Authelia'; \n\ \$config['oauth_provider_name'] = 'Authelia'; \n\
\$config['oauth_client_id'] = 'roundcube'; \n\ \$config['oauth_client_id'] = 'roundcube'; \n\
@ -182,10 +187,45 @@ sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
\$config['oauth_token_uri'] = 'https://authelia.$DOMAIN/api/oidc/token'; \n\ \$config['oauth_token_uri'] = 'https://authelia.$DOMAIN/api/oidc/token'; \n\
\$config['oauth_identity_uri'] = 'https://authelia.$DOMAIN/api/oidc/userinfo'; \n\ \$config['oauth_identity_uri'] = 'https://authelia.$DOMAIN/api/oidc/userinfo'; \n\
\$config['oauth_identity_fields'] = ['email']; \n\ \$config['oauth_identity_fields'] = ['email']; \n\
\$config['oauth_verify_peer'] = false; \n\
\$config['use_https'] = true; \n\ \$config['use_https'] = true; \n\
\$config['oauth_scope'] = 'email openid profile'; \n\ \$config['oauth_scope'] = 'email openid profile'; \n\
\$config['oauth_login_redirect'] = false;" /federated/apps/roundcube/data/var/www/html/config/config.inc.php \$config['oauth_login_redirect'] = false;" /federated/apps/roundcube/data/var/www/html/config/config.inc.php
# Disable Spamassasin, enable Rspamd, and insert OAUTH2 configuration in mail server
sed -i "s/ENABLE_SPAMASSASSIN=.*/ENABLE_SPAMASSASSIN=0/g" /federated/apps/mail/.env
sed -i "s/ENABLE_SPAMASSASSIN_KAM=.*/#ENABLE_SPAMASSASSIN_KAM=0/g" /federated/apps/mail/.env
sed -i "s/SPAMASSASSIN_SPAM_TO_INBOX=.*/#SPAMASSASSIN_SPAM_TO_INBOX=0/g" /federated/apps/mail/.env
sed -i "s/ENABLE_AMAVIS=.*/ENABLE_AMAVIS=0/g" /federated/apps/mail/.env
sed -i "s/ENABLE_CLAMAV=.*/ENABLE_CLAMAV=1/g" /federated/apps/mail/.env
sed -i "s/ENABLE_POSTGREY=.*/ENABLE_POSTGREY=0/g" /federated/apps/mail/.env
sed -i "/ENABLE_POSTGREY=0/a \ENABLE_RSPAMD=1\nRSPAMD_GREYLISTING=1\nENABLE_AMAVIS=0" /federated/apps/mail/.env
sed -i "/LOG_LEVEL=debug/a \ENABLE_OAUTH2=1\nOAUTH2_INTROSPECTION_URL=https://roundcube:$ROUNDCUBE_CLIENT_SECRET@authelia.$DOMAIN/api/oidc/introspection\nOAUTH2_USERNAME_ATTRIBUTE=username\nOAUTH2_INTROSPECTION_MODE=post" /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
EOF
#[[ ! -d "/federated/apps/mail/data/etc/dovecot/conf.d" ]] && mkdir /federated/apps/mail/data/etc/dovecot/conf.d
cat > /federated/apps/mail/data/etc/dovecot/conf.d/95-roundcube.conf <<'EOF'
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
EOF
[[ ! $(grep 95-roundcube.conf /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/volumes:/a \ - ./data/etc/dovecot/conf.d/95-roundcube.conf:/etc/dovecot/conf.d/95-roundcube.conf" /federated/apps/mail/docker-compose.yml
/federated/bin/stop roundcube /federated/bin/stop roundcube
/federated/bin/start roundcube /federated/bin/start roundcube
/federated/bin/stop mail
/federated/bin/start mail
} }