#!/bin/bash
#
# Federated Stack Mail

PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

config_mail() {
  echo -ne "\n* Configuring fstack/mail container.."
  spin &
  SPINPID=$!

  if [ ! -d "fstack/mail" ]; then
    mkdir -p fstack/mail/data/root/certs &> /dev/null
    mkdir -p fstack/mail/data/var/mail &> /dev/null
    mkdir -p fstack/mail/data/var/mail-state &> /dev/null
    mkdir -p fstack/mail/data/var/log/mail &> /dev/null
    mkdir -p fstack/mail/data/tmp/docker-mailserver &> /dev/null
    mkdir -p fstack/mail/data/etc/apache2/sites-enabled &> /dev/null
    cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/mail/data/root/certs/
  fi

#  DOMAIN_ARRAY=(${DOMAIN//./ })
#  DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
#  DOMAIN_LAST=${DOMAIN_ARRAY[1]}

cat > fstack/mail/docker-compose.yml <<EOF
version: '3.8'

services:
  mail:
    image: docker.io/mailserver/docker-mailserver:latest
    container_name: mail
    hostname: mail.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      fstack:
        ipv4_address: 172.99.0.13
    ports:
      - "25:25"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
    volumes:
      - ./data/root/certs:/root/certs
      - ./data/var/mail:/var/mail/
      - ./data/var/mail-state:/var/mail-state/
      - ./data/var/log/mail:/var/log/mail/
      - ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
    environment:
      - ENABLE_SPAMASSASSIN=1
      - SPAMASSASSIN_SPAM_TO_INBOX=1
      - ENABLE_CLAMAV=0
      - ENABLE_FAIL2BAN=0
      - ENABLE_POSTGREY=1
      - ONE_DIR=1
      - DMS_DEBUG=0
      - LOG_LEVEL=debug
      - ENABLE_LDAP=1
      - SSL_TYPE=manual
      - SSL_CERT_PATH=/root/certs/fullchain1.pem
      - SSL_KEY_PATH=/root/certs/privkey1.pem
      - LDAP_START_TLS=yes
      - DOVECOT_TLS=yes
      - SASLAUTHD_LDAP_START_TLS=yes
      - LDAP_SERVER_HOST=ldap.$DOMAIN
      - LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
      - LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
      - LDAP_BIND_PW=$ADMINPASS
      - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
      - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
      - LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
      - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
        # DOVECOT
      - DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
      - DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
      - DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
        # SASLAUTHD
      - ENABLE_SASLAUTHD=1
      - SASLAUTHD_MECHANISMS=ldap
      - SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
      - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
      - SASLAUTHD_LDAP_PASSWORD=$ADMINPASS
      - SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
      - SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
      - POSTMASTER_ADDRESS=postmaster@localhost.localdomain
      - POSTFIX_MESSAGE_SIZE_LIMIT=100000000
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE

  webmail:
    image: roundcube/roundcubemail:latest
    container_name: webmail
    hostname: webmail.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      fstack:
        ipv4_address: 172.99.0.14
    ports:
      - 9002:80
      - 9443:443
    volumes:
      - ./data/root/certs:/root/certs
      - ./data/etc/apache2/sites-enabled:/etc/apache2/sites-enabled
      - ./data/var/roundcube:/var/roundcube
    environment:
      - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.$DOMAIN
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.$DOMAIN
      - ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=4096M
    depends_on:
      - mail

networks:
  fstack:
    external: true
EOF

cat > fstack/mail/data/etc/apache2/sites-enabled/000-default.conf <<'EOF'
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

<VirtualHost *:80>
 ServerAdmin admin@localhost
 DocumentRoot /var/www/html
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
 SSLEngine on
 SSLCertificateFile /root/certs/fullchain1.pem
 SSLCertificateKeyFile /root/certs/privkey1.pem

 ServerAdmin admin@localhost
 DocumentRoot /var/www/html
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF

  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
}

start_mail() {
  echo -ne "\n* Starting fstack/mail service.."
  spin &
  SPINPID=$!

  if [ $DEBUG ]; then
    # Start fstack/mail with output to console for debug
    docker-compose -f fstack/mail/docker-compose.yml -p mail up
    [ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/mail"
  else
    docker-compose -f fstack/mail/docker-compose.yml -p mail up -d &> /dev/null

    # Keep trying mail port 25 to make sure it's up
    # before we proceed
    RETRY="23"
    while [ $RETRY -gt 0 ]; do
      nc -z 172.99.0.13 25 &> /dev/null
      if [ $? -eq 0 ]; then
        break
      else
        if [ "$RETRY" == 1 ]; then
          docker-compose -f fstack/mail/docker-compose.yml -p mail down &> /dev/null
          kill -9 $SPINPID &> /dev/null
          fail "There was a problem starting service fstack/mail\nCheck the output of 'docker logs mail' or turn on\ndebug with -d"
        fi
        ((RETRY--))
        sleep 7
      fi
    done
  fi

  # Generate the DKIM DNS key
  docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't generate DKIM record"

  # Insert the DKIM DNS TXT entry into fstack/dns container
  cat fstack/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt >> fstack/dns/data/etc/bind/zones/$DOMAIN
  [ $? -ne 0 ] && fail "Couldn't insert DKIM record into fstack/dns container"

  # Insert the DMARC DNS TXT entry into fstack/dns container
  echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> fstack/dns/data/etc/bind/zones/$DOMAIN
  [ $? -ne 0 ] && fail "Couldn't insert DMARC record into fstack/dns container"

  # Reload DNS configuration in fstack/dns container 
  docker exec -it dns rndc reload $DOMAIN &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run rndc reload DOMAIN on fstack/dns container"

  docker exec -it dns rndc reload &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run rndc reload on fstack/dns container"

  # Enable SSL module in fstack/webmail
  docker exec -it webmail a2enmod ssl &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run a2enmod ssl in fstack/webmail container"

  docker exec -it webmail service apache2 restart
  
  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
}