bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
test/lib/roundcube.sh

192 lines
7.1 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Roundcube Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
get_appvars
config_roundcube() {
echo -ne "\n* Configuring roundcube container.."
if [ ! -d "/federated/apps/roundcube" ]; then
mkdir -p /federated/apps/roundcube/data/var/www/html
fi
cat > /federated/apps/roundcube/docker-compose.yml <<EOF
version: "3.7"
services:
roundcube:
image: roundcube/roundcubemail:\${IMAGE_VERSION}
container_name: roundcube
hostname: roundcube.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.47
extra_hosts:
- "authelia.$DOMAIN:$EXTERNALIP"
- "mail.$DOMAIN:$EXTERNALIP"
env_file:
- ./.env
volumes:
- ./data/var/www/html:/var/www/html
labels:
- "traefik.enable=true"
- "traefik.http.routers.roundcube.rule=Host(\`roundcube.$DOMAIN\`,\`webmail.$DOMAIN\`)"
- "traefik.http.routers.roundcube.entrypoints=websecure"
- "traefik.http.routers.roundcube.tls.certresolver=letsencrypt"
networks:
federated:
external: true
EOF
ROUNDCUBE_SECRET=$(create_password);
cat > /federated/apps/roundcube/.env <<EOF
IMAGE_VERSION="1.6.8-apache"
ROUNDCUBEMAIL_DB_TYPE=mysql
ROUNDCUBEMAIL_DB_HOST=pdnsmysql.$DOMAIN
ROUNDCUBEMAIL_DB_USER=roundcube
ROUNDCUBEMAIL_DB_NAME=roundcube
ROUNDCUBEMAIL_DB_PASSWORD=$ROUNDCUBE_SECRET
ROUNDCUBEMAIL_SKIN=elastic
ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.$DOMAIN
ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.$DOMAIN
ROUNDCUBEMAIL_USERNAME_DOMAIN=$DOMAIN
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=4G
EOF
chmod 600 /federated/apps/roundcube/.env
# Create database and user in mysql
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'create database roundcube;'" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"CREATE USER 'roundcube'@'%' IDENTIFIED BY '$ROUNDCUBE_SECRET';\"" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e \"grant all privileges on roundcube.* to 'roundcube'@'%';\"" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'flush privileges;'" &> /dev/null
echo -ne "done.\n"
}
start_roundcube() {
# Start service with command to make sure it's up before proceeding
start_service "roundcube" "nc -z 172.99.0.47 80 &> /dev/null" "7"
docker exec pdns pdnsutil add-record $DOMAIN roundcube A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
docker exec pdns pdnsutil add-record $DOMAIN webmail A 86400 $EXTERNALIP &> /dev/null
[ $? -ne 0 ] && fail "Couldn't add dns record for roundcube"
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
email_roundcube() {
echo -ne "* Sending email to customer.."
spin &
SPINPID=$!
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
<html>
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
<p>
<h4>Roundcube is now installed on $DOMAIN</h4>
<p>
Dear Customer,<br>
<br>
We'd like to introduce you to "Roundcube", a free and open source webmail solution with a desktop-like user interface. You can find "Roundcube" at <a href="https://roundcube.$DOMAIN">https://roundcube.$DOMAIN</a>
and also on your Dashboard <a href="https://dashboard.$DOMAIN">https://dashboard.$DOMAIN</a> as a new application.
<br>
<br>
This is only one of a number of big changes you'll be seeing from Federated Computer in the coming months to improve and enhance your Federated Core. Thank you for being a customer!
<br>
<br>
Best,
<br>
Federated Computer
<p>
</html>
EOF
# Send out e-mail from mail container with details
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
rm /federated/apps/mail/data/root/certs/mailfile
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
uninstall_roundcube() {
echo -ne "* Uninstalling roundcube container.."
spin &
SPINPID=$!
# First stop the service
cd /federated/apps/roundcube && docker-compose -f docker-compose.yml -p roundcube down &> /dev/null
# Delete database and user
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop database roundcube;'" &> /dev/null
docker exec pdnsmysql bash -c "mysql -uroot -p$MYSQL_ROOTPASSWORD -e 'drop user roundcube;'" &> /dev/null
# Delete the app directory
rm -rf /federated/apps/roundcube
# Delete the image
docker image rm roundcube/roundcubemail:$IMAGE_VERSION &> /dev/null
# Delete the DNS record
docker exec pdns pdnsutil delete-rrset $DOMAIN roundcube A
# Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
sed -i '/### Roundcube/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
sed -i '/### Roundcube/d' /federated/apps/authelia/data/config/idproviders.yml
/federated/bin/stop authelia
/federated/bin/start authelia
fi
kill -9 $SPINPID &> /dev/null
echo -ne "done.\n"
}
configsso_roundcube() {
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
[[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Roundcube configuration."
ROUNDCUBE_CLIENT_SECRET=$(create_password);
ROUNDCUBE_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $ROUNDCUBE_CLIENT_SECRET | awk '{ print $2 }')
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
### Roundcube
- client_id: 'roundcube'
client_name: 'Roundcube'
client_secret: $ROUNDCUBE_CLIENT_SECRET_HASH
consent_mode: 'implicit'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- https://webmail.$DOMAIN/index.php/login/oauth
scopes:
- 'openid'
- 'profile'
- 'email'
token_endpoint_auth_method: 'client_secret_post'
EOF
# Restart Authelia for changes to take the above configuration
/federated/bin/stop authelia
/federated/bin/start authelia
sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\
\$config['oauth_provider_name'] = 'Authelia'; \n\
\$config['oauth_client_id'] = 'roundcube'; \n\
\$config['oauth_client_secret'] = '$ROUNDCUBE_CLIENT_SECRET'; \n\
\$config['oauth_auth_uri'] = 'https://authelia.$DOMAIN/api/oidc/authorization'; \n\
\$config['oauth_token_uri'] = 'https://authelia.$DOMAIN/api/oidc/token'; \n\
\$config['oauth_identity_uri'] = 'https://authelia.$DOMAIN/api/oidc/userinfo'; \n\
\$config['oauth_identity_fields'] = ['email']; \n\
\$config['use_https'] = true; \n\
\$config['oauth_scope'] = 'email openid profile'; \n\
\$config['oauth_login_redirect'] = false;" /federated/apps/roundcube/data/var/www/html/config/config.inc.php
/federated/bin/stop roundcube
/federated/bin/start roundcube
}
Reference in New Issue View Git Blame Copy Permalink