Mailu/webmails/start.py

#!/usr/bin/env python3

import os
import logging
import sys
import subprocess
import shutil
import hmac

from socrate import conf, system

env = os.environ

system.set_env(['ROUNDCUBE','SNUFFLEUPAGUS'])

# jinja context
context = {}
context.update(env)

context["MAX_FILESIZE"] = str(int(int(env.get("MESSAGE_SIZE_LIMIT", "50000000")) * 0.66 / 1048576))

# Get the first DNS server
with open("/etc/resolv.conf") as handle:
    content = handle.read().split()
    resolver = content[content.index("nameserver") + 1]
    context["RESOLVER"] = f"[{resolver}]" if ":" in resolver else resolver

db_uri = env.get("SQLALCHEMY_DATABASE_URI_ROUNDCUBE", "sqlite:////data/roundcube.db")
db_flavor = env.get("ROUNDCUBE_DB_FLAVOR")
if db_flavor == "sqlite":
    context["DB_DSNW"] = "sqlite:////data/roundcube.db"
elif db_flavor == "mysql":
    context["DB_DSNW"] = "mysql://%s:%s@%s/%s" % (
        env.get("ROUNDCUBE_DB_USER", "roundcube"),
        env.get("ROUNDCUBE_DB_PW"),
        env.get("ROUNDCUBE_DB_HOST", "database"),
        env.get("ROUNDCUBE_DB_NAME", "roundcube")
    )
elif db_flavor == "postgresql":
    context["DB_DSNW"] = "pgsql://%s:%s@%s/%s" % (
        env.get("ROUNDCUBE_DB_USER", "roundcube"),
        env.get("ROUNDCUBE_DB_PW"),
        env.get("ROUNDCUBE_DB_HOST", "database"),
        env.get("ROUNDCUBE_DB_NAME", "roundcube")
    )
elif db_uri:
    context["DB_DSNW"] = db_uri
else:
    print(f"Unknown ROUNDCUBE_DB_FLAVOR: {db_flavor}", file=sys.stderr)
    exit(1)

conf.jinja("/etc/snuffleupagus.rules.tpl", context, "/etc/snuffleupagus.rules")

# roundcube plugins
# (using "dict" because it is ordered and "set" is not)
plugins = dict((p, None) for p in env.get("ROUNDCUBE_PLUGINS", "").replace(" ", "").split(",") if p and os.path.isdir(os.path.join("/var/www/roundcube/plugins", p)))
if plugins:
    plugins["mailu"] = None
else:
    plugins = dict((k, None) for k in ["archive", "zipdownload", "markasjunk", "managesieve", "enigma", "carddav", "mailu"])

context["PLUGINS"] = ",".join(f"'{p}'" for p in plugins)

# add overrides
context["INCLUDES"] = sorted(inc for inc in os.listdir("/overrides") if inc.endswith((".inc", ".inc.php"))) if os.path.isdir("/overrides") else []

# create config files
conf.jinja("/conf/config.inc.php", context, "/var/www/roundcube/config/config.inc.php")

# create dirs
os.system("mkdir -p /data/gpg")

base = "/data/_data_/_default_/"
shutil.rmtree(base + "domains/", ignore_errors=True)
os.makedirs(base + "domains", exist_ok=True)
os.makedirs(base + "configs", exist_ok=True)

conf.jinja("/defaults/default.json", context, "/data/_data_/_default_/domains/default.json")
conf.jinja("/defaults/application.ini", context, "/data/_data_/_default_/configs/application.ini")
conf.jinja("/defaults/php.ini", context, "/etc/php83/php.ini")

# setup permissions
os.system("chown -R mailu:mailu /data")

def demote(username='mailu'):
    def result():
        system.drop_privs_to(username)
    return result

print("Initializing database")
try:
    result = subprocess.check_output(["/var/www/roundcube/bin/initdb.sh", "--dir", "/var/www/roundcube/SQL"],
                                     stderr=subprocess.STDOUT, preexec_fn=demote())
    print(result.decode())
except subprocess.CalledProcessError as exc:
    err = exc.stdout.decode()
    if "already exists" in err:
        print("Already initialized")
    else:
        print(err)
        exit(3)

print("Upgrading database")
try:
    subprocess.check_call(["/var/www/roundcube/bin/update.sh", "--version=?", "-y"], stderr=subprocess.STDOUT, preexec_fn=demote())
except subprocess.CalledProcessError as exc:
    exit(4)
else:
    print("Cleaning database")
    try:
        subprocess.check_call(["/var/www/roundcube/bin/cleandb.sh"], stderr=subprocess.STDOUT, preexec_fn=demote())
    except subprocess.CalledProcessError as exc:
        exit(5)

# Configure nginx
conf.jinja("/conf/nginx-webmail.conf", context, "/etc/nginx/http.d/webmail.conf")
if os.path.exists("/var/run/nginx.pid"):
    os.system("nginx -s reload")

system.clean_env()

# run nginx
os.system("php-fpm83")
os.execv("/usr/sbin/nginx", ["nginx", "-g", "daemon off;"])
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00			`#!/usr/bin/env python3`
Finished up switching from .sh to .py 2018-10-23 10:58:36 +02:00
			`import os`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`import logging`
Implement debug logging for template rendering 2019-01-08 00:38:06 +02:00			`import sys`
Print roundcube error log to stdout 2019-11-21 14:46:38 +02:00			`import subprocess`
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`import shutil`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`import hmac`
Dynamic attachment size 2018-12-07 13:37:40 +02:00
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`from socrate import conf, system`
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`env = os.environ`
Implement debug logging for template rendering 2019-01-08 00:38:06 +02:00
Enable dynamic resolution of hostnames 2022-12-08 13:46:31 +02:00			`system.set_env(['ROUNDCUBE','SNUFFLEUPAGUS'])`
Dynamic attachment size 2018-12-07 13:37:40 +02:00
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`# jinja context`
			`context = {}`
			`context.update(env)`

			`context["MAX_FILESIZE"] = str(int(int(env.get("MESSAGE_SIZE_LIMIT", "50000000")) * 0.66 / 1048576))`

Need this too 2023-01-28 19:30:33 +02:00			`# Get the first DNS server`
			`with open("/etc/resolv.conf") as handle:`
			`content = handle.read().split()`
			`resolver = content[content.index("nameserver") + 1]`
			`context["RESOLVER"] = f"[{resolver}]" if ":" in resolver else resolver`

Introduce connection string (database url) for roundcube. Remove database choice from setup. Remove the old DB_ database env variables from the documentation. The env vars are deprecated now. They will be removed after the upcoming Mailu release. 2023-03-26 14:21:00 +02:00			`db_uri = env.get("SQLALCHEMY_DATABASE_URI_ROUNDCUBE", "sqlite:////data/roundcube.db")`
			`db_flavor = env.get("ROUNDCUBE_DB_FLAVOR")`
Reformat python 2021-06-18 23:21:24 +02:00			`if db_flavor == "sqlite":`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`context["DB_DSNW"] = "sqlite:////data/roundcube.db"`
Reformat python 2021-06-18 23:21:24 +02:00			`elif db_flavor == "mysql":`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`context["DB_DSNW"] = "mysql://%s:%s@%s/%s" % (`
			`env.get("ROUNDCUBE_DB_USER", "roundcube"),`
			`env.get("ROUNDCUBE_DB_PW"),`
			`env.get("ROUNDCUBE_DB_HOST", "database"),`
			`env.get("ROUNDCUBE_DB_NAME", "roundcube")`
Reformat python 2021-06-18 23:21:24 +02:00			`)`
			`elif db_flavor == "postgresql":`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`context["DB_DSNW"] = "pgsql://%s:%s@%s/%s" % (`
			`env.get("ROUNDCUBE_DB_USER", "roundcube"),`
			`env.get("ROUNDCUBE_DB_PW"),`
			`env.get("ROUNDCUBE_DB_HOST", "database"),`
			`env.get("ROUNDCUBE_DB_NAME", "roundcube")`
Reformat python 2021-06-18 23:21:24 +02:00			`)`
Introduce connection string (database url) for roundcube. Remove database choice from setup. Remove the old DB_ database env variables from the documentation. The env vars are deprecated now. They will be removed after the upcoming Mailu release. 2023-03-26 14:21:00 +02:00			`elif db_uri:`
			`context["DB_DSNW"] = db_uri`
Make roundcube db configurable 2019-11-19 13:22:09 +02:00			`else:`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`print(f"Unknown ROUNDCUBE_DB_FLAVOR: {db_flavor}", file=sys.stderr)`
Make roundcube db configurable 2019-11-19 13:22:09 +02:00			`exit(1)`

Add snuffleupagus This seems to work in my limited testing. 2022-11-18 14:25:02 +02:00			`conf.jinja("/etc/snuffleupagus.rules.tpl", context, "/etc/snuffleupagus.rules")`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00
			`# roundcube plugins`
			`# (using "dict" because it is ordered and "set" is not)`
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`plugins = dict((p, None) for p in env.get("ROUNDCUBE_PLUGINS", "").replace(" ", "").split(",") if p and os.path.isdir(os.path.join("/var/www/roundcube/plugins", p)))`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`if plugins:`
			`plugins["mailu"] = None`
			`else:`
			`plugins = dict((k, None) for k in ["archive", "zipdownload", "markasjunk", "managesieve", "enigma", "carddav", "mailu"])`

			`context["PLUGINS"] = ",".join(f"'{p}'" for p in plugins)`

add documentation, allow overrides, clean plugins 2021-12-18 18:43:21 +02:00			`# add overrides`
Process nextgens review remarks 2022-11-10 21:03:26 +02:00			`context["INCLUDES"] = sorted(inc for inc in os.listdir("/overrides") if inc.endswith((".inc", ".inc.php"))) if os.path.isdir("/overrides") else []`
add documentation, allow overrides, clean plugins 2021-12-18 18:43:21 +02:00
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`# create config files`
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`conf.jinja("/conf/config.inc.php", context, "/var/www/roundcube/config/config.inc.php")`
Finished up switching from .sh to .py 2018-10-23 10:58:36 +02:00
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`# create dirs`
re-enable mod_rewrite in roundcube moved chown/mkdir/symlink from start.py to Dockerfile 2021-09-24 18:15:00 +02:00			`os.system("mkdir -p /data/gpg")`
Print roundcube error log to stdout 2019-11-21 14:46:38 +02:00
Change perms first 2022-11-24 20:08:30 +02:00			`base = "/data/_data_/_default_/"`
			`shutil.rmtree(base + "domains/", ignore_errors=True)`
			`os.makedirs(base + "domains", exist_ok=True)`
			`os.makedirs(base + "configs", exist_ok=True)`

			`conf.jinja("/defaults/default.json", context, "/data/_data_/_default_/domains/default.json")`
			`conf.jinja("/defaults/application.ini", context, "/data/_data_/_default_/configs/application.ini")`
Upgrade alpine, node, PHP and snappymail 2023-12-20 13:53:59 +02:00			`conf.jinja("/defaults/php.ini", context, "/etc/php83/php.ini")`
Change perms first 2022-11-24 20:08:30 +02:00
			`# setup permissions`
			`os.system("chown -R mailu:mailu /data")`

drop privs better 2022-12-23 11:58:06 +02:00			`def demote(username='mailu'):`
Don't do it as root 2022-11-24 19:40:56 +02:00			`def result():`
drop privs better 2022-12-23 11:58:06 +02:00			`system.drop_privs_to(username)`
Don't do it as root 2022-11-24 19:40:56 +02:00			`return result`

added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`print("Initializing database")`
Create/update database on startup 2019-11-21 22:05:15 +02:00			`try:`
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`result = subprocess.check_output(["/var/www/roundcube/bin/initdb.sh", "--dir", "/var/www/roundcube/SQL"],`
drop privs better 2022-12-23 11:58:06 +02:00			`stderr=subprocess.STDOUT, preexec_fn=demote())`
Create/update database on startup 2019-11-21 22:05:15 +02:00			`print(result.decode())`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`except subprocess.CalledProcessError as exc:`
			`err = exc.stdout.decode()`
			`if "already exists" in err:`
Process nextgens review remarks 2022-11-10 21:03:26 +02:00			`print("Already initialized")`
Create/update database on startup 2019-11-21 22:05:15 +02:00			`else:`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`print(err)`
			`exit(3)`
Create/update database on startup 2019-11-21 22:05:15 +02:00
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`print("Upgrading database")`
Create/update database on startup 2019-11-21 22:05:15 +02:00			`try:`
drop privs better 2022-12-23 11:58:06 +02:00			`subprocess.check_call(["/var/www/roundcube/bin/update.sh", "--version=?", "-y"], stderr=subprocess.STDOUT, preexec_fn=demote())`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`except subprocess.CalledProcessError as exc:`
			`exit(4)`
updated roundcube. added cleanup run at startup 2021-11-02 13:21:40 +02:00			`else:`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`print("Cleaning database")`
updated roundcube. added cleanup run at startup 2021-11-02 13:21:40 +02:00			`try:`
drop privs better 2022-12-23 11:58:06 +02:00			`subprocess.check_call(["/var/www/roundcube/bin/cleandb.sh"], stderr=subprocess.STDOUT, preexec_fn=demote())`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00			`except subprocess.CalledProcessError as exc:`
			`exit(5)`
Create/update database on startup 2019-11-21 22:05:15 +02:00
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00			`# Configure nginx`
Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 12:34:58 +02:00			`conf.jinja("/conf/nginx-webmail.conf", context, "/etc/nginx/http.d/webmail.conf")`
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00			`if os.path.exists("/var/run/nginx.pid"):`
			`os.system("nginx -s reload")`
Fix roundcube permissions, tail correct log 2020-03-13 22:17:21 +02:00
Enable dynamic resolution of hostnames 2022-12-08 13:46:31 +02:00			`system.clean_env()`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00			`# run nginx`
Upgrade alpine, node, PHP and snappymail 2023-12-20 13:53:59 +02:00			`os.system("php-fpm83")`
Update the webmail images: Roundcube - Switch to base image (alpine) - Switch to php-fpm SnappyMail - Switch to base image - Upgrade php7 to php8. 2022-11-10 17:51:22 +02:00			`os.execv("/usr/sbin/nginx", ["nginx", "-g", "daemon off;"])`
added plugin selection, derive key, clean env 2021-12-17 16:54:05 +02:00