diff --git a/bin/quickstart.sh b/bin/quickstart.sh index 337f7cc7..a6de6f56 100755 --- a/bin/quickstart.sh +++ b/bin/quickstart.sh @@ -1,141 +1,146 @@ #!/bin/bash set -e function die() { echo "$1" exit 1 } rpm -qv docker-compose >/dev/null 2>&1 || \ test ! -z "$(which docker-compose 2>/dev/null)" || \ die "Is docker-compose installed?" test ! -z "$(grep 'systemd.unified_cgroup_hierarchy=0' /proc/cmdline)" || \ die "systemd containers only work with cgroupv1 (use 'grubby --update-kernel=ALL --args=\"systemd.unified_cgroup_hierarchy=0\"' and a reboot to fix)" base_dir=$(dirname $(dirname $0)) # Always reset .env with .env.example cp src/.env.example src/.env if [ -f "src/env.local" ]; then # Ensure there's a line ending echo "" >> src/.env cat src/env.local >> src/.env fi export DOCKER_BUILDKIT=0 docker pull docker.io/kolab/centos7:latest docker-compose down --remove-orphans -src/artisan octane:stop >/dev/null 2>&1 || : -src/artisan horizon:terminate >/dev/null 2>&1 || : +docker volume rm kolab_mariadb || : +docker volume rm kolab_imap || : +docker volume rm kolab_ldap || : + +# FIXME needs access to redis I think +# src/artisan octane:stop >/dev/null 2>&1 || : +# src/artisan horizon:terminate >/dev/null 2>&1 || : docker-compose build coturn kolab mariadb meet pdns proxy redis haproxy bin/regen-certs docker-compose up -d coturn kolab mariadb meet pdns proxy redis haproxy # Workaround until we have docker-compose --wait (https://github.com/docker/compose/pull/8777) function wait_for_container { container_id="$1" container_name="$(docker inspect "${container_id}" --format '{{ .Name }}')" echo "Waiting for container: ${container_name} [${container_id}]" waiting_done="false" while [[ "${waiting_done}" != "true" ]]; do container_state="$(docker inspect "${container_id}" --format '{{ .State.Status }}')" if [[ "${container_state}" == "running" ]]; then health_status="$(docker inspect "${container_id}" --format '{{ .State.Health.Status }}')" echo "${container_name}: container_state=${container_state}, health_status=${health_status}" if [[ ${health_status} == "healthy" ]]; then waiting_done="true" fi else echo "${container_name}: container_state=${container_state}" waiting_done="true" fi sleep 1; done; } # Ensure the containers we depend on are fully started wait_for_container 'kolab' wait_for_container 'kolab-redis' if [ "$1" == "--nodev" ]; then echo "starting everything in containers" docker-compose build swoole docker-compose build webapp docker-compose up -d webapp proxy wait_for_container 'kolab-webapp' exit 0 fi echo "Starting the development environment" rpm -qv composer >/dev/null 2>&1 || \ test ! -z "$(which composer 2>/dev/null)" || \ die "Is composer installed?" rpm -qv npm >/dev/null 2>&1 || \ test ! -z "$(which npm 2>/dev/null)" || \ die "Is npm installed?" rpm -qv php >/dev/null 2>&1 || \ test ! -z "$(which php 2>/dev/null)" || \ die "Is php installed?" rpm -qv php-ldap >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep ldap)" || \ die "Is php-ldap installed?" rpm -qv php-mysqlnd >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep mysql)" || \ die "Is php-mysqlnd installed?" test ! -z "$(php --modules | grep swoole)" || \ die "Is swoole installed?" pushd ${base_dir}/src/ rm -rf vendor/ composer.lock php -dmemory_limit=-1 $(which composer) install npm install find bootstrap/cache/ -type f ! -name ".gitignore" -delete ./artisan key:generate ./artisan clear-compiled ./artisan cache:clear ./artisan horizon:install if [ ! -f storage/oauth-public.key -o ! -f storage/oauth-private.key ]; then ./artisan passport:keys --force fi cat >> .env << EOF PASSPORT_PRIVATE_KEY="$(cat storage/oauth-private.key)" PASSPORT_PUBLIC_KEY="$(cat storage/oauth-public.key)" EOF if rpm -qv chromium 2>/dev/null; then chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}') ./artisan dusk:chrome-driver ${chver} fi if [ ! -f 'resources/countries.php' ]; then ./artisan data:countries fi npm run dev popd pushd ${base_dir}/src/ rm -rf database/database.sqlite ./artisan db:ping --wait php -dmemory_limit=512M ./artisan migrate:refresh --seed ./artisan data:import || : nohup ./artisan octane:start --host=$(grep OCTANE_HTTP_HOST .env | tail -n1 | sed "s/OCTANE_HTTP_HOST=//") > octane.out & nohup ./artisan horizon > horizon.out & popd diff --git a/docker-compose.yml b/docker-compose.yml index 0d5e2583..94a53697 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,251 +1,274 @@ version: '3' services: coturn: build: context: ./docker/coturn/ container_name: kolab-coturn healthcheck: interval: 10s test: "kill -0 $$(cat /tmp/turnserver.pid)" timeout: 5s retries: 30 environment: - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP} - TURN_LISTEN_PORT=3478 - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} hostname: sturn.mgmt.com image: kolab-coturn network_mode: host restart: on-failure tty: true kolab: build: context: ./docker/kolab/ container_name: kolab privileged: true depends_on: mariadb: condition: service_healthy extra_hosts: - "kolab.mgmt.com:127.0.0.1" environment: - - DB_HOST=${DB_HOST} + - DB_HOST=mariadb - DB_ROOT_PASSWORD=Welcome2KolabSystems - DB_HKCCP_DATABASE=${DB_DATABASE} - DB_HKCCP_USERNAME=${DB_USERNAME} - DB_HKCCP_PASSWORD=${DB_PASSWORD} - DB_KOLAB_DATABASE=kolab - DB_KOLAB_USERNAME=kolab - DB_KOLAB_PASSWORD=Welcome2KolabSystems - DB_RC_USERNAME=roundcube - DB_RC_PASSWORD=Welcome2KolabSystems - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?err} - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?err} - IMAP_HOST=127.0.0.1 - IMAP_PORT=11993 - MAIL_HOST=127.0.0.1 - MAIL_PORT=10587 healthcheck: interval: 10s test: test -f /tmp/kolab-init.done timeout: 5s retries: 30 hostname: kolab.mgmt.com image: kolab - network_mode: host + networks: + - kolab tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./ext/:/src/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert - ./docker/certs/kolab.hosted.com.chain.pem:/etc/pki/tls/certs/kolab.hosted.com.chain.pem - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key - ./docker/kolab/utils:/root/utils:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro + - imap:/imapdata mariadb: container_name: kolab-mariadb environment: - MARIADB_ROOT_PASSWORD=Welcome2KolabSystems - TZ="+02:00" - DB_HKCCP_DATABASE=${DB_DATABASE} - DB_HKCCP_USERNAME=${DB_USERNAME} - DB_HKCCP_PASSWORD=${DB_PASSWORD} healthcheck: interval: 10s test: test -e /var/run/mysqld/mysqld.sock timeout: 5s retries: 30 image: mariadb:latest + networks: + - kolab volumes: - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/ - mariadb:/var/lib/mysql haproxy: build: context: ./docker/haproxy/ healthcheck: interval: 10s test: "kill -0 $$(cat /var/run/haproxy.pid)" timeout: 5s retries: 30 container_name: kolab-haproxy hostname: haproxy.hosted.com image: kolab-haproxy network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro pdns: build: context: ./docker/pdns/ container_name: kolab-pdns depends_on: mariadb: condition: service_healthy healthcheck: interval: 10s test: "systemctl status pdns || exit 1" timeout: 5s retries: 30 hostname: pdns image: apheleia/kolab-pdns - network_mode: host + networks: + - kolab tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro proxy: build: context: ./docker/proxy/ args: APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err} SSL_CERTIFICATE: ${PROXY_SSL_CERTIFICATE:?err} SSL_CERTIFICATE_KEY: ${PROXY_SSL_CERTIFICATE_KEY:?err} healthcheck: interval: 10s test: "kill -0 $$(cat /run/nginx.pid)" timeout: 5s retries: 30 container_name: kolab-proxy hostname: ${APP_WEBSITE_DOMAIN:?err} image: kolab-proxy - network_mode: host + networks: + - kolab tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro + ports: + - "443:443" redis: build: context: ./docker/redis/ healthcheck: interval: 10s test: "redis-cli ping || exit 1" timeout: 5s retries: 30 container_name: kolab-redis hostname: redis image: redis - network_mode: host + networks: + - kolab volumes: - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro + # ports: + # - "6379:6379" swoole: build: context: ./docker/swoole/ container_name: kolab-swoole image: apheleia/swoole:4.8.x webapp: build: context: ./docker/webapp/ container_name: kolab-webapp image: kolab-webapp healthcheck: interval: 10s test: "/src/kolabsrc/artisan octane:status || exit 1" timeout: 5s retries: 30 depends_on: kolab: condition: service_healthy - network_mode: host + redis: + condition: service_healthy + networks: + - kolab volumes: - ./src:/src/kolabsrc.orig:ro + ports: + - "8000:8000" tests: build: context: ./docker/tests/ container_name: kolab-tests image: kolab-tests depends_on: kolab: condition: service_healthy - network_mode: host + networks: + - kolab volumes: - ./src:/src/kolabsrc.orig:ro worker: build: context: ./docker/worker/ container_name: kolab-worker depends_on: - kolab hostname: worker image: kolab-worker - network_mode: host + networks: + - kolab tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./src:/home/worker/src.orig:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro meet: build: context: ./docker/meet/ healthcheck: interval: 10s test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://localhost:12443/meetmedia/api/health || exit 1" timeout: 5s retries: 30 environment: - WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err} - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err} - LISTENING_HOST=0.0.0.0 - LISTENING_PORT=12443 - TURN_SERVER=${MEET_TURN_SERVER} - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} - AUTH_TOKEN=${MEET_SERVER_TOKEN:?err} - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err} - WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet - SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert - SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key network_mode: host container_name: kolab-meet image: kolab-meet volumes: - ./meet/server:/src/meet/:ro - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key +networks: + kolab: + driver: bridge volumes: mariadb: + imap: + ldap: diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile index c1e4ad6a..7a34f234 100644 --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -1,58 +1,73 @@ FROM quay.io/centos/centos:stream8 LABEL maintainer="contact@apheleia-it.ch" LABEL dist=centos8 LABEL tier=${TIER} ENV SYSTEMD_PAGER='' ENV DISTRO=centos8 ENV LANG=en_US.utf8 ENV LC_ALL=en_US.utf8 # Add EPEL. RUN dnf config-manager --set-enabled powertools && \ dnf -y install \ epel-release epel-next-release && \ dnf -y module enable 389-directory-server:stable/default && \ dnf -y module enable mariadb:10.3 && \ dnf clean all RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 # Install kolab RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8stream.rpm RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ dnf config-manager --enable kolab-16-testing &&\ dnf -y --setopt tsflags= install kolab dnsmasq patch &&\ dnf clean all COPY kolab-init.service /etc/systemd/system/kolab-init.service COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service COPY utils /root/utils RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ ln -s /etc/systemd/system/kolab-init.service \ /etc/systemd/system/multi-user.target.wants/kolab-init.service && \ ln -s /etc/systemd/system/kolab-setenv.service \ /etc/systemd/system/multi-user.target.wants/kolab-setenv.service && \ ln -s /etc/systemd/system/kolab-vlv.service \ /etc/systemd/system/multi-user.target.wants/kolab-vlv.service +RUN dnf -y install iputils vim-enhanced + RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : RUN sed -i -r -e 's/^Listen 80$/Listen 9080/g' /etc/httpd/conf/httpd.conf #RUN sed -i -r -e 's/^Listen 443$/Listen 9443/g' /etc/httpd/conf/httpd.conf COPY kolab-init.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-init.sh COPY kolab-vlv.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-vlv.sh +COPY kolab.conf /etc/kolab/kolab.conf +COPY cyrus.conf /etc/cyrus.conf +COPY imapd.conf /etc/imapd.conf +COPY imapd.annotations.conf /etc/imapd.annotations.conf +COPY guam.conf /etc/guam/sys.config + + +RUN mkdir -p /imapdata/{spool,lib} && \ + ln -s /imapdata/spool /var/spool/imap && \ + ln -s /imapdata/lib /var/lib/imap && \ + chmod -R 777 /imapdata + VOLUME [ "/sys/fs/cgroup" ] +VOLUME [ "/imapdata" ] WORKDIR /root/ CMD ["/lib/systemd/systemd"] EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 389/tcp 443/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp diff --git a/docker/kolab/cyrus.conf b/docker/kolab/cyrus.conf new file mode 100644 index 00000000..6075489a --- /dev/null +++ b/docker/kolab/cyrus.conf @@ -0,0 +1,46 @@ +# standard standalone server implementation + +START { + # do not delete this entry! + recover cmd="ctl_cyrusdb -r" + + idled cmd="idled" +} + +# UNIX sockets start with a slash and are put into /var/lib/imap/sockets +SERVICES { + nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1 + guam cmd="imapd" listen=127.0.0.1:13143 prefork=1 + imap cmd="imapd" listen=127.0.0.1:11143 prefork=1 + imaps cmd="imapd -s" listen=127.0.0.1:11993 prefork=5 + + sieve cmd="timsieved" listen="sieve" prefork=0 + + ptloader cmd="ptloader" listen="/var/lib/imap/socket/ptsock" prefork=0 + + lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 + + notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 +} + +EVENTS { + # this is required + checkpoint cmd="ctl_cyrusdb -c" period=30 + + # this is only necessary if using duplicate delivery suppression, + # Sieve or NNTP + duplicateprune cmd="cyr_expire -E 3" at=0400 + + # Expire data older then 69 days. Two full months of 31 days + # each includes two full backup cycles, plus 1 week margin + # because we run our full backups on the first sat/sun night + # of each month. + deleteprune cmd="cyr_expire -E 4 -D 69" at=0430 + expungeprune cmd="cyr_expire -E 4 -X 69" at=0445 + + # this is only necessary if caching TLS sessions + tlsprune cmd="tls_prune" at=0400 + + # Create search indexes regularly (remove -s for cyrus 3+) + #squatter cmd="squatter -s -i" at=0530 +} diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/guam.conf old mode 100755 new mode 100644 similarity index 50% copy from docker/kolab/utils/10-change-port-numbers.sh copy to docker/kolab/guam.conf index e69bdf58..fa99364d --- a/docker/kolab/utils/10-change-port-numbers.sh +++ b/docker/kolab/guam.conf @@ -1,163 +1,88 @@ -#!/bin/bash - -cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem - -cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem -chown postfix:mail /etc/pki/tls/private/postfix.pem -chmod 655 /etc/pki/tls/private/postfix.pem - -sed -i "s/tls_server_cert:.*/tls_server_cert: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf -sed -i "s/tls_server_key:.*/tls_server_key: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf -sed -i "s/tls_server_ca_file:.*/tls_server_ca_file: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf - -sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf -sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf - -sed -i -r \ - -e '/allowplaintext/ a\ -guam_allowplaintext: yes' \ - -e '/allowplaintext/ a\ -nginx_allowplaintext: yes' \ - /etc/imapd.conf - -sed -i \ - -e '/SERVICES/ a\ - nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \ - -e '/SERVICES/ a\ - guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \ - -e '/SERVICES/ a\ - imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \ - -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \ - /etc/cyrus.conf - -systemctl restart cyrus-imapd - -# Remove the submission block, by matching from submission until the next empty line -sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf - -# Insert a new submission block with a modified port -cat >> /etc/postfix/master.cf << EOF -127.0.0.1:10587 inet n - n - - smtpd - -o cleanup_service_name=cleanup_submission - -o syslog_name=postfix/submission - #-o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_sasl_authenticated_header=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o smtpd_data_restrictions=\$submission_data_restrictions - -o smtpd_recipient_restrictions=\$submission_recipient_restrictions - -o smtpd_sender_restrictions=\$submission_sender_restrictions - -127.0.0.1:10465 inet n - n - - smtpd - -o cleanup_service_name=cleanup_submission - -o rewrite_service_name=rewrite_submission - -o syslog_name=postfix/smtps - -o mydestination= - -o local_recipient_maps= - -o relay_domains= - -o relay_recipient_maps= - #-o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_sasl_authenticated_header=yes - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - -o smtpd_sender_restrictions=\$submission_sender_restrictions - -o smtpd_recipient_restrictions=\$submission_recipient_restrictions - -o smtpd_data_restrictions=\$submission_data_restrictions -EOF - -systemctl restart postfix - -cat > /etc/guam/sys.config << EOF -%% Example configuration for Guam. [ { kolab_guam, [ { imap_servers, [ { imap, [ { host, "127.0.0.1" }, { port, 13143 }, { tls, no } ] }, { imaps, [ { host, "127.0.0.1" }, { port, 11993 }, { tls, true } ] } ] }, { listeners, [ { imap, [ { port, 9143 }, { imap_server, imap }, { rules, [ { filter_groupware, [] } ] }, { tls_config, [ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, { keyfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, { cacertfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" } ] } ] }, { imaps, [ { port, 9993 }, { implicit_tls, true }, { imap_server, imaps }, { rules, [ { filter_groupware, [] } ] }, { tls_config, [ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, { keyfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, { cacertfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" } ] } ] } ] } ] }, { lager, [ { handlers, [ { lager_console_backend, warning }, { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] }, { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] } ] } ] }, %% SASL config { sasl, [ { sasl_error_logger, { file, "log/sasl-error.log" } }, { errlog_type, error }, { error_logger_mf_dir, "log/sasl" }, % Log directory { error_logger_mf_maxbytes, 10485760 }, % 10 MB max file size { error_logger_mf_maxfiles, 5 } % 5 files max ] } ]. -EOF - -systemctl restart guam diff --git a/docker/kolab/imapd.annotations.conf b/docker/kolab/imapd.annotations.conf new file mode 100644 index 00000000..3b03bfad --- /dev/null +++ b/docker/kolab/imapd.annotations.conf @@ -0,0 +1,11 @@ +/vendor/kolab/activesync,mailbox,string,backend,value.priv,r +/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a +/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a +/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a +/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a diff --git a/docker/kolab/imapd.conf b/docker/kolab/imapd.conf new file mode 100644 index 00000000..637aff77 --- /dev/null +++ b/docker/kolab/imapd.conf @@ -0,0 +1,58 @@ +defaultpartition: default +configdirectory: /var/lib/imap/ +partition-default: /var/spool/imap/ +admins: cyrus-admin +sievedir: /var/lib/imap/sieve/ +sendmail: /usr/sbin/sendmail +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: no +guam_allowplaintext: yes +nginx_allowplaintext: yes +tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +# uncomment this if you're operating in a DSCP environment (RFC-4594) +# qosmarking: af13 +auth_mech: pts +pts_module: ldap +ptloader_sock: /var/lib/imap/socket/ptsock +ldap_uri: ldap://127.0.0.1:389 +ldap_sasl: 0 +ldap_base: dc=hosted,dc=com +ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=mgmt,dc=com +ldap_password: Welcome2KolabSystems +ldap_filter: (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson))) +ldap_user_attribute: mail +ldap_group_base: dc=mgmt,dc=com +ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition)) +ldap_group_scope: one +ldap_member_base: dc=mgmt,dc=com +ldap_member_method: attribute +ldap_member_attribute: nsrole +ldap_restart: 1 +ldap_timeout: 10 +ldap_time_limit: 10 +unixhierarchysep: 1 +virtdomains: userid +annotation_definitions: /etc/imapd.annotations.conf +sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index +allowallsubscribe: 0 +allowusermoves: 1 +altnamespace: 1 +hashimapspool: 1 +anysievefolder: 1 +fulldirhash: 0 +sieveusehomedir: 0 +sieve_allowreferrals: 0 +lmtp_downcase_rcpt: 1 +lmtp_fuzzy_mailbox_match: 1 +username_tolower: 1 +deletedprefix: DELETED +delete_mode: delayed +expunge_mode: delayed +postuser: shared +# on systems with cyrus 3+ specify search engine +# search_engine: squat +ldap_domain_base_dn: ou=Domains,dc=mgmt,dc=com +chatty: 1 +debug: 1 diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh index b2d71b7d..5d116443 100755 --- a/docker/kolab/utils/02-write-my.cnf.sh +++ b/docker/kolab/utils/02-write-my.cnf.sh @@ -1,8 +1,8 @@ #!/bin/bash cat > /root/.my.cnf << EOF [client] -host=${DB_HOST:-127.0.0.1} +host=${DB_HOST} user=root password=${DB_ROOT_PASSWORD} EOF diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh index 6f85cf57..06dc875d 100755 --- a/docker/kolab/utils/03-setup-kolab.sh +++ b/docker/kolab/utils/03-setup-kolab.sh @@ -1,38 +1,98 @@ #!/bin/bash . ./settings.sh -if [ -f /root/kolab.conf.template ]; then - eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref - KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref" - cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf -fi - -CMD="$(which setup-kolab) \ - --default ${LDAP_HOST+--without-ldap} ${KOLAB_CONFIG_REF} \ - --fqdn=kolab.${domain} \ - --timezone=Europe/Zurich \ - --mysqlhost=${DB_HOST:-127.0.0.1} \ - --mysqlserver=existing \ - --mysqlrootpw=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ - --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems}" echo ${CMD} | tee -a /root/setup-kolab.log echo -n "Wait for MariaDB container: " | tee -a /root/setup-kolab.log while ! mysqladmin -u root ping > /dev/null 2>&1 ; do echo -n '.' sleep 3 done | tee -a /root/setup-kolab.log echo "OK!" | tee -a /root/setup-kolab.log + +# if [ -f /root/kolab.conf.template ]; then +# eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref +# KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref" +# cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf +# fi + +if [ -d "/var/lib/dirsrv/slapd-kolab/" ]; then + echo "LDAP directory exists" + #FIXME not implemented + exit 1 +else + echo "LDAP directory does not exist" + CMD="$(which setup-kolab) ldap \ + --default ${LDAP_HOST} \ + --fqdn=kolab.${domain} \ + --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems}" + ${CMD} 2>&1 | tee -a /root/setup-kolab.log +fi + if [ ! -z "${LDAP_HOST}" ]; then echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do echo -n '.' sleep 3 done | tee -a /root/setup-kolab.log echo "OK!" | tee -a /root/setup-kolab.log fi + +cat > /tmp/kolab-setup-my.cnf << EOF +[client] +host=${DB_HOST} +user=root +password=${DB_ROOT_PASSWORD} +EOF + + +CMD="$(which setup-kolab) mta \ + --default" +${CMD} 2>&1 | tee -a /root/setup-kolab.log + + + +CMD="$(which setup-kolab) php \ + --default \ + --timezone=Europe/Zurich" +${CMD} 2>&1 | tee -a /root/setup-kolab.log + +# setup imap +systemctl stop saslauthd +systemctl start kolab-saslauthd +systemctl enable kolab-saslauthd +#Setup guam +systemctl start guam +systemctl enable guam + + +#TODO just add /etc/kolab-freebusy/ +# CMD="$(which setup-kolab) freebusy \ +# --default" +# ${CMD} 2>&1 | tee -a /root/setup-kolab.log + +cat > /tmp/kolab-setup-my.cnf << EOF +[client] +host=${DB_HOST} +user=root +password=${DB_ROOT_PASSWORD} +EOF + +CMD="$(which setup-kolab) roundcube \ + --default" +${CMD} 2>&1 | tee -a /root/setup-kolab.log + +cat > /tmp/kolab-setup-my.cnf << EOF +[client] +host=${DB_HOST} +user=root +password=${DB_ROOT_PASSWORD} +EOF + +CMD="$(which setup-kolab) syncroton \ + --default" ${CMD} 2>&1 | tee -a /root/setup-kolab.log diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh index 5ffb7da8..d0d3231e 100755 --- a/docker/kolab/utils/05-replace-localhost.sh +++ b/docker/kolab/utils/05-replace-localhost.sh @@ -1,30 +1,25 @@ #!/bin/bash -if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then - mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \ - -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" +# if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then +# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ +# -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';" - mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \ - -e "FLUSH PRIVILEGES;" -fi +# mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \ +# -e "FLUSH PRIVILEGES;" +# fi -sed -i -e "s#^ldap_servers:.*#ldap_servers: ldap://${LDAP_HOST:-127.0.0.1}:389#" /etc/imapd.conf sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php -sed -i -e "s#^ldap_uri.*#ldap_uri = ldap://${LDAP_HOST:-127.0.0.1}:389#" \ - -e "s#^cache_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#cache_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \ - -e "s#^sql_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#sql_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \ - -e "s#^uri.*#uri = imaps://${IMAP_HOST:-127.0.0.1}:11993#" /etc/kolab/kolab.conf sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \ -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini #sed -i -e "s/server_host.*/server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/* sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \ -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST:-127.0.0.1}';|" \ -e "/default_port/s|= .*$|= ${IMAP_PORT:-11993};|" \ -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST:-127.0.0.1}';|" \ -e "/smtp_port/s/= .*$/= ${MAIL_PORT:-10587};/" \ -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php -systemctl restart cyrus-imapd postfix +systemctl restart postfix diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh index a633c22b..d2dcd012 100755 --- a/docker/kolab/utils/07-adjust-base-dns.sh +++ b/docker/kolab/utils/07-adjust-base-dns.sh @@ -1,31 +1,25 @@ #!/bin/bash . ./settings.sh -echo "ldap_domain_base_dn: ${domain_base_dn}" >> /etc/imapd.conf - -sed -i -r \ - -e "s/^ldap_base: .*$/ldap_base: ${hosted_domain_rootdn}/g" \ - /etc/imapd.conf - sed -i -r \ -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \ -e "/\\\$mydomain = / a\ \$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \ -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \ -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \ -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \ -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \ -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \ /etc/amavisd/amavisd.conf \ /etc/kolab-freebusy/config.ini \ /etc/postfix/ldap/*.cf \ /etc/roundcubemail/config.inc.php \ /etc/roundcubemail/calendar.inc.php \ /etc/roundcubemail/kolab_auth.inc.php sed -i -r \ -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \ /etc/postfix/ldap/mydestination.cf systemctl restart cyrus-imapd postfix diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh index e69bdf58..1bab380f 100755 --- a/docker/kolab/utils/10-change-port-numbers.sh +++ b/docker/kolab/utils/10-change-port-numbers.sh @@ -1,163 +1,46 @@ #!/bin/bash cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem chown postfix:mail /etc/pki/tls/private/postfix.pem chmod 655 /etc/pki/tls/private/postfix.pem -sed -i "s/tls_server_cert:.*/tls_server_cert: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf -sed -i "s/tls_server_key:.*/tls_server_key: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf -sed -i "s/tls_server_ca_file:.*/tls_server_ca_file: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf - sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf -sed -i -r \ - -e '/allowplaintext/ a\ -guam_allowplaintext: yes' \ - -e '/allowplaintext/ a\ -nginx_allowplaintext: yes' \ - /etc/imapd.conf - -sed -i \ - -e '/SERVICES/ a\ - nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \ - -e '/SERVICES/ a\ - guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \ - -e '/SERVICES/ a\ - imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \ - -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \ - /etc/cyrus.conf - -systemctl restart cyrus-imapd - # Remove the submission block, by matching from submission until the next empty line sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf # Insert a new submission block with a modified port cat >> /etc/postfix/master.cf << EOF 127.0.0.1:10587 inet n - n - - smtpd -o cleanup_service_name=cleanup_submission -o syslog_name=postfix/submission #-o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions=\$submission_data_restrictions -o smtpd_recipient_restrictions=\$submission_recipient_restrictions -o smtpd_sender_restrictions=\$submission_sender_restrictions 127.0.0.1:10465 inet n - n - - smtpd -o cleanup_service_name=cleanup_submission -o rewrite_service_name=rewrite_submission -o syslog_name=postfix/smtps -o mydestination= -o local_recipient_maps= -o relay_domains= -o relay_recipient_maps= #-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=\$submission_sender_restrictions -o smtpd_recipient_restrictions=\$submission_recipient_restrictions -o smtpd_data_restrictions=\$submission_data_restrictions EOF systemctl restart postfix - -cat > /etc/guam/sys.config << EOF -%% Example configuration for Guam. -[ - { - kolab_guam, [ - { - imap_servers, [ - { - imap, [ - { host, "127.0.0.1" }, - { port, 13143 }, - { tls, no } - ] - }, - { - imaps, [ - { host, "127.0.0.1" }, - { port, 11993 }, - { tls, true } - ] - } - ] - }, - { - listeners, [ - { - imap, [ - { port, 9143 }, - { imap_server, imap }, - { - rules, [ - { filter_groupware, [] } - ] - }, - { - tls_config, [ - { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, - { keyfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, - { cacertfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" } - ] - } - ] - }, - { - imaps, [ - { port, 9993 }, - { implicit_tls, true }, - { imap_server, imaps }, - { - rules, [ - { filter_groupware, [] } - ] - }, - { - tls_config, [ - { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, - { keyfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" }, - { cacertfile, "/etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem" } - ] - } - ] - } - ] - } - ] - }, - - { - lager, [ - { - handlers, [ - { lager_console_backend, warning }, - { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] }, - { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] } - ] - } - ] - }, - - %% SASL config - { - sasl, [ - { sasl_error_logger, { file, "log/sasl-error.log" } }, - { errlog_type, error }, - { error_logger_mf_dir, "log/sasl" }, % Log directory - { error_logger_mf_maxbytes, 10485760 }, % 10 MB max file size - { error_logger_mf_maxfiles, 5 } % 5 files max - ] - } -]. -EOF - -systemctl restart guam diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh index e9ad544b..761dca0d 100755 --- a/docker/kolab/utils/18-adjust-kolab-conf.sh +++ b/docker/kolab/utils/18-adjust-kolab-conf.sh @@ -1,31 +1,31 @@ #!/bin/bash . ./settings.sh -sed -r -i \ - -e "s/^base_dn.*$/base_dn = ${rootdn}/g" \ - -e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \ - -e "s/^user_base_dn.*$/user_base_dn = ${hosted_domain_rootdn}/g" \ - -e "s/^kolab_user_base_dn.*$/kolab_user_base_dn = ${hosted_domain_rootdn}/g" \ - -e "s/^group_base_dn.*$/group_base_dn = ${hosted_domain_rootdn}/g" \ - -e "s/^sharedfolder_base_dn.*$/sharedfolder_base_dn = ${hosted_domain_rootdn}/g" \ - -e "s/^resource_base_dn.*$/resource_base_dn = ${hosted_domain_rootdn}/g" \ - -e '/^primary_mail/ a\ -daemon_rcpt_policy = False' \ - -e '/^primary_mail/d' \ - -e '/secondary_mail/,+10d' \ - -e '/autocreate_folders/,+77d' \ - -e "/^\[kolab_wap\]/ a\ -mgmt_root_dn = ${rootdn}" \ - -e "/^\[kolab_wap\]/ a\ -hosted_root_dn = ${hosted_domain_rootdn}" \ - -e "/^\[kolab_wap\]/ a\ -api_url = http://127.0.0.1:9080/kolab-webadmin/api" \ - -e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \ - -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \ - -e "/^\[wallace\]/ a\ -webmail_url = https://%(domain)s/roundcubemail" \ - /etc/kolab/kolab.conf +# sed -r -i \ +# -e "s/^base_dn.*$/base_dn = ${rootdn}/g" \ +# -e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \ +# -e "s/^user_base_dn.*$/user_base_dn = ${hosted_domain_rootdn}/g" \ +# -e "s/^kolab_user_base_dn.*$/kolab_user_base_dn = ${hosted_domain_rootdn}/g" \ +# -e "s/^group_base_dn.*$/group_base_dn = ${hosted_domain_rootdn}/g" \ +# -e "s/^sharedfolder_base_dn.*$/sharedfolder_base_dn = ${hosted_domain_rootdn}/g" \ +# -e "s/^resource_base_dn.*$/resource_base_dn = ${hosted_domain_rootdn}/g" \ +# -e '/^primary_mail/ a\ +# daemon_rcpt_policy = False' \ +# -e '/^primary_mail/d' \ +# -e '/secondary_mail/,+10d' \ +# -e '/autocreate_folders/,+77d' \ +# -e "/^\[kolab_wap\]/ a\ +# mgmt_root_dn = ${rootdn}" \ +# -e "/^\[kolab_wap\]/ a\ +# hosted_root_dn = ${hosted_domain_rootdn}" \ +# -e "/^\[kolab_wap\]/ a\ +# api_url = http://127.0.0.1:9080/kolab-webadmin/api" \ +# -e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \ +# -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \ +# -e "/^\[wallace\]/ a\ +# webmail_url = https://%(domain)s/roundcubemail" \ +# /etc/kolab/kolab.conf systemctl restart kolabd systemctl restart kolab-saslauthd diff --git a/docker/mariadb/mysql-init/setup.sh b/docker/mariadb/mysql-init/setup.sh index 46053215..dd264200 100755 --- a/docker/mariadb/mysql-init/setup.sh +++ b/docker/mariadb/mysql-init/setup.sh @@ -1,7 +1,8 @@ #!/bin/bash MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE}; +CREATE USER '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}'; GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}'; FLUSH PRIVILEGES; EOF