Archive abandoned project

2025-02-15 00:56:26 +09:00 · 2025-02-15 00:56:26 +09:00 · 65be894048
commit 65be894048
parent bc8862d90b
501 changed files with 24305 additions and 0 deletions
--- a/esh_mailcow/recipes/default.rb
+++ b/esh_mailcow/recipes/default.rb
@ -0,0 +1,17 @@
+#
+# Cookbook:: esh_mailcow
+# Recipe:: default
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- a/esh_mailcow/recipes/install.rb
+++ b/esh_mailcow/recipes/install.rb
@ -0,0 +1,170 @@
+#
+# Cookbook:: esh_mailcow
+# Recipe:: install
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+fqdn = node['esh']['system']['hostname']['fqdn']
+hostname = fqdn.split('.')[0]
+
+file '/etc/mailname' do
+  content fqdn
+  owner 'root'
+  group 'root'
+  mode '0444'
+  action :create
+end
+
+cookbook_file '/etc/postfix/master.cf' do
+  owner 'root'
+  group 'root'
+  mode '0444'
+  action :create
+end
+
+template '/etc/postfix/main.cf' do
+  owner 'root'
+  group 'root'
+  mode '444'
+  variables fqdn: fqdn,
+    hostname: hostname
+  action :create
+end
+
+service 'postfix@-.service' do
+  action :nothing
+  subscribes :restart, 'cookbook_file[/etc/postfix/master.cf]', :delayed
+  subscribes :restart, 'template[/etc/postfix/main.cf]', :delayed
+end
+
+git '/opt/mailcow-dockerized' do
+  repository 'https://github.com/mailcow/mailcow-dockerized'
+  revision 'master'
+  action :sync
+  not_if { ::File.exist?('/opt/mailcow-dockerized') }
+end
+
+package 'expect'
+
+file '/tmp/mailcow-init.expect' do
+  content <<~EOT
+  #!/usr/bin/expect -f
+
+  set timeout -1
+
+  cd /opt/mailcow-dockerized
+  spawn /opt/mailcow-dockerized/generate_config.sh
+
+  expect "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname:"
+  send -- "#{node['esh']['mailcow']['install']['fqdn']}\\r"
+  
+  expect -re ".*Timezone.*"
+  send -- "#{node['esh']['mailcow']['install']['timezone']}\\r"
+  
+  expect -re ".*Choose the Branch.*"
+  send -- "#{node['esh']['mailcow']['install']['branch']}\\r"
+
+  expect eof
+  EOT
+  owner 'root'
+  group 'root'
+  mode '0400'
+  not_if { ::File.exist?("/opt/mailcow-dockerized/mailcow.conf")}
+  notifies :run, 'execute[init mailcow configuration]', :immediately
+  action :create
+end
+
+execute 'init mailcow configuration' do
+  command 'expect -f /tmp/mailcow-init.expect'
+  live_stream true
+  action :nothing
+end
+
+# Override dkim config, so that it is always compatible with AWS SES
+cookbook_file '/opt/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf' do
+  owner 102
+  group 102
+  mode '0644'
+  action :create
+end
+
+# If behind HAProxy disable Let's Encrypt and set docker-compose.override
+if node['esh']['mailcow']['install']['haproxy']
+  execute 'update_skip_lets_encrypt' do
+    command "sed -i 's/SKIP_LETS_ENCRYPT=n/SKIP_LETS_ENCRYPT=y/' /opt/mailcow-dockerized/mailcow.conf"
+    not_if "grep -q 'SKIP_LETS_ENCRYPT=y' /opt/mailcow-dockerized/mailcow.conf"
+  end
+
+  file '/opt/mailcow-dockerized/data/conf/dovecot/extra.conf' do
+    content <<~EOT
+    haproxy_trusted_networks = #{node['esh']['mailcow']['install']['haproxy_trusted_networks']}
+    EOT
+    owner 'root'
+    group 'root'
+    mode '0400'
+    action :create
+  end
+
+  template '/opt/mailcow-dockerized/docker-compose.override.yml' do
+    owner 'root'
+    group 'root'
+    mode '0444'
+    variables mailcow_hostname: node['esh']['mailcow']['install']['postfix_myhostname']
+    action :create
+  end
+
+  username = node['esh']['mailcow']['install']['cert_auth'].split(':')[0]
+  password = node['esh']['mailcow']['install']['cert_auth'].split(':')[1]
+  auth_string = Base64.strict_encode64("#{username}:#{password}")
+
+  remote_file '/opt/mailcow-dockerized/data/assets/ssl/cert.pem' do
+    source node['esh']['mailcow']['install']['cert_pub']
+    headers({ 'Authorization' => "Basic #{auth_string}" })
+    owner 'root'
+    group 'root'
+    mode '0400'
+    action :create
+  end
+
+  remote_file '/opt/mailcow-dockerized/data/assets/ssl/key.pem' do
+    source node['esh']['mailcow']['install']['cert_priv']
+    headers({ 'Authorization' => "Basic #{auth_string}" })
+    owner 'root'
+    group 'root'
+    mode '0400'
+    action :create
+  end
+end
+
+unless node['esh']['mailcow']['install']['clamd']
+  execute 'update_skip_clamd' do
+    command "sed -i 's/SKIP_CLAMD=n/SKIP_CLAMD=y/' /opt/mailcow-dockerized/mailcow.conf"
+    not_if "grep -q 'SKIP_CLAMD=y' /opt/mailcow-dockerized/mailcow.conf"
+  end
+end
+
+execute 'docker compose pull' do
+  command 'docker compose pull --quiet'
+  cwd '/opt/mailcow-dockerized'
+  action :run
+end
+
+execute 'docker compose up -d' do
+  command 'docker compose up -d'
+  cwd '/opt/mailcow-dockerized'
+  action :run
+end
+
+### TLSA monitoring