# # Cookbook:: esh_mailcow # Recipe:: install # # Copyright:: 2022, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. fqdn = node['esh']['system']['hostname']['fqdn'] hostname = fqdn.split('.')[0] file '/etc/mailname' do content fqdn owner 'root' group 'root' mode '0444' action :create end cookbook_file '/etc/postfix/master.cf' do owner 'root' group 'root' mode '0444' action :create end template '/etc/postfix/main.cf' do owner 'root' group 'root' mode '444' variables fqdn: fqdn, hostname: hostname action :create end service 'postfix@-.service' do action :nothing subscribes :restart, 'cookbook_file[/etc/postfix/master.cf]', :delayed subscribes :restart, 'template[/etc/postfix/main.cf]', :delayed end git '/opt/mailcow-dockerized' do repository 'https://github.com/mailcow/mailcow-dockerized' revision 'master' action :sync not_if { ::File.exist?('/opt/mailcow-dockerized') } end package 'expect' file '/tmp/mailcow-init.expect' do content <<~EOT #!/usr/bin/expect -f set timeout -1 cd /opt/mailcow-dockerized spawn /opt/mailcow-dockerized/generate_config.sh expect "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname:" send -- "#{node['esh']['mailcow']['install']['fqdn']}\\r" expect -re ".*Timezone.*" send -- "#{node['esh']['mailcow']['install']['timezone']}\\r" expect -re ".*Choose the Branch.*" send -- "#{node['esh']['mailcow']['install']['branch']}\\r" expect eof EOT owner 'root' group 'root' mode '0400' not_if { ::File.exist?("/opt/mailcow-dockerized/mailcow.conf")} notifies :run, 'execute[init mailcow configuration]', :immediately action :create end execute 'init mailcow configuration' do command 'expect -f /tmp/mailcow-init.expect' live_stream true action :nothing end # Override dkim config, so that it is always compatible with AWS SES cookbook_file '/opt/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf' do owner 102 group 102 mode '0644' action :create end # If behind HAProxy disable Let's Encrypt and set docker-compose.override if node['esh']['mailcow']['install']['haproxy'] execute 'update_skip_lets_encrypt' do command "sed -i 's/SKIP_LETS_ENCRYPT=n/SKIP_LETS_ENCRYPT=y/' /opt/mailcow-dockerized/mailcow.conf" not_if "grep -q 'SKIP_LETS_ENCRYPT=y' /opt/mailcow-dockerized/mailcow.conf" end file '/opt/mailcow-dockerized/data/conf/dovecot/extra.conf' do content <<~EOT haproxy_trusted_networks = #{node['esh']['mailcow']['install']['haproxy_trusted_networks']} EOT owner 'root' group 'root' mode '0400' action :create end template '/opt/mailcow-dockerized/docker-compose.override.yml' do owner 'root' group 'root' mode '0444' variables mailcow_hostname: node['esh']['mailcow']['install']['postfix_myhostname'] action :create end username = node['esh']['mailcow']['install']['cert_auth'].split(':')[0] password = node['esh']['mailcow']['install']['cert_auth'].split(':')[1] auth_string = Base64.strict_encode64("#{username}:#{password}") remote_file '/opt/mailcow-dockerized/data/assets/ssl/cert.pem' do source node['esh']['mailcow']['install']['cert_pub'] headers({ 'Authorization' => "Basic #{auth_string}" }) owner 'root' group 'root' mode '0400' action :create end remote_file '/opt/mailcow-dockerized/data/assets/ssl/key.pem' do source node['esh']['mailcow']['install']['cert_priv'] headers({ 'Authorization' => "Basic #{auth_string}" }) owner 'root' group 'root' mode '0400' action :create end end unless node['esh']['mailcow']['install']['clamd'] execute 'update_skip_clamd' do command "sed -i 's/SKIP_CLAMD=n/SKIP_CLAMD=y/' /opt/mailcow-dockerized/mailcow.conf" not_if "grep -q 'SKIP_CLAMD=y' /opt/mailcow-dockerized/mailcow.conf" end end execute 'docker compose pull' do command 'docker compose pull --quiet' cwd '/opt/mailcow-dockerized' action :run end execute 'docker compose up -d' do command 'docker compose up -d' cwd '/opt/mailcow-dockerized' action :run end ### TLSA monitoring