170 lines
No EOL
4.6 KiB
Ruby
170 lines
No EOL
4.6 KiB
Ruby
#
|
|
# Cookbook:: esh_mailcow
|
|
# Recipe:: install
|
|
#
|
|
# Copyright:: 2022, https://easyself.host
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
fqdn = node['esh']['system']['hostname']['fqdn']
|
|
hostname = fqdn.split('.')[0]
|
|
|
|
file '/etc/mailname' do
|
|
content fqdn
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0444'
|
|
action :create
|
|
end
|
|
|
|
cookbook_file '/etc/postfix/master.cf' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0444'
|
|
action :create
|
|
end
|
|
|
|
template '/etc/postfix/main.cf' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '444'
|
|
variables fqdn: fqdn,
|
|
hostname: hostname
|
|
action :create
|
|
end
|
|
|
|
service 'postfix@-.service' do
|
|
action :nothing
|
|
subscribes :restart, 'cookbook_file[/etc/postfix/master.cf]', :delayed
|
|
subscribes :restart, 'template[/etc/postfix/main.cf]', :delayed
|
|
end
|
|
|
|
git '/opt/mailcow-dockerized' do
|
|
repository 'https://github.com/mailcow/mailcow-dockerized'
|
|
revision 'master'
|
|
action :sync
|
|
not_if { ::File.exist?('/opt/mailcow-dockerized') }
|
|
end
|
|
|
|
package 'expect'
|
|
|
|
file '/tmp/mailcow-init.expect' do
|
|
content <<~EOT
|
|
#!/usr/bin/expect -f
|
|
|
|
set timeout -1
|
|
|
|
cd /opt/mailcow-dockerized
|
|
spawn /opt/mailcow-dockerized/generate_config.sh
|
|
|
|
expect "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname:"
|
|
send -- "#{node['esh']['mailcow']['install']['fqdn']}\\r"
|
|
|
|
expect -re ".*Timezone.*"
|
|
send -- "#{node['esh']['mailcow']['install']['timezone']}\\r"
|
|
|
|
expect -re ".*Choose the Branch.*"
|
|
send -- "#{node['esh']['mailcow']['install']['branch']}\\r"
|
|
|
|
expect eof
|
|
EOT
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0400'
|
|
not_if { ::File.exist?("/opt/mailcow-dockerized/mailcow.conf")}
|
|
notifies :run, 'execute[init mailcow configuration]', :immediately
|
|
action :create
|
|
end
|
|
|
|
execute 'init mailcow configuration' do
|
|
command 'expect -f /tmp/mailcow-init.expect'
|
|
live_stream true
|
|
action :nothing
|
|
end
|
|
|
|
# Override dkim config, so that it is always compatible with AWS SES
|
|
cookbook_file '/opt/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf' do
|
|
owner 102
|
|
group 102
|
|
mode '0644'
|
|
action :create
|
|
end
|
|
|
|
# If behind HAProxy disable Let's Encrypt and set docker-compose.override
|
|
if node['esh']['mailcow']['install']['haproxy']
|
|
execute 'update_skip_lets_encrypt' do
|
|
command "sed -i 's/SKIP_LETS_ENCRYPT=n/SKIP_LETS_ENCRYPT=y/' /opt/mailcow-dockerized/mailcow.conf"
|
|
not_if "grep -q 'SKIP_LETS_ENCRYPT=y' /opt/mailcow-dockerized/mailcow.conf"
|
|
end
|
|
|
|
file '/opt/mailcow-dockerized/data/conf/dovecot/extra.conf' do
|
|
content <<~EOT
|
|
haproxy_trusted_networks = #{node['esh']['mailcow']['install']['haproxy_trusted_networks']}
|
|
EOT
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0400'
|
|
action :create
|
|
end
|
|
|
|
template '/opt/mailcow-dockerized/docker-compose.override.yml' do
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0444'
|
|
variables mailcow_hostname: node['esh']['mailcow']['install']['postfix_myhostname']
|
|
action :create
|
|
end
|
|
|
|
username = node['esh']['mailcow']['install']['cert_auth'].split(':')[0]
|
|
password = node['esh']['mailcow']['install']['cert_auth'].split(':')[1]
|
|
auth_string = Base64.strict_encode64("#{username}:#{password}")
|
|
|
|
remote_file '/opt/mailcow-dockerized/data/assets/ssl/cert.pem' do
|
|
source node['esh']['mailcow']['install']['cert_pub']
|
|
headers({ 'Authorization' => "Basic #{auth_string}" })
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0400'
|
|
action :create
|
|
end
|
|
|
|
remote_file '/opt/mailcow-dockerized/data/assets/ssl/key.pem' do
|
|
source node['esh']['mailcow']['install']['cert_priv']
|
|
headers({ 'Authorization' => "Basic #{auth_string}" })
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0400'
|
|
action :create
|
|
end
|
|
end
|
|
|
|
unless node['esh']['mailcow']['install']['clamd']
|
|
execute 'update_skip_clamd' do
|
|
command "sed -i 's/SKIP_CLAMD=n/SKIP_CLAMD=y/' /opt/mailcow-dockerized/mailcow.conf"
|
|
not_if "grep -q 'SKIP_CLAMD=y' /opt/mailcow-dockerized/mailcow.conf"
|
|
end
|
|
end
|
|
|
|
execute 'docker compose pull' do
|
|
command 'docker compose pull --quiet'
|
|
cwd '/opt/mailcow-dockerized'
|
|
action :run
|
|
end
|
|
|
|
execute 'docker compose up -d' do
|
|
command 'docker compose up -d'
|
|
cwd '/opt/mailcow-dockerized'
|
|
action :run
|
|
end
|
|
|
|
### TLSA monitoring |