From d514ef44cb7278210bd10854737d5d03e75a8382 Mon Sep 17 00:00:00 2001 From: Felix Bartels <1257835+fbartels@users.noreply.github.com> Date: Fri, 28 Aug 2020 09:48:32 +0200 Subject: [PATCH] implement new env variable to disable all automatic actions (#434) * implement new env variable to disable all automatic actions fixes https://github.com/zokradonh/kopano-docker/issues/360 * wrap the remaining services in checks if autoconfigure/disable_checks is used * move definition of AUTOCONFIGURE variable into base image * add logic to kapps and kdav container * add autoconfigure to konnect container * update build stage to latest golang * add autoconfig to remaining images * delete obsolete apache config in z-push folder * when specifying config paths use KOPANO_CONFIG_PATH * also use env variable in helper scripts * add message about removal of kopano-cli --- base/Dockerfile | 1 + core/bin/kopano-autorespond | 2 +- core/bin/kopano-cli | 7 +- core/start-service.sh | 270 ++++++++++++++++++++---------------- kapps/start-service.sh | 111 ++++++++------- kdav/start.sh | 90 ++++++------ konnect/Dockerfile | 6 +- konnect/wrapper.sh | 182 ++++++++++++------------ kwmbridge/Dockerfile | 4 +- kwmbridge/wrapper.sh | 30 ++-- kwmserver/Dockerfile | 4 +- kwmserver/wrapper.sh | 30 ++-- meet/start-service.sh | 106 +++++++------- web/Dockerfile | 2 +- web/wrapper.sh | 2 +- webapp/start.sh | 132 +++++++++--------- zpush/apache2-kopano.conf | 8 -- zpush/start.sh | 196 +++++++++++++------------- 18 files changed, 617 insertions(+), 566 deletions(-) delete mode 100644 zpush/apache2-kopano.conf diff --git a/base/Dockerfile b/base/Dockerfile index 7b026f7..4020b88 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -11,6 +11,7 @@ ARG KOPANO_UID=999 ARG KOPANO_GID=999 ENV \ + AUTOCONFIGURE=true \ BASE_VERSION=2.2.0 \ DEBIAN_FRONTEND=noninteractive \ DEBUG="" diff --git a/core/bin/kopano-autorespond b/core/bin/kopano-autorespond index 70f4ed6..eb7714f 100755 --- a/core/bin/kopano-autorespond +++ b/core/bin/kopano-autorespond @@ -1,3 +1,3 @@ #!/bin/bash -/usr/sbin/kopano-autorespond -C /tmp/kopano/autorespond.cfg "$@" +/usr/sbin/kopano-autorespond -C "$KOPANO_CONFIG_PATH/autorespond.cfg" "$@" diff --git a/core/bin/kopano-cli b/core/bin/kopano-cli index c57a01c..412711f 100755 --- a/core/bin/kopano-cli +++ b/core/bin/kopano-cli @@ -1,3 +1,8 @@ #!/bin/bash -/usr/sbin/kopano-cli --config /tmp/kopano/admin.cfg "$@" +if [ ! -f /usr/sbin/kopano-cli ]; then + echo "kopano-cli has been removed from Kopano Groupware Core 10 and upwards. Please use kopano-admin instead." + exit 1 +fi + +/usr/sbin/kopano-cli --config "$KOPANO_CONFIG_PATH/admin.cfg" "$@" diff --git a/core/start-service.sh b/core/start-service.sh index d8a771a..90eeb1f 100755 --- a/core/start-service.sh +++ b/core/start-service.sh @@ -4,6 +4,7 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr [ "$DEBUG" ] && set -x ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} +AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions KCCONF_SERVER_MYSQL_SOCKET=${KCCONF_SERVER_MYSQL_SOCKET:-""} DISABLE_CHECKS=${DISABLE_CHECKS:-false} DISABLE_CONFIG_CHANGES=${DISABLE_CONFIG_CHANGES:-false} @@ -16,47 +17,50 @@ KCCONF_SPOOLER_SERVER_SOCKET=${KCCONF_SPOOLER_SERVER_SOCKET:-"file:///var/run/ko KOPANO_CON=${KOPANO_CON:-"file:///var/run/kopano/server.sock"} KCCONF_SPOOLER_SMTP_SERVER=${KCCONF_SPOOLER_SMTP_SERVER:-mail} KCCONF_SPOOLER_SMTP_PORT=${KCCONF_SPOOLER_SMTP_PORT:-25} +KOPANO_CONFIG_PATH=${KOPANO_CONFIG_PATH:-/tmp/kopano} -# copy configuration files to /tmp/kopano to prevent modification of mounted config files -mkdir -p /tmp/kopano -cp /etc/kopano/*.cfg /tmp/kopano +if [ "${AUTOCONFIGURE}" == true ]; then + # copy configuration files to /tmp/kopano (default value of $KOPANO_CONFIG_PATH) to prevent modification of mounted config files + mkdir -p /tmp/kopano + cp /etc/kopano/*.cfg /tmp/kopano -if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then - echo "Invalid service specified: $SERVICE_TO_START" | ts - exit 1 + if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then + echo "Invalid service specified: $SERVICE_TO_START" | ts + exit 1 + fi + + # Hint: this is not compatible with a read-only container. + # The general recommendation is to already build a container that has all required packages installed. + ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') + if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" + else + echo "INFO: $installpkg is already installed" + fi + done + else + echo "Notice: Container is run read-only, skipping package installation." + echo "If you want to have additional packages installed in the container either:" + echo "- build your own image with the packages already included" + echo "- switch the container to 'read_only: false'" + fi + + mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano + + # TODO is this still required now that we won't modify configuration mounted to /etc/kopano? + if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then + echo "Configure core service '$SERVICE_TO_START'" | ts + /kopano/"$SERVICE_TO_START".py + fi + + # ensure removed pid-file on unclean shutdowns and mounted volumes + rm -f /var/run/kopano/"$SERVICE_TO_START".pid fi -# Hint: this is not compatible with a read-only container. -# The general recommendation is to already build a container that has all required packages installed. -ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') -if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - # shellcheck disable=SC2016 disable=SC2086 - if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then - DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" - else - echo "INFO: $installpkg is already installed" - fi - done -else - echo "Notice: Container is run read-only, skipping package installation." - echo "If you want to have additional packages installed in the container either:" - echo "- build your own image with the packages already included" - echo "- switch the container to 'read_only: false'" -fi - -mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano - -# TODO is this still required now that we won't modify configuration mounted to /etc/kopano? -if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then - echo "Configure core service '$SERVICE_TO_START'" | ts - /kopano/"$SERVICE_TO_START".py -fi - -# ensure removed pid-file on unclean shutdowns and mounted volumes -rm -f /var/run/kopano/"$SERVICE_TO_START".pid - coreversion=$(dpkg-query --showformat='${Version}' --show kopano-server) echo "Using Kopano Groupware Core: $coreversion" @@ -67,7 +71,7 @@ if [ $# -gt 0 ]; then fi # services need to be aware of the machine-id -if [[ "$DISABLE_CHECKS" == false ]]; then +if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then dockerize \ -wait file:///etc/machine-id \ -wait file:///var/lib/dbus/machine-id @@ -119,78 +123,88 @@ fi # start regular service case "$SERVICE_TO_START" in server) - echo "Set ownership" | ts - mkdir -p /kopano/data/attachments - chown kopano:kopano /kopano/data/ /kopano/data/attachments - - if [[ "$DISABLE_CHECKS" == false ]]; then - # determine db connection mode (unix vs. network socket) - if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then - DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET" - else - DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT" - fi + if [ "${AUTOCONFIGURE}" == true ]; then + echo "Set ownership" | ts + mkdir -p /kopano/data/attachments + chown kopano:kopano /kopano/data/ /kopano/data/attachments - dockerize \ - -wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \ - -wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \ - -wait "$DB_CON" \ - -timeout 360s - fi - # pre populate database - if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then - kopano-dbadm -c /tmp/kopano/server.cfg populate + if [[ "$DISABLE_CHECKS" == false ]]; then + # determine db connection mode (unix vs. network socket) + if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then + DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET" + else + DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT" + fi + + dockerize \ + -wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \ + -wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \ + -wait "$DB_CON" \ + -timeout 360s + fi + # pre populate database + if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then + kopano-dbadm -c "$KOPANO_CONFIG_PATH/server.cfg" populate + fi fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -F ;; dagent) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -l ;; gateway) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -F ;; ical) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -F ;; grapi) - LC_CTYPE=en_US.UTF-8 - export socket_path=/var/run/kopano/grapi - export pid_file="$socket_path/grapi.pid" - mkdir -p "$socket_path" /var/lib/kopano-grapi - chown -R kapi:kopano "$socket_path" - chown kapi:kopano /var/lib/kopano-grapi - # TODO there could be a case where multiple backends are desired - case $GRAPI_BACKEND in - ldap) - [ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}" - [ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}" - [ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}" - if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then - bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")" - export LDAP_BINDPW="${bindpw}" - fi - ;; - esac - sed s/\ *=\ */=/g /tmp/kopano/grapi.cfg > /tmp/grapi-env - # shellcheck disable=SC2046 - export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n') + if [ "${AUTOCONFIGURE}" == true ]; then + LC_CTYPE=en_US.UTF-8 + export socket_path=/var/run/kopano/grapi + export pid_file="$socket_path/grapi.pid" + mkdir -p "$socket_path" /var/lib/kopano-grapi + chown -R kapi:kopano "$socket_path" + chown kapi:kopano /var/lib/kopano-grapi + # TODO there could be a case where multiple backends are desired + case $GRAPI_BACKEND in + ldap) + [ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}" + [ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}" + [ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}" + if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then + bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")" + export LDAP_BINDPW="${bindpw}" + fi + ;; + esac + sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/grapi.cfg" > /tmp/grapi-env + # shellcheck disable=SC2046 + export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n') + fi # cleaning up env variables unset "${!KCCONF_@}" # the backend option is only available in more recent versions of grapi @@ -203,65 +217,75 @@ grapi) fi ;; kapi) - mkdir -p /kopano/data/kapi-kvs - if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then - dockerize \ - -skip-tls-verify \ - -wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \ - -timeout 360s - else - dockerize \ - -wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ]; then + mkdir -p /kopano/data/kapi-kvs + if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then + dockerize \ + -skip-tls-verify \ + -wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \ + -timeout 360s + else + dockerize \ + -wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \ + -timeout 360s + fi + LC_CTYPE=en_US.UTF-8 + sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/kapid.cfg" > /tmp/kapid-env + # shellcheck disable=SC2046 + export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n') + "$EXE" setup fi - kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid) - echo "Using Kopano Kapi: $kapiversion" - LC_CTYPE=en_US.UTF-8 - sed s/\ *=\ */=/g /tmp/kopano/kapid.cfg > /tmp/kapid-env - # shellcheck disable=SC2046 - export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n') - "$EXE" setup # cleaning up env variables unset "${!KCCONF_@}" + kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid) + echo "Using Kopano Kapi: $kapiversion" exec "$EXE" serve --log-timestamp=false ;; monitor) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -F ;; search) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s - # give kopano-server a moment to settler before starting search - sleep 5 + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + # give kopano-server a moment to settler before starting search + sleep 5 + fi # cleaning up env variables unset "${!KCCONF_@}" # with commit 702bb3fccb3 search does not need -F any longer searchversion=$(dpkg-query --showformat='${Version}' --show kopano-search) if dpkg --compare-versions "$searchversion" "gt" "8.7.82.165"; then - exec "$EXE" --config /tmp/kopano/search.cfg + exec "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg" else - exec /usr/bin/python3 "$EXE" --config /tmp/kopano/search.cfg -F + exec /usr/bin/python3 "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg" -F fi ;; spamd) - dockerize \ - -wait "$KOPANO_CON" \ - -timeout 360s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -timeout 360s + fi # cleaning up env variables unset "${!KCCONF_@}" - exec "$EXE" --config /tmp/kopano/spamd.cfg -F + exec "$EXE" --config "$KOPANO_CONFIG_PATH/spamd.cfg" -F ;; spooler) - dockerize \ - -wait "$KOPANO_CON" \ - -wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \ - -timeout 1080s + if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then + dockerize \ + -wait "$KOPANO_CON" \ + -wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \ + -timeout 1080s + fi # cleaning up env variables unset "${!KCCONF_@}" exec "$EXE" -F diff --git a/kapps/start-service.sh b/kapps/start-service.sh index f5de139..8e1132e 100755 --- a/kapps/start-service.sh +++ b/kapps/start-service.sh @@ -1,16 +1,19 @@ #!/bin/bash ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} +AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions set -eu # unset variables are errors & non-zero return values exit the whole script [ "$DEBUG" ] && set -x -# copy configuration files to /tmp/kopano to prevent modification of mounted config files -mkdir -p /tmp/kopano -cp /etc/kopano/*.cfg /tmp/kopano +if [ "${AUTOCONFIGURE}" == true ]; then + # copy configuration files to /tmp/kopano to prevent modification of mounted config files + mkdir -p /tmp/kopano + cp /etc/kopano/*.cfg /tmp/kopano -echo "Applying cfg changes from env" -/usr/bin/python3 /kopano/cfg-from-env.py + echo "Applying cfg changes from env" + /usr/bin/python3 /kopano/cfg-from-env.py +fi meetversion=$(dpkg-query --showformat='${Version}' --show kopano-calendar-webapp) echo "Using Kopano Calendar: $meetversion" @@ -21,58 +24,60 @@ if [ $# -gt 0 ]; then exit fi -cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json -CONFIG_JSON="/tmp/calendar.json" -# TODO move into extra file to make it easier to reuse -echo "Updating $CONFIG_JSON" -for setting in $(compgen -A variable KCCONF_CALENDAR); do - setting2=${setting#KCCONF_CALENDAR_} - # dots in setting2 need to be escaped to not be handled as separate entities in the json file - case ${!setting} in - true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]) - jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON - ;; - *) - jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON - ;; - esac -done +if [ "${AUTOCONFIGURE}" == true ]; then + cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json + CONFIG_JSON="/tmp/calendar.json" + # TODO move into extra file to make it easier to reuse + echo "Updating $CONFIG_JSON" + for setting in $(compgen -A variable KCCONF_CALENDAR); do + setting2=${setting#KCCONF_CALENDAR_} + # dots in setting2 need to be escaped to not be handled as separate entities in the json file + case ${!setting} in + true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]) + jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON + ;; + *) + jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON + ;; + esac + done -# Populate app grid -# TODO move into extra file to make it easier to reuse -# Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps. + # Populate app grid + # TODO move into extra file to make it easier to reuse + # Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps. -# enable Kopano Konnect in the app grid -if [ "${GRID_KONNECT:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON + # enable Kopano Konnect in the app grid + if [ "${GRID_KONNECT:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano Meet in the app grid + if [ "${GRID_MEET:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano WebApp in the app grid + if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano WebApp in the app grid + if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env + # always disable tls + export tls=no + # shellcheck disable=SC2046 + export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n') + + # services need to be aware of the machine-id + dockerize \ + -wait file:///etc/machine-id \ + -wait file:///var/lib/dbus/machine-id fi -# enable Kopano Meet in the app grid -if [ "${GRID_MEET:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -# enable Kopano WebApp in the app grid -if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -# enable Kopano WebApp in the app grid -if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env -# always disable tls -export tls=no -# shellcheck disable=SC2046 -export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n') - -# services need to be aware of the machine-id -dockerize \ - -wait file:///etc/machine-id \ - -wait file:///var/lib/dbus/machine-id - # cleaning up env variables unset "${!KCCONF_@}" exec kopano-kwebd serve diff --git a/kdav/start.sh b/kdav/start.sh index 4318b7d..9a6e495 100755 --- a/kdav/start.sh +++ b/kdav/start.sh @@ -1,57 +1,61 @@ #!/bin/bash +ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} +AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions + # define default value for serverhostname and serverport if not passed into container KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1} KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-236} -ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} set -eu # unset variables are errors & non-zero return values exit the whole script [ "$DEBUG" ] && set -x -# Hint: this is not compatible with a read-only container. -# The general recommendation is to already build a container that has all required packages installed. -ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') -if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - # shellcheck disable=SC2016 disable=SC2086 - if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then - apt --assume-yes --no-upgrade install "$installpkg" - fi - done -else - echo "Notice: Container is run read-only, skipping package installation." - echo "If you want to have additional packages installed in the container either:" - echo "- build your own image with the packages already included" - echo "- switch the container to 'read_only: false'" +if [ "${AUTOCONFIGURE}" == true ]; then + # Hint: this is not compatible with a read-only container. + # The general recommendation is to already build a container that has all required packages installed. + ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') + if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + apt --assume-yes --no-upgrade install "$installpkg" + fi + done + else + echo "Notice: Container is run read-only, skipping package installation." + echo "If you want to have additional packages installed in the container either:" + echo "- build your own image with the packages already included" + echo "- switch the container to 'read_only: false'" + fi + + echo "Ensure directories" + mkdir -p /run/sessions + + CONFIG_PHP=/tmp/config.php + # copy latest config template. This should be the mount point for preexisting config files. + cp /usr/share/kdav/config.php.dist $CONFIG_PHP + + if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then + echo "kDAV is using the default: connection" + else + echo "kDAV is using an ip connection" + sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \ + -i $CONFIG_PHP + fi + + # change root uri to /kdav + sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP + + echo "Ensure config ownership" + chown -R www-data:www-data /run/sessions + + # services need to be aware of the machine-id + #dockerize \ + # -wait file:///etc/machine-id \ + # -wait file:///var/lib/dbus/machine-id fi -echo "Ensure directories" -mkdir -p /run/sessions - -CONFIG_PHP=/tmp/config.php -# copy latest config template. This should be the mount point for preexisting config files. -cp /usr/share/kdav/config.php.dist $CONFIG_PHP - -if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then - echo "kDAV is using the default: connection" -else - echo "kDAV is using an ip connection" - sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \ - -i $CONFIG_PHP -fi - -# change root uri to /kdav -sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP - -echo "Ensure config ownership" -chown -R www-data:www-data /run/sessions - -# services need to be aware of the machine-id -#dockerize \ -# -wait file:///etc/machine-id \ -# -wait file:///var/lib/dbus/machine-id - touch /var/log/kdav/kdav.log chown www-data:www-data /var/log/kdav/kdav.log tail --pid=$$ -F --lines=0 -q /var/log/kdav/kdav.log & diff --git a/konnect/Dockerfile b/konnect/Dockerfile index adc5c97..afcd58a 100644 --- a/konnect/Dockerfile +++ b/konnect/Dockerfile @@ -1,6 +1,6 @@ ARG CODE_VERSION=0.33.5 -FROM golang:1.13.5-alpine3.10 as builder-sponge +FROM golang:1.15-alpine3.12 as builder-sponge RUN apk add --no-cache git RUN go get -d -v github.com/go-moreutils/sponge @@ -10,7 +10,9 @@ FROM kopano/konnectd:${CODE_VERSION} ARG CODE_VERSION -ENV CODE_VERSION="${CODE_VERSION}" \ +ENV \ + AUTOCONFIGURE=true \ + CODE_VERSION="${CODE_VERSION}" \ DEBUG="" \ FQDN=localhost \ KONNECT_BACKEND="kc" \ diff --git a/konnect/wrapper.sh b/konnect/wrapper.sh index 3a50f98..1b1232a 100755 --- a/konnect/wrapper.sh +++ b/konnect/wrapper.sh @@ -11,105 +11,107 @@ if [ $# -gt 0 ]; then exit fi -signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"} -validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"} +if [ "${AUTOCONFIGURE}" = true ]; then + signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"} + validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"} -if ! true >> "$signing_private_key"; then - # file can not be created in this container, wait for external creation - dockerize \ - -wait file://"$signing_private_key" \ - -timeout "$DOCKERIZE_TIMEOUT" -fi - -if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then - mkdir -p "${validation_keys_path}" - rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2) - key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem" - >&2 echo "setup: creating new RSA private key at ${key} ..." - RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 - if [ -f "${key}" ]; then - rm "$signing_private_key" - ln -sn "${key}" "${signing_private_key}" + if ! true >> "$signing_private_key"; then + # file can not be created in this container, wait for external creation + dockerize \ + -wait file://"$signing_private_key" \ + -timeout "$DOCKERIZE_TIMEOUT" fi -fi -encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"} -if ! true >> "$encryption_secret_key"; then - # file can not be created in this container, wait for external creation - dockerize \ - -wait file://"$encryption_secret_key" \ - -timeout "$DOCKERIZE_TIMEOUT" -fi - -if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then - >&2 echo "setup: creating new secret key at ${encryption_secret_key} ..." - RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32 -fi - -CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml - -if [ "${allow_client_guests:-}" = "yes" ]; then - # Create working copy by merging packaged example in /etc/kopano with passed registration conf - yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON" - - # only modify identifier registration if it does not already contain the right settings - if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then - - # TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet - ecparam=${ecparam:-/etc/kopano/ecparam.pem} - if ! true >> "$ecparam"; then - # ecparam can not be created in this container, wait for external creation - dockerize \ - -wait file://"$ecparam" \ - -timeout "$DOCKERIZE_TIMEOUT" + if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then + mkdir -p "${validation_keys_path}" + rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2) + key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem" + >&2 echo "setup: creating new RSA private key at ${key} ..." + RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 + if [ -f "${key}" ]; then + rm "$signing_private_key" + ln -sn "${key}" "${signing_private_key}" fi - - eckey=${eckey:-/etc/kopano/meet-kwmserver.pem} - if ! true >> "$eckey"; then - # eckey can not be created in this container, wait for external creation - dockerize \ - -wait file://"$eckey" \ - -timeout "$DOCKERIZE_TIMEOUT" - fi - - # Key generation for Meet guest mode - if [ ! -s "$ecparam" ]; then - echo "Creating ec param key for Meet guest mode ..." - openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1 - fi - - if [ ! -s "$eckey" ]; then - echo "Creating ec private key for Meet guest mode..." - openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1 - fi - - echo "Entrypoint: Patching identifier registration for use of the Meet guest mode" - "$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json - #yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON - yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml - yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf" - else - echo "Entrypoint: Skipping guest mode configuration, as it is already configured." fi -fi -if [ "${external_oidc_provider:-}" = "yes" ]; then - # Create working copy by merging packaged example in /etc/kopano with passed registration conf - yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON" + encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"} + if ! true >> "$encryption_secret_key"; then + # file can not be created in this container, wait for external creation + dockerize \ + -wait file://"$encryption_secret_key" \ + -timeout "$DOCKERIZE_TIMEOUT" + fi - echo "Patching identifier registration for external OIDC provider" - echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml - yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf" + if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then + >&2 echo "setup: creating new secret key at ${encryption_secret_key} ..." + RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32 + fi - echo "Checking if external OIDC provider is reachable" - dockerize \ - -wait "$external_oidc_url"/.well-known/openid-configuration \ - -timeout "$DOCKERIZE_TIMEOUT" + CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml - reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer) - if [ -n "${external_oidc_url##$reported_issuer}" ] ;then - echo "Error: The Issuer does not match the configured url" - exit 1 + if [ "${allow_client_guests:-}" = "yes" ]; then + # Create working copy by merging packaged example in /etc/kopano with passed registration conf + yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON" + + # only modify identifier registration if it does not already contain the right settings + if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then + + # TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet + ecparam=${ecparam:-/etc/kopano/ecparam.pem} + if ! true >> "$ecparam"; then + # ecparam can not be created in this container, wait for external creation + dockerize \ + -wait file://"$ecparam" \ + -timeout "$DOCKERIZE_TIMEOUT" + fi + + eckey=${eckey:-/etc/kopano/meet-kwmserver.pem} + if ! true >> "$eckey"; then + # eckey can not be created in this container, wait for external creation + dockerize \ + -wait file://"$eckey" \ + -timeout "$DOCKERIZE_TIMEOUT" + fi + + # Key generation for Meet guest mode + if [ ! -s "$ecparam" ]; then + echo "Creating ec param key for Meet guest mode ..." + openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1 + fi + + if [ ! -s "$eckey" ]; then + echo "Creating ec private key for Meet guest mode..." + openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1 + fi + + echo "Entrypoint: Patching identifier registration for use of the Meet guest mode" + "$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json + #yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON + yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml + yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf" + else + echo "Entrypoint: Skipping guest mode configuration, as it is already configured." + fi + fi + + if [ "${external_oidc_provider:-}" = "yes" ]; then + # Create working copy by merging packaged example in /etc/kopano with passed registration conf + yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON" + + echo "Patching identifier registration for external OIDC provider" + echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml + yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf" + + echo "Checking if external OIDC provider is reachable" + dockerize \ + -wait "$external_oidc_url"/.well-known/openid-configuration \ + -timeout "$DOCKERIZE_TIMEOUT" + + reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer) + if [ -n "${external_oidc_url##$reported_issuer}" ] ;then + echo "Error: The Issuer does not match the configured url" + exit 1 + fi fi fi diff --git a/kwmbridge/Dockerfile b/kwmbridge/Dockerfile index f1e4211..b1feaa2 100644 --- a/kwmbridge/Dockerfile +++ b/kwmbridge/Dockerfile @@ -2,7 +2,9 @@ ARG CODE_VERSION=0.1.0 FROM kopano/kwmbridged:${CODE_VERSION} ARG CODE_VERSION -ENV CODE_VERSION="${CODE_VERSION}" +ENV \ + AUTOCONFIGURE=true \ + CODE_VERSION="${CODE_VERSION}" LABEL maintainer=az@zok.xyz \ org.label-schema.name="Kopano Kwmbridge container" \ diff --git a/kwmbridge/wrapper.sh b/kwmbridge/wrapper.sh index 3d10661..19ba9dc 100755 --- a/kwmbridge/wrapper.sh +++ b/kwmbridge/wrapper.sh @@ -45,21 +45,23 @@ if [ "$INSECURE" = "yes" ]; then set -- "$@" --insecure fi -if [ "$INSECURE" = "yes" ]; then - dockerize \ - -skip-tls-verify \ - -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ - -timeout 360s -else - dockerize \ - -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ - -timeout 360s -fi +if [ "${AUTOCONFIGURE}" = true ]; then + if [ "$INSECURE" = "yes" ]; then + dockerize \ + -skip-tls-verify \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s + else + dockerize \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s + fi -# services need to be aware of the machine-id -dockerize \ - -wait file:///etc/machine-id \ - -wait file:///var/lib/dbus/machine-id + # services need to be aware of the machine-id + dockerize \ + -wait file:///etc/machine-id \ + -wait file:///var/lib/dbus/machine-id +fi exec kwmbridged serve \ "$@" diff --git a/kwmserver/Dockerfile b/kwmserver/Dockerfile index 4e319a6..f7a5501 100644 --- a/kwmserver/Dockerfile +++ b/kwmserver/Dockerfile @@ -2,7 +2,9 @@ ARG CODE_VERSION=1.2.0 FROM kopano/kwmserverd:${CODE_VERSION} ARG CODE_VERSION -ENV CODE_VERSION="${CODE_VERSION}" +ENV \ + AUTOCONFIGURE=true \ + CODE_VERSION="${CODE_VERSION}" LABEL maintainer=az@zok.xyz \ org.label-schema.name="Kopano Kwmserver container" \ diff --git a/kwmserver/wrapper.sh b/kwmserver/wrapper.sh index f0a29e4..646a57f 100755 --- a/kwmserver/wrapper.sh +++ b/kwmserver/wrapper.sh @@ -68,21 +68,23 @@ if [ -n "${public_guest_access_regexp:-}" ]; then set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp" fi -if [ "$INSECURE" = "yes" ]; then - dockerize \ - -skip-tls-verify \ - -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ - -timeout 360s -else - dockerize \ - -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ - -timeout 360s -fi +if [ "${AUTOCONFIGURE}" = true ]; then + if [ "$INSECURE" = "yes" ]; then + dockerize \ + -skip-tls-verify \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s + else + dockerize \ + -wait "$oidc_issuer_identifier"/.well-known/openid-configuration \ + -timeout 360s + fi -# services need to be aware of the machine-id -dockerize \ - -wait file:///etc/machine-id \ - -wait file:///var/lib/dbus/machine-id + # services need to be aware of the machine-id + dockerize \ + -wait file:///etc/machine-id \ + -wait file:///var/lib/dbus/machine-id +fi registration_conf=${registration_conf:-/etc/kopano/kwmserverd-registration.yaml} diff --git a/meet/start-service.sh b/meet/start-service.sh index 9b5bc45..fd0281c 100755 --- a/meet/start-service.sh +++ b/meet/start-service.sh @@ -5,12 +5,14 @@ ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""} set -eu # unset variables are errors & non-zero return values exit the whole script [ "$DEBUG" ] && set -x -# copy configuration files to /tmp/kopano to prevent modification of mounted config files -mkdir -p /tmp/kopano -cp /etc/kopano/*.cfg /tmp/kopano +if [ "${AUTOCONFIGURE}" == true ]; then + # copy configuration files to /tmp/kopano to prevent modification of mounted config files + mkdir -p /tmp/kopano + cp /etc/kopano/*.cfg /tmp/kopano -echo "Applying cfg changes from env" -/usr/bin/python3 /kopano/cfg-from-env.py + echo "Applying cfg changes from env" + /usr/bin/python3 /kopano/cfg-from-env.py +fi meetversion=$(dpkg-query --showformat='${Version}' --show kopano-meet-webapp) echo "Using Kopano Meet: $meetversion" @@ -21,55 +23,57 @@ if [ $# -gt 0 ]; then exit fi -cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json -CONFIG_JSON="/tmp/meet.json" -echo "Updating $CONFIG_JSON" -for setting in $(compgen -A variable KCCONF_MEET); do - setting2=${setting#KCCONF_MEET_} - # dots in setting2 need to be escaped to not be handled as separate entities in the json file - case ${!setting} in - true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]) - jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON - ;; - *) - jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON - ;; - esac -done +if [ "${AUTOCONFIGURE}" == true ]; then + cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json + CONFIG_JSON="/tmp/meet.json" + echo "Updating $CONFIG_JSON" + for setting in $(compgen -A variable KCCONF_MEET); do + setting2=${setting#KCCONF_MEET_} + # dots in setting2 need to be escaped to not be handled as separate entities in the json file + case ${!setting} in + true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]) + jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON + ;; + *) + jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON + ;; + esac + done -# Populate app grid -# Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps. -# enable Kopano Konnect in the app grid -if [ "${GRID_KONNECT:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON + # Populate app grid + # Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps. + # enable Kopano Konnect in the app grid + if [ "${GRID_KONNECT:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano Meet in the app grid + if [ "${GRID_MEET:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano WebApp in the app grid + if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + # enable Kopano WebApp in the app grid + if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then + jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON + fi + + sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env + # always disable tls + export tls=no + # shellcheck disable=SC2046 + export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n') + + # services need to be aware of the machine-id + dockerize \ + -wait file:///etc/machine-id \ + -wait file:///var/lib/dbus/machine-id fi -# enable Kopano Meet in the app grid -if [ "${GRID_MEET:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -# enable Kopano WebApp in the app grid -if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -# enable Kopano WebApp in the app grid -if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then - jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON -fi - -sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env -# always disable tls -export tls=no -# shellcheck disable=SC2046 -export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n') - -# services need to be aware of the machine-id -dockerize \ - -wait file:///etc/machine-id \ - -wait file:///var/lib/dbus/machine-id - # cleaning up env variables unset "${!KCCONF_@}" exec kopano-kwebd serve diff --git a/web/Dockerfile b/web/Dockerfile index d7dab04..06ca663 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -12,7 +12,7 @@ LABEL maintainer=az@zok.xyz \ org.label-schema.schema-version="1.0" ENV \ - AUTOCONFIG=yes \ + AUTOCONFIGURE=true \ CODE_VERSION="${CODE_VERSION}" \ DEFAULTREDIRECT="/webapp" \ KONNECTPATH=kopanoid \ diff --git a/web/wrapper.sh b/web/wrapper.sh index e79eccb..05ba2eb 100755 --- a/web/wrapper.sh +++ b/web/wrapper.sh @@ -11,7 +11,7 @@ fi export CADDYPATH="$KOPANO_KWEB_ASSETS_PATH" # services need to be aware of the machine-id -if [ "$AUTOCONFIG" = "yes" ]; then +if [ "$AUTOCONFIGURE" = true ]; then dockerize \ -wait file:///etc/machine-id \ -wait file:///var/lib/dbus/machine-id diff --git a/webapp/start.sh b/webapp/start.sh index 77dd903..6f4bd74 100755 --- a/webapp/start.sh +++ b/webapp/start.sh @@ -9,75 +9,77 @@ ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS:-""} set -eu # unset variables are errors & non-zero return values exit the whole script [ "$DEBUG" ] && set -x -# shellcheck source=php/start-helper.sh -source /kopano/start-helper.sh +if [ "${AUTOCONFIGURE}" == true ]; then + # shellcheck source=php/start-helper.sh + source /kopano/start-helper.sh -# Hint: this is not compatible with a read-only container. -# The general recommendation is to already build a container that has all required packages installed. -ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS" -ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') -if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - # shellcheck disable=SC2016 disable=SC2086 - if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then - DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" - else - echo "INFO: $installpkg is already installed" - fi + # Hint: this is not compatible with a read-only container. + # The general recommendation is to already build a container that has all required packages installed. + ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS" + ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') + if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" + else + echo "INFO: $installpkg is already installed" + fi + done + else + echo "Notice: Container is run read-only, skipping package installation." + echo "If you want to have additional packages installed in the container either:" + echo "- build your own image with the packages already included" + echo "- switch the container to 'read_only: false'" + fi + + # copy latest config template + mkdir -p /tmp/webapp/ + for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do + filename=$(basename -- "$i") + cp "$i" "/tmp/webapp/${filename%.*}" done -else - echo "Notice: Container is run read-only, skipping package installation." - echo "If you want to have additional packages installed in the container either:" - echo "- build your own image with the packages already included" - echo "- switch the container to 'read_only: false'" + + # Ensure directories exist + mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp + + phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi) + echo "Using PHP-Mapi: $phpversion" + webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp) + echo "Using Kopano WebApp: $webappversion" + + if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then + echo "Kopano WebApp is using the default: connection" + else + echo "Kopano WebApp is using an ip connection" + php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano" + fi + + # configuring webapp from env + for setting in $(compgen -A variable KCCONF_WEBAPP_); do + setting2=${setting#KCCONF_WEBAPP_} + php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}" + done + + # configuring webapp plugins from env + for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do + setting2=${setting#KCCONF_WEBAPPPLUGIN_} + filename="${setting2%%_*}" + setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_} + identifier="${filename,,}" + php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}" + done + + echo "Ensure config ownership" + chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp + + # services need to be aware of the machine-id + #dockerize \ + # -wait file:///etc/machine-id \ + # -wait file:///var/lib/dbus/machine-id fi -# copy latest config template -mkdir -p /tmp/webapp/ -for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do - filename=$(basename -- "$i") - cp "$i" "/tmp/webapp/${filename%.*}" -done - -# Ensure directories exist -mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp - -phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi) -echo "Using PHP-Mapi: $phpversion" -webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp) -echo "Using Kopano WebApp: $webappversion" - -if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then - echo "Kopano WebApp is using the default: connection" -else - echo "Kopano WebApp is using an ip connection" - php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano" -fi - -# configuring webapp from env -for setting in $(compgen -A variable KCCONF_WEBAPP_); do - setting2=${setting#KCCONF_WEBAPP_} - php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}" -done - -# configuring webapp plugins from env -for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do - setting2=${setting#KCCONF_WEBAPPPLUGIN_} - filename="${setting2%%_*}" - setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_} - identifier="${filename,,}" - php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}" -done - -echo "Ensure config ownership" -chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp - -# services need to be aware of the machine-id -#dockerize \ -# -wait file:///etc/machine-id \ -# -wait file:///var/lib/dbus/machine-id - set +u # cleaning up env variables unset "${!KCCONF_@}" diff --git a/zpush/apache2-kopano.conf b/zpush/apache2-kopano.conf deleted file mode 100644 index 993975e..0000000 --- a/zpush/apache2-kopano.conf +++ /dev/null @@ -1,8 +0,0 @@ - - DocumentRoot /var/www/ - - LogFormat "%{X-Forwarded-For}i %{%a %b %d %T %Y}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy - ErrorLog "|/bin/cat" - CustomLog "|/bin/cat" proxy - - diff --git a/zpush/start.sh b/zpush/start.sh index 783a12b..4269597 100755 --- a/zpush/start.sh +++ b/zpush/start.sh @@ -39,106 +39,108 @@ php_cfg_gen() { fi } -# Hint: this is not compatible with a read-only container. -# The general recommendation is to already build a container that has all required packages installed. -ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') -if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update - [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do - # shellcheck disable=SC2016 disable=SC2086 - if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then - DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" - else - echo "INFO: $installpkg is already installed" - fi +if [ "${AUTOCONFIGURE}" == true ]; then + # Hint: this is not compatible with a read-only container. + # The general recommendation is to already build a container that has all required packages installed. + ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"') + if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update + [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do + # shellcheck disable=SC2016 disable=SC2086 + if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then + DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg" + else + echo "INFO: $installpkg is already installed" + fi + done + else + echo "Notice: Container is run read-only, skipping package installation." + echo "If you want to have additional packages installed in the container either:" + echo "- build your own image with the packages already included" + echo "- switch the container to 'read_only: false'" + fi + + # copy latest config template + mkdir -p /tmp/z-push/ + for i in /etc/z-push/*.dist; do + filename=$(basename -- "$i") + cp "$i" "/tmp/z-push/${filename%.*}" done -else - echo "Notice: Container is run read-only, skipping package installation." - echo "If you want to have additional packages installed in the container either:" - echo "- build your own image with the packages already included" - echo "- switch the container to 'read_only: false'" + + # Ensure directories + mkdir -p /run/sessions + + phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi) + echo "Using PHP-Mapi: $phpversion" + zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano) + echo "Using Z-Push: $zpushversion" + + if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then + echo "Z-Push is using the default: connection" + else + echo "Z-Push is using an ip connection" + php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano" + fi + + echo "Configuring Z-Push for use behind a reverse proxy" + php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR + + # configuring z-push from env + for setting in $(compgen -A variable KCCONF_ZPUSH_); do + setting2=${setting#KCCONF_ZPUSH_} + php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}" + done + + # configuring autodiscover + for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do + setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_} + php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}" + done + + # configuring z-push gabsync + php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM + + for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do + setting2=${setting#KCCONF_ZPUSHGAVSYNC_} + php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}" + done + + # configuring z-push sql state engine + for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do + setting2=${setting#KCCONF_ZPUSHSQL_} + php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}" + done + + # configuring z-push memcached + for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do + setting2=${setting#KCCONF_ZPUSHMEMCACHED_} + php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}" + done + + # configuring z-push gab2contacts + for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do + setting2=${setting#KCCONF_ZPUSHSQL_} + php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}" + done + + # configuring z-push shared folders + perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php + echo -e " \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php + echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do + eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')" + echo -e " array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php + done + echo -e ' );' >> /tmp/z-push/z-push.conf.php + + echo "Ensure config ownership" + chown -R www-data:www-data /run/sessions + + # services need to be aware of the machine-id + #dockerize \ + # -wait file:///etc/machine-id \ + # -wait file:///var/lib/dbus/machine-id fi -# copy latest config template -mkdir -p /tmp/z-push/ -for i in /etc/z-push/*.dist; do - filename=$(basename -- "$i") - cp "$i" "/tmp/z-push/${filename%.*}" -done - -# Ensure directories -mkdir -p /run/sessions - -phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi) -echo "Using PHP-Mapi: $phpversion" -zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano) -echo "Using Z-Push: $zpushversion" - -if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then - echo "Z-Push is using the default: connection" -else - echo "Z-Push is using an ip connection" - php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano" -fi - -echo "Configuring Z-Push for use behind a reverse proxy" -php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR - -# configuring z-push from env -for setting in $(compgen -A variable KCCONF_ZPUSH_); do - setting2=${setting#KCCONF_ZPUSH_} - php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}" -done - -# configuring autodiscover -for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do - setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_} - php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}" -done - -# configuring z-push gabsync -php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM - -for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do - setting2=${setting#KCCONF_ZPUSHGAVSYNC_} - php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}" -done - -# configuring z-push sql state engine -for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do - setting2=${setting#KCCONF_ZPUSHSQL_} - php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}" -done - -# configuring z-push memcached -for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do - setting2=${setting#KCCONF_ZPUSHMEMCACHED_} - php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}" -done - -# configuring z-push gab2contacts -for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do - setting2=${setting#KCCONF_ZPUSHSQL_} - php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}" -done - -# configuring z-push shared folders -perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php -echo -e " \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php -echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do - eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')" - echo -e " array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php -done -echo -e ' );' >> /tmp/z-push/z-push.conf.php - -echo "Ensure config ownership" -chown -R www-data:www-data /run/sessions - -# services need to be aware of the machine-id -#dockerize \ -# -wait file:///etc/machine-id \ -# -wait file:///var/lib/dbus/machine-id - echo "Activate z-push log rerouting" mkdir -p /var/log/z-push/ touch /var/log/z-push/{z-push.log,z-push-error.log,autodiscover.log,autodiscover-error.log}