flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-10-31 10:27:14 +00:00
Code Issues Releases Wiki Activity

implement new env variable to disable all automatic actions (#434)

Browse Source 
* implement new env variable to disable all automatic actions

fixes https://github.com/zokradonh/kopano-docker/issues/360

* wrap the remaining services in checks if autoconfigure/disable_checks is used
* move definition of AUTOCONFIGURE variable into base image
* add logic to kapps and kdav container
* add autoconfigure to konnect container
* update build stage to latest golang
* add autoconfig to remaining images
* delete obsolete apache config in z-push folder
* when specifying config paths use KOPANO_CONFIG_PATH
* also use env variable in helper scripts
* add message about removal of kopano-cli
This commit is contained in:
Felix Bartels 2020-08-28 09:48:32 +02:00 committed by GitHub
parent 3d7ff97aab
commit d514ef44cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 617 additions and 566 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
base/Dockerfile
View File

@ -11,6 +11,7 @@ ARG KOPANO_UID=999
ARG KOPANO_GID=999
ENV \
AUTOCONFIGURE=true \
BASE_VERSION=2.2.0 \
DEBIAN_FRONTEND=noninteractive \
DEBUG=""

2
core/bin/kopano-autorespond
View File

@ -1,3 +1,3 @@
#!/bin/bash
/usr/sbin/kopano-autorespond -C /tmp/kopano/autorespond.cfg "$@"
/usr/sbin/kopano-autorespond -C "$KOPANO_CONFIG_PATH/autorespond.cfg" "$@"

7
core/bin/kopano-cli
View File

@ -1,3 +1,8 @@
#!/bin/bash
/usr/sbin/kopano-cli --config /tmp/kopano/admin.cfg "$@"
if [ ! -f /usr/sbin/kopano-cli ]; then
echo "kopano-cli has been removed from Kopano Groupware Core 10 and upwards. Please use kopano-admin instead."
exit 1
fi
/usr/sbin/kopano-cli --config "$KOPANO_CONFIG_PATH/admin.cfg" "$@"

270
core/start-service.sh
View File

@ -4,6 +4,7 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr
[ "$DEBUG" ] && set -x
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
KCCONF_SERVER_MYSQL_SOCKET=${KCCONF_SERVER_MYSQL_SOCKET:-""}
DISABLE_CHECKS=${DISABLE_CHECKS:-false}
DISABLE_CONFIG_CHANGES=${DISABLE_CONFIG_CHANGES:-false}
@ -16,47 +17,50 @@ KCCONF_SPOOLER_SERVER_SOCKET=${KCCONF_SPOOLER_SERVER_SOCKET:-"file:///var/run/ko
KOPANO_CON=${KOPANO_CON:-"file:///var/run/kopano/server.sock"}
KCCONF_SPOOLER_SMTP_SERVER=${KCCONF_SPOOLER_SMTP_SERVER:-mail}
KCCONF_SPOOLER_SMTP_PORT=${KCCONF_SPOOLER_SMTP_PORT:-25}
KOPANO_CONFIG_PATH=${KOPANO_CONFIG_PATH:-/tmp/kopano}
# copy configuration files to /tmp/kopano to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
if [ "${AUTOCONFIGURE}" == true ]; then
# copy configuration files to /tmp/kopano (default value of $KOPANO_CONFIG_PATH) to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
echo "Invalid service specified: $SERVICE_TO_START" | ts
exit 1
if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
echo "Invalid service specified: $SERVICE_TO_START" | ts
exit 1
fi
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
fi
mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano
# TODO is this still required now that we won't modify configuration mounted to /etc/kopano?
if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then
echo "Configure core service '$SERVICE_TO_START'" | ts
/kopano/"$SERVICE_TO_START".py
fi
# ensure removed pid-file on unclean shutdowns and mounted volumes
rm -f /var/run/kopano/"$SERVICE_TO_START".pid
fi
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
fi
mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano
# TODO is this still required now that we won't modify configuration mounted to /etc/kopano?
if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then
echo "Configure core service '$SERVICE_TO_START'" | ts
/kopano/"$SERVICE_TO_START".py
fi
# ensure removed pid-file on unclean shutdowns and mounted volumes
rm -f /var/run/kopano/"$SERVICE_TO_START".pid
coreversion=$(dpkg-query --showformat='${Version}' --show kopano-server)
echo "Using Kopano Groupware Core: $coreversion"
@ -67,7 +71,7 @@ if [ $# -gt 0 ]; then
fi
# services need to be aware of the machine-id
if [[ "$DISABLE_CHECKS" == false ]]; then
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
@ -119,78 +123,88 @@ fi
# start regular service
case "$SERVICE_TO_START" in
server)
echo "Set ownership" | ts
mkdir -p /kopano/data/attachments
chown kopano:kopano /kopano/data/ /kopano/data/attachments
if [[ "$DISABLE_CHECKS" == false ]]; then
# determine db connection mode (unix vs. network socket)
if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then
DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET"
else
DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT"
fi
if [ "${AUTOCONFIGURE}" == true ]; then
echo "Set ownership" | ts
mkdir -p /kopano/data/attachments
chown kopano:kopano /kopano/data/ /kopano/data/attachments
dockerize \
-wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \
-wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \
-wait "$DB_CON" \
-timeout 360s
fi
# pre populate database
if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then
kopano-dbadm -c /tmp/kopano/server.cfg populate
if [[ "$DISABLE_CHECKS" == false ]]; then
# determine db connection mode (unix vs. network socket)
if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then
DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET"
else
DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT"
fi
dockerize \
-wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \
-wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \
-wait "$DB_CON" \
-timeout 360s
fi
# pre populate database
if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then
kopano-dbadm -c "$KOPANO_CONFIG_PATH/server.cfg" populate
fi
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -F
;;
dagent)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -l
;;
gateway)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -F
;;
ical)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -F
;;
grapi)
LC_CTYPE=en_US.UTF-8
export socket_path=/var/run/kopano/grapi
export pid_file="$socket_path/grapi.pid"
mkdir -p "$socket_path" /var/lib/kopano-grapi
chown -R kapi:kopano "$socket_path"
chown kapi:kopano /var/lib/kopano-grapi
# TODO there could be a case where multiple backends are desired
case $GRAPI_BACKEND in
ldap)
[ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}"
[ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}"
[ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}"
if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then
bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")"
export LDAP_BINDPW="${bindpw}"
fi
;;
esac
sed s/\ *=\ */=/g /tmp/kopano/grapi.cfg > /tmp/grapi-env
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n')
if [ "${AUTOCONFIGURE}" == true ]; then
LC_CTYPE=en_US.UTF-8
export socket_path=/var/run/kopano/grapi
export pid_file="$socket_path/grapi.pid"
mkdir -p "$socket_path" /var/lib/kopano-grapi
chown -R kapi:kopano "$socket_path"
chown kapi:kopano /var/lib/kopano-grapi
# TODO there could be a case where multiple backends are desired
case $GRAPI_BACKEND in
ldap)
[ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}"
[ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}"
[ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}"
if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then
bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")"
export LDAP_BINDPW="${bindpw}"
fi
;;
esac
sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/grapi.cfg" > /tmp/grapi-env
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n')
fi
# cleaning up env variables
unset "${!KCCONF_@}"
# the backend option is only available in more recent versions of grapi
@ -203,65 +217,75 @@ grapi)
fi
;;
kapi)
mkdir -p /kopano/data/kapi-kvs
if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ]; then
mkdir -p /kopano/data/kapi-kvs
if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s
fi
LC_CTYPE=en_US.UTF-8
sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/kapid.cfg" > /tmp/kapid-env
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n')
"$EXE" setup
fi
kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid)
echo "Using Kopano Kapi: $kapiversion"
LC_CTYPE=en_US.UTF-8
sed s/\ *=\ */=/g /tmp/kopano/kapid.cfg > /tmp/kapid-env
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n')
"$EXE" setup
# cleaning up env variables
unset "${!KCCONF_@}"
kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid)
echo "Using Kopano Kapi: $kapiversion"
exec "$EXE" serve --log-timestamp=false
;;
monitor)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -F
;;
search)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
# give kopano-server a moment to settler before starting search
sleep 5
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
# give kopano-server a moment to settler before starting search
sleep 5
fi
# cleaning up env variables
unset "${!KCCONF_@}"
# with commit 702bb3fccb3 search does not need -F any longer
searchversion=$(dpkg-query --showformat='${Version}' --show kopano-search)
if dpkg --compare-versions "$searchversion" "gt" "8.7.82.165"; then
exec "$EXE" --config /tmp/kopano/search.cfg
exec "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg"
else
exec /usr/bin/python3 "$EXE" --config /tmp/kopano/search.cfg -F
exec /usr/bin/python3 "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg" -F
fi
;;
spamd)
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-timeout 360s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" --config /tmp/kopano/spamd.cfg -F
exec "$EXE" --config "$KOPANO_CONFIG_PATH/spamd.cfg" -F
;;
spooler)
dockerize \
-wait "$KOPANO_CON" \
-wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \
-timeout 1080s
if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
dockerize \
-wait "$KOPANO_CON" \
-wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \
-timeout 1080s
fi
# cleaning up env variables
unset "${!KCCONF_@}"
exec "$EXE" -F

111
kapps/start-service.sh
View File

@ -1,16 +1,19 @@
#!/bin/bash
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
# copy configuration files to /tmp/kopano to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
if [ "${AUTOCONFIGURE}" == true ]; then
# copy configuration files to /tmp/kopano to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
echo "Applying cfg changes from env"
/usr/bin/python3 /kopano/cfg-from-env.py
echo "Applying cfg changes from env"
/usr/bin/python3 /kopano/cfg-from-env.py
fi
meetversion=$(dpkg-query --showformat='${Version}' --show kopano-calendar-webapp)
echo "Using Kopano Calendar: $meetversion"
@ -21,58 +24,60 @@ if [ $# -gt 0 ]; then
exit
fi
cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json
CONFIG_JSON="/tmp/calendar.json"
# TODO move into extra file to make it easier to reuse
echo "Updating $CONFIG_JSON"
for setting in $(compgen -A variable KCCONF_CALENDAR); do
setting2=${setting#KCCONF_CALENDAR_}
# dots in setting2 need to be escaped to not be handled as separate entities in the json file
case ${!setting} in
true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
;;
*)
jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
;;
esac
done
if [ "${AUTOCONFIGURE}" == true ]; then
cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json
CONFIG_JSON="/tmp/calendar.json"
# TODO move into extra file to make it easier to reuse
echo "Updating $CONFIG_JSON"
for setting in $(compgen -A variable KCCONF_CALENDAR); do
setting2=${setting#KCCONF_CALENDAR_}
# dots in setting2 need to be escaped to not be handled as separate entities in the json file
case ${!setting} in
true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
;;
*)
jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
;;
esac
done
# Populate app grid
# TODO move into extra file to make it easier to reuse
# Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
# Populate app grid
# TODO move into extra file to make it easier to reuse
# Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
# enable Kopano Konnect in the app grid
if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
# enable Kopano Konnect in the app grid
if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano Meet in the app grid
if [ "${GRID_MEET:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
# always disable tls
export tls=no
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
fi
# enable Kopano Meet in the app grid
if [ "${GRID_MEET:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
# always disable tls
export tls=no
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
# cleaning up env variables
unset "${!KCCONF_@}"
exec kopano-kwebd serve

90
kdav/start.sh
View File

@ -1,57 +1,61 @@
#!/bin/bash
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
# define default value for serverhostname and serverport if not passed into container
KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-236}
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
apt --assume-yes --no-upgrade install "$installpkg"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
if [ "${AUTOCONFIGURE}" == true ]; then
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
apt --assume-yes --no-upgrade install "$installpkg"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
fi
echo "Ensure directories"
mkdir -p /run/sessions
CONFIG_PHP=/tmp/config.php
# copy latest config template. This should be the mount point for preexisting config files.
cp /usr/share/kdav/config.php.dist $CONFIG_PHP
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "kDAV is using the default: connection"
else
echo "kDAV is using an ip connection"
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
-i $CONFIG_PHP
fi
# change root uri to /kdav
sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
fi
echo "Ensure directories"
mkdir -p /run/sessions
CONFIG_PHP=/tmp/config.php
# copy latest config template. This should be the mount point for preexisting config files.
cp /usr/share/kdav/config.php.dist $CONFIG_PHP
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "kDAV is using the default: connection"
else
echo "kDAV is using an ip connection"
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
-i $CONFIG_PHP
fi
# change root uri to /kdav
sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
touch /var/log/kdav/kdav.log
chown www-data:www-data /var/log/kdav/kdav.log
tail --pid=$$ -F --lines=0 -q /var/log/kdav/kdav.log &

6
konnect/Dockerfile
View File

@ -1,6 +1,6 @@
ARG CODE_VERSION=0.33.5
FROM golang:1.13.5-alpine3.10 as builder-sponge
FROM golang:1.15-alpine3.12 as builder-sponge
RUN apk add --no-cache git
RUN go get -d -v github.com/go-moreutils/sponge
@ -10,7 +10,9 @@ FROM kopano/konnectd:${CODE_VERSION}
ARG CODE_VERSION
ENV CODE_VERSION="${CODE_VERSION}" \
ENV \
AUTOCONFIGURE=true \
CODE_VERSION="${CODE_VERSION}" \
DEBUG="" \
FQDN=localhost \
KONNECT_BACKEND="kc" \

182
konnect/wrapper.sh
View File

@ -11,105 +11,107 @@ if [ $# -gt 0 ]; then
exit
fi
signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"}
validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"}
if [ "${AUTOCONFIGURE}" = true ]; then
signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"}
validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"}
if ! true >> "$signing_private_key"; then
# file can not be created in this container, wait for external creation
dockerize \
-wait file://"$signing_private_key" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then
mkdir -p "${validation_keys_path}"
rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2)
key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem"
>&2 echo "setup: creating new RSA private key at ${key} ..."
RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537
if [ -f "${key}" ]; then
rm "$signing_private_key"
ln -sn "${key}" "${signing_private_key}"
if ! true >> "$signing_private_key"; then
# file can not be created in this container, wait for external creation
dockerize \
-wait file://"$signing_private_key" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
fi
encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"}
if ! true >> "$encryption_secret_key"; then
# file can not be created in this container, wait for external creation
dockerize \
-wait file://"$encryption_secret_key" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then
>&2 echo "setup: creating new secret key at ${encryption_secret_key} ..."
RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32
fi
CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml
if [ "${allow_client_guests:-}" = "yes" ]; then
# Create working copy by merging packaged example in /etc/kopano with passed registration conf
yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
# only modify identifier registration if it does not already contain the right settings
if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then
# TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet
ecparam=${ecparam:-/etc/kopano/ecparam.pem}
if ! true >> "$ecparam"; then
# ecparam can not be created in this container, wait for external creation
dockerize \
-wait file://"$ecparam" \
-timeout "$DOCKERIZE_TIMEOUT"
if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then
mkdir -p "${validation_keys_path}"
rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2)
key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem"
>&2 echo "setup: creating new RSA private key at ${key} ..."
RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537
if [ -f "${key}" ]; then
rm "$signing_private_key"
ln -sn "${key}" "${signing_private_key}"
fi
eckey=${eckey:-/etc/kopano/meet-kwmserver.pem}
if ! true >> "$eckey"; then
# eckey can not be created in this container, wait for external creation
dockerize \
-wait file://"$eckey" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
# Key generation for Meet guest mode
if [ ! -s "$ecparam" ]; then
echo "Creating ec param key for Meet guest mode ..."
openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1
fi
if [ ! -s "$eckey" ]; then
echo "Creating ec private key for Meet guest mode..."
openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1
fi
echo "Entrypoint: Patching identifier registration for use of the Meet guest mode"
"$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json
#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml
yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf"
else
echo "Entrypoint: Skipping guest mode configuration, as it is already configured."
fi
fi
if [ "${external_oidc_provider:-}" = "yes" ]; then
# Create working copy by merging packaged example in /etc/kopano with passed registration conf
yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"}
if ! true >> "$encryption_secret_key"; then
# file can not be created in this container, wait for external creation
dockerize \
-wait file://"$encryption_secret_key" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
echo "Patching identifier registration for external OIDC provider"
echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then
>&2 echo "setup: creating new secret key at ${encryption_secret_key} ..."
RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32
fi
echo "Checking if external OIDC provider is reachable"
dockerize \
-wait "$external_oidc_url"/.well-known/openid-configuration \
-timeout "$DOCKERIZE_TIMEOUT"
CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml
reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
echo "Error: The Issuer does not match the configured url"
exit 1
if [ "${allow_client_guests:-}" = "yes" ]; then
# Create working copy by merging packaged example in /etc/kopano with passed registration conf
yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
# only modify identifier registration if it does not already contain the right settings
if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then
# TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet
ecparam=${ecparam:-/etc/kopano/ecparam.pem}
if ! true >> "$ecparam"; then
# ecparam can not be created in this container, wait for external creation
dockerize \
-wait file://"$ecparam" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
eckey=${eckey:-/etc/kopano/meet-kwmserver.pem}
if ! true >> "$eckey"; then
# eckey can not be created in this container, wait for external creation
dockerize \
-wait file://"$eckey" \
-timeout "$DOCKERIZE_TIMEOUT"
fi
# Key generation for Meet guest mode
if [ ! -s "$ecparam" ]; then
echo "Creating ec param key for Meet guest mode ..."
openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1
fi
if [ ! -s "$eckey" ]; then
echo "Creating ec private key for Meet guest mode..."
openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1
fi
echo "Entrypoint: Patching identifier registration for use of the Meet guest mode"
"$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json
#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml
yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf"
else
echo "Entrypoint: Skipping guest mode configuration, as it is already configured."
fi
fi
if [ "${external_oidc_provider:-}" = "yes" ]; then
# Create working copy by merging packaged example in /etc/kopano with passed registration conf
yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
echo "Patching identifier registration for external OIDC provider"
echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
echo "Checking if external OIDC provider is reachable"
dockerize \
-wait "$external_oidc_url"/.well-known/openid-configuration \
-timeout "$DOCKERIZE_TIMEOUT"
reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
echo "Error: The Issuer does not match the configured url"
exit 1
fi
fi
fi

4
kwmbridge/Dockerfile
View File

@ -2,7 +2,9 @@ ARG CODE_VERSION=0.1.0
FROM kopano/kwmbridged:${CODE_VERSION}
ARG CODE_VERSION
ENV CODE_VERSION="${CODE_VERSION}"
ENV \
AUTOCONFIGURE=true \
CODE_VERSION="${CODE_VERSION}"
LABEL maintainer=az@zok.xyz \
org.label-schema.name="Kopano Kwmbridge container" \

30
kwmbridge/wrapper.sh
View File

@ -45,21 +45,23 @@ if [ "$INSECURE" = "yes" ]; then
set -- "$@" --insecure
fi
if [ "$INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
fi
if [ "${AUTOCONFIGURE}" = true ]; then
if [ "$INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
fi
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
fi
exec kwmbridged serve \
"$@"

4
kwmserver/Dockerfile
View File

@ -2,7 +2,9 @@ ARG CODE_VERSION=1.2.0
FROM kopano/kwmserverd:${CODE_VERSION}
ARG CODE_VERSION
ENV CODE_VERSION="${CODE_VERSION}"
ENV \
AUTOCONFIGURE=true \
CODE_VERSION="${CODE_VERSION}"
LABEL maintainer=az@zok.xyz \
org.label-schema.name="Kopano Kwmserver container" \

30
kwmserver/wrapper.sh
View File

@ -68,21 +68,23 @@ if [ -n "${public_guest_access_regexp:-}" ]; then
set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp"
fi
if [ "$INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
fi
if [ "${AUTOCONFIGURE}" = true ]; then
if [ "$INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
fi
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
fi
registration_conf=${registration_conf:-/etc/kopano/kwmserverd-registration.yaml}

106
meet/start-service.sh
View File

@ -5,12 +5,14 @@ ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
# copy configuration files to /tmp/kopano to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
if [ "${AUTOCONFIGURE}" == true ]; then
# copy configuration files to /tmp/kopano to prevent modification of mounted config files
mkdir -p /tmp/kopano
cp /etc/kopano/*.cfg /tmp/kopano
echo "Applying cfg changes from env"
/usr/bin/python3 /kopano/cfg-from-env.py
echo "Applying cfg changes from env"
/usr/bin/python3 /kopano/cfg-from-env.py
fi
meetversion=$(dpkg-query --showformat='${Version}' --show kopano-meet-webapp)
echo "Using Kopano Meet: $meetversion"
@ -21,55 +23,57 @@ if [ $# -gt 0 ]; then
exit
fi
cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json
CONFIG_JSON="/tmp/meet.json"
echo "Updating $CONFIG_JSON"
for setting in $(compgen -A variable KCCONF_MEET); do
setting2=${setting#KCCONF_MEET_}
# dots in setting2 need to be escaped to not be handled as separate entities in the json file
case ${!setting} in
true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
;;
*)
jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
;;
esac
done
if [ "${AUTOCONFIGURE}" == true ]; then
cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json
CONFIG_JSON="/tmp/meet.json"
echo "Updating $CONFIG_JSON"
for setting in $(compgen -A variable KCCONF_MEET); do
setting2=${setting#KCCONF_MEET_}
# dots in setting2 need to be escaped to not be handled as separate entities in the json file
case ${!setting} in
true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
;;
*)
jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
;;
esac
done
# Populate app grid
# Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
# enable Kopano Konnect in the app grid
if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
# Populate app grid
# Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
# enable Kopano Konnect in the app grid
if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano Meet in the app grid
if [ "${GRID_MEET:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
# always disable tls
export tls=no
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
fi
# enable Kopano Meet in the app grid
if [ "${GRID_MEET:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
# enable Kopano WebApp in the app grid
if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
fi
sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
# always disable tls
export tls=no
# shellcheck disable=SC2046
export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
# services need to be aware of the machine-id
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id
# cleaning up env variables
unset "${!KCCONF_@}"
exec kopano-kwebd serve

2
web/Dockerfile
View File

@ -12,7 +12,7 @@ LABEL maintainer=az@zok.xyz \
org.label-schema.schema-version="1.0"
ENV \
AUTOCONFIG=yes \
AUTOCONFIGURE=true \
CODE_VERSION="${CODE_VERSION}" \
DEFAULTREDIRECT="/webapp" \
KONNECTPATH=kopanoid \

2
web/wrapper.sh
View File

@ -11,7 +11,7 @@ fi
export CADDYPATH="$KOPANO_KWEB_ASSETS_PATH"
# services need to be aware of the machine-id
if [ "$AUTOCONFIG" = "yes" ]; then
if [ "$AUTOCONFIGURE" = true ]; then
dockerize \
-wait file:///etc/machine-id \
-wait file:///var/lib/dbus/machine-id

132
webapp/start.sh
View File

@ -9,75 +9,77 @@ ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
# shellcheck source=php/start-helper.sh
source /kopano/start-helper.sh
if [ "${AUTOCONFIGURE}" == true ]; then
# shellcheck source=php/start-helper.sh
source /kopano/start-helper.sh
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS"
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS"
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
fi
# copy latest config template
mkdir -p /tmp/webapp/
for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do
filename=$(basename -- "$i")
cp "$i" "/tmp/webapp/${filename%.*}"
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
# Ensure directories exist
mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
echo "Using PHP-Mapi: $phpversion"
webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp)
echo "Using Kopano WebApp: $webappversion"
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Kopano WebApp is using the default: connection"
else
echo "Kopano WebApp is using an ip connection"
php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
fi
# configuring webapp from env
for setting in $(compgen -A variable KCCONF_WEBAPP_); do
setting2=${setting#KCCONF_WEBAPP_}
php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}"
done
# configuring webapp plugins from env
for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do
setting2=${setting#KCCONF_WEBAPPPLUGIN_}
filename="${setting2%%_*}"
setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_}
identifier="${filename,,}"
php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}"
done
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
fi
# copy latest config template
mkdir -p /tmp/webapp/
for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do
filename=$(basename -- "$i")
cp "$i" "/tmp/webapp/${filename%.*}"
done
# Ensure directories exist
mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
echo "Using PHP-Mapi: $phpversion"
webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp)
echo "Using Kopano WebApp: $webappversion"
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Kopano WebApp is using the default: connection"
else
echo "Kopano WebApp is using an ip connection"
php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
fi
# configuring webapp from env
for setting in $(compgen -A variable KCCONF_WEBAPP_); do
setting2=${setting#KCCONF_WEBAPP_}
php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}"
done
# configuring webapp plugins from env
for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do
setting2=${setting#KCCONF_WEBAPPPLUGIN_}
filename="${setting2%%_*}"
setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_}
identifier="${filename,,}"
php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}"
done
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
set +u
# cleaning up env variables
unset "${!KCCONF_@}"

8
zpush/apache2-kopano.conf
View File

@ -1,8 +0,0 @@
<VirtualHost *:80>
DocumentRoot /var/www/
LogFormat "%{X-Forwarded-For}i %{%a %b %d %T %Y}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
ErrorLog "|/bin/cat"
CustomLog "|/bin/cat" proxy
</VirtualHost>

196
zpush/start.sh
View File

@ -39,106 +39,108 @@ php_cfg_gen() {
fi
}
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
if [ "${AUTOCONFIGURE}" == true ]; then
# Hint: this is not compatible with a read-only container.
# The general recommendation is to already build a container that has all required packages installed.
ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
# shellcheck disable=SC2016 disable=SC2086
if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
else
echo "INFO: $installpkg is already installed"
fi
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
fi
# copy latest config template
mkdir -p /tmp/z-push/
for i in /etc/z-push/*.dist; do
filename=$(basename -- "$i")
cp "$i" "/tmp/z-push/${filename%.*}"
done
else
echo "Notice: Container is run read-only, skipping package installation."
echo "If you want to have additional packages installed in the container either:"
echo "- build your own image with the packages already included"
echo "- switch the container to 'read_only: false'"
# Ensure directories
mkdir -p /run/sessions
phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
echo "Using PHP-Mapi: $phpversion"
zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano)
echo "Using Z-Push: $zpushversion"
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Z-Push is using the default: connection"
else
echo "Z-Push is using an ip connection"
php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
fi
echo "Configuring Z-Push for use behind a reverse proxy"
php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR
# configuring z-push from env
for setting in $(compgen -A variable KCCONF_ZPUSH_); do
setting2=${setting#KCCONF_ZPUSH_}
php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
done
# configuring autodiscover
for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do
setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_}
php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}"
done
# configuring z-push gabsync
php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM
for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do
setting2=${setting#KCCONF_ZPUSHGAVSYNC_}
php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
done
# configuring z-push sql state engine
for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do
setting2=${setting#KCCONF_ZPUSHSQL_}
php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}"
done
# configuring z-push memcached
for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do
setting2=${setting#KCCONF_ZPUSHMEMCACHED_}
php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}"
done
# configuring z-push gab2contacts
for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do
setting2=${setting#KCCONF_ZPUSHSQL_}
php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}"
done
# configuring z-push shared folders
perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php
echo -e " \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php
echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do
eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')"
echo -e " array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php
done
echo -e ' );' >> /tmp/z-push/z-push.conf.php
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
fi
# copy latest config template
mkdir -p /tmp/z-push/
for i in /etc/z-push/*.dist; do
filename=$(basename -- "$i")
cp "$i" "/tmp/z-push/${filename%.*}"
done
# Ensure directories
mkdir -p /run/sessions
phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
echo "Using PHP-Mapi: $phpversion"
zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano)
echo "Using Z-Push: $zpushversion"
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Z-Push is using the default: connection"
else
echo "Z-Push is using an ip connection"
php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
fi
echo "Configuring Z-Push for use behind a reverse proxy"
php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR
# configuring z-push from env
for setting in $(compgen -A variable KCCONF_ZPUSH_); do
setting2=${setting#KCCONF_ZPUSH_}
php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
done
# configuring autodiscover
for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do
setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_}
php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}"
done
# configuring z-push gabsync
php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM
for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do
setting2=${setting#KCCONF_ZPUSHGAVSYNC_}
php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
done
# configuring z-push sql state engine
for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do
setting2=${setting#KCCONF_ZPUSHSQL_}
php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}"
done
# configuring z-push memcached
for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do
setting2=${setting#KCCONF_ZPUSHMEMCACHED_}
php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}"
done
# configuring z-push gab2contacts
for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do
setting2=${setting#KCCONF_ZPUSHSQL_}
php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}"
done
# configuring z-push shared folders
perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php
echo -e " \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php
echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do
eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')"
echo -e " array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php
done
echo -e ' );' >> /tmp/z-push/z-push.conf.php
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions
# services need to be aware of the machine-id
#dockerize \
# -wait file:///etc/machine-id \
# -wait file:///var/lib/dbus/machine-id
echo "Activate z-push log rerouting"
mkdir -p /var/log/z-push/
touch /var/log/z-push/{z-push.log,z-push-error.log,autodiscover.log,autodiscover-error.log}