Autoconfig

- Domain settings
- Default domain
- Admin username (default password is still 12345)
- MySQL settings

README.md

@@ -7,16 +7,10 @@ Rainloop is a lightweight webmail.
  
 To configure it, go to http://DOMAIN.TLD/rainloop/?admin 
  
-- The default login is : admin 
+- The default login is : user chosen during install 
 - The default password is : 12345 
  
-To configure your instance, go to the admin panel, then "Domains" and add a domain in accord with your mail server setup. 
- 
-To access the database (required for contacts), the paramaters are the following : 
-- Database name : rainloop 
-- Password : the_database_password_indicated_at_installation 
- 
-Once this is done in the admin interface, each user can add a remote carddav server from their own parameters interface. 
+Each user can add a remote carddav server from their own parameters interface. 
 If you use baikal, the CardDav address is : 
 https://DOMAIN.TLD/baikal/card.php/addressbooks/USER/default/
  
@@ -30,16 +24,10 @@ Rainloop est un webmail simple et léger.
  
 Pour le configurer après l'installation, veuillez vous rendre sur http://DOMAIN.TLD/rainloop/?admin 
  
-- Le nom d'utilisateur admin par défaut est : admin 
+- Le nom d'utilisateur admin par défaut est : utilisateur choisi lors de l'installation
 - Le mot de passe admin par défaut est : 12345 
  
-Pour configurer votre instance, connectez-vous en admin, puis allez dans "Domains" et ajoutez votre domaine en accord avec la configuration de votre serveur email. 
- 
-Pour accéder à la base de donnée (necessaire pour gérer les contacts), les paramètres sont les suivants : 
-- Nom de la base de donnée : rainloop 
-- Mot de passe : Le_mot_de_passe_de_la_base_de_donnée_renseigné_lors_de_l'installation 
- 
-Une fois ceci fait depuis l'interface d'administration, chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur propre paramètres. 
+Chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur propre paramètres. 
 Si vous utilisez Baikal, l'adresse à renseigner est du type : 
 https://DOMAIN.TLD/baikal/card.php/addressbooks/UTILISATEUR/default/ 
 

conf/data/configs/application.ini

@@ -0,0 +1,329 @@
+; RainLoop Webmail configuration file
+; Please don't add custom parameters here, those will be overwritten
+
+[webmail]
+; Text displayed as page title
+title = "RainLoop Webmail"
+
+; Text displayed on startup
+loading_description = "RainLoop"
+favicon_url = ""
+
+; Theme used by default
+theme = "Default"
+
+; Allow theme selection on settings screen
+allow_themes = On
+allow_user_background = Off
+
+; Language used by default
+language = "en"
+
+; Admin Panel interface language
+language_admin = "en"
+
+; Allow language selection on settings screen
+allow_languages_on_settings = On
+allow_additional_accounts = On
+allow_additional_identities = On
+
+;  Number of messages displayed on page by default
+messages_per_page = 20
+
+; File size limit (MB) for file upload on compose screen
+; 0 for unlimited.
+attachment_size_limit = 25
+
+[interface]
+show_attachment_thumbnail = On
+
+[branding]
+login_logo = ""
+login_background = ""
+login_desc = ""
+login_css = ""
+login_powered = On
+user_css = ""
+user_logo = ""
+user_logo_title = ""
+user_logo_message = ""
+user_iframe_message = ""
+welcome_page_url = ""
+welcome_page_display = "none"
+
+[contacts]
+; Enable contacts
+enable = On
+allow_sharing = On
+allow_sync = On
+sync_interval = 20
+type = "mysql"
+pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=rainloop"
+pdo_user = "MYSQLUSER"
+pdo_password = "MYSQLPASSWORD"
+suggestions_limit = 30
+
+[security]
+; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery)
+csrf_protection = On
+custom_server_signature = "RainLoop"
+x_frame_options_header = ""
+openpgp = On
+use_rsa_encryption = Off
+
+; Login and password for web admin panel
+admin_login = "ADMINUSER"
+admin_password = "ADMINPASSWORD"
+
+; Access settings
+allow_admin_panel = On
+allow_two_factor_auth = Off
+force_two_factor_auth = Off
+allow_universal_login = Off
+admin_panel_host = ""
+core_install_access_domain = ""
+
+[ssl]
+; Require verification of SSL certificate used.
+verify_certificate = Off
+
+; Allow self-signed certificates. Requires verify_certificate.
+allow_self_signed = On
+
+; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt)
+cafile = ""
+
+; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/)
+capath = ""
+
+[capa]
+folders = On
+composer = On
+contacts = On
+settings = On
+quota = On
+help = On
+reload = On
+search = On
+search_adv = On
+filters = On
+x-templates = Off
+dangerous_actions = On
+message_actions = On
+messagelist_actions = On
+attachments_actions = On
+
+[login]
+default_domain = "domain.tld"
+
+; Allow language selection on webmail login screen
+allow_languages_on_login = On
+determine_user_language = On
+determine_user_domain = Off
+welcome_page = Off
+forgot_password_link_url = ""
+registration_link_url = ""
+
+; This option allows webmail to remember the logged in user
+; once they closed the browser window.
+; 
+; Values:
+;   "DefaultOff" - can be used, disabled by default;
+;   "DefaultOn"  - can be used, enabled by default;
+;   "Unused"     - cannot be used
+sign_me_auto = "DefaultOff"
+
+[plugins]
+; Enable plugin support
+enable = Off
+
+; List of enabled plugins
+enabled_list = ""
+
+[defaults]
+; Editor mode used by default (Plain, Html, HtmlForced or PlainForced)
+view_editor_type = "Html"
+
+; layout: 0 - no preview, 1 - side preview, 2 - bottom preview
+view_layout = 1
+view_use_checkboxes = On
+autologout = 30
+show_images = Off
+contacts_autosave = On
+mail_use_threads = Off
+mail_reply_same_folder = Off
+
+[logs]
+; Enable logging
+enable = Off
+
+; Logs entire request only if error occured (php requred)
+write_on_error_only = Off
+
+; Logs entire request only if php error occured
+write_on_php_error_only = Off
+
+; Logs entire request only if request timeout (in seconds) occured.
+write_on_timeout_only = 0
+
+; Required for development purposes only.
+; Disabling this option is not recommended.
+hide_passwords = On
+time_offset = 0
+session_filter = ""
+
+; Log filename.
+; For security reasons, some characters are removed from filename.
+; Allows for pattern-based folder creation (see examples below).
+; 
+; Patterns:
+;   {date:Y-m-d}  - Replaced by pattern-based date
+;                   Detailed info: http://www.php.net/manual/en/function.date.php
+;   {user:email}  - Replaced by user's email address
+;                   If user is not logged in, value is set to "unknown"
+;   {user:login}  - Replaced by user's login (the user part of an email)
+;                   If user is not logged in, value is set to "unknown"
+;   {user:domain} - Replaced by user's domain name (the domain part of an email)
+;                   If user is not logged in, value is set to "unknown"
+;   {user:uid}    - Replaced by user's UID regardless of account currently used
+; 
+;   {user:ip}
+;   {request:ip}  - Replaced by user's IP address
+; 
+; Others:
+;   {imap:login} {imap:host} {imap:port}
+;   {smtp:login} {smtp:host} {smtp:port}
+; 
+; Examples:
+;   filename = "log-{date:Y-m-d}.txt"
+;   filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log"
+;   filename = "{user:email}-{date:Y-m-d}.txt"
+filename = "log-{date:Y-m-d}.txt"
+
+; Enable auth logging in a separate file (for fail2ban)
+auth_logging = Off
+auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt"
+auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
+
+[debug]
+; Special option required for development purposes
+enable = Off
+
+[social]
+; Google
+google_enable = Off
+google_enable_auth = Off
+google_enable_auth_fast = Off
+google_enable_drive = Off
+google_enable_preview = Off
+google_client_id = ""
+google_client_secret = ""
+google_api_key = ""
+
+; Facebook
+fb_enable = Off
+fb_app_id = ""
+fb_app_secret = ""
+
+; Twitter
+twitter_enable = Off
+twitter_consumer_key = ""
+twitter_consumer_secret = ""
+
+; Dropbox
+dropbox_enable = Off
+dropbox_api_key = ""
+
+[cache]
+; The section controls caching of the entire application.
+; 
+; Enables caching in the system
+enable = On
+
+; Additional caching key. If changed, cache is purged
+index = "v1"
+
+; Can be: files, APC, memcache
+fast_cache_driver = "files"
+
+; Additional caching key. If changed, fast cache is purged
+fast_cache_index = "v1"
+
+; Browser-level cache. If enabled, caching is maintainted without using files
+http = On
+
+; Caching message UIDs when searching and sorting (threading)
+server_uids = On
+
+[labs]
+; Experimental settings. Handle with care.
+; 
+ignore_folders_subscription = Off
+check_new_password_strength = On
+update_channel = "stable"
+allow_gravatar = On
+allow_prefetch = On
+allow_smart_html_links = On
+cache_system_data = On
+date_from_headers = Off
+autocreate_system_folders = On
+allow_message_append = Off
+disable_iconv_if_mbstring_supported = Off
+login_fault_delay = 1
+log_ajax_response_write_limit = 300
+allow_html_editor_source_button = Off
+allow_html_editor_biti_buttons = Off
+allow_ctrl_enter_on_compose = Off
+try_to_detect_hidden_images = Off
+hide_dangerous_actions = Off
+use_app_debug_js = Off
+use_app_debug_css = Off
+use_imap_sort = On
+use_imap_force_selection = Off
+use_imap_list_subscribe = On
+use_imap_thread = On
+use_imap_move = On
+use_imap_auth_plain = Off
+use_imap_expunge_all_on_delete = Off
+imap_forwarded_flag = "$Forwarded"
+imap_read_receipt_flag = "$ReadReceipt"
+imap_body_text_limit = 555000
+imap_message_list_fast_simple_search = On
+imap_message_list_count_limit_trigger = 0
+imap_message_list_date_filter = 0
+imap_message_list_permanent_filter = ""
+imap_message_all_headers = Off
+imap_large_thread_limit = 50
+imap_folder_list_limit = 200
+imap_show_login_alert = On
+smtp_show_server_errors = Off
+sieve_allow_raw_script = Off
+sieve_utf8_folder_name = On
+mail_func_clear_headers = On
+mail_func_additional_parameters = Off
+favicon_status = On
+folders_spec_limit = 50
+owncloud_save_folder = "Attachments"
+curl_proxy = ""
+curl_proxy_auth = ""
+in_iframe = Off
+force_https = Off
+custom_login_link = ""
+custom_logout_link = ""
+allow_external_login = Off
+allow_external_sso = Off
+external_sso_key = ""
+http_client_ip_check_proxy = Off
+fast_cache_memcache_host = "127.0.0.1"
+fast_cache_memcache_port = 11211
+fast_cache_memcache_expire = 43200
+use_local_proxy_for_external_images = Off
+cookie_default_path = ""
+startup_url = ""
+emogrifier = On
+dev_email = ""
+dev_password = ""
+
+[version]
+current = "1.9.3.363"
+saved = "Wed, 07 Oct 2015 09:22:24 +0000"

conf/data/domains/disabled

@@ -0,0 +1 @@
+gmail.com,outlook.com,qq.com,yahoo.com

conf/data/domains/domain.tld.ini

@@ -0,0 +1,16 @@
+imap_host = "domain.tld"
+imap_port = 993
+imap_secure = "SSL"
+imap_short_login = On
+sieve_use = Off
+sieve_allow_raw = Off
+sieve_host = ""
+sieve_port = 4190
+sieve_secure = "None"
+smtp_host = "domain.tld"
+smtp_port = 465
+smtp_secure = "SSL"
+smtp_short_login = On
+smtp_auth = On
+smtp_php_mail = Off
+white_list = ""

manifest.json

@@ -32,7 +32,7 @@
                 "example": "/rainloop",
                 "default": "/rainloop"
             },
-	    {
+			{
                "name": "is_public",
                 "ask": {
                     "en": "Is it a public application ?",
@@ -40,16 +40,16 @@
                 },
                 "choices": ["Yes", "No"],
                 "default": "No"
-	    },
-            {
-                "name": "dp_pwd",
-                "type": "password",
+			},
+			{
+                "name": "admin",
+                "type": "user",
                 "ask": {
-                    "en": "Choose a password for Rainloop MySQL database. Please note that the table and the user will be rainloop (case sensitive - used for carddav)",
-                    "fr": "Choisissez un mot de passe pour la base MySQL de Rainloop. Veuillez noter que la table et l'utilisateur créés seront rainloop (sensible à la casse - utilisé pour carddav)"
+                    "en": "Choose the Rainloop administrator (must be an existing YunoHost user)",
+                    "fr": "Choisissez l'administrateur Rainloop (doit être un utilisateur YunoHost déjà existant)"
                 },
-                "example": "my_strong_password"
-	    }
+                "example": "homer"
+			}
         ]
     }
 }

scripts/install

@@ -6,6 +6,12 @@ app=rainloop
 domain=$1
 path=$2
 is_public=$3
+user=$4
+
+# Check user parameter
+sudo yunohost user list --json | grep -qi "\"username\": \"$user\"" \
+	|| (echo "User does not exist: $user" && exit 1)
+sudo yunohost app setting $app admin_user -v $user
 
 # Removal of trailing /
 if [ $path = "/" ]
@@ -29,8 +35,7 @@ if [[ ! $? -eq 0 ]]; then
 fi
 
 # Generate random password
-#db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
-db_pwd=$4
+db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
 
 # Use 'rainloop' as database name and user
 db_user=$app
@@ -50,6 +55,21 @@ sudo wget http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zi
 sudo unzip $final_path/rainloop.zip -d $final_path/
 sudo rm $final_path/rainloop.zip
 
+# Autoconfig
+sudo mkdir -p $final_path/data/_data_/_default_/configs/
+sed -i "s@domain.tld@$domain@g" ../conf/data/configs/application.ini
+sed -i "s@ADMINUSER@$user@g" ../conf/data/configs/application.ini
+sed -i "s@ADMINPASSWORD@12345@g" ../conf/data/configs/application.ini
+sed -i "s@MYSQLUSER@db_user@g" ../conf/data/configs/application.ini
+sed -i "s@MYSQLPASSWORD@$db_pwd@g" ../conf/data/configs/application.ini
+sudo cp ../conf/data/configs/application.ini $final_path/data/_data_/_default_/configs/application.ini
+
+# Add default domain config
+sudo mkdir -p $final_path/data/_data_/_default_/domains/
+sed -i "s@domain.tld@$domain@g" ../conf/data/domains/domain.tld.ini
+sudo cp ../conf/data/domains/domain.tld.ini $final_path/data/_data_/_default_/domains/$domain.ini
+sudo cp ../conf/data/domains/disabled $final_path/data/_data_/_default_/domains/disabled
+
 # Set permissions to rainloop directory
 # sudo mkdir -p $final_path/logs
 sudo chown -R www-data:www-data $final_path