From 64fb4bb9fdea5c654f7dd8f70a522f8f16621efa Mon Sep 17 00:00:00 2001 From: scith Date: Wed, 7 Oct 2015 17:43:41 +0200 Subject: [PATCH] Autoconfig - Domain settings - Default domain - Admin username (default password is still 12345) - MySQL settings --- README.md | 20 +- conf/data/configs/application.ini | 329 ++++++++++++++++++++++++++++++ conf/data/domains/disabled | 1 + conf/data/domains/domain.tld.ini | 16 ++ manifest.json | 18 +- scripts/install | 24 ++- 6 files changed, 381 insertions(+), 27 deletions(-) create mode 100644 conf/data/configs/application.ini create mode 100644 conf/data/domains/disabled create mode 100644 conf/data/domains/domain.tld.ini diff --git a/README.md b/README.md index 2e277b7..70576fc 100644 --- a/README.md +++ b/README.md @@ -7,16 +7,10 @@ Rainloop is a lightweight webmail. To configure it, go to http://DOMAIN.TLD/rainloop/?admin -- The default login is : admin +- The default login is : user chosen during install - The default password is : 12345 -To configure your instance, go to the admin panel, then "Domains" and add a domain in accord with your mail server setup. - -To access the database (required for contacts), the paramaters are the following : -- Database name : rainloop -- Password : the_database_password_indicated_at_installation - -Once this is done in the admin interface, each user can add a remote carddav server from their own parameters interface. +Each user can add a remote carddav server from their own parameters interface. If you use baikal, the CardDav address is : https://DOMAIN.TLD/baikal/card.php/addressbooks/USER/default/ @@ -30,16 +24,10 @@ Rainloop est un webmail simple et léger. Pour le configurer après l'installation, veuillez vous rendre sur http://DOMAIN.TLD/rainloop/?admin -- Le nom d'utilisateur admin par défaut est : admin +- Le nom d'utilisateur admin par défaut est : utilisateur choisi lors de l'installation - Le mot de passe admin par défaut est : 12345 -Pour configurer votre instance, connectez-vous en admin, puis allez dans "Domains" et ajoutez votre domaine en accord avec la configuration de votre serveur email. - -Pour accéder à la base de donnée (necessaire pour gérer les contacts), les paramètres sont les suivants : -- Nom de la base de donnée : rainloop -- Mot de passe : Le_mot_de_passe_de_la_base_de_donnée_renseigné_lors_de_l'installation - -Une fois ceci fait depuis l'interface d'administration, chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur propre paramètres. +Chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur propre paramètres. Si vous utilisez Baikal, l'adresse à renseigner est du type : https://DOMAIN.TLD/baikal/card.php/addressbooks/UTILISATEUR/default/ diff --git a/conf/data/configs/application.ini b/conf/data/configs/application.ini new file mode 100644 index 0000000..3c9fb54 --- /dev/null +++ b/conf/data/configs/application.ini @@ -0,0 +1,329 @@ +; RainLoop Webmail configuration file +; Please don't add custom parameters here, those will be overwritten + +[webmail] +; Text displayed as page title +title = "RainLoop Webmail" + +; Text displayed on startup +loading_description = "RainLoop" +favicon_url = "" + +; Theme used by default +theme = "Default" + +; Allow theme selection on settings screen +allow_themes = On +allow_user_background = Off + +; Language used by default +language = "en" + +; Admin Panel interface language +language_admin = "en" + +; Allow language selection on settings screen +allow_languages_on_settings = On +allow_additional_accounts = On +allow_additional_identities = On + +; Number of messages displayed on page by default +messages_per_page = 20 + +; File size limit (MB) for file upload on compose screen +; 0 for unlimited. +attachment_size_limit = 25 + +[interface] +show_attachment_thumbnail = On + +[branding] +login_logo = "" +login_background = "" +login_desc = "" +login_css = "" +login_powered = On +user_css = "" +user_logo = "" +user_logo_title = "" +user_logo_message = "" +user_iframe_message = "" +welcome_page_url = "" +welcome_page_display = "none" + +[contacts] +; Enable contacts +enable = On +allow_sharing = On +allow_sync = On +sync_interval = 20 +type = "mysql" +pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=rainloop" +pdo_user = "MYSQLUSER" +pdo_password = "MYSQLPASSWORD" +suggestions_limit = 30 + +[security] +; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery) +csrf_protection = On +custom_server_signature = "RainLoop" +x_frame_options_header = "" +openpgp = On +use_rsa_encryption = Off + +; Login and password for web admin panel +admin_login = "ADMINUSER" +admin_password = "ADMINPASSWORD" + +; Access settings +allow_admin_panel = On +allow_two_factor_auth = Off +force_two_factor_auth = Off +allow_universal_login = Off +admin_panel_host = "" +core_install_access_domain = "" + +[ssl] +; Require verification of SSL certificate used. +verify_certificate = Off + +; Allow self-signed certificates. Requires verify_certificate. +allow_self_signed = On + +; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt) +cafile = "" + +; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/) +capath = "" + +[capa] +folders = On +composer = On +contacts = On +settings = On +quota = On +help = On +reload = On +search = On +search_adv = On +filters = On +x-templates = Off +dangerous_actions = On +message_actions = On +messagelist_actions = On +attachments_actions = On + +[login] +default_domain = "domain.tld" + +; Allow language selection on webmail login screen +allow_languages_on_login = On +determine_user_language = On +determine_user_domain = Off +welcome_page = Off +forgot_password_link_url = "" +registration_link_url = "" + +; This option allows webmail to remember the logged in user +; once they closed the browser window. +; +; Values: +; "DefaultOff" - can be used, disabled by default; +; "DefaultOn" - can be used, enabled by default; +; "Unused" - cannot be used +sign_me_auto = "DefaultOff" + +[plugins] +; Enable plugin support +enable = Off + +; List of enabled plugins +enabled_list = "" + +[defaults] +; Editor mode used by default (Plain, Html, HtmlForced or PlainForced) +view_editor_type = "Html" + +; layout: 0 - no preview, 1 - side preview, 2 - bottom preview +view_layout = 1 +view_use_checkboxes = On +autologout = 30 +show_images = Off +contacts_autosave = On +mail_use_threads = Off +mail_reply_same_folder = Off + +[logs] +; Enable logging +enable = Off + +; Logs entire request only if error occured (php requred) +write_on_error_only = Off + +; Logs entire request only if php error occured +write_on_php_error_only = Off + +; Logs entire request only if request timeout (in seconds) occured. +write_on_timeout_only = 0 + +; Required for development purposes only. +; Disabling this option is not recommended. +hide_passwords = On +time_offset = 0 +session_filter = "" + +; Log filename. +; For security reasons, some characters are removed from filename. +; Allows for pattern-based folder creation (see examples below). +; +; Patterns: +; {date:Y-m-d} - Replaced by pattern-based date +; Detailed info: http://www.php.net/manual/en/function.date.php +; {user:email} - Replaced by user's email address +; If user is not logged in, value is set to "unknown" +; {user:login} - Replaced by user's login (the user part of an email) +; If user is not logged in, value is set to "unknown" +; {user:domain} - Replaced by user's domain name (the domain part of an email) +; If user is not logged in, value is set to "unknown" +; {user:uid} - Replaced by user's UID regardless of account currently used +; +; {user:ip} +; {request:ip} - Replaced by user's IP address +; +; Others: +; {imap:login} {imap:host} {imap:port} +; {smtp:login} {smtp:host} {smtp:port} +; +; Examples: +; filename = "log-{date:Y-m-d}.txt" +; filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log" +; filename = "{user:email}-{date:Y-m-d}.txt" +filename = "log-{date:Y-m-d}.txt" + +; Enable auth logging in a separate file (for fail2ban) +auth_logging = Off +auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" +auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" + +[debug] +; Special option required for development purposes +enable = Off + +[social] +; Google +google_enable = Off +google_enable_auth = Off +google_enable_auth_fast = Off +google_enable_drive = Off +google_enable_preview = Off +google_client_id = "" +google_client_secret = "" +google_api_key = "" + +; Facebook +fb_enable = Off +fb_app_id = "" +fb_app_secret = "" + +; Twitter +twitter_enable = Off +twitter_consumer_key = "" +twitter_consumer_secret = "" + +; Dropbox +dropbox_enable = Off +dropbox_api_key = "" + +[cache] +; The section controls caching of the entire application. +; +; Enables caching in the system +enable = On + +; Additional caching key. If changed, cache is purged +index = "v1" + +; Can be: files, APC, memcache +fast_cache_driver = "files" + +; Additional caching key. If changed, fast cache is purged +fast_cache_index = "v1" + +; Browser-level cache. If enabled, caching is maintainted without using files +http = On + +; Caching message UIDs when searching and sorting (threading) +server_uids = On + +[labs] +; Experimental settings. Handle with care. +; +ignore_folders_subscription = Off +check_new_password_strength = On +update_channel = "stable" +allow_gravatar = On +allow_prefetch = On +allow_smart_html_links = On +cache_system_data = On +date_from_headers = Off +autocreate_system_folders = On +allow_message_append = Off +disable_iconv_if_mbstring_supported = Off +login_fault_delay = 1 +log_ajax_response_write_limit = 300 +allow_html_editor_source_button = Off +allow_html_editor_biti_buttons = Off +allow_ctrl_enter_on_compose = Off +try_to_detect_hidden_images = Off +hide_dangerous_actions = Off +use_app_debug_js = Off +use_app_debug_css = Off +use_imap_sort = On +use_imap_force_selection = Off +use_imap_list_subscribe = On +use_imap_thread = On +use_imap_move = On +use_imap_auth_plain = Off +use_imap_expunge_all_on_delete = Off +imap_forwarded_flag = "$Forwarded" +imap_read_receipt_flag = "$ReadReceipt" +imap_body_text_limit = 555000 +imap_message_list_fast_simple_search = On +imap_message_list_count_limit_trigger = 0 +imap_message_list_date_filter = 0 +imap_message_list_permanent_filter = "" +imap_message_all_headers = Off +imap_large_thread_limit = 50 +imap_folder_list_limit = 200 +imap_show_login_alert = On +smtp_show_server_errors = Off +sieve_allow_raw_script = Off +sieve_utf8_folder_name = On +mail_func_clear_headers = On +mail_func_additional_parameters = Off +favicon_status = On +folders_spec_limit = 50 +owncloud_save_folder = "Attachments" +curl_proxy = "" +curl_proxy_auth = "" +in_iframe = Off +force_https = Off +custom_login_link = "" +custom_logout_link = "" +allow_external_login = Off +allow_external_sso = Off +external_sso_key = "" +http_client_ip_check_proxy = Off +fast_cache_memcache_host = "127.0.0.1" +fast_cache_memcache_port = 11211 +fast_cache_memcache_expire = 43200 +use_local_proxy_for_external_images = Off +cookie_default_path = "" +startup_url = "" +emogrifier = On +dev_email = "" +dev_password = "" + +[version] +current = "1.9.3.363" +saved = "Wed, 07 Oct 2015 09:22:24 +0000" diff --git a/conf/data/domains/disabled b/conf/data/domains/disabled new file mode 100644 index 0000000..e8cf773 --- /dev/null +++ b/conf/data/domains/disabled @@ -0,0 +1 @@ +gmail.com,outlook.com,qq.com,yahoo.com diff --git a/conf/data/domains/domain.tld.ini b/conf/data/domains/domain.tld.ini new file mode 100644 index 0000000..df07f61 --- /dev/null +++ b/conf/data/domains/domain.tld.ini @@ -0,0 +1,16 @@ +imap_host = "domain.tld" +imap_port = 993 +imap_secure = "SSL" +imap_short_login = On +sieve_use = Off +sieve_allow_raw = Off +sieve_host = "" +sieve_port = 4190 +sieve_secure = "None" +smtp_host = "domain.tld" +smtp_port = 465 +smtp_secure = "SSL" +smtp_short_login = On +smtp_auth = On +smtp_php_mail = Off +white_list = "" diff --git a/manifest.json b/manifest.json index dab095c..f243e5e 100644 --- a/manifest.json +++ b/manifest.json @@ -32,7 +32,7 @@ "example": "/rainloop", "default": "/rainloop" }, - { + { "name": "is_public", "ask": { "en": "Is it a public application ?", @@ -40,16 +40,16 @@ }, "choices": ["Yes", "No"], "default": "No" - }, - { - "name": "dp_pwd", - "type": "password", + }, + { + "name": "admin", + "type": "user", "ask": { - "en": "Choose a password for Rainloop MySQL database. Please note that the table and the user will be rainloop (case sensitive - used for carddav)", - "fr": "Choisissez un mot de passe pour la base MySQL de Rainloop. Veuillez noter que la table et l'utilisateur créés seront rainloop (sensible à la casse - utilisé pour carddav)" + "en": "Choose the Rainloop administrator (must be an existing YunoHost user)", + "fr": "Choisissez l'administrateur Rainloop (doit être un utilisateur YunoHost déjà existant)" }, - "example": "my_strong_password" - } + "example": "homer" + } ] } } diff --git a/scripts/install b/scripts/install index 6359874..81d3622 100644 --- a/scripts/install +++ b/scripts/install @@ -6,6 +6,12 @@ app=rainloop domain=$1 path=$2 is_public=$3 +user=$4 + +# Check user parameter +sudo yunohost user list --json | grep -qi "\"username\": \"$user\"" \ + || (echo "User does not exist: $user" && exit 1) +sudo yunohost app setting $app admin_user -v $user # Removal of trailing / if [ $path = "/" ] @@ -29,8 +35,7 @@ if [[ ! $? -eq 0 ]]; then fi # Generate random password -#db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p') -db_pwd=$4 +db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p') # Use 'rainloop' as database name and user db_user=$app @@ -50,6 +55,21 @@ sudo wget http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zi sudo unzip $final_path/rainloop.zip -d $final_path/ sudo rm $final_path/rainloop.zip +# Autoconfig +sudo mkdir -p $final_path/data/_data_/_default_/configs/ +sed -i "s@domain.tld@$domain@g" ../conf/data/configs/application.ini +sed -i "s@ADMINUSER@$user@g" ../conf/data/configs/application.ini +sed -i "s@ADMINPASSWORD@12345@g" ../conf/data/configs/application.ini +sed -i "s@MYSQLUSER@db_user@g" ../conf/data/configs/application.ini +sed -i "s@MYSQLPASSWORD@$db_pwd@g" ../conf/data/configs/application.ini +sudo cp ../conf/data/configs/application.ini $final_path/data/_data_/_default_/configs/application.ini + +# Add default domain config +sudo mkdir -p $final_path/data/_data_/_default_/domains/ +sed -i "s@domain.tld@$domain@g" ../conf/data/domains/domain.tld.ini +sudo cp ../conf/data/domains/domain.tld.ini $final_path/data/_data_/_default_/domains/$domain.ini +sudo cp ../conf/data/domains/disabled $final_path/data/_data_/_default_/domains/disabled + # Set permissions to rainloop directory # sudo mkdir -p $final_path/logs sudo chown -R www-data:www-data $final_path