freedombone-app-mailpile 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # mailpile app
  12. #
  13. # License
  14. # =======
  15. #
  16. # Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
  17. #
  18. # This program is free software: you can redistribute it and/or modify
  19. # it under the terms of the GNU Affero General Public License as published by
  20. # the Free Software Foundation, either version 3 of the License, or
  21. # (at your option) any later version.
  22. #
  23. # This program is distributed in the hope that it will be useful,
  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. # GNU Affero General Public License for more details.
  27. #
  28. # You should have received a copy of the GNU Affero General Public License
  29. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  30. VARIANTS="full full-vim writer"
  31. IN_DEFAULT_INSTALL=0
  32. SHOW_ON_ABOUT=1
  33. MAILPILE_DOMAIN_NAME=
  34. MAILPILE_CODE=
  35. MAILPILE_ONION_PORT=8103
  36. MAILPILE_REPO="https://github.com/mailpile/Mailpile"
  37. MAILPILE_COMMIT='352ca27a29f7d9525298264c04bc5c7d55887276'
  38. MAILPILE_PORT=33411
  39. mailpile_variables=(MAILPILE_REPO
  40. MAILPILE_COMMIT
  41. MAILPILE_DOMAIN_NAME
  42. MAILPILE_CODE
  43. ONION_ONLY
  44. DDNS_PROVIDER
  45. MY_USERNAME)
  46. function remove_user_mailpile {
  47. remove_username="$1"
  48. }
  49. function add_user_mailpile {
  50. echo '0'
  51. }
  52. function install_interactive_mailpile {
  53. if [ ! $ONION_ONLY ]; then
  54. ONION_ONLY='no'
  55. fi
  56. if [[ $ONION_ONLY != "no" ]]; then
  57. MAILPILE_DOMAIN_NAME='mailpile.local'
  58. write_config_param "MAILPILE_DOMAIN_NAME" "$MAILPILE_DOMAIN_NAME"
  59. else
  60. function_check interactive_site_details
  61. interactive_site_details "mailpile" "MAILPILE_DOMAIN_NAME" "MAILPILE_CODE"
  62. fi
  63. APP_INSTALLED=1
  64. }
  65. function change_password_mailpile {
  66. echo -n ''
  67. }
  68. function reconfigure_mailpile {
  69. echo -n ''
  70. }
  71. function upgrade_mailpile {
  72. read_config_param "MAILPILE_DOMAIN_NAME"
  73. function_check set_repo_commit
  74. set_repo_commit /var/www/$MAILPILE_DOMAIN_NAME/mail "mailpile commit" "$MAILPILE_COMMIT" $MAILPILE_REPO
  75. }
  76. function backup_local_mailpile {
  77. echo -n ''
  78. }
  79. function restore_local_mailpile {
  80. echo -n ''
  81. }
  82. function backup_remote_mailpile {
  83. echo -n ''
  84. }
  85. function restore_remote_mailpile {
  86. echo -n ''
  87. }
  88. function remove_mailpile {
  89. if [ ${#MAILPILE_DOMAIN_NAME} -eq 0 ]; then
  90. return
  91. fi
  92. systemctl stop mailpile
  93. systemctl disable mailpile
  94. rm /etc/systemd/system/mailpile.service
  95. read_config_param "MAILPILE_DOMAIN_NAME"
  96. nginx_dissite $MAILPILE_DOMAIN_NAME
  97. remove_certs ${MAILPILE_DOMAIN_NAME}
  98. if [ -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME ]; then
  99. rm -f /etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
  100. fi
  101. if [ -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
  102. rm -rf /var/www/$MAILPILE_DOMAIN_NAME
  103. fi
  104. function_check remove_ddns_domain
  105. remove_ddns_domain $MAILPILE_DOMAIN_NAME
  106. deluser --remove-all-files mailpile
  107. remove_config_param MAILPILE_DOMAIN_NAME
  108. remove_config_param MAILPILE_CODE
  109. function_check remove_onion_service
  110. remove_onion_service mailpile ${MAILPILE_ONION_PORT}
  111. remove_completion_param "install_mailpile"
  112. enable_email_encryption_at_rest
  113. sed -i '/Mailpile/d' $COMPLETION_FILE
  114. sed -i '/mailpile/d' $COMPLETION_FILE
  115. sed -i '/mailpile/d' /home/$MY_USERNAME/README
  116. sed -i '/Mailpile/d' /home/$MY_USERNAME/README
  117. }
  118. function install_mailpile {
  119. if [ ! $ONION_ONLY ]; then
  120. ONION_ONLY='no'
  121. fi
  122. if [ ! $MAILPILE_DOMAIN_NAME ]; then
  123. echo $'The mailpile domain name was not specified'
  124. exit 63824
  125. fi
  126. apt-get -yq install python-pip python-lxml python-dev libjpeg-dev
  127. if [ ! -d /var/www/$MAILPILE_DOMAIN_NAME ]; then
  128. mkdir /var/www/$MAILPILE_DOMAIN_NAME
  129. fi
  130. cd /var/www/$MAILPILE_DOMAIN_NAME
  131. if [ -d /var/www/$MAILPILE_DOMAIN_NAME/mail ]; then
  132. rm -rf /var/www/$MAILPILE_DOMAIN_NAME/mail
  133. fi
  134. git_clone $MAILPILE_REPO mail
  135. cd mail
  136. git checkout $MAILPILE_COMMIT -b $MAILPILE_COMMIT
  137. set_completion_param "mailpile commit" "$MAILPILE_COMMIT"
  138. if [ ! -f requirements-dev.txt ]; then
  139. echo $'No python requirements file found'
  140. exit 62382
  141. fi
  142. pip install -r requirements.txt
  143. adduser --system --home=/var/www/$MAILPILE_DOMAIN_NAME/mail/ --group mailpile
  144. chown -R mailpile: /var/www/$MAILPILE_DOMAIN_NAME/mail/
  145. # create folders and tags
  146. su -c "cd /var/www/$MAILPILE_DOMAIN_NAME/mail && ./mp --setup" - mailpile
  147. echo '[Unit]' > /etc/systemd/system/mailpile.service
  148. echo 'Description=Mailpile Email Client' >> /etc/systemd/system/mailpile.service
  149. echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/mailpile.service
  150. echo '' >> /etc/systemd/system/mailpile.service
  151. echo '[Service]' >> /etc/systemd/system/mailpile.service
  152. echo 'User=mailpile' >> /etc/systemd/system/mailpile.service
  153. echo 'Group=mailpile' >> /etc/systemd/system/mailpile.service
  154. echo "WorkingDirectory=/var/www/$MAILPILE_DOMAIN_NAME/mail" >> /etc/systemd/system/mailpile.service
  155. echo "ExecStart=/var/www/$MAILPILE_DOMAIN_NAME/mail/mp --www=0.0.0.0:${MAILPILE_PORT} --wait" >> /etc/systemd/system/mailpile.service
  156. echo 'Restart=always' >> /etc/systemd/system/mailpile.service
  157. echo 'RestartSec=10' >> /etc/systemd/system/mailpile.service
  158. echo '' >> /etc/systemd/system/mailpile.service
  159. echo '[Install]' >> /etc/systemd/system/mailpile.service
  160. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/mailpile.service
  161. chmod +x /etc/systemd/system/mailpile.service
  162. mailpile_nginx_site=/etc/nginx/sites-available/$MAILPILE_DOMAIN_NAME
  163. if [[ $ONION_ONLY == "no" ]]; then
  164. function_check nginx_http_redirect
  165. nginx_http_redirect $MAILPILE_DOMAIN_NAME
  166. echo 'server {' >> $mailpile_nginx_site
  167. echo ' listen 443 ssl;' >> $mailpile_nginx_site
  168. echo " server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
  169. echo '' >> $mailpile_nginx_site
  170. echo ' # Security' >> $mailpile_nginx_site
  171. function_check nginx_ssl
  172. nginx_ssl $MAILPILE_DOMAIN_NAME
  173. function_check nginx_disable_sniffing
  174. nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
  175. echo ' add_header Strict-Transport-Security max-age=15768000;' >> $mailpile_nginx_site
  176. echo '' >> $mailpile_nginx_site
  177. echo ' # Logs' >> $mailpile_nginx_site
  178. echo ' access_log off;' >> $mailpile_nginx_site
  179. echo ' error_log off;' >> $mailpile_nginx_site
  180. echo '' >> $mailpile_nginx_site
  181. echo ' # Root' >> $mailpile_nginx_site
  182. echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
  183. echo '' >> $mailpile_nginx_site
  184. echo ' location / {' >> $mailpile_nginx_site
  185. function_check nginx_limits
  186. nginx_limits $MAILPILE_DOMAIN_NAME '15m'
  187. echo " proxy_pass http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
  188. echo ' proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
  189. echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
  190. echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
  191. echo ' }' >> $mailpile_nginx_site
  192. echo '}' >> $mailpile_nginx_site
  193. else
  194. echo -n '' > $mailpile_nginx_site
  195. fi
  196. echo 'server {' >> $mailpile_nginx_site
  197. echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;" >> $mailpile_nginx_site
  198. echo " server_name $MAILPILE_DOMAIN_NAME;" >> $mailpile_nginx_site
  199. echo '' >> $mailpile_nginx_site
  200. function_check nginx_disable_sniffing
  201. nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
  202. echo '' >> $mailpile_nginx_site
  203. echo ' # Logs' >> $mailpile_nginx_site
  204. echo ' access_log off;' >> $mailpile_nginx_site
  205. echo ' error_log off;' >> $mailpile_nginx_site
  206. echo '' >> $mailpile_nginx_site
  207. echo ' # Root' >> $mailpile_nginx_site
  208. echo " root /var/www/$MAILPILE_DOMAIN_NAME/mail;" >> $mailpile_nginx_site
  209. echo '' >> $mailpile_nginx_site
  210. echo ' location / {' >> $mailpile_nginx_site
  211. function_check nginx_limits
  212. nginx_limits $MAILPILE_DOMAIN_NAME '15m'
  213. echo " proxy_pass http://localhost:${MAILPILE_PORT}/;" >> $mailpile_nginx_site
  214. echo ' proxy_set_header X-Forwarded-Host $host;' >> $mailpile_nginx_site
  215. echo ' proxy_set_header X-Forwarded-Server $host;' >> $mailpile_nginx_site
  216. echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $mailpile_nginx_site
  217. echo ' }' >> $mailpile_nginx_site
  218. echo '}' >> $mailpile_nginx_site
  219. function_check create_site_certificate
  220. if [ ! -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
  221. create_site_certificate $MAILPILE_DOMAIN_NAME 'yes'
  222. fi
  223. if [ -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.crt ]; then
  224. mv /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.crt /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem
  225. fi
  226. if [ -f /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem ]; then
  227. chown mailpile: /etc/ssl/certs/${MAILPILE_DOMAIN_NAME}.pem
  228. fi
  229. if [ -f /etc/ssl/private/${MAILPILE_DOMAIN_NAME}.key ]; then
  230. chown mailpile: /etc/ssl/private/${MAILPILE_DOMAIN_NAME}.key
  231. fi
  232. function_check nginx_ensite
  233. nginx_ensite $MAILPILE_DOMAIN_NAME
  234. MAILPILE_ONION_HOSTNAME=$(add_onion_service mailpile 80 ${MAILPILE_ONION_PORT})
  235. if ! grep -q "Mailpile onion domain" /home/$MY_USERNAME/README; then
  236. echo $"Mailpile onion domain: ${MAILPILE_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  237. echo '' >> /home/$MY_USERNAME/README
  238. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  239. chmod 600 /home/$MY_USERNAME/README
  240. else
  241. if [ -f /home/$MY_USERNAME/README ]; then
  242. sed -i "s|Mailpile onion domain.*|Mailpile onion domain: ${MAILPILE_ONION_HOSTNAME}|g" /home/$MY_USERNAME/README
  243. fi
  244. fi
  245. function_check add_ddns_domain
  246. add_ddns_domain $MAILPILE_DOMAIN_NAME
  247. disable_email_encryption_at_rest
  248. systemctl enable mailpile
  249. systemctl daemon-reload
  250. systemctl start mailpile
  251. systemctl restart nginx
  252. set_completion_param "mailpile domain" "$MAILPILE_DOMAIN_NAME"
  253. APP_INSTALLED=1
  254. }
  255. # NOTE: deliberately no exit 0