sympa import certbot

sympa/doc/migration.md

@@ -16,8 +16,10 @@ Future:     debian13, sympa 6.2.76
 ## export/import
 
 * # on old machine
-* wget https://git.artcode.re/cemea/monit-sympa/raw/branch/main/sympa/resources/tools/sympa_export.bash
-* chmod +x sympa_export.bash
+  * # run `sympa_purge.bash` first!!!!!!!!
+* wget https://git.artcode.re/cemea/monit-sympa/raw/branch/main/sympa/resources/tools/sympa_{export,purge}.bash
+* chmod +x sympa_{export,purge}.bash
+* ./sympa_purge.bash
 * ./sympa_export.bash
 
 ## export (deprecated)

sympa/miaou/miaou-install-sympa

@@ -8,7 +8,7 @@ CONTAINER=''
 # FUNCTIONS
 
 function usage {
-	echo "$(basename "$0") <CONTAINER_NAME>"
+	echo "$(basename "$0") {CONTAINER_NAME}"
 }
 
 function parse_options {

sympa/recipe/sympa.recipe

@@ -53,15 +53,6 @@ EOF
     fi
 }
 
-function install_opendkim {
-	if $FORCE || ! systemctl is-active opendkim.service --quiet; then
-		apt-get install -y opendkim
-		echo opendkim installed successfully!
-	else
-		echo opendkim already installed!
-	fi
-}
-
 function install_nginx_host {
     if $FORCE || [[ ! -f /etc/nginx/sites-available/sympa.conf ]]; then
         cat <<EOF >/etc/nginx/sites-available/sympa.conf
@@ -72,7 +63,7 @@ server {
 
     location /wws {
         include fastcgi_params;
-    fastcgi_param SERVER_NAME $(hostname -f);
+        fastcgi_param SERVER_NAME \$host;
         fastcgi_pass  unix:/run/sympa/wwsympa.socket;
     }
 
@@ -100,6 +91,5 @@ EOF
 # MAIN
 
 install_postfix
-install_opendkim
 install_sympa
 install_nginx_host

sympa/resources/tools/sympa_import.bash

@@ -65,11 +65,7 @@ function import_files_etc_sympa {
 function import_files_etc_dkimkeys {
 	mkdir -p /etc/dkimkeys
 	mv etc/dkimkeys/* /etc/dkimkeys/
-	/opt/miaou-bash/tools/append_or_replace "^Domain\t.*" "Domain\t\t\t\t$(hostname -f)" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^KeyFile\t.*" "KeyFile\t\t\t\t/etc/dkimkeys/mail.private" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^Selector\t.*" "Selector\t\t\tmail" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^Socket\t.*" "Socket\t\t\tinet:12345@localhost" /etc/opendkim.conf
-	systemctl restart opendkim.service
+	chown sympa:sympa -R /etc/dkimkeys
 }
 
 function import_files_lib {
@@ -97,6 +93,58 @@ function import_files {
 	echo OK
 }
 
+function import_certbot {
+	if [[ -f "$export_tmp/certbot.tar" ]]; then
+		echo -n "import certbot..."
+		rm -rf /etc/letsencrypt
+		tar -xf "$export_tmp/certbot.tar" -C /
+		echo OK
+	fi
+
+	# change nginx
+	if ! grep -Pq '^\s+listen 443' /etc/nginx/sites-enabled/sympa.conf; then
+		tee /etc/nginx/sites-available/sympa.conf <<EOF
+server {
+    listen 80;
+    server_name _;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443;
+    server_name _;
+
+    ssl_certificate     /etc/letsencrypt/live/\$host/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/\$host/privkey.pem;  
+
+    rewrite ^/$ /wws permanent;
+
+    location /wws {
+        include fastcgi_params;
+        fastcgi_param SERVER_NAME \$host;
+        fastcgi_pass  unix:/run/sympa/wwsympa.socket;
+    }
+
+    location /static-sympa {
+        alias /usr/share/sympa/static_content;
+    }
+
+    location /css-sympa {
+        alias /var/lib/sympa/css;
+    }
+
+    location /pictures-sympa { 
+        alias /var/lib/sympa/pictures;
+    }
+}
+EOF
+		nginx -t && systemctl reload nginx
+		echo host for nginx installed successfully!
+	else
+		echo host SSL nginx already activated!
+	fi
+}
+
 function migrate_sympa {
 	echo -n "migrate sympa..."
 	/usr/lib/sympa/bin/sympa.pl upgrade 2>&1
@@ -130,6 +178,7 @@ function import {
 	stop_services
 	import_database
 	import_files
+	import_certbot
 	start_services
 	migrate_sympa