sympa import certbot

sympa/doc/migration.md

@@ -16,8 +16,10 @@ Future:     debian13, sympa 6.2.76
 ## export/import
 
 * # on old machine
-* wget https://git.artcode.re/cemea/monit-sympa/raw/branch/main/sympa/resources/tools/sympa_export.bash
-* chmod +x sympa_export.bash
+  * # run `sympa_purge.bash` first!!!!!!!!
+* wget https://git.artcode.re/cemea/monit-sympa/raw/branch/main/sympa/resources/tools/sympa_{export,purge}.bash
+* chmod +x sympa_{export,purge}.bash
+* ./sympa_purge.bash
 * ./sympa_export.bash
 
 ## export (deprecated)

sympa/miaou/miaou-install-sympa

@@ -8,7 +8,7 @@ CONTAINER=''
 # FUNCTIONS
 
 function usage {
-	echo "$(basename "$0") <CONTAINER_NAME>"
+	echo "$(basename "$0") {CONTAINER_NAME}"
 }
 
 function parse_options {

sympa/recipe/sympa.recipe

@@ -7,33 +7,33 @@ FORCE=${FORCE:-false}
 # FUNCTIONS
 
 function install_postfix {
-	if $FORCE || ! systemctl is-active postfix.service --quiet; then
-		debconf-set-selections <<EOF
+    if $FORCE || ! systemctl is-active postfix.service --quiet; then
+        debconf-set-selections <<EOF
 postfix postfix/mailname string $(hostname -f)
 postfix postfix/main_mailer_type string 'Internet Site'
 postfix postfix/mynetworks string '127.0.0.0/8'
 EOF
-		DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postgresql nginx fcgiwrap perl-doc micro debconf-utils
-		postconf -e "inet_protocols = ipv4"
-		systemctl restart postfix
-		echo postfix installed successfully!
-	else
-		echo postfix already installed!
-	fi
+        DEBIAN_FRONTEND=noninteractive apt-get install -y postfix postgresql nginx fcgiwrap perl-doc micro debconf-utils
+        postconf -e "inet_protocols = ipv4"
+        systemctl restart postfix
+        echo postfix installed successfully!
+    else
+        echo postfix already installed!
+    fi
 }
 
 function alter_sympa_postgres_password_to {
-	password="$1"
-	/opt/miaou-bash/tools/append_or_replace '^db_passwd.*' "db_passwd\tsympa" /etc/sympa/sympa/sympa.conf
-	sudo -u postgres -- psql -c "ALTER USER sympa PASSWORD '$password'"
-	systemctl restart wwsympa.service
+    password="$1"
+    /opt/miaou-bash/tools/append_or_replace '^db_passwd.*' "db_passwd\tsympa" /etc/sympa/sympa/sympa.conf
+    sudo -u postgres -- psql -c "ALTER USER sympa PASSWORD '$password'"
+    systemctl restart wwsympa.service
 }
 
 function install_sympa {
-	if $FORCE || ! systemctl is-active wwsympa.service --quiet; then
-		listmasters="pvincent@artcode.re,jnoel@mithril.re"
-		[[ $(hostname -d) == *.* ]] && listmasters+=",listmaster@$(hostname -d)" || true
-		debconf-set-selections <<EOF
+    if $FORCE || ! systemctl is-active wwsympa.service --quiet; then
+        listmasters="pvincent@artcode.re,jnoel@mithril.re"
+        [[ $(hostname -d) == *.* ]] && listmasters+=",listmaster@$(hostname -d)" || true
+        debconf-set-selections <<EOF
 sympa wwsympa/webserver_type select 'Other'
 sympa sympa/database-type string pgsql
 sympa sympa/db_host string localhost
@@ -42,64 +42,54 @@ sympa sympa/db_user string sympa
 sympa sympa/language select fr
 sympa sympa/listmaster string $listmasters
 EOF
-		DEBIAN_FRONTEND=noninteractive apt-get install -y sympa
-		systemctl disable sympasoap.{socket,service}
-		systemctl stop sympasoap.{socket,service}
+        DEBIAN_FRONTEND=noninteractive apt-get install -y sympa
+        systemctl disable sympasoap.{socket,service}
+        systemctl stop sympasoap.{socket,service}
 
-		alter_sympa_postgres_password_to sympa
-		echo sympa.service installed successfully!
-	else
-		echo sympa.service already installed!
-	fi
-}
-
-function install_opendkim {
-	if $FORCE || ! systemctl is-active opendkim.service --quiet; then
-		apt-get install -y opendkim
-		echo opendkim installed successfully!
-	else
-		echo opendkim already installed!
-	fi
+        alter_sympa_postgres_password_to sympa
+        echo sympa.service installed successfully!
+    else
+        echo sympa.service already installed!
+    fi
 }
 
 function install_nginx_host {
-	if $FORCE || [[ ! -f /etc/nginx/sites-available/sympa.conf ]]; then
-		cat <<EOF >/etc/nginx/sites-available/sympa.conf
+    if $FORCE || [[ ! -f /etc/nginx/sites-available/sympa.conf ]]; then
+        cat <<EOF >/etc/nginx/sites-available/sympa.conf
 server {
-  listen 80;
-  server_name _;
-  rewrite ^/$ /wws permanent;
+    listen 80;
+    server_name _;
+    rewrite ^/$ /wws permanent;
 
-  location /wws {
-    include fastcgi_params;
-    fastcgi_param SERVER_NAME $(hostname -f);
-    fastcgi_pass  unix:/run/sympa/wwsympa.socket;
-  }
+    location /wws {
+        include fastcgi_params;
+        fastcgi_param SERVER_NAME \$host;
+        fastcgi_pass  unix:/run/sympa/wwsympa.socket;
+    }
 
-  location /static-sympa {
-    alias /usr/share/sympa/static_content;
-  }
+    location /static-sympa {
+        alias /usr/share/sympa/static_content;
+    }
 
-  location /css-sympa {
-    alias /var/lib/sympa/css;
-  }
+    location /css-sympa {
+        alias /var/lib/sympa/css;
+    }
 
-  location /pictures-sympa { 
-    alias /var/lib/sympa/pictures;
-  }
+    location /pictures-sympa { 
+        alias /var/lib/sympa/pictures;
+    }
 }
 EOF
-		cd /etc/nginx/sites-enabled && rm -f default && ln -sf ../sites-available/sympa.conf && cd
-		systemctl reload nginx
-		echo host for nginx installed successfully!
-	else
-		echo host for nginx already installed!
-	fi
+        cd /etc/nginx/sites-enabled && rm -f default && ln -sf ../sites-available/sympa.conf && cd
+        systemctl reload nginx
+        echo host for nginx installed successfully!
+    else
+        echo host for nginx already installed!
+    fi
 }
 
 # MAIN
 
 install_postfix
-install_opendkim
 install_sympa
 install_nginx_host

sympa/resources/tools/sympa_import.bash

@@ -65,11 +65,7 @@ function import_files_etc_sympa {
 function import_files_etc_dkimkeys {
 	mkdir -p /etc/dkimkeys
 	mv etc/dkimkeys/* /etc/dkimkeys/
-	/opt/miaou-bash/tools/append_or_replace "^Domain\t.*" "Domain\t\t\t\t$(hostname -f)" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^KeyFile\t.*" "KeyFile\t\t\t\t/etc/dkimkeys/mail.private" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^Selector\t.*" "Selector\t\t\tmail" /etc/opendkim.conf
-	/opt/miaou-bash/tools/append_or_replace "^Socket\t.*" "Socket\t\t\tinet:12345@localhost" /etc/opendkim.conf
-	systemctl restart opendkim.service
+	chown sympa:sympa -R /etc/dkimkeys
 }
 
 function import_files_lib {
@@ -97,6 +93,58 @@ function import_files {
 	echo OK
 }
 
+function import_certbot {
+	if [[ -f "$export_tmp/certbot.tar" ]]; then
+		echo -n "import certbot..."
+		rm -rf /etc/letsencrypt
+		tar -xf "$export_tmp/certbot.tar" -C /
+		echo OK
+	fi
+
+	# change nginx
+	if ! grep -Pq '^\s+listen 443' /etc/nginx/sites-enabled/sympa.conf; then
+		tee /etc/nginx/sites-available/sympa.conf <<EOF
+server {
+    listen 80;
+    server_name _;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443;
+    server_name _;
+
+    ssl_certificate     /etc/letsencrypt/live/\$host/cert.pem;
+    ssl_certificate_key /etc/letsencrypt/live/\$host/privkey.pem;  
+
+    rewrite ^/$ /wws permanent;
+
+    location /wws {
+        include fastcgi_params;
+        fastcgi_param SERVER_NAME \$host;
+        fastcgi_pass  unix:/run/sympa/wwsympa.socket;
+    }
+
+    location /static-sympa {
+        alias /usr/share/sympa/static_content;
+    }
+
+    location /css-sympa {
+        alias /var/lib/sympa/css;
+    }
+
+    location /pictures-sympa { 
+        alias /var/lib/sympa/pictures;
+    }
+}
+EOF
+		nginx -t && systemctl reload nginx
+		echo host for nginx installed successfully!
+	else
+		echo host SSL nginx already activated!
+	fi
+}
+
 function migrate_sympa {
 	echo -n "migrate sympa..."
 	/usr/lib/sympa/bin/sympa.pl upgrade 2>&1
@@ -130,6 +178,7 @@ function import {
 	stop_services
 	import_database
 	import_files
+	import_certbot
 	start_services
 	migrate_sympa