#!/usr/bin/env bash ## constants BASEDIR=$(dirname "$0") BASECMD=$(basename "$0") DB_NAME=sympa DB_USER="$DB_NAME" DB_PASS="$DB_NAME" SYMPA_DOMAIN='' ## functions function usage { echo "$BASECMD " } function assert_file { [[ $# != 1 ]] && usage && exit 1 file="$1" [[ ! -f $file ]] && echo "file not found: $file" && exit 2 true } function create_temp { echo -n "create_temp..." export_name=$(basename $file) export_tmp="/tmp/$export_name" mkdir "$export_tmp" echo OK } function uncompress_export_file { echo -n "uncompress export file..." tar -xf $file -C "$export_tmp" echo OK } function import_database { echo -n "import database $DB_NAME..." sudo -u postgres dropdb "$DB_NAME" 2> /dev/null sudo -u postgres createdb -O "$DB_USER" "$DB_NAME" 2> /dev/null gunzip -c "$export_tmp"/database.psql.gz | PGPASSWORD="$DB_PASS" psql -h localhost -U "$DB_USER" "$DB_NAME" echo OK } function replace_conf_entry_from_export { local export_conf=etc/sympa/sympa/sympa.conf local final_conf="/$export_conf" local key="$1" local pattern="^$key.*" local replacement=$(grep $pattern $export_conf) local ksh93=${replacement//\//\\/} sed -i "s/$pattern/$ksh93/" "$final_conf" } function import_files_etc_sympa { mv etc/sympa/auth.conf /etc/sympa/ mv etc/sympa/data_structure.version /etc/sympa/ replace_conf_entry_from_export domain replace_conf_entry_from_export wwsympa_url replace_conf_entry_from_export listmaster replace_conf_entry_from_export lang /opt/miaou-bash/tools/append_or_replace '^aliases_program.*$' 'aliases_program postalias' /etc/sympa/sympa/sympa.conf } function import_files_etc_mail_sympa_aliases { mv etc/mail/sympa/aliases{,.db} /etc/mail/sympa/ chown sympa:sympa /etc/mail/sympa/aliases{,.db} } function import_files_etc_dkimkeys { mkdir -p /etc/dkimkeys mv etc/dkimkeys/* /etc/dkimkeys/ chown sympa:sympa -R /etc/dkimkeys } function import_files_lib { rm -rf /var/lib/sympa mv var/lib/sympa /var/lib } function import_files_spool { rm -rf /var/spool/sympa mv var/spool/sympa /var/spool } function import_files { echo -n "import files..." files_temp="$export_tmp/files" mkdir "$files_temp" cd "$files_temp" tar -xf "$export_tmp/files.tar.gz" import_files_etc_sympa import_files_etc_mail_sympa_aliases [[ -d etc/dkimkeys ]] && import_files_etc_dkimkeys import_files_lib import_files_spool echo OK } function import_certbot { SYMPA_DOMAIN=$(grep '^domain' /etc/sympa/sympa/sympa.conf | cut -f2) if [[ -f "$export_tmp/certbot.tar" ]]; then echo "certbot save previous cli.ini" cp /etc/letsencrypt/cli.ini "$export_tmp/" echo "import certbot..." rm -rf /etc/letsencrypt tar -xf "$export_tmp/certbot.tar" -C / echo OK echo "certbot restore previous cli.ini" mv "$export_tmp/cli.ini" /etc/letsencrypt/ echo "convert certbot apache2 authenticator to certbotx nginx authenticator" /opt/miaou-bash/tools/append_or_replace '^authenticator =.*$' "authenticator = nginx" /etc/letsencrypt/renewal/$SYMPA_DOMAIN.conf /opt/miaou-bash/tools/append_or_replace '^installer =.*$' "installer = nginx" /etc/letsencrypt/renewal/$SYMPA_DOMAIN.conf fi # add options-ssl-nginx.conf if [[ ! -f /etc/letsencrypt/options-ssl-nginx.conf ]]; then tee /etc/letsencrypt/options-ssl-nginx.conf << EOF # This file contains important security parameters. If you modify this file # manually, Certbot will be unable to automatically provide future security # updates. Instead, Certbot will print and log an error message with a path to # the up-to-date file that you will need to refer to when manually updating # this file. Contents are based on https://ssl-config.mozilla.org ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; EOF echo 'options-ssl-nginx.conf created!' else echo 'options-ssl-nginx.conf already there!' fi # add ssl-dhparams.pem if [[ ! -f /etc/letsencrypt/ssl-dhparams.pem ]]; then tee /etc/letsencrypt/ssl-dhparams.pem << EOF -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== -----END DH PARAMETERS----- EOF echo 'ssl-dhparams.pem created!' else echo 'ssl-dhparams.pem already there!' fi # change nginx if ! grep -Pq '^\s+listen 443' /etc/nginx/sites-enabled/sympa.conf; then tee /etc/nginx/sites-available/sympa.conf << EOF server { listen 80; server_name _; return 301 https://\$host\$request_uri; } server { listen 443 ssl; server_name $SYMPA_DOMAIN; ssl_certificate /etc/letsencrypt/live/$SYMPA_DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$SYMPA_DOMAIN/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; rewrite ^/$ /wws permanent; location /wws { include fastcgi_params; fastcgi_param SERVER_NAME \$host; fastcgi_pass unix:/run/sympa/wwsympa.socket; } location /static-sympa { alias /usr/share/sympa/static_content; } location /css-sympa { alias /var/lib/sympa/css; } location /pictures-sympa { alias /var/lib/sympa/pictures; } } EOF nginx -t systemctl reload nginx echo host for nginx installed successfully! else echo host SSL nginx already activated! fi } function migrate_sympa { echo -n "migrate sympa..." /usr/lib/sympa/bin/sympa.pl upgrade 2>&1 echo OK } function stop_services { echo -n "stop services..." systemctl stop sympa.service systemctl stop wwsympa.socket systemctl stop postfix.service echo OK } function start_services { echo -n "start services..." systemctl start sympa.service systemctl start wwsympa.socket systemctl start postfix.service echo OK } function remove_temp { echo -n "remove temp..." rm -rf "$export_tmp" echo OK } function configure_postfix { echo "$SYMPA_DOMAIN" > /etc/mailname /opt/miaou-bash/tools/append_or_replace '^myhostname =.*$' "myhostname = $SYMPA_DOMAIN" /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^alias_maps =.*$' 'alias_maps = hash:/etc/aliases, hash:/etc/mail/sympa/aliases' /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^alias_database =.*$' 'alias_database = hash:/etc/aliases, hash:/etc/mail/sympa/aliases' /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtpd_tls_cert_file =.*$' "smtpd_tls_cert_file = /etc/letsencrypt/live/$SYMPA_DOMAIN/fullchain.pem" /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtpd_tls_key_file =.*$' "smtpd_tls_key_file = /etc/letsencrypt/live/$SYMPA_DOMAIN/privkey.pem" /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtpd_tls_security_level =.*$' 'smtpd_tls_security_level = may' /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtpd_tls_received_header =.*$' 'smtpd_tls_received_header = yes' /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtpd_tls_loglevel =.*$' 'smtpd_tls_loglevel = 1' /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtp_tls_cert_file =.*$' "smtp_tls_cert_file = /etc/letsencrypt/live/$SYMPA_DOMAIN/fullchain.pem" /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtp_tls_key_file =.*$' "smtp_tls_key_file = /etc/letsencrypt/live/$SYMPA_DOMAIN/privkey.pem" /etc/postfix/main.cf /opt/miaou-bash/tools/append_or_replace '^smtp_tls_security_level =.*$' 'smtp_tls_security_level = may' /etc/postfix/main.cf true } function import { create_temp uncompress_export_file stop_services import_database import_files import_certbot # SYMPA_DOMAIN got populated! configure_postfix start_services migrate_sympa remove_temp echo 'IMPORT SUCCESSFUL!' } ## main set -Eeu assert_file $* import