cemea
/
monit-sympa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 Commits
1 Branch
2 Tags
131 KiB
 
Tree: 3aceca75ae
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3aceca75ae'
${ noResults }
monit-sympa/sympa/resources/tools/sympa_import.bash

235 lines
5.5 KiB
Raw Blame History

#!/usr/bin/env bash
## constants
BASEDIR=$(dirname "$0")
BASECMD=$(basename "$0")
DB_NAME=sympa
DB_USER="$DB_NAME"
DB_PASS="$DB_NAME"
## functions
function usage {
echo "$BASECMD <file.sympa>"
}
function assert_file {
[[ $# != 1 ]] && usage && exit 1
file="$1"
[[ ! -f $file ]] && echo "file not found: $file" && exit 2
true
}
function create_temp {
echo -n "create_temp..."
export_name=$(basename $file)
export_tmp="/tmp/$export_name"
mkdir "$export_tmp"
echo OK
}
function uncompress_export_file {
echo -n "uncompress export file..."
tar -xf $file -C "$export_tmp"
echo OK
}
function import_database {
echo -n "import database $DB_NAME..."
sudo -u postgres dropdb "$DB_NAME" 2>/dev/null
sudo -u postgres createdb -O "$DB_USER" "$DB_NAME" 2>/dev/null
gunzip -c "$export_tmp"/database.psql.gz | PGPASSWORD="$DB_PASS" psql -h localhost -U "$DB_USER" "$DB_NAME"
echo OK
}
function replace_conf_entry_from_export {
local export_conf=etc/sympa/sympa/sympa.conf
local final_conf="/$export_conf"
local key="$1"
local pattern="^$key.*"
local replacement=$(grep $pattern $export_conf)
local ksh93=${replacement//\//\\/}
sed -i "s/$pattern/$ksh93/" "$final_conf"
}
function import_files_etc_sympa {
mv etc/sympa/auth.conf /etc/sympa/
mv etc/sympa/data_structure.version /etc/sympa/
replace_conf_entry_from_export domain
replace_conf_entry_from_export listmaster
replace_conf_entry_from_export lang
}
function import_files_etc_dkimkeys {
mkdir -p /etc/dkimkeys
mv etc/dkimkeys/* /etc/dkimkeys/
chown sympa:sympa -R /etc/dkimkeys
}
function import_files_lib {
rm -rf /var/lib/sympa
mv var/lib/sympa /var/lib
}
function import_files_spool {
rm -rf /var/spool/sympa
mv var/spool/sympa /var/spool
}
function import_files {
echo -n "import files..."
files_temp="$export_tmp/files"
mkdir "$files_temp"
cd "$files_temp"
tar -xf "$export_tmp/files.tar.gz"
import_files_etc_sympa
[[ -d etc/dkimkeys ]] && import_files_etc_dkimkeys
import_files_lib
import_files_spool
echo OK
}
function import_certbot {
if [[ -f "$export_tmp/certbot.tar" ]]; then
echo -n "import certbot..."
rm -rf /etc/letsencrypt
tar -xf "$export_tmp/certbot.tar" -C /
echo OK
fi
# add options-ssl-nginx.conf
if [[ ! -f /etc/letsencrypt/options-ssl-nginx.conf ]]; then
tee /etc/letsencrypt/options-ssl-nginx.conf <<EOF
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
EOF
echo 'options-ssl-nginx.conf created!'
else
echo 'options-ssl-nginx.conf already there!'
fi
# add ssl-dhparams.pem
if [[ ! -f /etc/letsencrypt/ssl-dhparams.pem ]]; then
tee /etc/letsencrypt/ssl-dhparams.pem <<EOF
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----
EOF
echo 'ssl-dhparams.pem created!'
else
echo 'ssl-dhparams.pem already there!'
fi
# change nginx
if ! grep -Pq '^\s+listen 443' /etc/nginx/sites-enabled/sympa.conf; then
tee /etc/nginx/sites-available/sympa.conf <<EOF
server {
listen 80;
server_name _;
return 301 https://\$host\$request_uri;
}
server {
listen 443;
server_name _;
ssl_certificate /etc/letsencrypt/live/\$host/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/\$host/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
rewrite ^/$ /wws permanent;
location /wws {
include fastcgi_params;
fastcgi_param SERVER_NAME \$host;
fastcgi_pass unix:/run/sympa/wwsympa.socket;
}
location /static-sympa {
alias /usr/share/sympa/static_content;
}
location /css-sympa {
alias /var/lib/sympa/css;
}
location /pictures-sympa {
alias /var/lib/sympa/pictures;
}
}
EOF
nginx -t
systemctl reload nginx
echo host for nginx installed successfully!
else
echo host SSL nginx already activated!
fi
}
function migrate_sympa {
echo -n "migrate sympa..."
/usr/lib/sympa/bin/sympa.pl upgrade 2>&1
echo OK
}
function stop_services {
echo -n "stop services..."
sudo systemctl stop sympa.service
sudo systemctl stop wwsympa.socket
echo OK
}
function start_services {
echo -n "start services..."
sudo systemctl start sympa.service
sudo systemctl start wwsympa.socket
echo OK
}
function remove_temp {
echo -n "remove temp..."
rm -rf "$export_tmp"
echo OK
}
function import {
create_temp
uncompress_export_file
stop_services
import_database
import_files
import_certbot
start_services
migrate_sympa
remove_temp
}
## main
set -Eeu
assert_file $*
import