#!/bin/bash function array_by_comma { local IFS=","; echo "$*"; } # Wait for containers while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do echo "Waiting for SQL..." sleep 2 done # Do not attempt to write to slave if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}" else REDIS_CMDLINE="redis-cli -h redis -p 6379" fi until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do echo "Waiting for Redis..." sleep 2 done # Check mysql_upgrade (master and slave) CONTAINER_ID= until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null) sleep 2 done echo "MySQL @ ${CONTAINER_ID}" SQL_LOOP_C=0 SQL_CHANGED=0 until [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; do if [ ${SQL_LOOP_C} -gt 4 ]; then echo "Tried to upgrade MySQL and failed, giving up after ${SQL_LOOP_C} retries and starting container (oops, not good)" break fi SQL_FULL_UPGRADE_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_upgrade"}' --silent -H 'Content-type: application/json') SQL_UPGRADE_STATUS=$(echo ${SQL_FULL_UPGRADE_RETURN} | jq -r .type) SQL_LOOP_C=$((SQL_LOOP_C+1)) echo "SQL upgrade iteration #${SQL_LOOP_C}" if [[ ${SQL_UPGRADE_STATUS} == 'warning' ]]; then SQL_CHANGED=1 echo "MySQL applied an upgrade, debug output:" echo ${SQL_FULL_UPGRADE_RETURN} sleep 3 while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do echo "Waiting for SQL to return, please wait" sleep 2 done continue elif [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; then echo "MySQL is up-to-date - debug output:" echo ${SQL_FULL_UPGRADE_RETURN} else echo "No valid reponse for mysql_upgrade was received, debug output:" echo ${SQL_FULL_UPGRADE_RETURN} fi done # doing post-installation stuff, if SQL was upgraded (master and slave) if [ ${SQL_CHANGED} -eq 1 ]; then POSTFIX=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null) if [[ -z "${POSTFIX}" ]] || ! [[ "${POSTFIX}" =~ ^[[:alnum:]]*$ ]]; then echo "Could not determine Postfix container ID, skipping Postfix restart." else echo "Restarting Postfix" curl -X POST --silent --insecure https://dockerapi/containers/${POSTFIX}/restart | jq -r '.msg' echo "Sleeping 5 seconds..." sleep 5 fi fi # Check mysql tz import (master and slave) TZ_CHECK=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null) if [[ -z ${TZ_CHECK} ]] || [[ "${TZ_CHECK}" == "NULL" ]]; then SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json') echo "MySQL mysql_tzinfo_to_sql - debug output:" echo ${SQL_FULL_TZINFO_IMPORT_RETURN} fi if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then echo "We are master, preparing..." # Set a default release format if [[ -z $(${REDIS_CMDLINE} --raw GET Q_RELEASE_FORMAT) ]]; then ${REDIS_CMDLINE} --raw SET Q_RELEASE_FORMAT raw fi # Set max age of q items - if unset if [[ -z $(${REDIS_CMDLINE} --raw GET Q_MAX_AGE) ]]; then ${REDIS_CMDLINE} --raw SET Q_MAX_AGE 365 fi # Set default password policy - if unset if [[ -z $(${REDIS_CMDLINE} --raw HGET PASSWD_POLICY length) ]]; then ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY length 6 ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY chars 0 ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY special_chars 0 ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY lowerupper 0 ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY numbers 0 fi # Trigger db init echo "Running DB init..." php -c /usr/local/etc/php -f /web/inc/init_db.inc.php # Recreating domain map echo "Rebuilding domain map in Redis..." declare -a DOMAIN_ARR ${REDIS_CMDLINE} DEL DOMAIN_MAP > /dev/null while read line do DOMAIN_ARR+=("$line") done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs) while read line do DOMAIN_ARR+=("$line") done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs) if [[ ! -z ${DOMAIN_ARR} ]]; then for domain in "${DOMAIN_ARR[@]}"; do ${REDIS_CMDLINE} HSET DOMAIN_MAP ${domain} 1 > /dev/null done fi # Set API options if env vars are not empty if [[ ${API_ALLOW_FROM} != "invalid" ]] && [[ ! -z ${API_ALLOW_FROM} ]]; then IFS=',' read -r -a API_ALLOW_FROM_ARR <<< "${API_ALLOW_FROM}" declare -a VALIDATED_API_ALLOW_FROM_ARR REGEX_IP6='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$' REGEX_IP4='^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/([0-9]|[1-2][0-9]|3[0-2]))?$' for IP in "${API_ALLOW_FROM_ARR[@]}"; do if [[ ${IP} =~ ${REGEX_IP6} ]] || [[ ${IP} =~ ${REGEX_IP4} ]]; then VALIDATED_API_ALLOW_FROM_ARR+=("${IP}") fi done VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]}) if [[ ! -z ${VALIDATED_IPS} ]]; then if [[ ${API_KEY} != "invalid" ]] && [[ ! -z ${API_KEY} ]]; then mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF DELETE FROM api WHERE access = 'rw'; INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY}", "1", "${VALIDATED_IPS}", "rw"); EOF fi if [[ ${API_KEY_READ_ONLY} != "invalid" ]] && [[ ! -z ${API_KEY_READ_ONLY} ]]; then mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF DELETE FROM api WHERE access = 'ro'; INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY_READ_ONLY}", "1", "${VALIDATED_IPS}", "ro"); EOF fi fi fi # Create events (master only, STATUS for event on slave will be SLAVESIDE_DISABLED) mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF DROP EVENT IF EXISTS clean_spamalias; DELIMITER // CREATE EVENT clean_spamalias ON SCHEDULE EVERY 1 DAY DO BEGIN DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP(); END; // DELIMITER ; DROP EVENT IF EXISTS clean_oauth2; DELIMITER // CREATE EVENT clean_oauth2 ON SCHEDULE EVERY 1 DAY DO BEGIN DELETE FROM oauth_refresh_tokens WHERE expires < NOW(); DELETE FROM oauth_access_tokens WHERE expires < NOW(); DELETE FROM oauth_authorization_codes WHERE expires < NOW(); END; // DELIMITER ; DROP EVENT IF EXISTS clean_sasl_log; DELIMITER // CREATE EVENT clean_sasl_log ON SCHEDULE EVERY 1 DAY DO BEGIN DELETE sasl_log.* FROM sasl_log LEFT JOIN ( SELECT username, service, MAX(datetime) AS lastdate FROM sasl_log GROUP BY username, service ) AS last ON sasl_log.username = last.username AND sasl_log.service = last.service WHERE datetime < DATE_SUB(NOW(), INTERVAL 31 DAY) AND datetime < lastdate; DELETE FROM sasl_log WHERE username NOT IN (SELECT username FROM mailbox) AND datetime < DATE_SUB(NOW(), INTERVAL 31 DAY); END; // DELIMITER ; EOF fi # Create dummy for custom overrides of mailcow style [[ ! -f /web/css/build/0081-custom-mailcow.css ]] && echo '/* Autogenerated by mailcow */' > /web/css/build/0081-custom-mailcow.css # Fix permissions for global filters chown -R 82:82 /global_sieve/* # Fix permissions on twig cache folder chown -R 82:82 /web/templates/cache # Clear cache find /web/templates/cache/* -not -name '.gitkeep' -delete # Run hooks for file in /hooks/*; do if [ -x "${file}" ]; then echo "Running hook ${file}" "${file}" fi done exec "$@"