smartmachine 1.2.3 → 1.3.1

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/master.cf

@@ -0,0 +1,149 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+##### SmartMachine Begin.
+#smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       -       smtpd
+  -o content_filter=spamassassin
+##### SmartMachine Close.
+#smtp      inet  n       -       y       -       1       postscreen
+#smtpd     pass  -       -       y       -       -       smtpd
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
+#submission inet n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+##### SmartMachine Begin.
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+##### SmartMachine Close.
+#smtps     inet  n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       y       -       -       qmqpd
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       y       -       -       smtp
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix -       n       n       -       2       pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
+##### SmartMachine Begin.
+spamassassin unix -     n       n       -       -       pipe
+  user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+policyd-spf  unix  -       n       n       -       0       spawn
+  user=policyd-spf argv=/usr/bin/policyd-spf
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-sender-login-maps.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email IN ('%s', (SELECT CONCAT('%u', '@', destination_name) FROM virtual_domains WHERE name='%d' AND destination_name IS NOT NULL)) UNION SELECT destination FROM virtual_aliases WHERE source IN ('%s', (SELECT CONCAT('%u', '@', destination_name) FROM virtual_domains WHERE name='%d' AND destination_name IS NOT NULL))
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_domains WHERE name='%s' AND destination_name IS NOT NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT concat('@', destination_name) FROM virtual_domains WHERE CONCAT('@', name)='%s' AND destination_name IS NOT NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-masters.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email='%<sysadmin_email>s' AND ('%u'='postmaster' OR '%u'='abuse' OR '%u'='hostmaster' OR '%u'='webmaster')
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-users.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT destination FROM virtual_aliases WHERE source='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-alias-maps-userstothemselves.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT email FROM virtual_users WHERE email='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-domains.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_domains WHERE name='%s' AND destination_name IS NULL
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix/mysql-virtual-mailbox-maps.cf

@@ -0,0 +1,7 @@
+##### SmartMachine Begin.
+user = %<mysql_user>s
+password = %<mysql_password>s
+hosts = %<mysql_host>s:%<mysql_port>s
+dbname = %<mysql_database_name>s
+query = SELECT 1 FROM virtual_users WHERE email='%s'
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/postfix-policyd-spf-python/policyd-spf.conf

@@ -0,0 +1,12 @@
+#  For a fully commented sample config file see policyd-spf.conf.commented
+
+debugLevel = 1
+TestOnly = 1
+
+HELO_reject = Fail
+Mail_From_reject = Fail
+
+PermError_reject = False
+TempError_Defer = False
+
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/etc/spamassassin/local.cf

@@ -0,0 +1,124 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+# report_contact youremailaddress@domain.tld
+
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+# rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+# report_safe 1
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+# required_score 5.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+# use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+# bayes_auto_learn 1
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+#   Some shortcircuiting, if the plugin is enabled
+# 
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-whitelisted mails are *really* whitelisted now, if the
+#   shortcircuiting plugin is active, causing early exit to save CPU load.
+#   Uncomment to turn this on
+#
+#   SpamAssassin tries hard not to launch DNS queries before priority -100. 
+#   If you want to shortcircuit without launching unneeded queries, make
+#   sure such rule priority is below -100. These examples are already:
+#
+# shortcircuit USER_IN_WHITELIST       on
+# shortcircuit USER_IN_DEF_WHITELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+# shortcircuit SUBJECT_IN_WHITELIST    on
+
+#   the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST       on
+# shortcircuit USER_IN_BLACKLIST_TO    on
+# shortcircuit SUBJECT_IN_BLACKLIST    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
+
+##### SmartMachine Begin.
+loadplugin Mail::SpamAssassin::Plugin::DCC
+
+report_safe             0
+required_score          10.0
+use_razor2              0
+use_dcc                 0
+use_pyzor               0
+##### SmartMachine Close.

data/lib/smart_machine/templates/dotsmartmachine/config/emailer/usr/local/bin/quota-warning.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+PERCENT=$1
+USER=$2
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
+From: Email Postmaster <postmaster@%<mailname>s>
+Subject: Your mailbox is $PERCENT% full.
+
+Hello there,
+
+Your mailbox can store a limited amount of emails. Currently it is $PERCENT% full. New emails will not be stored if you reach 100%.
+
+To get more space in your mailbox you can:
+1. Contact your email provider and upgrade your plan.
+2. Delete emails from your mailbox.
+
+If using option 2, please ensure you have emptied your Trash folder to free up the space.
+
+Thanks for reading. Hope this was helpful.
+
+Regards,
+Your Email Postmaster
+EOF

data/lib/smart_machine/templates/dotsmartmachine/config/emailer.yml

@@ -0,0 +1,37 @@
+emailerone:
+  fqdn: "youremailerone.yourdomain.com"
+  mailname: "yourdomain.com"
+  sysadmin_email: "adminname@yourdomain.com"
+  networks: ["mysqlone-network"]
+  mysql_host: mysqlone
+  mysql_port: 3306
+  mysql_user: <%= SmartMachine.credentials.dig(:emailerone, :mysql_user) %>
+  mysql_password: <%= SmartMachine.credentials.dig(:emailerone, :mysql_password) %>
+  mysql_database_name: <%= SmartMachine.credentials.dig(:emailerone, :mysql_database_name) %>
+  monit_smtp_email_name: "Your Emailer One"
+  monit_smtp_email_address: "yourmachineemailerone@yourdomain.com"
+  monit_smtp_host: "youremailerone.yourdomain.com"
+  monit_smtp_port: 587
+  monit_smtp_username: <%= SmartMachine.credentials.dig(:emailerone, :monit_smtp_username) %>
+  monit_smtp_password: <%= SmartMachine.credentials.dig(:emailerone, :monit_smtp_password) %>
+  oracle_ips_allowed: []
+  oracle_deflect_url: "https://yourdomain.com"
+
+# emailertwo:
+#   fqdn: "youremailertwo.yourdomain.com"
+#   mailname: "yourdomain.com"
+#   sysadmin_email: "adminname@yourdomain.com"
+#   networks: ["mysqlone-network"]
+#   mysql_host: mysqlone
+#   mysql_port: 3306
+#   mysql_user: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_user) %>
+#   mysql_password: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_password) %>
+#   mysql_database_name: <%= SmartMachine.credentials.dig(:emailertwo, :mysql_database_name) %>
+#   monit_smtp_email_name: "Your Emailer Two"
+#   monit_smtp_email_address: "yourmachineemailertwo@yourdomain.com"
+#   monit_smtp_host: "youremailertwo.yourdomain.com"
+#   monit_smtp_port: 587
+#   monit_smtp_username: <%= SmartMachine.credentials.dig(:emailertwo, :monit_smtp_username) %>
+#   monit_smtp_password: <%= SmartMachine.credentials.dig(:emailertwo, :monit_smtp_password) %>
+#   oracle_ips_allowed: []
+#   oracle_deflect_url: "https://yourdomain.com"

data/lib/smart_machine/templates/dotsmartmachine/config/engine.yml

@@ -0,0 +1,2 @@
+engineone:
+  timezone: "Etc/UTC"

data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/docker/custom-docker-entrypoint.sh

@@ -0,0 +1,185 @@
+#!/bin/bash
+# set -ex
+
+# PWD=`pwd`
+
+if  [[ "$1" == apache2* || "$1" == php-fpm || "$1" == bin* ]]; then
+  INSTALLDIR=`pwd`
+  # docroot is empty
+  if ! [ -e index.php -a -e bin/installto.sh ]; then
+    echo >&2 "roundcubemail not found in $PWD - copying now..."
+    if [ "$(ls -A)" ]; then
+      echo >&2 "WARNING: $PWD is not empty - press Ctrl+C now if this is an error!"
+      ( set -x; ls -A; sleep 10 )
+    fi
+    tar cf - --one-file-system -C /usr/src/roundcubemail . | tar xf -
+    echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $INSTALLDIR"
+  # update Roundcube in docroot
+  else
+    echo >&2 "roundcubemail found in $INSTALLDIR - installing update..."
+    (cd /usr/src/roundcubemail && bin/installto.sh -y $INSTALLDIR)
+    # Re-install composer modules (including plugins)
+    composer \
+          --working-dir=${INSTALLDIR} \
+          --prefer-dist \
+          --no-dev \
+          --no-interaction \
+          --optimize-autoloader \
+          install
+  fi
+
+  if [ -f /run/secrets/roundcube_db_user ]; then
+    ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user`
+  fi
+  if [ -f /run/secrets/roundcube_db_password ]; then
+    ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
+  fi
+  if [ -f /run/secrets/roundcube_oauth_client_secret ]; then
+    ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET=`cat /run/secrets/roundcube_oauth_client_secret`
+  fi
+
+  if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
+    : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
+    : "${ROUNDCUBEMAIL_DB_HOST:=postgres}"
+    : "${ROUNDCUBEMAIL_DB_PORT:=5432}"
+    : "${ROUNDCUBEMAIL_DB_USER:=${POSTGRES_ENV_POSTGRES_USER}}"
+    : "${ROUNDCUBEMAIL_DB_PASSWORD:=${POSTGRES_ENV_POSTGRES_PASSWORD}}"
+    : "${ROUNDCUBEMAIL_DB_NAME:=${POSTGRES_ENV_POSTGRES_DB:-roundcubemail}}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}"
+
+    /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30
+  elif [ ! -z "${!MYSQL_ENV_MYSQL_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "mysql" ]; then
+    : "${ROUNDCUBEMAIL_DB_TYPE:=mysql}"
+    : "${ROUNDCUBEMAIL_DB_HOST:=mysql}"
+    : "${ROUNDCUBEMAIL_DB_PORT:=3306}"
+    : "${ROUNDCUBEMAIL_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}"
+    if [ "$ROUNDCUBEMAIL_DB_USER" = 'root' ]; then
+      : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD}}"
+    else
+      : "${ROUNDCUBEMAIL_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD}}"
+    fi
+    : "${ROUNDCUBEMAIL_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-roundcubemail}}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}://${ROUNDCUBEMAIL_DB_USER}:${ROUNDCUBEMAIL_DB_PASSWORD}@${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT}/${ROUNDCUBEMAIL_DB_NAME}}"
+
+    /wait-for-it.sh ${ROUNDCUBEMAIL_DB_HOST}:${ROUNDCUBEMAIL_DB_PORT} -t 30
+  else
+    # use local SQLite DB in /var/roundcube/db
+    : "${ROUNDCUBEMAIL_DB_TYPE:=sqlite}"
+    : "${ROUNDCUBEMAIL_DB_DIR:=/var/roundcube/db}"
+    : "${ROUNDCUBEMAIL_DB_NAME:=sqlite}"
+    : "${ROUNDCUBEMAIL_DSNW:=${ROUNDCUBEMAIL_DB_TYPE}:///$ROUNDCUBEMAIL_DB_DIR/${ROUNDCUBEMAIL_DB_NAME}.db?mode=0646}"
+
+    mkdir -p $ROUNDCUBEMAIL_DB_DIR
+    chown www-data:www-data $ROUNDCUBEMAIL_DB_DIR
+  fi
+
+  : "${ROUNDCUBEMAIL_DEFAULT_HOST:=localhost}"
+  : "${ROUNDCUBEMAIL_DEFAULT_PORT:=143}"
+  : "${ROUNDCUBEMAIL_SMTP_SERVER:=localhost}"
+  : "${ROUNDCUBEMAIL_SMTP_PORT:=587}"
+  : "${ROUNDCUBEMAIL_PLUGINS:=archive,zipdownload}"
+  : "${ROUNDCUBEMAIL_SKIN:=elastic}"
+  : "${ROUNDCUBEMAIL_TEMP_DIR:=/tmp/roundcube-temp}"
+  : "${ROUNDCUBEMAIL_REQUEST_PATH:=/}"
+  : "${ROUNDCUBEMAIL_COMPOSER_PLUGINS_FOLDER:=$INSTALLDIR}"
+
+  if [ ! -z "${ROUNDCUBEMAIL_COMPOSER_PLUGINS}" ]; then
+    echo "Installing plugins from the list"
+    echo "Plugins: ${ROUNDCUBEMAIL_COMPOSER_PLUGINS}"
+
+    # Change ',' into a space
+    ROUNDCUBEMAIL_COMPOSER_PLUGINS_SH=`echo "${ROUNDCUBEMAIL_COMPOSER_PLUGINS}" | tr ',' ' '`
+
+    composer \
+      --working-dir=${ROUNDCUBEMAIL_COMPOSER_PLUGINS_FOLDER} \
+      --prefer-dist \
+      --prefer-stable \
+      --update-no-dev \
+      --no-interaction \
+      --optimize-autoloader \
+      require \
+      -- \
+      ${ROUNDCUBEMAIL_COMPOSER_PLUGINS_SH};
+  fi
+
+  if [ ! -e config/config.inc.php ]; then
+    GENERATED_DES_KEY=`head /dev/urandom | base64 | head -c 24`
+    touch config/config.inc.php
+
+    echo "Write root config to $PWD/config/config.inc.php"
+    echo "<?php
+    \$config['plugins'] = [];
+    \$config['log_driver'] = 'stdout';
+    \$config['zipdownload_selection'] = true;
+    \$config['des_key'] = '${GENERATED_DES_KEY}';
+    \$config['enable_spellcheck'] = true;
+    \$config['spellcheck_engine'] = 'pspell';
+    include(__DIR__ . '/config.docker.inc.php');
+    " > config/config.inc.php
+
+  elif ! grep -q "config.docker.inc.php" config/config.inc.php; then
+    echo "include(__DIR__ . '/config.docker.inc.php');" >> config/config.inc.php
+  fi
+
+  ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"`
+  echo "Write Docker config to $PWD/config/config.docker.inc.php"
+  echo "<?php
+  \$config['db_dsnw'] = '${ROUNDCUBEMAIL_DSNW}';
+  \$config['db_dsnr'] = '${ROUNDCUBEMAIL_DSNR}';
+  \$config['imap_host'] = '${ROUNDCUBEMAIL_DEFAULT_HOST}:${ROUNDCUBEMAIL_DEFAULT_PORT}';
+  \$config['smtp_host'] = '${ROUNDCUBEMAIL_SMTP_SERVER}:${ROUNDCUBEMAIL_SMTP_PORT}';
+  \$config['username_domain'] = '${ROUNDCUBEMAIL_USERNAME_DOMAIN}';
+  \$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}';
+  \$config['skin'] = '${ROUNDCUBEMAIL_SKIN}';
+  \$config['request_path'] = '${ROUNDCUBEMAIL_REQUEST_PATH}';
+  \$config['plugins'] = array_filter(array_unique(array_merge(\$config['plugins'], ['${ROUNDCUBEMAIL_PLUGINS_PHP}'])));
+  " > config/config.docker.inc.php
+
+  if [ -e /run/secrets/roundcube_des_key ]; then
+    echo "\$config['des_key'] = file_get_contents('/run/secrets/roundcube_des_key');" >> config/config.docker.inc.php
+  elif [ ! -z "${ROUNDCUBEMAIL_DES_KEY}" ]; then
+    echo "\$config['des_key'] = getenv('ROUNDCUBEMAIL_DES_KEY');" >> config/config.docker.inc.php
+  fi
+
+  if [ ! -z "${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}" ]; then
+    echo "\$config['oauth_client_secret'] = '${ROUNDCUBEMAIL_OAUTH_CLIENT_SECRET}';" >> config/config.docker.inc.php
+  fi
+
+  if [ ! -z "${ROUNDCUBEMAIL_SPELLCHECK_URI}"]; then
+    echo "\$config['spellcheck_engine'] = 'googie';" >> config/config.docker.inc.php
+    echo "\$config['spellcheck_uri'] = '${ROUNDCUBEMAIL_SPELLCHECK_URI}';" >> config/config.docker.inc.php
+  fi
+
+  # include custom config files
+  for fn in `ls /var/roundcube/config/*.php 2>/dev/null || true`; do
+    echo "include('$fn');" >> config/config.docker.inc.php
+  done
+
+  # initialize or update DB
+  bin/initdb.sh --dir=$PWD/SQL --update || echo "Failed to initialize/update the database. Please start with an empty database and restart the container."
+
+  if [ ! -z "${ROUNDCUBEMAIL_TEMP_DIR}" ]; then
+    mkdir -p ${ROUNDCUBEMAIL_TEMP_DIR} && chown www-data ${ROUNDCUBEMAIL_TEMP_DIR}
+  fi
+
+  if [ ! -z "${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" ]; then
+    echo "upload_max_filesize=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini
+    echo "post_max_size=${ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE}" >> /usr/local/etc/php/conf.d/roundcube-override.ini
+  fi
+
+  : "${ROUNDCUBEMAIL_LOCALE:=en_US.UTF-8 UTF-8}"
+
+  if [ -e /usr/sbin/locale-gen ] && [ ! -z "${ROUNDCUBEMAIL_LOCALE}" ]; then
+    echo "${ROUNDCUBEMAIL_LOCALE}" > /etc/locale.gen
+    /usr/sbin/locale-gen
+  fi
+
+  if [ ! -z "${ROUNDCUBEMAIL_ASPELL_DICTS}" ]; then
+    ASPELL_PACKAGES=`echo -n "aspell-${ROUNDCUBEMAIL_ASPELL_DICTS}" | sed -E "s/[, ]+/ aspell-/g"`
+    which apt-get && apt-get install -y $ASPELL_PACKAGES
+    which apk && apk add --no-cache $ASPELL_PACKAGES
+  fi
+
+fi
+
+exec ruby /smartmachine/config/roundcube/docker/entrypoint.rb "$@"

data/lib/smart_machine/templates/dotsmartmachine/config/roundcube/docker/entrypoint.rb

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'logger'
+require 'cgi'
+
+logger = Logger.new(STDOUT)
+STDOUT.sync = true
+
+def update_envkeys_in(filepaths, envkeys)
+  filepaths.each do |filepath|
+    str = File.read(filepath)
+    str = str.gsub(/%(?!<)/, '%%')
+    str = format(str, envkeys)
+    File.open(filepath, "w") { |file| file << str }
+  end
+end
+
+# initial setup
+unless File.exist?('/run/initial_container_start')
+  FileUtils.touch('/run/initial_container_start')
+
+  # EnvKeys
+  envkeys = {
+    container_name: ENV.delete('CONTAINER_NAME'),
+    fqdn: ENV.delete('FQDN'),
+    timezone: `cat /etc/timezone`.chomp,
+    roundcubemail_request_path: ENV.delete('ROUNDCUBEMAIL_REQUEST_PATH'),
+    roundcubemail_plugins_password_database_type: ENV.delete('ROUNDCUBEMAIL_PLUGINS_PASSWORD_DATABASE_TYPE'),
+    roundcubemail_plugins_password_database_host: ENV.delete('ROUNDCUBEMAIL_PLUGINS_PASSWORD_DATABASE_HOST'),
+    roundcubemail_plugins_password_database_user: CGI.escape(ENV.delete('ROUNDCUBEMAIL_PLUGINS_PASSWORD_DATABASE_USER')),
+    roundcubemail_plugins_password_database_pass: CGI.escape(ENV.delete('ROUNDCUBEMAIL_PLUGINS_PASSWORD_DATABASE_PASS')),
+    roundcubemail_plugins_password_database_name: ENV.delete('ROUNDCUBEMAIL_PLUGINS_PASSWORD_DATABASE_NAME')
+  }
+
+  # Config
+  FileUtils.cp '/smartmachine/config/roundcube/etc/apache2/sites-available/000-default.conf', '/etc/apache2/sites-available/000-default.conf'
+  FileUtils.cp '/smartmachine/config/roundcube/usr/local/etc/php/conf.d/zzz_roundcube-custom.ini', '/usr/local/etc/php/conf.d/zzz_roundcube-custom.ini'
+  FileUtils.cp '/smartmachine/config/roundcube/var/roundcube/config/config.custom.inc.php', '/var/roundcube/config/config.custom.inc.php'
+  filepaths = [
+    '/etc/apache2/sites-available/000-default.conf'
+  ]
+  update_envkeys_in(filepaths, envkeys)
+
+  # Plugins
+  FileUtils.cp '/smartmachine/config/roundcube/var/www/html/plugins/password/config.inc.php', '/var/www/html/plugins/password/config.inc.php'
+  filepaths = [
+    '/var/www/html/plugins/password/config.inc.php'
+  ]
+  update_envkeys_in(filepaths, envkeys)
+  system("chown root:www-data /var/www/html/plugins/password/config.inc.php")
+  system("chmod u=rw,g=r,o= /var/www/html/plugins/password/config.inc.php")
+
+  logger.info "Initial setup completed for #{envkeys[:container_name]}."
+end
+
+exec(*ARGV)