first commit

mailcow/data/Dockerfiles/sogo/Dockerfile

@@ -0,0 +1,59 @@
+FROM debian:bookworm-slim
+
+LABEL maintainer="The Infrastructure Company GmbH <info@servercow.de>"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG DEBIAN_VERSION=bookworm
+ARG SOGO_DEBIAN_REPOSITORY=https://packagingv2.sogo.nu/sogo-nightly-debian/
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?<version>.*)$
+ARG GOSU_VERSION=1.17
+ENV LC_ALL=C
+
+# Prerequisites
+RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
+  && apt-get update && apt-get install -y --no-install-recommends \
+  apt-transport-https \
+  ca-certificates \
+  gettext \
+  gnupg \
+  mariadb-client \
+  rsync \
+  supervisor \
+  syslog-ng \
+  syslog-ng-core \
+  syslog-ng-mod-redis \
+  dirmngr \
+  netcat-traditional \
+  psmisc \
+  wget \
+  patch \
+  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
+  && chmod +x /usr/local/bin/gosu \
+  && gosu nobody true \
+  && mkdir /usr/share/doc/sogo \
+  && touch /usr/share/doc/sogo/empty.sh \
+  && wget -O- https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 | gpg --dearmor | apt-key add - \
+  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} ${DEBIAN_VERSION} main" > /etc/apt/sources.list.d/sogo.list \
+  && apt-get update && apt-get install -y --no-install-recommends \
+    sogo \
+    sogo-activesync \
+  && apt-get autoclean \
+  && rm -rf /var/lib/apt/lists/* \
+  && touch /etc/default/locale
+
+COPY ./bootstrap-sogo.sh /bootstrap-sogo.sh
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng-redis_slave.conf
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY acl.diff /acl.diff
+COPY navMailcowBtns.diff /navMailcowBtns.diff
+COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
+COPY docker-entrypoint.sh /
+
+RUN chmod +x /bootstrap-sogo.sh \
+  /usr/local/sbin/stop-supervisor.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]

mailcow/data/Dockerfiles/sogo/acl.diff

@@ -0,0 +1,11 @@
+--- /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:57.987504204 +0200
++++ /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox    2018-08-17 18:29:35.918291298 +0200
+@@ -46,7 +46,7 @@
+           </md-item-template>
+         </md-autocomplete>
+       </div>
+-      <md-card ng-repeat="user in acl.users | orderBy:['userClass', 'cn']"
++      <md-card ng-repeat="user in acl.users | filter:{ userClass: 'normal' } | orderBy:['cn']"
+                class="sg-collapsed"
+                ng-class="{ 'sg-expanded': user.uid == acl.selectedUid }">
+         <a class="md-flex md-button" ng-click="acl.selectUser(user, $event)">

mailcow/data/Dockerfiles/sogo/bootstrap-sogo.sh

@@ -0,0 +1,153 @@
+#!/bin/bash
+
+# Wait for MySQL to warm-up
+while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
+  echo "Waiting for database to come up..."
+  sleep 2
+done
+
+# Wait until port becomes free and send sig
+until ! nc -z sogo-mailcow 20000;
+do
+  killall -TERM sogod
+  sleep 3
+done
+
+# Wait for updated schema
+DBV_NOW=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
+DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
+while [[ "${DBV_NOW}" != "${DBV_NEW}" ]]; do
+  echo "Waiting for schema update..."
+  DBV_NOW=$(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT version FROM versions WHERE application = 'db_schema';" -BN)
+  DBV_NEW=$(grep -oE '\$db_version = .*;' init_db.inc.php | sed 's/$db_version = //g;s/;//g' | cut -d \" -f2)
+  sleep 5
+done
+echo "DB schema is ${DBV_NOW}"
+
+# cat /dev/urandom seems to hang here occasionally and is not recommended anyway, better use openssl
+RAND_PASS=$(openssl rand -base64 16 | tr -dc _A-Z-a-z-0-9)
+
+# Generate plist header with timezone data
+mkdir -p /var/lib/sogo/GNUstep/Defaults/
+cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
+<plist version="0.9">
+<dict>
+    <key>OCSAclURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
+    <key>SOGoIMAPServer</key>
+    <string>imap://${IPV4_NETWORK}.250:143/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSieveServer</key>
+    <string>sieve://${IPV4_NETWORK}.250:4190/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoSMTPServer</key>
+    <string>smtp://${IPV4_NETWORK}.253:588/?TLS=YES&amp;tlsVerifyMode=none</string>
+    <key>SOGoTrustProxyAuthentication</key>
+    <string>YES</string>
+    <key>SOGoEncryptionKey</key>
+    <string>${RAND_PASS}</string>
+    <key>OCSAdminURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
+    <key>OCSCacheFolderURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
+    <key>OCSEMailAlarmsFolderURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_alarms_folder</string>
+    <key>OCSFolderInfoURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_folder_info</string>
+    <key>OCSSessionsFolderURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_sessions_folder</string>
+    <key>OCSStoreURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_store</string>
+    <key>SOGoProfileURL</key>
+    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_user_profile</string>
+    <key>SOGoTimeZone</key>
+    <string>${TZ}</string>
+    <key>domains</key>
+    <dict>
+EOF
+
+# Generate multi-domain setup
+while read -r line gal
+  do
+  echo "        <key>${line}</key>
+        <dict>
+            <key>SOGoMailDomain</key>
+            <string>${line}</string>
+            <key>SOGoUserSources</key>
+            <array>
+                <dict>
+                    <key>MailFieldNames</key>
+                    <array>
+                        <string>aliases</string>
+                        <string>ad_aliases</string>
+                        <string>ext_acl</string>
+                    </array>
+                    <key>KindFieldName</key>
+                    <string>kind</string>
+                    <key>DomainFieldName</key>
+                    <string>domain</string>
+                    <key>MultipleBookingsFieldName</key>
+                    <string>multiple_bookings</string>
+                    <key>listRequiresDot</key>
+                    <string>NO</string>
+                    <key>canAuthenticate</key>
+                    <string>YES</string>
+                    <key>displayName</key>
+                    <string>GAL ${line}</string>
+                    <key>id</key>
+                    <string>${line}</string>
+                    <key>isAddressBook</key>
+                    <string>${gal}</string>
+                    <key>type</key>
+                    <string>sql</string>
+                    <key>userPasswordAlgorithm</key>
+                    <string>${MAILCOW_PASS_SCHEME}</string>
+                    <key>prependPasswordScheme</key>
+                    <string>YES</string>
+                    <key>viewURL</key>
+                    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/_sogo_static_view</string>
+                </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
+  # Generate alternative LDAP authentication dict, when SQL authentication fails
+  # This will nevertheless read attributes from LDAP
+  /etc/sogo/plist_ldap.sh ${line} ${gal} >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
+  echo "            </array>
+        </dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
+done < <(mariadb --skip-ssl --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain, CASE gal WHEN '1' THEN 'YES' ELSE 'NO' END AS gal FROM domain;" -B -N)
+
+# Generate footer
+echo '    </dict>
+</dict>
+</plist>' >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
+
+# Fix permissions
+chown sogo:sogo -R /var/lib/sogo/
+chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
+
+# Patch ACLs
+#if [[ ${ACL_ANYONE} == 'allow' ]]; then
+#  #enable any or authenticated targets for ACL
+#  if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
+#    patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
+#  fi
+#else
+#  #disable any or authenticated targets for ACL
+#  if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
+#    patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
+#  fi
+#fi
+
+if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxTopnavToolbar.wox < /navMailcowBtns.diff > /dev/null; then
+  patch -R /usr/lib/GNUstep/SOGo/Templates/UIxTopnavToolbar.wox < /navMailcowBtns.diff;
+fi
+
+# Rename custom logo, if any
+[[ -f /etc/sogo/sogo-full.svg ]] && mv /etc/sogo/sogo-full.svg /etc/sogo/custom-fulllogo.svg
+
+# Rsync web content
+echo "Syncing web content with named volume"
+rsync -a /usr/lib/GNUstep/SOGo/. /sogo_web/
+
+# Chown backup path
+chown -R sogo:sogo /sogo_backup
+
+exec gosu sogo /usr/sbin/sogod

mailcow/data/Dockerfiles/sogo/docker-entrypoint.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [[ "${SKIP_SOGO}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+  echo "SKIP_SOGO=y, skipping SOGo..."
+  sleep 365d
+  exit 0
+fi
+
+if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
+  cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
+fi
+
+echo "$TZ" > /etc/timezone
+
+# Run hooks
+for file in /hooks/*; do
+  if [ -x "${file}" ]; then
+    echo "Running hook ${file}"
+    "${file}"
+  fi
+done
+
+exec "$@"

mailcow/data/Dockerfiles/sogo/navMailcowBtns.diff

@@ -0,0 +1,20 @@
+59,65d58
+<                ng-show="::!activeUser.isSuperUser"
+<                var:ng-click="navButtonClick"
+<                ng-href="/user">
+<       <md-icon>build</md-icon>
+<       <md-tooltip><var:string label:value="mailcow"/></md-tooltip>
+<     </md-button>
+<     <md-button class="md-icon-button"
+83c76
+<                onclick="document.getElementById('mc_logout').setAttribute('action', '/'); document.getElementById('mc_logout').submit();"
+---
+>                ng-show="::activeUser.path.logoff.length"
+85c78
+<                ng-href="#">
+---
+>                ng-href="{{::activeUser.path.logoff}}">
+89,91d81
+<     <form method="POST" id="mc_logout" action="user">
+<       <input type="hidden" name="logout" value="1">
+<     </form>

mailcow/data/Dockerfiles/sogo/stop-supervisor.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+printf "READY\n";
+
+while read line; do
+  echo "Processing Event: $line" >&2;
+  kill -3 $(cat "/var/run/supervisord.pid")
+done < /dev/stdin

mailcow/data/Dockerfiles/sogo/supervisord.conf

@@ -0,0 +1,27 @@
+[supervisord]
+nodaemon=true
+user=root
+
+[program:syslog-ng]
+command=/usr/sbin/syslog-ng --foreground  --no-caps
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autostart=true
+priority=1
+
+[program:bootstrap-sogo]
+command=/bootstrap-sogo.sh
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+priority=2
+startretries=10
+autorestart=true
+stopwaitsecs=120
+
+[eventlistener:processes]
+command=/usr/local/sbin/stop-supervisor.sh
+events=PROCESS_STATE_STOPPED, PROCESS_STATE_EXITED, PROCESS_STATE_FATAL

mailcow/data/Dockerfiles/sogo/syslog-ng-redis_slave.conf

@@ -0,0 +1,47 @@
+@version: 3.38
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+source s_sogo {
+  pipe("/dev/sogo_log" owner(sogo) group(sogo));
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+  redis(
+    host("`REDIS_SLAVEOF_IP`")
+    persist-name("redis1")
+    port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
+    command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+destination d_redis_f2b_channel {
+  redis(
+    host("`REDIS_SLAVEOF_IP`")
+    persist-name("redis2")
+    port(`REDIS_SLAVEOF_PORT`)
+    auth("`REDISPASS`")
+    command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
+  );
+};
+log {
+  source(s_sogo);
+  destination(d_redis_ui_log);
+  destination(d_redis_f2b_channel);
+};
+log {
+  source(s_sogo);
+  source(s_src);
+  destination(d_stdout);
+};

mailcow/data/Dockerfiles/sogo/syslog-ng.conf

@@ -0,0 +1,47 @@
+@version: 3.38
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+source s_sogo {
+  pipe("/dev/sogo_log" owner(sogo) group(sogo));
+};
+destination d_stdout { pipe("/dev/stdout"); };
+destination d_redis_ui_log {
+  redis(
+    host("redis-mailcow")
+    persist-name("redis1")
+    port(6379)
+    auth("`REDISPASS`")
+    command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+destination d_redis_f2b_channel {
+  redis(
+    host("redis-mailcow")
+    persist-name("redis2")
+    port(6379)
+    auth("`REDISPASS`")
+    command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
+  );
+};
+log {
+  source(s_sogo);
+  destination(d_redis_ui_log);
+  destination(d_redis_f2b_channel);
+};
+log {
+  source(s_sogo);
+  source(s_src);
+  destination(d_stdout);
+};