First commit

2023-02-27 01:26:12 +00:00 · 2023-02-27 01:26:12 +00:00 · 69c85b64f9
commit 69c85b64f9
2 changed files with 166 additions and 0 deletions
--- a/README.txt
+++ b/README.txt
@ -0,0 +1,7 @@
+This script is intended as EC2 user data.
+It will go through multiple steps to recover your mailcow server from a backup.
+
+Please refer to the following article where the complete solution has been explained:
+
+If you have a question you can email me: 2a9-7cc@96-fromsofia.net
+
--- a/userdata.sh
+++ b/userdata.sh
@ -0,0 +1,159 @@
+#!/bin/bash
+#Variables
+AWS_REGION=""		# Enter your AWS region, ex. eu-west-1
+EIP_ALLOCATION_ID=""	# Enter your EllasticIP Allocation ID, ex. eipalloc-a7d287sda5sds7ajk
+MY_TIMEZONE=""		# Enter your timezone, ex. Europe/Berlin
+NFS_ADDRESS_EXPORT=""	# Enter your NFS server and export, ex: 10.1.1.1:/mail-storage/
+MY_MX_FQDN=""		# Enter your mailcow FQDN, ex. mail.example.com
+
+# Create SWAP and setup EIP
+touch /swapfile
+dd if=/dev/zero of=/swapfile bs=1M count=6000
+chmod 600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+echo '/swapfile none swap defaults 0 0' >> /etc/fstab
+aws ec2 associate-address --region $AWS_REGION --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id $EIP_ALLOCATION_ID
+
+# Install packages, start docker and configure time
+yum update -y
+yum install -y vim git curl nfs-utils docker
+timedatectl set-timezone $MY_TIMEZONE
+systemctl start docker
+systemctl enable docker
+
+# Install docker compose
+mkdir /root/.docker/cli-plugins -p
+curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose
+chmod +x /root/.docker/cli-plugins/docker-compose
+
+# Configure NFS
+echo "$NFS_ADDRESS_EXPORT /mnt nfs nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0" >> /etc/fstab
+mount /mnt
+
+# Stop postfix and download mailcow
+sed -i 's/^smtp      inet/#smtp      inet/g' /etc/postfix/master.cf
+systemctl reload postfix
+umask 0022
+cd /opt/
+git clone https://github.com/mailcow/mailcow-dockerized
+cd mailcow-dockerized/
+
+# Setup mailcow volumes and disable ipv6
+sed -i 's/enable_ipv6: true/enable_ipv6: false/g' docker-compose.yml
+
+cat >> docker-compose.override.yml << eof
+version: '2.1'
+services:
+  ipv6nat-mailcow:
+    image: bash:latest
+    restart: "no"
+    entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
+volumes:
+  vmail-vol-1:
+    driver_opts:
+      type: none
+      device: /mnt/vmail-vol-1
+      o: bind
+  vmail-index-vol-1:
+    driver_opts:
+      type: none
+      device: /mnt/vmail-index-vol-1
+      o: bind
+eof
+
+sed -i 's/do-ip6: yes/do-ip6: no/g' data/conf/unbound/unbound.conf
+echo -e 'smtp_address_preference = ipv4\ninet_protocols = ipv4' > data/conf/postfix/extra.cf
+sed -i '/::/d' data/conf/nginx/listen_*
+sed -i '/::/d' data/conf/nginx/templates/listen*
+sed -i '/::/d' data/conf/nginx/dynmaps.conf
+sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
+sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf
+
+# Run the script, start the stack and restore backup
+echo -e "$MY_MX_FQDN\nY\n1\n" | ./generate_config.sh
+sed -i 's/SKIP_SOGO=n/SKIP_SOGO=y/g' mailcow.conf
+docker compose pull
+docker compose up -d
+sleep 90
+echo -e '1\n0\n' | MAILCOW_BACKUP_LOCATION=/mnt/backup/ ./helper-scripts/backup_and_restore.sh restore
+
+# Configure daily backup for mailcow (all besides vmail)
+cat >> /root/mailcow-backup << eof
+#!/bin/bash
+rm -rf /mnt/backup_old/*
+mv /mnt/backup/* /mnt/backup_old/
+sync
+cd /opt/mailcow-dockerized
+MAILCOW_BACKUP_LOCATION=/mnt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup crypt redis rspamd postfix mysql
+exit 0
+eof
+
+chmod 700 /root/mailcow-backup
+mv /root/mailcow-backup /etc/cron.daily
+
+# Verify if SSL is working and restart the acme client if not
+
+cat >> /root/ssl-check.sh << eof
+#!/bin/bash
+if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
+then
+    echo SSL\ is\ valid
+elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
+then
+    cd /opt/mailcow-dockerized
+    docker compose restart acme-mailcow
+fi
+sleep 90
+
+if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
+then
+    echo SSL\ is\ valid
+elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
+then
+    docker compose down
+    rm -rf data/assets/ssl
+    mkdir data/assets/ssl
+    openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/CN=$MY_MX_FQDN" -sha256 -nodes
+    cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
+    docker compose up -d
+fi
+sleep 90
+
+if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
+then
+    echo SSL\ is\ valid
+elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
+then
+    cd /opt/mailcow-dockerized
+    docker compose restart acme-mailcow
+fi
+
+exit 0
+eof
+
+chmod 700 /root/ssl-check.sh
+bash /root/ssl-check.sh
+
+
+# Make mailcow start on system boot
+cat >> /etc/systemd/system/mailcow.service << eof
+[Unit]
+Description=Docker Compose Application Service
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory=/opt/mailcow-dockerized
+ExecStart=/bin/docker compose up -d
+ExecStop=/bin/docker compose down
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target
+eof
+
+systemctl enable mailcow.service
+