From 69c85b64f9ac9725a88dfe92d7058f14fa99c2c6 Mon Sep 17 00:00:00 2001 From: "Git Commiter for 96-fromsofia.net" <2a9-7cc@96-fromsofia.net> Date: Mon, 27 Feb 2023 01:26:12 +0000 Subject: [PATCH] First commit --- README.txt | 7 +++ userdata.sh | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 README.txt create mode 100644 userdata.sh diff --git a/README.txt b/README.txt new file mode 100644 index 0000000..82fce19 --- /dev/null +++ b/README.txt @@ -0,0 +1,7 @@ +This script is intended as EC2 user data. +It will go through multiple steps to recover your mailcow server from a backup. + +Please refer to the following article where the complete solution has been explained: + +If you have a question you can email me: 2a9-7cc@96-fromsofia.net + diff --git a/userdata.sh b/userdata.sh new file mode 100644 index 0000000..d8d02fa --- /dev/null +++ b/userdata.sh @@ -0,0 +1,159 @@ +#!/bin/bash +#Variables +AWS_REGION="" # Enter your AWS region, ex. eu-west-1 +EIP_ALLOCATION_ID="" # Enter your EllasticIP Allocation ID, ex. eipalloc-a7d287sda5sds7ajk +MY_TIMEZONE="" # Enter your timezone, ex. Europe/Berlin +NFS_ADDRESS_EXPORT="" # Enter your NFS server and export, ex: 10.1.1.1:/mail-storage/ +MY_MX_FQDN="" # Enter your mailcow FQDN, ex. mail.example.com + +# Create SWAP and setup EIP +touch /swapfile +dd if=/dev/zero of=/swapfile bs=1M count=6000 +chmod 600 /swapfile +mkswap /swapfile +swapon /swapfile +echo '/swapfile none swap defaults 0 0' >> /etc/fstab +aws ec2 associate-address --region $AWS_REGION --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id $EIP_ALLOCATION_ID + +# Install packages, start docker and configure time +yum update -y +yum install -y vim git curl nfs-utils docker +timedatectl set-timezone $MY_TIMEZONE +systemctl start docker +systemctl enable docker + +# Install docker compose +mkdir /root/.docker/cli-plugins -p +curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose +chmod +x /root/.docker/cli-plugins/docker-compose + +# Configure NFS +echo "$NFS_ADDRESS_EXPORT /mnt nfs nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0" >> /etc/fstab +mount /mnt + +# Stop postfix and download mailcow +sed -i 's/^smtp inet/#smtp inet/g' /etc/postfix/master.cf +systemctl reload postfix +umask 0022 +cd /opt/ +git clone https://github.com/mailcow/mailcow-dockerized +cd mailcow-dockerized/ + +# Setup mailcow volumes and disable ipv6 +sed -i 's/enable_ipv6: true/enable_ipv6: false/g' docker-compose.yml + +cat >> docker-compose.override.yml << eof +version: '2.1' +services: + ipv6nat-mailcow: + image: bash:latest + restart: "no" + entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"] +volumes: + vmail-vol-1: + driver_opts: + type: none + device: /mnt/vmail-vol-1 + o: bind + vmail-index-vol-1: + driver_opts: + type: none + device: /mnt/vmail-index-vol-1 + o: bind +eof + +sed -i 's/do-ip6: yes/do-ip6: no/g' data/conf/unbound/unbound.conf +echo -e 'smtp_address_preference = ipv4\ninet_protocols = ipv4' > data/conf/postfix/extra.cf +sed -i '/::/d' data/conf/nginx/listen_* +sed -i '/::/d' data/conf/nginx/templates/listen* +sed -i '/::/d' data/conf/nginx/dynmaps.conf +sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf +sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf + +# Run the script, start the stack and restore backup +echo -e "$MY_MX_FQDN\nY\n1\n" | ./generate_config.sh +sed -i 's/SKIP_SOGO=n/SKIP_SOGO=y/g' mailcow.conf +docker compose pull +docker compose up -d +sleep 90 +echo -e '1\n0\n' | MAILCOW_BACKUP_LOCATION=/mnt/backup/ ./helper-scripts/backup_and_restore.sh restore + +# Configure daily backup for mailcow (all besides vmail) +cat >> /root/mailcow-backup << eof +#!/bin/bash +rm -rf /mnt/backup_old/* +mv /mnt/backup/* /mnt/backup_old/ +sync +cd /opt/mailcow-dockerized +MAILCOW_BACKUP_LOCATION=/mnt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup crypt redis rspamd postfix mysql +exit 0 +eof + +chmod 700 /root/mailcow-backup +mv /root/mailcow-backup /etc/cron.daily + +# Verify if SSL is working and restart the acme client if not + +cat >> /root/ssl-check.sh << eof +#!/bin/bash +if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null +then + echo SSL\ is\ valid +elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null +then + cd /opt/mailcow-dockerized + docker compose restart acme-mailcow +fi +sleep 90 + +if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null +then + echo SSL\ is\ valid +elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null +then + docker compose down + rm -rf data/assets/ssl + mkdir data/assets/ssl + openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/CN=$MY_MX_FQDN" -sha256 -nodes + cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ + docker compose up -d +fi +sleep 90 + +if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null +then + echo SSL\ is\ valid +elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null +then + cd /opt/mailcow-dockerized + docker compose restart acme-mailcow +fi + +exit 0 +eof + +chmod 700 /root/ssl-check.sh +bash /root/ssl-check.sh + + +# Make mailcow start on system boot +cat >> /etc/systemd/system/mailcow.service << eof +[Unit] +Description=Docker Compose Application Service +Requires=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/opt/mailcow-dockerized +ExecStart=/bin/docker compose up -d +ExecStop=/bin/docker compose down +TimeoutStartSec=0 + +[Install] +WantedBy=multi-user.target +eof + +systemctl enable mailcow.service +