docker-mailserver/target/scripts/startup/setup.d/mail_state.sh
2023-02-27 20:21:45 +01:00

93 lines
4.1 KiB
Bash

#!/bin/bash
# Consolidate all states into a single directory
# (/var/mail-state) to allow persistence using docker volumes
function _setup_save_states
{
local STATEDIR FILE FILES
STATEDIR='/var/mail-state'
if [[ ${ONE_DIR} -eq 1 ]] && [[ -d ${STATEDIR} ]]
then
_log 'debug' "Consolidating all state onto ${STATEDIR}"
# Always enabled features:
FILES=(
lib/logrotate
lib/postfix
spool/postfix
)
# Only consolidate state for services that are enabled
# Notably avoids copying over 200MB for the ClamAV database
[[ ${ENABLE_AMAVIS} -eq 1 ]] && FILES+=('lib/amavis')
[[ ${ENABLE_CLAMAV} -eq 1 ]] && FILES+=('lib/clamav')
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban')
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail')
[[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey')
[[ ${ENABLE_RSPAMD} -eq 1 ]] && FILES+=('lib/rspamd')
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin')
[[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot')
for FILE in "${FILES[@]}"
do
DEST="${STATEDIR}/${FILE//\//-}"
FILE="/var/${FILE}"
# If relevant content is found in /var/mail-state (presumably a volume mount),
# use it instead. Otherwise copy over any missing directories checked.
if [[ -d ${DEST} ]]
then
_log 'trace' "Destination ${DEST} exists, linking ${FILE} to it"
# Original content from image no longer relevant, remove it:
rm -rf "${FILE}"
elif [[ -d ${FILE} ]]
then
_log 'trace' "Moving contents of ${FILE} to ${DEST}"
# Empty volume was mounted, or new content from enabling a feature ENV:
mv "${FILE}" "${DEST}"
fi
# Symlink the original path in the container ($FILE) to be
# sourced from assocaiated path in /var/mail-state/ ($DEST):
ln -s "${DEST}" "${FILE}"
done
# This ensures the user and group of the files from the external mount have their
# numeric ID values in sync. New releases where the installed packages order changes
# can change the values in the Docker image, causing an ownership mismatch.
# NOTE: More details about users and groups added during image builds are documented here:
# https://github.com/docker-mailserver/docker-mailserver/pull/3011#issuecomment-1399120252
_log 'trace' 'Fixing /var/mail-state/* permissions'
[[ ${ENABLE_AMAVIS} -eq 1 ]] && chown -R amavis:amavis /var/mail-state/lib-amavis
[[ ${ENABLE_CLAMAV} -eq 1 ]] && chown -R clamav:clamav /var/mail-state/lib-clamav
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && chown -R fetchmail:nogroup /var/mail-state/lib-fetchmail
[[ ${ENABLE_POSTGREY} -eq 1 ]] && chown -R postgrey:postgrey /var/mail-state/lib-postgrey
[[ ${ENABLE_RSPAMD} -eq 1 ]] && chown -R _rspamd:_rspamd /var/mail-state/lib-rspamd
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd /var/mail-state/lib-spamassassin
chown -R root:root /var/mail-state/lib-logrotate
chown -R postfix:postfix /var/mail-state/lib-postfix
# NOTE: The Postfix spool location has mixed owner/groups to take into account:
# UID = postfix(101): active, bounce, corrupt, defer, deferred, flush, hold, incoming, maildrop, private, public, saved, trace
# UID = root(0): dev, etc, lib, pid, usr
# GID = postdrop(103): maildrop, public
# GID for all other directories is root(0)
# NOTE: `spool-postfix/private/` will be set to `postfix:postfix` when Postfix starts / restarts
# Set most common ownership:
chown -R postfix:root /var/mail-state/spool-postfix
chown root:root /var/mail-state/spool-postfix
# These two require the postdrop(103) group:
chgrp -R postdrop /var/mail-state/spool-postfix/maildrop
chgrp -R postdrop /var/mail-state/spool-postfix/public
# These all have root ownership at the src location:
chown -R root /var/mail-state/spool-postfix/dev
chown -R root /var/mail-state/spool-postfix/etc
chown -R root /var/mail-state/spool-postfix/lib
chown -R root /var/mail-state/spool-postfix/pid
chown -R root /var/mail-state/spool-postfix/usr
fi
}