Nodarx/action-stalwart-install
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity
Files
a8fb815103c292860cd72d259bf06e9c356cb1f2
action-stalwart-install/scripts/configure.sh
Sebastian Krupinski a8fb815103
Some checks failed
Test Stalwart Installation Action / Error Handling Tests (pull_request) Successful in 18s
Details
Test Stalwart Installation Action / Full Configuration (Domains + Users) (pull_request) Failing after 34s
Details
Test Stalwart Installation Action / Basic Installation (No Config) (pull_request) Successful in 47s
Details
Test Stalwart Installation Action / Installation with Admin Password (pull_request) Failing after 1m13s
Details
Test Stalwart Installation Action / Test on Ubuntu ubuntu-20.04 (pull_request) Has been cancelled
Details
Test Stalwart Installation Action / Test on Ubuntu ubuntu-22.04 (pull_request) Has been cancelled
Details
Test Stalwart Installation Action / Test on Ubuntu ubuntu-24.04 (pull_request) Has been cancelled
Details
Test Stalwart Installation Action / Test Summary (pull_request) Has been cancelled
Details
feat: initial version 
Signed-off-by: Sebastian Krupinski <krupinski01@gmail.com>
2026-02-15 00:49:34 -05:00

330 lines
9.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# Stalwart Post-Installation Configuration Script
# Configures admin password, domains, and users via REST API
#
set -euo pipefail
# Source utility functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/utils.sh"
# Configuration
readonly STALWART_PATH="${STALWART_INSTALL_PATH:-/opt/stalwart}"
readonly API_URL="http://localhost:8080/api"
readonly MAX_RETRIES=60
readonly RETRY_DELAY=2
# Read the generated password from installation
DEFAULT_ADMIN_PASSWORD="changeme"
if [ -f "${STALWART_PATH}/.init_password" ]; then
DEFAULT_ADMIN_PASSWORD=$(cat "${STALWART_PATH}/.init_password" | tr -d '\n\r')
log_info "Using generated password from installation"
# Clean up the password file for security
rm -f "${STALWART_PATH}/.init_password"
else
log_warning "Password file not found, using default password"
fi
readonly DEFAULT_ADMIN_PASSWORD
# Environment variables (passed from action.yml)
ADMIN_PASSWORD="${STALWART_ADMIN_PASSWORD:-}"
DOMAINS_JSON="${STALWART_DOMAINS:-}"
USERS_JSON="${STALWART_USERS:-}"
# Main configuration function
main() {
log_info "Starting Stalwart post-installation configuration"
# Wait for Stalwart API to be ready
if ! wait_for_stalwart_api; then
log_error "Stalwart API failed to become ready within timeout"
return 1
fi
# Set current password (start with generated one)
local current_password="$DEFAULT_ADMIN_PASSWORD"
# Test authentication with generated password
log_info "Verifying API access with generated password..."
if ! test_auth "$current_password"; then
log_error "Failed to authenticate with generated password"
return 1
fi
log_success "API authentication verified"
# Update admin password if provided and different from generated one
if [ -n "$ADMIN_PASSWORD" ] && [ "$ADMIN_PASSWORD" != "$current_password" ]; then
log_info "Updating admin password..."
if update_admin_password "$current_password" "$ADMIN_PASSWORD"; then
log_success "Admin password updated successfully"
# Give Stalwart a moment to apply the change
sleep 2
# Verify the new password works
if test_auth "$ADMIN_PASSWORD"; then
log_success "New password verified"
current_password="$ADMIN_PASSWORD"
else
log_error "New password verification failed"
return 1
fi
else
log_error "Failed to update admin password"
return 1
fi
else
log_info "No custom admin password provided"
log_warning "⚠️ Using generated password. Save it securely!"
fi
# Create domains if provided
if [ -n "$DOMAINS_JSON" ]; then
log_info "Creating domains..."
if validate_json "$DOMAINS_JSON"; then
create_domains "$current_password" "$DOMAINS_JSON"
else
log_error "Invalid domains JSON format"
return 1
fi
else
log_info "No domains specified, skipping domain creation"
fi
# Create users if provided
if [ -n "$USERS_JSON" ]; then
log_info "Creating users..."
if validate_json "$USERS_JSON"; then
create_users "$current_password" "$USERS_JSON"
else
log_error "Invalid users JSON format"
return 1
fi
else
log_info "No users specified, skipping user creation"
fi
log_success "Stalwart configuration completed successfully!"
return 0
}
# Wait for Stalwart API to be ready
wait_for_stalwart_api() {
log_info "Waiting for Stalwart API to be ready (timeout: ${MAX_RETRIES}s)..."
local attempt=0
while [ $attempt -lt $MAX_RETRIES ]; do
# Try to access the API login endpoint
if curl -sf -m 5 "${API_URL%/api}/login" >/dev/null 2>&1; then
log_success "Stalwart API is ready"
return 0
fi
attempt=$((attempt + 1))
if [ $attempt -lt $MAX_RETRIES ]; then
sleep $RETRY_DELAY
fi
done
return 1
}
# Test authentication with Stalwart API using Basic Auth
# Args: $1 = password
# Returns: 0 if auth works, 1 otherwise
test_auth() {
local password="$1"
local http_code
local response
# Test by querying domains endpoint (works on fresh and configured systems)
response=$(curl -s -w "\n%{http_code}" \
-u "admin:${password}" \
"${API_URL}/principal?types=domain&limit=1")
http_code=$(echo "$response" | tail -n 1)
if [ "$http_code" = "200" ]; then
return 0
else
log_error "Authentication test failed with HTTP $http_code"
response=$(echo "$response" | sed '$d')
log_error "Response: $response"
return 1
fi
}
# Update admin password
# Args: $1 = current password, $2 = new password
update_admin_password() {
local current_password="$1"
local new_password="$2"
local http_code
local response
# Stalwart requires password to be hashed with SHA-512 crypt
local hashed_password
if command -v mkpasswd >/dev/null 2>&1; then
hashed_password=$(mkpasswd -m sha-512 "$new_password")
elif command -v openssl >/dev/null 2>&1; then
hashed_password=$(openssl passwd -6 "$new_password")
else
log_error "Neither mkpasswd nor openssl available for password hashing"
return 1
fi
# Stalwart uses /api/account/auth with array format
response=$(curl -s -w "\n%{http_code}" -X POST "${API_URL}/account/auth" \
-u "admin:${current_password}" \
-H "Content-Type: application/json" \
-d "[{\"type\":\"setPassword\",\"password\":\"${hashed_password}\"}]" 2>&1)
http_code=$(echo "$response" | tail -n 1)
response=$(echo "$response" | sed '$d')
if [ "$http_code" = "200" ] || [ "$http_code" = "204" ]; then
return 0
else
log_error "Password update failed with HTTP $http_code"
log_error "Response: $response"
return 1
fi
}
# Create domains from JSON array
# Args: $1 = password, $2 = domains JSON array
create_domains() {
local password="$1"
local domains_json="$2"
local domain_count
domain_count=$(echo "$domains_json" | jq 'length' 2>/dev/null)
if [ -z "$domain_count" ] || [ "$domain_count" = "0" ]; then
log_warning "No domains found in JSON array"
return 0
fi
log_info "Creating $domain_count domain(s)..."
local index=0
local created=0
local failed=0
while [ $index -lt "$domain_count" ]; do
local domain
domain=$(echo "$domains_json" | jq -c ".[$index]" 2>/dev/null)
if [ -z "$domain" ] || [ "$domain" = "null" ]; then
log_warning "Skipping invalid domain at index $index"
failed=$((failed + 1))
index=$((index + 1))
continue
fi
local domain_name
domain_name=$(echo "$domain" | jq -r '.name // empty' 2>/dev/null)
if [ -z "$domain_name" ]; then
log_warning "Skipping domain without 'name' field at index $index"
failed=$((failed + 1))
index=$((index + 1))
continue
fi
# Create domain via API
if curl -sf -X POST "${API_URL}/domain" \
-u "admin:${password}" \
-H "Content-Type: application/json" \
-d "$domain" >/dev/null 2>&1; then
log_success "✓ Created domain: $domain_name"
created=$((created + 1))
else
log_warning "✗ Failed to create domain: $domain_name"
failed=$((failed + 1))
fi
index=$((index + 1))
done
log_info "Domain creation summary: $created created, $failed failed"
return 0
}
# Create users from JSON array
# Args: $1 = password, $2 = users JSON array
create_users() {
local password="$1"
local users_json="$2"
local user_count
user_count=$(echo "$users_json" | jq 'length' 2>/dev/null)
if [ -z "$user_count" ] || [ "$user_count" = "0" ]; then
log_warning "No users found in JSON array"
return 0
fi
log_info "Creating $user_count user(s)..."
local index=0
local created=0
local failed=0
while [ $index -lt "$user_count" ]; do
local user
user=$(echo "$users_json" | jq -c ".[$index]" 2>/dev/null)
if [ -z "$user" ] || [ "$user" = "null" ]; then
log_warning "Skipping invalid user at index $index"
failed=$((failed + 1))
index=$((index + 1))
continue
fi
local email
email=$(echo "$user" | jq -r '.email // empty' 2>/dev/null)
if [ -z "$email" ]; then
log_warning "Skipping user without 'email' field at index $index"
failed=$((failed + 1))
index=$((index + 1))
continue
fi
# Build API payload (name, password, description, quota)
local payload
payload=$(echo "$user" | jq '{
name: .email,
password: .password,
description: (.name // .email),
quota: (.quota // 1073741824)
}' 2>/dev/null)
# Create user via API
if curl -sf -X POST "${API_URL}/account" \
-u "admin:${password}" \
-H "Content-Type: application/json" \
-d "$payload" >/dev/null 2>&1; then
log_success "✓ Created user: $email"
created=$((created + 1))
else
log_warning "✗ Failed to create user: $email"
failed=$((failed + 1))
fi
index=$((index + 1))
done
log_info "User creation summary: $created created, $failed failed"
return 0
}
# Execute main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink