* Sun Sep 01 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.6-1.sme

- initial version for SME11 [SME: ]
- build and require rpm for plugins and skins
- TODO: allow custom server IMAP/SMTP
- TODO: Install deps without symphony

root/etc/e-smith/templates/etc/e-smith/sql/init/80roundcube

@@ -5,7 +5,7 @@
     $OUT .= <<END
 #! /bin/sh
     if [ -d /var/lib/mysql/$db ]; then
-#these plugins are no more in the core
+#if you need to add plugins:
 #    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/calendar/drivers/database/SQL/mysql.initial.sql
 #    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/calendar/drivers/kolab/SQL/mysql.initial.sql
 #    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/tasklist/drivers/database/SQL/mysql.initial.sql
@@ -21,9 +21,5 @@
     flush privileges;
 EOF
 
-#these plugins are no more in the core
-#    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/calendar/drivers/database/SQL/mysql.initial.sql
-#    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/calendar/drivers/kolab/SQL/mysql.initial.sql
-#    /usr/bin/mysql  $db < /usr/share/roundcubemail/plugins/tasklist/drivers/database/SQL/mysql.initial.sql
 END
 }

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80OptDomain

@@ -1,25 +0,0 @@
-{
-    my $status = $roundcube{'status'} || "disabled";
-    return "    # roundcube-status is disabled."
-            unless $status eq 'enabled';
-
-    my $domain = $roundcube{'domain'} || "disabled";
-    return "    # no hostname or domain for roundcube defined"
-            if $domain eq 'disabled';
-
-    my $DocRoot = "/usr/share/roundcubemail";
-
-    $OUT  = "";
-    $OUT .= "\n";
-    $OUT .= "# Redirect an existing hostname or domain to $DocRoot.\n";
-    $OUT .= "<VirtualHost 0.0.0.0:80>\n";
-    $OUT .= "    ServerName  $roundcube{'domain'}\n";
-    $OUT .= "    DocumentRoot $DocRoot\n";
-    $OUT .= "</VirtualHost>\n";
-    $OUT .= "<VirtualHost 0.0.0.0:443>\n";
-    $OUT .= "    ServerName  $roundcube{'domain'}\n";
-    $OUT .= "    DocumentRoot  $DocRoot\n";
-    $OUT .= "    SSLEngine on\n";
-    $OUT .= "</VirtualHost>\n";
-}
-

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/92roundcube

@@ -26,9 +26,6 @@
         { $OUT .= "Alias  /$roundcube{'URL'}  /usr/share/roundcubemail\n"; }
       }
      
-      $OUT .= "Alias  /roundcube  /usr/share/roundcubemail\n";
-      $OUT .= "Alias  /roundcubemail  /usr/share/roundcubemail\n";
-      
       $OUT .= "\n";
       $OUT .= "<Directory /usr/share/roundcubemail>\n";
       $OUT .= "    Require $allow\n";

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Roundcube/00Setup

@@ -0,0 +1,11 @@
+{
+    use esmith::DomainsDB;
+    # Convert the passed hash for the domain object back into an object.
+    $domain = bless \%domain, 'esmith::DB::db::Record';
+
+    # Make scalars from some of the properties of the domain
+    $virtualHost = $domain->key;
+    $virtualHostContent = $domain->prop('Content');
+    $OUT = "";
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Roundcube/80VirtualhostRoundcube

@@ -0,0 +1,40 @@
+{
+my $status = $roundcube{'status'} || "disabled";
+if (($port eq "80") ){
+    $OUT = <<"_EOL";
+        # PORT FORWARD FROM 80 TO: 443
+        ServerName  $virtualHost
+_EOL
+
+    $OUT .= <<_EOL;
+        ServerAlias
+        SSLProxyEngine On
+        RewriteEngine on
+        RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
+        RewriteCond %\{HTTPS\} off
+        RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
+_EOL
+
+}
+else {
+
+    use esmith::DomainsDB;
+    my $domains = esmith::DomainsDB->open_ro;
+    my $ssl_file_crt = $domains->get_prop($virtualHost, "DomainSSLCertificateFile") || "disabled";
+    my $ssl_file_key = $domains->get_prop($virtualHost, "DomainSSLCertificateKeyFile") || "disabled";
+    my $ssl_file_chain = $domains->get_prop($virtualHost, "DomainSSLCertificateChainFile") || "disabled";
+    my $DocRoot = "/usr/share/roundcubemail";
+
+    $OUT = <<"_EOL";
+    ServerName $VirtualHost
+    DocumentRoot  $DocRoot
+    SSLEngine On
+    SSLCompression off
+_EOL
+
+    $OUT .= "    SSLCertificateFile $ssl_file_crt\n" unless $ssl_file_crt eq 'disabled';
+    $OUT .= "    SSLCertificateChainFile $ssl_file_chain\n" unless $ssl_file_chain eq 'disabled';
+    $OUT .= "    SSLCertificateKeyFile $ssl_file_key\n" unless ( $ssl_file_key eq 'disabled' || ! -e $ssl_file_chain );
+
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/30RoundcubeWebmailAliases

@@ -0,0 +1,25 @@
+{
+    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
+    my $webmailStatus = $roundcube{'status'} || "disabled";
+
+    my $dirs;
+    $dirs{horde} = '/usr/share/roundcubemail';
+    $dirs{webmail} = "$dirs{roundcubemail}";
+    my @places=('webmail','horde','roundcubemail','roundcube');
+    push(@places,$roundcube{'URL'}) if ((exists $roundcube{'URL'}) && ($roundcube{'URL'} ne ''));
+
+    return "    # webmail is disabled in this VirtualHost"
+            unless $webmailStatus eq 'enabled';
+
+    foreach $place (@places)
+    {
+        if (($port eq "$httpPort") && ($haveSSL eq 'yes') )
+        {
+            my $portspec = ($httpsPort eq 443) ? "" : ":$httpsPort";
+            $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://%{HTTP_HOST}${portspec}/$place\$1 [L,R]\n";
+        } else {
+            $OUT .= "    Alias       /$place   $dirs{$place}\n";
+        }
+    }
+}
+

root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/60RoundCube-force-https

@@ -1,23 +0,0 @@
-{
-    my $status = $roundcube{'status'} || "disabled";
-    return "    # roundcube is disabled in this VirtualHost"
-            unless $status eq 'enabled';
-
-{
-if ($port ne "443")
-{
-$OUT .= <<'HERE';
-## Redirect roundcubeWeb Address to Secure Address
-RewriteEngine on
-RewriteRule ^/roundcube https://%{HTTP_HOST}/roundcube
-RewriteRule ^/roundcubemail https://%{HTTP_HOST}/roundcubemail
-
-## End Of Redirect
-HERE
-
-if ((exists $roundcube{'URL'}) && ($roundcube{'URL'} ne '')) {
-    $OUT .= "RewriteRule ^/$roundcube{'URL'}  https://%{HTTP_HOST}/$roundcube{'URL'}\n";
-    }
-}
-}
-}

root/etc/e-smith/templates/etc/php-fpm.d/www.conf/15roundcube

@@ -8,7 +8,10 @@ if ($PHP_VERSION eq $phpversion){
     my $memory_limit = ($roundcube{MemoryLimit} || '512M');
     $memory_limit .= 'M' if ($memory_limit =~ m/^\d+$/);
     my $open_basedir= $roundcube{PHPBaseDir} || '';
-    $open_basedir = "/usr/share/roundcubemail:/etc/roundcubemail/:/var/log/roundcubemail:/var/lib/roundcubemail:/var/log/roundcube.log:/var/lib/php/roundcube:/home/e-smith/files/roundcube:/dev/urandom:/proc/meminfo:/usr/share/GeoIP/GeoLite2-Country.mmdb:/proc/cpuinfo:$open_basedir";
+    my $include_path = ".:/usr/share/pear-addons:/usr/share/pear:/usr/share/pear-data/:/usr/share/php".
+       ":/opt/remi/php81/root/usr/share/pear:/opt/remi/php81/root/usr/share/php".
+       ":/opt/remi/php81/root/usr/share/pear-data/:/opt/remi/php82/root/usr/share/pear-data/: /opt/remi/php83/root/usr/share/pear-data/";
+    $open_basedir = "/usr/share/roundcubemail:/etc/roundcubemail/:/var/log/roundcubemail:/var/lib/roundcubemail:/var/log/roundcube.log:/var/lib/php/roundcube:/home/e-smith/files/roundcube:/dev/urandom:/proc/meminfo:/usr/share/GeoIP/GeoLite2-Country.mmdb:/proc/cpuinfo:$open_basedir:$include_path";
     my $id = 'roundcube';
     my $max_children = $roundcube{'PHPmaxChildren'} || 20;
     my $min_spare_servers = $roundcube{'PHPminServers'} || 4;
@@ -42,12 +45,14 @@ slowlog = /var/log/php/roundcube/slow.log
 php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
 php_admin_flag[display_errors] = off
 php_admin_flag[log_errors] = on
+php_admin_value[error_reporting] = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
 php_admin_value[error_log] = syslog
 php_admin_value[memory_limit] = $memory_limit
 php_admin_value[max_execution_time] = 3600
 php_admin_value[post_max_size] = $max_upload_size
 php_admin_value[upload_max_filesize] = $max_upload_size
-php_admin_value[disable_functions] = system, show_source, symlink, dl, passthru 
+php_admin_value[disable_functions] = system, show_source, symlink, dl, passthru
+php_value[include_path] = $include_path 
 php_admin_value[open_basedir] = $open_basedir
 php_admin_flag[allow_url_fopen] = on
 php_admin_flag[file_upload] = on

root/etc/e-smith/templates/etc/roundcubemail/config.inc.php/30IMAP

@@ -14,7 +14,7 @@
 // For example %n = mail.domain.tld, %t = domain.tld
 // WARNING: After hostname change update of mail_host column in users table is
 //          required to match old user data records with the new host.
-    {$OUT .= "   \$config['imap_host'] = 'ssl://$DomainName:$imaps{TCPPort}';\n";}
+    {$OUT .= "   \$config['imap_host'] = 'ssl://localhost:$imaps{TCPPort}';\n";}
 
 // TCP port used for IMAP connections
 //{$OUT .= "   \$config['default_port'] = $imaps{TCPPort};\n";}

root/etc/e-smith/templates/etc/roundcubemail/config.inc.php/60SYSTEM

@@ -147,7 +147,7 @@ $config['username_domain_forced'] = false;
 // %d - domain (http hostname without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-$config['mail_domain'] = '';
+$config['mail_domain'] = '{$DomainName}';
 
 // Password charset.
 // Use it if your authentication backend doesn't support UTF-8.