mailu/core/admin/start.py

#!/usr/bin/env python3

import os
import logging as log
import sys
from socrate import system

os.system("chown mailu:mailu -R /dkim")
os.system("find /data | grep -v /fetchmail | xargs -n1 chown mailu:mailu")
system.drop_privs_to('mailu')

log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "INFO"))
system.set_env(['SECRET'])

os.system("flask mailu advertise")
os.system("flask db upgrade")

account = os.environ.get("INITIAL_ADMIN_ACCOUNT")
domain = os.environ.get("INITIAL_ADMIN_DOMAIN")
password = os.environ.get("INITIAL_ADMIN_PW")

if account is not None and domain is not None and password is not None:
    mode = os.environ.get("INITIAL_ADMIN_MODE", default="ifmissing")
    log.info("Creating initial admin account %s@%s with mode %s", account, domain, mode)
    os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))

def test_DNS():
    import dns.resolver
    import dns.exception
    import dns.flags
    import dns.rdtypes
    import dns.rdatatype
    import dns.rdataclass
    import time
    # DNS stub configured to do DNSSEC enabled queries
    resolver = dns.resolver.Resolver()
    resolver.use_edns(0, dns.flags.DO, 1232)
    resolver.flags = dns.flags.AD | dns.flags.RD
    nameservers = resolver.nameservers
    for ns in nameservers:
        resolver.nameservers=[ns]
        while True:
            try:
                result = resolver.resolve('example.org', dns.rdatatype.A, dns.rdataclass.IN, lifetime=10)
            except Exception as e:
                log.critical("Your DNS resolver at %s is not working (%s). Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation", ns, e)
            else:
                if result.response.flags & dns.flags.AD:
                    break
                log.critical("Your DNS resolver at %s isn't doing DNSSEC validation; Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation.", ns)
            time.sleep(5)

test_DNS()

cmdline = [
	"gunicorn",
	"--threads", f"{os.cpu_count()}",
	# If SUBNET6 is defined, gunicorn must listen on IPv6 as well as IPv4
	"-b", f"{'[::]' if os.environ.get('SUBNET6') else ''}:80",
    "--logger-class mailu.Logger",
    "--worker-tmp-dir /dev/shm",
	"--error-logfile", "-",
	"--preload"
]

# logging
if log.root.level <= log.INFO:
	cmdline.extend(["--access-logfile", "-"])

cmdline.append("'mailu:create_app()'")

os.system(" ".join(cmdline))
Move even more python deps to base image 2 years ago			`#!/usr/bin/env python3`
Changed start.sh to start.py 6 years ago
			`import os`
Enable access log of admin service only for log levels of INFO and finer 5 years ago			`import logging as log`
			`import sys`
Enable dynamic resolution of hostnames 2 years ago			`from socrate import system`
Enable access log of admin service only for log levels of INFO and finer 5 years ago
Fix potential permission problems 2 years ago			`os.system("chown mailu:mailu -R /dkim")`
			`os.system("find /data \| grep -v /fetchmail \| xargs -n1 chown mailu:mailu")`
drop privs better 2 years ago			`system.drop_privs_to('mailu')`
Drop privs when running admin too 2 years ago
Enable access log of admin service only for log levels of INFO and finer 5 years ago			`log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "INFO"))`
Enable dynamic resolution of hostnames 2 years ago			`system.set_env(['SECRET'])`
Changed start.sh to start.py 6 years ago
Merge branch 'master' into refactor-config 6 years ago			`os.system("flask mailu advertise")`
			`os.system("flask db upgrade")`
Allow to automatically create admin account during startup. 6 years ago
Use os.environment.get() 5 years ago			`account = os.environ.get("INITIAL_ADMIN_ACCOUNT")`
			`domain = os.environ.get("INITIAL_ADMIN_DOMAIN")`
			`password = os.environ.get("INITIAL_ADMIN_PW")`

			`if account is not None and domain is not None and password is not None:`
			`mode = os.environ.get("INITIAL_ADMIN_MODE", default="ifmissing")`
Fix a bunch of typos 2 years ago			`log.info("Creating initial admin account %s@%s with mode %s", account, domain, mode)`
Use os.environment.get() 5 years ago			`os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))`
Allow to automatically create admin account during startup. 6 years ago
test dns resolvers at startup 3 years ago			`def test_DNS():`
			`import dns.resolver`
			`import dns.exception`
			`import dns.flags`
			`import dns.rdtypes`
			`import dns.rdatatype`
			`import dns.rdataclass`
			`import time`
			`# DNS stub configured to do DNSSEC enabled queries`
			`resolver = dns.resolver.Resolver()`
workaround a bug in coredns 3 years ago			`resolver.use_edns(0, dns.flags.DO, 1232)`
test dns resolvers at startup 3 years ago			`resolver.flags = dns.flags.AD \| dns.flags.RD`
			`nameservers = resolver.nameservers`
			`for ns in nameservers:`
			`resolver.nameservers=[ns]`
remove the error variable 3 years ago			`while True:`
test dns resolvers at startup 3 years ago			`try:`
:art: use resolver.resolve 3 years ago			`result = resolver.resolve('example.org', dns.rdatatype.A, dns.rdataclass.IN, lifetime=10)`
test dns resolvers at startup 3 years ago			`except Exception as e:`
Fix a bunch of typos 2 years ago			`log.critical("Your DNS resolver at %s is not working (%s). Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation", ns, e)`
remove the error variable 3 years ago			`else:`
syntax error 3 years ago			`if result.response.flags & dns.flags.AD:`
			`break`
Change link in warning to master. Master is always available. 1.9 will be unavaiable in the future. 3 years ago			`log.critical("Your DNS resolver at %s isn't doing DNSSEC validation; Please see https://mailu.io/master/faq.html#the-admin-container-won-t-start-and-its-log-says-critical-your-dns-resolver-isn-t-doing-dnssec-validation.", ns)`
test dns resolvers at startup 3 years ago			`time.sleep(5)`

			`test_DNS()`

Rewrite generation of gunicorn cmdline 2 years ago			`cmdline = [`
			`"gunicorn",`
			`"--threads", f"{os.cpu_count()}",`
			`# If SUBNET6 is defined, gunicorn must listen on IPv6 as well as IPv4`
			`"-b", f"{'[::]' if os.environ.get('SUBNET6') else ''}:80",`
Modify the healtchecks to make them disapear from the logs. This is not perfect... - dovecot now complains about waitpid/finding a new process - postfix is still regularly pinging rspamd / his milter and that generates a few lines worth of logs each time. 2 years ago			`"--logger-class mailu.Logger",`
			`"--worker-tmp-dir /dev/shm",`
Rewrite generation of gunicorn cmdline 2 years ago			`"--error-logfile", "-",`
			`"--preload"`
			`]`

			`# logging`
			`if log.root.level <= log.INFO:`
			`cmdline.extend(["--access-logfile", "-"])`

			`cmdline.append("'mailu:create_app()'")`
Enable access log of admin service only for log levels of INFO and finer 5 years ago
Rewrite generation of gunicorn cmdline 2 years ago			`os.system(" ".join(cmdline))`