From 1edcb20c95439840aca86325ee71b0bf30c5bcef Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 15 Aug 2020 01:24:01 +0200
Subject: [PATCH] install_update_dovecot.sh: change location of SSL
 certificates/keys. from now, certs/keys in this new location has to be
 updated if new one's where created.

---
 install_update_dovecot.sh | 84 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 81 insertions(+), 3 deletions(-)

diff --git a/install_update_dovecot.sh b/install_update_dovecot.sh
index 87b4a26..06d993d 100755
--- a/install_update_dovecot.sh
+++ b/install_update_dovecot.sh
@@ -178,7 +178,7 @@ if [[ -z "$dbhost" ]] ; then
    [[ "$dbhost" = "postgres" ]] && dbhost="/var/run/postgresql"
 fi
 
-[[ -n "$cert_base_dir" ]] || cert_base_dir="/etc/postfix/ssl"
+[[ -n "$cert_base_dir" ]] || cert_base_dir="/etc/dovecot/ssl"
 [[ -n "$server_cert" ]] || server_cert="${cert_base_dir}/mailserver.crt"
 [[ -n "$server_key" ]] || server_key="${cert_base_dir}/mailserver.key"
 [[ -n "$dh_pem_file" ]] || dh_pem_file="${cert_base_dir}/dh_4096.pem"
@@ -1349,6 +1349,29 @@ else
    fatal "Adjusting file /usr/local/dovecot-${_version}/etc/dovecot/conf.d/10-master.conf failed"
 fi
 
+blank_line
+echononl "\tCreate Cert/Key Directory '$cert_base_dir'.."
+if [[ ! -d "$cert_base_dir" ]] ; then
+   mkdir -p "$cert_base_dir" > $log_file 2>&1
+   if [[ $? -eq 0 ]] ; then
+      echo -e "$rc_done"
+
+      echononl "\tChange Permissions for Cert/Key Directory '$cert_base_dir'.."
+      chmod 755 "$cert_base_dir" > $log_file 2>&1
+      if [[ $? -eq 0 ]] ; then
+         echo -e "$rc_done"
+      else
+         echo -e "$rc_failed"
+         error "$(cat "$log_file")"
+      fi
+
+   else
+      echo -e "$rc_failed"
+      error "$(cat "$log_file")"
+   fi
+else
+   echo -e "$rc_skipped"
+fi
 
 ## - Since dovecot version 2.3.x SSL DH parameters will be stored
 ## - permanently on filesystem. So we have to create such a file
@@ -2537,8 +2560,8 @@ EOF
 
    if ! grep -e "/usr/local/dovecot/bin/doveadm\ *expunge" $_crontab_tmp_file > /dev/null ; then
       echo "" >> $_crontab_tmp_file
-      echo "## - cleanup spam and trash directories of users'mailboxes" >> $_crontab_tmp_file
-      echo "## -" >> $_crontab_tmp_file
+      echo "# - cleanup spam and trash directories of users'mailboxes" >> $_crontab_tmp_file
+      echo "# -" >> $_crontab_tmp_file
       echo "13 3 * * * /usr/local/dovecot/bin/doveadm expunge -A mailbox Trash* savedbefore 1d; /usr/local/dovecot/bin/doveadm expunge -A mailbox ${spam_folder}* savedbefore 30d" >> $_crontab_tmp_file
       crontab $_crontab_tmp_file
       echo -e "$rc_done"
@@ -3860,6 +3883,61 @@ fi
 #   fi
 #fi
 
+
+## - Add a cronjob to check if certifice/key for dovecot service is-up-to-date
+## -
+echononl "\tCreate cronjob for checking if certifice/key for dovecot service is-up-to-date"
+
+if [[ -f "$_backup_crontab_file" ]] ; then
+
+   if ! grep -e "/root/bin/monitoring/check_cert_for_dovecot.sh" "$_backup_crontab_file" > /dev/null ; then
+      echo "" >> $_backup_crontab_file
+      echo "# - Check if cert/key for dovecot service is up-to-date" >> $_backup_crontab_file
+      echo "# -" >> $_backup_crontab_file
+      echo "46 05 * * * /root/bin/monitoring/check_cert_for_dovecot.sh" >> $_backup_crontab_file
+      crontab $_backup_crontab_file
+      echo -e "$rc_done"
+   else
+      echo -e "$rc_skipped"
+   fi
+
+else
+
+   _crontab_tmp_file=/tmp/crontab_root.$$
+   crontab -l > $_crontab_tmp_file 2> /dev/null
+
+   if [[ ! -s $_crontab_tmp_file ]]; then
+      echo "PATH=/usr/local/dovecot/bin:$PATH" > $_crontab_tmp_file
+   fi
+
+   if ! grep -e "/root/bin/monitoring/check_cert_for_dovecot.sh" $_crontab_tmp_file > /dev/null ; then
+      echo "" >> $_crontab_tmp_file
+      echo "# - Check if cert/key for dovecot service is up-to-date" >> $_crontab_tmp_file
+      echo "# -" >> $_crontab_tmp_file
+      echo "46 05 * * * /root/bin/monitoring/check_cert_for_dovecot.sh" >> $_crontab_tmp_file
+      crontab $_crontab_tmp_file
+      echo -e "$rc_done"
+   else
+      echo -e "$rc_skipped"
+   fi
+   rm -f $_crontab_tmp_file
+
+fi
+
+echononl "\tRun script 'check_cert_for_dovecot.sh' if possible.."
+if [[ -x "/root/bin/monitoring/check_cert_for_dovecot.sh" ]] ; then
+   /root/bin/monitoring/check_cert_for_dovecot.sh > $log_file 2>&1
+   if [ "$?" = 0 ]; then
+      echo -e "$rc_done"
+   else
+      echo -e "$rc_failed"
+      error "$(cat "$log_file")"
+   fi
+else
+   echo -e "$rc_skipped"
+fi
+
+
 blank_line
 echononl "\tCreate symlink '/usr/local/dovecot' --> 'dovecot-${_version}'.."
 rm -f /usr/local/dovecot