From 0493e27312955113d8a984be1b0cc83cc747151e Mon Sep 17 00:00:00 2001 From: link2xt Date: Thu, 2 May 2024 18:19:34 +0000 Subject: [PATCH] Move echobot into /var/lib/echobot --- chatmaild/src/chatmaild/doveauth.py | 33 ++++++++++++++----- chatmaild/src/chatmaild/echo.py | 4 +-- cmdeploy/src/cmdeploy/__init__.py | 1 + .../src/cmdeploy/service/echobot.service.f | 8 +++++ 4 files changed, 36 insertions(+), 10 deletions(-) diff --git a/chatmaild/src/chatmaild/doveauth.py b/chatmaild/src/chatmaild/doveauth.py index 138fb0c6..7fbc7444 100644 --- a/chatmaild/src/chatmaild/doveauth.py +++ b/chatmaild/src/chatmaild/doveauth.py @@ -45,23 +45,32 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool: return False localpart, domain = parts + if localpart == "echo": + # echobot account should not be created in the database + return False + if ( len(localpart) > config.username_max_length or len(localpart) < config.username_min_length ): - if localpart != "echo": - logging.warning( - "localpart %s has to be between %s and %s chars long", - localpart, - config.username_min_length, - config.username_max_length, - ) - return False + logging.warning( + "localpart %s has to be between %s and %s chars long", + localpart, + config.username_min_length, + config.username_max_length, + ) return True def get_user_data(db, config: Config, user): + if user == f"echo@{config.mail_domain}": + return dict( + home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}", + uid="vmail", + gid="vmail", + ) + with db.read_connection() as conn: result = conn.get_user(user) if result: @@ -76,6 +85,14 @@ def lookup_userdb(db, config: Config, user): def lookup_passdb(db, config: Config, user, cleartext_password): + if user == f"echo@{config.mail_domain}": + return dict( + home=f"/home/vmail/mail/{config.mail_domain}/echo@{config.mail_domain}", + uid="vmail", + gid="vmail", + password=encrypt_password("eiPhiez0eo8raighoh0C"), # FIXME read from config + ) + with db.write_transaction() as conn: userdata = conn.get_user(user) if userdata: diff --git a/chatmaild/src/chatmaild/echo.py b/chatmaild/src/chatmaild/echo.py index 6e36d57f..33e0289e 100644 --- a/chatmaild/src/chatmaild/echo.py +++ b/chatmaild/src/chatmaild/echo.py @@ -3,13 +3,13 @@ it will echo back any message that has non-empty text and also supports the /help command. """ + import logging import os import sys from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events -from chatmaild.newemail import create_newemail_dict from chatmaild.config import read_config hooks = events.HookCollection() @@ -77,7 +77,7 @@ def main(): bot = Bot(account, hooks) if not bot.is_configured(): config = read_config(sys.argv[1]) - password = create_newemail_dict(config).get("password") + password = "eiPhiez0eo8raighoh0C" # FIXME read from config email = "echo@" + config.mail_domain bot.configure(email, password) bot.run_forever() diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py index df77bc3c..6ecab523 100644 --- a/cmdeploy/src/cmdeploy/__init__.py +++ b/cmdeploy/src/cmdeploy/__init__.py @@ -477,6 +477,7 @@ def deploy_chatmail(config_path: Path) -> None: groups=["opendkim"], system=True, ) + server.user(name="Create echobot user", user="echobot", system=True) server.shell( name="Fix file owner in /home/vmail", diff --git a/cmdeploy/src/cmdeploy/service/echobot.service.f b/cmdeploy/src/cmdeploy/service/echobot.service.f index 149fcbb1..17b3a161 100644 --- a/cmdeploy/src/cmdeploy/service/echobot.service.f +++ b/cmdeploy/src/cmdeploy/service/echobot.service.f @@ -7,6 +7,14 @@ Environment="PATH={remote_venv_dir}:$PATH" Restart=always RestartSec=30 +User=echobot +Group=echobot + +# Create /var/lib/echobot +StateDirectory=echobot + +WorkingDirectory=/var/lib/echobot + # Apply security restrictions suggested by # systemd-analyze security echobot.service CapabilityBoundingSet=