From 7b1ffc14103054523b726c4ff77abb8bef193e6a Mon Sep 17 00:00:00 2001
From: cliffmccarthy <16453869+cliffmccarthy@users.noreply.github.com>
Date: Wed, 30 Jul 2025 08:55:51 -0500
Subject: [PATCH] feat: Automate file ownership setting from host migration
 process

- Added a step to deploy_chatmail() that sets ownership of paths that
  are copied over as part of the upgrade process.
- Removed manual chown step from README.md.
---
 README.md                         |  9 ---------
 cmdeploy/src/cmdeploy/__init__.py | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 7ba08fdb..4ff8aa47 100644
--- a/README.md
+++ b/README.md
@@ -395,15 +395,6 @@ in this case, just run `ssh-keygen -R "mail.example.org"` as recommended.
    Postfix and Dovecot are disabled for now; we will enable them later. 
    We first need to make the new site fully operational. 
 
-3. On the new site, run the following to ensure the ownership is correct in case UIDs/GIDs changed:
-
-   ```
-    chown root: -R /var/lib/acme
-    chown opendkim: -R /etc/dkimkeys
-    chown vmail: -R /home/vmail/mail
-    chown echobot: -R /run/echobot
-   ```
-
 4. Now, update DNS entries. 
 
    If other MTAs try to deliver messages to your chatmail domain they may fail intermittently,
diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index cb894750..dfd269f0 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -748,6 +748,20 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     _remove_rspamd()
     opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")
 
+    #
+    # If this system is pre-populated with data from a previous instance,
+    # we might need to adjust ownership of files.
+    #
+    stateful_paths = {
+        "/etc/dkimkeys": "opendkim",
+        "/home/vmail/mail": "vmail",
+        "/run/echobot": "echobot",
+        "/var/lib/acme": "root",
+    }
+    for stateful_path, path_owner in stateful_paths.items():
+        files.directory(stateful_path)  # In case it doesn't exist yet.
+        server.shell("chown {}: -R {}".format(path_owner, stateful_path))
+
     systemd.service(
         name="Start and enable OpenDKIM",
         service="opendkim.service",