chore: Add changelog entry

- Added a step to deploy_chatmail() that sets ownership of paths that
  are copied over as part of the upgrade process.
- Removed manual chown step from README.md.

CHANGELOG.md

@@ -2,12 +2,12 @@
 
 ## untagged
 
-- Allow custom nginx config files
-  ([#617](https://github.com/chatmail/relay/pull/617))
-
 - Check whether GCC is installed in initenv.sh
   ([#608](https://github.com/chatmail/relay/pull/608))
 
+- Automate file ownership setting from host migration process
+  ([#609](https://github.com/chatmail/relay/pull/609))
+
 - Expire push notification tokens after 90 days
   ([#583](https://github.com/chatmail/relay/pull/583))
 

README.md

@@ -255,19 +255,6 @@ This starts a local live development cycle for chatmail web pages:
 
 - Starts a browser window automatically where you can "refresh" as needed.
 
-#### Custom web pages
-
-If you want to include other pages,
-they need their separate nginx config
-under `/etc/nginx/sites-enabled/`.
-Note that they need to listen on port 8443 instead of 443.
-
-To request TLS certificates for the corresponding domains,
-point the DNS records to your Server and run `acmetool want <domain>`.
-You can find the TLS certificates under `/var/lib/acme/live`.
-They will be automatically renewed.
-
-
 ## Mailbox directory layout
 
 Fresh chatmail addresses have a mailbox directory that contains: 
@@ -408,15 +395,6 @@ in this case, just run `ssh-keygen -R "mail.example.org"` as recommended.
    Postfix and Dovecot are disabled for now; we will enable them later. 
    We first need to make the new site fully operational. 
 
-3. On the new site, run the following to ensure the ownership is correct in case UIDs/GIDs changed:
-
-   ```
-    chown root: -R /var/lib/acme
-    chown opendkim: -R /etc/dkimkeys
-    chown vmail: -R /home/vmail/mail
-    chown echobot: -R /run/echobot
-   ```
-
 4. Now, update DNS entries. 
 
    If other MTAs try to deliver messages to your chatmail domain they may fail intermittently,

cmdeploy/src/cmdeploy/__init__.py

@@ -424,12 +424,6 @@ def _configure_nginx(config: Config, debug: bool = False) -> bool:
     """Configures nginx HTTP server."""
     need_restart = False
 
-    files.link(
-        name="disable nginx default site",
-        path="/etc/nginx/sites-enabled/default",
-        present=False,
-    )
-
     main_config = files.template(
         src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
         dest="/etc/nginx/nginx.conf",
@@ -754,6 +748,20 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
     _remove_rspamd()
     opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")
 
+    #
+    # If this system is pre-populated with data from a previous instance,
+    # we might need to adjust ownership of files.
+    #
+    stateful_paths = {
+        "/etc/dkimkeys": "opendkim",
+        "/home/vmail/mail": "vmail",
+        "/run/echobot": "echobot",
+        "/var/lib/acme": "root",
+    }
+    for stateful_path, path_owner in stateful_paths.items():
+        files.directory(stateful_path)  # In case it doesn't exist yet.
+        server.shell("chown {}: -R {}".format(path_owner, stateful_path))
+
     systemd.service(
         name="Start and enable OpenDKIM",
         service="opendkim.service",

cmdeploy/src/cmdeploy/nginx/nginx.conf.j2

@@ -136,7 +136,4 @@ http {
 		return 301 $scheme://{{ config.domain_name }}$request_uri;
 		access_log syslog:server=unix:/dev/log,facility=local7;
 	}
-
-    # Include custom pages; they need to listen on port 8443 instead of port 443
-	include /etc/nginx/sites-enabled/*;
 }