wip

* fix #231

* CI: disable CI for markdown files

* clarify need for ssh-add

* Update README.md

Co-authored-by: missytake <missytake@systemli.org>

---------

Co-authored-by: missytake <missytake@systemli.org>

.github/workflows/test-and-deploy.yaml

@@ -7,6 +7,9 @@ on:
   pull_request:
     paths-ignore:
       - 'scripts/**'
+      - '**/README.md'
+      - 'CHANGELOG.md'
+      - 'LICENSE'
 
 jobs:
   deploy:

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## untagged
 
+- run metrics generation with systemd-timer instead of cron
+  ([#304](https://github.com/deltachat/chatmail/pull/304))
+
+- change default for delete_mails_after from 40 to 20 days
+  ([#300]https://github.com/deltachat/chatmail/pull/300)
+
 - fix writing of multiple obs repositories in `/etc/apt/sources.list`
   ([#272](https://github.com/deltachat/chatmail/issues/272))
 

README.md

@@ -15,6 +15,8 @@ after which the initially specified password is required for using them.
 
 ## Deploying your own chatmail server 
 
+To deploy chatmail on your own server, you must have set-up ssh authentication and need to use an ed25519 key, due to an [upstream bug in paramiko](https://github.com/paramiko/paramiko/issues/2191). You also need to add your private key to the local ssh-agent, because you can't type in your password during deployment.
+
 We use `chat.example.org` as the chatmail domain in the following steps. 
 Please substitute it with your own domain. 
 

chatmaild/src/chatmaild/ini/chatmail.ini.f

@@ -18,7 +18,7 @@ max_user_send_per_minute = 60
 max_mailbox_size = 100M
 
 # days after which mails are unconditionally deleted
-delete_mails_after = 40
+delete_mails_after = 20
 
 # minimum length a username must have
 username_min_length = 9

chatmaild/src/chatmaild/tests/test_config.py

@@ -24,7 +24,7 @@ def test_read_config_testrun(make_config):
     assert config.postfix_reinject_port == 10025
     assert config.max_user_send_per_minute == 60
     assert config.max_mailbox_size == "100M"
-    assert config.delete_mails_after == "40"
+    assert config.delete_mails_after == "20"
     assert config.username_min_length == 9
     assert config.username_max_length == 9
     assert config.password_min_length == 9

cmdeploy/src/cmdeploy/__init__.py

@@ -17,6 +17,7 @@ from pyinfra.operations import apt, files, pip, server, systemd
 
 from .acmetool import deploy_acmetool
 
+root_owned = dict(user="root", group="root", mode="644")
 
 def _build_chatmaild(dist_dir) -> None:
     dist_dir = Path(dist_dir).resolve()
@@ -50,7 +51,6 @@ def _install_remote_venv_with_chatmaild(config) -> None:
     remote_dist_file = f"{remote_base_dir}/dist/{dist_file.name}"
     remote_venv_dir = f"{remote_base_dir}/venv"
     remote_chatmail_inipath = f"{remote_base_dir}/chatmail.ini"
-    root_owned = dict(user="root", group="root", mode="644")
 
     apt.packages(
         name="apt install python3-virtualenv",
@@ -85,9 +85,19 @@ def _install_remote_venv_with_chatmaild(config) -> None:
         ],
     )
 
+    # create metrics every 5 minutes via systemd
+
+    files.put(
+        name="Upload metrics.timer",
+        src=importlib.resources.files(__package__).joinpath("service/metrics.timer"),
+        dest=f"/etc/systemd/system/metrics.timer",
+        **root_owned,
+    )
+
     files.template(
-        src=importlib.resources.files(__package__).joinpath("metrics.cron.j2"),
-        dest="/etc/cron.d/chatmail-metrics",
+        name="upload metrics.service",
+        src=importlib.resources.files(__package__).joinpath("service/metrics.service.j2"),
+        dest="/etc/systemd/system/metrics.service",
         user="root",
         group="root",
         mode="644",
@@ -97,6 +107,15 @@ def _install_remote_venv_with_chatmaild(config) -> None:
         },
     )
 
+    systemd.service(
+        name=f"Setup metrics timer",
+        service="metrics.timer",
+        running=True,
+        enabled=True,
+        restarted=True,
+        daemon_reload=True,
+    )
+
     # install systemd units
     for fn in (
         "doveauth",
@@ -352,6 +371,23 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
             commands=["/usr/bin/sievec /etc/dovecot/default.sieve"],
         )
 
+    files.template(
+        src=importlib.resources.files(__package__).joinpath("service/expunge.service.j2"),
+        dest="/etc/systemd/system/expunge.service",
+        config={
+            "mail_domain": config.mail_domain,
+            "delete_mails_after": config.delete_mails_after,
+        },
+        **root_owned,
+    )
+
+    files.put(
+        name="Upload expunge.timer",
+        src=importlib.resources.files(__package__).joinpath("service/expunge.timer"),
+        dest=f"/etc/systemd/system/expunge.timer",
+        **root_owned,
+    )
+
     files.template(
         src=importlib.resources.files(__package__).joinpath("dovecot/expunge.cron.j2"),
         dest="/etc/cron.d/expunge",
@@ -523,6 +559,7 @@ def deploy_chatmail(config_path: Path) -> None:
             "systemctl reset-failed unbound.service",
         ],
     )
+
     systemd.service(
         name="Start and enable unbound",
         service="unbound.service",

cmdeploy/src/cmdeploy/acmetool/__init__.py

@@ -69,7 +69,8 @@ def deploy_acmetool(email="", domains=[]):
         restarted=service_file.changed,
     )
 
-    server.shell(
-        name=f"Request certificate for: { ', '.join(domains) }",
-        commands=[f"acmetool want --xlog.severity=debug { ' '.join(domains)}"],
-    )
+    if str(host) != "staging.testrun.org":
+        server.shell(
+            name=f"Request certificate for: { ', '.join(domains) }",
+            commands=[f"acmetool want --xlog.severity=debug { ' '.join(domains)}"],
+        )

cmdeploy/src/cmdeploy/service/expunge.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=Expunge old mails after {{ config.delete_mails_after }} days
+
+[Service]
+Type=oneshot
+# delete all mails after {{ config.delete_mails_after }} days, in the Inbox
+ExecStart=/home/vmail/mail/{{ config.mail_domain }} -path '*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# or in any IMAP subfolder
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/.*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# even if they are unseen
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+# or only temporary (but then they shouldn't be around after {{ config.delete_mails_after }} days anyway).
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/.*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
+ExecStart=vmail find /home/vmail/mail/{{ config.mail_domain }} -name 'maildirsize' -type f -delete

cmdeploy/src/cmdeploy/service/expunge.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run expunge.service daily
+
+[Timer]
+OnCalendar=weekly
+Persistent=true
+
+[Install]
+WantedBy=timers.target

cmdeploy/src/cmdeploy/service/metrics.service.j2

@@ -0,0 +1,5 @@
+[Unit]
+Description=Generate metrics in /var/www/html/metrics
+
+[Service]
+ExecStart={{ config.execpath }} /home/vmail/mail/{{ config.mail_domain }} > /var/www/html/metrics

cmdeploy/src/cmdeploy/service/metrics.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run metrics.service every 5 minutes
+
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=5min
+
+[Install]
+WantedBy=timers.target