changelog for #276

acmetool: enable debugging
ci: don't fail if /var/lib/acme isn't present
2026-05-11 08:24:37 +00:00 · 2024-05-02 13:28:42 +00:00 · 2024-05-01 10:45:21 +02:00 · 2024-05-01 00:41:11 +02:00 · 2024-05-01 00:21:58 +02:00 · 2024-04-19 21:12:54 +02:00
7 changed files with 39 additions and 15 deletions
--- a/.github/workflows/test-and-deploy.yaml
+++ b/.github/workflows/test-and-deploy.yaml
@@ -56,7 +56,7 @@ jobs:
          # restore acme & dkim state to staging.testrun.org
          rsync -avz acme-restore/acme/ root@staging.testrun.org:/var/lib/acme || true
          rsync -avz dkimkeys-restore/dkimkeys/ root@staging.testrun.org:/etc/dkimkeys || true
-          ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown root:root -R /var/lib/acme
+          ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown root:root -R /var/lib/acme || true

      - name: run formatting checks 
        run: cmdeploy fmt -v 
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@

 ## untagged

+- Accept Let's Encrypt's new Terms of Services
+  ([#275](https://github.com/deltachat/chatmail/pull/276))
+
+- Reload Dovecot and Postfix when TLS certificate updates
+  ([#271](https://github.com/deltachat/chatmail/pull/271))
+
+- Use forked version of dovecot without hardcoded delays
+  ([#270](https://github.com/deltachat/chatmail/pull/270))
+
 ## 1.2.0 - 2024-04-04

 - Install dig on the server to resolve DNS records
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -483,6 +483,23 @@ def deploy_chatmail(config_path: Path) -> None:
        commands=["test -d /home/vmail && chown -R vmail:vmail /home/vmail"],
    )

+    # Add our OBS repository for dovecot_no_delay
+    files.put(
+        name = "Add Deltachat OBS GPG key to apt keyring",
+        src = importlib.resources.files(__package__).joinpath("obs-home-deltachat.gpg"),
+        dest = "/etc/apt/keyrings/obs-home-deltachat.gpg",
+        user="root",
+        group="root",
+        mode="644",
+    )
+
+    files.line(
+        name = "Add DeltaChat OBS home repository to sources.list",
+        path = "/etc/apt/sources.list",
+        line = "deb [signed-by=/etc/apt/keyrings/obs-home-deltachat.gpg] https://download.opensuse.org/repositories/home:/deltachat/Debian_12/ ./",
+        ensure_newline = True,
+    )
+
    apt.update(name="apt update", cache_time=24 * 3600)

    apt.packages(
@@ -513,7 +530,6 @@ def deploy_chatmail(config_path: Path) -> None:

    # Deploy acmetool to have TLS certificates.
    deploy_acmetool(
-        nginx_hook=True,
        domains=[mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"],
    )

--- a/cmdeploy/src/cmdeploy/acmetool/init.py
+++ b/cmdeploy/src/cmdeploy/acmetool/init.py
@@ -5,7 +5,7 @@ from pyinfra import host
 from pyinfra.facts.systemd import SystemdStatus


-def deploy_acmetool(nginx_hook=False, email="", domains=[]):
+def deploy_acmetool(email="", domains=[]):
    """Deploy acmetool."""
    apt.packages(
        name="Install acmetool",
@@ -20,16 +20,13 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):
        mode="644",
    )

-    if nginx_hook:
-        files.put(
-            src=importlib.resources.files(__package__)
-            .joinpath("acmetool.hook")
-            .open("rb"),
-            dest="/usr/lib/acme/hooks/nginx",
-            user="root",
-            group="root",
-            mode="744",
-        )
+    files.put(
+        src=importlib.resources.files(__package__).joinpath("acmetool.hook").open("rb"),
+        dest="/usr/lib/acme/hooks/nginx",
+        user="root",
+        group="root",
+        mode="744",
+    )

    files.template(
        src=importlib.resources.files(__package__).joinpath("response-file.yaml.j2"),
@@ -74,5 +71,5 @@ def deploy_acmetool(nginx_hook=False, email="", domains=[]):

    server.shell(
        name=f"Request certificate for: { ', '.join(domains) }",
-        commands=[f"acmetool want { ' '.join(domains)}"],
+        commands=[f"acmetool want --xlog.severity=debug { ' '.join(domains)}"],
    )
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool.hook
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool.hook
@@ -3,3 +3,5 @@ set -e
 EVENT_NAME="$1"
 [ "$EVENT_NAME" = "live-updated" ] || exit 42
 systemctl restart nginx.service
+systemctl reload dovecot.service
+systemctl reload postfix.service
--- a/cmdeploy/src/cmdeploy/acmetool/response-file.yaml.j2
+++ b/cmdeploy/src/cmdeploy/acmetool/response-file.yaml.j2
@@ -1,2 +1,2 @@
 "acme-enter-email": "{{ email }}"
-"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf": true
--- a/cmdeploy/src/cmdeploy/obs-home-deltachat.gpg
+++ b/cmdeploy/src/cmdeploy/obs-home-deltachat.gpg
Author	SHA1	Message	Date
missytake	e2cbf4e3e4	changelog for #276	2024-05-02 13:28:42 +00:00
missytake	f35d98bb40	acmetool: enable debugging	2024-05-01 10:45:21 +02:00
missytake	7ce1a5e841	ci: don't fail if /var/lib/acme isn't present	2024-05-01 00:41:11 +02:00
missytake	0a72c2fba7	acmetool: accept new terms of services closes #275	2024-05-01 00:21:58 +02:00
link2xt	824f70f463	Document email authentication requirements	2024-04-19 21:12:54 +02:00
link2xt	39f5f64998	Reload Dovecot and Postfix when TLS certificate updates (#271 )	2024-04-15 14:08:32 +00:00
Christian Hagenest	1752803199	changelog for #270	2024-04-11 19:41:43 +02:00
Christian Hagenest	e372599ce7	change location of changes per nami's recommendation	2024-04-11 19:15:28 +02:00
Christian Hagenest	ce9fb02a75	correct key for obs home deltachat	2024-04-11 19:15:28 +02:00
Christian Hagenest	4526f5e772	apt update after adding new repository	2024-04-11 19:15:28 +02:00
Christian Hagenest	616a42c8f3	add our obs repo to cmdeploy init	2024-04-11 19:15:28 +02:00