| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 | import osimport subprocessfrom jinja2 import Environment, FileSystemLoaderdef includes_conf(env, template_vars):  server_name = "server_name.active"  listen_plain = "listen_plain.active"  listen_ssl = "listen_ssl.active"  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"  listen_plain_config = f"listen {template_vars['HTTP_PORT']};"  listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"  if not template_vars['DISABLE_IPv6']:    listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"    listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"  listen_ssl_config += "\nhttp2 on;"  with open(f"/etc/nginx/conf.d/{server_name}", "w") as f:    f.write(server_name_config)  with open(f"/etc/nginx/conf.d/{listen_plain}", "w") as f:    f.write(listen_plain_config)  with open(f"/etc/nginx/conf.d/{listen_ssl}", "w") as f:    f.write(listen_ssl_config)def sites_default_conf(env, template_vars):  config_name = "sites-default.conf"  template = env.get_template(f"{config_name}.j2")  config = template.render(template_vars)  with open(f"/etc/nginx/includes/{config_name}", "w") as f:    f.write(config)def nginx_conf(env, template_vars):  config_name = "nginx.conf"  template = env.get_template(f"{config_name}.j2")  config = template.render(template_vars)  with open(f"/etc/nginx/{config_name}", "w") as f:    f.write(config)def prepare_template_vars():  ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")  additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")  trusted_proxies = os.getenv("TRUSTED_PROXIES", "")  template_vars = {    'IPV4_NETWORK': ipv4_network,    'TRUSTED_PROXIES': [item.strip() for item in trusted_proxies.split(",") if item.strip()],    'SKIP_RSPAMD': os.getenv("SKIP_RSPAMD", "n").lower() in ("y", "yes"),    'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),    'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),    'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",") if item.strip()],    'HTTP_PORT': os.getenv("HTTP_PORT", "80"),    'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),    'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),    'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),    'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),    'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),    'HTTP_REDIRECT': os.getenv("HTTP_REDIRECT", "n").lower() in ("y", "yes"),  }  ssl_dir = '/etc/ssl/mail/'  template_vars['valid_cert_dirs'] = []  for d in os.listdir(ssl_dir):    full_path = os.path.join(ssl_dir, d)    if not os.path.isdir(full_path):      continue    cert_path = os.path.join(full_path, 'cert.pem')    key_path = os.path.join(full_path, 'key.pem')    domains_path = os.path.join(full_path, 'domains')    if os.path.isfile(cert_path) and os.path.isfile(key_path) and os.path.isfile(domains_path):      with open(domains_path, 'r') as file:        domains = file.read().strip()      domains_list = domains.split()      if domains_list and template_vars["MAILCOW_HOSTNAME"] not in domains_list:        template_vars['valid_cert_dirs'].append({          'cert_path': full_path + '/',          'domains': domains        })  return template_varsdef main():  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d/templates'))  # Render config  print("Render config")  template_vars = prepare_template_vars()  sites_default_conf(env, template_vars)  nginx_conf(env, template_vars)  includes_conf(env, template_vars)if __name__ == "__main__":  main()
 |