diff --git a/.mkdocs.yaml b/.mkdocs.yaml index 04fe49ba..bfa47bc3 100644 --- a/.mkdocs.yaml +++ b/.mkdocs.yaml @@ -8,11 +8,11 @@ remote_branch: gh-pages theme: readthedocs markdown_extensions: - admonition + - pymdownx.fancylists - pymdownx.superfences exclude_docs: | example-configs/** requirements.txt - nav: - Welcome: README.md - Quick Start: diff --git a/Makefile b/Makefile index 12221cc7..83d87d81 100644 --- a/Makefile +++ b/Makefile @@ -133,4 +133,4 @@ docs-build: .PHONY: docs-serve docs-serve: - mkdocs serve --strict -f .mkdocs.yaml + mkdocs serve --watch docs/ --strict -f .mkdocs.yaml diff --git a/deploy/compose/web.yaml b/deploy/compose/web.yaml index 9b049c59..371b4f23 100644 --- a/deploy/compose/web.yaml +++ b/deploy/compose/web.yaml @@ -7,7 +7,7 @@ services: context: ../../target/web args: # Roundcube plugins can be added here. - # See https://packagist.org/?type=roundcube-plugin + # Documentation available at docs/configuration/roundcube.md RC_PLUGINS: "johndoh/contextmenu jfcherng-roundcube/show-folder-size" cache_from: - type=registry,ref=ghcr.io/jeboehm/mailserver-web:buildcache diff --git a/deploy/kustomize/common/configmap.yaml b/deploy/kustomize/common/configmap.yaml index 9193e430..7daa11e2 100644 --- a/deploy/kustomize/common/configmap.yaml +++ b/deploy/kustomize/common/configmap.yaml @@ -20,4 +20,3 @@ data: RSPAMD_DNS_SERVERS: round-robin:unbound:53 UNBOUND_DNS_ADDRESS: unbound:53 WEB_HTTP_ADDRESS: web:80 - WEB_PHP_ADDRESS: 127.0.0.1:9000 diff --git a/docs/administration/user-roles.md b/docs/administration/user-roles.md index 238433b7..2dc5a383 100644 --- a/docs/administration/user-roles.md +++ b/docs/administration/user-roles.md @@ -2,27 +2,40 @@ In `mailserver-admin`, there are three distinct user roles, each with different levels of access and permissions: -1. **Admin** - - **Permissions**: Can perform all actions within the application. - - **Capabilities**: - - Manage all mail domains, users, aliases, and DKIM settings. - - Full access to all features and configurations. - -2. **Domain Admin** - - **Permissions**: Limited to managing users, aliases, and fetchmail accounts within their own domain. - - **Capabilities**: - - Create, update, and remove users within their domain. - - Define and manage mail aliases within their domain. - - Configure and manage fetchmail accounts within their domain. - - **Restrictions**: - - Cannot add or edit new domains. - - Cannot manage DKIM settings for any domain. - -3. **User** - - **Permissions**: Limited to managing their own fetchmail accounts. - - **Capabilities**: - - Login to the application. - - Configure and manage their personal fetchmail accounts. - - **Restrictions**: - - Cannot manage users, aliases, or domains. - - No access to DKIM settings or domain configurations. +## Admin + +**Permissions**: Can perform all actions within the application. + +**Capabilities**: + +- Manage all mail domains, users, aliases, and DKIM settings +- Full access to all features and configurations + +## Domain Admin + +**Permissions**: Limited to managing users, aliases, and fetchmail accounts within their own domain. + +**Capabilities**: + +- Create, update, and remove users within their domain +- Define and manage mail aliases within their domain +- Configure and manage fetchmail accounts within their domain + +**Restrictions**: + +- Cannot add or edit new domains +- Cannot manage DKIM settings for any domain + +## User + +**Permissions**: Limited to managing their own fetchmail accounts. + +**Capabilities**: + +- Login to the application +- Configure and manage their personal fetchmail accounts + +**Restrictions**: + +- Cannot manage users, aliases, or domains +- No access to DKIM settings or domain configurations diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index d0cd0de6..23e950e7 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -80,7 +80,6 @@ when you use Kubernetes or decide to rename services somehow. | `MTA_SMTP_ADDRESS` | `mta:25` | Postfix SMTP service address | | `MTA_SMTP_SUBMISSION_ADDRESS` | `mta:587` | Postfix SMTP submission service address | | `WEB_HTTP_ADDRESS` | `web:80` | Web interface HTTP address | -| `WEB_PHP_ADDRESS` | `127.0.0.1:9000` | PHP-FPM service address | | `RSPAMD_DNS_SERVERS` | `round-robin:unbound:53` | DNS servers for RSpamd (Kubernetes) | ### mailserver-admin Configuration diff --git a/docs/development/mailserver-admin.md b/docs/development/mailserver-admin.md index 311fc64c..2c162651 100644 --- a/docs/development/mailserver-admin.md +++ b/docs/development/mailserver-admin.md @@ -1,7 +1,7 @@ # Development Guide for mailserver-admin This document describes the development setup and workflow for the `mailserver-admin` project. -The project is located in a separate repository: https://github.com/jeboehm/mailserver-admin/ +The project is located in a separate repository: [mailserver-admin](https://github.com/jeboehm/mailserver-admin). ## Technical Stack @@ -32,26 +32,28 @@ The project uses [devenv](https://devenv.sh/) to provide a reproducible developm 2. Start the development environment: - ```bash - devenv up - ``` +```bash +devenv up +``` - This command will: - - Set up PHP 8.4 with required extensions (Redis, PDO MySQL, Xdebug) - - Start MySQL database server - - Start Redis server - - Start Caddy web server on port 8000 - - Configure PHP-FPM pool for the web server - - Set up environment variables for database and Redis connections +This command will: + +- Set up PHP 8.4 with required extensions (Redis, PDO MySQL, Xdebug) +- Start MySQL database server +- Start Redis server +- Start Caddy web server on port 8000 +- Configure PHP-FPM pool for the web server +- Set up environment variables for database and Redis connections 3. Install dependencies: - ```bash - composer install - ``` + +```bash +composer install +``` ### Starting the Web Server -**Important**: You must run `devenv up` to start the web server. This command starts all required services including: +**Important**: You must run `devenv up` to start the web server. This command starts all required services: - **Caddy web server** on `http://localhost:8000` - **MySQL database** (accessible at `127.0.0.1`) @@ -71,7 +73,7 @@ Fix code style issues using PHP CS Fixer: composer run csfix ``` -This command runs PHP CS Fixer with the configuration defined in `.php-cs-fixer.dist.php`. It applies PSR-2, Symfony, and PHP 8.0 migration rules to files in: +This command runs PHP CS Fixer with the configuration defined in `.php-cs-fixer.dist.php`. It applies PSR-2, Symfony, and PHP 8.0 migration rules to the following directories: - `bin/` - `public/` @@ -87,7 +89,7 @@ Run PHPStan to perform static analysis: composer run phpstan ``` -PHPStan is configured to analyze code at level 6 (as defined in `phpstan.dist.neon`) and checks: +PHPStan is configured to analyze code at level 6 (as defined in `phpstan.dist.neon`) and checks the following directories: - `bin/` - `config/` @@ -103,23 +105,13 @@ Execute the test suite: composer run test ``` -This runs PHPUnit with the configuration from `phpunit.dist.xml`. The test suite includes: +This runs PHPUnit with the configuration from `phpunit.dist.xml`. The test suite includes the following: - Unit tests in `tests/Unit/` - Integration tests in `tests/Integration/` Tests run in the `test` environment and use the database configured in `.env.test`. -### Test Coverage - -Generate test coverage report: - -```bash -composer run coverage -``` - -This runs PHPUnit with Xdebug coverage enabled and outputs a text-based coverage report. - ### Code Refactoring Run Rector to automatically refactor code: @@ -151,7 +143,7 @@ Rector uses the configuration from `rector.php` to apply automated code improvem ## Debugging -Xdebug is configured in the devenv setup with: +Xdebug is configured in the devenv setup with the following settings: - Mode: `debug` - Client port: `9003` @@ -165,16 +157,17 @@ When making database schema changes: 1. Create a migration: - ```bash - php bin/console doctrine:migrations:generate - ``` +```bash +php bin/console doctrine:migrations:generate +``` 2. Edit the generated migration file in `migrations/` 3. Run migrations: - ```bash - php bin/console doctrine:migrations:migrate - ``` + +```bash +php bin/console doctrine:migrations:migrate +``` ## Additional Resources diff --git a/target/web/Dockerfile b/target/web/Dockerfile index 7d770e71..90ac90c6 100644 --- a/target/web/Dockerfile +++ b/target/web/Dockerfile @@ -14,8 +14,6 @@ ENV MYSQL_HOST=db \ MDA_IMAP_ADDRESS=mda:31143 \ MDA_MANAGESIEVE_ADDRESS=mda:4190 \ MTA_SMTP_SUBMISSION_ADDRESS=mta:587 \ - WEB_HTTP_ADDRESS=web:8080 \ - WEB_PHP_ADDRESS=127.0.0.1:9000 \ SUPPORT_URL=https://github.com/jeboehm/docker-mailserver \ MAILNAME=mail.example.com \ WAITSTART_TIMEOUT=1m \ @@ -25,12 +23,11 @@ ENV MYSQL_HOST=db \ ARG FRANKENPHP_VER=v1.11.1 # renovate: depName=php/frankenphp RUN apk add --no-cache \ curl && \ - curl -sfOL https://github.com/php/frankenphp/releases/download/${FRANKENPHP_VER}/frankenphp-linux-x86_64 && \ - chmod +x frankenphp-linux-x86_64 && \ - mv frankenphp-linux-x86_64 /usr/bin/frankenphp && \ - mkdir -p ${SERVER_ROOT} && \ ln -sf /tmp /home/app && \ - apk del --no-cache apk-tools + ARCH=$(uname -m) && \ + curl -sfOL https://github.com/php/frankenphp/releases/download/${FRANKENPHP_VER}/frankenphp-linux-${ARCH} && \ + chmod +x frankenphp-linux-${ARCH} && \ + mv frankenphp-linux-${ARCH} /usr/bin/frankenphp RUN printf '#!/bin/sh\nexec frankenphp php-cli "$@"\n' > /usr/bin/php && \ chmod +x /usr/bin/php @@ -38,7 +35,7 @@ RUN printf '#!/bin/sh\nexec frankenphp php-cli "$@"\n' > /usr/bin/php && \ FROM base AS composer ENV COMPOSER_ALLOW_SUPERUSER=1 -COPY --from=composer/composer:2.9.2@sha256:969fb900253c0e71645cf74257d6c9206304573e8b246d1bc57f8ac1d64e12f4 /usr/bin/composer /usr/local/bin/composer +COPY --from=composer/composer:2.9.2@sha256:969fb900253c0e71645cf74257d6c9206304573e8b246d1bc57f8ac1d64e12f4 /usr/bin/composer /usr/bin/composer FROM composer AS roundcube-builder @@ -57,6 +54,9 @@ RUN --mount=type=cache,target=/root/.composer \ mkdir -p \ temp/ \ logs/ && \ + chmod 777 \ + temp/ \ + logs/ && \ if [ "${RC_PLUGINS}" != "" ]; then \ composer require \ --ignore-platform-reqs --prefer-dist --prefer-stable \ @@ -81,7 +81,11 @@ RUN curl -sSLf \ https://github.com/jeboehm/mailserver-admin/releases/download/${ADMIN_VER}/release-${ADMIN_VER}.tar.gz && \ tar -oxf /tmp/admin.tar.gz --strip=1 && \ rm /tmp/admin.tar.gz && \ - composer symfony:dump-env prod + composer symfony:dump-env prod && \ + chmod 777 \ + /opt/admin/var/cache \ + /opt/admin/var/cache/prod \ + /opt/admin/var/log FROM base AS prod @@ -90,16 +94,12 @@ COPY --chown=root:root --from=roundcube-builder /opt/roundcube/ /opt/roundcube/ COPY --chown=root:root --from=admin-builder /opt/admin/ /opt/admin/ COPY --chown=root:root rootfs/ / -RUN ln -s /opt/roundcube/public_html ${SERVER_ROOT}/webmail && \ +RUN mkdir -p ${SERVER_ROOT} && \ + ln -s /opt/roundcube/public_html ${SERVER_ROOT}/webmail && \ ln -s /opt/admin/public ${SERVER_ROOT}/manager ARG USER=app -RUN adduser -DH ${USER} && \ - chown -R ${USER}:${USER} \ - /opt/admin/var/cache/prod \ - /opt/admin/var/log \ - /opt/roundcube/logs \ - /opt/roundcube/temp +RUN adduser -DH ${USER} USER ${USER} HEALTHCHECK CMD /usr/local/bin/healthcheck.sh diff --git a/target/web/rootfs/opt/roundcube/config/config.inc.php b/target/web/rootfs/opt/roundcube/config/config.inc.php index 2b41f7c2..eb163766 100644 --- a/target/web/rootfs/opt/roundcube/config/config.inc.php +++ b/target/web/rootfs/opt/roundcube/config/config.inc.php @@ -21,7 +21,6 @@ 'archive', 'zipdownload', 'managesieve', - 'password', ]; $config['imap_conn_options'] = [ 'ssl' => [ diff --git a/target/web/rootfs/opt/roundcube/plugins/password/config.inc.php b/target/web/rootfs/opt/roundcube/plugins/password/config.inc.php deleted file mode 100644 index 95f33acd..00000000 --- a/target/web/rootfs/opt/roundcube/plugins/password/config.inc.php +++ /dev/null @@ -1,29 +0,0 @@ -