From acebf591bc5d4e5e01ce5a909afed387ccd15c2e Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 8 Aug 2017 21:16:07 +0100
Subject: [PATCH] Mailpile user permissions

---
 src/freedombone-app-mailpile | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/freedombone-app-mailpile b/src/freedombone-app-mailpile
index c690e5a2..66dc7258 100755
--- a/src/freedombone-app-mailpile
+++ b/src/freedombone-app-mailpile
@@ -45,6 +45,7 @@ mailpile_variables=(MAILPILE_REPO
                     MAILPILE_CODE
                     ONION_ONLY
                     DDNS_PROVIDER
+                    DEFAULT_DOMAIN_NAME
                     MY_USERNAME)
 
 function logging_on_mailpile {
@@ -305,6 +306,11 @@ function install_mailpile {
     adduser mailpile www-data
     adduser mailpile mail
     adduser mailpile $MY_USERNAME
+    if [[ $ONION_ONLY == 'no' ]]; then
+        chgrp -R ssl-cert /etc/letsencrypt
+        chmod -R g=rX /etc/letsencrypt
+        usermod -a -G ssl-cert mailpile
+    fi
     chown -R mailpile: /var/www/$MAILPILE_DOMAIN_NAME/mail/
 
     # create folders and tags
@@ -440,6 +446,13 @@ function install_mailpile {
     pip install jinja2==2.9.6
     pip install pgpdump==1.5
 
+    sed -i "s|#ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|ssl_cert =.*|ssl_cert = </etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt|g" /etc/dovecot/conf.d/10-ssl.conf
+
+    sed -i "s|#ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
+    sed -i "s|ssl_key =.*|ssl_key = </etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/dovecot/conf.d/10-ssl.conf
+
+    systemctl restart dovecot
     systemctl enable mailpile
     systemctl daemon-reload
     systemctl start mailpile