[PHP-FPM] use python bootstrapper to start PHP-FPM container

data/Dockerfiles/bootstrap/modules/BootstrapPhpfpm.py

@@ -0,0 +1,207 @@
+from jinja2 import Environment, FileSystemLoader
+from modules.BootstrapBase import BootstrapBase
+from pathlib import Path
+import os
+import ipaddress
+import sys
+import time
+import platform
+import subprocess
+
+class Bootstrap(BootstrapBase):
+  def bootstrap(self):
+    self.connect_mysql()
+    self.connect_redis()
+
+    # Setup Jinja2 Environment and load vars
+    self.env = Environment(
+      loader=FileSystemLoader('/php-conf/config_templates'),
+      keep_trailing_newline=True,
+      lstrip_blocks=True,
+      trim_blocks=True
+    )
+    extra_vars = {
+    }
+    self.env_vars = self.prepare_template_vars('/overwrites.json', extra_vars)
+
+    print("Set Timezone")
+    self.set_timezone()
+
+    # Prepare Redis and MySQL Database
+    # TODO: move to dockerapi
+    if self.isYes(os.getenv("MASTER", "")):
+      print("We are master, preparing...")
+      self.prepare_redis()
+      self.setup_apikeys(
+        os.getenv("API_ALLOW_FROM", "").strip(),
+        os.getenv("API_KEY", "").strip(),
+        os.getenv("API_KEY_READ_ONLY", "").strip()
+      )
+      self.setup_mysql_events()
+
+
+    print("Render config")
+    self.render_config("opcache-recommended.ini.j2", "/usr/local/etc/php/conf.d/opcache-recommended.ini")
+    self.render_config("pools.conf.j2", "/usr/local/etc/php-fpm.d/z-pools.conf")
+    self.render_config("other.ini.j2", "/usr/local/etc/php/conf.d/zzz-other.ini")
+    self.render_config("upload.ini.j2", "/usr/local/etc/php/conf.d/upload.ini")
+    self.render_config("session_store.ini.j2", "/usr/local/etc/php/conf.d/session_store.ini")
+    self.render_config("0081-custom-mailcow.css.j2", "/web/css/build/0081-custom-mailcow.css")
+
+    self.copy_file("/usr/local/etc/php/conf.d/opcache-recommended.ini", "/php-conf/opcache-recommended.ini")
+    self.copy_file("/usr/local/etc/php-fpm.d/z-pools.conf", "/php-conf/pools.conf")
+    self.copy_file("/usr/local/etc/php/conf.d/zzz-other.ini", "/php-conf/other.ini")
+    self.copy_file("/usr/local/etc/php/conf.d/upload.ini", "/php-conf/upload.ini")
+    self.copy_file("/usr/local/etc/php/conf.d/session_store.ini", "/php-conf/session_store.ini")
+
+    self.set_owner("/global_sieve", 82, 82, recursive=True)
+    self.set_owner("/web/templates/cache", 82, 82, recursive=True)
+    self.remove("/web/templates/cache", wipe_contents=True, exclude=[".gitkeep"])
+
+    print("Running DB init...")
+    self.run_command(["php", "-c", "/usr/local/etc/php", "-f", "/web/inc/init_db.inc.php"], check=False)
+
+  def prepare_redis(self):
+    print("Setting default Redis keys if missing...")
+
+    # Q_RELEASE_FORMAT
+    if self.redis_conn.get("Q_RELEASE_FORMAT") is None:
+      self.redis_conn.set("Q_RELEASE_FORMAT", "raw")
+
+    # Q_MAX_AGE
+    if self.redis_conn.get("Q_MAX_AGE") is None:
+      self.redis_conn.set("Q_MAX_AGE", 365)
+
+    # PASSWD_POLICY hash defaults
+    if self.redis_conn.hget("PASSWD_POLICY", "length") is None:
+      self.redis_conn.hset("PASSWD_POLICY", mapping={
+        "length": 6,
+        "chars": 0,
+        "special_chars": 0,
+        "lowerupper": 0,
+        "numbers": 0
+      })
+
+    # DOMAIN_MAP
+    print("Rebuilding DOMAIN_MAP from MySQL...")
+    self.redis_conn.delete("DOMAIN_MAP")
+    domains = set()
+    try:
+      cursor = self.mysql_conn.cursor()
+
+      cursor.execute("SELECT domain FROM domain")
+      domains.update(row[0] for row in cursor.fetchall())
+      cursor.execute("SELECT alias_domain FROM alias_domain")
+      domains.update(row[0] for row in cursor.fetchall())
+
+      cursor.close()
+
+      if domains:
+        for domain in domains:
+          self.redis_conn.hset("DOMAIN_MAP", domain, 1)
+        print(f"{len(domains)} domains added to DOMAIN_MAP.")
+      else:
+        print("No domains found to insert into DOMAIN_MAP.")
+    except Exception as e:
+      print(f"Failed to rebuild DOMAIN_MAP: {e}")
+
+  def setup_apikeys(self, api_allow_from, api_key_rw, api_key_ro):
+    if not api_allow_from or api_allow_from == "invalid":
+      return
+
+    print("Validating API_ALLOW_FROM IPs...")
+    ip_list = [ip.strip() for ip in api_allow_from.split(",")]
+    validated_ips = []
+
+    for ip in ip_list:
+      try:
+        ipaddress.ip_network(ip, strict=False)
+        validated_ips.append(ip)
+      except ValueError:
+        continue
+    if not validated_ips:
+      print("No valid IPs found in API_ALLOW_FROM")
+      return
+
+    allow_from_str = ",".join(validated_ips)
+    cursor = self.mysql_conn.cursor()
+    try:
+      if api_key_rw and api_key_rw != "invalid":
+        print("Setting RW API key...")
+        cursor.execute("DELETE FROM api WHERE access = 'rw'")
+        cursor.execute(
+          "INSERT INTO api (api_key, active, allow_from, access) VALUES (%s, %s, %s, %s)",
+          (api_key_rw, 1, allow_from_str, "rw")
+        )
+
+      if api_key_ro and api_key_ro != "invalid":
+        print("Setting RO API key...")
+        cursor.execute("DELETE FROM api WHERE access = 'ro'")
+        cursor.execute(
+          "INSERT INTO api (api_key, active, allow_from, access) VALUES (%s, %s, %s, %s)",
+          (api_key_ro, 1, allow_from_str, "ro")
+        )
+
+      self.mysql_conn.commit()
+      print("API key(s) set successfully.")
+    except Exception as e:
+      print(f"Failed to configure API keys: {e}")
+      self.mysql_conn.rollback()
+    finally:
+      cursor.close()
+
+  def setup_mysql_events(self):
+    print("Creating scheduled MySQL EVENTS...")
+
+    queries = [
+      "DROP EVENT IF EXISTS clean_spamalias;",
+      """
+      CREATE EVENT clean_spamalias
+      ON SCHEDULE EVERY 1 DAY
+      DO
+      DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP();
+      """,
+      "DROP EVENT IF EXISTS clean_oauth2;",
+      """
+      CREATE EVENT clean_oauth2
+      ON SCHEDULE EVERY 1 DAY
+      DO
+      BEGIN
+        DELETE FROM oauth_refresh_tokens WHERE expires < NOW();
+        DELETE FROM oauth_access_tokens WHERE expires < NOW();
+        DELETE FROM oauth_authorization_codes WHERE expires < NOW();
+      END;
+      """,
+      "DROP EVENT IF EXISTS clean_sasl_log;",
+      """
+      CREATE EVENT clean_sasl_log
+      ON SCHEDULE EVERY 1 DAY
+      DO
+      BEGIN
+        DELETE sasl_log.* FROM sasl_log
+          LEFT JOIN (
+            SELECT username, service, MAX(datetime) AS lastdate
+            FROM sasl_log
+            GROUP BY username, service
+          ) AS last
+          ON sasl_log.username = last.username AND sasl_log.service = last.service
+          WHERE datetime < DATE_SUB(NOW(), INTERVAL 31 DAY)
+            AND datetime < lastdate;
+
+        DELETE FROM sasl_log
+          WHERE username NOT IN (SELECT username FROM mailbox)
+            AND datetime < DATE_SUB(NOW(), INTERVAL 31 DAY);
+      END;
+      """
+    ]
+
+    try:
+      cursor = self.mysql_conn.cursor()
+      for query in queries:
+        cursor.execute(query)
+      self.mysql_conn.commit()
+      cursor.close()
+      print("MySQL EVENTS created successfully.")
+    except Exception as e:
+      print(f"Failed to create MySQL EVENTS: {e}")
+      self.mysql_conn.rollback()