strugee · September 23, 2024 20:49
diff --git a/mailu-migration-email.sh b/mailu-migration-email.sh
 #!/bin/bash

 set -euo pipefail

 if ! type apg >/dev/null 2>&1; then
 	echo fatal: apg not found 1>&2
 	exit 1
 fi

 if ! type jq >/dev/null 2>&1; then
 	echo fatal: jq not found 1>&2
 	exit 1
 fi

 cd /mailu

 if ! sudo docker compose exec smtp which mail >/dev/null 2>&1; then
 	echo fatal: mailx not found in smtp container 1>&2
 	exit 1
 fi

 function api_call() {
 	result="$(curl \
 	-H 'accept: application/json' \
 	-H "Authorization: $API_KEY" \
 	-H 'Content-Type: application/json' \
 	"$@")"

 	code=$(echo "$result" | jq '.code // 200') # TODO report this API bug to Mailu (code isn't always returned)
 	if ! [ $code == 200 ]; then
 		echo fatal: received non-200 response: $code 1>&2
 		echo "$result" | jq
 		exit 1
 	fi

 	echo "$result"
 }

 set +u
 if [ -z "$API_KEY" ]; then
 	read -ep 'API key (or set $API_KEY in the environment): ' API_KEY
 fi
 set -u
 read -ep 'Email local part: ' LOCAL_PART
 read -ep 'Personal email: ' PERSONAL_EMAIL
 read -ep 'Display name: ' DISPLAY_NAME

 echo Initiating email migration: $LOCAL_PART@seagl.org from Gmail to Mailu.

 PW="$(apg -m 32 -a 1 -n1 -E '\"|')"

 echo Provisioning mailbox.

 api_call -X 'POST' \
  'https://mail.seagl.org/api/v1/user' \
  -d '{
  "email": "'$LOCAL_PART'@seagl.org",
  "raw_password": "'"$PW"'",
  "comment": "",
  "quota_bytes": 1000000000,
  "global_admin": false,
  "enabled": true,
  "change_pw_next_login": true,
  "enable_imap": true,
  "enable_pop": true,
  "allow_spoofing": false,
  "forward_enabled": false,
  "reply_enabled": false,
  "displayed_name": "'"$DISPLAY_NAME"'",
  "spam_enabled": true,
  "spam_mark_as_read": true,
  "spam_threshold": 80
 }'

 echo Generating migration authentication token.

 token=$(api_call -X 'POST' \
  'https://mail.seagl.org/api/v1/tokenuser/'$LOCAL_PART'%40seagl.org' \
  -d '{
  "comment": "Gmail to Mailu migration, DO NOT DELETE OR CHANGE 5681fa6c",
  "AuthorizedIP": []
 }' | jq -r .token)

 echo Success: $token
 read -ep 'Save this token and hit enter: ' _

 echo Sending invitation mail.

 sudo docker exec -i mailu-smtp-1 mail -b aj@seagl.org -c $PERSONAL_EMAIL -r 'AJ Jordan <aj@seagl.org>' -s 'Your @seagl.org address is being migrated' -- $LOCAL_PART@seagl.org <<EOF
 Hi!

 As you may be aware, SeaGL is transitioning off of Google for Work. We are currently in the process of moving volunteer emails off Gmail, including yours. The replacement email system is called Mailu.

 A new Mailu email inbox has been created for your existing email, $LOCAL_PART@seagl.org. You can log in at https://mail.seagl.org/ immediately, though mail may not be flowing into Mailu yet. Your password is:

 $PW

 and you will be required to change it when you first log in. If you get errors about your username/password being incorrect, please check the documentation (below). I encourage you to set this account up ahead of time on all your devices, before your active email account switches from Gmail to Mailu.

 You can find documentation in our Nextcloud Collective at [1], or you can access the same page without needing to log into Nextcloud at [2]. In particular, this document contains information about the step-by-step process for what the migration will look like for you as a user.

 If you ever need help or have questions, you can reply to this email or (even better) mention me on Matrix in the A/V and Devops staff room!

 Cheers,

 AJ (SeaGL AV/Devops committee chair)

 [1]: https://cloud.seagl.org/index.php/apps/collectives/%5BExperimental%5D%20SeaGL/SRE-Tech/Google%20transition%20support%20materials/Gmail%20to%20Roundcube%20-%20initial%20rollout?fileId=13244

 [2]: https://cloud.seagl.org/index.php/apps/collectives/%5BExperimental%5D%20SeaGL/SRE-Tech/Google%20transition%20support%20materials/Gmail%20to%20Roundcube%20-%20initial%20rollout?fileId=13244
 EOF

 echo Done.
diff --git a/migrate-gmail-to-mailu.sh b/migrate-gmail-to-mailu.sh
 #!/bin/bash

 set -euo pipefail

 if ! echo $TERM | grep -q screen; then
 	echo $(basename $0): refusing to run outside of a screen 1>&2
 	exit 1
 fi

 read -ep 'Email local part: ' LOCAL_PART

 echo Migrating email $LOCAL_PART@seagl.org from Gmail to Mailu.

 echo "You will need to add $LOCAL_PART@seagl.org to the 'Migrated to Mailu' address list on https://admin.google.com/ac/apps/gmail/manageaddresslist?addressListType=1."
 read -p 'When completed, press enter to proceed: ' _

 echo '1. Click the button to turn off identity questions for 10 minutes.'
 echo '2. Reset the password (do not have Google generate it):'
 apg -m 32 -a 1 -n 1
 read -p 'When completed, press enter to proceed: ' _

 echo 'Sign in to https://mail.google.com/mail/u/1/#settings/fwdandpop and enable IMAP. Then, visit https://myaccount.google.com/u/1/lesssecureapps and enable insecure app access.'
 read -p 'When completed, press enter to proceed: ' _

 read -p 'Gmail password: ' GMAIL_PW
 read -p 'Mailu auth token: ' MAILU_TOKEN

 echo Initiating migration...

 sudo docker run --rm gilleslamiral/imapsync imapsync --user1 $LOCAL_PART@seagl.org --password1 "$GMAIL_PW" --host2 mail.seagl.org --user2 $LOCAL_PART@seagl.org --password2 "$MAILU_TOKEN" --sep2 '\' --gmail1 --sslargs1 SSL_verify_mode=1 --sslargs2 SSL_verify_mode=1

 echo Migration completed.

 read -p 'Suspend (not delete) '$LOCAL_PART'@seagl.org in Google Admin and hit enter: ' _

 echo Updating Mailu routing table information...
 sudo sed -i "/$LOCAL_PART@seagl.org/d" /mailu/overrides/postfix/transport.map
 sudo docker compose -f /mailu/docker-compose.yml restart smtp

 echo All mail is flowing to the Mailu mailbox.

 echo Revoking Mailu authentication token...
 sudo sqlite3 /mailu/data/main.db 'DELETE FROM token WHERE comment LIKE '"'%5681fa6c%'"' AND user_email == '"'$LOCAL_PART@seagl.org'"' RETURNING *;'

 echo Procedure completed. Congrats! $LOCAL_PART@seagl.org has successfully been migrated!
 echo Please notify the user.
	#!/bin/bash

	set -euo pipefail

	if ! type apg >/dev/null 2>&1; then
	echo fatal: apg not found 1>&2
	exit 1
	fi

	if ! type jq >/dev/null 2>&1; then
	echo fatal: jq not found 1>&2
	exit 1
	fi

	cd /mailu

	if ! sudo docker compose exec smtp which mail >/dev/null 2>&1; then
	echo fatal: mailx not found in smtp container 1>&2
	exit 1
	fi

	function api_call() {
	result="$(curl \
	-H 'accept: application/json' \
	-H "Authorization: $API_KEY" \
	-H 'Content-Type: application/json' \
	"$@")"

	code=$(echo "$result" \| jq '.code // 200') # TODO report this API bug to Mailu (code isn't always returned)
	if ! [ $code == 200 ]; then
	echo fatal: received non-200 response: $code 1>&2
	echo "$result" \| jq
	exit 1
	fi

	echo "$result"
	}

	set +u
	if [ -z "$API_KEY" ]; then
	read -ep 'API key (or set $API_KEY in the environment): ' API_KEY
	fi
	set -u
	read -ep 'Email local part: ' LOCAL_PART
	read -ep 'Personal email: ' PERSONAL_EMAIL
	read -ep 'Display name: ' DISPLAY_NAME

	echo Initiating email migration: $LOCAL_PART@seagl.org from Gmail to Mailu.

	PW="$(apg -m 32 -a 1 -n1 -E '\"\|')"

	echo Provisioning mailbox.

	api_call -X 'POST' \
	'https://mail.seagl.org/api/v1/user' \
	-d '{
	"email": "'$LOCAL_PART'@seagl.org",
	"raw_password": "'"$PW"'",
	"comment": "",
	"quota_bytes": 1000000000,
	"global_admin": false,
	"enabled": true,
	"change_pw_next_login": true,
	"enable_imap": true,
	"enable_pop": true,
	"allow_spoofing": false,
	"forward_enabled": false,
	"reply_enabled": false,
	"displayed_name": "'"$DISPLAY_NAME"'",
	"spam_enabled": true,
	"spam_mark_as_read": true,
	"spam_threshold": 80
	}'

	echo Generating migration authentication token.

	token=$(api_call -X 'POST' \
	'https://mail.seagl.org/api/v1/tokenuser/'$LOCAL_PART'%40seagl.org' \
	-d '{
	"comment": "Gmail to Mailu migration, DO NOT DELETE OR CHANGE 5681fa6c",
	"AuthorizedIP": []
	}' \| jq -r .token)

	echo Success: $token
	read -ep 'Save this token and hit enter: ' _

	echo Sending invitation mail.

	sudo docker exec -i mailu-smtp-1 mail -b aj@seagl.org -c $PERSONAL_EMAIL -r 'AJ Jordan <aj@seagl.org>' -s 'Your @seagl.org address is being migrated' -- $LOCAL_PART@seagl.org <<EOF
	Hi!

	As you may be aware, SeaGL is transitioning off of Google for Work. We are currently in the process of moving volunteer emails off Gmail, including yours. The replacement email system is called Mailu.

	A new Mailu email inbox has been created for your existing email, $LOCAL_PART@seagl.org. You can log in at https://mail.seagl.org/ immediately, though mail may not be flowing into Mailu yet. Your password is:

	$PW

	and you will be required to change it when you first log in. If you get errors about your username/password being incorrect, please check the documentation (below). I encourage you to set this account up ahead of time on all your devices, before your active email account switches from Gmail to Mailu.

	You can find documentation in our Nextcloud Collective at [1], or you can access the same page without needing to log into Nextcloud at [2]. In particular, this document contains information about the step-by-step process for what the migration will look like for you as a user.

	If you ever need help or have questions, you can reply to this email or (even better) mention me on Matrix in the A/V and Devops staff room!

	Cheers,

	AJ (SeaGL AV/Devops committee chair)

	[1]: https://cloud.seagl.org/index.php/apps/collectives/%5BExperimental%5D%20SeaGL/SRE-Tech/Google%20transition%20support%20materials/Gmail%20to%20Roundcube%20-%20initial%20rollout?fileId=13244

	[2]: https://cloud.seagl.org/index.php/apps/collectives/%5BExperimental%5D%20SeaGL/SRE-Tech/Google%20transition%20support%20materials/Gmail%20to%20Roundcube%20-%20initial%20rollout?fileId=13244
	EOF

	echo Done.
	#!/bin/bash

	set -euo pipefail

	if ! echo $TERM \| grep -q screen; then
	echo $(basename $0): refusing to run outside of a screen 1>&2
	exit 1
	fi

	read -ep 'Email local part: ' LOCAL_PART

	echo Migrating email $LOCAL_PART@seagl.org from Gmail to Mailu.

	echo "You will need to add $LOCAL_PART@seagl.org to the 'Migrated to Mailu' address list on https://admin.google.com/ac/apps/gmail/manageaddresslist?addressListType=1."
	read -p 'When completed, press enter to proceed: ' _

	echo '1. Click the button to turn off identity questions for 10 minutes.'
	echo '2. Reset the password (do not have Google generate it):'
	apg -m 32 -a 1 -n 1
	read -p 'When completed, press enter to proceed: ' _

	echo 'Sign in to https://mail.google.com/mail/u/1/#settings/fwdandpop and enable IMAP. Then, visit https://myaccount.google.com/u/1/lesssecureapps and enable insecure app access.'
	read -p 'When completed, press enter to proceed: ' _

	read -p 'Gmail password: ' GMAIL_PW
	read -p 'Mailu auth token: ' MAILU_TOKEN

	echo Initiating migration...

	sudo docker run --rm gilleslamiral/imapsync imapsync --user1 $LOCAL_PART@seagl.org --password1 "$GMAIL_PW" --host2 mail.seagl.org --user2 $LOCAL_PART@seagl.org --password2 "$MAILU_TOKEN" --sep2 '\' --gmail1 --sslargs1 SSL_verify_mode=1 --sslargs2 SSL_verify_mode=1

	echo Migration completed.

	read -p 'Suspend (not delete) '$LOCAL_PART'@seagl.org in Google Admin and hit enter: ' _

	echo Updating Mailu routing table information...
	sudo sed -i "/$LOCAL_PART@seagl.org/d" /mailu/overrides/postfix/transport.map
	sudo docker compose -f /mailu/docker-compose.yml restart smtp

	echo All mail is flowing to the Mailu mailbox.

	echo Revoking Mailu authentication token...
	sudo sqlite3 /mailu/data/main.db 'DELETE FROM token WHERE comment LIKE '"'%5681fa6c%'"' AND user_email == '"'$LOCAL_PART@seagl.org'"' RETURNING *;'

	echo Procedure completed. Congrats! $LOCAL_PART@seagl.org has successfully been migrated!
	echo Please notify the user.