obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: obel1x/fedora-OEMDRV:0ad82ac4e9dc54f74fa16301a3ed6f6a2f53b830
Branches Tags
obel1x/fedora-OEMDRV:main
...
compare: obel1x/fedora-OEMDRV:5827c5b0b68db32128b71d5edf03e425748f026b
Branches Tags
obel1x/fedora-OEMDRV:main

7 Commits
0ad82ac4e9 ... 5827c5b0b6

Author SHA1 Message Date
obel1x 5827c5b0b6 Merge pull request 'TB Mailaccount autoprovisioning, Talk with dbus access' (#21) from unbrot/fedora-OEMDRV:main into main 
Reviewed-on: #21
 2026-05-02 14:02:44 +02:00
unbrot b233601e16 undo pycache in gitignore 2026-05-02 13:57:59 +02:00
Daniel unbrot Pätzold b37bd8fadd Add pycache to gitignore 2026-05-02 13:50:47 +02:00
Daniel unbrot Pätzold c4448caa5f mozilla pre: renamed test_api to test_ipaapi 2026-05-02 13:43:32 +02:00
Daniel unbrot Pätzold 51ee27f514 0020_nextcloud_mozilla_pre: auto-provision Thunderbird IMAP account at logon 
Fetches user_full_name (givenname + sn) and user_email from FreeIPA via
ipalib and writes them into the Thunderbird IMAP account prefs. Adds
ipalib availability check to logon_script.sh. Drops TB_MAIL_FULLNAME
config variable.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-02 12:21:13 +02:00
Daniel unbrot Pätzold d95136459c 0020_nextcloud_mozilla_pre: auto-provision Thunderbird IMAP account at logon 
Adds SERVERFQDN_IMAP and TB_MAIL_FULLNAME to setup_system.conf.dist.
On each logon the script checks if an IMAP account for DAVTOKEN_USER@TLDOMAIN
already exists in prefs.js; if not it writes the server, identity, and account
entries and registers it with accountmanager. Idempotent — skipped when the
account is already present.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-02 10:59:53 +02:00
Daniel unbrot Pätzold 87ac49ce41 0110_nextcloud_talk_app: restore D-Bus and KWallet access via flatpak override 
Ensures session bus socket and kwalletd5/6 talk permissions are set at
logon, so Flatseal or a missing manifest entry cannot silently break
Talk's credential storage and Plasma integration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-02 10:59:53 +02:00
5 changed files with 121 additions and 2 deletions
Expand all files Collapse all files
client_software/0020_nextcloud_mozilla_pre/test_ipaapi.sh
Executable
+14
View File
@@ -0,0 +1,14 @@
#!/usr/bin/env python3
from ipalib import api
from os import environ
api.bootstrap(context="cli", in_server=False)
api.finalize()
api.Backend.rpcclient.connect()
result = api.Command.user_show(environ['USER'])
user_email = result['result']['mail'][0]
user_full_name = result['result']['givenname'][0] + " " + result['result']['sn'][0]
print(result)
print(f"user_email: {user_email}")
print(f"user_full_name: {user_full_name}")
client_software/0020_nextcloud_mozilla_pre/user_run.sh
+92 -2
View File
@@ -4,6 +4,7 @@
#
# Will prepare local mozilla and thunderbird folders with given tar.files
#
import re
import sys
import subprocess
import certifi
@@ -11,6 +12,8 @@ import tarfile
import shutil
import os
from os import environ
#see FreeIPA APIs: https://freeipa.readthedocs.io/en/latest/api/basic_usage.html
from ipalib import api
# See https://pypi.org/project/webdavclient3/
# needs pip install webdavclient3
from webdav3.client import Client
@@ -78,6 +81,7 @@ if 'PROFILE_FIREFOX_SRC' in environ: # Check and setup mozilla
#Next sync will be executed by logon script
#Thunderbird first profile setup
tb_profile_dir = environ['PROFILE_TB_DST'] + "/default"
if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
pathstr = environ['PROFILE_TB_SRC'] + "/default"
if not client.check(pathstr):
@@ -93,8 +97,8 @@ if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
client.execute_request("mkdir", "/" + pathstr)
print("Done.")
#Check and create local Folder
if not os.path.exists(environ['PROFILE_TB_DST'] + "/default"):
os.makedirs(environ['PROFILE_TB_DST'] + "/default")
if not os.path.exists(tb_profile_dir):
os.makedirs(tb_profile_dir)
#First sync to initialise sync-db
print("Call " + environ['SYSCONFIGPATH'] + "/system_setup/mozilla_starter.sh thunderbird sync")
retstr = subprocess.call(['sh', environ['SYSCONFIGPATH'] + '/system_setup/mozilla_starter.sh', 'thunderbird', 'sync'])
@@ -106,4 +110,90 @@ if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
print("Done.")
#Next sync will be executed by logon script
# Check and auto-provision IMAP account for DAVTOKEN_USER@TLDOMAIN in Thunderbird
if ('PROFILE_TB_DST' in environ and 'TLDOMAIN' in environ and
'SERVERFQDN_IMAP' in environ and 'DAVTOKEN_USER' in environ):
prefs_path = environ['PROFILE_TB_DST'] + "/default/prefs.js"
imap_host = environ['SERVERFQDN_IMAP']
account_name = environ['DAVTOKEN_USER'] + "@" + environ['TLDOMAIN']
#Call IPA api to get the Values
api.bootstrap(context="cli", in_server=False)
api.finalize()
api.Backend.rpcclient.connect()
api_userinfo = api.Command.user_show(environ['DAVTOKEN_USER'])
user_full_name = api_userinfo['result']['givenname'][0] + " " + api_userinfo['result']['sn'][0]
user_email = api_userinfo['result']['mail'][0]
if not os.path.exists(prefs_path):
print("Thunderbird prefs.js not found, skipping mail account setup.")
else:
with open(prefs_path, 'r') as f:
prefs = f.read()
account_exists = bool(re.search(
r'mail\.server\.server\d+\.userName",\s*"' + re.escape(account_name) + '"',
prefs
))
if account_exists:
print(f"Thunderbird IMAP account {account_name} already configured.")
else:
print(f"Adding Thunderbird IMAP account {account_name} ...")
server_nums = [int(x) for x in re.findall(r'mail\.server\.server(\d+)\.type', prefs)]
account_nums = [int(x) for x in re.findall(r'mail\.account\.account(\d+)\.server', prefs)]
id_nums = [int(x) for x in re.findall(r'mail\.identity\.id(\d+)\.useremail', prefs)]
ns = (max(server_nums) + 1) if server_nums else 1
na = (max(account_nums) + 1) if account_nums else 1
ni = (max(id_nums) + 1) if id_nums else 1
sn, an, idn = f"server{ns}", f"account{na}", f"id{ni}"
new_lines = [
f'user_pref("mail.server.{sn}.check_new_mail", true);',
f'user_pref("mail.server.{sn}.cleanup_inbox_on_exit", true);',
f'user_pref("mail.server.{sn}.directory", "{tb_profile_dir}/ImapMail/{imap_host}");',
f'user_pref("mail.server.{sn}.directory-rel", "[ProfD]ImapMail/{imap_host}");',
f'user_pref("mail.server.{sn}.hostname", "{imap_host}");',
f'user_pref("mail.server.{sn}.login_at_startup", true);',
f'user_pref("mail.server.{sn}.max_cached_connections", 5);',
f'user_pref("mail.server.{sn}.name", "{account_name}");',
f'user_pref("mail.server.{sn}.port", 993);',
f'user_pref("mail.server.{sn}.socketType", 3);',
f'user_pref("mail.server.{sn}.storeContractID", "@mozilla.org/msgstore/maildirstore;1");',
f'user_pref("mail.server.{sn}.timeout", 29);',
f'user_pref("mail.server.{sn}.trash_folder_name", "Trash");',
f'user_pref("mail.server.{sn}.type", "imap");',
f'user_pref("mail.server.{sn}.userName", "{environ["DAVTOKEN_USER"]}");',
f'user_pref("mail.identity.{idn}.draft_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Drafts");',
f'user_pref("mail.identity.{idn}.drafts_folder_picker_mode", "0");',
f'user_pref("mail.identity.{idn}.fcc_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Sent");',
f'user_pref("mail.identity.{idn}.fcc_folder_picker_mode", "0");',
f'user_pref("mail.identity.{idn}.fullName", "{user_full_name}");',
f'user_pref("mail.identity.{idn}.reply_on_top", 1);',
f'user_pref("mail.identity.{idn}.stationery_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Templates");',
f'user_pref("mail.identity.{idn}.tmpl_folder_picker_mode", "0");',
f'user_pref("mail.identity.{idn}.useremail", "{user_email}");',
f'user_pref("mail.identity.{idn}.valid", true);',
f'user_pref("mail.account.{an}.identities", "{idn}");',
f'user_pref("mail.account.{an}.server", "{sn}");',
]
# Append account to mail.accountmanager.accounts
m = re.search(r'(mail\.accountmanager\.accounts",\s*")([^"]+)(")', prefs)
if m:
prefs = prefs[:m.start(2)] + m.group(2) + ',' + an + prefs[m.end(2):]
else:
new_lines.append(f'user_pref("mail.accountmanager.accounts", "{an}");')
# Update mail.account.lastKey
m = re.search(r'(mail\.account\.lastKey",\s*)(\d+)', prefs)
if m:
prefs = prefs[:m.start(2)] + str(max(int(m.group(2)), na)) + prefs[m.end(2):]
prefs = prefs.rstrip('\n') + '\n' + '\n'.join(new_lines) + '\n'
with open(prefs_path, 'w') as f:
f.write(prefs)
print(f"Thunderbird IMAP account {account_name} added successfully.")
sys.exit(0)
client_software/0110_nextcloud_talk_app/user_run.sh
+5
View File
@@ -5,6 +5,11 @@ if [[ $? -eq 0 ]]; then
/usr/bin/flatpak uninstall -y --user com.nextcloud.talk
fi
# Ensure session bus and KWallet D-Bus access (may be blocked by Flatseal or missing from manifest)
/usr/bin/flatpak override --user --socket=session-bus \
--talk-name=org.kde.kwalletd5 --talk-name=org.kde.kwalletd6 \
com.nextcloud.talk
# Start Nextcloud Talk in Background
#Current Version of Talk is dumping Core
echo "Starting Nextcloud Talk in Background."
config/setup_system.conf.dist
+3
View File
@@ -77,6 +77,9 @@ if [ "$EUID" -ne 0 ]; then
#Thunderbird Profiles
export PROFILE_TB_SRC="mozilla_profiles/thunderbird"
export PROFILE_TB_DST="${DECRYPTEDDATADIR}/thunderbird"
# Mail account auto-provisioning for DAVTOKEN_USER@TLDOMAIN in Thunderbird
export SERVERFQDN_IMAP="imap.${TLDOMAIN}" # IMAP server hostname (e.g. imap.strato.de)
fi
#Basic commons not needing change
system_setup/logon_script.sh
+7
View File
@@ -18,11 +18,18 @@ if [ "$EUID" -eq 0 ]; then
fi
#Check for needed python-modules
#For WEBDAV
python -c "import webdav3">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Installing pip module webdav3"
pip install webdavclient3>/dev/null
fi
#For IPA (system package python3-ipaclient, cannot be pip-installed)
python -c "import ipalib">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient"
fi
#TODO C: Check if Desktop is KDE/Plasma and support other Displays
# Make kdesu use sudo