From 9c63c38ca1f7c93bb7f7602eb94b3e29f4695166 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Mon, 2 Jun 2025 12:42:11 -0300
Subject: [PATCH] feat(gb-infra): Update ALM CI, Drive, and Email scripts for
 improved directory management and service setup

---
 gb-infra/src/scripts/alm-ci.sh | 22 +++++++++++++---
 gb-infra/src/scripts/drive.sh  | 48 ++++++++++++++++------------------
 gb-infra/src/scripts/email.sh  | 16 +++++-------
 3 files changed, 47 insertions(+), 39 deletions(-)

diff --git a/gb-infra/src/scripts/alm-ci.sh b/gb-infra/src/scripts/alm-ci.sh
index 89bfb05..b85e25b 100644
--- a/gb-infra/src/scripts/alm-ci.sh
+++ b/gb-infra/src/scripts/alm-ci.sh
@@ -33,10 +33,6 @@ for i in {1..10}; do
     sleep 3
 done
 
-# Add directory mappings
-lxc config device add "$CONTAINER_NAME" almdata disk source="$HOST_DATA" path=/opt/gbo/data || exit 1
-lxc config device add "$CONTAINER_NAME" almconf disk source="$HOST_CONF" path=/opt/gbo/conf || exit 1
-lxc config device add "$CONTAINER_NAME" almlogs disk source="$HOST_LOGS" path=/opt/gbo/logs || exit 1
 
 # Container setup
 lxc exec "$CONTAINER_NAME" -- bash -c "
@@ -61,6 +57,24 @@ cd \"$BIN_PATH\"
     --token \"$PARAM_ALM_CI_TOKEN\" \\
     --labels \"$ALM_CI_LABELS\" || { echo 'Runner registration failed'; exit 1; }
 
+chown -R gbuser:gbuser /opt/gbo/data /opt/gbo/conf /opt/gbo/logs /opt/gbo/bin
+"
+
+# Set permissions
+echo "[CONTAINER] Setting permissions..."
+EMAIL_UID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -u gbuser)
+EMAIL_GID=$(lxc exec "$PARAM_TENANT"-alm-ci -- id -g gbuser)
+HOST_EMAIL_UID=$((100000 + EMAIL_UID))
+HOST_EMAIL_GID=$((100000 + EMAIL_GID))
+sudo chown -R "$HOST_EMAIL_UID:$HOST_EMAIL_GID" "$HOST_BASE"
+
+
+# Add directory mappings
+lxc config device add "$CONTAINER_NAME" almdata disk source="$HOST_DATA" path=/opt/gbo/data || exit 1
+lxc config device add "$CONTAINER_NAME" almconf disk source="$HOST_CONF" path=/opt/gbo/conf || exit 1
+lxc config device add "$CONTAINER_NAME" almlogs disk source="$HOST_LOGS" path=/opt/gbo/logs || exit 1
+
+lxc exec "$CONTAINER_NAME" -- bash -c "
 # Create systemd service
 cat > /etc/systemd/system/alm-ci.service <<EOF
 [Unit]
diff --git a/gb-infra/src/scripts/drive.sh b/gb-infra/src/scripts/drive.sh
index 99720aa..ca7b476 100644
--- a/gb-infra/src/scripts/drive.sh
+++ b/gb-infra/src/scripts/drive.sh
@@ -1,54 +1,52 @@
 #!/bin/bash
-
-DATA_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/data"
+STORAGE_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/data"
 LOGS_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/logs"
 
-mkdir -p "${DATA_PATH}" "${LOGS_PATH}"
-chmod -R 770 "${DATA_PATH}" "${LOGS_PATH}"
-chown -R 100999:100999 "${DATA_PATH}" "${LOGS_PATH}"
+mkdir -p "${STORAGE_PATH}" "${LOGS_PATH}"
+chmod -R 770 "${STORAGE_PATH}" "${LOGS_PATH}"
+chown -R 100999:100999 "${STORAGE_PATH}" "${LOGS_PATH}"
 
 lxc launch images:debian/12 "${PARAM_TENANT}-drive" -c security.privileged=true
 sleep 15
 
-lxc config device add "${PARAM_TENANT}-drive" storage disk source="${DATA_PATH}" path=/opt/gbo/data
-lxc config device add "${PARAM_TENANT}-drive" logs disk source="${LOGS_PATH}" path=/opt/gbo/logs
+lxc config device add "${PARAM_TENANT}-drive" storage disk source="${STORAGE_PATH}" path=/data
+lxc config device add "${PARAM_TENANT}-drive" logs disk source="${LOGS_PATH}" path=/var/log/minio
 
 lxc exec "${PARAM_TENANT}-drive" -- bash -c '
-
-mkdir -p /opt/gbo/logs /opt/gbo/data /opt/gbo/bin
-useradd -r -s /bin/false gbuser || true
-chown -R gbuser:gbuser /opt/gbo/logs /opt/gbo/data
-
 apt-get update && apt-get install -y wget
-wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /opt/gbo/bin/minio
-chmod +x /opt/gbo/bin/minio
+wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /usr/local/bin/minio
+chmod +x /usr/local/bin/minio
 
-cat > /etc/systemd/system/drive.service <<EOF
+useradd -r -s /bin/false minio-user || true
+mkdir -p /var/log/minio /data
+chown -R minio-user:minio-user /var/log/minio /data
+
+cat > /etc/systemd/system/minio.service <<EOF
 [Unit]
-Description=drive
+Description=MinIO
 After=network.target
 
 [Service]
 Type=simple
-User=gbuser
-Group=gbuser
+User=minio-user
+Group=minio-user
 Environment="MINIO_ROOT_USER='"${PARAM_DRIVE_USER}"'"
 Environment="MINIO_ROOT_PASSWORD='"${PARAM_DRIVE_PASSWORD}"'"
-ExecStart=/opt/gbo/bin/minio server --console-address ":'"${PARAM_DRIVE_PORT}"'" /opt/gbo/data
-StandardOutput=append:/opt/gbo/logs/output.log
-StandardError=append:/opt/gbo/logs/error.log
+ExecStart=/usr/local/bin/minio server --console-address ":'"${PARAM_DRIVE_PORT}"'" /data
+StandardOutput=append:/var/log/minio/output.log
+StandardError=append:/var/log/minio/error.log
 
 [Install]
 WantedBy=multi-user.target
 EOF
 
 systemctl daemon-reload
-systemctl enable drive
-systemctl start drive
+systemctl enable minio
+systemctl start minio
 '
 
-lxc config device remove "${PARAM_TENANT}-drive" drive-proxy 2>/dev/null || true
-lxc config device add "${PARAM_TENANT}-drive" drive-proxy proxy \
+lxc config device remove "${PARAM_TENANT}-drive" minio-proxy 2>/dev/null || true
+lxc config device add "${PARAM_TENANT}-drive" minio-proxy proxy \
     listen=tcp:0.0.0.0:"${PARAM_DRIVE_API_PORT}" \
     connect=tcp:127.0.0.1:"${PARAM_DRIVE_API_PORT}"
 
diff --git a/gb-infra/src/scripts/email.sh b/gb-infra/src/scripts/email.sh
index f66d5c4..7c77945 100644
--- a/gb-infra/src/scripts/email.sh
+++ b/gb-infra/src/scripts/email.sh
@@ -35,16 +35,15 @@ echo "[CONTAINER] Launching LXC container..."
 lxc launch images:debian/12 "$PARAM_TENANT"-email -c security.privileged=true
 sleep 15
 
-# Install Stalwart Mail
 echo "[CONTAINER] Installing Stalwart Mail..."
 lxc exec "$PARAM_TENANT"-email -- bash -c "
-apt-get update && apt-get install -y wget
-wget -O /tmp/stalwart.tar.gz https://github.com/stalwartlabs/stalwart/releases/download/v0.12.3/stalwart-x86_64-unknown-linux-gnu.tar.gz
+apt-get update && apt-get install -y wget libcap2-bin
+wget -O /tmp/stalwart.tar.gz https://github.com/stalwartlabs/stalwart/releases/download/v0.11.8/stalwart-mail-x86_64-unknown-linux-gnu.tar.gz
 tar -xzf /tmp/stalwart.tar.gz -C /tmp
 mkdir -p /opt/gbo/bin
-mv /tmp/stalwart /opt/gbo/bin/stalwart-mail
+mv /tmp/stalwart-mail /opt/gbo/bin/stalwart-mail
 chmod +x /opt/gbo/bin/stalwart-mail
-
+rm /tmp/stalwart.tar.gz
 useradd --system --no-create-home --shell /bin/false email
 mkdir -p /opt/gbo/data /opt/gbo/conf /opt/gbo/logs
 chown -R email:email /opt/gbo/data /opt/gbo/conf /opt/gbo/logs /opt/gbo/bin
@@ -67,7 +66,7 @@ lxc config device add "$PARAM_TENANT"-email emaillogs disk source="$HOST_LOGS" p
 # Create systemd service
 echo "[CONTAINER] Creating email service..."
 lxc exec "$PARAM_TENANT"-email -- bash -c "
-
+chown -R email:email /opt/gbo/data /opt/gbo/conf /opt/gbo/logs /opt/gbo/bin
 
 cat > /etc/systemd/system/email.service <<EOF
 [Unit]
@@ -79,8 +78,7 @@ Type=simple
 User=email
 Group=email
 ExecStart=/opt/gbo/bin/stalwart-mail --config /opt/gbo/conf/config.toml
-StandardOutput=append:/opt/gbo/logs/output.log
-StandardError=append:/opt/gbo/logs/error.log
+WorkingDirectory=/opt/gbo/bin
 Restart=always
 
 [Install]
@@ -122,8 +120,6 @@ for service in "${!PORTS[@]}"; do
     sudo iptables -t nat -A PREROUTING -i $PUBLIC_INTERFACE -p tcp --dport "${PORTS[$service]}" -j DNAT --to-destination "$CONTAINER_IP":"${PORTS[$service]}"
 done
 
-lxc exec $PARAM_TENANT-email -- sudo setcap 'cap_net_bind_service=+ep' /opt/gbo/bin/stalwart-mail
-
 # Save iptables rules again
 if command -v iptables-persistent >/dev/null; then
     sudo iptables-save | sudo tee /etc/iptables/rules.v4