#!/bin/bash # migrate-tenant-mail-config.sh # # Idempotente: recorre todos los tenants en /var/cpanel/users/ y patchea su # .env para usar SMTP local (localhost:25) + agregar variables MAIL_*_HOLA y # MAIL_*_NOREPLY si aún no están. # # Resuelve el peer-cert mismatch histórico de mail.lacompaniadigital.com:465. # # Uso: # migrate-tenant-mail-config.sh --dry-run # solo reporta # migrate-tenant-mail-config.sh --apply # patchea # # Requisitos: # - Correr como root en VPS1 (o adaptar el path de cPanel users en VPS2) # - Cargar HOLA_MAIL_PASSWORD y NOREPLY_MAIL_PASSWORD desde # /root/scripts/.airtable.env (o exportarlos antes de invocar) set -uo pipefail DRY_RUN=false APPLY=false for arg in "$@"; do case "$arg" in --dry-run) DRY_RUN=true ;; --apply) APPLY=true ;; --help|-h) sed -n '2,15p' "$0" exit 0 ;; esac done if ! $DRY_RUN && ! $APPLY; then echo "ERROR: pasar --dry-run o --apply" >&2 exit 1 fi # Cargar credenciales (si existen) if [ -r /root/scripts/.airtable.env ]; then set -a source /root/scripts/.airtable.env set +a fi HOLA_USER="${HOLA_MAIL_USERNAME:-hola@bewpro.com}" HOLA_PASS="${HOLA_MAIL_PASSWORD:-}" NOREPLY_USER="${NOREPLY_MAIL_USERNAME:-noreply@bewpro.com}" NOREPLY_PASS="${NOREPLY_MAIL_PASSWORD:-}" USERS_DIR="/var/cpanel/users" if [ ! -d "$USERS_DIR" ]; then echo "ERROR: $USERS_DIR no existe — ¿estás en VPS con cPanel?" >&2 exit 2 fi CHECKED=0 PATCHED=0 SKIPPED=0 FAILED=0 for user in $(ls "$USERS_DIR"); do # Saltar archivos no-tenant (ej: 'cache', '.lock', etc.) [ -d "/home/${user}" ] || continue # Buscar .env en la convención BewPro (git-files/{user}) o legacy ({bewpro}) ENV_PATH="" for candidate in \ "/home/${user}/public_html/git-files/${user}/.env" \ "/home/${user}/public_html/bewpro/.env" \ "/home/${user}/public_html/git-files/.env"; do [ -f "$candidate" ] && ENV_PATH="$candidate" && break done if [ -z "$ENV_PATH" ]; then SKIPPED=$((SKIPPED + 1)) continue fi CHECKED=$((CHECKED + 1)) # ¿Ya está migrado? CURRENT_HOST=$(grep '^MAIL_HOST=' "$ENV_PATH" | head -1 | cut -d= -f2-) HAS_HOLA=$(grep -c '^MAIL_USERNAME_HOLA=' "$ENV_PATH" 2>/dev/null || echo 0) HAS_NOREPLY=$(grep -c '^MAIL_USERNAME_NOREPLY=' "$ENV_PATH" 2>/dev/null || echo 0) NEEDS_HOST_FIX=false if [[ "$CURRENT_HOST" == *"lacompaniadigital.com"* ]] || [[ "$CURRENT_HOST" == "smtp.mailgun.org" ]]; then NEEDS_HOST_FIX=true fi NEEDS_HOLA_NOREPLY=false if [ "$HAS_HOLA" -eq 0 ] || [ "$HAS_NOREPLY" -eq 0 ]; then NEEDS_HOLA_NOREPLY=true fi if ! $NEEDS_HOST_FIX && ! $NEEDS_HOLA_NOREPLY; then continue fi echo " [${user}]" $NEEDS_HOST_FIX && echo " - host actual: ${CURRENT_HOST} → migrar a localhost:25" $NEEDS_HOLA_NOREPLY && echo " - faltan MAIL_*_HOLA / MAIL_*_NOREPLY" if $APPLY; then # Backup cp "$ENV_PATH" "${ENV_PATH}.bak-pre-mail-migration-$(date +%Y%m%d-%H%M%S)" if $NEEDS_HOST_FIX; then sed -i \ -e 's|^MAIL_MAILER=.*|MAIL_MAILER=sendmail|' \ -e 's|^MAIL_HOST=.*|MAIL_HOST=localhost|' \ -e 's|^MAIL_PORT=.*|MAIL_PORT=25|' \ -e 's|^MAIL_USERNAME=.*|MAIL_USERNAME=null|' \ -e 's|^MAIL_PASSWORD=.*|MAIL_PASSWORD=null|' \ -e 's|^MAIL_ENCRYPTION=.*|MAIL_ENCRYPTION=null|' \ "$ENV_PATH" fi if $NEEDS_HOLA_NOREPLY; then grep -q '^MAIL_USERNAME_HOLA=' "$ENV_PATH" || echo "MAIL_USERNAME_HOLA=${HOLA_USER}" >> "$ENV_PATH" grep -q '^MAIL_PASSWORD_HOLA=' "$ENV_PATH" || echo "MAIL_PASSWORD_HOLA=${HOLA_PASS}" >> "$ENV_PATH" grep -q '^MAIL_USERNAME_NOREPLY=' "$ENV_PATH" || echo "MAIL_USERNAME_NOREPLY=${NOREPLY_USER}" >> "$ENV_PATH" grep -q '^MAIL_PASSWORD_NOREPLY=' "$ENV_PATH" || echo "MAIL_PASSWORD_NOREPLY=${NOREPLY_PASS}" >> "$ENV_PATH" fi chown "${user}:${user}" "$ENV_PATH" 2>/dev/null || true # Clear Laravel config cache su - "${user}" -c "cd $(dirname "$ENV_PATH") && php artisan config:clear" >/dev/null 2>&1 || true PATCHED=$((PATCHED + 1)) echo " ✓ patched" else PATCHED=$((PATCHED + 1)) echo " [DRY] would patch" fi done echo echo "Summary: checked=${CHECKED} patched=${PATCHED} skipped=${SKIPPED} failed=${FAILED}" $DRY_RUN && echo "(dry-run — re-correr con --apply)"