scripts/nextcloud-mail-sync.sh

@@ -11,9 +11,11 @@ if ! command -v jq >/dev/null 2>&1; then
 fi
 
 account_exists() {
-  # Skip if the account email is already present in the mail app.
-  runuser -u www-data -- php occ mail:account:list 2>/dev/null | grep -Fq " ${1}" || \
-    runuser -u www-data -- php occ mail:account:list 2>/dev/null | grep -Fq "${1} "
+  local user_id="${1}"
+  local email="${2}"
+
+  # Nextcloud Mail does not provide a list command; export is safe (does not print passwords).
+  php occ mail:account:export "${user_id}" 2>/dev/null | grep -Fq -- "- E-Mail: ${email}"
 }
 
 token=$(
@@ -29,6 +31,8 @@ if [[ -z "${token}" || "${token}" == "null" ]]; then
   exit 1
 fi
 
+cd /var/www/html
+
 users=$(curl -s -H "Authorization: Bearer ${token}" \
   "${KC_BASE}/admin/realms/${KC_REALM}/users?max=2000")
 
@@ -37,13 +41,13 @@ echo "${users}" | jq -c '.[]' | while read -r user; do
   email=$(echo "${user}" | jq -r '.email // empty')
   app_pw=$(echo "${user}" | jq -r '.attributes.mailu_app_password[0] // empty')
   [[ -z "${email}" || -z "${app_pw}" ]] && continue
-  if account_exists "${email}"; then
+  if account_exists "${username}" "${email}"; then
     echo "Skipping ${email}, already exists"
     continue
   fi
   echo "Syncing ${email}"
-  runuser -u www-data -- php occ mail:account:create \
+  php occ mail:account:create \
     "${username}" "${username}" "${email}" \
     mail.bstein.dev 993 ssl "${email}" "${app_pw}" \
-    mail.bstein.dev 587 tls "${email}" "${app_pw}" login || true
+    mail.bstein.dev 587 tls "${email}" "${app_pw}" || true
 done