2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
9 # Copyright 2024 Ian Kelling
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
15 # http://www.apache.org/licenses/LICENSE-2.0
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
24 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
26 [[ $EUID == 0 ]] ||
exec sudo
-E "${BASH_SOURCE[0]}" "$@"
29 # For first run, accept host key. Note, known_hosts is saved in /p.
31 opt
=(-e 'ssh -oStrictHostKeyChecking=no')
35 f
=/a
/bin
/bash_unpublished
/source-state
37 # shellcheck source=/a/bin/bash_unpublished/source-state
43 # ||: is to allow for temporary connection issues.
44 rsync
"${opt[@]}" -ogtL --chown=root
:Debian-exim
--chmod=640 \
45 root@li.iankelling.org
:/etc
/letsencrypt
/live
/mail.iankelling.org
/{fullchain.pem
,privkey.pem
} /etc
/exim4 ||
:
46 if ! openssl x509
-checkend $
(( 60 * 60 * 24 * 3 )) -noout -in /etc
/exim
4/fullchain.pem
; then
47 echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
53 # note: exim spec, 5.3 command line option -bd says that all files except
54 # .include "are reread each time they are used."