-if postfix; then
- # dunno why, but debian installed postfix with builddep emacs
- # but I will just explicitly install it here since
- # I use it for sending mail in emacs.
- if command -v apt-get &> /dev/null; then
- debconf-set-selections <<EOF
-postfix postfix/main_mailer_type select Satellite system
-postfix postfix/mailname string $(hostname -f)
-postfix postfix/relayhost string $relayhost
-postfix postfix/root_address string $postmaster
-EOF
- if dpkg -s postfix &>/dev/null; then
- while fuser /var/lib/dpkg/lock &>/dev/null; do sleep 1; done
- dpkg-reconfigure -u -fnoninteractive postfix
- else
- pi postfix
- fi
- else
- source /a/bin/distro-functions/src/package-manager-abstractions
- pi postfix
- # Settings from reading the output when installing on debian,
- # then seeing which were different in a default install on arch.
- # I assume the same works for fedora.
- postconfin <<EOF
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-relayhost = $relayhost
-inet_interfaces = loopback-only
-EOF
-
- systemctl enable postfix
- systemctl start postfix
- fi
- # i\'m assuming mail just won\'t work on systems without the sasl_passwd.
- postconfin <<'EOF'
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_tls_security_level = secure
-message_size_limit = 20480000
-smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-inet_protocols = ipv4
-EOF
- # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
- # inet_protocols: without this, I\'ve had postfix try an ipv6 lookup then gives
- # up and fail forever. snippet from syslog: type=AAAA: Host not found, try again
-
-
- f=/etc/postfix/sasl_passwd
- install -m 600 /dev/null $f
- cat /etc/mailpass| while read -r domain port pass; do
- # format: domain port user:pass
- # mailpass is just a name i made up, since postfix and
- # exim both use a slightly crazy format to translate to
- # each other, it\'s easier to use my own format.
- printf "[%s]:%s %s" "$domain" "$port" "${pass/@/#}" >>$f
- done
- postmap hash:/etc/postfix/sasl_passwd
- # need restart instead of reload when changing
- # inet_protocols
- service postfix restart
-
-else # begin exim. has debian specific stuff for now
-
- pi openvpn
-
- if [[ -e /p/c/filesystem ]]; then
- # allow failure of these commands when our internet is down, they are likely not needed,
- # we check that a valid cert is there already.
- # to put the hostname in the known hosts
- if ! ssh -o StrictHostKeyChecking=no root@li.iankelling.org :; then
- # This just causes failure if our cert is going to expire in the next 30 days.
- # Certs I generate last 10 years.
- openssl x509 -checkend $(( 60 * 60 * 24 * 30 )) -noout -in /etc/openvpn/mail.crt
- else
- # note, man openvpn implies we could just call mail-route on vpn startup/shutdown with
- # systemd, buuut it can remake the tun device unexpectedly, i got this in the log
- # after my internet was down for a bit:
- # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
- /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
- fi
- fi
-
- cat >/etc/systemd/system/offlineimapsync.timer <<'EOF'