X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=702c1d348a0d74e1a16d873a00c9adcc3c8ea4b1;hb=593244c5579d4b80ede8080d263ca4f52308dbea;hp=86464f1aaf3ca337bb9ef2ede0d7e94f32826550;hpb=12cab163424e3a7b0815646d1d4407f9b5839bcb;p=distro-setup

diff --git a/mail-setup b/mail-setup
index 86464f1..702c1d3 100755
--- a/mail-setup
+++ b/mail-setup
@@ -369,7 +369,7 @@ fi
 bhost_t=false
 case $HOSTNAME in
   $MAIL_HOST) : ;;
-  kd|frodo|x2|x3|kw|sy)
+  kd|frodo|x2|x3|kw|sy|bo)
     bhost_t=true
     ;;
 esac
@@ -846,7 +846,7 @@ awk 'BEGIN { FS = ":" } ; $6 ~ /^\/home/ && $7 !~ /\/nologin$/ { print $1 }' /et
   case $HOSTNAME in
     $MAIL_HOST)
       sed -i "/^user:/d" /etc/aliases
-    ;;
+      ;;
     *)
       if ! grep -q "^$user:" /etc/aliases; then
         echo "$user: root" |m tee -a /etc/aliases
@@ -1418,7 +1418,6 @@ ssl = required
 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ssl_protocols = TLSv1.2
 ssl_prefer_server_ciphers = no
-ssl_dh_parameters_length = 2048
 
 protocol lmtp {
 #per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
@@ -2424,10 +2423,10 @@ EOF
 
     # this avoids some error. i cant remember what. todo:
     # test it out and document why/if its needed.
-#     i /etc/exim4/host_local_deny_exceptions <<'EOF'
-# mail.fsf.org
-# *.posteo.de
-# EOF
+    #     i /etc/exim4/host_local_deny_exceptions <<'EOF'
+    # mail.fsf.org
+    # *.posteo.de
+    # EOF
 
     # cron email from smarthost hosts will automatically be to
     # USER@FQDN. I redirect that to alerts@, on the smarthosts, but in
@@ -2659,14 +2658,22 @@ backup_local:
 EOF
 
       # Bind to wghole to receive mailbackup.
-      # todo: will wghole fail to start without internet connectivity?
-      # if so, we need to set it automatically restart infinitely,
-      # and same with exim.
       wgholeip=$(sed -rn 's/^ *Address *= *([^/]+).*/\1/p' /etc/wireguard/wghole.conf)
       cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 dc_other_hostnames='eximbackup.b8.nz'
 dc_local_interfaces='127.0.0.1;::1;$wgholeip'
 EOF
+
+      # wghole & thus exim will fail to start without internet connectivity.
+      i /etc/systemd/system/exim4.service.d/backup.conf <<'EOF'
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+Restart=always
+RestartSec=300
+EOF
+
     else
       cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 # Note: If theres like a temporary problem where mail gets sent to
@@ -2674,6 +2681,7 @@ EOF
 # instead of a permanent 5xx.
 dc_local_interfaces='127.0.0.1;::1'
 EOF
+      rm -fv /etc/systemd/system/exim4.service.d/backup.conf
     fi
     cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 dc_eximconfig_configtype='smarthost'
@@ -2701,9 +2709,9 @@ case $HOSTNAME in
     m rsync -ra --delete /etc/exim4/ /etc/myexim4
     # If we ever wanted to have a separate spool,
     # we could do it like this.
-#     cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF'
-# spool_directory = /var/spool/myexim4
-# EOF
+    #     cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF'
+    # spool_directory = /var/spool/myexim4
+    # EOF
     cat >>/etc/myexim4/update-exim4.conf.conf <<'EOF'
 dc_eximconfig_configtype='smarthost'
 dc_smarthost='nn.b8.nz'
@@ -2875,7 +2883,7 @@ sre exim4
 case $HOSTNAME in
   $MAIL_HOST)
     m systemctl --now enable mailbindwatchdog
-  ;;
+    ;;
   *)
     soff mailbindwatchdog
     ;;