X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=7cc7a32b6244b2b162ef5a16214c579cc3dddc82;hb=7a82762b44f4732f6b075a0cb5d8b258f5022d12;hp=70a15a26d277418dc0edee13612be3b95a3d8438;hpb=718da868cfeee6a0e7b61ef2b95c83fe96178312;p=distro-setup

diff --git a/mail-setup b/mail-setup
index 70a15a2..7cc7a32 100755
--- a/mail-setup
+++ b/mail-setup
@@ -1,4 +1,6 @@
 #!/bin/bash
+set -x
+
 # Copyright (C) 2016 Ian Kelling
 
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -108,7 +110,7 @@ u=$SUDO_USER
 # # host -t txt _dmarc.gmail.com
 # # yahoo: p=reject, hotmail: p=none, gmail: p=none, fastmail none for legacy reasons
 # # there were articles claiming gmail would be  changing
-# # to p=reject, in early 2017, which didn't happen. I see no sources on them. It's
+# # to p=reject, in early 2017, which didn\'t happen. I see no sources on them. It\'s
 # # expected to cause problems
 # # with a few old mailing lists, copying theirs for now.
 #
@@ -253,7 +255,7 @@ smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
 inet_protocols = ipv4
 EOF
     # msg_size_limit: I ran into a log file not sending cuz of size. double from 10 to 20 meg limit
-    # inet_protocols: without this, I've had postfix try an ipv6 lookup then gives
+    # inet_protocols: without this, I\'ve had postfix try an ipv6 lookup then gives
     # up and fail forever. snippet from syslog: type=AAAA: Host not found, try again
 
 
@@ -354,6 +356,57 @@ EOF
     mkdir -p $exim_main_dir
 
 
+
+    #### begin mail cert setup ###
+    f=/usr/local/bin/mail-cert-cron
+    cat >$f <<'EOF'
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+
+f=/a/bin/bash_unpublished/source-semi-priv
+if [[ -e $f ]]; then
+    source $f
+fi
+if [[ $HOSTNAME == $MAIL_HOST ]]; then
+    local_mx=mail.iankelling.org
+    rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li:/etc/letsencrypt/live/$local_mx/"
+    ${rsync_common}fullchain.pem /etc/exim4/exim.crt
+    ${rsync_common}privkey.pem /etc/exim4/exim.key
+fi
+EOF
+    chmod 755 $f
+
+    cat >/etc/systemd/system/mailcert.service <<'EOF'
+[Unit]
+Description=Mail cert rsync
+After=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/log-quiet/sysd-mail-once mailcert /usr/local/bin/mail-cert-cron
+EOF
+
+    cat >/etc/systemd/system/mailcert.timer <<'EOF'
+[Unit]
+Description=Run mail-cert once a day
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target
+EOF
+    systemctl daemon-reload
+    systemctl start mailcert
+    systemctl restart mailcert.timer
+    systemctl enable mailcert.timer
+
+    ##### end mailcert setup #####
+
+
+
     if [[ $HOSTNAME == $MAIL_HOST ]]; then
 
         debconf-set-selections <<EOF
@@ -552,12 +605,12 @@ EOF
 /^\s*mail_location\s*=/d
 EOF
 
-        cat >/etc/dovecot/conf.d/20-lmtp.conf <<'EOF'
+        cat >/etc/dovecot/conf.d/20-lmtp.conf <<EOF
 protocol lmtp {
 #per https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
-  mail_plugins = $mail_plugins sieve
+  mail_plugins = \$mail_plugins sieve
 # default was
-  #mail_plugins = $mail_plugins
+  #mail_plugins = \$mail_plugins
 
 # For a normal setup with exim, we need something like this, which
 # removes the domain part
@@ -573,10 +626,10 @@ protocol lmtp {
 # A normal way to do this, which I did at first is to have
 # a router in exim almost at the end, eg 950,
 #local_catchall:
-#  debug_print = "R: catchall for $local_part@$domain"
+#  debug_print = "R: catchall for \$local_part@\$domain"
 #  driver = redirect
 #  domains = +local_domains
-#  data = ian
+#  data = $u
 # based on
 # http://blog.alteholz.eu/2015/04/exim4-and-catchall-email-address/
 # with superflous options removed.
@@ -584,7 +637,7 @@ protocol lmtp {
 # which makes filtering into mailboxes a little less robust or more complicated,
 # so I've done it this way instead. it also requires
 # modifying the local router in exim.
-  auth_username_format = ian
+  auth_username_format = $u
 }
 
 EOF
@@ -677,7 +730,7 @@ Type=oneshot
 ExecStart=/a/bin/distro-setup/spamd-dns-fix
 EOF
     # 2017-09, debian closed the bug on this saying upstream had fixed it.
-    # remove this when i'm using the newer package, ie, debian 10, or maybe
+    # remove this when i\'m using the newer package, ie, debian 10, or maybe
     # ubuntu 18.04.
     cat >/etc/systemd/system/spamddnsfix.timer <<'EOF'
 [Unit]
@@ -700,53 +753,6 @@ EOF
     #####   end spamassassin config
 
 
-    f=/usr/local/bin/mail-cert-cron
-    cat >$f <<'EOF'
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-
-f=/a/bin/bash_unpublished/source-semi-priv
-if [[ -e $f ]]; then
-    source $f
-fi
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
-    local_mx=mail.iankelling.org
-    rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li:/etc/letsencrypt/live/$local_mx/"
-    ${rsync_common}fullchain.pem /etc/exim4/exim.crt
-    ${rsync_common}privkey.pem /etc/exim4/exim.key
-fi
-EOF
-    chmod 755 $f
-
-    cat >/etc/systemd/system/mailcert.service <<'EOF'
-[Unit]
-Description=Mail cert rsync
-After=multi-user.target
-
-[Service]
-Type=oneshot
-ExecStart=/a/bin/log-quiet/sysd-mail-once mailcert /usr/local/bin/mail-cert-cron
-EOF
-
-    cat >/etc/systemd/system/mailcert.timer <<'EOF'
-[Unit]
-Description=Run mail-cert once a day
-
-[Timer]
-OnCalendar=daily
-
-[Install]
-WantedBy=timers.target
-EOF
-    systemctl daemon-reload
-    systemctl start mailcert
-    systemctl restart mailcert.timer
-    systemctl enable mailcert.timer
-
-
-
 
 
 
@@ -838,26 +844,26 @@ EOF
     sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b
     systemctl restart exim4
 
-        fi  # end if exim4
+fi  #### end if exim4
 
-         # /etc/alias setup is debian specific, and
-         # exim config sets up an /etc/alias from root to the postmaster, which i
-         # config to ian, as long as there exists an entry for root, or there was
-         # no preexisting aliases file. based on the postinst file. postfix
-         # won't set up a root to $postmaster alias if it's already installed.
-         # Since postfix is not the greatest, just set it ourselves.
-         if [[ $postmaster != root ]]; then
-             sed -i --follow-symlinks -f - /etc/aliases <<EOF
+# /etc/alias setup is debian specific, and
+# exim config sets up an /etc/alias from root to the postmaster, which i
+# config to ian, as long as there exists an entry for root, or there was
+# no preexisting aliases file. based on the postinst file. postfix
+# won\'t set up a root to $postmaster alias if it\'s already installed.
+# Since postfix is not the greatest, just set it ourselves.
+if [[ $postmaster != root ]]; then
+    sed -i --follow-symlinks -f - /etc/aliases <<EOF
 \$a root: $postmaster
 /^root:/d
 EOF
-             newaliases
-         fi
+    newaliases
+fi
 
 # put spool dir in directory that spans multiple distros.
 # based on http://www.postfix.org/qmgr.8.html and my notes in gnus
 #
-# todo: I'm suspicious of uids for Debian-exim being the same across
+# todo: I\'m suspicious of uids for Debian-exim being the same across
 # distros. It would be good to test this.
 dir=/nocow/$type
 sdir=/var/spool/$type