X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=mail-setup;h=f5553d3e36a6f557d7d55b5a8ce9d85ca774f8fb;hb=e801d1a57f0b30c57c6f644ab06a0f790159b236;hp=eb3689ebf535c4aa162ad884443aea6d2b6e0bed;hpb=f27b67a1dfa58b5f101bba607b2f91a73e65299e;p=distro-setup

diff --git a/mail-setup b/mail-setup
index eb3689e..f5553d3 100755
--- a/mail-setup
+++ b/mail-setup
@@ -361,7 +361,10 @@ reload=false
 if [[ -e /var/local/mail-setup-reload ]]; then
   reload=true
 fi
-u() { # update file. note: duplicated in brc
+# update file.
+# if the file changed, ur=true, else false.
+# note: duplicated in brc
+u() {
   local tmp tmpdir dest="$1"
   local base="${dest##*/}"
   local dir="${dest%/*}"
@@ -581,30 +584,17 @@ case $HOSTNAME in
 esac
 
 
-lines=(
-  "/etc/resolved-nsswitch/nsswitch.conf r,"
-  "/etc/basic-nsswitch/nsswitch.conf r,"
-  # Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
-  # I dont know if this is quite the right fix, but I saw other sockets
-  # in the nameservice files that were rw, so figured it was ok to add this and it worked.
-  "/run/systemd/resolve/io.systemd.Resolve rw,"
-)
-f=/etc/apparmor.d/abstractions/nameservice
-apparmor_reload=false
-if [[ -e $f ]]; then
-  for l in "${lines[@]}"; do
-    if ! grep -qF "$l" $f; then
-      sudo sed -i "/\/nsswitch.conf/a $l" $f
-      apparmor_reload=true
-      if ! grep -qF "$l" $f; then
-        echo "$0: failed editing $f. investigate"
-        exit 1
-      fi
-    fi
-  done
-  if $apparmor_reload && systemctl is-active apparmor; then
-    m ser reload apparmor
-  fi
+u /etc/apparmor.d/abstractions/nameservice.d/iank <<'EOF'
+/etc/resolved-nsswitch/nsswitch.conf r,
+/etc/basic-nsswitch/nsswitch.conf r,
+# Aug 06 23:09:11 kd audit[3995]: AVC apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/systemd/resolve/io.systemd.Resolve" pid=3995 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=101
+# I dont know if this is quite the right fix, but I saw other sockets
+# in the nameservice files that were rw, so figured it was ok to add this and it worked.
+/run/systemd/resolve/io.systemd.Resolve rw,
+EOF
+
+if $ur && systemctl is-active apparmor; then
+  m systemctl reload apparmor
 fi
 
 
@@ -3084,10 +3074,11 @@ case $HOSTNAME in
     # which will overwrite any existing file
     u /etc/default/exim4 <<'EOF'
 QUEUERUNNER='combined'
-# note: this is duplicated in brc2, 10m here is -q10m there.
 QUEUEINTERVAL='10m'
 COMMONOPTIONS='-C /etc/exim4/my.conf'
 UPEX4OPTS='-o /etc/exim4/my.conf'
+# in t12 exim, this replaces all the above options
+EXIMSERVICE='-bdf -q10m -C /etc/exim4/my.conf'
 # i use epanic-clean for alerting if there are bad paniclog entries
 E4BCD_WATCH_PANICLOG='no'
 EOF
@@ -3285,6 +3276,10 @@ bounce_debbugs:
 EOF
 
     install -m=0775 -d -g Debian-exim -o iank /var/spool/exim4/gw
+    f=/var/spool/exim4/gw/.no-delay-eximids
+    if [[ ! -e $f ]]; then
+      install -g Debian-exim -o iank /dev/null $f
+    fi
     u /etc/exim4/conf.d/router/155_delay <<'EOF'
 # By default, delay sending email by 30-40 minutes in case I
 # change my mind.