########### begin section including li ################
-case $distro in
- debian)
- if [[ `debian-archive` == testing ]]; then
- pi acme-tiny
- fi
-esac
-
case $distro in
fedora) spa unrar ;;
*) spa unrar-free ;;
# disable motd junk.
-case $(distro-name) in
+case $distro in
debian)
# allows me to pipe with ssh -t, and gets rid of spam
# http://forums.debian.net/viewtopic.php?f=5&t=85822
pi "${simple_packages[@]}"
simple_packages=()
+
+case $distro in
+ debian)
+ if isdebian-testing; then
+ p install --install-suggests jessie-backports certbot python-certbot-nginx
+ else
+ p install --install-suggests -t jessie-backports certbot python-certbot-nginx
+ fi
+ # make a version of the certbot timer that emails me.
+ x=/systemd/system/certbot
+ $sed -r -f - /lib$x.timer <<'EOF' |s dd of=/etc${x}mail.timer
+s,^Description.*,\0 mail version,
+EOF
+ $sed -r -f - /lib$x.service <<'EOF' |s dd of=/etc${x}mail.service
+s,(ExecStart=)(/usr/bin/certbot),\1/a/bin/log-quiet/sysd-mail-once certbotmail \2,
+EOF
+ ser daemon-reload
+ sgo certbotmail.timer
+
+ ;;
+ # todo: other distros unknown
+esac
+
# website setup
case $HOSTNAME in
lj|li)
EOF
ser daemon-reload
ser enable vpnmail.service
- acme-tiny-wrapper mail.iankelling.org
- # needed for li's local mail delivery. there might
- # be a better way to do it that doesn't require disabling
- # it during le verification, but whatever for now.
- f=/etc/cron.daily/lets-encrypt-mail_iankelling_org
+ # needed for li's local mail delivery.
l="10.8.0.4 mail.iankelling.org"
tu /etc/hosts <<<"$l"
- s sed -i '/^\s*sysv acme-tiny-wrapper/i sed -i /^10\.8\.0\.4/d /etc/hosts' $f
- echo "echo $l >>/etc/hosts" | s tee -a $f
sgo openvpn
domain=cal.iankelling.org
- acme-tiny-wrapper $domain
- apache-site -f 10.8.0.4:5232 - $domain <<'EOF'
+ web-conf -f 10.8.0.4:5232 - apache2 $domain <<'EOF'
#https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authtype
<Directory "/var/www/cal.iankelling.org/html">
Options +FollowSymLinks +Multiviews +Indexes
# for testing browser when only listening to localhost,
# in the pump.io.json, set hostname localhost, urlPort 5233
#ssh -L 5233:localhost:5233 li
- acme-tiny-wrapper -c /home/pumpio pump.iankelling.org
s mkdir -p /var/log/pumpio/
s chown pumpio:pumpio /var/log/pumpio/
- apache-site -c /home/pumpio - pump.iankelling.org <<'EOF'
+ web-conf -c /home/pumpio - apache2 pump.iankelling.org <<'EOF'
# currently a bug in pump that we cant terminate ssl
SSLProxyEngine On
ProxyPreserveHost On
# docker daemon takes care of starting on boot.
docker-compose up -d
- acme-tiny-wrapper mast.iankelling.org
s a2enmod proxy_wstunnel headers
- apache-site -f 3000 - mast.iankelling.org <<'EOF'
+ web-conf -f 3000 - apache2 mast.iankelling.org <<'EOF'
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /500.html !
User=ian
Type=oneshot
# about 24 hours of failures
-ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e run
+# it copies over its files without respecting symlinks, so
+# we pass options to use different location.
+ExecStart=/a/bin/log-quiet/sysd-mail-once -288 rss2email r2e -d /p/c/rss2email.json -c /p/c/rss2email.cfg run
EOF
s dd of=/etc/systemd/system/rss2email.timer <<'EOF'
[Unit]
iankelling.org / git / distro-setup / commitdiff