- role: alertmanager
alertmanager_smtp:
- smarthost: 'mail.iankelling.org:587'
+ smarthost: 'mx.iankelling.org:587'
from: "alerts@iankelling.org"
require_tls: false
hello: 'defaultnn.b8.nz'
# needed for li's local mail delivery.
- tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org"
+ tu /etc/hosts <<<"10.8.0.4 mx.iankelling.org"
# wgmail handles this.
#sgo vpn-mail-forward.service
# setup let's encrypt cert
m web-conf apache2 mail.iankelling.org
+ # TODO, i expanded the above cert manually to mx.iankelling.org, this should be captured
+ # in the automation here. We use mail.iankelling.org as our ehlo name when sending mail
+ # but our mx record is mx.iankelling.org. Initially I was just using mail.iankelling.org,
+ # but the problem is I want multiple ips to be able to identify as mail.iankelling.org,
+ # but a subset to be mx.iankelling.org. Afaik, there is no problem with having
+ # our mail cert be for mail.iankelling.org, and have people connect to mx.ian...,
+ # but it doesn't make logical sense to do this.
sudo rm -fv /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf
ser reload apache2
sgo dynamicipupdate.timer
-sgo epanicclean.timer
# stop autopoping windows when i plug in an android phone.
fi
}
+
+pl=/var/log/exim4/paniclog
main() {
- if [[ ! -s /var/log/exim4/paniclog ]]; then
+ if [[ ! -s $pl ]]; then
return 0
fi
# seems to randomly be caused by
# Starting exim4-base housekeeping, exim4-base.service
regex="^[^ ]* 00:00:0.* Failed writing transport results to pipe: Broken pipe$"
- grep "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive ||:
- sed -i "/$regex/d" /var/log/exim4/paniclog
+ grep "$regex" $pl >> $pl-archive ||:
+ sed -i "/$regex/d" $pl
+
+ ## begin broken pipe ##
+ regex="Failed writing transport results to pipe: Broken pipe$"
+ now_s=$(date +%s)
+ newlines=false
+ count=0
+ while read -r day time _; do
+ log_s=$(date -d "$day $time" +%s)
+ count=$((count+1))
+ if (( now_s - 300 > log_s )); then
+ newlines=true
+ fi
+ done < <(grep "$regex" $pl ||:)
+ if (( count )); then
+ # i see these in groups of 3 for the same message around once a day
+ # randomly. I'm guessing they are related to running 2 instances of
+ # exim which share the same spool. So, if we have some, but not in
+ # the last 5 minutes, and less than 20, it should be fine to clear
+ # them.
+ if (( count > 20 )); then
+ cat $pl
+ elif ! $newlines; then
+ grep "$regex" $pl >>$pl-archive
+ sed -i "/$regex/d" $pl
+ fi
+ fi
+ ## end broken pipe ##
while read -r service regex; do
found=false
wipe=false
break
fi
- done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog)
+ done < <(awk "/$regex/ "'{print $1,$2}' $pl)
if $found && $wipe; then
d "wiping $regex"
- if [[ ! -w /var/log/exim4/paniclog-archive ]]; then
- touch /var/log/exim4/paniclog-archive
- chgrp adm /var/log/exim4/paniclog-archive
- chmod 664 /var/log/exim4/paniclog-archive
+ if [[ ! -w $pl-archive ]]; then
+ touch $pl-archive
+ chgrp adm $pl-archive
+ chmod 664 $pl-archive
fi
- grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive ||:
- sed -ri "/$regex/d" /var/log/exim4/paniclog
+ grep -E "$regex" $pl >> $pl-archive ||:
+ sed -ri "/$regex/d" $pl
fi
done <<'EOF'
clamav-daemon malware acl condition
for service; do
# ignore services that dont exist
if systemctl cat $service &>/dev/null; then
- m systemctl stop $service;
- m systemctl disable $service
+ m systemctl disable --now $service
fi
done
}
# * Install universal packages
+
+# installs epanicclean
+/a/bin/ds/install-my-scripts
+
if [[ $(debian-codename-compat) == bionic ]]; then
cat >/etc/apt/preferences.d/spamassassin <<'EOF'
Package: spamassassin sa-compile spamc
# old.
#vpnser=mailvpn.service
+# todo: this hangs if it cant resolv the endpoint. we
+# want it to just retry in the background.
vpnser=wg-quick@wgmail.service
case $HOSTNAME in
bk)
bindpaths="/etc/10.173.8.1-resolv:/etc/127.0.0.1-resolv"
;;&
+ *)
+ d=/p/c/machine_specific/$HOSTNAME/filesystem/etc/wireguard/
+ if [[ -d $d ]]; then
+ rsync -aiSAX --chown=root:root --chmod=g-s $d /etc/wireguard
+ fi
+ ;;
esac
i /etc/systemd/system/wg-quick@wgmail.service.d/override.conf <<EOF
# https://github.com/nextcloud/user_external#readme
# plus mailinabox example
-\$CONFIG['user_backends'] = array(array('class' => 'OC_User_IMAP','arguments' => array('127.0.0.1', 143, null),),);
+#\$CONFIG['user_backends'] = array(array('class' => 'OC_User_IMAP','arguments' => array('127.0.0.1', 143, null),),);
# based on installer check
/a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]]
# note: i put nn.b8.nz into bind for good measure
-10.173.8.2 nn.b8.nz mail.iankelling.org
+10.173.8.2 nn.b8.nz mx.iankelling.org
EOF
# note: systemd-resolved will consult /etc/hosts, dnsmasq wont. this assumes
# weve configured this file in dnsmasq if we are using it.
/a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
-server=/mail.iankelling.org/127.0.1.1
+server=/mx.iankelling.org/127.0.1.1
EOF
# I used to use debconf-set-selections + dpkg-reconfigure,
# which then updates this file
transport = backup_maildir
EOF
-
wgholeip=$(sed -rn 's/^ *Address *= *([^/]+).*/\1/p' /etc/wireguard/wghole.conf)
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
dc_other_hostnames='eximbackup.b8.nz'
dc_local_interfaces='127.0.0.1;::1;$wgholeip'
+
EOF
else
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
m systemctl daemon-reload
fi
+sstart epanicclean.timer
+
case $HOSTNAME in
je)
/a/exe/web-conf apache2 je.b8.nz
fi
if ! systemctl is-active clamav-daemon >/dev/null; then
sstart clamav-daemon
+ out=$(rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/filesystem/etc/systemd/system/epanicclean.{timer,service} /etc/systemd/system)
+ if [[ $out ]]; then
+ reload=true
+ fi
+
# note, this will cause paniclog entries because it takes like 45
# seconds for clamav to start, i use ./epanic-clean to remove
# them.
$MAIL_HOST|bk|je)
cat >/usr/local/bin/send-test-forward <<'EOF'
#!/bin/bash
-exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$' | xargs /sbin/exim -Mrm >/dev/null
+olds=(
+/sbin/exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$')
+if (( ${#olds[@]} )); then
+ /sbin/exim -Mrm "${olds[@]}" >/dev/null
+fi
EOF
for test_from in ${test_froms[@]}; do
cat >>/usr/local/bin/send-test-forward <<EOFOUTER
if [[ -s /var/log/exim4/paniclog ]]; then
chars+=("PANIC!")
- tail -n 20 /var/log/exim4/paniclog | lo -1 paniclog
- else
- lo -1 paniclog
+ # leave it up to epanic-clean to send email notification
fi
source /a/bin/bash_unpublished/source-state
<AB09> = 60;
<AB10> = 61;
<RTSH> = 62;
- <KPMU> = 63;
+ <KPMU> = 105;
# <LALT> = 64;
<LALT> = 108;
<SPCE> = 65;
<KP4> = 83;
<KP5> = 84;
<KP6> = 85;
- <KPAD> = 66;
+# <KPAD> = 66; # old
+ <KPAD> = 86;
<KP1> = 87;
<KP2> = 88;
<KP3> = 89;
<LSGT> = 94;
<FK11> = 95;
<FK12> = 96;
+ <FK12> = 66;
<AB11> = 97;
<KATA> = 98;
<HIRA> = 99;
<JPCM> = 103;
<KPEN> = 104;
# <RCTL> = 105;
- <KPDV> = 105;
+ <KPDV> = 106;
<PRSC> = 107;
#<RALT> = 108;
<RALT> = 135;
iankelling.org / git / distro-setup / commitdiff