# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# todo: we should test failed mail daily or so
+# failed cronjob, failed sysd-log-once,
+# a local bounce from a cronjob, a local bounce
+# to a bad remote address, perhaps a local failure
+# when the sending daemon is down.
+# And send an alert email if no alerts have been sent
+# in 2 or 3 days or something.
+
# todo: look at mailinabox extra dns records
-#
-# todo: i think daemon-reload
-# is being called when it shouldnt when rereunning we are probably
-# updating systemd config file that doesnt need to be or something.
# todo: mailtest-check failure on remote hosts is not going to alert me.
# sort that out.
exit 1
fi
source /a/bin/distro-functions/src/identify-distros
+source /a/bin/distro-functions/src/package-manager-abstractions
# has nextcloud_admin_pass in it
f=/p/c/machine_specific/$HOSTNAME/mail
if [[ -e $f ]]; then
+ # shellcheck source=/p/c/machine_specific/bk/mail
source $f
fi
fi
rm -rf $tmpdir
}
+setini() {
+ key="$1" value="$2" section="$3"
+ file="/etc/radicale/config"
+ sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
+}
soff () {
for service; do
m systemctl stop $service;
m systemctl enable $service;
done
}
-e() { printf "%s\n" "$*"; }
-pi() { # package install without starting daemons
- local f
- if dpkg -s -- "$@" &> /dev/null; then
- return 0;
- fi;
- while fuser /var/lib/dpkg/lock &>/dev/null; do sleep 1; done
- f=/var/cache/apt/pkgcache.bin;
- if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
- m apt-get update
- fi
- f=/usr/sbin/policy-rc.d
- dd of=$f 2>/dev/null <<EOF
-#!/bin/sh
-exit 101
-EOF
- chmod +x $f
- ret=
- DEBIAN_FRONTEND=noninteractive m apt-get -y install --purge --auto-remove "$@" || ret=$?
- rm $f
- if [[ $ret ]]; then
- err-exit $ret "failed apt-get install above"
- fi
+mailhost() {
+ [[ $HOSTNAME == "$MAIL_HOST" ]]
}
+e() { printf "%s\n" "$*"; }
reifactive() {
for service; do
if systemctl is-active $service >/dev/null; then
fi
-## * Install packages
+# * Install universal packages
if [[ $(debian-codename-compat) == bionic ]]; then
cat >/etc/apt/preferences.d/spamassassin <<'EOF'
# our nostart pi fails to avoid enabling
-### * user forward file
+# * user forward file
case $HOSTNAME in
$MAIL_HOST)
# afaik, these will get ignored on MAIL_HOST because they are routing to my own
for unit in ${nn_progs[@]}; do
i /etc/systemd/system/$unit.service.d/nn.conf <<'EOF'
[Unit]
-JoinsNamespaceOf=mailnn.service
-
-[Service]
-PrivateNetwork=true
-EOF
- i /etc/systemd/system/$unit.service.d/nn.conf <<'EOF'
-[Unit]
After=network.target
Requires=mailvpn.service
After=mailvpn.service
done
;;
*)
- reload=false
for unit in exim4 spamassassin; do
f=/etc/systemd/system/$unit.service.d/nn.conf
if [[ -s $f ]]; then
EOF
rm -vf /etc/exim4/conf.d/main/000_localmacros # old filename
-i /etc/exim4/conf.d/main/000_local <<EOF
+cat >/etc/exim4/conf.d/main/000_local <<EOF
MAIN_TLS_ENABLE = true
# debian exim config added this in 2016 or so?
10.8.0.0/24; 2600:3c00:e000:280::/64 ; \\
# bk bk_ip6
85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \\
+# je je_ipv6
+85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \\
# fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net
18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28
EOF
EOF
+# * radicale
+if mailhost; then
+ if ! mountpoint /o; then
+ echo "error /o is not a mountpoint" >&2
+ exit 1
+ fi
+
+ # davx/davdroid setup instructions at the bottom
+
+ # main docs:
+ # http://radicale.org/user_documentation/
+ # https://davdroid.bitfire.at/configuration/
+
+ # note on debugging: if radicale can't bind to the address,
+ # in the log it just says "Starting Radicale". If you run
+ # it in the foreground, it will give more info. Background
+ # plus debug does not help.
+ # sudo -u radicale radicale -D -f
+
+ # created password file with:
+ # htpasswd -c /etc/davpass dav
+
+ pi-nostart radicale
+
+ i /etc/systemd/system/radicale.service.d/override.conf <<EOF
+[Unit]
+# this unit is configured to start and stop whenever
+# openvpn-client-mail@mail does
+After=network.target
+BindsTo=mailvpn.service
+After=mailvpn.service
+JoinsNamespaceOf=mailnn.service
+
+[Service]
+PrivateNetwork=true
+BindPaths=/etc/nn-resolv:/run/systemd/resolve:norbind
+
+[Install]
+RequiredBy=mailvpn.service
+EOF
+
+
+ # use persistent uid/gid
+ IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS
+ IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS
+ if [[ $uid != 609 ]]; then
+ m systemctl stop radicale ||:
+ m usermod -u 609 radicale
+ m groupmod -g 609 radicale
+ m usermod -g 609 radicale
+ fi
+ m find /o/radicale -xdev -exec chown -h 609 {} +
+ m find /o/radicale -xdev -exec chgrp -h 609 {} +
+
+
+ # I moved /var/lib/radicale after it's initialization.
+ # I did a sudo -u radicale git init in the collections subfolder
+ # after it gets created, per the git docs.
+ m /a/exe/lnf -T /o/radicale /var/lib/radicale
+
+ # from https://www.williamjbowman.com/blog/2015/07/24/setting-up-webdav-caldav-and-carddav-servers/
+
+ # more config is for li in distro-end
+
+ # coment in this file says this is needed for it to run on startup
+ sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale
+
+ # comments say default is 0.0.0.0:5232
+ m setini hosts 10.8.0.4:5232 server
+
+ # disable power management feature, set to 240 min sync interval,
+ # so it shouldn't be bad.
+
+ # davdroid from f-druid.
+ # login with url and user name
+ # url https://cal.iankelling.org/ian
+ # username ian
+ # pass, see password manager for radicale
+ #
+ # add account dialog:
+ #
+ # set account name as ian@iankelling.org, per help text below the
+ # field.
+ #
+ # switch to groups are per-contact categories,
+ # per https://davdroid.bitfire.at/configuration/radicale/
+ #
+ #
+ # After setting up account, I added one address book, named
+ # ianaddr. calender was already created, named ian. checked boxes under
+ # both. synced.
+ #
+ # To restore from old phone to new phone, I wiped all data out, then copied over the newly created files. I think
+ #
+ # ignorable background info:
+ #
+ # opentasks uses the calendar file.
+ #
+ # The address book I created got a uuid as a name for the file. Note
+ # the .props file says if it's a calendar or addressbook.
+ #
+ # When debugging, tailed /var/log/radicale/radicale.log and apache log,
+ # both show the requests happening. Without creating the address book,
+ # after creating a contact, a sync would delete it.
+ #
+ # Address books correspond to .props files in the radicale dir.
+ #
+ # Some background is here,
+ # https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
+ # which shows separate vcard option is from rfc 6350, the other is 2426,
+ # radicale page says it implements the former not the latter,
+ # which conflicts with the documentation of which to select, but whatever.
+ # http://radicale.org/technical_choices/
+ # https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
+ #
+ # Note, url above says only cayanogenmod 13+ and omnirom can manage groups.
+
+ # Note, radicale had built-in git support to track changes, but they
+ # removed it in 2.0.
+
+fi
+
# * dovecot
case $HOSTNAME in
# If mailvpn has changes, id rather manually restart it, id rather
# not restart and lose connectivity.
sstart mailnn mailvpn
- ;;
+ ;;&
$MAIL_HOST|bk|je)
# start spamassassin/dovecot before exim.
sre dovecot spamassassin
sstart mailclean.timer
+ ;;&
+ $MAIL_HOST)
+ sstart radicale
;;
*)
- soff mailclean.timer dovecot spamassassin mailvpn mailnn
+ soff radicale mailclean.timer dovecot spamassassin mailvpn mailnn
;;
esac
+++ /dev/null
-#!/bin/bash
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-if [[ -e /b/errhandle/err ]]; then
- source /b/errhandle/err
-else
- set -eE -o pipefail
- trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-fi
-
-if ! mountpoint /o; then
- echo "error /o is not a mountpoint" >&2
- exit 1
-fi
-
-source /a/bin/bash_unpublished/source-state
-source /a/bin/distro-functions/src/package-manager-abstractions
-# davx/davdroid setup instructions at the bottom
-
-# main docs:
-# http://radicale.org/user_documentation/
-# https://davdroid.bitfire.at/configuration/
-
-# note on debugging: if radicale can't bind to the address,
-# in the log it just says "Starting Radicale". If you run
-# it in the foreground, it will give more info. Background
-# plus debug does not help.
-# sudo -u radicale radicale -D -f
-
-# created password file with:
-# htpasswd -c /etc/davpass dav
-
-d=/etc/systemd/system/radicale.service.d
-mkdir -p $d
-cat >$d/override.conf <<EOF
-[Unit]
-# this unit is configured to start and stop whenever
-# openvpn-client-mail@mail does
-After=network.target
-BindsTo=mailvpn.service
-After=mailvpn.service
-JoinsNamespaceOf=mailnn.service
-
-[Service]
-PrivateNetwork=true
-BindPaths=/etc/nn-resolv:/run/systemd/resolve:norbind
-
-[Install]
-RequiredBy=mailvpn.service
-EOF
-systemctl daemon-reload
-
-pi-nostart radicale
-
-# use persistent uid/gid
-IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS
-IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS
-if [[ $uid != 609 ]]; then
- systemctl stop radicale ||:
- usermod -u 609 radicale
- groupmod -g 609 radicale
- usermod -g 609 radicale
-fi
-log_p=/var/log/radicale
-[[ -d $log_p ]] || log_p=
-find /o/radicale -xdev -exec chown -h 609 {} +
-find /o/radicale -xdev -exec chgrp -h 609 {} +
-
-
-# I moved /var/lib/radicale after it's initialization.
-# I did a sudo -u radicale git init in the collections subfolder
-# after it gets created, per the git docs.
-/a/exe/lnf -T /o/radicale /var/lib/radicale
-
-# from https://www.williamjbowman.com/blog/2015/07/24/setting-up-webdav-caldav-and-carddav-servers/
-
-# more config is for li in distro-end
-
-# coment in this file says this is needed for it to run on startup
-sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale
-
-setini() {
- key="$1" value="$2" section="$3"
- file="/etc/radicale/config"
- sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
-}
-
-# comments say default is 0.0.0.0:5232
-setini hosts 10.8.0.4:5232 server
-
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
- systemctl start radicale
-fi
-
-# disable power management feature, set to 240 min sync interval,
-# so it shouldn't be bad.
-
-# davdroid from f-druid.
-# login with url and user name
-# url https://cal.iankelling.org/ian
-# username ian
-# pass, see password manager for radicale
-#
-# add account dialog:
-#
-# set account name as ian@iankelling.org, per help text below the
-# field.
-#
-# switch to groups are per-contact categories,
-# per https://davdroid.bitfire.at/configuration/radicale/
-#
-#
-# After setting up account, I added one address book, named
-# ianaddr. calender was already created, named ian. checked boxes under
-# both. synced.
-#
-# To restore from old phone to new phone, I wiped all data out, then copied over the newly created files. I think
-#
-# ignorable background info:
-#
-# opentasks uses the calendar file.
-#
-# The address book I created got a uuid as a name for the file. Note
-# the .props file says if it's a calendar or addressbook.
-#
-# When debugging, tailed /var/log/radicale/radicale.log and apache log,
-# both show the requests happening. Without creating the address book,
-# after creating a contact, a sync would delete it.
-#
-# Address books correspond to .props files in the radicale dir.
-#
-# Some background is here,
-# https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
-# which shows separate vcard option is from rfc 6350, the other is 2426,
-# radicale page says it implements the former not the latter,
-# which conflicts with the documentation of which to select, but whatever.
-# http://radicale.org/technical_choices/
-# https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
-#
-# Note, url above says only cayanogenmod 13+ and omnirom can manage groups.
-
-# Note, radicale had built-in git support to track changes, but they
-# removed it in 2.0.
iankelling.org / git / distro-setup / commitdiff