# UPEX4OPTS='-o /etc/exim4/nn-mainlog.conf'
#
# The non-daemon config
-# gets generated from this script calling update-exim4.conf -d /etc/nond-exim4
+# gets generated from this script calling update-exim4.conf -d /etc/nonn-exim4
# which has log path
-# log_file_path = /var/log/exim4/nond%s
+# log_file_path = /var/log/exim4/nonn%s
+#
+# On bk, there are 2 daemons, one is nn, one is not.
#
# On non bk|MAIL_HOST, the config and log file are all standard.
#
source /a/bin/fai/fai/config/distro-install-common/bash-misc-funcs
setini() {
+ local key value section file
key="$1" value="$2" section="$3"
file="/etc/radicale/config"
sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*${key}[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
}
-soff () {
+soff() {
+ local service
for service; do
# ignore services that dont exist
if systemctl cat $service &>/dev/null; then
done
}
sre() {
- local enabled
+ local enabled service
for service; do
m systemctl restart $service
# Optimization for exim,
fi
done
}
+sgo() {
+ local service=$1
+ systemctl restart $service
+ systemctl enable $service
+}
mailhost() {
[[ $HOSTNAME == "$MAIL_HOST" ]]
}
reifactive() {
+ local service
for service; do
if systemctl is-active $service >/dev/null; then
m systemctl restart $service
done
}
stopifactive() {
+ local service
for service; do
if systemctl is-active $service >/dev/null; then
m systemctl stop $service
# light version of exim does not have sasl auth support.
# note: for bitfolk hosts, unbound has important config with conflink.
-pi-nostart exim4 exim4-daemon-heavy spamassassin unbound clamav-daemon wireguard rspamd
+#
+# note: rspamd would need to be here if we were using it. Note: these
+# don't start, but they are enabled.
+pi-nostart exim4 exim4-daemon-heavy spamassassin unbound clamav-daemon wireguard
spamd_remove=spamassassin
spamd_ser=spamd
WantedBy=multi-user.target
EOF
+# note: anything added to nn_progs needs corresponding rm
+# down below in the host switch
+nn_progs=(exim4)
+case $HOSTNAME in
+ $MAIL_HOST)
+ # Note dovecots lmtp doesnt need to be in the same nn to accept delivery.
+ # Its in the nn so remote clients can connect to it.
+ nn_progs+=($spamd_ser dovecot)
+ ;;
+ $MAIL_HOST|bk)
+ nn_progs+=($spamd_ser)
+ ;;
+esac
+
u /etc/systemd/system/mailbindwatchdog.service <<EOF
[Unit]
Description=Watchdog to restart services relying on systemd-resolved dir
fi
-# note: anything added to nn_progs needs corresponding rm
-# down below in the host switch
-nn_progs=(exim4)
-if mailhost; then
- # Note dovecots lmtp doesnt need to be in the same nn to accept delivery.
- # Its in the nn so remote clients can connect to it.
- nn_progs+=($spamd_ser rspamd dovecot)
-fi
case $HOSTNAME in
$MAIL_HOST)
done
;;
*)
- for unit in exim4 $spamd_ser rspamd $spamd_remove dovecot unbound; do
+ # note: this does not include unbound, because we don't use unbound
+ # as a non-nn service, and we are getting failure in joins-namespace-of-check for unbound,
+ # and I wonder if changing its config has anything to do with it.
+ for unit in exim4 $spamd_ser $spamd_remove dovecot; do
f=/etc/systemd/system/$unit.service.d/nn.conf
if [[ -s $f ]]; then
rm -fv $f
# * rspamd config
-m usermod -a -G _rspamd $u
+if $use_rspamd; then
+
+ m usermod -a -G _rspamd $u
+
+fi
## if we wanted to, we could run redis outside the mail nn by adding to
## its bind config option like this, and then tell rspamd to connect to
rm -fv /etc/systemd/system/spamddnsfix.{timer,service}
rm -f /etc/default/$spamd_remove
-u /etc/default/$spamd_ser <<'EOF'
+
+case $HOSTNAME in
+ $MAIL_HOST|bk)
+ spamd_listen_arg=" -i 10.173.8.2 -i localhost -A 10.173.8.1,10.173.8.2,127.0.0.1,[::1]"
+ ;;
+esac
+
+u /etc/default/spamassassin <<EOF
# defaults plus debugging flags for an issue im having
-OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+OPTIONS="--create-prefs --max-children 5 --helper-home-dir${spamd_listen_arg}"
PIDFILE="/run/spamd.pid"
# my additions
NICE="--nicelevel 15"
done
fi
-# * roundcube setup
+# * roundcube / nextcloud commonish setup
+# roundcube disabled, but we might use these dependency packages for nextcloud.
if [[ $HOSTNAME == bk ]]; then
-
# zip according to /installer
# which requires adding a line to /usr/local/lib/roundcubemail/config/config.inc.php
# $config['enable_installer'] = true;
- pi roundcube roundcube-sqlite3 php-zip apache2 php-fpm
-
- ### begin composer install
- # https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md
- cd /usr/local/bin
- EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')"
- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
-
- if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
- then
- >&2 echo 'ERROR: Invalid installer checksum'
- rm composer-setup.php
- exit 1
- fi
-
- php composer-setup.php --quiet
- rm composer-setup.php
+ pi php-zip apache2 php-fpm
+ phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
+ fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
+ ncdirs=(/var/www/ncexpertpath /var/www/ncninja)
- # based on error when running composer
- mkdir -p /var/www/.composer
- chown www-data:www-data /var/www/.composer
+ ### begin php setup for roundcube and nextcloud ###
+ # Enable PHP modules.
+ m phpenmod -v php mcrypt imap
+ # dpkg says this is required.
+ # nextcloud needs these too
+ m a2enmod proxy_fcgi setenvif
+ m a2enconf $fpm
+ # 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading
+ # /etc/apache2/conf-enabled/php7.3-fpm.conf
+ m a2dismod php$phpver
+ # according to /install, we should set date.timezone,
+ # but that is dumb, the system already has the right zone in
+ # $rclogdir/errors.log
+ # todo: consider other settings in
+ # /a/opt/mailinabox/setup/nextcloud.sh
+ u /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF'
+apc.enable_cli = 1
+EOF
- ### end composer install
rcdirs=(/usr/local/lib/rcexpertpath /usr/local/lib/rcninja)
- ncdirs=(/var/www/ncexpertpath /var/www/ncninja)
- # point debian cronjob to our local install, preventing daily cron error
-
- # debian's cronjob will fail, remove both paths it uses just to be sure
- rm -fv /usr/share/roundcube/bin/cleandb.sh /etc/cron.d/roundcube-core
-
- #### begin dl roundcube
- # note, im r2e subbed to https://github.com/roundcube/roundcubemail/releases.atom
- v=1.4.13; f=roundcubemail-$v-complete.tar.gz
- cd /root
- if [[ -e $f ]]; then
- timestamp=$(stat -c %Y $f)
- else
- timestamp=0
- fi
- m wget -nv -N https://github.com/roundcube/roundcubemail/releases/download/$v/$f
- new_timestamp=$(stat -c %Y $f)
- for rcdir in ${rcdirs[@]}; do
- if [[ $timestamp != "$new_timestamp" || ! -e "$rcdir/config/secret" ]]; then
- m tar -C /usr/local/lib --no-same-owner -zxf $f
- m rm -rf $rcdir
- m mv /usr/local/lib/roundcubemail-$v $rcdir
- fi
- done
- #### end dl roundcube
for ((i=0; i < ${#bkdomains[@]}; i++)); do
domain=${bkdomains[i]}
- rcdir=${rcdirs[i]}
- rcbase=${rcdir##*/}
ncdir=${ncdirs[i]}
- # copied from debians cronjob
- u /etc/cron.d/$rcbase <<EOF
-# Roundcube database cleaning: finally removes all records that are
-# marked as deleted.
-0 5 * * * www-data $rcdir/bin/cleandb.sh >/dev/null
-EOF
+ rcdir=${rcdirs[i]}
m /a/exe/web-conf - apache2 $domain <<EOF
-Alias /roundcube $rcdir
-### begin roundcube settings
-# taken from /etc/apache2/conf-available/roundcube.conf version 1.4.8+dfsg.1-1~bpo10+1
-<Directory $rcdir/>
- Options +FollowSymLinks
- # This is needed to parse $rcdir/.htaccess.
- AllowOverride All
- Require all granted
-</Directory>
-# Protecting basic directories:
-<Directory $rcdir/config>
- Options -FollowSymLinks
- AllowOverride None
-</Directory>
-### end roundcube settings
+# ### begin roundcube settings
+ # Alias /roundcube $rcdir
+# # taken from /etc/apache2/conf-available/roundcube.conf version 1.4.8+dfsg.1-1~bpo10+1
+# <Directory $rcdir/>
+# Options +FollowSymLinks
+# # This is needed to parse $rcdir/.htaccess.
+# AllowOverride All
+# Require all granted
+# </Directory>
+# # Protecting basic directories:
+# <Directory $rcdir/config>
+# Options -FollowSymLinks
+# AllowOverride None
+# </Directory>
+# ### end roundcube settings
-### begin nextcloud settings
+# ### begin nextcloud settings
Alias /nextcloud "$ncdir/"
<Directory $ncdir/>
Require all granted
RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
### end nextcloud settings
EOF
- if [[ ! -e $rcdir/config/secret ]]; then
- base64 </dev/urandom | head -c24 >$rcdir/config/secret || [[ $? == 141 || ${PIPESTATUS[0]} == 32 ]]
- fi
- secret=$(cat $rcdir/config/secret)
-
- rclogdir=/var/log/$rcbase
- rctmpdir=/var/tmp/$rcbase
- rcdb=/m/rc/$rcbase.sqlite
- # config from mailinabox
- u $rcdir/config/config.inc.php <<EOF
-<?php
-\$config = array();
-# debian creates this for us
-\$config['log_dir'] = '$rclogdir/';
-# debian also creates a temp dir, but it is under its install dir,
-# seems better to have our own.
-\$config['temp_dir'] = '$rctmpdir/';
-\$config['db_dsnw'] = 'sqlite:///$rcdb?mode=0640';
-\$config['default_host'] = 'ssl://localhost';
-\$config['default_port'] = 993;
-\$config['imap_conn_options'] = array(
- 'ssl' => array(
- 'verify_peer' => false,
- 'verify_peer_name' => false,
- ),
- );
-\$config['imap_timeout'] = 15;
-\$config['smtp_server'] = 'tls://127.0.0.1';
-\$config['smtp_conn_options'] = array(
- 'ssl' => array(
- 'verify_peer' => false,
- 'verify_peer_name' => false,
- ),
- );
-\$config['product_name'] = 'webmail';
-\$config['des_key'] = '$secret';
-\$config['plugins'] = array('archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'carddav', 'html5_notifier');
-\$config['skin'] = 'elastic';
-\$config['login_autocomplete'] = 2;
-\$config['password_charset'] = 'UTF-8';
-\$config['junk_mbox'] = 'Spam';
-# disable builtin addressbook
-\$config['address_book_type'] = '';
-?>
-EOF
-
- m mkdir -p $rclogdir
- m chmod 750 $rclogdir
- m chown www-data:adm $rclogdir
- # note: subscribed to updates:
- # r2e add rcmcarddav https://github.com/blind-coder/rcmcarddav/commits/master.atom ian@iankelling.org
- # r2e add roundcube https://github.com/roundcube/roundcubemail/releases.atom ian@iankelling.org
- m mkdir -p $rctmpdir /m/rc
- m chown -R www-data.www-data $rctmpdir /m/rc
- m chmod 750 $rctmpdir
- # todo: check for other mailinabox things
- # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
- m sudo -u www-data touch $rclogdir/errors.log
-
- #### begin carddav install
- # This is the official roundcube carddav repo.
- # Install doc suggests downloading with composer, but that
- # didnt work, it said some ldap package for roundcube was missing,
- # but I dont want to download some extra ldap thing.
- # https://github.com/blind-coder/rcmcarddav/blob/master/doc/INSTALL.md
- verf=$rcdir/plugins/carddav/myversion
- upgrade=false
- install=false
- v=5.0.1
- if [[ -e $verf ]]; then
- if [[ $(cat $verf) != "$v" ]]; then
- install=true
- upgrade=true
- fi
- else
- install=true
- fi
- if $install; then
- m rm -rf $rcdir/plugins/carddav
- tmpd=$(mktemp -d)
- m wget -nv -O $tmpd/t.tgz https://github.com/blind-coder/rcmcarddav/releases/download/v$v/carddav-v$v.tar.gz
- cd $rcdir/plugins
- tar xzf $tmpd/t.tgz
- rm -rf $tmpd
- m chown -R www-data:www-data $rcdir/plugins/carddav
- m cd $rcdir/plugins/carddav
- if $upgrade; then
- m sudo -u www-data composer.phar update --no-dev
- else
- m sudo -u www-data composer.phar install --no-dev
- fi
- m chown -R root:root $rcdir/plugins/carddav
- echo $v >$verf
- fi
+ done
+
+fi
+
+# * roundcube setup
+
+# # roundcube disabled due to lack of real world use.
+# #
+# #
+# # Note: currently, there is this problem:
+# # /usr/local/lib/rcninja/bin/updatedb.sh --dir /usr/local/lib/rcninja/SQL --package roundcube
+# # Unsupported PHP version. Required PHP >= 5.4 and < 8.0.
+# #
+# if [[ $HOSTNAME == bk ]]; then
+
+
+# pi roundcube roundcube-sqlite3
+
+
+# ### begin composer install
+# # https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md
+# cd /usr/local/bin
+# EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')"
+# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+# ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+
+# if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
+# then
+# >&2 echo 'ERROR: Invalid installer checksum'
+# rm composer-setup.php
+# exit 1
+# fi
+
+# php composer-setup.php --quiet
+# rm composer-setup.php
+
+# # based on error when running composer
+# mkdir -p /var/www/.composer
+# chown www-data:www-data /var/www/.composer
+
+# ### end composer install
+
+# # point debian cronjob to our local install, preventing daily cron error
+
+# # debian's cronjob will fail, remove both paths it uses just to be sure
+# rm -fv /usr/share/roundcube/bin/cleandb.sh /etc/cron.d/roundcube-core
+
+# #### begin dl roundcube
+# # note, im r2e subbed to https://github.com/roundcube/roundcubemail/releases.atom
+# v=1.4.13; f=roundcubemail-$v-complete.tar.gz
+# cd /root
+# if [[ -e $f ]]; then
+# timestamp=$(stat -c %Y $f)
+# else
+# timestamp=0
+# fi
+# m wget -nv -N https://github.com/roundcube/roundcubemail/releases/download/$v/$f
+# new_timestamp=$(stat -c %Y $f)
+# for rcdir in ${rcdirs[@]}; do
+# if [[ $timestamp != "$new_timestamp" || ! -e "$rcdir/config/secret" ]]; then
+# m tar -C /usr/local/lib --no-same-owner -zxf $f
+# m rm -rf $rcdir
+# m mv /usr/local/lib/roundcubemail-$v $rcdir
+# fi
+# done
+# #### end dl roundcube
+
+# for ((i=0; i < ${#bkdomains[@]}; i++)); do
+# domain=${bkdomains[i]}
+
+# rcdir=${rcdirs[i]}
+# rcbase=${rcdir##*/}
+
+# # copied from debians cronjob
+# u /etc/cron.d/$rcbase <<EOF
+# # Roundcube database cleaning: finally removes all records that are
+# # marked as deleted.
+# 0 5 * * * www-data $rcdir/bin/cleandb.sh >/dev/null
+# EOF
+
+
+# if [[ ! -e $rcdir/config/secret ]]; then
+# base64 </dev/urandom | head -c24 >$rcdir/config/secret || [[ $? == 141 || ${PIPESTATUS[0]} == 32 ]]
+# fi
+# secret=$(cat $rcdir/config/secret)
+
+# rclogdir=/var/log/$rcbase
+# rctmpdir=/var/tmp/$rcbase
+# rcdb=/m/rc/$rcbase.sqlite
+# # config from mailinabox
+# u $rcdir/config/config.inc.php <<EOF
+# <?php
+# \$config = array();
+# # debian creates this for us
+# \$config['log_dir'] = '$rclogdir/';
+# # debian also creates a temp dir, but it is under its install dir,
+# # seems better to have our own.
+# \$config['temp_dir'] = '$rctmpdir/';
+# \$config['db_dsnw'] = 'sqlite:///$rcdb?mode=0640';
+# \$config['default_host'] = 'ssl://localhost';
+# \$config['default_port'] = 993;
+# \$config['imap_conn_options'] = array(
+# 'ssl' => array(
+# 'verify_peer' => false,
+# 'verify_peer_name' => false,
+# ),
+# );
+# \$config['imap_timeout'] = 15;
+# \$config['smtp_server'] = 'tls://127.0.0.1';
+# \$config['smtp_conn_options'] = array(
+# 'ssl' => array(
+# 'verify_peer' => false,
+# 'verify_peer_name' => false,
+# ),
+# );
+# \$config['product_name'] = 'webmail';
+# \$config['des_key'] = '$secret';
+# \$config['plugins'] = array('archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'carddav', 'html5_notifier');
+# \$config['skin'] = 'elastic';
+# \$config['login_autocomplete'] = 2;
+# \$config['password_charset'] = 'UTF-8';
+# \$config['junk_mbox'] = 'Spam';
+# # disable builtin addressbook
+# \$config['address_book_type'] = '';
+# ?>
+# EOF
+
+# m mkdir -p $rclogdir
+# m chmod 750 $rclogdir
+# m chown www-data:adm $rclogdir
+# # note: subscribed to updates:
+# # r2e add rcmcarddav https://github.com/blind-coder/rcmcarddav/commits/master.atom ian@iankelling.org
+# # r2e add roundcube https://github.com/roundcube/roundcubemail/releases.atom ian@iankelling.org
+# m mkdir -p $rctmpdir /m/rc
+# m chown -R www-data.www-data $rctmpdir /m/rc
+# m chmod 750 $rctmpdir
+# # todo: check for other mailinabox things
+# # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
+# m sudo -u www-data touch $rclogdir/errors.log
+
+# #### begin carddav install
+# # This is the official roundcube carddav repo.
+# # Install doc suggests downloading with composer, but that
+# # didnt work, it said some ldap package for roundcube was missing,
+# # but I dont want to download some extra ldap thing.
+# # https://github.com/blind-coder/rcmcarddav/blob/master/doc/INSTALL.md
+# verf=$rcdir/plugins/carddav/myversion
+# upgrade=false
+# install=false
+# v=5.0.1
+# if [[ -e $verf ]]; then
+# if [[ $(cat $verf) != "$v" ]]; then
+# install=true
+# upgrade=true
+# fi
+# else
+# install=true
+# fi
+# if $install; then
+# m rm -rf $rcdir/plugins/carddav
+# tmpd=$(mktemp -d)
+# m wget -nv -O $tmpd/t.tgz https://github.com/blind-coder/rcmcarddav/releases/download/v$v/carddav-v$v.tar.gz
+# cd $rcdir/plugins
+# tar xzf $tmpd/t.tgz
+# rm -rf $tmpd
+# m chown -R www-data:www-data $rcdir/plugins/carddav
+# m cd $rcdir/plugins/carddav
+# if $upgrade; then
+# m sudo -u www-data composer.phar update --no-dev
+# else
+# m sudo -u www-data composer.phar install --no-dev
+# fi
+# m chown -R root:root $rcdir/plugins/carddav
+# echo $v >$verf
+# fi
+
+# # So, strangely, this worked in initial testing, but then
+# # on first run it wouldn't show the existing contacts until
+# # I went into the carddav settings and did "force immediate sync",
+# # which seemed to fix things. Note, some of these settings
+# # get initalized per/addressbook in the db, then need changing
+# # there or through the settings menu.
+
+# # About categories, see https://www.davx5.com/tested-with/nextcloud
+# # https://github.com/blind-coder/rcmcarddav/blob/master/doc/GROUPS.md
+# u $rcdir/plugins/carddav/config.inc.php <<EOF;
+# <?php
+# \$prefs['_GLOBAL']['hide_preferences'] = false;
+# \$prefs['davserver'] = array(
+# # name in the UI is kind of dumb. This is just something short that seems to fit ok.
+# 'name' => 'Main',
+# 'username' => '%u', // login username
+# 'password' => '%p', // login password
+# 'url' => 'https://$domain/nextcloud/remote.php/dav/addressbooks/users/%u/contacts',
+# 'active' => true,
+# 'readonly' => false,
+# 'refresh_time' => '00:10:00',
+# 'fixed' => array('username','password'),
+# 'use_categories' => false,
+# 'hide' => false,
+# );
+# ?>
+# EOF
+# #### end carddav install
+
+# cd $rcdir/plugins
+# if [[ ! -d html5_notifier ]]; then
+# m git clone https://github.com/stremlau/html5_notifier
+# fi
+# cd $rcdir/plugins/html5_notifier
+# m git pull --rebase
+
+# # todo: try out roundcube plugins: thunderbird labels
+
+# # Password changing plugin settings
+# cat $rcdir/plugins/password/config.inc.php.dist - >$rcdir/plugins/password/config.inc.php <<'EOF'
+# # following are from mailinabox
+# $config['password_minimum_length'] = 8;
+# $config['password_db_dsn'] = 'sqlite:////m/rc/users.sqlite';
+# $config['password_query'] = 'UPDATE users SET password=%D WHERE email=%u';
+# $config['password_dovecotpw'] = '/usr/bin/doveadm pw';
+# $config['password_dovecotpw_method'] = 'SHA512-CRYPT';
+# $config['password_dovecotpw_with_method'] = true;
+# EOF
+# # so PHP can use doveadm, for the password changing plugin
+# m usermod -a -G dovecot www-data
+# m usermod -a -G mail $u
+
+# # so php can update passwords
+# m chown www-data:dovecot /m/rc/users.sqlite
+# m chmod 664 /m/rc/users.sqlite
+
+# # Run Roundcube database migration script (database is created if it does not exist)
+# m $rcdir/bin/updatedb.sh --dir $rcdir/SQL --package roundcube
+# m chown www-data:www-data $rcdb
+# m chmod 664 $rcdb
+# done # end loop over domains and rcdirs
+
+
+# # note bk backups are defined in crontab outside this file
+# ### end php setup for rc ###
+
+# fi # end roundcube setup
+
+
+# * nextcloud setup
+
+if [[ $HOSTNAME == bk ]]; then
- # So, strangely, this worked in initial testing, but then
- # on first run it wouldn't show the existing contacts until
- # I went into the carddav settings and did "force immediate sync",
- # which seemed to fix things. Note, some of these settings
- # get initalized per/addressbook in the db, then need changing
- # there or through the settings menu.
-
- # About categories, see https://www.davx5.com/tested-with/nextcloud
- # https://github.com/blind-coder/rcmcarddav/blob/master/doc/GROUPS.md
- u $rcdir/plugins/carddav/config.inc.php <<EOF;
-<?php
-\$prefs['_GLOBAL']['hide_preferences'] = false;
-\$prefs['davserver'] = array(
-# name in the UI is kind of dumb. This is just something short that seems to fit ok.
- 'name' => 'Main',
- 'username' => '%u', // login username
- 'password' => '%p', // login password
- 'url' => 'https://$domain/nextcloud/remote.php/dav/addressbooks/users/%u/contacts',
- 'active' => true,
- 'readonly' => false,
- 'refresh_time' => '00:10:00',
- 'fixed' => array('username','password'),
- 'use_categories' => false,
- 'hide' => false,
-);
-?>
-EOF
- #### end carddav install
-
- cd $rcdir/plugins
- if [[ ! -d html5_notifier ]]; then
- m git clone https://github.com/stremlau/html5_notifier
- fi
- cd $rcdir/plugins/html5_notifier
- m git pull --rebase
-
- # todo: try out roundcube plugins: thunderbird labels
-
- # Password changing plugin settings
- cat $rcdir/plugins/password/config.inc.php.dist - >$rcdir/plugins/password/config.inc.php <<'EOF'
-# following are from mailinabox
-$config['password_minimum_length'] = 8;
-$config['password_db_dsn'] = 'sqlite:////m/rc/users.sqlite';
-$config['password_query'] = 'UPDATE users SET password=%D WHERE email=%u';
-$config['password_dovecotpw'] = '/usr/bin/doveadm pw';
-$config['password_dovecotpw_method'] = 'SHA512-CRYPT';
-$config['password_dovecotpw_with_method'] = true;
-EOF
- # so PHP can use doveadm, for the password changing plugin
- m usermod -a -G dovecot www-data
- m usermod -a -G mail $u
-
- # so php can update passwords
- m chown www-data:dovecot /m/rc/users.sqlite
- m chmod 664 /m/rc/users.sqlite
-
- # Run Roundcube database migration script (database is created if it does not exist)
- m $rcdir/bin/updatedb.sh --dir $rcdir/SQL --package roundcube
- m chown www-data:www-data $rcdb
- m chmod 664 $rcdb
- done # end loop over domains and rcdirs
-
- ### begin php setup for rc ###
- # Enable PHP modules.
- m phpenmod -v php mcrypt imap
- # dpkg says this is required.
- # nextcloud needs these too
- m a2enmod proxy_fcgi setenvif
- fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
- phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
- m a2enconf $fpm
- # 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading
- # /etc/apache2/conf-enabled/php7.3-fpm.conf
- m a2dismod php$phpver
- # according to /install, we should set date.timezone,
- # but that is dumb, the system already has the right zone in
- # $rclogdir/errors.log
- # todo: consider other settings in
- # /a/opt/mailinabox/setup/nextcloud.sh
- u /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF'
-apc.enable_cli = 1
-EOF
u /etc/php/$phpver/fpm/conf.d/30-local.ini <<'EOF'
+# roundcube uses this presumably
date.timezone = "America/New_York"
# for nextcloud
upload_max_filesize = 2000M
m systemctl restart $fpm
# dunno if reload/restart is needed
m systemctl reload apache2
- # note bk backups are defined in crontab outside this file
- ### end php setup for rc ###
-
-fi # end roundcube setup
-# * nextcloud setup
-if [[ $HOSTNAME == bk ]]; then
# from install checker, nextcloud/settings/admin/overview and
# https://docs.nextcloud.com/server/19/admin_manual/installation/source_installation.html
# curl from the web installer requirement, but i switched to cli
cat >>/etc/exim4/conf.d/main/000_local <<EOF
# je.b8.nz will run out of memory with freshclam
av_scanner = clamd:/var/run/clamav/clamd.ctl
+
+# We need spamd access for daemon in the nn and out of the nn.
+# Note: we could just specify this for the non-nn daemon, but
+# I think this is simpler.
+spamd_address = 10.173.8.2 783
EOF
cat >> /etc/exim4/conf.d/data_local_acl <<'EOF'
warn
# fdate = future date. # tdate = temporary date.
- condition = ${if def:h_fdate}
+ condition = ${if def:h_fdate:}
remove_header = fdate:
add_header = tdate:
control = freeze
# defaults but no queue runner and alternate config dir
QUEUERUNNER='no'
COMMONOPTIONS='-oP /run/exim4/eximin.pid'
-UPEX4OPTS='-d /etc/nond-exim4'
+UPEX4OPTS='-d /etc/nonn-exim4'
EOF
echo bk.b8.nz > /etc/mailname
m rsync -ra --delete --delete-excluded \
--exclude=/conf.d/router/161_backup_redir_nn \
--exclude=/conf.d/router/186_sentarchive_nn \
- --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/nond-exim4
- cat >>/etc/nond-exim4/conf.d/main/000_local <<'EOF'
+ --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/nonn-exim4
+ cat >>/etc/nonn-exim4/conf.d/main/000_local <<'EOF'
# this makes it easier to see which exim is doing what
-log_file_path = /var/log/exim4/nond%s
+log_file_path = /var/log/exim4/nonn%s
EOF
cat >/etc/logrotate.d/myexim <<'EOF'
-/var/log/exim4/nondmain /var/log/exim4/nondreject {
+/var/log/exim4/nonnmain /var/log/exim4/nonnreject {
daily
missingok
rotate 1000
notifempty
nocreate
}
-/var/log/exim4/nondpanic {
+/var/log/exim4/nonnpanic {
size 10M
missingok
rotate 10
# If we ever wanted to have a separate spool,
# we could do it like this.
# cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF'
- # spool_directory = /var/spool/nond-exim4
+ # spool_directory = /var/spool/nonn-exim4
# EOF
- cat >>/etc/nond-exim4/update-exim4.conf.conf <<'EOF'
+ cat >>/etc/nonn-exim4/update-exim4.conf.conf <<'EOF'
dc_eximconfig_configtype='smarthost'
dc_smarthost='nn.b8.nz'
EOF
bk)
# config for the non-nn exim
- cat >>/etc/nond-exim4/conf.d/main/000_local <<'EOF'
+ cat >>/etc/nonn-exim4/conf.d/main/000_local <<'EOF'
MAIN_HARDCODE_PRIMARY_HOSTNAME = mail2.iankelling.org
EOF
;;
$MAIL_HOST)
- u /etc/nond-exim4/conf.d/router/185_sentarchive <<'EOF'
+ u /etc/nonn-exim4/conf.d/router/185_sentarchive <<'EOF'
sentarchive:
driver = redirect
domains = ! +local_domains
unseen
EOF
- u /etc/nond-exim4/conf.d/router/160_backup_redir <<'EOF'
+ u /etc/nonn-exim4/conf.d/router/160_backup_redir <<'EOF'
backup_redir:
driver = redirect
# i dont email myself from my own machine much, so lets ignore that.
EOF
# for bk, we have a exim4in.service that will do this for us.
- m update-exim4.conf -d /etc/nond-exim4
+ m update-exim4.conf -d /etc/nonn-exim4
;;
esac
:
;;
*)
- soff radicale mailclean.timer dovecot $spamd_ser rspamd $vpnser mailnn clamav-daemon unbound
+ soff radicale mailclean.timer dovecot $spamd_ser $vpnser mailnn clamav-daemon unbound
;;
esac
iankelling.org / git / distro-setup / commitdiff