From: Ian Kelling Date: Thu, 30 Dec 2021 19:13:04 +0000 (-0500) Subject: minor fixes and improvements X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=aa9cb10514e29340a6d6a194ee189fa4364f1f2e;p=distro-setup minor fixes and improvements --- diff --git a/a/site.yml b/a/site.yml index f9c14b6..12792fd 100644 --- a/a/site.yml +++ b/a/site.yml @@ -39,7 +39,7 @@ - role: alertmanager alertmanager_smtp: - smarthost: 'mail.iankelling.org:587' + smarthost: 'mx.iankelling.org:587' from: "alerts@iankelling.org" require_tls: false hello: 'defaultnn.b8.nz' diff --git a/distro-end b/distro-end index 626eb48..a36266f 100755 --- a/distro-end +++ b/distro-end @@ -715,7 +715,7 @@ EOF # needed for li's local mail delivery. - tu /etc/hosts <<<"10.8.0.4 mail.iankelling.org" + tu /etc/hosts <<<"10.8.0.4 mx.iankelling.org" # wgmail handles this. #sgo vpn-mail-forward.service @@ -725,6 +725,13 @@ EOF # setup let's encrypt cert m web-conf apache2 mail.iankelling.org + # TODO, i expanded the above cert manually to mx.iankelling.org, this should be captured + # in the automation here. We use mail.iankelling.org as our ehlo name when sending mail + # but our mx record is mx.iankelling.org. Initially I was just using mail.iankelling.org, + # but the problem is I want multiple ips to be able to identify as mail.iankelling.org, + # but a subset to be mx.iankelling.org. Afaik, there is no problem with having + # our mail cert be for mail.iankelling.org, and have people connect to mx.ian..., + # but it doesn't make logical sense to do this. sudo rm -fv /etc/apache2/sites-enabled/mail.iankelling.org{,-redir}.conf ser reload apache2 @@ -1771,7 +1778,6 @@ m /a/bin/distro-setup/mymimes sgo dynamicipupdate.timer -sgo epanicclean.timer # stop autopoping windows when i plug in an android phone. diff --git a/epanic-clean b/epanic-clean index 514162d..a7220c2 100755 --- a/epanic-clean +++ b/epanic-clean @@ -25,16 +25,45 @@ d() { fi } + +pl=/var/log/exim4/paniclog main() { - if [[ ! -s /var/log/exim4/paniclog ]]; then + if [[ ! -s $pl ]]; then return 0 fi # seems to randomly be caused by # Starting exim4-base housekeeping, exim4-base.service regex="^[^ ]* 00:00:0.* Failed writing transport results to pipe: Broken pipe$" - grep "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive ||: - sed -i "/$regex/d" /var/log/exim4/paniclog + grep "$regex" $pl >> $pl-archive ||: + sed -i "/$regex/d" $pl + + ## begin broken pipe ## + regex="Failed writing transport results to pipe: Broken pipe$" + now_s=$(date +%s) + newlines=false + count=0 + while read -r day time _; do + log_s=$(date -d "$day $time" +%s) + count=$((count+1)) + if (( now_s - 300 > log_s )); then + newlines=true + fi + done < <(grep "$regex" $pl ||:) + if (( count )); then + # i see these in groups of 3 for the same message around once a day + # randomly. I'm guessing they are related to running 2 instances of + # exim which share the same spool. So, if we have some, but not in + # the last 5 minutes, and less than 20, it should be fine to clear + # them. + if (( count > 20 )); then + cat $pl + elif ! $newlines; then + grep "$regex" $pl >>$pl-archive + sed -i "/$regex/d" $pl + fi + fi + ## end broken pipe ## while read -r service regex; do found=false @@ -68,16 +97,16 @@ main() { wipe=false break fi - done < <(awk "/$regex/ "'{print $1,$2}' /var/log/exim4/paniclog) + done < <(awk "/$regex/ "'{print $1,$2}' $pl) if $found && $wipe; then d "wiping $regex" - if [[ ! -w /var/log/exim4/paniclog-archive ]]; then - touch /var/log/exim4/paniclog-archive - chgrp adm /var/log/exim4/paniclog-archive - chmod 664 /var/log/exim4/paniclog-archive + if [[ ! -w $pl-archive ]]; then + touch $pl-archive + chgrp adm $pl-archive + chmod 664 $pl-archive fi - grep -E "$regex" /var/log/exim4/paniclog >> /var/log/exim4/paniclog-archive ||: - sed -ri "/$regex/d" /var/log/exim4/paniclog + grep -E "$regex" $pl >> $pl-archive ||: + sed -ri "/$regex/d" $pl fi done <<'EOF' clamav-daemon malware acl condition diff --git a/mail-setup b/mail-setup index 6efc3e3..4ce604b 100755 --- a/mail-setup +++ b/mail-setup @@ -300,8 +300,7 @@ soff () { for service; do # ignore services that dont exist if systemctl cat $service &>/dev/null; then - m systemctl stop $service; - m systemctl disable $service + m systemctl disable --now $service fi done } @@ -367,6 +366,10 @@ esac # * Install universal packages + +# installs epanicclean +/a/bin/ds/install-my-scripts + if [[ $(debian-codename-compat) == bionic ]]; then cat >/etc/apt/preferences.d/spamassassin <<'EOF' Package: spamassassin sa-compile spamc @@ -464,6 +467,8 @@ EOF # old. #vpnser=mailvpn.service +# todo: this hangs if it cant resolv the endpoint. we +# want it to just retry in the background. vpnser=wg-quick@wgmail.service case $HOSTNAME in @@ -474,6 +479,12 @@ case $HOSTNAME in bk) bindpaths="/etc/10.173.8.1-resolv:/etc/127.0.0.1-resolv" ;;& + *) + d=/p/c/machine_specific/$HOSTNAME/filesystem/etc/wireguard/ + if [[ -d $d ]]; then + rsync -aiSAX --chown=root:root --chmod=g-s $d /etc/wireguard + fi + ;; esac i /etc/systemd/system/wg-quick@wgmail.service.d/override.conf < 'OC_User_IMAP','arguments' => array('127.0.0.1', 143, null),),); +#\$CONFIG['user_backends'] = array(array('class' => 'OC_User_IMAP','arguments' => array('127.0.0.1', 143, null),),); # based on installer check @@ -2450,13 +2461,13 @@ EOF /a/exe/cedit nn /etc/hosts <<'EOF' || [[ $? == 1 ]] # note: i put nn.b8.nz into bind for good measure -10.173.8.2 nn.b8.nz mail.iankelling.org +10.173.8.2 nn.b8.nz mx.iankelling.org EOF # note: systemd-resolved will consult /etc/hosts, dnsmasq wont. this assumes # weve configured this file in dnsmasq if we are using it. /a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]] -server=/mail.iankelling.org/127.0.1.1 +server=/mx.iankelling.org/127.0.1.1 EOF # I used to use debconf-set-selections + dpkg-reconfigure, # which then updates this file @@ -2611,11 +2622,11 @@ backup_local: transport = backup_maildir EOF - wgholeip=$(sed -rn 's/^ *Address *= *([^/]+).*/\1/p' /etc/wireguard/wghole.conf) cat >>/etc/exim4/update-exim4.conf.conf <>/etc/exim4/update-exim4.conf.conf </dev/null; then sstart clamav-daemon + out=$(rsync -aiSAX --chown=root:root --chmod=g-s /a/bin/ds/filesystem/etc/systemd/system/epanicclean.{timer,service} /etc/systemd/system) + if [[ $out ]]; then + reload=true + fi + # note, this will cause paniclog entries because it takes like 45 # seconds for clamav to start, i use ./epanic-clean to remove # them. @@ -2858,7 +2876,11 @@ EOF $MAIL_HOST|bk|je) cat >/usr/local/bin/send-test-forward <<'EOF' #!/bin/bash -exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$' | xargs /sbin/exim -Mrm >/dev/null +olds=( +/sbin/exiqgrep -o 260 -i -r '^(testignore@(iankelling\.org|zroe\.org|expertpathologyreview\.com|amnimal\.ninja|je\.b8\.nz)|jtuttle@gnu\.org)$') +if (( ${#olds[@]} )); then + /sbin/exim -Mrm "${olds[@]}" >/dev/null +fi EOF for test_from in ${test_froms[@]}; do cat >>/usr/local/bin/send-test-forward < = 60; = 61; = 62; - = 63; + = 105; # = 64; = 108; = 65; @@ -80,7 +80,8 @@ xkb_keycodes "evdev+aliases(qwerty)" { = 83; = 84; = 85; - = 66; +# = 66; # old + = 86; = 87; = 88; = 89; @@ -90,6 +91,7 @@ xkb_keycodes "evdev+aliases(qwerty)" { = 94; = 95; = 96; + = 66; = 97; = 98; = 99; @@ -99,7 +101,7 @@ xkb_keycodes "evdev+aliases(qwerty)" { = 103; = 104; # = 105; - = 105; + = 106; = 107; # = 108; = 135;