From 1d44c706393f06134639cef0a42fe67d345b7ec5 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Tue, 3 Dec 2024 02:20:40 -0500 Subject: [PATCH] bk mail fix. other mis improvements --- brc | 45 +- brc2 | 4 +- distro-end | 13 +- filesystem/usr/local/bin/prof | 21 + filesystem/usr/local/bin/prof-backup | 5 +- .../etc/systemd/system/logrotate-fast.service | 3 +- mail-setup | 646 ++++++++++-------- .../share/konsole/ianktheme.colorscheme | 6 +- system-status | 2 +- transmission-firewall/netns.rules | 5 + 10 files changed, 450 insertions(+), 300 deletions(-) diff --git a/brc b/brc index e668afd..ed4b689 100644 --- a/brc +++ b/brc @@ -366,6 +366,7 @@ mysrc /a/bin/fai/fai/config/distro-install-common/bash-misc-funcs alias n=continue +# alias 3='f=(' # this crashes bash # quicker function definition alias 8='f(){' alias 9='};' @@ -374,8 +375,10 @@ alias 9='};' # * functions -# temporary functions -y() { +# temporary functions go here + + +y2() { m "${@//spring/fall}" } @@ -2873,6 +2876,7 @@ srestart() { } setini() { # set a value in a .ini style file + local key value section file key="$1" value="$2" section="$3" file="$4" if [[ -s $file ]]; then sed -ri -f - "$file" </dev/null; then ser enable $service @@ -2903,6 +2907,7 @@ sgo() { # service go } # service off soff () { + local service for service; do # ignore services that dont exist if systemctl cat $service &>/dev/null; then @@ -4197,11 +4202,43 @@ mvf() { mv "${f[@]}" "$dest" } -# f execute. +# Run command on existing global array. +# CMD... ${f[@]} fe() { "$@" "${f[@]}" } +# usage: CMD... ARGS_AS_ONE_WITH_NEWLINES +ef() { + local arg i imax + local -a cmd args + i=1 + arg_total="$#" + for arg; do + if [[ $arg == *$'\n'* ]]; then + mapfile -t args <<<"$arg" + imax=$(( ${#args[@]} - 1 )) + for (( i=0; i <= imax; i++ )); do + if [[ ! ${args[$i]} ]]; then + unset args[$i] + fi + done + # debug + echo ef debug: "${#cmd[@]}" "${cmd[@]}" , "${#args[@]}" "${args[@]}" + "${cmd[@]}" "${args[@]}" + return 0 + # in this case, there were no newlines, just 1 regular argument. + elif (( i == arg_total )); then + "${cmd[@]}" "$arg" + return 0 + + else + cmd+=("$arg") + fi + i=$(( i + 1 )) + done +} + # f maybe. # # usage: fm COMMAND... [-] FILES... diff --git a/brc2 b/brc2 index d7b2624..bf3409f 100644 --- a/brc2 +++ b/brc2 @@ -1983,7 +1983,7 @@ chro() { else cd / cmd="schroot -c bookworm chromium" - CHROMIUM_FLAGS='--enable-remote-extensions' $cmd "$@" & r + CHROMIUM_FLAGS='--enable-remote-extensions' $cmd -- "$@" & r fi } @@ -4597,7 +4597,7 @@ reml() { # rem with limit to 5 matches per file rep() { local paths - paths="/p/c" + paths="/p/c /p/profanity-config" find $paths -not \( -name .svn -prune -o -name .git -prune \ -o -name .hg -prune -o -name .editor-backups -prune \ -o -name .undo-tree-history -prune \) 2>/dev/null | grep -iP --color=auto -- "$*" ||: diff --git a/distro-end b/distro-end index 1d6a963..7d16f81 100755 --- a/distro-end +++ b/distro-end @@ -1259,9 +1259,20 @@ fi # old location, 2023. sudo rm -fv /etc/systemd/system/profanity.service + +# /p/profanity-config & /d/p/profanity-config should be synced to be the +# same if we make any changes to either one. +# +# rsync -ra /p/profanity-config/ frodo:/d/p/profanity-config +# rsync -ra /d/p/profanity-config/ /p/profanity-config +# +# /d/p/profanity-config exists so that we can run profanity on $d_host +# without necessarily having /p mounted, or having /p get temporarily +# unmounted and not screwing up the running profanity. /p/profanity-config +# exists so that we could run profanity on non-d_host, and we get our +# config backed up in the same way as other config files. case $HOSTNAME in $d_host) - # i dunno why i put it here ln -sfT /d/p/profanity ~/.local/share/profanity ln -sfT /d/p/profanity-config ~/.config/profanity if [[ $HOSTNAME == "$HOST2" || ! -e /p/profanity-here ]]; then diff --git a/filesystem/usr/local/bin/prof b/filesystem/usr/local/bin/prof index ee37bd4..8316316 100755 --- a/filesystem/usr/local/bin/prof +++ b/filesystem/usr/local/bin/prof @@ -43,3 +43,24 @@ else prof-tail | prof-notify & konsole --profile profanity -e tmux -L profanity a fi + + +# tree of profanity related processes: + +# prof +# export IANK_BASHRC_RUN="prof-remote $remote" +# konsole --profile profanity +# prof-remote $remote +# ssh -n $remote prof-tail | prof-notify & +# prof-tail +# emacs --daemon=profanity &>/dev/null +# ssh -t $remote tmux -L profanity a ||: + + +# on $remote +# /b/ds/subdir_files/.config/systemd/user/profanity.service +# /usr/bin/tmux -L profanity new-session -d profanity + +# /p/profanity-config/profrc & /d/p/profanity-config: +# compose.editor=/usr/local/bin/prof-irc +# ... (not finished documenting) diff --git a/filesystem/usr/local/bin/prof-backup b/filesystem/usr/local/bin/prof-backup index 369f9fa..b2db70e 100755 --- a/filesystem/usr/local/bin/prof-backup +++ b/filesystem/usr/local/bin/prof-backup @@ -54,8 +54,9 @@ fi source /p/c/domain-info if [[ $HOSTNAME != "$d_host" ]]; then - shell_pre="ssh iank@b8.nz" - rsync_pre=b8.nz: + ssh_host=frodo + shell_pre="ssh iank@$ssh_host" + rsync_pre=$ssh_host: fi if $shell_pre systemctl --user --quiet is-active profanity; then diff --git a/machine_specific/bitfolk/filesystem/etc/systemd/system/logrotate-fast.service b/machine_specific/bitfolk/filesystem/etc/systemd/system/logrotate-fast.service index 54bb56f..3e00c77 100644 --- a/machine_specific/bitfolk/filesystem/etc/systemd/system/logrotate-fast.service +++ b/machine_specific/bitfolk/filesystem/etc/systemd/system/logrotate-fast.service @@ -7,7 +7,8 @@ ConditionACPower=true [Service] Type=oneshot -ExecStart=/usr/sbin/logrotate /etc/logrotate-fast.conf +# iank: without -s, this will cause the normal logrotate to fail with an error like "cannot aquire lock". +ExecStart=/usr/sbin/logrotate -s /var/lib/logrotate/status-fast /etc/logrotate-fast.conf # performance options Nice=19 diff --git a/mail-setup b/mail-setup index 38a681f..ec651c8 100755 --- a/mail-setup +++ b/mail-setup @@ -47,9 +47,11 @@ # UPEX4OPTS='-o /etc/exim4/nn-mainlog.conf' # # The non-daemon config -# gets generated from this script calling update-exim4.conf -d /etc/nond-exim4 +# gets generated from this script calling update-exim4.conf -d /etc/nonn-exim4 # which has log path -# log_file_path = /var/log/exim4/nond%s +# log_file_path = /var/log/exim4/nonn%s +# +# On bk, there are 2 daemons, one is nn, one is not. # # On non bk|MAIL_HOST, the config and log file are all standard. # @@ -363,11 +365,13 @@ fi source /a/bin/fai/fai/config/distro-install-common/bash-misc-funcs setini() { + local key value section file key="$1" value="$2" section="$3" file="/etc/radicale/config" sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*${key}[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file" } -soff () { +soff() { + local service for service; do # ignore services that dont exist if systemctl cat $service &>/dev/null; then @@ -376,7 +380,7 @@ soff () { done } sre() { - local enabled + local enabled service for service; do m systemctl restart $service # Optimization for exim, @@ -391,10 +395,16 @@ sre() { fi done } +sgo() { + local service=$1 + systemctl restart $service + systemctl enable $service +} mailhost() { [[ $HOSTNAME == "$MAIL_HOST" ]] } reifactive() { + local service for service; do if systemctl is-active $service >/dev/null; then m systemctl restart $service @@ -402,6 +412,7 @@ reifactive() { done } stopifactive() { + local service for service; do if systemctl is-active $service >/dev/null; then m systemctl stop $service @@ -490,7 +501,10 @@ fi # light version of exim does not have sasl auth support. # note: for bitfolk hosts, unbound has important config with conflink. -pi-nostart exim4 exim4-daemon-heavy spamassassin unbound clamav-daemon wireguard rspamd +# +# note: rspamd would need to be here if we were using it. Note: these +# don't start, but they are enabled. +pi-nostart exim4 exim4-daemon-heavy spamassassin unbound clamav-daemon wireguard spamd_remove=spamassassin spamd_ser=spamd @@ -842,6 +856,20 @@ ExecStart=/bin/sleep infinity WantedBy=multi-user.target EOF +# note: anything added to nn_progs needs corresponding rm +# down below in the host switch +nn_progs=(exim4) +case $HOSTNAME in + $MAIL_HOST) + # Note dovecots lmtp doesnt need to be in the same nn to accept delivery. + # Its in the nn so remote clients can connect to it. + nn_progs+=($spamd_ser dovecot) + ;; + $MAIL_HOST|bk) + nn_progs+=($spamd_ser) + ;; +esac + u /etc/systemd/system/mailbindwatchdog.service <&2 echo 'ERROR: Invalid installer checksum' - rm composer-setup.php - exit 1 - fi - - php composer-setup.php --quiet - rm composer-setup.php + pi php-zip apache2 php-fpm + phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p') + fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm + ncdirs=(/var/www/ncexpertpath /var/www/ncninja) - # based on error when running composer - mkdir -p /var/www/.composer - chown www-data:www-data /var/www/.composer + ### begin php setup for roundcube and nextcloud ### + # Enable PHP modules. + m phpenmod -v php mcrypt imap + # dpkg says this is required. + # nextcloud needs these too + m a2enmod proxy_fcgi setenvif + m a2enconf $fpm + # 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading + # /etc/apache2/conf-enabled/php7.3-fpm.conf + m a2dismod php$phpver + # according to /install, we should set date.timezone, + # but that is dumb, the system already has the right zone in + # $rclogdir/errors.log + # todo: consider other settings in + # /a/opt/mailinabox/setup/nextcloud.sh + u /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF' +apc.enable_cli = 1 +EOF - ### end composer install rcdirs=(/usr/local/lib/rcexpertpath /usr/local/lib/rcninja) - ncdirs=(/var/www/ncexpertpath /var/www/ncninja) - # point debian cronjob to our local install, preventing daily cron error - - # debian's cronjob will fail, remove both paths it uses just to be sure - rm -fv /usr/share/roundcube/bin/cleandb.sh /etc/cron.d/roundcube-core - - #### begin dl roundcube - # note, im r2e subbed to https://github.com/roundcube/roundcubemail/releases.atom - v=1.4.13; f=roundcubemail-$v-complete.tar.gz - cd /root - if [[ -e $f ]]; then - timestamp=$(stat -c %Y $f) - else - timestamp=0 - fi - m wget -nv -N https://github.com/roundcube/roundcubemail/releases/download/$v/$f - new_timestamp=$(stat -c %Y $f) - for rcdir in ${rcdirs[@]}; do - if [[ $timestamp != "$new_timestamp" || ! -e "$rcdir/config/secret" ]]; then - m tar -C /usr/local/lib --no-same-owner -zxf $f - m rm -rf $rcdir - m mv /usr/local/lib/roundcubemail-$v $rcdir - fi - done - #### end dl roundcube for ((i=0; i < ${#bkdomains[@]}; i++)); do domain=${bkdomains[i]} - rcdir=${rcdirs[i]} - rcbase=${rcdir##*/} ncdir=${ncdirs[i]} - # copied from debians cronjob - u /etc/cron.d/$rcbase </dev/null -EOF + rcdir=${rcdirs[i]} m /a/exe/web-conf - apache2 $domain < - Options +FollowSymLinks - # This is needed to parse $rcdir/.htaccess. - AllowOverride All - Require all granted - -# Protecting basic directories: - - Options -FollowSymLinks - AllowOverride None - -### end roundcube settings +# ### begin roundcube settings + # Alias /roundcube $rcdir +# # taken from /etc/apache2/conf-available/roundcube.conf version 1.4.8+dfsg.1-1~bpo10+1 +# +# Options +FollowSymLinks +# # This is needed to parse $rcdir/.htaccess. +# AllowOverride All +# Require all granted +# +# # Protecting basic directories: +# +# Options -FollowSymLinks +# AllowOverride None +# +# ### end roundcube settings -### begin nextcloud settings +# ### begin nextcloud settings Alias /nextcloud "$ncdir/" Require all granted @@ -2682,185 +2684,258 @@ RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L] ### end nextcloud settings EOF - if [[ ! -e $rcdir/config/secret ]]; then - base64 $rcdir/config/secret || [[ $? == 141 || ${PIPESTATUS[0]} == 32 ]] - fi - secret=$(cat $rcdir/config/secret) - - rclogdir=/var/log/$rcbase - rctmpdir=/var/tmp/$rcbase - rcdb=/m/rc/$rcbase.sqlite - # config from mailinabox - u $rcdir/config/config.inc.php < array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), - ); -\$config['imap_timeout'] = 15; -\$config['smtp_server'] = 'tls://127.0.0.1'; -\$config['smtp_conn_options'] = array( - 'ssl' => array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), - ); -\$config['product_name'] = 'webmail'; -\$config['des_key'] = '$secret'; -\$config['plugins'] = array('archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'carddav', 'html5_notifier'); -\$config['skin'] = 'elastic'; -\$config['login_autocomplete'] = 2; -\$config['password_charset'] = 'UTF-8'; -\$config['junk_mbox'] = 'Spam'; -# disable builtin addressbook -\$config['address_book_type'] = ''; -?> -EOF - - m mkdir -p $rclogdir - m chmod 750 $rclogdir - m chown www-data:adm $rclogdir - # note: subscribed to updates: - # r2e add rcmcarddav https://github.com/blind-coder/rcmcarddav/commits/master.atom ian@iankelling.org - # r2e add roundcube https://github.com/roundcube/roundcubemail/releases.atom ian@iankelling.org - m mkdir -p $rctmpdir /m/rc - m chown -R www-data.www-data $rctmpdir /m/rc - m chmod 750 $rctmpdir - # todo: check for other mailinabox things - # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start. - m sudo -u www-data touch $rclogdir/errors.log - - #### begin carddav install - # This is the official roundcube carddav repo. - # Install doc suggests downloading with composer, but that - # didnt work, it said some ldap package for roundcube was missing, - # but I dont want to download some extra ldap thing. - # https://github.com/blind-coder/rcmcarddav/blob/master/doc/INSTALL.md - verf=$rcdir/plugins/carddav/myversion - upgrade=false - install=false - v=5.0.1 - if [[ -e $verf ]]; then - if [[ $(cat $verf) != "$v" ]]; then - install=true - upgrade=true - fi - else - install=true - fi - if $install; then - m rm -rf $rcdir/plugins/carddav - tmpd=$(mktemp -d) - m wget -nv -O $tmpd/t.tgz https://github.com/blind-coder/rcmcarddav/releases/download/v$v/carddav-v$v.tar.gz - cd $rcdir/plugins - tar xzf $tmpd/t.tgz - rm -rf $tmpd - m chown -R www-data:www-data $rcdir/plugins/carddav - m cd $rcdir/plugins/carddav - if $upgrade; then - m sudo -u www-data composer.phar update --no-dev - else - m sudo -u www-data composer.phar install --no-dev - fi - m chown -R root:root $rcdir/plugins/carddav - echo $v >$verf - fi + done + +fi + +# * roundcube setup + +# # roundcube disabled due to lack of real world use. +# # +# # +# # Note: currently, there is this problem: +# # /usr/local/lib/rcninja/bin/updatedb.sh --dir /usr/local/lib/rcninja/SQL --package roundcube +# # Unsupported PHP version. Required PHP >= 5.4 and < 8.0. +# # +# if [[ $HOSTNAME == bk ]]; then + + +# pi roundcube roundcube-sqlite3 + + +# ### begin composer install +# # https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md +# cd /usr/local/bin +# EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')" +# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" +# ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + +# if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] +# then +# >&2 echo 'ERROR: Invalid installer checksum' +# rm composer-setup.php +# exit 1 +# fi + +# php composer-setup.php --quiet +# rm composer-setup.php + +# # based on error when running composer +# mkdir -p /var/www/.composer +# chown www-data:www-data /var/www/.composer + +# ### end composer install + +# # point debian cronjob to our local install, preventing daily cron error + +# # debian's cronjob will fail, remove both paths it uses just to be sure +# rm -fv /usr/share/roundcube/bin/cleandb.sh /etc/cron.d/roundcube-core + +# #### begin dl roundcube +# # note, im r2e subbed to https://github.com/roundcube/roundcubemail/releases.atom +# v=1.4.13; f=roundcubemail-$v-complete.tar.gz +# cd /root +# if [[ -e $f ]]; then +# timestamp=$(stat -c %Y $f) +# else +# timestamp=0 +# fi +# m wget -nv -N https://github.com/roundcube/roundcubemail/releases/download/$v/$f +# new_timestamp=$(stat -c %Y $f) +# for rcdir in ${rcdirs[@]}; do +# if [[ $timestamp != "$new_timestamp" || ! -e "$rcdir/config/secret" ]]; then +# m tar -C /usr/local/lib --no-same-owner -zxf $f +# m rm -rf $rcdir +# m mv /usr/local/lib/roundcubemail-$v $rcdir +# fi +# done +# #### end dl roundcube + +# for ((i=0; i < ${#bkdomains[@]}; i++)); do +# domain=${bkdomains[i]} + +# rcdir=${rcdirs[i]} +# rcbase=${rcdir##*/} + +# # copied from debians cronjob +# u /etc/cron.d/$rcbase </dev/null +# EOF + + +# if [[ ! -e $rcdir/config/secret ]]; then +# base64 $rcdir/config/secret || [[ $? == 141 || ${PIPESTATUS[0]} == 32 ]] +# fi +# secret=$(cat $rcdir/config/secret) + +# rclogdir=/var/log/$rcbase +# rctmpdir=/var/tmp/$rcbase +# rcdb=/m/rc/$rcbase.sqlite +# # config from mailinabox +# u $rcdir/config/config.inc.php < array( +# 'verify_peer' => false, +# 'verify_peer_name' => false, +# ), +# ); +# \$config['imap_timeout'] = 15; +# \$config['smtp_server'] = 'tls://127.0.0.1'; +# \$config['smtp_conn_options'] = array( +# 'ssl' => array( +# 'verify_peer' => false, +# 'verify_peer_name' => false, +# ), +# ); +# \$config['product_name'] = 'webmail'; +# \$config['des_key'] = '$secret'; +# \$config['plugins'] = array('archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'carddav', 'html5_notifier'); +# \$config['skin'] = 'elastic'; +# \$config['login_autocomplete'] = 2; +# \$config['password_charset'] = 'UTF-8'; +# \$config['junk_mbox'] = 'Spam'; +# # disable builtin addressbook +# \$config['address_book_type'] = ''; +# ?> +# EOF + +# m mkdir -p $rclogdir +# m chmod 750 $rclogdir +# m chown www-data:adm $rclogdir +# # note: subscribed to updates: +# # r2e add rcmcarddav https://github.com/blind-coder/rcmcarddav/commits/master.atom ian@iankelling.org +# # r2e add roundcube https://github.com/roundcube/roundcubemail/releases.atom ian@iankelling.org +# m mkdir -p $rctmpdir /m/rc +# m chown -R www-data.www-data $rctmpdir /m/rc +# m chmod 750 $rctmpdir +# # todo: check for other mailinabox things +# # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start. +# m sudo -u www-data touch $rclogdir/errors.log + +# #### begin carddav install +# # This is the official roundcube carddav repo. +# # Install doc suggests downloading with composer, but that +# # didnt work, it said some ldap package for roundcube was missing, +# # but I dont want to download some extra ldap thing. +# # https://github.com/blind-coder/rcmcarddav/blob/master/doc/INSTALL.md +# verf=$rcdir/plugins/carddav/myversion +# upgrade=false +# install=false +# v=5.0.1 +# if [[ -e $verf ]]; then +# if [[ $(cat $verf) != "$v" ]]; then +# install=true +# upgrade=true +# fi +# else +# install=true +# fi +# if $install; then +# m rm -rf $rcdir/plugins/carddav +# tmpd=$(mktemp -d) +# m wget -nv -O $tmpd/t.tgz https://github.com/blind-coder/rcmcarddav/releases/download/v$v/carddav-v$v.tar.gz +# cd $rcdir/plugins +# tar xzf $tmpd/t.tgz +# rm -rf $tmpd +# m chown -R www-data:www-data $rcdir/plugins/carddav +# m cd $rcdir/plugins/carddav +# if $upgrade; then +# m sudo -u www-data composer.phar update --no-dev +# else +# m sudo -u www-data composer.phar install --no-dev +# fi +# m chown -R root:root $rcdir/plugins/carddav +# echo $v >$verf +# fi + +# # So, strangely, this worked in initial testing, but then +# # on first run it wouldn't show the existing contacts until +# # I went into the carddav settings and did "force immediate sync", +# # which seemed to fix things. Note, some of these settings +# # get initalized per/addressbook in the db, then need changing +# # there or through the settings menu. + +# # About categories, see https://www.davx5.com/tested-with/nextcloud +# # https://github.com/blind-coder/rcmcarddav/blob/master/doc/GROUPS.md +# u $rcdir/plugins/carddav/config.inc.php < 'Main', +# 'username' => '%u', // login username +# 'password' => '%p', // login password +# 'url' => 'https://$domain/nextcloud/remote.php/dav/addressbooks/users/%u/contacts', +# 'active' => true, +# 'readonly' => false, +# 'refresh_time' => '00:10:00', +# 'fixed' => array('username','password'), +# 'use_categories' => false, +# 'hide' => false, +# ); +# ?> +# EOF +# #### end carddav install + +# cd $rcdir/plugins +# if [[ ! -d html5_notifier ]]; then +# m git clone https://github.com/stremlau/html5_notifier +# fi +# cd $rcdir/plugins/html5_notifier +# m git pull --rebase + +# # todo: try out roundcube plugins: thunderbird labels + +# # Password changing plugin settings +# cat $rcdir/plugins/password/config.inc.php.dist - >$rcdir/plugins/password/config.inc.php <<'EOF' +# # following are from mailinabox +# $config['password_minimum_length'] = 8; +# $config['password_db_dsn'] = 'sqlite:////m/rc/users.sqlite'; +# $config['password_query'] = 'UPDATE users SET password=%D WHERE email=%u'; +# $config['password_dovecotpw'] = '/usr/bin/doveadm pw'; +# $config['password_dovecotpw_method'] = 'SHA512-CRYPT'; +# $config['password_dovecotpw_with_method'] = true; +# EOF +# # so PHP can use doveadm, for the password changing plugin +# m usermod -a -G dovecot www-data +# m usermod -a -G mail $u + +# # so php can update passwords +# m chown www-data:dovecot /m/rc/users.sqlite +# m chmod 664 /m/rc/users.sqlite + +# # Run Roundcube database migration script (database is created if it does not exist) +# m $rcdir/bin/updatedb.sh --dir $rcdir/SQL --package roundcube +# m chown www-data:www-data $rcdb +# m chmod 664 $rcdb +# done # end loop over domains and rcdirs + + +# # note bk backups are defined in crontab outside this file +# ### end php setup for rc ### + +# fi # end roundcube setup + + +# * nextcloud setup + +if [[ $HOSTNAME == bk ]]; then - # So, strangely, this worked in initial testing, but then - # on first run it wouldn't show the existing contacts until - # I went into the carddav settings and did "force immediate sync", - # which seemed to fix things. Note, some of these settings - # get initalized per/addressbook in the db, then need changing - # there or through the settings menu. - - # About categories, see https://www.davx5.com/tested-with/nextcloud - # https://github.com/blind-coder/rcmcarddav/blob/master/doc/GROUPS.md - u $rcdir/plugins/carddav/config.inc.php < 'Main', - 'username' => '%u', // login username - 'password' => '%p', // login password - 'url' => 'https://$domain/nextcloud/remote.php/dav/addressbooks/users/%u/contacts', - 'active' => true, - 'readonly' => false, - 'refresh_time' => '00:10:00', - 'fixed' => array('username','password'), - 'use_categories' => false, - 'hide' => false, -); -?> -EOF - #### end carddav install - - cd $rcdir/plugins - if [[ ! -d html5_notifier ]]; then - m git clone https://github.com/stremlau/html5_notifier - fi - cd $rcdir/plugins/html5_notifier - m git pull --rebase - - # todo: try out roundcube plugins: thunderbird labels - - # Password changing plugin settings - cat $rcdir/plugins/password/config.inc.php.dist - >$rcdir/plugins/password/config.inc.php <<'EOF' -# following are from mailinabox -$config['password_minimum_length'] = 8; -$config['password_db_dsn'] = 'sqlite:////m/rc/users.sqlite'; -$config['password_query'] = 'UPDATE users SET password=%D WHERE email=%u'; -$config['password_dovecotpw'] = '/usr/bin/doveadm pw'; -$config['password_dovecotpw_method'] = 'SHA512-CRYPT'; -$config['password_dovecotpw_with_method'] = true; -EOF - # so PHP can use doveadm, for the password changing plugin - m usermod -a -G dovecot www-data - m usermod -a -G mail $u - - # so php can update passwords - m chown www-data:dovecot /m/rc/users.sqlite - m chmod 664 /m/rc/users.sqlite - - # Run Roundcube database migration script (database is created if it does not exist) - m $rcdir/bin/updatedb.sh --dir $rcdir/SQL --package roundcube - m chown www-data:www-data $rcdb - m chmod 664 $rcdb - done # end loop over domains and rcdirs - - ### begin php setup for rc ### - # Enable PHP modules. - m phpenmod -v php mcrypt imap - # dpkg says this is required. - # nextcloud needs these too - m a2enmod proxy_fcgi setenvif - fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm - phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p') - m a2enconf $fpm - # 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading - # /etc/apache2/conf-enabled/php7.3-fpm.conf - m a2dismod php$phpver - # according to /install, we should set date.timezone, - # but that is dumb, the system already has the right zone in - # $rclogdir/errors.log - # todo: consider other settings in - # /a/opt/mailinabox/setup/nextcloud.sh - u /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF' -apc.enable_cli = 1 -EOF u /etc/php/$phpver/fpm/conf.d/30-local.ini <<'EOF' +# roundcube uses this presumably date.timezone = "America/New_York" # for nextcloud upload_max_filesize = 2000M @@ -2871,14 +2946,8 @@ EOF m systemctl restart $fpm # dunno if reload/restart is needed m systemctl reload apache2 - # note bk backups are defined in crontab outside this file - ### end php setup for rc ### - -fi # end roundcube setup -# * nextcloud setup -if [[ $HOSTNAME == bk ]]; then # from install checker, nextcloud/settings/admin/overview and # https://docs.nextcloud.com/server/19/admin_manual/installation/source_installation.html # curl from the web installer requirement, but i switched to cli @@ -3622,6 +3691,11 @@ EOF cat >>/etc/exim4/conf.d/main/000_local <> /etc/exim4/conf.d/data_local_acl <<'EOF' @@ -3640,7 +3714,7 @@ warn warn # fdate = future date. # tdate = temporary date. - condition = ${if def:h_fdate} + condition = ${if def:h_fdate:} remove_header = fdate: add_header = tdate: control = freeze @@ -3673,7 +3747,7 @@ EOF # defaults but no queue runner and alternate config dir QUEUERUNNER='no' COMMONOPTIONS='-oP /run/exim4/eximin.pid' -UPEX4OPTS='-d /etc/nond-exim4' +UPEX4OPTS='-d /etc/nonn-exim4' EOF echo bk.b8.nz > /etc/mailname @@ -3830,16 +3904,16 @@ case $HOSTNAME in m rsync -ra --delete --delete-excluded \ --exclude=/conf.d/router/161_backup_redir_nn \ --exclude=/conf.d/router/186_sentarchive_nn \ - --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/nond-exim4 - cat >>/etc/nond-exim4/conf.d/main/000_local <<'EOF' + --exclude=/conf.d/main/000_local-nn /etc/exim4/ /etc/nonn-exim4 + cat >>/etc/nonn-exim4/conf.d/main/000_local <<'EOF' # this makes it easier to see which exim is doing what -log_file_path = /var/log/exim4/nond%s +log_file_path = /var/log/exim4/nonn%s EOF cat >/etc/logrotate.d/myexim <<'EOF' -/var/log/exim4/nondmain /var/log/exim4/nondreject { +/var/log/exim4/nonnmain /var/log/exim4/nonnreject { daily missingok rotate 1000 @@ -3847,7 +3921,7 @@ EOF notifempty nocreate } -/var/log/exim4/nondpanic { +/var/log/exim4/nonnpanic { size 10M missingok rotate 10 @@ -3861,9 +3935,9 @@ EOF # If we ever wanted to have a separate spool, # we could do it like this. # cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF' - # spool_directory = /var/spool/nond-exim4 + # spool_directory = /var/spool/nonn-exim4 # EOF - cat >>/etc/nond-exim4/update-exim4.conf.conf <<'EOF' + cat >>/etc/nonn-exim4/update-exim4.conf.conf <<'EOF' dc_eximconfig_configtype='smarthost' dc_smarthost='nn.b8.nz' EOF @@ -3871,14 +3945,14 @@ EOF bk) # config for the non-nn exim - cat >>/etc/nond-exim4/conf.d/main/000_local <<'EOF' + cat >>/etc/nonn-exim4/conf.d/main/000_local <<'EOF' MAIN_HARDCODE_PRIMARY_HOSTNAME = mail2.iankelling.org EOF ;; $MAIL_HOST) - u /etc/nond-exim4/conf.d/router/185_sentarchive <<'EOF' + u /etc/nonn-exim4/conf.d/router/185_sentarchive <<'EOF' sentarchive: driver = redirect domains = ! +local_domains @@ -3888,7 +3962,7 @@ sentarchive: unseen EOF - u /etc/nond-exim4/conf.d/router/160_backup_redir <<'EOF' + u /etc/nonn-exim4/conf.d/router/160_backup_redir <<'EOF' backup_redir: driver = redirect # i dont email myself from my own machine much, so lets ignore that. @@ -3905,7 +3979,7 @@ backup_redir: EOF # for bk, we have a exim4in.service that will do this for us. - m update-exim4.conf -d /etc/nond-exim4 + m update-exim4.conf -d /etc/nonn-exim4 ;; esac @@ -4227,7 +4301,7 @@ case $HOSTNAME in : ;; *) - soff radicale mailclean.timer dovecot $spamd_ser rspamd $vpnser mailnn clamav-daemon unbound + soff radicale mailclean.timer dovecot $spamd_ser $vpnser mailnn clamav-daemon unbound ;; esac diff --git a/subdir_files/.local/share/konsole/ianktheme.colorscheme b/subdir_files/.local/share/konsole/ianktheme.colorscheme index 1b4102d..7cc4f45 100644 --- a/subdir_files/.local/share/konsole/ianktheme.colorscheme +++ b/subdir_files/.local/share/konsole/ianktheme.colorscheme @@ -1,13 +1,13 @@ # iank: did create new from black on white, then changed # background to #f6f6f6 [Background] -Color=246,246,246 +Color=226,226,226 [BackgroundFaint] -Color=246,246,246 +Color=226,226,226 [BackgroundIntense] -Color=246,246,246 +Color=226,226,226 [Color0] Color=0,0,0 diff --git a/system-status b/system-status index 95cf0c0..1558f0a 100755 --- a/system-status +++ b/system-status @@ -431,7 +431,7 @@ write-status() { fi mtest_found=false # shellcheck disable=SC2013 # these are words - for t in $(grep -E ^mailtest_check_last_usec $mprom | awk '{print $NF}'); do + for t in $(grep -E ^mailtest_check_last_usec $mprom | awk '{print $NF}' || [[ $? == 1 ]]); do if (( t + 60 * 20 < EPOCHSECONDS )); then mtest_found=true fi diff --git a/transmission-firewall/netns.rules b/transmission-firewall/netns.rules index 110b1a9..252d51c 100644 --- a/transmission-firewall/netns.rules +++ b/transmission-firewall/netns.rules @@ -34,6 +34,11 @@ -A OUTPUT -p tcp -m tcp --sport 9091 -j ACCEPT -A INPUT -p tcp -m tcp --dport 9091 -j ACCEPT +# archivebox +-A OUTPUT -d 10.174.34.1 -p tcp -m tcp --dport 8000 -j ACCEPT +-A INPUT -s 10.174.34.1 -p tcp -m tcp --sport 8000 -j ACCEPT + + # 1196 is used by mullvad -A OUTPUT -p udp -m udp --dport 1196 -j ACCEPT -A INPUT -p udp -m udp --sport 1196 -j ACCEPT -- 2.30.2