From b72b3c72d96a83791376f9d3d3832e2369b2f274 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sun, 1 Nov 2020 20:07:31 -0500
Subject: [PATCH] bring radicale-setup into mail-setup

---
 brc2           |  28 ++++----
 distro-end     |   5 --
 mail-setup     | 190 ++++++++++++++++++++++++++++++++++++++-----------
 radicale-setup | 144 -------------------------------------
 4 files changed, 163 insertions(+), 204 deletions(-)
 delete mode 100755 radicale-setup

diff --git a/brc2 b/brc2
index a2810f2..6d6991a 100644
--- a/brc2
+++ b/brc2
@@ -224,21 +224,7 @@ astudio() {
 
 # $ dig ns1.gnu.org @b0.org.afilias-nst.org.
 
-bindpush() {
-  lipush || return 1
-  for h in li; do
-    sl $h <<'EOF' || return 1
-set -e
-source ~/.bashrc
-conflink
-f=/var/lib/bind/db.b8.nz
-ser stop bind9
-sudo rm -fv $f.jnl
-sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f
-ser restart bind9
-EOF
-  done
-}
+# todo: make sm pull/push use systemd instead of the journal cat command
 bbk() { # btrbk wrapper
 
   c /
@@ -347,6 +333,18 @@ bkpush() { # no emacs. for running faster.
 }
 
 
+bindpush() {
+  lipush || return 1
+  for h in li bk; do
+    sl $h <<'EOF' || return 1
+set -e
+source ~/.bashrc
+dnsup
+dnsb8
+EOF
+  done
+}
+
 dnsup() {
   conflink
   ser reload bind9
diff --git a/distro-end b/distro-end
index af816c3..87e35a9 100755
--- a/distro-end
+++ b/distro-end
@@ -816,15 +816,10 @@ if [[ -e /p/c/gen-fsf-vpn ]]; then
   /p/c/gen-fsf-vpn
 fi
 
-if mountpoint /o &>/dev/null; then
-  m /a/bin/distro-setup/radicale-setup
-fi
-
 if [[ $HOSTNAME == frodo ]]; then
   vpn-mk-client-cert -b frodo -n hole iankelling.org
 fi
 
-
 ############# begin syncthing setup ###########
 if [[ $HOSTNAME == frodo ]]; then
   # It\'s simpler to just worry about running it in one place for now.
diff --git a/mail-setup b/mail-setup
index 046c8d9..1798fd6 100755
--- a/mail-setup
+++ b/mail-setup
@@ -3,11 +3,15 @@
 # Copyright (C) 2019 Ian Kelling
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+# todo: we should test failed mail daily or so
+# failed cronjob, failed sysd-log-once,
+# a local bounce from a cronjob, a local bounce
+# to a bad remote address, perhaps a local failure
+# when the sending daemon is down.
+# And send an alert email if no alerts have been sent
+# in 2 or 3 days or something.
+
 # todo: look at mailinabox extra dns records
-#
-# todo: i think daemon-reload
-# is being called when it shouldnt when rereunning we are probably
-# updating systemd config file that doesnt need to be or something.
 
 # todo: mailtest-check failure on remote hosts is not going to alert me.
 # sort that out.
@@ -81,10 +85,12 @@ else
   exit 1
 fi
 source /a/bin/distro-functions/src/identify-distros
+source /a/bin/distro-functions/src/package-manager-abstractions
 
 # has nextcloud_admin_pass in it
 f=/p/c/machine_specific/$HOSTNAME/mail
 if [[ -e $f ]]; then
+  # shellcheck source=/p/c/machine_specific/bk/mail
   source $f
 fi
 
@@ -244,6 +250,11 @@ i() { # install file
   fi
   rm -rf $tmpdir
 }
+setini() {
+  key="$1" value="$2" section="$3"
+  file="/etc/radicale/config"
+  sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
+}
 soff () {
   for service; do
     m systemctl stop $service;
@@ -262,30 +273,10 @@ sstart() {
     m systemctl enable $service;
   done
 }
-e() { printf "%s\n" "$*"; }
-pi() { # package install without starting daemons
-  local f
-  if dpkg -s -- "$@" &> /dev/null; then
-    return 0;
-  fi;
-  while fuser /var/lib/dpkg/lock &>/dev/null; do sleep 1; done
-  f=/var/cache/apt/pkgcache.bin;
-  if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
-    m apt-get update
-  fi
-  f=/usr/sbin/policy-rc.d
-  dd of=$f 2>/dev/null <<EOF
-#!/bin/sh
-exit 101
-EOF
-  chmod +x $f
-  ret=
-  DEBIAN_FRONTEND=noninteractive m apt-get -y install --purge --auto-remove "$@" || ret=$?
-  rm $f
-  if [[ $ret ]]; then
-    err-exit $ret "failed apt-get install above"
-  fi
+mailhost() {
+  [[ $HOSTNAME == "$MAIL_HOST" ]]
 }
+e() { printf "%s\n" "$*"; }
 reifactive() {
   for service; do
     if systemctl is-active $service >/dev/null; then
@@ -319,7 +310,7 @@ if [[ ! $MAIL_HOST ]]; then
 fi
 
 
-## * Install packages
+# * Install universal packages
 
 if [[ $(debian-codename-compat) == bionic ]]; then
   cat >/etc/apt/preferences.d/spamassassin <<'EOF'
@@ -355,7 +346,7 @@ fi
 
 # our nostart pi fails to avoid enabling
 
-### * user forward file
+# * user forward file
 case $HOSTNAME in
   $MAIL_HOST)
     # afaik, these will get ignored on MAIL_HOST because they are routing to my own
@@ -485,13 +476,6 @@ case $HOSTNAME in
     for unit in ${nn_progs[@]}; do
       i /etc/systemd/system/$unit.service.d/nn.conf <<'EOF'
 [Unit]
-JoinsNamespaceOf=mailnn.service
-
-[Service]
-PrivateNetwork=true
-EOF
-      i /etc/systemd/system/$unit.service.d/nn.conf <<'EOF'
-[Unit]
 After=network.target
 Requires=mailvpn.service
 After=mailvpn.service
@@ -511,7 +495,6 @@ EOF
     done
     ;;
   *)
-    reload=false
     for unit in exim4 spamassassin; do
       f=/etc/systemd/system/$unit.service.d/nn.conf
       if [[ -s $f ]]; then
@@ -693,7 +676,7 @@ m sed -i --follow-symlinks -f - /etc/aliases <<EOF
 EOF
 
 rm -vf /etc/exim4/conf.d/main/000_localmacros # old filename
-i /etc/exim4/conf.d/main/000_local <<EOF
+cat >/etc/exim4/conf.d/main/000_local <<EOF
 MAIN_TLS_ENABLE = true
 
 # debian exim config added this in 2016 or so?
@@ -754,6 +737,8 @@ hostlist iank_trusted = <; \\
 10.8.0.0/24; 2600:3c00:e000:280::/64 ; \\
 # bk bk_ip6
 85.119.83.50 ; 2001:ba8:1f1:f0c9::2 ; \\
+# je je_ipv6
+85.119.82.128 ; 2001:ba8:1f1:f09d::2 ; \\
 # fsf_mit_net fsf_mit_net_ip6 fsf_net fsf_net_ip6 fsf_office_net
 18.4.89.0/24 ; 2603:3005:71a:2e00::/64 ; 209.51.188.0/24 ; 2001:470:142::/48 ; 74.94.156.208/28
 EOF
@@ -855,6 +840,128 @@ dc_mailname_in_oh='true'
 EOF
 
 
+# * radicale
+if mailhost; then
+  if ! mountpoint /o; then
+    echo "error /o is not a mountpoint" >&2
+    exit 1
+  fi
+
+  # davx/davdroid setup instructions at the bottom
+
+  # main docs:
+  # http://radicale.org/user_documentation/
+  # https://davdroid.bitfire.at/configuration/
+
+  # note on debugging: if radicale can't bind to the address,
+  # in the log it just says "Starting Radicale". If you run
+  # it in the foreground, it will give more info. Background
+  # plus debug does not help.
+  # sudo -u radicale radicale -D -f
+
+  # created password file with:
+  # htpasswd -c /etc/davpass dav
+
+  pi-nostart radicale
+
+  i /etc/systemd/system/radicale.service.d/override.conf <<EOF
+[Unit]
+# this unit is configured to start and stop whenever
+# openvpn-client-mail@mail does
+After=network.target
+BindsTo=mailvpn.service
+After=mailvpn.service
+JoinsNamespaceOf=mailnn.service
+
+[Service]
+PrivateNetwork=true
+BindPaths=/etc/nn-resolv:/run/systemd/resolve:norbind
+
+[Install]
+RequiredBy=mailvpn.service
+EOF
+
+
+  # use persistent uid/gid
+  IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS
+  IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS
+  if [[ $uid != 609 ]]; then
+    m systemctl stop radicale ||:
+    m usermod -u 609 radicale
+    m groupmod -g 609 radicale
+    m usermod -g 609 radicale
+  fi
+  m find /o/radicale  -xdev -exec chown -h 609 {} +
+  m find /o/radicale -xdev -exec chgrp -h 609 {} +
+
+
+  # I moved /var/lib/radicale after it's initialization.
+  # I did a sudo -u radicale git init in the collections subfolder
+  # after it gets created, per the git docs.
+  m /a/exe/lnf -T /o/radicale /var/lib/radicale
+
+  # from https://www.williamjbowman.com/blog/2015/07/24/setting-up-webdav-caldav-and-carddav-servers/
+
+  # more config is for li in distro-end
+
+  # coment in this file says this is needed for it to run on startup
+  sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale
+
+  # comments say default is 0.0.0.0:5232
+  m setini hosts 10.8.0.4:5232 server
+
+  # disable power management feature, set to 240 min sync interval,
+  # so it shouldn't be bad.
+
+  # davdroid from f-druid.
+  # login with url and user name
+  # url https://cal.iankelling.org/ian
+  # username ian
+  # pass, see password manager for radicale
+  #
+  # add account dialog:
+  #
+  # set account name as ian@iankelling.org, per help text below the
+  # field.
+  #
+  # switch to groups are per-contact categories,
+  # per https://davdroid.bitfire.at/configuration/radicale/
+  #
+  #
+  # After setting up account, I added one address book, named
+  # ianaddr. calender was already created, named ian. checked boxes under
+  # both. synced.
+  #
+  # To restore from old phone to new phone, I wiped all data out, then copied over the newly created files. I think
+  #
+  # ignorable background info:
+  #
+  # opentasks uses the calendar file.
+  #
+  # The address book I created got a uuid as a name for the file. Note
+  # the .props file says if it's a calendar or addressbook.
+  #
+  # When debugging, tailed /var/log/radicale/radicale.log and apache log,
+  # both show the requests happening. Without creating the address book,
+  # after creating a contact, a sync would delete it.
+  #
+  # Address books correspond to .props files in the radicale dir.
+  #
+  #  Some background is here,
+  # https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
+  # which shows separate vcard option is from rfc 6350, the other is 2426,
+  # radicale page says it implements the former not the latter,
+  # which conflicts with the documentation of which to select, but whatever.
+  # http://radicale.org/technical_choices/
+  # https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
+  #
+  # Note, url above says only cayanogenmod 13+ and omnirom can manage groups.
+
+  # Note, radicale had built-in git support to track changes, but they
+  # removed it in 2.0.
+
+fi
+
 # * dovecot
 
 case $HOSTNAME in
@@ -1964,14 +2071,17 @@ case $HOSTNAME in
     # If mailvpn has changes, id rather manually restart it, id rather
     # not restart and lose connectivity.
     sstart mailnn mailvpn
-    ;;
+    ;;&
   $MAIL_HOST|bk|je)
     # start spamassassin/dovecot before exim.
     sre dovecot spamassassin
     sstart mailclean.timer
+    ;;&
+  $MAIL_HOST)
+    sstart radicale
     ;;
   *)
-    soff mailclean.timer dovecot spamassassin mailvpn mailnn
+    soff radicale mailclean.timer dovecot spamassassin mailvpn mailnn
     ;;
 esac
 
diff --git a/radicale-setup b/radicale-setup
deleted file mode 100755
index 0334a25..0000000
--- a/radicale-setup
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/bin/bash
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-if [[ -e /b/errhandle/err ]]; then
-  source /b/errhandle/err
-else
-  set -eE -o pipefail
-  trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-fi
-
-if ! mountpoint /o; then
-  echo "error /o is not a mountpoint" >&2
-  exit 1
-fi
-
-source /a/bin/bash_unpublished/source-state
-source /a/bin/distro-functions/src/package-manager-abstractions
-# davx/davdroid setup instructions at the bottom
-
-# main docs:
-# http://radicale.org/user_documentation/
-# https://davdroid.bitfire.at/configuration/
-
-# note on debugging: if radicale can't bind to the address,
-# in the log it just says "Starting Radicale". If you run
-# it in the foreground, it will give more info. Background
-# plus debug does not help.
-# sudo -u radicale radicale -D -f
-
-# created password file with:
-# htpasswd -c /etc/davpass dav
-
-d=/etc/systemd/system/radicale.service.d
-mkdir -p $d
-cat >$d/override.conf <<EOF
-[Unit]
-# this unit is configured to start and stop whenever
-# openvpn-client-mail@mail does
-After=network.target
-BindsTo=mailvpn.service
-After=mailvpn.service
-JoinsNamespaceOf=mailnn.service
-
-[Service]
-PrivateNetwork=true
-BindPaths=/etc/nn-resolv:/run/systemd/resolve:norbind
-
-[Install]
-RequiredBy=mailvpn.service
-EOF
-systemctl daemon-reload
-
-pi-nostart radicale
-
-# use persistent uid/gid
-IFS=:; read -r _ _ uid _ < <(getent passwd radicale ); unset IFS
-IFS=:; read -r _ _ gid _ < <(getent group radicale ); unset IFS
-if [[ $uid != 609 ]]; then
-  systemctl stop radicale ||:
-  usermod -u 609 radicale
-  groupmod -g 609 radicale
-  usermod -g 609 radicale
-fi
-log_p=/var/log/radicale
-[[ -d $log_p ]] || log_p=
-find /o/radicale  -xdev -exec chown -h 609 {} +
-find /o/radicale -xdev -exec chgrp -h 609 {} +
-
-
-# I moved /var/lib/radicale after it's initialization.
-# I did a sudo -u radicale git init in the collections subfolder
-# after it gets created, per the git docs.
-/a/exe/lnf -T /o/radicale /var/lib/radicale
-
-# from https://www.williamjbowman.com/blog/2015/07/24/setting-up-webdav-caldav-and-carddav-servers/
-
-# more config is for li in distro-end
-
-# coment in this file says this is needed for it to run on startup
-sed -ri 's/^\s*#+\s*(ENABLE_RADICALE\s*=\s*yes\s*)/\1/' /etc/default/radicale
-
-setini() {
-  key="$1" value="$2" section="$3"
-  file="/etc/radicale/config"
-  sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*$key[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
-}
-
-# comments say default is 0.0.0.0:5232
-setini hosts 10.8.0.4:5232 server
-
-if [[ $HOSTNAME == $MAIL_HOST ]]; then
-  systemctl start radicale
-fi
-
-# disable power management feature, set to 240 min sync interval,
-# so it shouldn't be bad.
-
-# davdroid from f-druid.
-# login with url and user name
-# url https://cal.iankelling.org/ian
-# username ian
-# pass, see password manager for radicale
-#
-# add account dialog:
-#
-# set account name as ian@iankelling.org, per help text below the
-# field.
-#
-# switch to groups are per-contact categories,
-# per https://davdroid.bitfire.at/configuration/radicale/
-#
-#
-# After setting up account, I added one address book, named
-# ianaddr. calender was already created, named ian. checked boxes under
-# both. synced.
-#
-# To restore from old phone to new phone, I wiped all data out, then copied over the newly created files. I think
-#
-# ignorable background info:
-#
-# opentasks uses the calendar file.
-#
-# The address book I created got a uuid as a name for the file. Note
-# the .props file says if it's a calendar or addressbook.
-#
-# When debugging, tailed /var/log/radicale/radicale.log and apache log,
-# both show the requests happening. Without creating the address book,
-# after creating a contact, a sync would delete it.
-#
-# Address books correspond to .props files in the radicale dir.
-#
-#  Some background is here,
-# https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
-# which shows separate vcard option is from rfc 6350, the other is 2426,
-# radicale page says it implements the former not the latter,
-# which conflicts with the documentation of which to select, but whatever.
-# http://radicale.org/technical_choices/
-# https://davdroid.bitfire.at/faq/entry/cant-manage-groups-on-device/
-#
-# Note, url above says only cayanogenmod 13+ and omnirom can manage groups.
-
-# Note, radicale had built-in git support to track changes, but they
-# removed it in 2.0.
-- 
2.30.2