#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+interactive=false
case $1 in
- # for first run, accept host key
+ # For first run, accept host key. Note, known_hosts is saved in /p.
-1)
opt=(-e 'ssh -oStrictHostKeyChecking=no')
+ shift
+ ;;
+ -i)
+ interactive=true
+ shift
;;
esac
f=/a/bin/bash_unpublished/source-state
if [[ -e $f ]]; then
+ # shellcheck source=/a/bin/bash_unpublished/source-state
source $f
fi
+try() {
+ local ret=0
+ "$@" || ret=$?
+ if $interactive && (( ret >=1 )); then
+ echo "$0: ERROR: exit $ret on: $*"
+ fi
+}
+
+# note: when certificate is expired, you will get this in /var/log/mail.log when k-9 mail tries to fetch:
+# imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.8.0.4, TLS handshaking: SSL_accept() failed: error:0A000416:SSL routines::sslv3 alert certificate unknown: SSL alert number 46, session=<EsdzzmAWosNKXpza
+
case $HOSTNAME in
$MAIL_HOST|bk)
- local_mx=mail.iankelling.org
# ||: is to allow for temporary connection issues.
- rsync ${opt[@]} -ogtL --chown=root:Debian-exim --chmod=640 \
- root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4 ||:
+ try rsync "${opt[@]}" -ogtL --chown=root:Debian-exim --chmod=640 \
+ root@li.iankelling.org:/etc/letsencrypt/live/mail.iankelling.org/{fullchain.pem,privkey.pem} /etc/exim4
if ! openssl x509 -checkend $(( 60 * 60 * 24 * 3 )) -noout -in /etc/exim4/fullchain.pem; then
echo "$0: error!: cert rsync failed and it will expire in less than 3 days"
exit 1
iankelling.org / git / distro-setup / blobdiff