# See the License for the specific language governing permissions and
# limitations under the License.
-# todo: make quick backups of maildir, or deliver to multiple hosts.
+# TODO: copy dkim keys from within this file. its now done in conflink.
+# TODO: fix dkim key to b chmod 640, group Debian-exim
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
#### begin mail cert setup ###
f=/usr/local/bin/mail-cert-cron
cat >$f <<'EOF'
+#!/bin/bash
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
systemctl restart mailcert.timer
systemctl enable mailcert.timer
+# This symlink is only here to so I can use the
+# fsf mailman ansible role and trick its cert script
+# into doing nothing.
+/a/exe/lnf -T /etc/exim4/exim.crt /etc/letsencrypt/live/$(hostname -f)/fullchain.pem
+
##### end mailcert setup #####
# comon stuff
cat >$f <<'EOF'
#!/bin/bash
cd /etc
-wget -nv -N https://publicsuffix.org/list/public_suffix_list.dat
+wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
EOF
chmod 755 $f
cat >/etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
# running as user just because no need to run as root
-*/10 * * * * $u $f 2>&1 | log-once send-test-forward
-*/10 * * * * $u /usr/local/bin/mailtest-check 2>&1 | log-once -1 send-test-forward
-*/10 * * * * root chmod -R g+rw /m/md/bounces 2>&1 | log-once -1 bounces-chmod
+*/10 * * * * $u $f 2>&1 | /usr/local/bin/log-once send-test-forward
+*/10 * * * * $u /usr/local/bin/mailtest-check 2>&1 | /usr/local/bin/log-once -1 send-test-forward
+*/10 * * * * root chmod -R g+rw /m/md/bounces 2>&1 | /usr/local/bin/log-once -1 bounces-chmod
EOF
cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
else