various fixes

[distro-setup] / mail-setup

diff --git a/mail-setup b/mail-setup
index c313c46da685e41f4381bcadbb9cee071df3be50..b97f3b929a5fd4f1f16105d9c8bcadf8c66951e5 100755 (executable)
--- a/mail-setup
+++ b/mail-setup
@@ -15,7 +15,8 @@ set -x
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# todo: make quick backups of maildir, or deliver to multiple hosts.
+# TODO: copy dkim keys from within this file. its now done in conflink.
+# TODO: fix dkim key to b chmod 640, group Debian-exim
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
@@ -340,6 +341,7 @@ EOF
 #### begin mail cert setup ###
 f=/usr/local/bin/mail-cert-cron
 cat >$f <<'EOF'
+#!/bin/bash
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
@@ -396,6 +398,11 @@ systemctl start mailcert
 systemctl restart mailcert.timer
 systemctl enable mailcert.timer
 
+# This symlink is only here to so I can use the
+# fsf mailman ansible role and trick its cert script
+# into doing nothing.
+/a/exe/lnf -T /etc/exim4/exim.crt /etc/letsencrypt/live/$(hostname -f)/fullchain.pem
+
 ##### end mailcert setup #####
 
 # comon stuff