# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later
+# todo:
+# on bk (and fsf servers that run multiple exim4 daemons, eg eximfsf2 and eximfsf3),
+# make it so that when exim is restarted due to package upgrades,
+# we also restart those daemons, which can be done like so, based on looking
+# at the prerm and postinst scripts of exim4-daemon-heavy.
+#
+# if [[ ! -e /usr/sbin/invoke-rc.d-diverted ]]; then
+# mv /usr/sbin/invoke-rc.d /usr/sbin/invoke-rc.d-diverted
+# dpkg --divert /usr/sbin/invoke-rc.d-diverted --no-rename /usr/sbin/invoke-rc.d
+# fi
+# /usr/sbin/invoke-rc.d:
+# #!/bin/bash
+# if [[ DPKG_MAINTSCRIPT_PACKAGE == exim4* && $1 == exim4 ]]; then
+# shift
+# ret=0
+# for daemon in exim4 eximfsf2 eximfsf3; do
+# /usr/sbin/invoke-rc.d-diverted $daemon "$@" || ret=$?
+# done
+# else
+# /usr/sbin/invoke-rc.d-diverted "$@"
+# fi
+
# Things I tend to forget. on MAIL_HOST, daemon runs with /etc/exim4/my.conf,
# due to /etc/default/exim4 containing:
# COMMONOPTIONS='-C /etc/exim4/my.conf'
#######
-# * perstent password instructions
-# Note: for cert cron, we need to manually run first to accept known_hosts
+# * perstent password instructions Note: for cert cron, we need to
+# manually run first to accept known_hosts
# # exim passwords:
# # for hosts which have all private files I just use the same user
LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE = /etc/exim4/conf.d/local_deny_exceptions_acl
acl_not_smtp = acl_check_not_smtp
+
+
+DEBBUGS_DOMAIN = b.b8.nz
+
EOF
if dpkg --compare-versions "$(dpkg-query -f='${Version}\n' --show exim4)" ge 4.94; then
# plus debug does not help.
# sudo -u radicale radicale -D
- # created password file with:
- # htpasswd -c /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
+ # created radicale password file with:
+ # htpasswd -c /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd ian
# chmod 640 /p/c/machine_specific/li/filesystem/etc/caldav-htpasswd
# # setup chgrp www-data in ./conflink
fi
+# * debbugs
+
+pi debbugs
+# missing dependency. apache error log:
+# Can't locate List/AllUtils.pm in @INC (you may need to install the List::AllUtils module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /var/lib/debbugs/www/cgi/pkgreport.cgi line 23.
+pi liblist-allutils-perl lynx
+# workarounds for broken debbugsconfig which is
+# itself deprecated. this is temporary before I
+# figure out how to install from git
+if [[ -e /usr/share/doc/debbugs/examples/text.gz ]]; then
+ gunzip /usr/share/doc/debbugs/examples/text.gz
+fi
+mkdir -p /etc/debbugs/indices
+debbugsconfig
+
+
+# ld for local debbugs
+/a/exe/web-conf -t -a 127.0.1.1 -p 80 -r /var/lib/debbugs/www - apache2 ld <<'EOF'
+# copied from debbugs upstream example
+<Directory /var/lib/debbugs/www>
+ Options Indexes SymLinksIfOwnerMatch MultiViews
+ DirectoryIndex index.html
+ Require all granted
+</Directory>
+
+ScriptAlias /cgi/ /var/lib/debbugs/www/cgi/
+<Directory "/var/lib/debbugs/www/cgi/">
+ AllowOverride None
+ Options ExecCGI SymLinksIfOwnerMatch
+ Require all granted
+</Directory>
+
+RewriteEngine on
+RewriteCond %{HTTP_USER_AGENT} .*apt-listbugs.*
+RewriteRule .* /apt-listbugs.html [R,L]
+
+# RewriteLog /org/bugs.debian.org/apache-rewrite.log
+# RewriteLogLevel 0
+
+#RewriteRule ^/$ http://www.debian.org/Bugs/
+RewriteRule ^/(robots\.txt|release-critical|apt-listbugs\.html)$ - [L]
+# The following two redirect to up-to-date pages
+RewriteRule ^/[[:space:]]*#?([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?bug=$1$2 [L,R,NE]
+RewriteRule ^/([^/+]*)([+])([^/]*)$ "/$1%%{%}2B$3" [N]
+RewriteRule ^/[Ff][Rr][Oo][Mm]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?submitter=$1 [PT,NE]
+# Commented out, 'cuz aj says it will crash master. (old master)
+# RewriteRule ^/[Ss][Ee][Vv][Ee][Rr][Ii][Tt][Yy]:([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?severity=$1 [L,R]
+RewriteRule ^/([^/]+\@.+)$ /cgi-bin/pkgreport.cgi?maint=$1 [PT,NE]
+RewriteRule ^/mbox:([[:digit:]][[:digit:]][[:digit:]]+)([;&].+)?$ /cgi-bin/bugreport.cgi?mbox=yes&bug=$1$2 [PT,NE]
+RewriteRule ^/src:([^/]+)$ /cgi-bin/pkgreport.cgi?src=$1 [PT,NE]
+RewriteRule ^/severity:([^/]+)$ /cgi-bin/pkgreport.cgi?severity=$1 [PT,NE]
+RewriteRule ^/tag:([^/]+)$ /cgi-bin/pkgreport.cgi?tag=$1 [PT,NE]
+# RewriteMap fix-chars int:noescape
+RewriteCond %{REQUEST_URI} ^/(Access\.html|Developer\.html|Reporting\.html|server-request\.html|server-control\.html|server-refcard\.html).* [NC]
+RewriteRule .* - [L]
+# PT|passthrough to bugreport.cgi and pkgreport.cgi
+RewriteRule ^/([0-9]+)$ /cgi-bin/bugreport.cgi?bug=$1 [PT,NE]
+RewriteRule ^/([^/]+)$ /cgi-bin/pkgreport.cgi?pkg=$1 [PT,NE]
+EOF
+
+
# * exim host conditional config
# ** exim certs
# ** $MAIL_HOST)
$MAIL_HOST)
+ if [[ ! -e /etc/exim4/no-delay-eximids ]]; then
+ install -o iank -g iank <(echo) /etc/exim4/no-delay-eximids
+ fi
+
+ u /etc/exim4/conf.d/transport/30_debbugs <<'EOF'
+debbugs_pipe:
+ debug_print = "T: debbugs_pipe for $local_part@$domain"
+ driver = pipe
+ command = /usr/lib/debbugs/receive
+ return_output
+EOF
+ # We dont want delays or backups for mail being stored locally.
+ # We could put domain exclusion on other routes, but going for
+ # higher priority instead.
+ u /etc/exim4/conf.d/router/153_debbugs <<'EOF'
+debbugs:
+ debug_print = "R: debbugs for $local_part@$domain"
+ driver = accept
+ transport = debbugs_pipe
+ local_parts = submit : bugs : maintonly : quiet : forwarded : \
+ done : close : request : submitter : control : ^\\d+
+ domains = DEBBUGS_DOMAIN
+
+bounce_debbugs:
+ debug_print = "R: bounce_debbugs for $local_part@$domain"
+ driver = redirect
+ allow_fail
+ data = :fail: Unknown user
+ domains = DEBBUGS_DOMAIN
+EOF
+
u /etc/exim4/conf.d/router/155_delay <<'EOF'
-By default, delay sending email by 30-40 minutes in case I
-change my mind.
+# By default, delay sending email by 30-40 minutes in case I
+# change my mind.
# Note, if we switch mail_host, the next queue run will
# send the message to mail_host and the delay will be reset.
;;
# ** not MAIL_HOST|bk|je
*)
+ echo|u /etc/exim4/conf.d/transport/30_debbugs
+ echo|u /etc/exim4/conf.d/router/153_debbugs
echo|u /etc/exim4/conf.d/router/155_delay
# this one should be removed for all non mail_hosts. note
# bk and je never become mail_host
m find / /nocow -xdev -path ./var/tmp -prune -o -gid $gid -execdir chgrp -h 608 {} +
fi
+
+# note: example config has a debbugs user,
+# but my exim runs setuid as Debian-exim so it can't switch
+# to another user. Anyways, I'm not exposing this to the
+# internet at this time. If I do, the thing to do would
+# be to use a sudo config (or sudo alternative). This
+# would be how to setup
+
+# IFS=:; read -r _ _ uid _ < <(getent passwd debbugs||:) ||:; unset IFS
+# if [[ ! $uid ]]; then
+# # /a/opt/debbugs/debian/README.mail
+# adduser --uid 610 --system --group --home /o/debbugs \
+# --no-create-home --disabled-login --force-badname debbugs
+# m find /o/debbugs -xdev -path ./var/tmp -prune -o -uid $uid -execdir chown -h 610 {} +
+# m find /o/debbugs -xdev -path ./var/tmp -prune -o -gid $gid -execdir chgrp -h 610 {} +
+# elif [[ $uid != 610 ]]; then
+# err debbugs exist but is not uid 610: investigate
+# fi
+
# * start / stop services
reifactive dnsmasq nscd
iankelling.org / git / distro-setup / blobdiff