;;
esac
-i /etc/systemd/system/wg-quick@wgmail.service.d/override.conf <<EOF
+case $HOSTNAME in
+ li) : ;;
+ *)
+ i /etc/systemd/system/wg-quick@wgmail.service.d/override.conf <<EOF
[Unit]
Requires=mailnn.service
After=network.target mailnn.service
JoinsNamespaceOf=mailnn.service
BindsTo=mailnn.service
+StartLimitIntervalSec=0
[Service]
PrivateNetwork=true
# i dont think we need any of these, but it doesnt hurt to stay consistent
BindPaths=$bindpaths
+
+Restart=on-failure
+RestartSec=20
EOF
+ ;;
+esac
+
# https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
i /etc/systemd/system/mailvpn.service <<EOF
BindPaths=$bindpaths
Restart=always
# time to sleep before restarting a service
-RestartSec=1
+RestartSec=20
[Install]
WantedBy=multi-user.target
ExecStart=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns -n 10.173.8 start mail
ExecStop=/usr/bin/flock -w 20 /tmp/newns.flock /a/bin/newns/newns stop mail
Restart=always
-RestartSec=10
+RestartSec=20
[Install]
ExecStart=/usr/local/bin/mailbindwatchdog $vpnser ${nn_progs[@]} unbound.service radicale.service
Restart=always
# time to sleep before restarting a service
-RestartSec=1
+RestartSec=10
[Install]
WantedBy=multi-user.target
BindPaths=$bindpaths
Restart=always
-RestartSec=1
+RestartSec=20
EOF
# sooo, there are a few ways to get traffic from the mail network
BindPaths=$bindpaths
Restart=always
-RestartSec=1
+RestartSec=20
EOF
done
;;
case $HOSTNAME in
$MAIL_HOST)
sed -i "/^user:/d" /etc/aliases
- ;;
+ ;;
*)
if ! grep -q "^$user:" /etc/aliases; then
echo "$user: root" |m tee -a /etc/aliases
BindPaths=$bindpaths
Restart=always
# time to sleep before restarting a service
-RestartSec=1000
+RestartSec=20
[Install]
# for openvpn
# this avoids some error. i cant remember what. todo:
# test it out and document why/if its needed.
-# i /etc/exim4/host_local_deny_exceptions <<'EOF'
-# mail.fsf.org
-# *.posteo.de
-# EOF
+ # i /etc/exim4/host_local_deny_exceptions <<'EOF'
+ # mail.fsf.org
+ # *.posteo.de
+ # EOF
# cron email from smarthost hosts will automatically be to
# USER@FQDN. I redirect that to alerts@, on the smarthosts, but in
[Service]
Restart=always
# time to sleep before restarting a service
-RestartSec=1
+RestartSec=20
EOF
i /etc/default/exim4in <<'EOF'
EOF
# Bind to wghole to receive mailbackup.
- # todo: will wghole fail to start without internet connectivity?
- # if so, we need to set it automatically restart infinitely,
- # and same with exim.
wgholeip=$(sed -rn 's/^ *Address *= *([^/]+).*/\1/p' /etc/wireguard/wghole.conf)
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
dc_other_hostnames='eximbackup.b8.nz'
dc_local_interfaces='127.0.0.1;::1;$wgholeip'
EOF
+
+ # wghole & thus exim will fail to start without internet connectivity.
+ i /etc/systemd/system/exim4.service.d/backup.conf <<'EOF'
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+Restart=always
+RestartSec=20
+EOF
+
else
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# Note: If theres like a temporary problem where mail gets sent to
# instead of a permanent 5xx.
dc_local_interfaces='127.0.0.1;::1'
EOF
+ rm -fv /etc/systemd/system/exim4.service.d/backup.conf
fi
cat >>/etc/exim4/update-exim4.conf.conf <<EOF
dc_eximconfig_configtype='smarthost'
m rsync -ra --delete /etc/exim4/ /etc/myexim4
# If we ever wanted to have a separate spool,
# we could do it like this.
-# cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF'
-# spool_directory = /var/spool/myexim4
-# EOF
+ # cat >>/etc/exim4/conf.d/main/000_local-nn <<'EOF'
+ # spool_directory = /var/spool/myexim4
+ # EOF
cat >>/etc/myexim4/update-exim4.conf.conf <<'EOF'
dc_eximconfig_configtype='smarthost'
dc_smarthost='nn.b8.nz'
case $HOSTNAME in
$MAIL_HOST)
m systemctl --now enable mailbindwatchdog
- ;;
+ ;;
*)
soff mailbindwatchdog
;;