X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=mail-setup;h=6f96982c559c23c9542856f1efda1a145321966e;hp=3dd3e970cde04fb3a77618c64b6e1e748c9f88f1;hb=7f759d320592e791a62cd0a966350e8c53ee0976;hpb=165008e5b82c81ebff1061c8f8294c3bc6e9dced

diff --git a/mail-setup b/mail-setup
index 3dd3e97..6f96982 100755
--- a/mail-setup
+++ b/mail-setup
@@ -171,7 +171,9 @@ smarthost="$mxhost::$mxport"
 
 ## * Install packages
 # light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn dnsmasq
+pi exim4-daemon-heavy spamassassin spf-tools-perl dnsmasq openvpn
+# our nostart pi fails to avoid enabling
+sudo systemctl disable openvpn
 
 # trisquel 8 = openvpn, debian stretch = openvpn-client
 vpn_ser=openvpn-client
@@ -308,6 +310,8 @@ if [[ -e $f ]]; then
 fi
 if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
     local_mx=mail.iankelling.org
+    mkdir -p /etc/letsencrypt/live/$local_mx
+    chmod 700 /etc/letsencrypt/live
     rsync_common="rsync -ogtL --chown=root:Debian-exim --chmod=640 root@li.iankelling.org:/etc/letsencrypt/live/$local_mx/"
     ${rsync_common}fullchain.pem /etc/exim4/exim.crt
     ret=$?
@@ -358,6 +362,10 @@ m systemctl enable mailcert.timer
 # * common exim4 config
 source /a/bin/bash_unpublished/source-state
 
+if [[ ! $MAIL_HOST ]]; then
+  err "\$MAIL_HOST not set"
+fi
+
 m sudo gpasswd -a iank adm #needed for reading logs
 
 
@@ -378,6 +386,13 @@ for d in /Maildir /root/Maildir; do
   m ln -sf -T /m/md/bounces $d
 done
 
+# Note, even the server needs permissions of this file right
+# if it exists, so do this up here.
+f=/p/c/filesystem/etc/exim4/passwd.client
+if [[ ! -e $f ]]; then
+  f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+fi
+m sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
 
 # by default, only 10 days of logs are kept. increase that.
 m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
@@ -834,11 +849,6 @@ EOF
 
     hostname -f >/etc/mailname
 
-    f=/p/c/filesystem/etc/exim4/passwd.client
-    if [[ ! -e $f ]]; then
-      f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
-    fi
-    m sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
 
     ;;&
   ## we use this host to monitor MAIL_HOST