Various fixes and features along with it.
# SPDX-License-Identifier: AGPL-3.0-or-later
# this gets sourced. shebang is just for file mode detection
-# note, to catch errors in functions but not outside, do:
-# set -E -o pipefail
-# trap return ERR
-# trap 'trap ERR' RETURN
-
+source /a/bin/errhandle/err
# * settings
export PAGER=cat
export MANPAGER=cat
# scp completion does not work, but this doesnt fix it. todo, figure this out
- complete -r scp &> /dev/null
+ #complete -r scp &> /dev/null
# todo, remote file completion fails, figure out how to turn it off
export NODE_DISABLE_COLORS=1
# This gets rid of ugly terminal escape chars in node repl
}
hr() { # horizontal row. used to break up output
- printf "$(tput setaf 5)█$(tput sgr0)%.0s" $(seq ${COLUMNS:-60})
+
+ printf "$(tput setaf 5)█$(tput sgr0)%.0s" $(eval echo {1..${COLUMNS:-60}})
echo
}
local return=$? # this MUST COME FIRST
local ps_char ps_color
unset IFS
+
history -a # save history
case $return in
fi
# run latest
install-my-scripts
- btrbk-run "$@" | pee cat "systemd-cat -t btrbk-run"
- $active && ser enable btrbk.timer
+ btrbk-run "$@" |& pee cat "systemd-cat -t btrbk-run"
+ if $active; then
+ ser enable btrbk.timer
+ fi
}
bfg() { java -jar /a/opt/bfg-1.12.14.jar "$@"; }
c /
# run latest
install-my-scripts
- switch-mail-host $1 $HOSTNAME | pee cat "systemd-cat -t switch-mail-host"
+ switch-mail-host pull $1 |& pee cat "systemd-cat -t switch-mail-host"
}
bpush() {
[[ $1 ]] || return 1
c /
# run latest
install-my-scripts
- switch-mail-host $HOSTNAME $1 | pee cat "systemd-cat -t switch-mail-host"
+ switch-mail-host push $1 |& pee cat "systemd-cat -t switch-mail-host"
}
lipush() {
# note, i had --delete-excluded, but that deletes all files in --exclude-from on
p=(/a/bin /a/exe /a/h /a/c /p/c/machine_specific/linode{,.hosts} /a/opt/{emacs,emacs-debianstable,mu})
a="-ahviSAXPH --specials --devices --delete --relative --exclude-from=/p/c/li-rsync-excludes"
ret=0
- m rsync $@ $a ${p[@]} /p/c/machine_specific/l2 root@l2.b8.nz:/ || ret=$?
- m rsync $@ $a ${p[@]} /p/c/machine_specific/li root@li.b8.nz:/ || ret=$?
- m rsync $@ -ahviSAXPH root@iankelling.org:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
+ m rsync "$@" $a ${p[@]} /p/c/machine_specific/l2 root@l2.b8.nz:/ || ret=$?
+ m rsync "$@" $a ${p[@]} /p/c/machine_specific/li root@li.b8.nz:/ || ret=$?
+ m rsync "$@" -ahviSAXPH root@iankelling.org:/a/h/proposed-comments/ /a/h/proposed-comments || ret=$?
return $ret
}
lipushnoe() { # noe = noemacs. for running faster.
- rsync $@ --delete-excluded -ahviSAXPH --specials --devices --delete --relative \
+ rsync "$@" --delete-excluded -ahviSAXPH --specials --devices --delete --relative \
--exclude-from=/p/c/li-rsync-excludes /a/bin /a/exe /a/h /a/c /p/c/machine_specific/li root@li:/
}
dup() {
local ran_d
ran_d=false
+ system-status _
case $PS1 in
*DISTRO-BEGIN!*|*DISTRO!*)
+ pushd /
/b/ds/distro-begin || return $?
+ popd
ran_d=true
;;&
*DISTRO-END!*|*DISTRO!*)
+ pushd
/b/ds/distro-end || return $?
+ popd
ran_d=true
;;&
*CONFLINK*)
firefox -P default "$@" >/dev/null 2>&1
}
-
gitian() {
git config user.email ian@iankelling.org
}
-
# at least in flidas, things rely on gpg being gpg1
gpg() {
command gpg2 "$@"
--suppress-cc=self "$@"
}
-
hstatus() {
# do git status on published repos.
c /a/bin/githtml
done
}
-
idea() {
/a/opt/idea-IC-163.7743.44/bin/idea.sh "$@" &r
}
+ilog() {
+ chan=${1:-#fsfsys}
+ # use * instead of -r since that does sorted order
+ ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/$chan && hr && for x in *; do echo \$x; cat \$x; hr; done" | less +G
+}
+
o() {
if type gvfs-open &> /dev/null ; then
gvfs-open "$@"
journalctl -n 10000 -f "$@" | jfilter
}
jr() { journalctl "$@" | jfilter | less ; }
-jrf() { journalctl -f "$@" | jfilter; }
+jrf() { journalctl -n 200 -f "$@" | jfilter; }
kff() { # keyboardio firmware flash
firefox /tmp/mdtest.html
}
-
-
mo() { xset dpms force off; } # monitor off
+myirc() {
+ chan=${1:-fsf-office}
+ # use * instead of -r since that does sorted order
+ ssh root@iankelling.org "cd /var/lib/znc/moddata/log/iank/freenode/#$chan; grep '\<iank.*' *"
+}
+
net-dev-info() {
e "lspci -nnk|gr -iA2 net"
lspci -nnk|gr -iA2 net
e "s lshw -C network"
hr
s lshw -C network
-
}
nk() {
resolvcat() {
local f
+ m s nscd -i hosts
f=/etc/resolv.conf
echo $f:; ccat $f
- hr; echo dnsmasq is $(systemctl is-active dnsmasq)
+ hr; m ser status dnsmasq | cat
+ hr; s ss -lpn 'sport = 53'
+ #hr; echo dnsmasq is $(systemctl is-active dnsmasq)
f=/var/run/dnsmasq/resolv.conf
hr; echo $f:; ccat $f
+ hr; m grr '^ *servers-file *=' /etc/dnsmasq.conf /etc/dnsmasq.d
f=/etc/dnsmasq-servers.conf
hr; echo $f:; ccat $f
}
+rcat() {
+ resolvcat | less
+}
# only run on MAIL_HOST. simpler to keep this on one system.
r2eadd() { # usage: name url
scss-lint -c /a/opt/thoughtbot-guides/style/sass/.scss-lint.yml "$@"
}
+skbrc() {
+ sk -e 2120,245 /b/ds/brc /b/ds/brc2
+}
+
skaraoke() {
local tmp out
out=${2:-${1%.*}.sh}
-[1246AaCfGgKkMNnqsTtVvXxYy])
args+=("$1"); shift
;;
- -[bcDEeFIiLlmOopQRSWw])
+ -[bcDEeFIiLlmOopQRSWw]*)
# -oOption etc is valid
if (( ${#1} >= 3 )); then
args+=("$1"); shift
else
dorsync=true
# use this weird yes thing to ensure we know ssh succeeded
- tmp=$(command ssh "${args[@]}" "$remote" "if test -e /a/bin/ds/.bashrc -a -L .bashrc; then echo yes; fi") || return
+ if ! tmp=$(command ssh "${args[@]}" "$remote" "if test -e /a/bin/ds/.bashrc -a -L .bashrc; then echo yes; fi"); then
+ echo failed sl test. doing plain ssh -v
+ command ssh -v "${args[@]}" "$remote"
+ fi
if [[ $tmp == yes ]]; then
type=a
else
type=b
fi
fi
+ if [[ $type == b ]] && $dorsync; then
+ if ! RSYNC_RSH="ssh ${args[*]}" rsync -rptL /b/ds/sl/.iank "$remote":; then
+ echo WARNING: rsync failed. remove $sshinfo to try again
+ fi
+ fi
if $dorsync || ! $haveinfo; then
sshinfo=/p/sshinfo/$now$type"$remote"
touch $sshinfo
fi
s systemctl stop $vpn_service@$1
}
-
-
+vpnoffc() { # vpn off client
+ ser stop openvpn-nn@client
+}
+vpnc() {
+ ser start openvpn-nn@client
+}
vspicy() { # usage: VIRSH_DOMAIN
if [[ $qlen != 0 ]]; then
printf "%s" $qlen
fi
-cd /var/mail
-find . -type f \! -empty -print -quit
+
+find /var/mail -type f \! -empty -print -quit
shopt -s dotglob
-for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org; do
+for h in tp.b8.nz vpn1 x2 x3.b8.nz frodo.b8.nz kd.b8.nz kw iankelling.org l2.b8.nz; do
if [[ $HOSTNAME == "${h%%.*}" ]]; then
continue
fi
s() { sudo "$@"; }
lnf() { /a/exe/lnf "$@"; }
-now=$(date +%s)
# error prone
#f=~/.local/conflink
# but I haven't looked at the symlinks.
# s rsync -n -ahviSAXPH --specials --devices --chown=root:root --chmod=g-s $fs /
# note, symlinks get resolved, not copied.
- if s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -dz -C / | grep /etc/systemd &>/dev/null; then
+ if s tar --anchored \
+ --exclude etc/dovecot/users \
+ --exclude etc/exim4/passwd \
+ --exclude etc/exim4/*.pem \
+ --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -dz -C / | grep /etc/systemd &>/dev/null; then
systemd_reload=true
fi
- s tar --mode=g-s --owner=0 --group=0 -cz -C $fs . | s tar -xz -C /
fi
if [[ -e $dir/subdir_files ]]; then
###### do conflink
# linode needs bind group before conflink
-if $linode; then
+if linode; then
pi-nostart bind9
fi
# this needs to be before installing pacserve so we have gpg conf.
set +x
err-allow
source /etc/profile.d/environment.sh
+export BRC=t
# shellcheck source=./.bashrc
source ~/.bashrc
err-catch
sudo rmmod evbug ||: # might not be loaded yet
file=/etc/modprobe.d/evbug.conf
line="blacklist evbug"
- if ! grep -xFq "$line" $file; then
+ if [[ $(cat $file) != $line ]]; then
sudo dd of=$file 2>/dev/null <<<"$line"
sudo depmod -a
sudo update-initramfs -u
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Origins-Pattern {
# default is just security updates. this list found from reading
- # match_whitelist_string() in `which unattended-upgrades`
+ # match_whitelist_string() in $(which unattended-upgrades)
"o=*,l=*,a=*,c=*,site=*,n=*";
};
EOF
###### begin website setup
case $HOSTNAME in
li|l2)
+ pi bind9
f=/var/lib/bind/db.b8.nz
if [[ ! -e $f ]]; then
ser stop bind9
fi
;;&
l2)
+ # setup let's encrypt cert
+ m web-conf apache2 l2.b8.nz
+ s rm -fv /etc/apache2/sites-enabled/l2.b8.nz{,-redir}.conf
+ ser reload apache2
+ s lnf -T /etc/letsencrypt/live/l2.b8.nz/fullchain.pem /etc/exim4/exim.crt
+ if [[ ! -L /etc/exim4/exim.key ]]; then
+ s lnf -T /etc/letsencrypt/live/l2.b8.nz/privkey.pem /etc/exim4/exim.key
+ mail-setup
+ fi
end
;;
li)
case $HOSTNAME in
- li) domain=iankelling.org ;;
+ li)
+ m /a/h/setup.sh iankelling.org
+ ;;
+ *)
+ # allow symlinks on other hosts so i can host files in arbitrary paths
+ m /a/h/setup.sh -s
+ ;;
esac
- m /a/h/setup.sh $domain
m /a/h/build.rb
# start mumble only when im going to use it, since i dont use it much
s useradd --create-home -d /var/lib/znc --system --shell /sbin/nologin --comment "Account to run ZNC daemon" --user-group znc || [[ $? == 9 ]] # 9 if it exists already
s chmod 700 /var/lib/znc
s chown -R znc:znc /var/lib/znc
- sd /etc/systemd/system/znc.service 2>/dev/null <<'EOF'
-[Unit]
-Description=ZNC, an advanced IRC bouncer
-After=network-online.target
-
-[Service]
-ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
-User=znc
-
-[Install]
-WantedBy=multi-user.target
-EOF
- ser daemon-reload
- # avoid restarting if possible, reconnecting to irc is annoying.
+ # Avoid restarting if possible, reconnecting to irc is annoying.
+ # The unit file was made active with conflink.
if [[ $(ser is-active znc) != active ]]; then
m sgo znc
fi
####### begin transmission
+case $HOSTNAME in
+ frodo)
+ tdir=/i/k
+ ;;
+ *)
+ tdir=/nocow/user
+ ;;
+esac
+
# adapted from /var/lib/dpkg/info/transmission-daemon.postinst
# 450 seems likely to be unused. we need to specify one or else
# it won't be stable across installs.
# plus a simple symlink to the config file which it\'s
# not worth separating out.
# between comps, the uid can change
-f=/i/transmission-daemon
+f=$tdir/transmission-daemon
+mkdir -p $f
s lnf -T $f /var/lib/transmission-daemon/.config/transmission-daemon
-if [[ -e $f ]]; then
- s chown -R debian-transmission:debian-transmission $f
-fi
-for f in /i/k/partial-torrents /i/k/torrents; do
+s lnf -T /etc/transmission-daemon/settings.json $f/settings.json
+s chown -R debian-transmission:debian-transmission $f
+for f in $tdir/partial-torrents $tdir/torrents; do
if [[ -e $f ]]; then
s chown -R debian-transmission:user2 $f
fi
#
# Changed the cache-size to 256 mb, reduces disk use.
# It is a read & write cache.
-#
-s ruby <<'EOF'
+s ruby <<EOF
require 'json'
p = '/etc/transmission-daemon/settings.json'
File.write(p, JSON.pretty_generate(JSON.parse(File.read(p)).merge({
'rpc-whitelist-enabled' => false,
'rpc-authentication-required' => false,
-'incomplete-dir' => '/i/k/partial-torrents',
+'incomplete-dir' => '$tdir/partial-torrents',
'incomplete-dir-enabled' => true,
-'download-dir' => '/i/k/torrents',
+'download-dir' => '$tdir/torrents',
"speed-limit-up" => 800,
"speed-limit-up-enabled" => true,
"peer-port" => 61486,
s -u $u dd of=$d/config.json <<EOF
{
"profiles" : [
- {
+ {
"profile-name" : "Default",
"hostname" : "transmission.b8.nz",
+
"rpc-url-path" : "/transmission/rpc",
"username" : "",
"password" : "$rpc_pass",
"update-interval" : 3,
"min-update-interval" : 3,
"session-update-interval" : 60,
- "exec-commands" : [
- ],
- "destinations" : [
- ]
- }
+ "exec-commands" : [],
+ "destinations" : []
+ },
+ {
+ "profile-name" : "local",
+ "hostname" : "10.173.0.2",
+
+ "username" : "",
+ "password" : "$rpc_pass",
+ "auto-connect" : true,
+ "ssl" : false,
+ "timeout" : 40,
+ "retries" : 3,
+ "update-active-only" : false,
+ "activeonly-fullsync-enabled" : false,
+ "activeonly-fullsync-every" : 2,
+ "update-interval" : 3,
+ "min-update-interval" : 3,
+ "session-update-interval" : 60,
+ "exec-commands" : [],
+ "destinations" : []
+ }
],
"profile-id" : 0,
"add-options-dialog" : false
f=/etc/NetworkManager/NetworkManager.conf
m=$(md5sum $f)
s sed -ri '/ *\[main\]/,/^ *\[[^]]+\]/{/^\s*dns[[:space:]=]/d}' $f
+s sed -ri '/ *\[main\]/a dns=default' $f
if [[ $m != $(md5sum $f) ]]; then
srestart NetworkManager
fi
# then based on whats in /run/dnsmasq/, i see we can run
# s resolvconf -d NetworkManager
# oh ya, and stoping NetworkManager leaves this crap behind without cleaning it up.
-ser stop NetworkManager
ser disable NetworkManager
*/10 * * * * iank rootsshsync |& log-once -15 rootsshsync
# this goes into bash prompt, does in cron for more efficient shell
* * * * * iank system-status |& log-once system-status
-2 * * * * iank check-remote-mailqs |& log-once check-remote-mailqs
-# If theres any logged errors we didnt handle in 3 days, maybe we accidentally missed them,
+# If theres any logged errors we didnt handle in 4 days, maybe we accidentally missed them,
# so report if we did
-4 9 * * 5 root find /var/local/cron-errors /home/iank/cron-errors -type f -mtime +3
+4 9 * * 5 root find /var/local/cron-errors /home/iank/cron-errors -type f -mtime +4
+++ /dev/null
-#!/bin/bash
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-if [[ $EUID != 1000 ]]; then
- echo "$0: error run as normal user" >&2
- exit 1
-fi
-
-cd /m/md/l/testignore/new
-shopt -s nullglob
-
-# we run this cronjob along with sending the test email every 10
-# minutes, so give it 2 minutes to arrive, then if there is an email at
-# least 23 minutes old, the last 2 test emails have failed.
-if [[ ! $1 && $- != *i* ]]; then
- sleep 120
-fi
-
-last_sec=0
-for file in *; do
- if [[ $file -nt $latest ]]; then
- latest=$file
- fi
-done
-
-if [[ $latest ]]; then
- last_sec=$(awk '/^Subject: / {print $3}' $latest)
-fi
-
-now=$(date +%s)
-limit=$(( now - 60 * 23 ))
-
-if (( last_sec <= limit )); then
- echo $HOSTNAME mailtest failure
- touch /nocow/user/mailtest-failure
-else
- rm -f /nocow/user/mailtest-failure
-fi
-
-find . -type f -mtime +1 -delete
cmd="$s /usr/sbin/checkrestart -p"
if [[ $($cmd | sed '/^Found 0 processes using old versions of upgraded files$/d' | wc -l) != 0 ]]; then
$cmd
- echo "with -v:"
- $cmd -v
fi
hn=$(hostname -f)
source /a/bin/bash_unpublished/source-state
-if [[ $HOSTNAME == "$MAIL_HOST" || $hn == li.b8.nz ]]; then
- exit 0
-fi
l() {
"$@" |& systemd-cat -t myupgrade
}
-l /a/bin/buildscripts/tor-browser
-l /a/bin/buildscripts/go
l /a/bin/buildscripts/rust
-l /a/bin/buildscripts/misc
+
+has_x=false
+for pkg in xorg wayland; do
+ if dpkg -s -- $x |& grep -Fx "Status: install ok installed" &> /dev/null; then
+ has_x=true
+ break
+ fi
+done
+
+if $has_x; then
+ l /a/bin/buildscripts/tor-browser
+ l /a/bin/buildscripts/misc
+fi
+
+
+source /a/bin/distro-setup/path-add-function
+export GOPATH=$HOME/go
+path-add $GOPATH/bin
+path-add /usr/local/go/bin
+l /a/bin/buildscripts/go
l go get -u mvdan.cc/fdroidcl
cmd="sudo /usr/sbin/checkrestart -p"
$cmd -v | pee cat "wall -n"
fi
+# no automatic reboot for these hosts
+if [[ $HOSTNAME == "$MAIL_HOST" || $hn == li.b8.nz ]]; then
+ exit 0
+fi
+
if [[ -s /var/log/checkrestart.log ]]; then
for x in {30..1}; do
- echo "pid $PID. unattended upgrade, rebooting in $((x*10)) seconds" | wall -n
+ echo "pid $PID. unattended upgrade, rebooting in $((x*10)) seconds" | sudo wall -n
sleep 10
done
for x in {30..1}; do
if ! fuser /var/lib/dpkg/lock &> /dev/null; then
- echo "pid $PID. unattended upgrade, rebooting now" | pee cat "wall -n"
+ echo "pid $PID. unattended upgrade, rebooting now" | pee cat "sudo wall -n"
sudo /sbin/reboot
exit 0
fi
- echo "pid $PID. unattended upgrade reboot waiting 10 seconds for dpkg lock" | wall -n
+ echo "pid $PID. unattended upgrade reboot waiting 10 seconds for dpkg lock" | sudo wall -n
sleep 10
done
- echo "pid $PID. dpkg locked for 5 minutes, automatic reboot failed" | pee cat "wall -n"
+ echo "pid $PID. dpkg locked for 5 minutes, automatic reboot failed" | pee cat "sudo wall -n"
fi
if ! echo | /a/exe/cedit fsf /etc/dnsmasq-servers.conf; then
if systemctl is-active dnsmasq >/dev/null; then
+ nscd -i hosts
systemctl reload dnsmasq
fi
fi
shopt -s nullglob
shopt -s extglob
+cd /a/exe
+declare -A existing
+for f in *; do
+ existing[$f]=t
+done
cd /a/bin
-# if we didn't have just automated files, we could cleanup
-# links to not executable files.
-e rm -rf /a/exe
# sourcing instead of calling script changes runtime from .47s to .36s
source /a/bin/lnf/lnf >/dev/null ||:
-for x in !(unused|unfinished|queue|bash-template|buildscripts|crons|data|examples|log-quiet); do
- [[ -e $x/.git ]] || continue
- for y in $x/*; do
- if [[ -x $y && ! -d $y ]]; then
- lnf -v /a/bin/$y /a/exe
- fi
- done
+for x in !(unused|distro-setup|unfinished|queue|bash-template|buildscripts|crons|data|examples|log-quiet); do
+ [[ -e $x/.git ]] || continue
+ for y in $x/*; do
+ f=${y##*/}
+ if [[ -x $y && ! -d $y ]]; then
+ unset "existing[$f]"
+ lnf -v /a/bin/$y /a/exe
+ fi
+ done
done
-
for x in *; do
- if [[ ! -d $x && -x $x ]]; then
- lnf -v /a/bin/$x /a/exe
- fi
+ if [[ ! -d $x && -x $x ]]; then
+ unset "existing[$x]"
+ lnf -v /a/bin/$x /a/exe
+ fi
done
+cd /a/exe
+for f in ${!existing[@]}; do
+ echo want to do rm -fv $f
+done
+
+
+
# things we don't want to run in /a, because
# they are long running and could get in the way of
# btrfs remounting
-/a/bin/distro-setup/install-my-scripts
-/a/bin/log-quiet/setup
+e /a/bin/distro-setup/install-my-scripts
# ran. Very strange, dunno why, but rsync won't do anything unless these
# changed, so that should fix it.
rsync -t --chmod=755 --chown=root:root /a/bin/log-quiet/log-once switch-mail-host btrbk-run mount-latest-subvol \
- check-subvol-stale /usr/local/bin
+ check-subvol-stale system-status /usr/local/bin
rsync -t --chmod=755 --chown=root:root /a/bin/errhandle/err /usr/local/lib
--- /dev/null
+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
+User=znc
+
+[Install]
+WantedBy=multi-user.target
e() { printf "$pre %s\n" "$*"; }
err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; }
-
-# TODO: copy dkim keys from within this file. its now done in conflink.
-# TODO: fix dkim key to b chmod 640, group Debian-exim
+shopt -s nullglob
if [[ -s /usr/local/lib/err ]]; then
source /usr/local/lib/err
Usage: ${0##*/}
Setup exim4 & dovecot & related things
-The minimal assumption we have is that /etc/mailpass exists
-
-
-h|--help Print help and exit.
EOF
exit $1
# background: ovecot does not yet have ocsp stapling support
# reference: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
#
-# for phone, same thing but username alerts, pass in ivy-pass.
+# for phone, k9mail, same thing but username alerts, pass in ivy-pass.
+# also, l2.b8.nz for secondary alerts
+# fetching mail settings: folder poll frequency 10 minutes
#######
# # for hosts which have all private files I just use the same user
# # for other hosts, each one get\'s their own password.
# # for generating secure pass, and storing for server too:
-# # user=USUALLY_SAME_AS_HOSTNAME
-# user=li
# f=$(mktemp)
+# I use $HOSTNAME as username
# apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
-# s sed -i "/^$user:/d" /p/c/filesystem/etc/exim4/passwd
-# echo "$user:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
-# # todo: port is no longer used in mailpass, remove it.
-# echo "mail.iankelling.org 587 $user:$(<$f)" >> /p/c/machine_specific/$user/filesystem/etc/mailpass
-# # then run this script, or part of it which uses /etc/mailpass
+# s sed -i "/^$HOSTNAME:/d" /p/c/filesystem/etc/exim4/passwd
+# echo "$HOSTNAME:$(mkpasswd -m sha-512 -s <$f)" >>/p/c/filesystem/etc/exim4/passwd
+# reference: exim4_passwd_client(5)
+# echo "mail.iankelling.org:$HOSTNAME:$(<$f)" > /p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+# # then run this script
# # dovecot password, i just need 1 as I\'m the only user
# mkdir /p/c/filesystem/etc/dovecot
# echo "iank:$(doveadm pw -s ssha256)::::::" >>/p/c/filesystem/etc/dovecot/users
-# conflink
-
-
-# # for ad-hoc testing of some random new host sending mail:
-# user=li # client host username & hostname
-# f=$(mktemp)
-# apg -m 50 -x 70 -n 1 -a 1 -M CLN >$f
-# s sed -i "/^$user:/d" /etc/exim4/passwd
-# echo "$user:$(mkpasswd -m sha-512 -s <$f)" | s tee -a /etc/exim4/passwd
-# echo "mail.iankelling.org:$user:$(<$f)" | ssh root@$user dd of=/etc/exim4/passwd.client
####### end perstent password instructions ######
# # lines 2+: append to hold space
# echo "txt record contents:"
# echo "v=DKIM1; k=rsa; p=$(sed -n '${x;s/\n//gp};2,$H' $domain.pem)"
-# chmod 644 $domain.pem
-# chmod 640 $domain-private.pem
-# # in conflink, we chown these to group debian
-# conflink
# # selector was also put into /etc/exim4/conf.d/main/000_local,
-# # via the mail-setup scripts
# # 2017-02 dmarc policies:
# # host -t txt _dmarc.gmail.com
# * functions constants
e() { printf "%s\n" "$*"; }
-pi() { # package install
+pi() { # package install without starting daemons
local f
if dpkg -s -- "$@" &> /dev/null; then
return 0;
if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
m apt-get update
fi
- DEBIAN_FRONTEND=noninteractive m apt-get -y install --purge --auto-remove "$@"
+ f=/usr/sbin/policy-rc.d
+ dd of=$f 2>/dev/null <<EOF
+#!/bin/sh
+exit 101
+EOF
+ chmod +x $f
+ ret=
+ DEBIAN_FRONTEND=noninteractive m apt-get -y install --purge --auto-remove "$@" || ret=$?
+ rm $f
+ if [[ $ret ]]; then
+ err-exit $ret "failed apt-get install above"
+ fi
}
postmaster=alerts
uhome=$(eval echo ~$u)
### * user forward file
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- # afaik, these will get ignored because they are routing to my own
- # machine, but rm them is safer
- rm -fv $uhome/.forward /root/.forward
-else
- # this can\'t be a symlink and has permission restrictions
- # it might work in /etc/aliases, but this seems more proper.
- e setting $uhome/.forward to $forward
- install -m 644 {-o,-g}$u <(e $forward) $uhome/.forward
-fi
+
+case $HOSTNAME in
+ $MAIL_HOST|l2)
+ # afaik, these will get ignored on MAIL_HOST because they are routing to my own
+ # machine, but rm them is safer
+ rm -fv $uhome/.forward /root/.forward
+ ;;
+ *)
+ # this can\'t be a symlink and has permission restrictions
+ # it might work in /etc/aliases, but this seems more proper.
+ e setting $uhome/.forward to $forward
+ install -m 644 {-o,-g}$u <(e $forward) $uhome/.forward
+ ;;
+esac
# * Mail clean cronjob
# local mail that bounces goes to /Maildir or /root/Maildir
dirs=(/m/md/bounces/{cur,tmp,new})
m mkdir -p ${dirs[@]}
+m chown iank:iank /m /m/md
+m ln -sfT /m/md /m/iank
+m chmod 700 /m /m/md
m chown -R $u:Debian-exim /m/md/bounces
m chmod 775 ${dirs[@]}
m usermod -a -G Debian-exim $u
done
-### begin setup passwd.client
-f=/etc/exim4/passwd.client
-rm -fv /etc/exim4/passwd.client
-m install -m 640 -g Debian-exim /dev/null $f
-while read -r domain _ pass; do
- # reference: exim4_passwd_client(5)
- printf "%s:%s\n" "$domain" "$pass" >>$f
-done </etc/mailpass
-### end setup passwd.client
-
# by default, only 10 days of logs are kept. increase that.
m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
# when doing mail redelivery to invoke filters. Also allows
# me exiqgrep and stuff.
MAIN_TRUSTED_GROUPS = $u
+
+# default is 10. when exim has been down for a bit, fsf mailserver
+# will do a big send in one connection, then exim decides to put
+# the messages in the queue instead of delivering them, to avoid
+# spawning too many delivery processes. Pretty sure my system
+# can handle a lot more, but lets go with this.
+smtp_accept_queue_per_connection = 100
+
+
+DKIM_CANON = relaxed
+DKIM_SELECTOR = li
+
+# from comments in
+# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
+
+# The file is based on the outgoing domain-name in the from-header.
+DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
+# sign if key exists
+DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
+
+# most of the ones that gmail seems to use.
+# Exim has horrible default of signing unincluded
+# list- headers since they got mentioned in an
+# rfc, but this messes up mailing lists, like gnu/debian which want to
+# keep your dkim signature intact but add list- headers.
+DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
EOF
rm -fv /etc/exim4/rcpt_local_acl # old path
dc_mailname_in_oh='true'
EOF
-# * if MAIL_HOST
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- # ** dovecot
- ####### begin dovecot setup ########
+
+# ** dovecot
+dovecot-setup() {
# based on a little google and package search, just the dovecot
# packages we need instead of dovecot-common.
#
# internet. I was torn about whether to do this or not, meh.
pi dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
+ for f in /p/c{/machine_specific/$HOSTNAME,}/filesystem/etc/dovecot/users; do
+ e $f
+ if [[ -e $f ]]; then
+ m sudo rsync -ahhi --chown=root:dovecot --chmod=0640 $f /etc/dovecot/
+ break
+ fi
+ done
for f in /p/c/subdir_files/sieve/*sieve /a/c/subdir_files/sieve/*sieve; do
m sudo -u $u /a/exe/lnf -T $f $uhome/sieve/${f##*/}
done
- # if we changed 90-sieve.conf and removed the active part of the
+ # If we changed 90-sieve.conf and removed the active part of the
# sieve option, we wouldn\'t need this, but I\'d rather not modify a
# default config if not needed. This won\'t work as a symlink in /a/c
# unfortunately.
- m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+ if [[ -e $uhome/sieve/personal.sieve ]]; then
+ m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
+ fi
# we set this later in local.conf
sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
# ian: added this, more secure, per google etc
ssl_prefer_server_ciphers = yes
-
+# ian: %u is used for alerts user vs iank
mail_location = maildir:/m/%u:LAYOUT=fs:INBOX=/m/%u/INBOX
mail_uid = $u
mail_gid = $u
# auth_verbose=yes
#mail_debug=yes
EOF
- ####### end dovecot setup ########
+ ####### end dovecot-setup ########
+}
+
+
+
+# * if MAIL_HOST
+case $HOSTNAME in
+ $MAIL_HOST)
+ dovecot-setup
+
+ # ** exim
+
+ sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 \
+ /p/c/filesystem/etc/exim4/passwd /p/c/filesystem/etc/exim4/*.pem /etc/exim4/
- # ** exim
- # mail.iankelling.org so local imap clients can connect with tls and
- # when they happen to not be local.
- sed -ri -f - /etc/hosts <<'EOF'
+ # mail.iankelling.org so local imap clients can connect with tls and
+ # when they happen to not be local.
+ sed -ri -f - /etc/hosts <<'EOF'
/^127\.0\.1\.1.* mail\.iankelling\.org\b/{p;d}
/^127\.0\.1\.1 /s/ *$/ mail.iankelling.org/
EOF
- /a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
+ /a/exe/cedit mail /etc/dnsmasq-servers.conf <<'EOF' || [[ $? == 1 ]]
server=/mail.iankelling.org/127.0.1.1
EOF
- if systemctl is-active dnsmasq >/dev/null; then
- m systemctl reload dnsmasq
- fi
+ if systemctl is-active dnsmasq >/dev/null; then
+ m systemctl reload dnsmasq
+ m nscd -i hosts
+ fi
- # I used to use debconf-set-selections + dpkg-reconfigure,
- # which then updates this file
- # but the process is slower than updating it directly and then I want to set other things in
- # update-exim4.conf.conf, so there's no point.
- # The file is documented in man update-exim4.conf,
- # except the man page is not perfect, read the bash script to be sure about things.
+ # I used to use debconf-set-selections + dpkg-reconfigure,
+ # which then updates this file
+ # but the process is slower than updating it directly and then I want to set other things in
+ # update-exim4.conf.conf, so there's no point.
+ # The file is documented in man update-exim4.conf,
+ # except the man page is not perfect, read the bash script to be sure about things.
- # The debconf questions output is additional documentation that is not
- # easily accessible, but super long, along with the initial default comment in this
- # file, so I've saved that into ./mail-notes.conf.
+ # The debconf questions output is additional documentation that is not
+ # easily accessible, but super long, along with the initial default comment in this
+ # file, so I've saved that into ./mail-notes.conf.
- cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
# note: some things we don't set that are here by default because they are unused.
dc_eximconfig_configtype='internet'
-# man page: is used to build the local_domains list, together with “localhost”
+# man page: is used to build the local_domains list, together with "localhost"
# iank.bid is for testing
# mail.iankelling.org is for machines i own
dc_other_hostnames='*.iankelling.org;iankelling.org;*iank.bid;iank.bid;*zroe.org;zroe.org;*.b8.nz;b8.nz'
# because this machine serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS.
# todo: we should not accept from anywhere, only the mx for fsf.
dc_relay_domains='*.fsf.org;fsf.org'
+dc_localdelivery='dovecot_lmtp'
EOF
- # the debconf output about mailname is as follows:
- # The 'mail name' is the domain name used to 'qualify' mail addresses without a domain
- # name.
- # This name will also be used by other programs. It should be the single, fully
- # qualified domain name (FQDN).
- # Thus, if a mail address on the local host is foo@example.org, the correct value for
- # this option would be example.org.
- # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
+ # the debconf output about mailname is as follows:
+ # The 'mail name' is the domain name used to 'qualify' mail addresses without a domain
+ # name.
+ # This name will also be used by other programs. It should be the single, fully
+ # qualified domain name (FQDN).
+ # Thus, if a mail address on the local host is foo@example.org, the correct value for
+ # this option would be example.org.
+ # This name won\'t appear on From: lines of outgoing messages if rewriting is enabled.
- echo mail.iankelling.org > /etc/mailname
+ echo mail.iankelling.org > /etc/mailname
- # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
- # smarthost config type, not sure. all other settings
- # would be unused in that config type.
- cat >>/etc/exim4/conf.d/main/000_local <<EOF
+ # MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
+ # smarthost config type, not sure. all other settings
+ # would be unused in that config type.
+ cat >>/etc/exim4/conf.d/main/000_local <<EOF
# enable 587 in addition to the default 25, so that
# i can send mail where port 25 is firewalled by isp
daemon_smtp_ports = 25 : 587
-DKIM_CANON = relaxed
-DKIM_SELECTOR = li
-
-# from comments in
-# https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
-
-# The file is based on the outgoing domain-name in the from-header.
-DKIM_DOMAIN = \${lc:\${domain:\$h_from:}}
-# sign if key exists
-DKIM_PRIVATE_KEY= \${if exists{/etc/exim4/\${dkim_domain}-private.pem} {/etc/exim4/\${dkim_domain}-private.pem}}
# failing message on mail-tester.com:
# Seems logical for this to be the same as mailname.
MAIN_HARDCODE_PRIMARY_HOSTNAME = mail.iankelling.org
-LOCAL_DELIVERY = dovecot_lmtp
-
# options exim has to avoid having to alter the default config files
CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/conf.d/rcpt_local_acl
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/data_local_acl
-# most of the ones that gmail seems to use.
-# Exim has horrible default of signing unincluded
-# list- headers since they got mentioned in an
-# rfc, but this messes up mailing lists, like gnu/debian which want to
-# keep your dkim signature intact but add list- headers.
-DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
# recommended if dns is expected to work
CHECK_RCPT_VERIFY_SENDER = true
#dmarc_tld_file = /etc/public_suffix_list.dat
EOF
- f=/etc/cron.daily/refresh-dmarc-tld-file
- cat >$f <<'EOF'
+ f=/etc/cron.daily/refresh-dmarc-tld-file
+ cat >$f <<'EOF'
#!/bin/bash
cd /etc
wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
EOF
- m chmod 755 $f
+ m chmod 755 $f
- sed -i --follow-symlinks -f - /etc/aliases <<EOF
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
\$a root: $postmaster
/^root:/d
EOF
- # https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
- d=/etc/systemd/system/openvpn@mail.service.d
- m mkdir -p $d
- cat >$d/override.conf <<'EOF'
+ # https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
+ d=/etc/systemd/system/openvpn@mail.service.d
+ m mkdir -p $d
+ cat >$d/override.conf <<'EOF'
[Service]
Restart=always
# time to sleep before restarting a service
# StartLimitIntervalSec in recent systemd versions
StartLimitInterval=0
EOF
- if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
- # needed for the above config to go into effect
- m systemctl daemon-reexec
- fi
-
+ if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
+ # needed for the above config to go into effect
+ m systemctl daemon-reexec
+ fi
- m systemctl enable mailclean.timer
- m systemctl start mailclean.timer
- m systemctl restart $vpn_ser@mail
- m systemctl enable $vpn_ser@mail
- m systemctl enable dovecot
- m systemctl restart dovecot
+ m systemctl enable mailclean.timer
+ m systemctl start mailclean.timer
+ m systemctl restart $vpn_ser@mail
+ m systemctl enable $vpn_ser@mail
+ m systemctl enable dovecot
+ m systemctl restart dovecot
+ ;;
# * not MAIL_HOST
-else # $HOSTNAME != $MAIL_HOST
- # remove mail. 2 lines to properly remove whitespace
- sed -ri -f - /etc/hosts <<'EOF'
+ *) # $HOSTNAME != $MAIL_HOST
+ # remove mail. 2 lines to properly remove whitespace
+ sed -ri -f - /etc/hosts <<'EOF'
s#^(127\.0\.1\.1 .*) +mail\.iankelling\.org$#\1#
s#^(127\.0\.1\.1 .*)mail\.iankelling\.org +(.*)#\1\2#
EOF
- echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
- if systemctl is-active dnsmasq >/dev/null; then
- m systemctl reload dnsmasq
- fi
+ echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
+ if systemctl is-active dnsmasq >/dev/null; then
+ m nscd -i hosts
+ m systemctl reload dnsmasq
+ fi
- m systemctl disable mailclean.timer &>/dev/null ||:
- m systemctl stop mailclean.timer &>/dev/null ||:
- m systemctl disable $vpn_ser@mail
- m systemctl stop $vpn_ser@mail
- m systemctl disable dovecot ||:
- m systemctl stop dovecot ||:
- #
- #
- # would only exist because I wrote it i the previous condition,
- # it\'s not part of exim
- rm -fv /etc/exim4/conf.d/main/000_localmacros
- cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+ m systemctl disable mailclean.timer &>/dev/null ||:
+ m systemctl stop mailclean.timer &>/dev/null ||:
+ m systemctl disable $vpn_ser@mail
+ m systemctl stop $vpn_ser@mail
+ #
+ #
+ # would only exist because I wrote it i the previous condition,
+ # it\'s not part of exim
+ rm -fv /etc/exim4/conf.d/main/000_localmacros
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
dc_eximconfig_configtype='smarthost'
dc_smarthost='$smarthost'
# The manpage incorrectly states this will do header rewriting, but
# that only happens if we have dc_hide_mailname is set.
dc_readhost='iankelling.org'
-# Only used in case of bounces.
-dc_localdelivery='maildir_home'
EOF
- hostname -f >/etc/mailname
+ hostname -f >/etc/mailname
- # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
- # is no good.
- sed -i --follow-symlinks -f - /etc/aliases <<EOF
-\$a root: root@mail.iankelling.org
+ ;;&
+ ## we use this host to monitor MAIL_HOST
+ l2)
+ dovecot-setup
+ m systemctl enable dovecot
+ m systemctl restart dovecot
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# man page: is used to build the local_domains list, together with "localhost"
+# mail.iankelling.org is for machines i own
+dc_other_hostnames='l2.b8.nz'
+dc_localdelivery='dovecot_lmtp'
+EOF
+ # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
+ # is no good.
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: iank
/^root:/d
EOF
+ ;;
+ *)
+
+ f=/p/c/filesystem/etc/exim4/passwd.client
+ if [[ ! -e $f ]]; then
+ f=/p/c/machine_specific/$HOSTNAME/filesystem/etc/exim4/passwd.client
+ fi
+ sudo rsync -ahhi --chown=root:Debian-exim --chmod=0640 $f /etc/exim4/
-fi # end $HOSTNAME != $MAIL_HOST
+ # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
+ # is no good.
+ sed -i --follow-symlinks -f - /etc/aliases <<EOF
+\$a root: root@mail.iankelling.org
+/^root:/d
+EOF
+ cat >>/etc/exim4/update-exim4.conf.conf <<EOF
+# Only used in case of bounces.
+dc_localdelivery='maildir_home'
+EOF
+ m systemctl disable dovecot ||:
+ m systemctl stop dovecot ||:
+ ;;
+esac # end $HOSTNAME != $MAIL_HOST
# * spool dir setup
# i have the spool directory be common to distro multi-boot, so
# we need the uid to be the same. 608 cuz it's kind of in the middle
# of the free system uids.
-IFS=:; read _ _ uid _ < <(getent passwd Debian-exim ||:) ||:; unset IFS
-IFS=:; read _ _ gid _ < <(getent group Debian-exim ||:) ||:; unset IFS
+IFS=:; read -r _ _ uid _ < <(getent passwd Debian-exim ||:) ||:; unset IFS
+IFS=:; read -r _ _ gid _ < <(getent group Debian-exim ||:) ||:; unset IFS
if [[ ! $uid ]]; then
# from /var/lib/dpkg/info/exim4-base.postinst, plus uid and gid options
m adduser --uid 608 --system --group --quiet --home /var/spool/exim4 \
- --no-create-home --disabled-login --force-badname Debian-exim
+ --no-create-home --disabled-login --force-badname Debian-exim
elif [[ $uid != 608 ]]; then
m systemctl stop exim4 ||:
m usermod -u 608 Debian-exim
# * mail monitoring / testing
-if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- fname=send-test-forward
- f=/usr/local/bin/$fname
- cat >$f <<'EOFOUTER'
-#!/bin/bash
-/usr/sbin/exim -t <<EOF
-From: ian@iankelling.org
-To: iank@posteo.de
-Subject: primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)
-
-eom
-EOF
-EOFOUTER
- m chmod +x $f
- cat >/etc/cron.d/mailtest <<EOF
+case $HOSTNAME in
+ $MAIL_HOST|l2)
+ # note: cronjob "ian" also does some important monitoring
+ cat >/etc/cron.d/mailtest <<EOF
SHELL=/bin/bash
PATH=/usr/bin:/bin:/usr/local/bin
-# running as user just because no need to run as root
-*/10 * * * * $u $fname |& log-once send-test-forward
-*/10 * * * * $u mailtest-check |& log-once -1 mailtest-check
+*/5 * * * * $u send-test-forward |& log-once send-test-forward
*/10 * * * * root chmod -R g+rw /m/md/bounces |& log-once -1 bounces-chmod
EOF
- m cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
-else
- rm -fv /etc/cron.d/mailtest
-fi
+ ;;&
+ $MAIL_HOST)
+ test_from=ian@iankelling.org
+ test_to=iank@posteo.de
+
+ cat >>/etc/cron.d/mailtest <<EOF
+*/5 * * * * $u mailtest-check |& log-once -1 mailtest-check
+2 * * * * $u check-remote-mailqs |& log-once check-remote-mailqs
+EOF
+ m sudo rsync -ahhi --chown=root:root --chmod=0755 \
+ /b/ds/mailtest-check /b/ds/check-remote-mailqs /usr/local/bin/
+ ;;&
+ l2)
+ test_from=iank@l2.b8.nz
+ test_to=testignore@iankelling.org
+ ;;&
+ $MAIL_HOST|l2)
+ cat >/usr/local/bin/send-test-forward <<EOFOUTER
+#!/bin/bash
+/usr/sbin/exim -t <<EOF
+From: $test_from
+To: $test_to
+Subject: primary_test \$(date +%s) \$(date +%Y-%m-%dT%H:%M:%S%z)
+eom
+EOF
+EOFOUTER
+ m chmod +x /usr/local/bin/send-test-forward
+ ;;
+ *)
+ rm -fv /etc/cron.d/mailtest
+ ;;
+esac
-# * Radicale
-# MAIL_HOST also does radicale, and easier to start and stop it here
-# for when MAIL_HOST changes, so radicale gets the synced files and
-# does not stop us from remounting /o.
-if dpkg -s radicale &>/dev/null; then
- if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
- m systemctl restart radicale
- m systemctl enable radicale
- if [[ -e /etc/logrotate.d/radicale.disabled ]]; then
- m mv /etc/logrotate.d/radicale{.disabled,}
- fi
- else
- m systemctl stop radicale
- m systemctl disable radicale
- # weekly logrotate tries to restart radicale even if it's a disabled service in flidas.
- if [[ -e /etc/logrotate.d/radicale ]]; then
- m mv /etc/logrotate.d/radicale{,.disabled}
- fi
- fi
-fi
# * misc
m sudo -u $u ln -sf -T /m/.mu /home/$u/.mu
--- /dev/null
+#!/bin/bash
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+if [[ $EUID != 1000 ]]; then
+ echo "$0: error run as normal user" >&2
+ exit 1
+fi
+
+shopt -s nullglob
+
+
+# We run this cronjob along with sending the test email every 5 minutes,
+# so give it 1 minute to arrive, then if the latest email is older than
+# 7 minutes, the last 2 haven't arrived in a reasonable amount of time.
+min_limit=7
+
+if [[ ! $1 && $- != *i* ]]; then
+ sleep 60
+fi
+
+
+folders=(/m/md/l/testignore{,2}/new)
+find ${folders[@]} -type f -mtime +1 -delete
+
+for folder in ${folders[@]}; do
+ cd $folder
+ last_sec=0
+ for file in *; do
+ if [[ $file -nt $latest ]]; then
+ latest=$file
+ fi
+ done
+
+ if [[ $latest ]]; then
+ last_sec=$(awk '/^Subject: / {print $3}' $latest)
+ fi
+
+ now=$(date +%s)
+ limit=$(( now - 60 * min_limit ))
+
+ if (( last_sec <= limit )); then
+ echo $HOSTNAME mailtest failure
+ touch /nocow/user/mailtest-failure
+ break
+ else
+ rm -f /nocow/user/mailtest-failure
+ fi
+done
if m umount -R $dir; then
unmounted+=($dir)
else
- if ! kill-dir TERM TERM TERM INT INT HUP HUP; then
+ if ! kill-dir TERM TERM TERM INT INT HUP HUP TERM TERM TERM INT INT HUP HUP; then
if $force; then kill-dir KILL; fi
fi
if [[ $1 ]]; then
new_host=$1
+ if [[ $new_host == localhost ]]; then
+ new_host=$HOSTNAME
+ fi
m sed -ri "s/MAIL_HOST=.*/MAIL_HOST=$new_host/" /a/bin/bash_unpublished/source-state
source /a/bin/bash_unpublished/source-state
fi
# done
fi
+if dpkg -s radicale &>/dev/null; then
+ if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
+ m sudo systemctl restart radicale
+ m sudo systemctl enable radicale
+ if [[ -e /etc/logrotate.d/radicale.disabled ]]; then
+ m sudo mv /etc/logrotate.d/radicale{.disabled,}
+ fi
+ else
+ m sudo systemctl stop radicale
+ m sudo systemctl disable radicale
+ # weekly logrotate tries to restart radicale even if it's a disabled service in flidas.
+ if [[ -e /etc/logrotate.d/radicale ]]; then
+ m sudo mv /etc/logrotate.d/radicale{,.disabled}
+ fi
+ fi
+fi
+
m /a/exe/mail-setup
exit 0
:
keyserver hkp://keys.gnupg.net
#keyserver hkp://keyserver.ubuntu.com
#keyserver hkp://keyring.debian.org
+keyserver keyserver.ubuntu.com
# more secure hkps, but had problems with my gpg version
#keyserver hkps://hkps.pool.sks-keyservers.net
header :contains "list-id" "<gvc.gnu.org>",
header :contains "list-id" "<discuss.blu.org>",
header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
+ header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
header :contains "list-id" "<info-gnu.gnu.org>",
header :contains "from" "<general-info@artisansasylum.com>",
header :contains "list-id" "<gvc.gnu.org>",
header :contains "list-id" "<discuss.blu.org>",
header :contains "list-id" "<Spdx-tech.lists.spdx.org>",
+ header :contains "list-id" "<gnu-misc-discuss.gnu.org>",
header :contains "list-id" "<Spdx-legal.lists.spdx.org>",
header :contains "list-id" "<info-gnu.gnu.org>",
header :contains "from" "<general-info@artisansasylum.com>",
usage() {
cat <<EOF
-Usage: ${0##*/} OLD_HOST NEW_HOST
+Usage: ${0##*/} push|pull HOST
Turn off mail receiving on OLD_HOST, run btrbk to move mail to NEW_HOST,
turn on mail receiving on NEW_HOST. Assumes we want to move all
restore_old_btrbk=false
cleanup() {
if $restore_new_btrbk; then
- m $new_shell sudo systemctl start btrbk.timer
+ e WARNING: due to failure, btrbk.timer may need manual restoration:
+ e $new_shell sudo systemctl start btrbk.timer
fi
if $restore_old_btrbk; then
- m $old_shell sudo systemctl start btrbk.timer
+ e WARNING: due to failure, btrbk.timer may need manual restoration:
+ e $old_shell sudo systemctl start btrbk.timer
fi
}
-_errcatch_cleanup=cleanup # used by sourced err
-
+b
pre="${0##*/}:"
m() { printf "$pre %s\n" "$*"; "$@"; }
e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
##### begin command line parsing ########
(( $# == 2 )) || usage 1
-old_host=$1
-new_host=$2
+
+case $1 in
+ push)
+ new_host=$2
+ bbk_args="-s $old_host"
+ new_shell="ssh $new_host"
+ old_host=$HOSTNAME
+ ;;
+ pull)
+ old_host=$2
+ bbk_args="-t $new_host"
+ bbk_args="-s $old_host"
+ new_host=$HOSTNAME
+ old_shell="ssh $old_host"
+ ;;
+ *)
+ err invalid first argument
+ exit 1
+ ;;
+esac
+
+
source /a/bin/bash_unpublished/source-state
if [[ $old_host != "$MAIL_HOST" ]]; then
fi
fi
-if [[ $new_host == "$HOSTNAME" ]]; then
- localhost_new=true
- new_shell=
-else
- localhost_new=false
- new_shell="ssh $new_host"
-fi
-
-old_shell="ssh $old_host"
-if [[ $old_host == "$HOSTNAME" ]]; then
- old_shell=
-fi
-
if [[ ! $new_host || ! $old_host ]]; then
echo "$0: bad args. see script"
exit 1
if $new_shell systemctl is-active btrbk.timer; then
m $new_shell sudo systemctl stop btrbk.timer
+ _errcatch_cleanup=cleanup
restore_new_btrbk=true
fi
if $old_shell systemctl is-active btrbk.timer; then
m $old_shell sudo systemctl stop btrbk.timer
+ _errcatch_cleanup=cleanup
restore_old_btrbk=true
fi
# I think exim will try ipv6 first, so no need to disable
# ipv6 i think.
+
+
m $old_shell /a/exe/primary-setup $new_hostname
-if $localhost_new; then
- m btrbk-run -v -s $old_host $mp_args
-else
- m btrbk-run -v -t $new_host $mp_args
+if ! m btrbk-run -v $bbk_args $mp_args; then
+ ret=$?
+ bang="$(printf "$(tput setaf 5)█$(tput sgr0)%.0s" 1 2 3 4 5 6 7)"
+ e $bang failed btrbk. restoring old host as primary
+ m $old_shell /a/exe/primary-setup localhost
+ exit $ret
fi
-m $new_shell /a/exe/primary-setup $new_hostname
+m $new_shell /a/exe/primary-setup localhost
+++ /dev/null
-#!/bin/bash
-
-# this pulls from host $1 to the current host.
-# not currently used, but it might be useful at some point
-
-source /a/bin/errhandle/err
-
-cd /
-
-old=$1
-new=$HOSTNAME
-
-if [[ ! $old ]]; then
- echo "$0: error: no \$1 given, should be old host"
- exit 1
-fi
-
-if ! timeout -s 9 2 ssh $old : ; then
- echo "$0: error: can't ssh to $old"
-fi
-
-for p in emacs firefox pidgin; do
- ssh $old killall $p ||:
-done
-
-# note: duplicated in check-subvol-stale
-last_a=$(
- vol=a
- for s in /mnt/root/btrbk/$vol.*; do
- f=${s##*/}
- unix_time=$(date -d $(sed -r 's/(.{4})(..)(.{5})(..)(.*)/\1-\2-\3:\4:\5/' <<<${f#$vol.}) +%s)
- printf "%s\n" $unix_time
- done | sort -r | head -n 1
- )
-
-if [[ $last_a != [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] ]]; then
- echo "$0: error: last_a bad value: $last_a"
- exit 1
-fi
-
-# if last_a is recent enough, skip doing btrbk
-if (( last_a < $(date +%s) - 60*60 )); then
- if ! ssh $old btrbk-run -pvt $new; then
- echo "$0: error: failed btrbk-run"
- exit 1
- fi
-fi
-
-switch-mail-host $old $new
if [[ -e ${glob[0]} ]]; then
chars+=("STALE!")
fi
+ if [[ $(find /var/mail -type f \! -empty -print -quit) ]]; then
+ var_mail_msg="message in /var/mail"
+ fi
+ lo -1 var_mail $var_mail_msg
glob=(/m/md/bounces/new/*)
if [[ -e ${glob[0]} ]]; then
chars+=("BOUNCE!")
qlen=$(sudo /usr/sbin/exiqgrep -o 60 -c -b | awk '{print $1}')
fi
if ((qlen)); then
+ qmsg="queue length $qlen"
chars+=("q $qlen")
fi
+ case $HOSTNAME in
+ # No point in emailing about the mailq on a host where we don't
+ # check email.
+ $MAIL_HOST|l2)
+ lo -1 qlen $qmsg
+ ;;
+ esac
begin=false
- cd /b/ds
- if ! make -q ~/.local/distro-begin || [[ $(<~/.local/distro-begin) != 0 ]]; then
+ if ! make -C /b/ds -q ~/.local/distro-begin || [[ $(<~/.local/distro-begin) != 0 ]]; then
begin=true
fi
end=false
- if ! make -q ~/.local/distro-end || [[ $(<~/.local/distro-end) != 0 ]]; then
+ if ! make -C /b/ds -q ~/.local/distro-end || [[ $(<~/.local/distro-end) != 0 ]]; then
end=true
fi
done
# just because i forget a lot, -mmin -NUM means files modified <= NUM minutes ago
- if (( $(date -d "$(git log --diff-filter=ACR --format=%aD -1)" +%s) > fsec )) || \
- [[ $(find ${all_dirs[@]} -mmin $fmin -type f -print -quit 2>/dev/null) ]]; then
- v conflink newer git or newer filesystem files
+ if [[ $(find ${all_dirs[@]} -mmin $fmin -type f -print -quit 2>/dev/null) ]]; then
+ v conflink newer filesystem files
chars+=("CONFLINK!")
break
fi
# some hosts i dont push all of /p/c
continue
fi
+ if (( $(date -d "$(git log --diff-filter=ACR --format=%aD -1)" +%s) > fsec )); then
+ v conflink: newer files checked in to git
+ chars+=("CONFLINK!")
+ break
+ fi
+
untracked=$(git ls-files -o --exclude-standard)
if [[ $untracked && $(find $untracked -mmin $fminplus -type f -print -quit) ]]; then
v conflink: untracked in $d
break
fi
done
+ cd /
fi
if [[ ! -e $f || $(<$f) != 0 ]]; then
# Profiled it using time and also adding to the top of the file:
# set -x
# PS4='+ $(date "+%2N") '
- snaps=($(ls -1avdr /mnt/root/btrbk/$vol.20*|head -n1))
+ snaps=($(ls -1avdr /mnt/root/btrbk/$vol.20*|head -n1 || [[ $? == 141 ]] ))
now=$(date +%s)
maxtime=0
for s in ${snaps[@]}; do
# Usage: run when switching from an untrusted network like public wifi
# to a trusted one.
-rm -f /etc/dnsmasq.d/untrusted-network.conf
+if [[ -e /etc/dnsmasq.d/untrusted-network.conf ]]; then
+ rm -f /etc/dnsmasq.d/untrusted-network.conf
-systemctl reload dnsmasq
+ nscd -i hosts
+ systemctl reload dnsmasq
+fi
# Usage: use when switching from a trusted network to an untrusted one,
# like public wifi.
-cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
+if [[ ! -s /etc/dnsmasq.d/untrusted-network.conf ]]; then
+ cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
server=8.8.4.4
server=8.8.8.8
server=2001:4860:4860::8844
stop-dns-rebind
EOF
-systemctl reload dnsmasq
+ nscd -i hosts
+ systemctl reload dnsmasq
+fi