From 41235a1a070914920dc84f352abee00deccda146 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 19 Oct 2019 11:15:31 -0400
Subject: [PATCH] better output

---
 mail-setup       | 176 +++++++++++++++++++++++++----------------------
 primary-setup    |  28 ++++----
 switch-mail-host |  24 ++++---
 3 files changed, 125 insertions(+), 103 deletions(-)
 mode change 100644 => 100755 switch-mail-host

diff --git a/mail-setup b/mail-setup
index b28bedf..8259ff8 100755
--- a/mail-setup
+++ b/mail-setup
@@ -4,14 +4,25 @@
 # Copyright (C) 2019 Ian Kelling
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
+if [ -z "$BASH_VERSION" ]; then echo "error: shell is not bash" >&2; exit 1; fi
+
+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; }
 
-set -x
 
 # TODO: copy dkim keys from within this file. its now done in conflink.
 # TODO: fix dkim key to b chmod 640, group Debian-exim
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+if [[ -s /usr/local/lib/err ]]; then
+  source /usr/local/lib/err
+elif [[ -s /a/bin/errhandle/err ]]; then
+  source /a/bin/errhandle/err
+else
+  err "no err tracing script found"
+  exit 1
+fi
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 if [[ ! $SUDO_USER ]]; then
@@ -149,9 +160,9 @@ pi() { # package install
   while fuser /var/lib/dpkg/lock &>/dev/null; do sleep 1; done
   f=/var/cache/apt/pkgcache.bin;
   if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*12 )); then
-    apt-get update
+    m apt-get update
   fi
-  DEBIAN_FRONTEND=noninteractive apt-get -y install --purge --auto-remove "$@"
+  m DEBIAN_FRONTEND=noninteractive apt-get -y install --purge --auto-remove "$@"
 }
 
 postmaster=alerts
@@ -168,7 +179,7 @@ smarthost="$mxhost::$mxport"
 
 ## * Install packages
 # light version of exim does not have sasl auth support.
-pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn
+pi exim4-daemon-heavy spamassassin spf-tools-perl openvpn dnsmasq
 
 # trisquel 8 = openvpn, debian stretch = openvpn-client
 vpn_ser=openvpn-client
@@ -176,15 +187,17 @@ if [[ ! -e /lib/systemd/system/openvpn-client@.service ]]; then
   vpn_ser=openvpn
 fi
 
+uhome=$(eval echo ~$u)
 ### * user forward file
 if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
   # afaik, these will get ignored because they are routing to my own
   # machine, but rm them is safer
-  rm -f $(eval echo ~$u)/.forward /root/.forward
+  rm -fv $uhome/.forward /root/.forward
 else
   # this can\'t be a symlink and has permission restrictions
   # it might work in /etc/aliases, but this seems more proper.
-  install -m 644 {-o,-g}$u <(e $forward) $(eval echo ~$u)/.forward
+  e setting $uhome/.forward to $forward
+  install -m 644 {-o,-g}$u <(e $forward) $uhome/.forward
 fi
 
 # * Mail clean cronjob
@@ -217,9 +230,8 @@ systemctl daemon-reload
 # * spamassassin
 
 if [[ $HOSTNAME != "$MAIL_HOST" ]]; then
-  systemctl stop spamassassin
-  systemctl disable spamassassin
-
+  m systemctl stop spamassassin
+  m systemctl disable spamassassin
 else
 
   # per readme.debian
@@ -229,9 +241,9 @@ else
   sed -i '/^\s*NICE\s*=/d' /etc/default/spamassassin
   e 'NICE="--nicelevel 15"' >>/etc/default/spamassassin
 
-  systemctl enable spamassassin
-  systemctl start spamassassin
-  systemctl reload spamassassin
+  m systemctl enable spamassassin
+  m systemctl start spamassassin
+  m systemctl reload spamassassin
 
   cat >/etc/systemd/system/spamddnsfix.service <<'EOF'
 [Unit]
@@ -258,9 +270,9 @@ OnUnitActiveSec=550
 [Install]
 WantedBy=timers.target
 EOF
-  systemctl daemon-reload
-  systemctl restart spamddnsfix.timer
-  systemctl enable spamddnsfix.timer
+  m systemctl daemon-reload
+  m systemctl restart spamddnsfix.timer
+  m systemctl enable spamddnsfix.timer
 
 fi # [[ $HOSTNAME != "$MAIL_HOST" ]]
 #####   end spamassassin config
@@ -280,7 +292,7 @@ if [[ -e /p/c/filesystem ]]; then
     # systemd, buuut it can remake the tun device unexpectedly, i got this in the log
     # after my internet was down for a bit:
     # NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
-    /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
+    m /a/exe/vpn-mk-client-cert -b mail -n mail -s /b/ds/mail-route li.iankelling.org
   fi
 fi
 
@@ -318,7 +330,7 @@ if [[ $new_ret != 0 ]]; then
 fi
 exit 0
 EOF
-chmod 755 $f
+m chmod 755 $f
 
 cat >/etc/systemd/system/mailcert.service <<'EOF'
 [Unit]
@@ -340,10 +352,10 @@ OnCalendar=daily
 [Install]
 WantedBy=timers.target
 EOF
-systemctl daemon-reload
-systemctl start mailcert
-systemctl restart mailcert.timer
-systemctl enable mailcert.timer
+m systemctl daemon-reload
+m systemctl start mailcert
+m systemctl restart mailcert.timer
+m systemctl enable mailcert.timer
 
 
 
@@ -354,22 +366,22 @@ source /a/bin/bash_unpublished/source-state
 ### make local bounces go to normal maildir
 # local mail that bounces goes to /Maildir or /root/Maildir
 dirs=(/m/md/bounces/{cur,tmp,new})
-mkdir -p ${dirs[@]}
-chown -R $u:Debian-exim /m/md/bounces
-chmod 775 ${dirs[@]}
-usermod -a -G Debian-exim $u
+m mkdir -p ${dirs[@]}
+m chown -R $u:Debian-exim /m/md/bounces
+m chmod 775 ${dirs[@]}
+m usermod -a -G Debian-exim $u
 for d in /Maildir /root/Maildir; do
   if [[ ! -L $d ]]; then
-    rm -rf $d
+    m rm -rf $d
   fi
-  ln -sf -T /m/md/bounces $d
+  m ln -sf -T /m/md/bounces $d
 done
 
 
 ### begin setup passwd.client
 f=/etc/exim4/passwd.client
-rm -f /etc/exim4/passwd.client
-install -m 640 -g Debian-exim /dev/null $f
+rm -fv /etc/exim4/passwd.client
+m install -m 640 -g Debian-exim /dev/null $f
 while read -r domain _ pass; do
   # reference: exim4_passwd_client(5)
   printf "%s:%s\n" "$domain" "$pass" >>$f
@@ -377,7 +389,7 @@ done </etc/mailpass
 ###  end setup passwd.client
 
 # by default, only 10 days of logs are kept. increase that.
-sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
+m sed -ri 's/^(\s*rotate\s).*/\11000/' /etc/logrotate.d/exim4-base
 
 
 ## https://blog.dhampir.no/content/make-exim4-on-debian-respect-forward-and-etcaliases-when-using-a-smarthost
@@ -388,7 +400,7 @@ b=userforward_higher_priority
 sed -r s/^\\S+:/$b:/ 600_exim4-config_userforward >175_$b
 
 
-rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
+m rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
 cat >/etc/exim4/conf.d/main/000_local <<EOF
 MAIN_TLS_ENABLE = true
 
@@ -408,7 +420,7 @@ MAIN_LOG_SELECTOR = +all
 
 EOF
 
-rm -f /etc/exim4/rcpt_local_acl # old path
+rm -fv /etc/exim4/rcpt_local_acl # old path
 cat >/etc/exim4/conf.d/rcpt_local_acl <<'EOF'
 # Only hosts we control send to @mail.iankelling.org, so make sure
 # they are all authed.
@@ -419,7 +431,7 @@ deny
   !authenticated = *
   domains = mail.iankelling.org
 EOF
-rm -f /etc/exim4/data_local_acl # old path
+rm -fv /etc/exim4/data_local_acl # old path
 cat >/etc/exim4/conf.d/data_local_acl <<'EOF'
 # Except for the "condition =", this was
 # a comment in the check_data acl. The comment about this not
@@ -533,13 +545,13 @@ if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
   pi dovecot-core dovecot-imapd dovecot-sieve dovecot-lmtpd
 
   for f in /p/c/subdir_files/sieve/*sieve /a/c/subdir_files/sieve/*sieve; do
-    sudo -u $u /a/exe/lnf -T $f $(eval echo ~$u)/sieve/${f##*/}
+    m sudo -u $u /a/exe/lnf -T $f $uhome/sieve/${f##*/}
   done
   # if we changed 90-sieve.conf and removed the active part of the
   # sieve option, we wouldn\'t need this, but I\'d rather not modify a
   # default config if not needed. This won\'t work as a symlink in /a/c
   # unfortunately.
-  sudo -u $u /a/exe/lnf -T sieve/main.sieve $(eval echo ~$u)/.dovecot.sieve
+  m sudo -u $u /a/exe/lnf -T sieve/main.sieve $uhome/.dovecot.sieve
 
   # we set this later in local.conf
   sed -ri -f - /etc/dovecot/conf.d/10-mail.conf <<'EOF'
@@ -625,7 +637,7 @@ EOF
 server=/mail.iankelling.org/127.0.1.1
 EOF
   if systemctl is-active dnsmasq >/dev/null; then
-    systemctl reload dnsmasq
+    m systemctl reload dnsmasq
   fi
 
   # I used to use debconf-set-selections + dpkg-reconfigure,
@@ -736,7 +748,7 @@ EOF
 cd /etc
 wget -q -N https://publicsuffix.org/list/public_suffix_list.dat
 EOF
-  chmod 755 $f
+  m chmod 755 $f
 
   sed -i --follow-symlinks -f - /etc/aliases <<EOF
 \$a root: $postmaster
@@ -746,7 +758,7 @@ EOF
 
   # https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html
   d=/etc/systemd/system/openvpn@mail.service.d
-  mkdir -p $d
+  m mkdir -p $d
   cat >$d/override.conf <<'EOF'
 [Service]
 Restart=always
@@ -759,16 +771,16 @@ StartLimitInterval=0
 EOF
   if ! systemctl cat openvpn@mail.service|grep -xF StartLimitInterval=0 &>/dev/null; then
     # needed for the above config to go into effect
-    systemctl daemon-reexec
+    m systemctl daemon-reexec
   fi
 
 
-  systemctl enable mailclean.timer
-  systemctl start mailclean.timer
-  systemctl restart $vpn_ser@mail
-  systemctl enable $vpn_ser@mail
-  systemctl enable dovecot
-  systemctl restart dovecot
+  m systemctl enable mailclean.timer
+  m systemctl start mailclean.timer
+  m systemctl restart $vpn_ser@mail
+  m systemctl enable $vpn_ser@mail
+  m systemctl enable dovecot
+  m systemctl restart dovecot
 
   # * not MAIL_HOST
 else # $HOSTNAME != $MAIL_HOST
@@ -780,20 +792,20 @@ EOF
 
   echo | /a/exe/cedit mail /etc/dnsmasq-servers.conf || [[ $? == 1 ]]
   if systemctl is-active dnsmasq >/dev/null; then
-    systemctl reload dnsmasq
+    m systemctl reload dnsmasq
   fi
 
-  systemctl disable mailclean.timer &>/dev/null ||:
-  systemctl stop mailclean.timer &>/dev/null ||:
-  systemctl disable $vpn_ser@mail
-  systemctl stop $vpn_ser@mail
-  systemctl disable dovecot ||:
-  systemctl stop dovecot ||:
+  m systemctl disable mailclean.timer &>/dev/null ||:
+  m systemctl stop mailclean.timer &>/dev/null ||:
+  m systemctl disable $vpn_ser@mail
+  m systemctl stop $vpn_ser@mail
+  m systemctl disable dovecot ||:
+  m systemctl stop dovecot ||:
   #
   #
   # would only exist because I wrote it i the previous condition,
   # it\'s not part of exim
-  rm -f /etc/exim4/conf.d/main/000_localmacros
+  rm -fv /etc/exim4/conf.d/main/000_localmacros
   cat >>/etc/exim4/update-exim4.conf.conf <<EOF
 dc_eximconfig_configtype='smarthost'
 dc_smarthost='$smarthost'
@@ -804,7 +816,7 @@ dc_readhost='iankelling.org'
 dc_localdelivery='maildir_home'
 EOF
 
-  hostname -f > /etc/mailname
+  hostname -f >/etc/mailname
 
   # This ends up at alerts mailbox on MAIL_HOST, but using a user that doesn't exist elsewhere
   # is no good.
@@ -833,21 +845,21 @@ sdir=/var/spool/exim4
 # so, im trying a bind mount to get rid of that.
 if [[ -e /nocow ]]; then
   if ! grep -Fx "/nocow/exim4  /var/spool/exim4  none  bind  0 0" /etc/fstab; then
-    echo "/nocow/exim4  /var/spool/exim4  none  bind  0 0" >> /etc/fstab
+    echo "/nocow/exim4  /var/spool/exim4  none  bind  0 0" >>/etc/fstab
   fi
   if ! mountpoint -q $sdir; then
-    systemctl stop exim4
+    m systemctl stop exim4
     if [[ -L $sdir ]]; then
-      rm $sdir
+      m rm $sdir
     fi
     if [[ ! -e $dir && -d $sdir ]]; then
-      mv $sdir $dir
+      m mv $sdir $dir
     fi
     if [[ ! -d $sdir ]]; then
-      mkdir $sdir
-      chmod 000 $sdir # only want it to be used when its mounted
+      m mkdir $sdir
+      m chmod 000 $sdir # only want it to be used when its mounted
     fi
-    mount $sdir
+    m mount $sdir
   fi
 fi
 
@@ -861,15 +873,15 @@ IFS=:; read _ _ uid _ < <(getent passwd Debian-exim ||:) ||:; unset IFS
 IFS=:; read _ _ gid _ < <(getent group Debian-exim ||:) ||:; unset IFS
 if [[ ! $uid ]]; then
   # from /var/lib/dpkg/info/exim4-base.postinst, plus uid and gid options
-  adduser --uid 608 --system --group --quiet --home /var/spool/exim4 \
+  m adduser --uid 608 --system --group --quiet --home /var/spool/exim4 \
 	  --no-create-home --disabled-login --force-badname Debian-exim
 elif [[ $uid != 608 ]]; then
-  systemctl stop exim4 ||:
-  usermod -u 608 Debian-exim
-  groupmod -g 608 Debian-exim
-  usermod -g 608 Debian-exim
-  find / /nocow -xdev -uid $uid -exec chown -h 608 {} +
-  find / /nocow -xdev -gid $gid -exec chgrp -h 608 {} +
+  m systemctl stop exim4 ||:
+  m usermod -u 608 Debian-exim
+  m groupmod -g 608 Debian-exim
+  m usermod -g 608 Debian-exim
+  m find / /nocow -xdev -uid $uid -exec chown -h 608 {} +
+  m find / /nocow -xdev -gid $gid -exec chgrp -h 608 {} +
 fi
 
 
@@ -878,9 +890,9 @@ fi
 # * reload exim
 
 if systemctl is-active exim4 >/dev/null; then
-  systemctl reload exim4
+  m systemctl reload exim4
 else
-  systemctl start exim4
+  m systemctl start exim4
 fi
 
 
@@ -897,7 +909,7 @@ Subject: primary_test $(date +%s) $(date +%Y-%m-%dT%H:%M:%S%z)
 eom
 EOF
 EOFOUTER
-  chmod +x $f
+  m chmod +x $f
 
   cat >/etc/cron.d/mailtest <<EOF
 SHELL=/bin/bash
@@ -906,9 +918,9 @@ SHELL=/bin/bash
 */10 * * * *   $u /usr/local/bin/mailtest-check 2>&1 | /usr/local/bin/log-once -1 mailtest-check
 */10 * * * *   root chmod -R g+rw /m/md/bounces 2>&1 | /usr/local/bin/log-once -1 bounces-chmod
 EOF
-  cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
+  m cp /a/bin/distro-setup/filesystem/usr/local/bin/mailtest-check /usr/local/bin
 else
-  rm -f /etc/cron.d/mailtest
+  rm -fv /etc/cron.d/mailtest
 fi
 
 
@@ -919,23 +931,23 @@ fi
 # does not stop us from remounting /o.
 if dpkg -s radicale &>/dev/null; then
   if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
-    systemctl restart radicale
-    systemctl enable radicale
+    m systemctl restart radicale
+    m systemctl enable radicale
     if [[ -e /etc/logrotate.d/radicale.disabled ]]; then
-      mv /etc/logrotate.d/radicale{.disabled,}
+      m mv /etc/logrotate.d/radicale{.disabled,}
     fi
   else
-    systemctl stop radicale
-    systemctl disable radicale
+    m systemctl stop radicale
+    m systemctl disable radicale
     # weekly logrotate tries to restart radicale even if it's a disabled service in flidas.
     if [[ -e /etc/logrotate.d/radicale ]]; then
-      mv /etc/logrotate.d/radicale{,.disabled}
+      m mv /etc/logrotate.d/radicale{,.disabled}
     fi
   fi
 fi
 
 # * misc
-sudo -u $u ln -sf -T /m/.mu /home/$u/.mu
+m sudo -u $u ln -sf -T /m/.mu /home/$u/.mu
 
 
 # /etc/alias setup is debian specific, and exim postinst script sets up
diff --git a/primary-setup b/primary-setup
index 09ae728..cc335d1 100755
--- a/primary-setup
+++ b/primary-setup
@@ -3,33 +3,37 @@
 # usage $0 [MAIL_HOST]
 # setup things which involve being the primary host or not
 
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+source /usr/local/lib/err
+
+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $0: $*" >&2; }
 
 
 if [[ $EUID == 0 && ! $SUDO_USER ]]; then
-  echo "$0: error: requires running as nonroot or sudo"
+  err "requires running as nonroot or sudo"
   exit 1
 fi
 
 if [[ $1 ]]; then
   new_host=$1
-  sed -ri "s/MAIL_HOST=.*/MAIL_HOST=$new_host/" /a/bin/bash_unpublished/source-state
+  m sed -ri "s/MAIL_HOST=.*/MAIL_HOST=$new_host/" /a/bin/bash_unpublished/source-state
   source /a/bin/bash_unpublished/source-state
 fi
 
 if [[ $HOSTNAME == "$MAIL_HOST" ]]; then
   # arbtt disabled for now
   #DISPLAY=:0 arbtt-capture --sample-rate=10 &
-  sudo systemctl start rss2email.timer
-  sudo systemctl enable rss2email.timer
-  sudo systemctl start btrbk.timer
-  sudo systemctl enable btrbk.timer
+  m sudo systemctl start rss2email.timer
+  m sudo systemctl enable rss2email.timer
+  m sudo systemctl start btrbk.timer
+  m sudo systemctl enable btrbk.timer
 
 else
-  sudo systemctl stop rss2email.timer
-  sudo systemctl stop rss2email.service
-  sudo systemctl disable rss2email.timer
+  m sudo systemctl stop rss2email.timer
+  m sudo systemctl stop rss2email.service
+  m sudo systemctl disable rss2email.timer
   # arbtt disabled for now
   # for ((i=0; i<10; i++)); do
   #   killall arbtt-capture || break
@@ -40,6 +44,6 @@ else
   # done
 fi
 
-/a/exe/mail-setup
+m /a/exe/mail-setup
 exit 0
 :
diff --git a/switch-mail-host b/switch-mail-host
old mode 100644
new mode 100755
index 1598695..11c0f40
--- a/switch-mail-host
+++ b/switch-mail-host
@@ -84,10 +84,7 @@ if [[ ! $new_host || ! $old_host ]]; then
   exit 1
 fi
 
-
-source /a/bin/bash_unpublished/source-state
-
-
+e $new_shell hostname
 new_hostname=$($new_shell hostname)
 
 ########### end initial processing, begin actually modifying things ##########
@@ -102,11 +99,20 @@ if $old_shell systemctl is-active btrbk.timer; then
 fi
 
 btrbk_test="systemctl is-active btrbk.service"
-while [[ $($new_shell $btrbk_test) != inactive ]] || [[ $($old_shell $btrbk_test) != inactive ]]; do
-  echo "$0: btrbk is running on new or old host. sleeping for 8 seconds"
-  sleep 6
-  echo "$0: testing for btrbk activity in 2 seconds"
-  sleep 2
+while true; do
+  for shell in "$new_shell" "$old_shell"; do
+    e $shell $btrbk_test
+    status=$($shell $btrbk_test) ||:
+    case $status in
+      inactive|failed) : ;;
+      *)
+        e "btrbk active on shell:$shell, status:$status, sleeping 8 seconds"
+        sleep 8
+        continue
+        ;;
+    esac
+  done
+  break
 done
 
 # ensure these are unused before doing anything
-- 
2.30.2