From be899485ed331120ca23f4a6d3caff1916659e42 Mon Sep 17 00:00:00 2001
From: Ian Kelling <ian@iankelling.org>
Date: Sat, 4 Feb 2017 20:03:43 -0800
Subject: [PATCH] exim and various improvements

---
 .../conf.d/acl/30_exim4-config_check_mail     | 17 ++++++++++
 .../exim4/conf.d/auth/29_exim4-config_auth    | 11 +++++++
 .../etc/exim4/conf.d/main/000_localmacros     |  1 +
 .../etc/systemd/system/mailroute.service      | 16 +++++++++
 .../systemd/system/openvpn-client-nn@.service |  2 +-
 .../treetowl/filesystem/etc/cron.d/treetowl   |  2 +-
 .../etc/cron.daily/mediawiki_backup           | 33 +++++++++++++++++++
 .../etc/systemd/system/btrbk.service          |  4 +--
 subdir_files/.config/mpv/mpv.conf             |  2 +-
 subdir_files/.config/sakura/sakura.conf       |  3 ++
 10 files changed, 86 insertions(+), 5 deletions(-)
 create mode 100644 filesystem/etc/exim4/conf.d/acl/30_exim4-config_check_mail
 create mode 100644 filesystem/etc/exim4/conf.d/auth/29_exim4-config_auth
 create mode 100644 filesystem/etc/exim4/conf.d/main/000_localmacros
 create mode 100644 filesystem/etc/systemd/system/mailroute.service
 create mode 100755 machine_specific/treetowl/filesystem/etc/cron.daily/mediawiki_backup

diff --git a/filesystem/etc/exim4/conf.d/acl/30_exim4-config_check_mail b/filesystem/etc/exim4/conf.d/acl/30_exim4-config_check_mail
new file mode 100644
index 0000000..c51da90
--- /dev/null
+++ b/filesystem/etc/exim4/conf.d/acl/30_exim4-config_check_mail
@@ -0,0 +1,17 @@
+
+### acl/30_exim4-config_check_mail
+#################################
+
+# This access control list is used for every MAIL command in an incoming
+# SMTP message. The tests are run in order until the address is either
+# accepted or denied.
+#
+
+acl_check_mail:
+
+# ian: I added this require statement only. accept at the end is
+# needed as the default is deny.
+  require
+    message = ian auth
+    authenticated = *
+  accept
diff --git a/filesystem/etc/exim4/conf.d/auth/29_exim4-config_auth b/filesystem/etc/exim4/conf.d/auth/29_exim4-config_auth
new file mode 100644
index 0000000..bbfff3f
--- /dev/null
+++ b/filesystem/etc/exim4/conf.d/auth/29_exim4-config_auth
@@ -0,0 +1,11 @@
+# from 30_exim4-config_examples
+
+plain_server:
+  driver = plaintext
+  public_name = PLAIN
+  server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+  server_set_id = $auth2
+  server_prompts = :
+  .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
+  .endif
diff --git a/filesystem/etc/exim4/conf.d/main/000_localmacros b/filesystem/etc/exim4/conf.d/main/000_localmacros
new file mode 100644
index 0000000..97945cb
--- /dev/null
+++ b/filesystem/etc/exim4/conf.d/main/000_localmacros
@@ -0,0 +1 @@
+MAIN_TLS_ENABLE = true
diff --git a/filesystem/etc/systemd/system/mailroute.service b/filesystem/etc/systemd/system/mailroute.service
new file mode 100644
index 0000000..68a6655
--- /dev/null
+++ b/filesystem/etc/systemd/system/mailroute.service
@@ -0,0 +1,16 @@
+[Unit]
+# this unit is configured to start and stop whenever openvpn-client@mail.service
+# does
+Description=Routing for email vpn
+After=network.target
+BindsTo=openvpn-client@mail.service
+After=openvpn-client@mail.service
+
+[Service]
+Type=oneshot
+ExecStart=/a/bin/distro-setup/mail-route start
+ExecStop=/a/bin/distro-setup/mail-route stop
+RemainAfterExit=yes
+
+[Install]
+RequiredBy=openvpn-client@mail.service
diff --git a/filesystem/etc/systemd/system/openvpn-client-nn@.service b/filesystem/etc/systemd/system/openvpn-client-nn@.service
index ef5941d..ba89ea0 100644
--- a/filesystem/etc/systemd/system/openvpn-client-nn@.service
+++ b/filesystem/etc/systemd/system/openvpn-client-nn@.service
@@ -22,7 +22,7 @@ LimitNPROC=10
 # DeviceAllow=/dev/net/tun rw
 
 # ian: added just these  lines from upstream
-ExecStartPre=+/a/bin/newns/newns start %i
+ExecStartPre=+/a/bin/newns/newns -n 10.173.0 start %i
 ExecStartPre=+/sbin/iptables-restore /a/bin/transmission-firewall/netns.rules
 ExecStopPost=+/a/bin/newns/newns stop %i
 PrivateNetwork=true
diff --git a/machine_specific/treetowl/filesystem/etc/cron.d/treetowl b/machine_specific/treetowl/filesystem/etc/cron.d/treetowl
index a20f90b..e44ec1c 100755
--- a/machine_specific/treetowl/filesystem/etc/cron.d/treetowl
+++ b/machine_specific/treetowl/filesystem/etc/cron.d/treetowl
@@ -7,7 +7,7 @@
 SHELL=/bin/bash
 0    4 * * * ian x=$(/a/exe/logq /a/bin/small-backup --retry daily 2M); [[ $? != 0 ]] && echo "$x"
 0    3 * * sun ian echo weekly backup results:; /a/bin/small-backup --retry weekly -batch -prefer ~/.mpv -silent 2>&1 | /a/exe/log-once unison-mpv
-*/5  * * * *   ian /a/bin/dynamic-ip-update.sh
+*/5  * * * *   ian /a/bin/distro-setup/dynamic-ip-update.sh | /a/exe/log-once -15
 */10 * * * *   ian /a/bin/small-backup 10minutes 3D 2>&1 | /a/exe/log-once small-backup-10min
 # put things we don't want to send mail about below this:
 # MAILTO=""
diff --git a/machine_specific/treetowl/filesystem/etc/cron.daily/mediawiki_backup b/machine_specific/treetowl/filesystem/etc/cron.daily/mediawiki_backup
new file mode 100755
index 0000000..2d40618
--- /dev/null
+++ b/machine_specific/treetowl/filesystem/etc/cron.daily/mediawiki_backup
@@ -0,0 +1,33 @@
+#!/bin/bash
+# if we get an error, keep going but return it at the end
+last_error=0
+trap 'last_error=$?' ERR
+source ~/mw_vars
+# No strict because the host is likely not named the same as
+# the domain.
+ssh="ssh -oStrictHostKeyChecking=no"
+logfile=/var/log/${mwdomain}_backup.log
+{
+echo "#### starting backup at $(date) ####"
+$ssh root@$mwdomain <<ENDSSH
+set -x
+tee -a $mwc<<'EOF'
+\$wgReadOnly = 'Dumping Database, Access will be restored shortly';
+EOF
+mkdir -p ~/wiki_backups
+mysqldump -p$dbpass --default-character-set=binary my_wiki  > ~/wiki_backups/wiki_db_backup
+sed -i '\$ d' $mwc # delete read only setting
+ENDSSH
+# add no strict option to the defaults
+
+rdiff() { rdiff-backup --remote-schema "$ssh -C  %s rdiff-backup --server" "$@"; }
+set -x
+rdiff root@$mwdomain::/root/wiki_backups ~/backup/${mwdomain}_wiki_db_backup
+rdiff root@$mwdomain::$mw ~/backup/${mwdomain}_wiki_file_backup
+set +x
+echo "=== ending backup at $(date) ===="
+}  &>>$logfile
+if [[ $last_error != 0 ]]; then
+    echo "backup for $mwdomain failed. See $logfile"
+fi
+exit $last_error
diff --git a/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service
index da692bb..0d288c4 100644
--- a/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service
+++ b/machine_specific/treetowl/filesystem/etc/systemd/system/btrbk.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=Btrbk backup
-After=network.target
+After=multi-user.target
 
 [Service]
 Type=oneshot
-ExecStart=/a/exe/btrbk-run
+ExecStart=/a/bin/log-quiet/sysd-mail-once /a/exe/btrbk-run
diff --git a/subdir_files/.config/mpv/mpv.conf b/subdir_files/.config/mpv/mpv.conf
index a276cef..5e2d107 100644
--- a/subdir_files/.config/mpv/mpv.conf
+++ b/subdir_files/.config/mpv/mpv.conf
@@ -1,4 +1,4 @@
 #loop=inf
 loop-file=inf
 shuffle
-volume=20
\ No newline at end of file
+volume=80
\ No newline at end of file
diff --git a/subdir_files/.config/sakura/sakura.conf b/subdir_files/.config/sakura/sakura.conf
index bb20089..5e27d08 100644
--- a/subdir_files/.config/sakura/sakura.conf
+++ b/subdir_files/.config/sakura/sakura.conf
@@ -73,3 +73,6 @@ disable_numbered_tabswitch=false
 scroll_lines=10000000
 increase_font_size_key=plus
 decrease_font_size_key=minus
+use_fading=false
+scrollable_tabs=true
+stop_tab_cycling_at_end_tabs=No
-- 
2.30.2