[hcoop/domtool2.git] / scripts / domtool-publish

#!/bin/sh -e

# grab tokens in case they were dropped by sudo
if [ -x "$(which aklog)" ]; then
    # ignore exit code, may fail on older versions
    aklog || true
fi

redo_exim() {
        sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg
	/bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains
	/bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/echo -n "domainlist relay_to_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/cat /var/domtool/relay_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/echo -n "domainlist mm_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/cat /var/domtool/mailman_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
	service exim4 reload
}

case $1 in
	apache)
		/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
		service apache2 reload
	;;
	apache-down)
		service apache2 stop
	;;
	apache-undown)
		/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
		service apache2 start
	;;
	apache1.3)
		/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
		service apache reload
	;;
	apache1.3-down)
		service apache stop
	;;
	apache1.3-undown)
		/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
		service apache start
	;;
	bind)
		/usr/bin/rsync -r --delete /var/domtool/zones/ /etc/bind/zones/
		/bin/chown -R bind /etc/bind/zones
		/bin/cp /var/domtool/named.conf.local /etc/bind/
		/bin/chown root:bind /etc/bind/named.conf.local
		/bin/chmod 644 /etc/bind/named.conf.local
		service bind9 restart
	;;
	exim)
	        sudo -u domtool touch /var/domtool/aliases /var/domtool/aliases.default
		/bin/cp /var/domtool/aliases /etc/aliases.hosted
		/bin/cp /var/domtool/aliases.default /etc/aliases.wildcard
		redo_exim
	;;
	mailman)
                /bin/echo "HCOOP_VHOSTS = {" >/etc/mailman/vhosts_cfg.py
		/bin/cat /var/domtool/mailman.map >>/etc/mailman/vhosts_cfg.py
                /bin/echo "}" >>/etc/mailman/vhosts_cfg.py
		service mailman reload
		redo_exim
	;;
	courier)
	        VMAILDB=`domtool-config -path vmaildb`
		if [ -z "$VMAILDB" ]; then
		    echo "domtool-config not found, not syncing courier vmail userdb"
		    exit 1
		fi
	        /usr/bin/rsync -r --delete ${VMAILDB}/ /etc/courier/userdb
	        /usr/sbin/makeuserdb
		/bin/chown -R domtool:nogroup /etc/courier/userdb
		/bin/cat /etc/courier/userdb/* >/etc/courier/exim
		/bin/chmod o-r /etc/courier/exim
		/usr/sbin/exim_dbmbuild /etc/courier/exim /etc/courier/exim.dat
		/bin/chgrp mail /etc/courier/exim.dat
		/bin/chmod o-r /etc/courier/exim.dat
	;;
        spamassassin)
	        SHAREDROOT=`domtool-config -path shared-root`
		/usr/bin/rsync -r --delete ${SHAREDROOT}/email/spamassassin/addrs/ /etc/spamassassin/addrs
	;;
	smtplog)
		/bin/grep $2 /var/log/exim4/mainlog
	;;
        apache-fixperms)
                /bin/chown -R domtool:nogroup /var/log/apache2/user
        ;;
        apache1.3-fixperms)
                /bin/chown -R domtool:nogroup /var/log/apache/user
        ;;
        users)
                /bin/cp /var/domtool/waklog.conf /etc/apache2/
		service apache2 reload
        ;;
        firewall)
	       # Ideally this would check if the config worked first
	       # (ferm failing just uses the previous config at
	       # least). Does it need to chown/chmod the generated
	       # rules?
	       /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
	       service ferm reload
	       ;;
	firewallpuppet)
	       # new firewall publishing method that integrates with puppet (sort of)
	       /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
	       if [ ! -d /etc/puppetlabs ]; then
		   # legacy node
		   service ferm reload
		   exit
	       fi
	       if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
		   for chain in FERM-INPUT FERM-OUTPUT; do
		       /sbin/iptables -F $chain
		       /sbin/ip6tables -F $chain

		       /usr/sbin/ferm --domain ip  --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush
       		       /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush
		   done
	       else
		   echo "firewall: ferm failed, aborting regeneration."
	       fi
	;;
	*)
		echo "Usage: domtool-publish [apache|bind|courier|exim|mailman|smtplog STRING|users|firewall]"
	;;
esac
Commit	Line	Data
27e20924 AC	1	#!/bin/sh -e
27e20924 AC	2
88c92f35 CE	3	# grab tokens in case they were dropped by sudo
88c92f35 CE	4	if [ -x "$(which aklog)" ]; then
95798203 CE	5	# ignore exit code, may fail on older versions
95798203 CE	6	aklog \|\| true
88c92f35 CE	7	fi
88c92f35 CE	8
5543e924	9	redo_exim() {
792c84b9	10	sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg
5543e924 AC	11	/bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains
	12	/bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	13	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
	14	/bin/echo -n "domainlist relay_to_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
	15	/bin/cat /var/domtool/relay_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	16	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
	17	/bin/echo -n "domainlist mm_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
	18	/bin/cat /var/domtool/mailman_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
	19	/bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
4bfa6af3	20	service exim4 reload
5543e924 AC	21	}
5543e924 AC	22
27e20924 AC	23	case $1 in
27e20924 AC	24	apache)
71ba8736	25	/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
4bfa6af3	26	service apache2 reload
27e20924	27	;;
8e965b2d	28	apache-down)
4bfa6af3	29	service apache2 stop
8e965b2d AC	30	;;
8e965b2d AC	31	apache-undown)
71ba8736	32	/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
4bfa6af3	33	service apache2 start
8e965b2d	34	;;
55d4a268 AC	35	apache1.3)
55d4a268 AC	36	/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
4bfa6af3	37	service apache reload
55d4a268 AC	38	;;
55d4a268 AC	39	apache1.3-down)
4bfa6af3	40	service apache stop
55d4a268 AC	41	;;
	42	apache1.3-undown)
	43	/usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
4bfa6af3	44	service apache start
55d4a268	45	;;
27e20924	46	bind)
71ba8736	47	/usr/bin/rsync -r --delete /var/domtool/zones/ /etc/bind/zones/
6b1ff6b1	48	/bin/chown -R bind /etc/bind/zones
27e20924	49	/bin/cp /var/domtool/named.conf.local /etc/bind/
438b8bdd CE	50	/bin/chown root:bind /etc/bind/named.conf.local
438b8bdd CE	51	/bin/chmod 644 /etc/bind/named.conf.local
4bfa6af3	52	service bind9 restart
27e20924 AC	53	;;
27e20924 AC	54	exim)
792c84b9	55	sudo -u domtool touch /var/domtool/aliases /var/domtool/aliases.default
80fb3843	56	/bin/cp /var/domtool/aliases /etc/aliases.hosted
cd040866	57	/bin/cp /var/domtool/aliases.default /etc/aliases.wildcard
5543e924	58	redo_exim
27e20924 AC	59	;;
27e20924 AC	60	mailman)
1edf2ddd AC	61	/bin/echo "HCOOP_VHOSTS = {" >/etc/mailman/vhosts_cfg.py
	62	/bin/cat /var/domtool/mailman.map >>/etc/mailman/vhosts_cfg.py
	63	/bin/echo "}" >>/etc/mailman/vhosts_cfg.py
4bfa6af3	64	service mailman reload
5543e924	65	redo_exim
27e20924	66	;;
08688401	67	courier)
8ca17b9a CE	68	VMAILDB=`domtool-config -path vmaildb`
	69	if [ -z "$VMAILDB" ]; then
	70	echo "domtool-config not found, not syncing courier vmail userdb"
	71	exit 1
	72	fi
	73	/usr/bin/rsync -r --delete ${VMAILDB}/ /etc/courier/userdb
7aa78013	74	/usr/sbin/makeuserdb
fb9aeb18	75	/bin/chown -R domtool:nogroup /etc/courier/userdb
2bc5ed22 AC	76	/bin/cat /etc/courier/userdb/* >/etc/courier/exim
	77	/bin/chmod o-r /etc/courier/exim
	78	/usr/sbin/exim_dbmbuild /etc/courier/exim /etc/courier/exim.dat
	79	/bin/chgrp mail /etc/courier/exim.dat
	80	/bin/chmod o-r /etc/courier/exim.dat
	81	;;
ebb51f80 CE	82	spamassassin)
	83	SHAREDROOT=`domtool-config -path shared-root`
	84	/usr/bin/rsync -r --delete ${SHAREDROOT}/email/spamassassin/addrs/ /etc/spamassassin/addrs
	85	;;
2bc5ed22 AC	86	smtplog)
2bc5ed22 AC	87	/bin/grep $2 /var/log/exim4/mainlog
08688401	88	;;
c17d0537	89	apache-fixperms)
fb9aeb18	90	/bin/chown -R domtool:nogroup /var/log/apache2/user
c17d0537 AC	91	;;
c17d0537 AC	92	apache1.3-fixperms)
fb9aeb18	93	/bin/chown -R domtool:nogroup /var/log/apache/user
c17d0537	94	;;
563e7792 AC	95	users)
563e7792 AC	96	/bin/cp /var/domtool/waklog.conf /etc/apache2/
4bfa6af3	97	service apache2 reload
563e7792	98	;;
73b95423	99	firewall)
0d3fb301 CE	100	# Ideally this would check if the config worked first
	101	# (ferm failing just uses the previous config at
	102	# least). Does it need to chown/chmod the generated
	103	# rules?
890558f7	104	/bin/cp /var/domtool/firewall/*.conf /etc/ferm/
4bfa6af3	105	service ferm reload
93278775 CE	106	;;
	107	firewallpuppet)
	108	# new firewall publishing method that integrates with puppet (sort of)
	109	/bin/cp /var/domtool/firewall/*.conf /etc/ferm/
	110	if [ ! -d /etc/puppetlabs ]; then
	111	# legacy node
4bfa6af3	112	service ferm reload
93278775 CE	113	exit
	114	fi
	115	if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
	116	for chain in FERM-INPUT FERM-OUTPUT; do
	117	/sbin/iptables -F $chain
	118	/sbin/ip6tables -F $chain
	119
	120	/usr/sbin/ferm --domain ip --noexec --lines /etc/ferm/ferm.conf \| iptables-restore --noflush
	121	/usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf \| ip6tables-restore --noflush
	122	done
	123	else
	124	echo "firewall: ferm failed, aborting regeneration."
	125	fi
73b95423	126	;;
27e20924	127	*)
73b95423	128	echo "Usage: domtool-publish [apache\|bind\|courier\|exim\|mailman\|smtplog STRING\|users\|firewall]"
27e20924	129	;;
51be7da6	130	esac