| 1 | #!/bin/sh -e |
| 2 | |
| 3 | # grab tokens in case they were dropped by sudo |
| 4 | if [ -x "$(which aklog)" ]; then |
| 5 | aklog |
| 6 | fi |
| 7 | |
| 8 | redo_exim() { |
| 9 | sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg |
| 10 | /bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains |
| 11 | /bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains |
| 12 | /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains |
| 13 | /bin/echo -n "domainlist relay_to_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains |
| 14 | /bin/cat /var/domtool/relay_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains |
| 15 | /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains |
| 16 | /bin/echo -n "domainlist mm_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains |
| 17 | /bin/cat /var/domtool/mailman_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains |
| 18 | /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains |
| 19 | service exim4 reload |
| 20 | } |
| 21 | |
| 22 | case $1 in |
| 23 | apache) |
| 24 | /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/ |
| 25 | service apache2 reload |
| 26 | ;; |
| 27 | apache-down) |
| 28 | service apache2 stop |
| 29 | ;; |
| 30 | apache-undown) |
| 31 | /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/ |
| 32 | service apache2 start |
| 33 | ;; |
| 34 | apache1.3) |
| 35 | /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/ |
| 36 | service apache reload |
| 37 | ;; |
| 38 | apache1.3-down) |
| 39 | service apache stop |
| 40 | ;; |
| 41 | apache1.3-undown) |
| 42 | /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/ |
| 43 | service apache start |
| 44 | ;; |
| 45 | bind) |
| 46 | /usr/bin/rsync -r --delete /var/domtool/zones/ /etc/bind/zones/ |
| 47 | /bin/chown -R bind /etc/bind/zones |
| 48 | /bin/cp /var/domtool/named.conf.local /etc/bind/ |
| 49 | /bin/chown root:bind /etc/bind/named.conf.local |
| 50 | /bin/chmod 644 /etc/bind/named.conf.local |
| 51 | service bind9 restart |
| 52 | ;; |
| 53 | exim) |
| 54 | sudo -u domtool touch /var/domtool/aliases /var/domtool/aliases.default |
| 55 | /bin/cp /var/domtool/aliases /etc/aliases.hosted |
| 56 | /bin/cp /var/domtool/aliases.default /etc/aliases.wildcard |
| 57 | redo_exim |
| 58 | ;; |
| 59 | mailman) |
| 60 | /bin/echo "HCOOP_VHOSTS = {" >/etc/mailman/vhosts_cfg.py |
| 61 | /bin/cat /var/domtool/mailman.map >>/etc/mailman/vhosts_cfg.py |
| 62 | /bin/echo "}" >>/etc/mailman/vhosts_cfg.py |
| 63 | service mailman reload |
| 64 | redo_exim |
| 65 | ;; |
| 66 | courier) |
| 67 | VMAILDB=`domtool-config -path vmaildb` |
| 68 | if [ -z "$VMAILDB" ]; then |
| 69 | echo "domtool-config not found, not syncing courier vmail userdb" |
| 70 | exit 1 |
| 71 | fi |
| 72 | /usr/bin/rsync -r --delete ${VMAILDB}/ /etc/courier/userdb |
| 73 | /usr/sbin/makeuserdb |
| 74 | /bin/chown -R domtool:nogroup /etc/courier/userdb |
| 75 | /bin/cat /etc/courier/userdb/* >/etc/courier/exim |
| 76 | /bin/chmod o-r /etc/courier/exim |
| 77 | /usr/sbin/exim_dbmbuild /etc/courier/exim /etc/courier/exim.dat |
| 78 | /bin/chgrp mail /etc/courier/exim.dat |
| 79 | /bin/chmod o-r /etc/courier/exim.dat |
| 80 | ;; |
| 81 | spamassassin) |
| 82 | SHAREDROOT=`domtool-config -path shared-root` |
| 83 | /usr/bin/rsync -r --delete ${SHAREDROOT}/email/spamassassin/addrs/ /etc/spamassassin/addrs |
| 84 | ;; |
| 85 | smtplog) |
| 86 | /bin/grep $2 /var/log/exim4/mainlog |
| 87 | ;; |
| 88 | apache-fixperms) |
| 89 | /bin/chown -R domtool:nogroup /var/log/apache2/user |
| 90 | ;; |
| 91 | apache1.3-fixperms) |
| 92 | /bin/chown -R domtool:nogroup /var/log/apache/user |
| 93 | ;; |
| 94 | users) |
| 95 | /bin/cp /var/domtool/waklog.conf /etc/apache2/ |
| 96 | service apache2 reload |
| 97 | ;; |
| 98 | firewall) |
| 99 | # Ideally this would check if the config worked first |
| 100 | # (ferm failing just uses the previous config at |
| 101 | # least). Does it need to chown/chmod the generated |
| 102 | # rules? |
| 103 | /bin/cp /var/domtool/firewall/*.conf /etc/ferm/ |
| 104 | service ferm reload |
| 105 | ;; |
| 106 | firewallpuppet) |
| 107 | # new firewall publishing method that integrates with puppet (sort of) |
| 108 | /bin/cp /var/domtool/firewall/*.conf /etc/ferm/ |
| 109 | if [ ! -d /etc/puppetlabs ]; then |
| 110 | # legacy node |
| 111 | service ferm reload |
| 112 | exit |
| 113 | fi |
| 114 | if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then |
| 115 | for chain in FERM-INPUT FERM-OUTPUT; do |
| 116 | /sbin/iptables -F $chain |
| 117 | /sbin/ip6tables -F $chain |
| 118 | |
| 119 | /usr/sbin/ferm --domain ip --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush |
| 120 | /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush |
| 121 | done |
| 122 | else |
| 123 | echo "firewall: ferm failed, aborting regeneration." |
| 124 | fi |
| 125 | ;; |
| 126 | *) |
| 127 | echo "Usage: domtool-publish [apache|bind|courier|exim|mailman|smtplog STRING|users|firewall]" |
| 128 | ;; |
| 129 | esac |