fwtool: allow udp/tcp for all user rules
[hcoop/domtool2.git] / scripts / domtool-publish
1 #!/bin/sh -e
2
3 # grab tokens in case they were dropped by sudo
4 if [ -x "$(which aklog)" ]; then
5 # ignore exit code, may fail on older versions
6 aklog || true
7 fi
8
9 redo_exim() {
10 # FIXME: we're ignoring status of the touch command because we
11 # had to set mailman_domains.cfg immutable on mail relays not
12 # running mailman due to deficiencies on the domtool mailman
13 # plugin. Needs to be removed when not needed...
14 sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg || true
15 /bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains
16 /bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
17 /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
18 /bin/echo -n "domainlist relay_to_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
19 /bin/cat /var/domtool/relay_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
20 /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
21 /bin/echo -n "domainlist mm_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
22 /bin/cat /var/domtool/mailman_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
23 /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
24 service exim4 reload
25 }
26
27 case $1 in
28 apache)
29 /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
30 service apache2 reload
31 ;;
32 apache-down)
33 service apache2 stop
34 ;;
35 apache-undown)
36 /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
37 service apache2 start
38 ;;
39 apache1.3)
40 /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
41 service apache reload
42 ;;
43 apache1.3-down)
44 service apache stop
45 ;;
46 apache1.3-undown)
47 /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
48 service apache start
49 ;;
50 bind)
51 /usr/bin/rsync -r --delete /var/domtool/zones/ /etc/bind/zones/
52 /bin/chown -R bind /etc/bind/zones
53 /bin/cp /var/domtool/named.conf.local /etc/bind/
54 /bin/chown root:bind /etc/bind/named.conf.local
55 /bin/chmod 644 /etc/bind/named.conf.local
56 service bind9 restart
57 ;;
58 exim)
59 sudo -u domtool touch /var/domtool/aliases /var/domtool/aliases.default
60 /bin/cp /var/domtool/aliases /etc/aliases.hosted
61 /bin/cp /var/domtool/aliases.default /etc/aliases.wildcard
62 redo_exim
63 ;;
64 mailman)
65 /bin/echo "HCOOP_VHOSTS = {" >/etc/mailman/vhosts_cfg.py
66 /bin/cat /var/domtool/mailman.map >>/etc/mailman/vhosts_cfg.py
67 /bin/echo "}" >>/etc/mailman/vhosts_cfg.py
68 service mailman reload
69 redo_exim
70 ;;
71 courier)
72 VMAILDB=`domtool-config -path vmaildb`
73 if [ -z "$VMAILDB" ]; then
74 echo "domtool-config not found, not syncing courier vmail userdb"
75 exit 1
76 fi
77 /usr/bin/rsync -r --delete ${VMAILDB}/ /etc/courier/userdb
78 /usr/sbin/makeuserdb
79 /bin/chown -R domtool:nogroup /etc/courier/userdb
80 /bin/cat /etc/courier/userdb/* >/etc/courier/exim
81 /bin/chmod o-r /etc/courier/exim
82 /usr/sbin/exim_dbmbuild /etc/courier/exim /etc/courier/exim.dat
83 /bin/chgrp mail /etc/courier/exim.dat
84 /bin/chmod o-r /etc/courier/exim.dat
85 ;;
86 spamassassin)
87 SHAREDROOT=`domtool-config -path shared-root`
88 /usr/bin/rsync -r --delete ${SHAREDROOT}/email/spamassassin/addrs/ /etc/spamassassin/addrs
89 ;;
90 smtplog)
91 /bin/grep $2 /var/log/exim4/mainlog
92 ;;
93 apache-fixperms)
94 /bin/chown -R domtool:nogroup /var/log/apache2/user
95 ;;
96 apache1.3-fixperms)
97 /bin/chown -R domtool:nogroup /var/log/apache/user
98 ;;
99 users)
100 /bin/cp /var/domtool/waklog.conf /etc/apache2/
101 service apache2 reload
102 ;;
103 firewall)
104 # Ideally this would check if the config worked first
105 # (ferm failing just uses the previous config at
106 # least). Does it need to chown/chmod the generated
107 # rules?
108 /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
109 service ferm reload
110 ;;
111 firewallpuppet)
112 # new firewall publishing method that integrates with puppet (sort of)
113 /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
114 if [ ! -d /etc/puppetlabs ]; then
115 # legacy node
116 service ferm reload
117 exit
118 fi
119 if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
120 for chain in FERM-INPUT FERM-OUTPUT; do
121 /sbin/iptables -F $chain
122 /sbin/ip6tables -F $chain
123
124 /usr/sbin/ferm --domain ip --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush
125 /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush
126 done
127 else
128 echo "firewall: ferm failed, aborting regeneration."
129 fi
130 ;;
131 *)
132 echo "Usage: domtool-publish [apache|bind|courier|exim|mailman|smtplog STRING|users|firewall]"
133 ;;
134 esac