-#!/bin/sh -e
-
-case $1 in
- apache)
- /usr/bin/rsync --delete /var/domtool/vhosts/* /etc/apache2/
- echo "I would reload Apache now."
-# /etc/init.d/apache2 reload
- ;;
- bind)
- /usr/bin/rsync --delete /var/domtool/zones/* /etc/bind/zones/
- /bin/cp /var/domtool/named.conf.local /etc/bind/
- echo "I would reload Bind now."
-# /etc/init.d/bind9 reload
- ;;
- exim)
- /bin/cp /var/domtool/aliases /etc/
- /bin/cp /var/domtool/aliases.default /etc/
- /bin/cp /var/domtool/local_domains.cfg /etc/exim4/
- echo "I would reload Exim now."
-# /etc/init.d/exim4 reload
- ;;
- mailman)
- /bin/cp /var/domtool/mailman.map /etc/mailman
- echo "I would reload Mailman now."
-# /etc/init.d/mailman reload
- ;;
- *)
- echo "Usage: domtool-publish [apache|bind|exim|mailman]"
- ;;
-esac
+#!/bin/sh -e
+
+# grab tokens in case they were dropped by sudo
+if [ -x "$(which aklog)" ]; then
+ # ignore exit code, may fail on older versions
+ aklog || true
+fi
+
+redo_exim() {
+ # FIXME: we're ignoring status of the touch command because we
+ # had to set mailman_domains.cfg immutable on mail relays not
+ # running mailman due to deficiencies on the domtool mailman
+ # plugin. Needs to be removed when not needed...
+ sudo -u domtool touch /var/domtool/local_domains.cfg /var/domtool/relay_domains.cfg /var/domtool/mailman_domains.cfg || true
+ /bin/echo -n "domainlist local_domains = " >/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/cat /var/domtool/local_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/echo -n "domainlist relay_to_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/cat /var/domtool/relay_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/echo -n "domainlist mm_domains = " >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/cat /var/domtool/mailman_domains.cfg >>/etc/exim4/conf.d/main/10_domtool-domains
+ /bin/echo "" >>/etc/exim4/conf.d/main/10_domtool-domains
+ service exim4 reload
+}
+
+case $1 in
+ apache)
+ /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
+ service apache2 reload
+ ;;
+ apache-down)
+ service apache2 stop
+ ;;
+ apache-undown)
+ /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache2/vhosts/
+ service apache2 start
+ ;;
+ apache1.3)
+ /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
+ service apache reload
+ ;;
+ apache1.3-down)
+ service apache stop
+ ;;
+ apache1.3-undown)
+ /usr/bin/rsync -r --delete /var/domtool/vhosts/ /etc/apache/vhosts/
+ service apache start
+ ;;
+ bind)
+ /usr/bin/rsync -r --delete /var/domtool/zones/ /etc/bind/zones/
+ /bin/chown -R bind /etc/bind/zones
+ /bin/cp /var/domtool/named.conf.local /etc/bind/
+ /bin/chown root:bind /etc/bind/named.conf.local
+ /bin/chmod 644 /etc/bind/named.conf.local
+ service bind9 restart
+ ;;
+ exim)
+ sudo -u domtool touch /var/domtool/aliases /var/domtool/aliases.default
+ /bin/cp /var/domtool/aliases /etc/aliases.hosted
+ /bin/cp /var/domtool/aliases.default /etc/aliases.wildcard
+ redo_exim
+ ;;
+ mailman)
+ /bin/echo "HCOOP_VHOSTS = {" >/etc/mailman/vhosts_cfg.py
+ /bin/cat /var/domtool/mailman.map >>/etc/mailman/vhosts_cfg.py
+ /bin/echo "}" >>/etc/mailman/vhosts_cfg.py
+ service mailman reload
+ redo_exim
+ ;;
+ courier)
+ VMAILDB=`domtool-config -path vmaildb`
+ if [ -z "$VMAILDB" ]; then
+ echo "domtool-config not found, not syncing courier vmail userdb"
+ exit 1
+ fi
+ /usr/bin/rsync -r --delete ${VMAILDB}/ /etc/courier/userdb
+ /usr/sbin/makeuserdb
+ /bin/chown -R domtool:nogroup /etc/courier/userdb
+ /bin/cat /etc/courier/userdb/* >/etc/courier/exim
+ /bin/chmod o-r /etc/courier/exim
+ /usr/sbin/exim_dbmbuild /etc/courier/exim /etc/courier/exim.dat
+ /bin/chgrp mail /etc/courier/exim.dat
+ /bin/chmod o-r /etc/courier/exim.dat
+ ;;
+ spamassassin)
+ SHAREDROOT=`domtool-config -path shared-root`
+ /usr/bin/rsync -r --delete ${SHAREDROOT}/email/spamassassin/addrs/ /etc/spamassassin/addrs
+ ;;
+ smtplog)
+ /bin/grep $2 /var/log/exim4/mainlog
+ ;;
+ apache-fixperms)
+ /bin/chown -R domtool:nogroup /var/log/apache2/user
+ ;;
+ apache1.3-fixperms)
+ /bin/chown -R domtool:nogroup /var/log/apache/user
+ ;;
+ users)
+ /bin/cp /var/domtool/waklog.conf /etc/apache2/
+ service apache2 reload
+ ;;
+ firewall)
+ # Ideally this would check if the config worked first
+ # (ferm failing just uses the previous config at
+ # least). Does it need to chown/chmod the generated
+ # rules?
+ /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
+ service ferm reload
+ ;;
+ firewallpuppet)
+ # new firewall publishing method that integrates with puppet (sort of)
+ /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
+ if [ ! -d /etc/puppetlabs ]; then
+ # legacy node
+ service ferm reload
+ exit
+ fi
+ if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
+ for chain in FERM-INPUT FERM-OUTPUT; do
+ /sbin/iptables -F $chain
+ /sbin/ip6tables -F $chain
+
+ /usr/sbin/ferm --domain ip --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush
+ /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush
+ done
+ else
+ echo "firewall: ferm failed, aborting regeneration."
+ fi
+ ;;
+ *)
+ echo "Usage: domtool-publish [apache|bind|courier|exim|mailman|smtplog STRING|users|firewall]"
+ ;;
+esac