From ed3ca4224d4bfe59e77205bfe24aa77352f120d0 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Sat, 20 Jul 2024 23:10:13 +0200 Subject: [PATCH] move the editconf.py file --- management/daily_maintenance.py | 2 +- {tools => management}/editconf.py | 0 setup/additionals.sh | 4 ++-- setup/dkim.sh | 12 ++++++------ setup/dovecot-fts-xapian.sh | 2 +- setup/mail-dovecot.sh | 16 ++++++++-------- setup/mail-postfix.sh | 28 ++++++++++++++-------------- setup/mail-users.sh | 6 +++--- setup/munin.sh | 2 +- setup/nextcloud.sh | 8 ++++---- setup/spamassassin.sh | 12 ++++++------ setup/system.sh | 8 ++++---- setup/web.sh | 18 +++++++++--------- setup/webmail.sh | 2 +- tools/archive_conf_files.sh | 2 +- tools/readable_bash.py | 2 +- 16 files changed, 62 insertions(+), 62 deletions(-) rename {tools => management}/editconf.py (100%) diff --git a/management/daily_maintenance.py b/management/daily_maintenance.py index 5f8a5543a..722d0eca0 100644 --- a/management/daily_maintenance.py +++ b/management/daily_maintenance.py @@ -3,7 +3,7 @@ # Run daily maintenance tasks ######################################################################## -from ..tools.editconf import do_editconf +from editconf import do_editconf from utils import load_settings import logging diff --git a/tools/editconf.py b/management/editconf.py similarity index 100% rename from tools/editconf.py rename to management/editconf.py diff --git a/setup/additionals.sh b/setup/additionals.sh index 07bc00c9c..4fc3149f5 100644 --- a/setup/additionals.sh +++ b/setup/additionals.sh @@ -30,7 +30,7 @@ if [ ! -f /usr/local/bin/mail ]; then fi # Adapt rkhunter configuration -tools/editconf.py /etc/rkhunter.conf \ +management/editconf.py /etc/rkhunter.conf \ UPDATE_MIRRORS=1 \ MIRRORS_MODE=0 \ WEB_CMD='""' \ @@ -42,7 +42,7 @@ if ! grep -Fxq "SCRIPTWHITELIST=/usr/local/bin/mail" /etc/rkhunter.conf > /dev/n echo "SCRIPTWHITELIST=/usr/local/bin/mail" >> /etc/rkhunter.conf fi -tools/editconf.py /etc/default/rkhunter \ +management/editconf.py /etc/default/rkhunter \ CRON_DAILY_RUN='"true"' \ CRON_DB_UPDATE='"true"' \ APT_AUTOGEN='"true"' diff --git a/setup/dkim.sh b/setup/dkim.sh index c66ab482b..e8c8acff7 100755 --- a/setup/dkim.sh +++ b/setup/dkim.sh @@ -28,7 +28,7 @@ echo "127.0.0.1" > /etc/dkim/TrustedHosts touch /etc/dkim/KeyTable touch /etc/dkim/SigningTable -tools/editconf.py /etc/dkimpy-milter/dkimpy-milter.conf -s \ +management/editconf.py /etc/dkimpy-milter/dkimpy-milter.conf -s \ "MacroList=daemon_name|ORIGINATING" \ "MacroListVerify=daemon_name|VERIFYING" \ "Canonicalization=relaxed/simple" \ @@ -85,7 +85,7 @@ fi chown -R dkimpy-milter:dkimpy-milter "$STORAGE_ROOT/mail/dkim" chmod go-rwx "$STORAGE_ROOT/mail/dkim" -tools/editconf.py /etc/opendmarc.conf -s \ +management/editconf.py /etc/opendmarc.conf -s \ "Syslog=true" \ "Socket=inet:8893@[127.0.0.1]" \ "FailureReports=false" @@ -95,7 +95,7 @@ tools/editconf.py /etc/opendmarc.conf -s \ # itself, or because you don't trust the arriving header. This added header is # used by spamassassin to evaluate the mail for spamminess. -tools/editconf.py /etc/opendmarc.conf -s \ +management/editconf.py /etc/opendmarc.conf -s \ "SPFIgnoreResults=true" # SPFSelfValidate causes the filter to perform a fallback SPF check itself @@ -104,13 +104,13 @@ tools/editconf.py /etc/opendmarc.conf -s \ # the SPF check itself when this is set. This added header is used by # spamassassin to evaluate the mail for spamminess. -tools/editconf.py /etc/opendmarc.conf -s \ +management/editconf.py /etc/opendmarc.conf -s \ "SPFSelfValidate=true" # Disables generation of failure reports for sending domains that publish a # "none" policy. -tools/editconf.py /etc/opendmarc.conf -s \ +management/editconf.py /etc/opendmarc.conf -s \ "FailureReportsOnNone=false" # Add DKIMpy and OpenDMARC as milters to postfix, which is how DKIMpy @@ -125,7 +125,7 @@ tools/editconf.py /etc/opendmarc.conf -s \ # The OpenDMARC milter is skipped in the SMTP submission listener by # configuring smtpd_milters there to only list the DKIMpy milter # (see mail-postfix.sh). -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ "smtpd_milters=inet:127.0.0.1:8892 inet:127.0.0.1:8893"\ non_smtpd_milters=\$smtpd_milters \ milter_default_action=accept diff --git a/setup/dovecot-fts-xapian.sh b/setup/dovecot-fts-xapian.sh index fb63ae245..257a02c08 100755 --- a/setup/dovecot-fts-xapian.sh +++ b/setup/dovecot-fts-xapian.sh @@ -23,7 +23,7 @@ apt_install dovecot-fts-xapian # # Break-imap-search makes search work the way users expect, rather than the way # the IMAP specification expects. -tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \ +management/editconf.py /etc/dovecot/conf.d/10-mail.conf \ mail_plugins="fts fts_xapian" \ mail_home="$STORAGE_ROOT/mail/homes/%d/%n" diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index b0686fe1a..d946def0a 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -44,7 +44,7 @@ apt_install \ # See here for discussion: # - https://www.dovecot.org/list/dovecot/2012-August/137569.html # - https://www.dovecot.org/list/dovecot/2011-December/132455.html -tools/editconf.py /etc/dovecot/conf.d/10-master.conf \ +management/editconf.py /etc/dovecot/conf.d/10-master.conf \ default_process_limit="$(($(nproc) * 250))" \ default_vsz_limit="$(($(free -tm | tail -1 | awk '{print $2}') / 3))M" \ log_path=/var/log/mail.log @@ -54,13 +54,13 @@ tools/editconf.py /etc/dovecot/conf.d/10-master.conf \ # See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html. # A reboot is required for this to take effect (which we don't do as # as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`. -tools/editconf.py /etc/sysctl.conf \ +management/editconf.py /etc/sysctl.conf \ fs.inotify.max_user_instances=1024 # Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the # username part of the user's email address. We'll ensure that no bad domains or email addresses # are created within the management daemon. -tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \ +management/editconf.py /etc/dovecot/conf.d/10-mail.conf \ mail_location="maildir:$STORAGE_ROOT/mail/mailboxes/%d/%n" \ mail_privileged_group=mail \ first_valid_uid=0 @@ -73,14 +73,14 @@ cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf # Require that passwords are sent over SSL only, and allow the usual IMAP authentication mechanisms. # The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess # since we're using Dovecot to handle SMTP authentication?). -tools/editconf.py /etc/dovecot/conf.d/10-auth.conf \ +management/editconf.py /etc/dovecot/conf.d/10-auth.conf \ disable_plaintext_auth=yes \ "auth_mechanisms=plain login" # Enable SSL, specify the location of the SSL certificate and private key files. # Use Mozilla's "Intermediate" recommendations at https://ssl-config.mozilla.org/#server=dovecot&server-version=2.3.7.2&config=intermediate&openssl-version=1.1.1, # except that the current version of Dovecot does not have a TLSv1.3 setting, so we only use TLSv1.2. -tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ +management/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ ssl=required \ "ssl_cert=<$STORAGE_ROOT/ssl/ssl_certificate.pem" \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ @@ -102,14 +102,14 @@ sed -i "s/#port = 110/port = 0/" /etc/dovecot/conf.d/10-master.conf # The risk is that if the connection is silent for too long it might be reset # by a peer. See [#129](https://github.com/mail-in-a-box/mailinabox/issues/129) # and [How bad is IMAP IDLE](http://razor.occams.info/blog/2014/08/09/how-bad-is-imap-idle/). -tools/editconf.py /etc/dovecot/conf.d/20-imap.conf \ +management/editconf.py /etc/dovecot/conf.d/20-imap.conf \ imap_idle_notify_interval="4 mins" # Set POP3 UIDL. # UIDLs are used by POP3 clients to keep track of what messages they've downloaded. # For new POP3 servers, the easiest way to set up UIDLs is to use IMAP's UIDVALIDITY # and UID values, the default in Dovecot. -tools/editconf.py /etc/dovecot/conf.d/20-pop3.conf \ +management/editconf.py /etc/dovecot/conf.d/20-pop3.conf \ pop3_uidl_format="%08Xu%08Xv" # ### LDA (LMTP) @@ -150,7 +150,7 @@ EOF # Setting a `postmaster_address` is required or LMTP won't start. An alias # will be created automatically by our management daemon. -tools/editconf.py /etc/dovecot/conf.d/15-lda.conf \ +management/editconf.py /etc/dovecot/conf.d/15-lda.conf \ "postmaster_address=postmaster@$PRIMARY_HOSTNAME" # ### Sieve diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index dc80e30e5..cd8032379 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -53,7 +53,7 @@ apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates # * Set our name (the Debian default seems to be "localhost" but make it our hostname). # * Set the name of the local machine to localhost, which means xxx@localhost is delivered locally, although we don't use it. # * Set the SMTP banner (which must have the hostname first, then anything). -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ inet_interfaces=all \ smtp_bind_address="$PRIVATE_IP" \ smtp_bind_address6="$PRIVATE_IPV6" \ @@ -64,7 +64,7 @@ tools/editconf.py /etc/postfix/main.cf \ # Tweak some queue settings: # * Inform users when their e-mail delivery is delayed more than 3 hours (default is not to warn). # * Stop trying to send an undeliverable e-mail after 2 days (instead of 5), and for bounce messages just try for 1 day. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ delay_warning_time=3h \ maximal_queue_lifetime=2d \ bounce_queue_lifetime=1d @@ -75,11 +75,11 @@ tools/editconf.py /etc/postfix/main.cf \ # unnecessary in Postfix 3.9+ where this is the default. The "short-term" workarounds # that we previously had are reverted to postfix defaults (though smtpd_discard_ehlo_keywords # was never included in a released version of Mail-in-a-Box). -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_forbid_bare_newline=normalize # Hardening: disable the VERIFY command -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ disable_vrfy_command=yes # ### Outgoing Mail @@ -99,7 +99,7 @@ tools/editconf.py /etc/postfix/main.cf \ # that filters out privacy-sensitive headers on mail being sent out by # authenticated users. By default Postfix also applies this to attached # emails but we turn this off by setting nested_header_checks empty. -tools/editconf.py /etc/postfix/master.cf -s -w \ +management/editconf.py /etc/postfix/master.cf -s -w \ "smtps=inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes @@ -137,7 +137,7 @@ sed -i "s/PUBLIC_IP/$PUBLIC_IP/" /etc/postfix/outgoing_mail_header_filters # the world are very far behind and if we disable too much, they may not be able to use TLS and # won't fall back to cleartext. So we don't disable too much. smtpd_tls_exclude_ciphers applies to # both port 25 and port 587, but because we override the cipher list for both, it probably isn't used. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_tls_security_level=may\ smtpd_tls_auth_only=yes \ smtpd_tls_cert_file="$STORAGE_ROOT/ssl/ssl_certificate.pem" \ @@ -150,7 +150,7 @@ tools/editconf.py /etc/postfix/main.cf \ smtpd_tls_received_header=yes # For ports 465/587 (via the 'mandatory' settings): -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_tls_mandatory_protocols=">=TLSv1.2" \ smtpd_tls_mandatory_ciphers=high \ smtpd_tls_mandatory_exclude_ciphers="aNULL CAMELLIA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA" @@ -172,7 +172,7 @@ postmap /etc/postfix/block_root_external # * `reject_unauth_destination`: No one else. (Permits mail whose destination is local and rejects other mail.) # * `block_root_external`: Block mail addressed at root@PRIMARY_HOSTNAME. Root mail is only to receive mails locally send to root. # permit_mynetworks will allow delivery of mail for root originating locally. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,hash:/etc/postfix/block_root_external # ### DANE @@ -199,7 +199,7 @@ tools/editconf.py /etc/postfix/main.cf \ # which we don't care about seeing because Postfix is doing opportunistic TLS anyway. Better to encrypt, # even if we don't know if it's to the right party, than to not encrypt at all. Instead we'll # now see notices about trusted certs. The CA file is provided by the package `ca-certificates`. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtp_tls_protocols=">=TLSv1.2" \ smtp_tls_ciphers=high \ smtp_tls_exclude_ciphers="aNULL CAMELLIA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA" \ @@ -219,11 +219,11 @@ tools/editconf.py /etc/postfix/main.cf \ # # In a basic setup we would pass mail directly to Dovecot by setting # virtual_transport to `lmtp:unix:private/dovecot-lmtp`. -tools/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" +management/editconf.py /etc/postfix/main.cf "virtual_transport=lmtp:[127.0.0.1]:10025" # Clear the lmtp_destination_recipient_limit setting which in previous # versions of Mail-in-a-Box was set to 1 because of a spampd bug. # See https://github.com/mail-in-a-box/mailinabox/issues/1523. -tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit= +management/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit= # Who can send mail to us? Some basic filters. @@ -247,7 +247,7 @@ tools/editconf.py /etc/postfix/main.cf -e lmtp_destination_recipient_limit= # so these IPs get mail delivered quickly. But when an IP is not listed in the permit_dnswl_client list (i.e. it is not #NODOC # whitelisted) then postfix does a DEFER_IF_REJECT, which results in all "unknown user" sorts of messages turning into #NODOC # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]" \ smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,check_sender_access hash:/etc/postfix/sender_access,check_recipient_access hash:/etc/postfix/recipient_access,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99],reject_rhsbl_helo dbl.spamhaus.org=127.0.1.[2..99],reject_rhsbl_reverse_client dbl.spamhaus.org=127.0.1.[2..99],warn_if_reject reject_rbl_client zen.spamhaus.org=127.255.255.[1..255],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023" @@ -273,7 +273,7 @@ postmap /etc/postfix/recipient_access # symlink without spaces that can point to a folder with spaces). We'll just assume # $STORAGE_ROOT won't have spaces to simplify things. # Postgrey removes entries after 365 days of not being used. -tools/editconf.py /etc/default/postgrey \ +management/editconf.py /etc/default/postgrey \ POSTGREY_OPTS=\""--inet=127.0.0.1:10023 --delay=150 --max-age=365 --dbdir=$STORAGE_ROOT/mail/postgrey/db"\" # If the $STORAGE_ROOT/mail/postgrey is empty, copy the postgrey database over from the old location @@ -317,7 +317,7 @@ chmod +x /etc/cron.daily/mailinabox-postgrey-whitelist # Increase the message size limit from 10MB to 128MB. # The same limit is specified in nginx.conf for mail submitted via webmail and Z-Push. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ message_size_limit=134217728 # Allow the two SMTP ports in the firewall. diff --git a/setup/mail-users.sh b/setup/mail-users.sh index d4b4584e5..26afaaa42 100755 --- a/setup/mail-users.sh +++ b/setup/mail-users.sh @@ -72,7 +72,7 @@ EOF # does not run DKIM on relayed mail, so outbound mail isn't # correct, see #830), but we enable it specifically for the # submission port. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_sasl_type=dovecot \ smtpd_sasl_path=private/auth \ smtpd_sasl_auth_enable=no @@ -85,7 +85,7 @@ tools/editconf.py /etc/postfix/main.cf \ # address (aka envelope or return path address) must be "owned" by the user # who authenticated. An SQL query will find who are the owners of any given # address. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtpd_sender_login_maps=sqlite:/etc/postfix/sender-login-maps.cf # Postfix will query the exact address first, where the priority will be alias @@ -105,7 +105,7 @@ EOF # SMTPUTF8 because Dovecot's LMTP server that delivers mail to inboxes does # not support it, and if a message is received with the SMTPUTF8 flag it will # bounce. -tools/editconf.py /etc/postfix/main.cf \ +management/editconf.py /etc/postfix/main.cf \ smtputf8_enable=no \ virtual_mailbox_domains=sqlite:/etc/postfix/virtual-mailbox-domains.cf \ virtual_mailbox_maps=sqlite:/etc/postfix/virtual-mailbox-maps.cf \ diff --git a/setup/munin.sh b/setup/munin.sh index 438b6402a..c22079102 100755 --- a/setup/munin.sh +++ b/setup/munin.sh @@ -43,7 +43,7 @@ chown munin /var/log/munin/munin-cgi-graph.log # ensure munin-node knows the name of this machine # and reduce logging level to warning -tools/editconf.py /etc/munin/munin-node.conf -s \ +management/editconf.py /etc/munin/munin-node.conf -s \ host_name="$PRIMARY_HOSTNAME" \ log_level=1 diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 75c8c08ca..7a5901fdc 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -73,7 +73,7 @@ apt_install curl php php-fpm \ PHP_VER=$(php_version) # Enable APC before Nextcloud tools are run. -tools/editconf.py /etc/php/$PHP_VER/mods-available/apcu.ini -c ';' \ +management/editconf.py /etc/php/$PHP_VER/mods-available/apcu.ini -c ';' \ apc.enabled=1 \ apc.enable_cli=1 @@ -243,7 +243,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc PHP_VER=$(php_version) - tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \ + management/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \ apc.enabled=1 \ apc.enable_cli=1 @@ -462,7 +462,7 @@ sudo -u www-data php /usr/local/lib/owncloud/occ app:update --all # Set PHP FPM values to support large file uploads # (semicolon is the comment character in this file, hashes produce deprecation warnings) -tools/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ +management/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ upload_max_filesize=16G \ post_max_size=16G \ output_buffering=16384 \ @@ -471,7 +471,7 @@ tools/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ short_open_tag=On # Set Nextcloud recommended opcache settings -tools/editconf.py /etc/php/"$PHP_VER"/cli/conf.d/10-opcache.ini -c ';' \ +management/editconf.py /etc/php/"$PHP_VER"/cli/conf.d/10-opcache.ini -c ';' \ opcache.enable=1 \ opcache.enable_cli=1 \ opcache.interned_strings_buffer=8 \ diff --git a/setup/spamassassin.sh b/setup/spamassassin.sh index 5d9c188f3..28cfc62fd 100755 --- a/setup/spamassassin.sh +++ b/setup/spamassassin.sh @@ -23,7 +23,7 @@ echo "Installing SpamAssassin..." apt_install spampd razor pyzor dovecot-antispam libmail-dkim-perl # Allow spamassassin to download new rules. -tools/editconf.py /etc/default/spamassassin \ +management/editconf.py /etc/default/spamassassin \ CRON=1 # Configure pyzor, which is a client to a live database of hashes of @@ -34,7 +34,7 @@ tools/editconf.py /etc/default/spamassassin \ # we can skip 'pyzor discover', both of which are currently broken by # something happening on Sourceforge (#496). rm -rf ~/.pyzor -tools/editconf.py /etc/spamassassin/local.cf -s \ +management/editconf.py /etc/spamassassin/local.cf -s \ pyzor_options="--homedir /etc/spamassassin/pyzor" mkdir -p /etc/spamassassin/pyzor echo "public.pyzor.org:24441" > /etc/spamassassin/pyzor/servers @@ -46,7 +46,7 @@ echo "public.pyzor.org:24441" > /etc/spamassassin/pyzor/servers # * Increase the maximum message size of scanned messages from the default of 64KB to 500KB, which # is Spamassassin (spamc)'s own default. Specified in KBytes. # * Disable localmode so Pyzor, DKIM and DNS checks can be used. -tools/editconf.py /etc/default/spampd \ +management/editconf.py /etc/default/spampd \ DESTPORT=10026 \ ADDOPTS="\"--maxsize=2000\"" \ LOCALONLY=0 @@ -62,7 +62,7 @@ tools/editconf.py /etc/default/spampd \ # # Tell Spamassassin not to modify the original message except for adding # the X-Spam-Status & X-Spam-Score mail headers and related headers. -tools/editconf.py /etc/spamassassin/local.cf -s \ +management/editconf.py /etc/spamassassin/local.cf -s \ report_safe=0 \ "add_header all Report"=_REPORT_ \ "add_header all Score"=_SCORE_ @@ -134,7 +134,7 @@ EOF # Spamassassin will change the access rights back to the defaults, so we must also configure # the filemode in the config file. -tools/editconf.py /etc/spamassassin/local.cf -s \ +management/editconf.py /etc/spamassassin/local.cf -s \ bayes_path="$STORAGE_ROOT/mail/spamassassin/bayes" \ bayes_file_mode=0666 @@ -166,7 +166,7 @@ EOF # Have Dovecot run its mail process with a supplementary group (the spampd group) # so that it can access the learning files. -tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \ +management/editconf.py /etc/dovecot/conf.d/10-mail.conf \ mail_access_groups=spampd # Here's the script that the antispam plugin executes. It spools the message into diff --git a/setup/system.sh b/setup/system.sh index 11f6f71a3..4b35e3fef 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -81,7 +81,7 @@ fi # Set the systemd journal log retention from infinite to 10 days, # since over time the logs take up a large amount of space. # (See https://discourse.mailinabox.email/t/journalctl-reclaim-space-on-small-mailinabox/6728/11.) -tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day +management/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day hide_output systemctl restart systemd-journald.service @@ -153,7 +153,7 @@ apt_install python3 python3-dev python3-pip python3-setuptools \ # When Ubuntu 20 comes out, we don't want users to be prompted to upgrade, # because we don't yet support it. if [ -f /etc/update-manager/release-upgrades ]; then - tools/editconf.py /etc/update-manager/release-upgrades Prompt=never + management/editconf.py /etc/update-manager/release-upgrades Prompt=never rm -f /var/lib/ubuntu-release-upgrader/release-upgrade-available fi @@ -371,7 +371,7 @@ fi # Modify systemd settings rm -f /etc/resolv.conf -tools/editconf.py /etc/systemd/resolved.conf \ +management/editconf.py /etc/systemd/resolved.conf \ DNS=127.0.0.1 \ DNSSEC=yes \ DNSStubListener=no @@ -427,7 +427,7 @@ if [ ! -z "$SSH_PORT" ]; then fi # fail2ban should be able to look back far enough because we increased findtime of recidive jail -tools/editconf.py /etc/fail2ban/fail2ban.conf dbpurgeage=7d +management/editconf.py /etc/fail2ban/fail2ban.conf dbpurgeage=7d # On first installation, the log files that the jails look at don't all exist. # e.g., The roundcube error log isn't normally created until someone logs into diff --git a/setup/web.sh b/setup/web.sh index c1cee1767..4a08a7420 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -43,26 +43,26 @@ sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \ # # Drop TLSv1.0, TLSv1.1, following the Mozilla "Intermediate" recommendations # at https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&openssl-version=1.1.1. -tools/editconf.py /etc/nginx/nginx.conf -s \ +management/editconf.py /etc/nginx/nginx.conf -s \ server_names_hash_bucket_size="128;" \ ssl_protocols="TLSv1.2 TLSv1.3;" # Tell PHP not to expose its version number in the X-Powered-By header. -tools/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ +management/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ expose_php=Off # Set PHPs default charset to UTF-8, since we use it. See #367. -tools/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ +management/editconf.py /etc/php/"$PHP_VER"/fpm/php.ini -c ';' \ default_charset="UTF-8" # Set higher timeout since fts searches with Roundcube may take longer # than the default 60 seconds. We will also match Roundcube's timeout to the # same value -tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ +management/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ default_socket_timeout=180 # Configure the path environment for php-fpm -tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ +management/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ env[PATH]=/usr/local/bin:/usr/bin:/bin \ # Configure php-fpm based on the amount of memory the machine has @@ -72,7 +72,7 @@ tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) if [ "$TOTAL_PHYSICAL_MEM" -lt 1000000 ] then - tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ + management/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=8 \ pm.start_servers=2 \ @@ -80,7 +80,7 @@ then pm.max_spare_servers=3 elif [ "$TOTAL_PHYSICAL_MEM" -lt 2000000 ] then - tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ + management/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ pm=ondemand \ pm.max_children=16 \ pm.start_servers=4 \ @@ -88,14 +88,14 @@ then pm.max_spare_servers=6 elif [ "$TOTAL_PHYSICAL_MEM" -lt 3000000 ] then - tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ + management/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=60 \ pm.start_servers=6 \ pm.min_spare_servers=3 \ pm.max_spare_servers=9 else - tools/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ + management/editconf.py /etc/php/"$PHP_VER"/fpm/pool.d/www.conf -c ';' \ pm=dynamic \ pm.max_children=120 \ pm.start_servers=12 \ diff --git a/setup/webmail.sh b/setup/webmail.sh index be75e0b56..58ef5f222 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -191,7 +191,7 @@ sudo -u www-data touch /var/log/roundcubemail/errors.log cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \ ${RCM_PLUGIN_DIR}/password/config.inc.php -tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \ +management/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \ "\$config['password_minimum_length']=8;" \ "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ "\$config['password_query']='UPDATE users SET password=%P WHERE email=%u';" \ diff --git a/tools/archive_conf_files.sh b/tools/archive_conf_files.sh index d2ec2c9a6..b1a5acb78 100755 --- a/tools/archive_conf_files.sh +++ b/tools/archive_conf_files.sh @@ -1,7 +1,7 @@ #!/bin/bash # Use this script to make an archive of the contents of all # of the configuration files we edit with editconf.py. -for fn in $(grep -hr editconf.py setup | sed "s/tools\/editconf.py //" | sed "s/ .*//" | sort | uniq); do +for fn in $(grep -hr editconf.py setup | sed "s/management\/editconf.py //" | sed "s/ .*//" | sort | uniq); do echo ====================================================================== echo "$fn" echo ====================================================================== diff --git a/tools/readable_bash.py b/tools/readable_bash.py index 66f6196c1..6f3a1a416 100755 --- a/tools/readable_bash.py +++ b/tools/readable_bash.py @@ -211,7 +211,7 @@ def value(self): class EditConf(Grammar): grammar = ( - L('tools/editconf.py '), + L('management/editconf.py '), FILENAME, SPACE, OPTIONAL((LIST_OF(