Merge branch 'master' of ateliers.heureux-cyclage.org:lhc/ateliers

Conflicts:
	etc/cron.d/mysql-backup

diff --git a/etc/cron.d/mysql-backup b/etc/cron.d/mysql-backup
index f5642db..4822c59 100644 (file)
--- a/etc/cron.d/mysql-backup
+++ b/etc/cron.d/mysql-backup
@@ -1,3 +1,3 @@
 MAILTO=backup
 # m h dom mon dow user command
-0 3 */24 * * backup bin/mysql-backup '\%' -- --full-if-older-than 90D && bin/duplicity-remove mysql -maxdepth 1 -- remove-all-but-n-full 1 --force
+0 3 * * * backup bin/mysql-backup '\%' -- --full-if-older-than 90D && bin/duplicity-remove mysql -maxdepth 1 -- remove-all-but-n-full 1 --force

diff --git a/etc/nsd3/zone.d/cyclocoop.org.zone.m4 b/etc/nsd3/zone.d/cyclocoop.org.zone.m4
index 58f1018..66acf5d 100644 (file)
--- a/etc/nsd3/zone.d/cyclocoop.org.zone.m4
+++ b/etc/nsd3/zone.d/cyclocoop.org.zone.m4
@@ -13,7 +13,7 @@ define(`EXOLIA_IP4', `91.121.51.125')
 define(`EXOLIA_MX_NAME', `mail.cyclocoop.org.')
 
 * hébergeur : gresille.org
-define(`GRESILLE_IP4', `IP4(VM)')
+define(`GRESILLE_IP4', `IP4(LOCAL)')
 
 divert(0)dnl
 $TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements

diff --git a/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 b/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4
index f52d872..2a22435 100644 (file)
--- a/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4
+++ b/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4
@@ -9,7 +9,7 @@ MAKE_GETTER(`NAME')
 define(`FQDN', `NAME($1).ZONE_DOMAIN')
 
 * hébergeur : gresille.org
-define(`GRESILLE_IP4', `IP4(VM)')
+define(`GRESILLE_IP4', `IP4(LOCAL)')
 
 * hébergeur : kimsufi.com
 define(`KIMSUFI_IP4', `91.121.198.103')
@@ -40,11 +40,13 @@ bicloud             A IP4(KIMSUFI)
 burette             A IP4(KIMSUFI)
 cartes              A IP4(LAUTRENET)
 demo.burette        A IP4(KIMSUFI)
+fanout              A IP4(GRESILLE)
 formations          A IP4(LAUTRENET)
 git                 A IP4(GRESILLE)
 imap                A IP4(GRESILLE)
 mail                A IP4(LAUTRENET)
 mx                  A IP4(GRESILLE)
+notifications       A IP4(GRESILLE)
 ns                  A IP4(GRESILLE)
 questionnaires      A IP4(GRESILLE)
 remorque         60 A IP4(KIMSUFI)

diff --git a/etc/nsd3/zone.d/wiklou.org.zone.m4 b/etc/nsd3/zone.d/wiklou.org.zone.m4
index 4eda00a..d70fffa 100644 (file)
--- a/etc/nsd3/zone.d/wiklou.org.zone.m4
+++ b/etc/nsd3/zone.d/wiklou.org.zone.m4
@@ -9,7 +9,7 @@ MAKE_GETTER(`NAME')
 define(`FQDN', `NAME($1).ZONE_DOMAIN')
 
 * hébergeur : gresille.org
-define(`GRESILLE_IP4', `IP4(VM)')
+define(`GRESILLE_IP4', `IP4(LOCAL)')
 
 * hébergeur : lautre.net
 define(`LAUTRENET_IP4', `80.67.160.70')

diff --git a/etc/postfix/heureux-cyclage.org/transport b/etc/postfix/heureux-cyclage.org/transport
index 4255565..e69de29 100644 (file)
--- a/etc/postfix/heureux-cyclage.org/transport
+++ b/etc/postfix/heureux-cyclage.org/transport
@@ -1 +0,0 @@
-ludovic.chevalier@heureux-cyclage.org smtp:[mx.lautre.net]

diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf
index 6325085..4129e41 100644 (file)
--- a/etc/postfix/main.cf
+++ b/etc/postfix/main.cf
@@ -158,7 +158,7 @@ smtpd_sender_restrictions =
        reject_unauth_pipelining
        reject_non_fqdn_sender
        #reject_unknown_sender_domain
-       permit
+       reject
 smtpd_starttls_timeout = 300s
 #smtpd_tls_always_issue_session_ids = yes
 smtpd_tls_CAfile = /etc/postfix/$mydomain/smtpd/x509/ca/crt.pem
@@ -198,10 +198,12 @@ sympabounce_destination_recipient_limit = 1
        # NOTE: non-blocking
 transport_maps =
        hash:/etc/postfix/$mydomain/transport
+       hash:/etc/postfix/$mydomain/transport-pending-transition-from-lautrenet
        regexp:/etc/sympa/transport
 #virtual_alias_domains =
 virtual_alias_maps =
        hash:/etc/postfix/$mydomain/virtual_alias
+       hash:/etc/postfix/$mydomain/virtual_alias-pending-transition-from-lautrenet
        regexp:/etc/sympa/virtual_alias
        # NOTE: do not specify virtual alias domain names in  the  main.cf
        #       mydestination or relay_domains configuration parameters.

diff --git a/etc/shorewall/macro.d/macro.Fanout b/etc/shorewall/macro.d/macro.Fanout
new file mode 100644 (file)
index 0000000..3b58be3
--- /dev/null
+++ b/etc/shorewall/macro.d/macro.Fanout
@@ -0,0 +1,3 @@
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                               PORT(S) PORT(S) LIMIT   GROUP
+PARAM   -       -       tcp     1986

diff --git a/etc/shorewall/rules b/etc/shorewall/rules
index aaed7e5..f3e0c33 100644 (file)
--- a/etc/shorewall/rules
+++ b/etc/shorewall/rules
@@ -13,6 +13,7 @@ HTTP(ACCEPT)                  net    $FW
 HTTPS(ACCEPT)                 net    $FW
 Limit(IMAPS,5,60):info        net    $FW         tcp   imaps
 IMAPS(ACCEPT)                 net    $FW
+Fanout(ACCEPT)                net    $FW
 Managesieve(ACCEPT)           net    $FW
 Mosh(ACCEPT)                  net    $FW
 Ping(ACCEPT)                  net    $FW

diff --git a/etc/sv/fanout/local.sh b/etc/sv/fanout/local.sh
new file mode 100644 (file)
index 0000000..a825a0a
--- /dev/null
+++ b/etc/sv/fanout/local.sh
@@ -0,0 +1,27 @@
+home=/home/fanout
+cd /
+
+"$tool"/local/adduser "$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 750 -o "$sv" -g "$sv" \
+ "$home"
+sudo install -d -m 750 -o sys -g sys \
+ "$home"/src
+sudo adduser sys "$sv"
+if sudo test -d "$home"/src/.git
+ then
+       sudo -u sys /bin/sh -c "cd $home/src && git pull -v"
+ else
+       sudo -u sys git clone https://github.com/travisghansen/fanout "$home"/src
+ fi
+
+sudo -u sys make -C "$home"/src
+sudo install -o 755 -o root -g root \
+    "$home"/src/fanout \
+ /usr/local/bin/fanout

diff --git a/etc/sv/fanout/log/local.sh b/etc/sv/fanout/log/local.sh
new file mode 100644 (file)
index 0000000..27e5554
--- /dev/null
+++ b/etc/sv/fanout/log/local.sh
@@ -0,0 +1,11 @@
+home=~fanout/log
+"$tool"/local/adduser log-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+sudo install -d -m 750 -o log-"$sv" -g log-"$sv" \
+ "$home"/log
+sudo adduser log-"$sv" "$sv"

diff --git a/etc/sv/fanout/log/run b/etc/sv/fanout/log/run
new file mode 100644 (file)
index 0000000..4382b39
--- /dev/null
+++ b/etc/sv/fanout/log/run
@@ -0,0 +1,8 @@
+#!/bin/sh -eux
+sv=${PWD%/log}
+sv=${sv#/etc/sv/}
+eval home="~log-$sv"
+
+cd "$home"
+exec chpst -u log-"$sv":log-"$sv" \
+       svlogd -v -tt "$home"

diff --git a/etc/sv/fanout/run b/etc/sv/fanout/run
new file mode 100755 (executable)
index 0000000..bf65d66
--- /dev/null
+++ b/etc/sv/fanout/run
@@ -0,0 +1,10 @@
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+eval "home=~$sv"
+
+exec /usr/bin/chpst \
+ -u "$sv":"$sv" \
+ /usr/local/bin/fanout \
+ --debug-level=INFO \
+ --port=1986

diff --git a/etc/sv/postfix/local.sh b/etc/sv/postfix/local.sh
index 2c64f52..ec6ba0b 100644 (file)
--- a/etc/sv/postfix/local.sh
+++ b/etc/sv/postfix/local.sh
@@ -81,10 +81,14 @@ sudo install -m 640 -o root -g root \
  "$tool"/etc/postfix/$local_domainname/transport \
         /etc/postfix/$local_domainname/transport
 sudo postmap hash:/etc/postfix/$local_domainname/transport
+sudo postmap hash:/etc/postfix/$local_domainname/transport-pending-transition-from-lautrenet
+       # TODO: supprimer ce transport à la migration des MX de lautre.net à ici.
 sudo install -m 640 -o root -g root \
  "$tool"/etc/postfix/$local_domainname/virtual_alias \
         /etc/postfix/$local_domainname/virtual_alias
 sudo postmap hash:/etc/postfix/$local_domainname/virtual_alias
+sudo postmap hash:/etc/postfix/$local_domainname/virtual_alias-pending-transition-from-lautrenet
+       # TODO: supprimer ce virtual_alias à la migration des MX de lautre.net à ici.
 sudo install -d -m 770 -o root -g root \
  /etc/skel/etc/mail \
  /etc/skel/var/cache/mail \