This page aggregates together stuff having to do with Joey from elsewhere on the net. posts

Different power failures in the UK keep setting my work back this week. Just lost 5 days of trying to build ghc on arm.

Particularly "special" because I'm not in the UK, nor on the grid for that matter.

Posted posts

Doing a from-scratch rebuild of my mail server this evening. These 90 lines of haskell code set everything up.

A little OTT perhaps, but I think I understand my setup better now, and can find it all in one place when I need to refresh. Also, I'll never forget to run postmap or newaliases when changing a file, since that's automated too.

Also, I'll probably refactor this initial code dump into something less horrrible later.

kiteMailServer :: Property
kiteMailServer = propertyList " mail server"
    [ Postfix.installed
    , Apt.installed ["postfix-pcre"]
    , Apt.serviceInstalledRunning "postgrey"

    , Apt.serviceInstalledRunning "spamassassin"
    , "/etc/default/spamassassin" `File.containsLines`
        [ "ENABLED=1"
        , "OPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\""
        , "CRON=1"
        , "NICE=\"--nicelevel 15\""
        ] `onChange` Service.restarted "spamassassin"
        `describe` "spamd enabled"

    , Apt.serviceInstalledRunning "spamass-milter"
    -- Add -m to prevent modifying messages Subject or body.
    , "/etc/default/spamass-milter" `File.containsLine`
        "OPTIONS=\"-m -u spamass-milter -i\""
        `onChange` Service.restarted "spamass-milter"
        `describe` "spamass-milter configured"

    , Apt.installed ["maildrop"]
    , "/etc/maildroprc" `File.hasContent`
        [ "# Global maildrop filter file (deployed with propellor)"
        , "DEFAULT=\"$HOME/Maildir\""
        , "MAILBOX=\"$DEFAULT/.\""
        , "# Filter spam to a spam folder, unless .keepspam exists"
        , "if (/^X-Spam-Status: Yes/)"
        , "{"
        , "  `test -e \"$HOME/.keepspam\"`"
        , "  if ( $RETURNCODE != 0 )"
        , "  to ${MAILBOX}spam"
        , "}"
        `describe` "maildrop configured"

    , "/etc/aliases" `File.hasPrivContentExposed` ctx
        `onChange` cmdProperty "newaliases" ["newaliases"]
    , hasJoeyCAChain
    , "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
    , "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx

    , "/etc/postfix/mydomain" `File.containsLines`
        [ "/.*\\.kitenet\\.net/\tOK"
        , "/ikiwiki\\.info/\tOK"
        , "/joeyh\\.name/\tOK"
        `onChange` Service.restarted "postfix"
        `describe` "postfix mydomain file configured"
    , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine`
        "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE"
        `onChange` Service.restarted "postfix"
        `describe` "postfix obscure_client_relay file configured"
    , Postfix.mappedFile "/etc/postfix/virtual"
        (flip File.containsLines
            [ "# * to joey"
            , "\tjoey"
        ) `describe` "postfix virtual file configured"
    , Postfix.mappedFile "/etc/postfix/relay_clientcerts" $
        flip File.hasPrivContentExposed ctx
    , Postfix.mainCf `File.containsLines`
        [ "myhostname ="
        , "mydomain = $myhostname"
        , "append_dot_mydomain = no"
        , "myorigin ="
        , "mydestination = $myhostname, localhost.$mydomain, $mydomain, kite.$mydomain., localhost, regexp:$config_directory/mydomain"
        , "mailbox_command = maildrop"
        , "virtual_alias_maps = hash:/etc/postfix/virtual"

        , "# Allow clients with trusted certs to relay mail through."
        , "relay_clientcerts = hash:/etc/postfix/relay_clientcerts"
        , "smtpd_relay_restrictions = permit_mynetworks,permit_tls_clientcerts,permit_sasl_authenticated,reject_unauth_destination"

        , "# Filter out client relay lines from headers."
        , "header_checks = pcre:$config_directory/obscure_client_relay.pcre"

        , "# Enable postgrey."
        , "smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,check_policy_service inet:"

        , "# Enable spamass-milter."
        , "smtpd_milters = unix:/spamass/spamass.sock"
        , "milter_connect_macros = j {daemon_name} v {if_name} _"

        , "# TLS setup -- server"
        , "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
        , "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem"
        , "smtpd_tls_key_file = /etc/ssl/private/postfix.pem"
        , "smtpd_tls_loglevel = 1"
        , "smtpd_tls_received_header = yes"
        , "smtpd_use_tls = yes"
        , "smtpd_tls_ask_ccert = yes"
        , "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache"

        , "# TLS setup -- client"
        , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
        , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
        , "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
        , "smtp_tls_loglevel = 1"
        , "smtp_use_tls = yes"
        , "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache"
        `onChange` Postfix.dedupMainCf
        `onChange` Service.restarted "postfix"
        `describe` "postfix configured"

    , Apt.serviceInstalledRunning "dovecot-imapd"
    , Apt.serviceInstalledRunning "dovecot-pop3d"

    , Apt.serviceInstalledRunning "cron"
    , Apt.installed ["bsd-mailx"]
    ctx = Context ""
Posted posts

Fuming at the horribleness of If you ever find yourself reading an obit of anyone you care about, you should save as pdf.

Posted posts

Look on the bright side: You're no longer in LAX.

(Also, the XKCD archive bot appears to be stalking you.)

Posted posts
perfectly simple burgers

No condiments needed, except for juice of excellent tomato, and the liquid that collects in flame roasted mushrooms.

Kind of burger you need a shower after.

Posted posts
wall o wood

starting to feel almost like real work around here..

Posted posts
Ocracoke dune camping

Rescued after laptop death using the excellent photorec.

BTW Sazius, I had to restart pumpa before it could upload this. Network or authorization error [1/8] <>

Posted posts
Does it store the bugs in a git repository for easy cloning/backup/forking?

There's an opportunity here to be much better than github *and* move the dial toward a distributed bug tracking model.
Posted posts
today's summer necessities
  • Staking up and pruning tomato plants
  • Hacking on parts of the Haskell Platform
  • Catching up on eating handfulls of blueberries and blackberries from plants that got away from me.
  • Cold showers
Posted posts

Just saw M-X spook type line including "debian" keyword for 1st time.

After all, it's the parent of "a comsec mechanism advocated by extremists on extremist forums"

Happy independence day!

author: Samuel Butler
name: Joey
average rating: 3.35
book published: 1872
rating: 0
read at:
date added: 2014/06/30
shelves: currently-reading

author: Kim Stanley Robinson
name: Joey
average rating: 3.46
book published: 2013
rating: 0
read at:
date added: 2013/10/31
shelves: currently-reading

The Long War (The Long Earth #2)
The Long War (The Long Earth #2)
author: Terry Pratchett
name: Joey
average rating: 3.52
book published: 2013
rating: 2
read at:
date added: 2013/07/26
shelves: currently-reading, and-a-half-stars

author: China MiƩville
name: Joey
average rating: 3.91
book published: 2012
rating: 0
read at:
date added: 2013/05/18
shelves: currently-reading


List of feeds:

  • music: last checked (0 posts)
  • posts: Can't connect to (certificate verify failed) (883 posts)
  • twitter grep: last checked (1829 posts)
  • books: last checked (29 posts)