Add m-labs-intl.com domain to mailserver and hooks subdomain #39

Closed
esavkin wants to merge 2 commits from 134-intl-com into master
Owner

Also needs setting up aliases or new accounts on new domain.

Also needs setting up aliases or new accounts on new domain.
Owner

How many times did I tell you that PRs need to be separated by topic?
Obviously, configuration of the VPS does NOT belong in a PR titled "Add m-labs-intl.com domain to mailserver".

I'm growing tired of your lazy/careless approach.

How many times did I tell you that PRs need to be separated by topic? Obviously, configuration of the VPS does NOT belong in a PR titled "Add m-labs-intl.com domain to mailserver". I'm growing tired of your lazy/careless approach.
sb10q reviewed 2024-06-08 11:44:17 +08:00
@ -0,0 +4,4 @@
git fetch origin
git reset --hard origin/master
DOMAINNAME=m-labs-intl.com ./zola build -o /var/www/m-labs-intl.com/html/ --force
Owner

The plan is to build the website on Hydra and upload it from there. It's briefly mentioned in the original issue (M-Labs/web2019#134) and I reminded you of it at least twice and explained it at length. Are you paying attention?

The plan is to build the website on Hydra and upload it from there. It's briefly mentioned in the original issue (https://git.m-labs.hk/M-Labs/web2019/issues/134) and I reminded you of it at least twice and explained it at length. Are you paying attention?
sb10q reviewed 2024-06-08 11:44:33 +08:00
sb10q reviewed 2024-06-08 11:46:37 +08:00
@ -0,0 +30,4 @@
cd /home/zolaupd;
git clone https://git.m-labs.hk/M-Labs/web2019.git;
cd web2019;
wget https://github.com/getzola/zola/releases/download/v0.18.0/zola-v0.18.0-x86_64-unknown-linux-gnu.tar.gz;
Owner

None of this unmaintainable and undebuggable mess is necessary if you paid attention to what I kept repeating.

None of this unmaintainable and undebuggable mess is necessary if you paid attention to what I kept repeating.
Owner

Those are very restrictive permissions for content that goes into a public repos.

Those are very restrictive permissions for content that goes into a public repos.
sb10q reviewed 2024-06-08 11:49:14 +08:00
@ -0,0 +49,4 @@
cp zolaupd /etc/cron.d/
systemctl enable cron
service cron reload
Owner

Is that for certbot or for your crappy code? If it's the latter then remove.

Is that for certbot or for your crappy code? If it's the latter then remove.
sb10q marked this conversation as resolved
sb10q reviewed 2024-06-08 11:49:44 +08:00
@ -0,0 +3,4 @@
apt install git nginx-full python3 python3.12-venv python3-pip
snap install --classic certbot
Owner

And this isn't installed with apt because?

And this isn't installed with apt because?
Author
Owner

Because it is not recommended by certbot devs, especially for LTS systems: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal.

Because it is not recommended by certbot devs, especially for LTS systems: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal.
Owner

Yet another problem and hack that would not exist if you had used the systems I had recommended.

Yet another problem and hack that would not exist if you had used the systems I had recommended.
sb10q reviewed 2024-06-08 11:50:37 +08:00
@ -0,0 +57,4 @@
service nginx restart
certbot --nginx
Owner

How is certificate auto-renewal handled?

How is certificate auto-renewal handled?
Author
Owner

It automatically creates a cron job, that tests if certificate is about to expire time to time, and then updates if needed.

It automatically creates a cron job, that tests if certificate is about to expire time to time, and then updates if needed.
Owner

Cron job or systemd timers?
Why would we need both cron and systemd?

Cron job or systemd timers? Why would we need both cron and systemd?
Author
Owner

Cron job. The systemd is used for starting the rfq server.

Cron job. The systemd is used for starting the rfq server.
Owner

You did not answer the second question.

You did not answer the second question.
esavkin force-pushed 134-intl-com from f9a065ea27 to 28f07245c6 2024-06-13 15:02:52 +08:00 Compare
sb10q reviewed 2024-06-14 19:11:52 +08:00
@ -0,0 +87,4 @@
server mail.m-labs.hk:993;
}
upstream pop3s_backend {
Owner

What is this for? Do you know how email works?

What is this for? Do you know how email works?
sb10q reviewed 2024-06-14 19:16:13 +08:00
@ -1155,3 +1155,3 @@
localDnsResolver = false; # conflicts with dnsmasq
fqdn = "mail.m-labs.hk";
domains = [ "m-labs.hk" "m-labs.ph" "193thz.com" "malloctech.fr" ];
domains = [ "m-labs.hk" "m-labs.ph" "193thz.com" "malloctech.fr" "m-labs-intl.com" ];
Owner

When will you clean up that PR?

When will you clean up that PR?
sb10q reviewed 2024-06-14 19:16:31 +08:00
@ -0,0 +13,4 @@
mkdir -p /var/www/m-labs-intl.com/html
chown -R zolaupd /var/www/m-labs-intl.com/
cp redeploy.sh /home/zolaupd/
Owner

Where is that file from?

Where is that file from?
Owner

Why do you keep ignoring my requests to break down PRs by function?

Why do you keep ignoring my requests to break down PRs by function?
esavkin force-pushed 134-intl-com from 2a4830ec55 to e5e02c010e 2024-06-19 15:38:49 +08:00 Compare
esavkin force-pushed 134-intl-com from e5e02c010e to 04dc9074e9 2024-06-20 17:40:44 +08:00 Compare
esavkin changed title from Add m-labs-intl.com domain to mailserver to Add m-labs-intl.com domain to mailserver and hooks subdomain 2024-06-20 17:45:49 +08:00
esavkin force-pushed 134-intl-com from 04dc9074e9 to 79af7c9cbd 2024-07-08 11:47:37 +08:00 Compare
sb10q reviewed 2024-07-18 12:01:28 +08:00
@ -17,0 +18,4 @@
mail A 5.78.86.156
mail AAAA 2a01:4ff:1f0:83de::1
mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB"
Owner

Where is the DKIM private key ?

Where is the DKIM private key ?
Author
Owner

It's a copy from m-labs.hk, because the m-labs-intl is just a reverse proxy for email.

It's a copy from `m-labs.hk`, because the m-labs-intl is just a reverse proxy for email.
Owner
https://nixos-mailserver.readthedocs.io/en/latest/setup-guide.html There is one DKIM key per domain.
sb10q reviewed 2024-07-18 12:02:48 +08:00
@ -17,0 +19,4 @@
mail A 5.78.86.156
mail AAAA 2a01:4ff:1f0:83de::1
mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl38A/Z0IInVU157qzrWgMfYm2iDHoWZsTyiiOoZdT7kHMzS/M2OMXMt7r5g1/7pCPClsGUDJvKGqVMmjJuPleMyKHwpGeT92qDNEFpt6ahneap/oYx5eBYM/vGcgmleNxyIoBHsptaZvqD4vCEFaC22f8UL5QAgQD3wCH3FwlpQIDAQAB"
_dmarc TXT "v=DMARC1; p=none"
Owner

SPF?

SPF?
esavkin added 1 commit 2024-07-26 17:46:58 +08:00
esavkin force-pushed 134-intl-com from 320a7535a3 to 5a3be3e3b4 2024-07-29 11:44:48 +08:00 Compare
sb10q reviewed 2024-08-14 10:56:27 +08:00
@ -15,2 +15,4 @@
AAAA 2a01:4ff:1f0:83de::1
MX 10 mail.m-labs-intl.com.
TXT "v=spf1 mx a:router.alt.m-labs.hk a:mail.m-labs.hk -all"
Owner

As I said before, we need to proxy the outgoing emails through the VPS as well. Our mailserver also gets blocked due to its being in Hong Kong. This is not consistent with this SPF entry.

As I said before, we need to proxy the outgoing emails through the VPS as well. Our mailserver also gets blocked due to its being in Hong Kong. This is not consistent with this SPF entry.
Owner

So just mx

So just ``mx``
esavkin force-pushed 134-intl-com from 5a3be3e3b4 to daf9a4d539 2024-08-14 10:59:27 +08:00 Compare
esavkin force-pushed 134-intl-com from daf9a4d539 to b601c12b7d 2024-08-14 11:20:47 +08:00 Compare
Owner

Fixed and merged manually.

Fixed and merged manually.
sb10q closed this pull request 2024-08-14 11:43:07 +08:00

Pull request closed

Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: M-Labs/it-infra#39
No description provided.