now really merge 2204 changes

setup/dkim.sh

@@ -120,9 +120,6 @@ tools/editconf.py /etc/postfix/main.cf \
 # We need to explicitly enable the opendmarc service, or it will not start
 hide_output systemctl enable opendmarc
 
-# There is a fault in the dkim code for Ubuntu 20.04, let's fix it. Not necessary for Ubuntu 21.04 or newer
-sed -i 's/return b""\.join(r\.items\[0\]\.strings)/return b""\.join(list(r\.items)\[0\]\.strings)/' /usr/lib/python3/dist-packages/dkim/dnsplug.py
-
 # Restart services.
 restart_service dkimpy-milter
 restart_service opendmarc

setup/nextcloud.sh

@@ -46,7 +46,7 @@ apt-get purge -qq -y owncloud* # we used to use the package manager
 
 apt_install php php-fpm \
 	php-cli php-sqlite3 php-gd php-imap php-curl php-pear curl \
-	php-dev php-gd php-xml php-mbstring php-zip php-apcu php-json \
+	php-dev php-xml php-mbstring php-zip php-apcu php-json \
 	php-intl php-imagick php-gmp php-bcmath
 
 # Enable apc is required before installing nextcloud
@@ -324,7 +324,7 @@ php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
 <?php
 include("$STORAGE_ROOT/owncloud/config.php");
 
-\$CONFIG['config_is_read_only'] = false; # should prevent warnings from occ tool but doesn't
+\$CONFIG['config_is_read_only'] = true; # should prevent warnings from occ tool but doesn't
 
 \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
 
@@ -346,8 +346,6 @@ echo ";";
 EOF
 chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
 
-# Need to change config if external_user is version 3.0.0 or higher, above works only on new installs
-
 # Enable/disable apps. Note that this must be done after the Nextcloud setup.
 # The firstrunwizard gave Josh all sorts of problems, so disabling that.
 # user_external is what allows Nextcloud to use IMAP for login. The contacts

setup/ssl.sh

@@ -40,6 +40,9 @@ apt_install openssl
 
 mkdir -p $STORAGE_ROOT/ssl
 
+# make directory readable
+chmod 755 $STORAGE_ROOT/ssl
+
 # Generate a new private key.
 #
 # The key is only as good as the entropy available to openssl so that it

setup/system.sh

@@ -251,17 +251,13 @@ EOF
 
 # Adjust apt update and upgrade timers such that they're always before daily status
 # checks and thus never report upgrades unless user intervention is necessary.
-if [ ! -d /etc/systemd/system/apt-daily.timer.d ]; then
-	mkdir /etc/systemd/system/apt-daily.timer.d
-fi
+mkdir -p /etc/systemd/system/apt-daily.timer.d
 cat > /etc/systemd/system/apt-daily.timer.d/override.conf <<EOF;
 [Timer]
 RandomizedDelaySec=5h
 EOF
 
-if [ ! -d /etc/systemd/system/apt-daily-upgrade.timer.d ]; then
-	mkdir /etc/systemd/system/apt-daily-upgrade.timer.d
-fi
+mkdir -p /etc/systemd/system/apt-daily-upgrade.timer.d
 cat > /etc/systemd/system/apt-daily-upgrade.timer.d/override.conf <<EOF;
 [Timer]
 OnCalendar=
@@ -336,15 +332,15 @@ fi #NODOC
 # remove bind9 in case it is still there
 apt-get purge -qq -y bind9 bind9-utils
 
+# Install unbound and dns utils (e.g. dig)
+apt_install unbound python3-unbound bind9-dnsutils
+
 # Configure unbound
 cp -f conf/unbound.conf /etc/unbound/unbound.conf.d/miabunbound.conf
 
-if [ ! -d /etc/unbound/lists.d ]; then
-	mkdir /etc/unbound/lists.d
-fi
+mkdir -p /etc/unbound/lists.d
 
-# Install unbound and dns utils (e.g. dig)
-apt_install unbound python3-unbound bind9-dnsutils
+systemctl restart unbound
 
 unbound-control -q status