Fixed Postfix forwarding over SendGrid

home/.chezmoiscripts/universal/run_before_01-system-homebrew.sh.tmpl

@@ -14,6 +14,29 @@
 {{ includeTemplate "universal/profile-before" }}
 {{ includeTemplate "universal/logg-before" }}
 
+### Configure hostname
+# Source: https://www.tecmint.com/set-hostname-permanently-in-linux/
+if [ -d /Applications ] && [ -d /System ]; then
+  # Source: https://apple.stackexchange.com/questions/287760/set-the-hostname-computer-name-for-macos
+  logg info 'Setting macOS hostname / local hostname / computer name'
+  sudo scutil --set HostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed HostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}'
+  sudo scutil --set LocalHostName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.local' && logg success 'Changed LocalHostName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.local'
+  sudo scutil --set ComputerName '{{ .host.hostname | replace .host.domain "" | replace "." "" }}' && logg success 'Changed ComputerName to {{ .host.hostname | replace .host.domain "" | replace "." "" }}'
+  logg info 'Flushing DNS cache'
+  dscacheutil -flushcache
+elif [ -f /etc/passwd ]; then
+  logg info 'Setting Linux hostname'
+  hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}'
+  if command -v hostnamectl > /dev/null; then
+    logg info 'Ensuring hostname persists after reboot'
+    sudo hostnamectl set-hostname '{{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}' && logg success 'Permanently changed hostname to {{ .host.hostname | replace .host.domain "" | replace "." "" }}.{{ .host.domain }}'
+  else
+    logg warn '`hostnamectl` was not available in the PATH - this operating system type might be unsupported'
+  fi
+else
+  logg warn 'Could not configure hostname because system type was not detectable'
+fi
+
 ### Configure Firewall
 if [ -d /Applications ] && [ -d /System ]; then
   logg info 'Disabling the block all incoming traffic option in the system Firewall settings'

home/.chezmoiscripts/universal/run_onchange_after_05-postfix.sh.tmpl

@@ -1,4 +1,4 @@
-{{- if or (and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) (env "SENDGRID_API_KEY")) -}}
+{{- if or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY"))) (env "SENDGRID_API_KEY")) -}}
 #!/usr/bin/env bash
 # @file SendGrid Postfix Configuration
 # @brief Configures Postfix to use SendGrid as a relay host so you can use the `mail` program to send e-mail from the command-line
@@ -58,6 +58,43 @@ if command -v postfix > /dev/null; then
             sudo chmod 600 /etc/postfix/sasl_passwd
             logg info 'Updating Postfix hashmaps for /etc/postfix/sasl_passwd'
             sudo postmap /etc/postfix/sasl_passwd
+        else
+            logg warn '~/.config/postfix/sasl_passwd file is missing'
+        fi
+
+        ### Forward root e-mails
+        if [ -d /root ]; then
+            logg info 'Forwarding root e-mails to {{ .user.email }}'
+            echo '{{ .user.email }}' | sudo tee /root/.forward > /dev/null || logg error 'Failed to set root user .forward file'
+        elif [ -d /var/root ]; then
+            logg info 'Forwarding root e-mails to {{ .user.email }}'
+            echo '{{ .user.email }}' | sudo tee /var/root/.forward > /dev/null || logg error 'Failed to set root user .forward file'
+        else
+            logg warn 'Unable to identify root user home directory'
+        fi
+
+        ### Forward user e-mails
+
+        ### Ensure /etc/postfix/header_checks exists
+        if [ ! -d /etc/postfix/header_checks ]; then
+            logg info 'Creating /etc/postfix/header_checks since it does not exist'
+            sudo touch /etc/postfix/header_checks
+        fi
+
+        ### Re-write header From for SendGrid
+        if ! cat /etc/postfix/header_checks | grep 'no-reply@{{ .host.domain }}' > /dev/null; then
+            logg info 'Added From REPLACE to /etc/postfix/header_checks'
+            echo '/^From:.*@{{ .host.domain }}/ REPLACE From: no-reply@{{ .host.domain }}' | sudo tee -a /etc/postfix/header_checks > /dev/null
+        fi
+
+        ### Update aliases
+        if [ -f /etc/aliases ]; then
+            logg info 'Forward root e-mails to {{ .user.email }}'
+            sudo sed s/#root.*/root:\ {{ .user.email }}/ -i /etc/aliases && sudo newaliases
+            if ! cat /etc/aliases | grep '{{ .user.username }}: root' > /dev/null; then
+                logg info 'Forward user e-mail to root@localhost'
+                echo '{{ .user.username }}: root' | sudo tee -a /etc/aliases > /dev/null
+            fi
         fi
 
         if [ -d /Applications ] && [ -d /System ]; then
@@ -66,6 +103,7 @@ if command -v postfix > /dev/null; then
             if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/postfix/com.apple.postfix.master.plist" ]; then
                 logg info 'Copying com.apple.postfix.master.plist'
                 sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/postfix/com.apple.postfix.master.plist" /System/Library/LaunchDaemons/com.apple.postfix.master.plist
+                sudo launchctl load /System/Library/LaunchDaemons/com.apple.postfix.master.plist && logg success 'launchctl load of com.apple.postfix.master successful'
             fi
             logg info 'Starting postfix'
             sudo postfix start

home/dot_config/postfix/com.apple.postfix.master.plist

@@ -9,8 +9,6 @@
         <key>ProgramArguments</key>
         <array>
                 <string>master</string>
-                <string>-e</string>
-                <string>60</string>
         </array>
         <key>QueueDirectories</key>
         <array>
@@ -22,5 +20,9 @@
         <true/>
         <key>KeepAlive</key>
         <true/>
+        <key>StandardErrorPath</key>
+	<string>/var/log/com.apple.postfix.master.plist.error.log</string>
+	<key>StandardOutPath</key>
+	<string>/var/log/ccom.apple.postfix.master.plist.debug.log</string>
 </dict>
 </plist>

home/dot_config/postfix/main.cf.tmpl

@@ -5,13 +5,19 @@
 #     This configuration file is appended to `/etc/postfix/main.cf` by one of the scripts. It configures SendGrid
 #     as a relay host that Postfix can use. More details can be found in the 
 #     [SendGrid documentation on integrating Postfix](https://docs.sendgrid.com/for-developers/sending-email/postfix).
+#
+#     Some FROM addresses do not work properly when using SendGrid. Because of this, the configuration will automatically
+#     re-write the FROM address to equal `system@public.domain.com`, where `public.domain.com` is the value specified under
+#     `.host.domain` in `~/.config/chezmoi/chezmoi.yml`.
 
+header_size_limit = 4096000
+myhostname = {{ .host.domain }}
+relayhost = [smtp.sendgrid.net]:587
+smtp_header_checks = regexp:/etc/postfix/header_checks
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous
 smtp_tls_security_level = encrypt
-header_size_limit = 4096000
-relayhost = [smtp.sendgrid.net]:587
 
 ### INSTALL DOCTOR MANAGED ### END

home/dot_config/rkhunter/cron

@@ -1,37 +1,29 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
-RKHUNTER=/usr/bin/rkhunter
+# Include configuration
-
+if [ -f /usr/local/etc/rkhunter.conf ]; then
-test -x $RKHUNTER || exit 0
+  . /usr/local/etc/rkhunter.conf
-
+elif [ -f /etc/rkhunter.conf ]; then
-# source our config
   . /etc/rkhunter.conf
+else
+  echo "Failed to find rkhunter.conf file" && exit 1
+fi
 
 if [ -z "$NICE" ]; then
     NICE=0
 fi
 
-if [ -z "$RUN_CHECK_ON_BATTERY" ]; then
-    RUN_CHECK_ON_BATTERY="false"
-fi
-
-# Do not run daily check if running on battery except if explicitely allowed
-if [ -x /usr/bin/on_ac_power >/dev/null 2>&1 ]; then
-    on_ac_power >/dev/null 2>&1
-    [ $? -eq 1 -a "$RUN_CHECK_ON_BATTERY" != "true" ] && exit 0
-fi
-
 case "$CRON_DAILY_RUN" in
      [YyTt]*)
-        OUTFILE=`mktemp` || exit 1
+        OUTFILE="$(mktemp)"
-        /usr/bin/nice -n $NICE $RKHUNTER --cronjob --report-warnings-only --appendlog > $OUTFILE
+        nice -n $NICE rkhunter --cronjob --report-warnings-only --update --appendlog > $OUTFILE
         if [ -s "$OUTFILE" -a -n "$REPORT_EMAIL" ]; then
           (
-            echo "Subject: [rkhunter] $(hostname) - Daily report"
+            echo "Subject: [rkhunter] $(hostname) - Daily Report"
             echo "To: $REPORT_EMAIL"
             echo ""
             cat $OUTFILE
-          ) | /usr/sbin/mailx $REPORT_EMAIL
+          ) | mailx $REPORT_EMAIL
         fi
         rm -f $OUTFILE
         ;;

software.yml

@@ -9451,7 +9451,7 @@ softwarePackages:
     _github: null
     _home: https://www.vmware.com/
     _name: VMWare
-    _when:darwin: test -d "/Applications/VMware Fusion.app"
+    _when:darwin: '! test -d "/Applications/VMware Fusion.app" && ! test -d "$HOME/Applications/VMware Fusion.app"'
     ansible: professormanhattan.vmware
     cask: vmware-fusion
   what-ip: