Encrypt emails archiving the public Apache logs.

diff --git a/README.org b/README.org
index ae692758f199f98b491313c428d840c701500aec..8aa7824505d3eef31976b92715e04d060cc8b862 100644 (file)
--- a/README.org
+++ b/README.org
@@ -552,9 +552,7 @@ needed because Postfix does not provide an emulation of ~mail(1)~ and
 some translation to ~sendmail(1)~ was required.  Since then the script
 has learned to compute the date-dependent file name, compress the log,
 convert it to base64, and encapsulate it in MIME format, before
-sending it on to ~sendmail~.  Note that there is no encryption (yet).
-This is a low priority because much of the data is available to
-Droplet's ISP's Mom, the NSA/CIA/NWO.
+encrypting and sending to ~sendmail~.
 
 #+CAPTION: [[file:roles_t/abbey-front/files/logrotate-mailer][=roles_t/abbey-front/files/logrotate-mailer=]]
 #+BEGIN_SRC sh :tangle roles_t/abbey-front/files/logrotate-mailer
@@ -573,22 +571,27 @@ else
 fi
 
 ( echo "Subject: $2"
-  echo "Content-Type: multipart/mixed; boundary=\"boundary\""
-  echo "MIME-Version: 1.0"
   echo ""
-  echo "--boundary"
-  echo "Content-Type: text/plain"
-  echo "Content-Transfer-Encoding: 8bit"
-  echo ""
-  echo "$F"
-  echo "--boundary"
-  echo "Content-Type: application/gzip; name=\"$F\""
-  echo "Content-Disposition: attachment; filename=\"$F\""
-  echo "Content-Transfer-Encoding: base64"
-  echo ""
-  gzip | base64
-  echo ""
-  echo "--boundary--" ) | sendmail "$3"
+  ( echo "Content-Type: multipart/mixed; boundary=\"boundary\""
+    echo "MIME-Version: 1.0"
+    echo ""
+    echo "--boundary"
+    echo "Content-Type: text/plain"
+    echo "Content-Transfer-Encoding: 8bit"
+    echo ""
+    echo "$F"
+    echo "--boundary"
+    echo "Content-Type: application/gzip; name=\"$F\""
+    echo "Content-Disposition: attachment; filename=\"$F\""
+    echo "Content-Transfer-Encoding: base64"
+    echo ""
+    gzip | base64
+    echo ""
+    echo "--boundary--" ) \
+  | gpg --encrypt --armor \
+       --trust-model always --recipient root@core ) \
+| sendmail root \
+|| exit $?
 #+END_SRC
 
 ** Install Let's Encrypt
@@ -729,7 +732,7 @@ The following task arranges to rotate Certbot's logs files.
 ** Archive Let's Encrypt Data
 
 A backup copy of Let's Encrypt's data (=/etc/letsencrypt/=) is sent to
-~root@core~ in S/MIME encrypted email every time it changes.  Changes
+~root@core~ in OpenPGP encrypted email every time it changes.  Changes
 are detected by keeping a copy in =/etc/letsencrypt~/= for comparison.
 
 #+CAPTION: [[file:roles_t/abbey-front/tasks/main.yml][=roles_t/abbey-front/tasks/main.yml=]]

diff --git a/roles_t/abbey-front/files/logrotate-mailer b/roles_t/abbey-front/files/logrotate-mailer
index 45050833cbfd8fd55c7763f6622b02de5aae0ac4..f4f47dbc794783883aabe88f3dc5e07addcedae0 100644 (file)
--- a/roles_t/abbey-front/files/logrotate-mailer
+++ b/roles_t/abbey-front/files/logrotate-mailer
@@ -13,19 +13,24 @@ else
 fi
 
 ( echo "Subject: $2"
-  echo "Content-Type: multipart/mixed; boundary=\"boundary\""
-  echo "MIME-Version: 1.0"
   echo ""
-  echo "--boundary"
-  echo "Content-Type: text/plain"
-  echo "Content-Transfer-Encoding: 8bit"
-  echo ""
-  echo "$F"
-  echo "--boundary"
-  echo "Content-Type: application/gzip; name=\"$F\""
-  echo "Content-Disposition: attachment; filename=\"$F\""
-  echo "Content-Transfer-Encoding: base64"
-  echo ""
-  gzip | base64
-  echo ""
-  echo "--boundary--" ) | sendmail "$3"
+  ( echo "Content-Type: multipart/mixed; boundary=\"boundary\""
+    echo "MIME-Version: 1.0"
+    echo ""
+    echo "--boundary"
+    echo "Content-Type: text/plain"
+    echo "Content-Transfer-Encoding: 8bit"
+    echo ""
+    echo "$F"
+    echo "--boundary"
+    echo "Content-Type: application/gzip; name=\"$F\""
+    echo "Content-Disposition: attachment; filename=\"$F\""
+    echo "Content-Transfer-Encoding: base64"
+    echo ""
+    gzip | base64
+    echo ""
+    echo "--boundary--" ) \
+  | gpg --encrypt --armor \
+       --trust-model always --recipient root@core ) \
+| sendmail root \
+|| exit $?