rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

changed fixed vars to definable ones

Browse Source
This commit is contained in:
Rene
2022-11-19 14:03:44 +01:00
parent d032abd034
commit 100b6a149d
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
host_vars/mail.universe.local.yml
View File

@@ -4,5 +4,6 @@ dovecot: true
pigeonhole: true pigeonhole: true
fetchmail: true fetchmail: true
mpop: true mpop: true
npm_cert: "npm-29"
mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24' mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'

6
roles/mailserver/tasks/configure_postfix.yml
View File

@@ -19,7 +19,7 @@
- {key: "message_size_limit", value: "0"} - {key: "message_size_limit", value: "0"}
- {key: "milter_default_action", value: "accept"} - {key: "milter_default_action", value: "accept"}
- {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"}
- {key: "myhostname", value: "kashyyyk.universe.local"} - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"}
- {key: "mynetworks", value: "'{{ mynetworks }}'"} - {key: "mynetworks", value: "'{{ mynetworks }}'"}
- {key: "mynetworks_style", value: "subnet"} - {key: "mynetworks_style", value: "subnet"}
- {key: "readme_directory", value: "no"} - {key: "readme_directory", value: "no"}
@@ -50,12 +50,12 @@
- {key: "smtpd_sasl_type", value: "dovecot"} - {key: "smtpd_sasl_type", value: "dovecot"}
- {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"} - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
- {key: "smtpd_tls_auth_only", value: "yes"} - {key: "smtpd_tls_auth_only", value: "yes"}
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"} - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"}
- {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
- {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
- {key: "smtpd_tls_eecdh_grade", value: "strong"} - {key: "smtpd_tls_eecdh_grade", value: "strong"}
- {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"} - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"} - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"}
- {key: "smtpd_tls_loglevel", value: "1"} - {key: "smtpd_tls_loglevel", value: "1"}
- {key: "smtpd_tls_mandatory_ciphers", value: "high"} - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
- {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"} - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}