rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added new host

Browse Source
This commit is contained in:
Rene Mewissen
2022-10-27 09:32:11 +02:00
parent 795c217fb6
commit 1b96ff38ec
7 changed files with 125 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
host_vars/mail.universe.local.yml Normal file
View File

@@ -0,0 +1,8 @@
postfix: true
postgrey: true
dovecot: true
pigeonhole: true
fetchmail: true
mpop: true
mynetworks: "192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24"

1
hosts
View File

@@ -72,6 +72,7 @@ mewimeet.de jitsi_fqdn=mewimeet.de
coruscant.universe.local coruscant.universe.local
mail.mewissen.site mail.mewissen.site
mailcow mailcow
mail.universe.local
[mastodon] [mastodon]
mewitoot.de mewitoot.de

75
roles/mailserver/tasks/configure_postfix.yml Normal file
View File

@@ -0,0 +1,75 @@
- name: mailserver | postfix | configuration
command:
cmd: "postconf {{item.key}}={{item.value}}"
loop:
- {key: "address_verify_map", value: "btree:/usr/lib/postfix/bin/verify"}
- {key: "alias_database", value: "hash:/etc/mail/aliases"}
- {key: "alias_maps", value: "hash:/etc/mail/aliases"}
- {key: "biff", value: "no"}
- {key: "broken_sasl_auth_clients", value: "yes"}
- {key: "compatibility_level", value: "2"}
- {key: "debugger_command", value: "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5"}
- {key: "default_destination_concurrency_limit", value: "2"}
- {key: "dovecot_destination_recipient_limit", value: "1"}
- {key: "header_checks", value: "regexp:/etc/postfix/header_checks"}
- {key: "inet_protocols", value: "ipv4, ipv6"}
- {key: "mailbox_size_limit", value: "0"}
- {key: "mailbox_transport", value: "dovecot"}
- {key: "maillog_file", value: "/var/log/postfix.log"}
- {key: "message_size_limit", value: "0"}
- {key: "milter_default_action", value: "accept"}
- {key: "mydestination", value: "localhost, kashyyyk, coruscant"}
- {key: "myhostname", value: "kashyyyk.universe.local"}
- {key: "mynetworks", value: "{{ mynetworks }}"}
- {key: "mynetworks_style", value: "subnet"}
- {key: "readme_directory", value: "no"}
- {key: "recipient_canonical_maps", value: "hash:/etc/postfix/recipient-canonical"}
- {key: "recipient_delimiter", value: "+"}
- {key: "sender_canonical_maps", value: "hash:/etc/postfix/sender-canonical"}
- {key: "sender_dependent_relayhost_maps", value: "hash:/etc/postfix/sender_dependent_relayhost_map"}
- {key: "smtp_sasl_auth_enable", value: "yes"}
- {key: "smtp_sasl_mechanism_filter", value: "!gssapi, !external, static:all"}
- {key: "smtp_sasl_password_maps", value: "hash:/etc/postfix/saslpass"}
- {key: "smtp_sasl_security_options", value: "noanonymous"}
- {key: "smtp_sender_dependent_authentication", value: "yes"}
- {key: "smtp_tls_CApath", value: "/etc/ssl/certs"}
- {key: "smtp_tls_loglevel", value: "1"}
- {key: "smtp_tls_policy_maps", value: "hash:/etc/postfix/smtp_tls_policy"}
- {key: "smtp_tls_security_level", value: "may"}
- {key: "smtp_tls_session_cache_database", value: "btree:/var/lib/postfix/smtp_scache"}
- {key: "smtpd_data_restrictions", value: "reject_unauth_pipelining"}
- {key: "smtpd_etrn_restrictions", value: "permit_mynetworks, reject"}
- {key: "smtpd_helo_required", value: "yes"}
- {key: "smtpd_helo_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname"}
- {key: "smtpd_recipient_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,"}
- {key: "smtpd_relay_restrictions", value: "permit_sasl_authenticated"}
- {key: "smtpd_sasl_auth_enable", value: "yes"}
- {key: "smtpd_sasl_path", value: "/var/run/dovecot/auth-client"}
- {key: "smtpd_sasl_security_options", value: "noanonymous,noplaintext"}
- {key: "smtpd_sasl_tls_security_options", value: "noanonymous"}
- {key: "smtpd_sasl_type", value: "dovecot"}
- {key: "smtpd_sender_restrictions", value: "hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access"}
- {key: "smtpd_tls_auth_only", value: "yes"}
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"}
- {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
- {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
- {key: "smtpd_tls_eecdh_grade", value: "strong"}
- {key: "smtpd_tls_exclude_ciphers", value: "aNULL,MD5,RC4,DES,IDEA,SEED,3DES"}
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"}
- {key: "smtpd_tls_loglevel", value: "1"}
- {key: "smtpd_tls_mandatory_ciphers", value: "high"}
- {key: "smtpd_tls_mandatory_exclude_ciphers", value: "aNULL,MD5,RC4,IDEA,SEED,3DES"}
- {key: "smtpd_tls_security_level", value: "may"}
- {key: "smtpd_tls_session_cache_database", value: "btree:${data_directory}/smtpd_scache"}
- {key: "tls_high_cipherlist", value: "EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA"}
- {key: "tls_preempt_cipherlist", value: "yes"}
- {key: "tls_ssl_options", value: "NO_COMPRESSION"}
- {key: "transport_maps", value: "hash:/etc/postfix/transport"}
- {key: "virtual_alias_maps", value: "hash:/etc/postfix/virtual"}
- {key: "virtual_gid_maps", value: "static:vmail"}
- {key: "virtual_mailbox_base", value: "/home/vmail"}
- {key: "virtual_mailbox_domains", value: "$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de"}
- {key: "virtual_mailbox_maps", value: "hash:/etc/postfix/vmailbox"}
- {key: "virtual_transport", value: "lmtp:unix:private/dovecot-lmtp"}
- {key: "virtual_uid_maps", value: "static:vmail"}

6
roles/mailserver/tasks/install_dovecot.yml Normal file
View File

@@ -0,0 +1,6 @@
- name: mailserver | dovecot | install packages
package:
name:
- dovecot
- pigeonhole
state: present

4
roles/mailserver/tasks/install_fetchmail.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: mailserver | fetchmail | install packages
package:
name: fetchmail
state: present

9
roles/mailserver/tasks/install_postfix.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: mailserver | postfix | install packages
package:
name:
- postfix
- postfix-ldap
- postfix-mysql
- postfix-sqlite
- postgrey
state: present

22
roles/mailserver/tasks/main.yml Normal file
View File

@@ -0,0 +1,22 @@
# Load distro-specific variables
- include_vars: "{{ ansible_distribution }}.yml"
tags: always
- block:
- block:
- include_tasks: install_postfix.yml
- include_tasks: configure_postfix.yml
when: postfix == true
- block:
- include_tasks: install_dovecot.yml
- include_tasks: configure_dovecot.yml
when: dovecot == true
- block:
- include_tasks: install_fetchmail.yml
- include_tasks: configure_fetchmail.yml
when: fetchmail == true
rescue:
- set_fact: task_failed=true