rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make use of nginx proxy manager certificates

Browse Source
This commit is contained in:
Rene Mewissen
2022-10-28 09:49:41 +02:00
parent a357acfd54
commit c83d0d6939
4 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
host_vars/mail.universe.local.yml
View File

@@ -5,4 +5,5 @@ pigeonhole: true
fetchmail: true
mpop: true
mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
nginx_proxy_manager_cert_id: npm-1

4
roles/mailserver/tasks/configure_postfix.yml
View File

@@ -50,12 +50,12 @@
- {key: "smtpd_sasl_type", value: "dovecot"}
- {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
- {key: "smtpd_tls_auth_only", value: "yes"}
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"}
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
- {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
- {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
- {key: "smtpd_tls_eecdh_grade", value: "strong"}
- {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"}
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
- {key: "smtpd_tls_loglevel", value: "1"}
- {key: "smtpd_tls_mandatory_ciphers", value: "high"}
- {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}

3
roles/mailserver/tasks/copy_certificates.yml Normal file
View File

@@ -0,0 +1,3 @@
- name: mailserver | certificates | scp from docker01
shell:
cmd: "rsync -rlptD docker01:/opt/docker/npm/letsencrypt /etc/"

2
roles/mailserver/tasks/main.yml
View File

@@ -3,6 +3,8 @@
tags: always
- block:
- include_tasks: copy_certificates.yml
- block:
- include_tasks: install_postfix.yml
- include_tasks: configure_postfix.yml