From c83d0d6939fedd97161a6d9d1c4d21f90d0f4fb1 Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Fri, 28 Oct 2022 09:49:41 +0200
Subject: [PATCH] make use of nginx proxy manager certificates

---
 host_vars/mail.universe.local.yml            | 3 ++-
 roles/mailserver/tasks/configure_postfix.yml | 4 ++--
 roles/mailserver/tasks/copy_certificates.yml | 3 +++
 roles/mailserver/tasks/main.yml              | 2 ++
 4 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 roles/mailserver/tasks/copy_certificates.yml

diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml
index 6ba3a0f..df908db 100644
--- a/host_vars/mail.universe.local.yml
+++ b/host_vars/mail.universe.local.yml
@@ -5,4 +5,5 @@ pigeonhole: true
 fetchmail: true
 mpop: true
 
-mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
\ No newline at end of file
+mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
+nginx_proxy_manager_cert_id: npm-1
\ No newline at end of file
diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml
index 04d3e82..9ee9c18 100644
--- a/roles/mailserver/tasks/configure_postfix.yml
+++ b/roles/mailserver/tasks/configure_postfix.yml
@@ -50,12 +50,12 @@
     - {key: "smtpd_sasl_type", value: "dovecot"}
     - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
     - {key: "smtpd_tls_auth_only", value: "yes"}
-    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"}
+    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
     - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
     - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
     - {key: "smtpd_tls_eecdh_grade", value: "strong"}
     - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
-    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"}
+    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
     - {key: "smtpd_tls_loglevel", value: "1"}
     - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
     - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}
diff --git a/roles/mailserver/tasks/copy_certificates.yml b/roles/mailserver/tasks/copy_certificates.yml
new file mode 100644
index 0000000..5675592
--- /dev/null
+++ b/roles/mailserver/tasks/copy_certificates.yml
@@ -0,0 +1,3 @@
+- name: mailserver | certificates | scp from docker01
+  shell:
+    cmd: "rsync -rlptD docker01:/opt/docker/npm/letsencrypt /etc/"
\ No newline at end of file
diff --git a/roles/mailserver/tasks/main.yml b/roles/mailserver/tasks/main.yml
index 73d85eb..67e40a9 100644
--- a/roles/mailserver/tasks/main.yml
+++ b/roles/mailserver/tasks/main.yml
@@ -3,6 +3,8 @@
   tags: always
 
 - block:
+  - include_tasks: copy_certificates.yml
+
   - block:
     - include_tasks: install_postfix.yml
     - include_tasks: configure_postfix.yml