make use of nginx proxy manager certificates
This commit is contained in:
@@ -5,4 +5,5 @@ pigeonhole: true
|
|||||||
fetchmail: true
|
fetchmail: true
|
||||||
mpop: true
|
mpop: true
|
||||||
|
|
||||||
mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
|
mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
|
||||||
|
nginx_proxy_manager_cert_id: npm-1
|
||||||
@@ -50,12 +50,12 @@
|
|||||||
- {key: "smtpd_sasl_type", value: "dovecot"}
|
- {key: "smtpd_sasl_type", value: "dovecot"}
|
||||||
- {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
|
- {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
|
||||||
- {key: "smtpd_tls_auth_only", value: "yes"}
|
- {key: "smtpd_tls_auth_only", value: "yes"}
|
||||||
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"}
|
- {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
|
||||||
- {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
|
- {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
|
||||||
- {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
|
- {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
|
||||||
- {key: "smtpd_tls_eecdh_grade", value: "strong"}
|
- {key: "smtpd_tls_eecdh_grade", value: "strong"}
|
||||||
- {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
|
- {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
|
||||||
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"}
|
- {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
|
||||||
- {key: "smtpd_tls_loglevel", value: "1"}
|
- {key: "smtpd_tls_loglevel", value: "1"}
|
||||||
- {key: "smtpd_tls_mandatory_ciphers", value: "high"}
|
- {key: "smtpd_tls_mandatory_ciphers", value: "high"}
|
||||||
- {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}
|
- {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}
|
||||||
|
|||||||
3
roles/mailserver/tasks/copy_certificates.yml
Normal file
3
roles/mailserver/tasks/copy_certificates.yml
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
- name: mailserver | certificates | scp from docker01
|
||||||
|
shell:
|
||||||
|
cmd: "rsync -rlptD docker01:/opt/docker/npm/letsencrypt /etc/"
|
||||||
@@ -3,6 +3,8 @@
|
|||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
- include_tasks: copy_certificates.yml
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- include_tasks: install_postfix.yml
|
- include_tasks: install_postfix.yml
|
||||||
- include_tasks: configure_postfix.yml
|
- include_tasks: configure_postfix.yml
|
||||||
|
|||||||
Reference in New Issue
Block a user