Fix few deprecated options, add MX, update mail, remove AWS stuff and update commits
This commit is contained in:
parent
aa18a04336
commit
02bb84f1f2
9
.gitmodules
vendored
9
.gitmodules
vendored
@ -94,3 +94,12 @@
|
||||
[submodule "roles/factorio"]
|
||||
path = roles/factorio
|
||||
url = https://git.redxen.eu/RedXen/ansible-factorio
|
||||
[submodule "roles/postfix"]
|
||||
path = roles/postfix
|
||||
url = https://git.redxen.eu/RedXen/ansible-postfix
|
||||
[submodule "roles/dovecot"]
|
||||
path = roles/dovecot
|
||||
url = https://git.redxen.eu/RedXen/ansible-dovecot
|
||||
[submodule "roles/opendkim"]
|
||||
path = roles/opendkim
|
||||
url = https://git.redxen.eu/RedXen/ansible-opendkim
|
||||
|
2
dev.yml
2
dev.yml
@ -3,7 +3,7 @@
|
||||
vars:
|
||||
systemd:
|
||||
services:
|
||||
- { name: "gitea", enabled: true, state: restarted }
|
||||
- { name: "gitea", enabled: true, action: restarted }
|
||||
file:
|
||||
- { path: "{{ gitea.path.config }}", owner: "git", group: "git", mode: "770", state: directory }
|
||||
- { path: "{{ gitea.path.data }}", owner: "git", group: "git", mode: "770", state: directory }
|
||||
|
10
dns.yml
10
dns.yml
@ -55,12 +55,17 @@
|
||||
TXT:
|
||||
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
|
||||
- { name: "", content: "brave-ledger-verification=1f77ffecf7da410af2f4eeb5953ae13c5ee9ddfdfed5cae63458e63003b97444" }
|
||||
- { name: "", content: "v=spf1 a mx -all" }
|
||||
- { name: "_DMARC.", content: "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" }
|
||||
- { name: "mail._domainkey.", content: "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8PakBAIZxmAmqyukuwZT92I5gsM8rCD2o+abGbtXSgNCXcKEz+sWZ6kY/EAO5ABxihjyXaETsVTBuoYB514GqCFM9mZNRHHKS87rAE", content2: "/UcXUmgeydxPjqlRzEPxladjh2MhiQijT+XZzfyBVLdK9oYGPlol3VVKn48odiJIx4oRCdQhyiGTzkZGf6QMIJ5XwFqj66+Qv7OkyT6munKhFk974acL4MdL5H+LZwFAWYbRjx6j1zx3Hm7ua/EUHDcPYG6rFbJEwbyFvr1529u9H0OCn9fnIfzqMT+JEgKZRSgOWtK4jLuHcyrXTUkZzbmY8Eho+FxZszDEdvUmUQexKKQIDAQAB" }
|
||||
#- { name: "_acme-challenge.", content: "" }
|
||||
#- { name: "_acme-challenge.", content: "" }
|
||||
CNAME:
|
||||
- { name: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.", pointer: "6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com" }
|
||||
- { name: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou._domainkey.", pointer: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou.dkim.amazonses.com" }
|
||||
- { name: "edzxe6qpinwhafgwlt6b44yarhhfn3xl._domainkey.", pointer: "edzxe6qpinwhafgwlt6b44yarhhfn3xl.dkim.amazonses.com" }
|
||||
MX:
|
||||
- { name: "", priority: 10, host: "mail.redxen.eu" }
|
||||
group:
|
||||
A:
|
||||
- { domain: "stats.", group: "frontend" }
|
||||
@ -68,9 +73,12 @@
|
||||
- { domain: "seed.", group: "frontend" }
|
||||
- { domain: "sd.", group: "frontend" }
|
||||
- { domain: "social.", group: "frontend" }
|
||||
- { domain: "mail.", group: "mail" }
|
||||
- { domain: "smtp.", group: "mail" }
|
||||
- { domain: "imap.", group: "mail" }
|
||||
- { domain: "", group: "frontend" }
|
||||
roles:
|
||||
- file
|
||||
#- file
|
||||
- apt
|
||||
#- nsd
|
||||
- unbound
|
||||
|
46
mail.yml
Normal file
46
mail.yml
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
- hosts: mail
|
||||
vars:
|
||||
apt:
|
||||
packages:
|
||||
- { package: "postfix", state: present }
|
||||
- { package: "postfix-pcre", state: present }
|
||||
- { package: "dovecot-core", state: present }
|
||||
- { package: "dovecot-lmtpd", state: present }
|
||||
- { package: "dovecot-imapd", state: present }
|
||||
- { package: "dovecot-sieve", state: present }
|
||||
- { package: "opendkim", state: present }
|
||||
- { package: "opendkim-tools", state: present }
|
||||
firewall:
|
||||
- { port: 25, ipv: "v4", proto: "tcp" }
|
||||
- { port: 25, ipv: "v6", proto: "tcp" }
|
||||
- { port: 143, ipv: "v4", proto: "tcp" }
|
||||
- { port: 143, ipv: "v6", proto: "tcp" }
|
||||
- { port: 465, ipv: "v4", proto: "tcp" }
|
||||
- { port: 465, ipv: "v6", proto: "tcp" }
|
||||
- { port: 587, ipv: "v4", proto: "tcp" }
|
||||
- { port: 587, ipv: "v6", proto: "tcp" }
|
||||
- { port: 993, ipv: "v4", proto: "tcp" }
|
||||
- { port: 993, ipv: "v6", proto: "tcp" }
|
||||
systemd:
|
||||
services:
|
||||
- { name: "dovecot", enabled: true, action: reloaded }
|
||||
- { name: "postfix", enabled: true, action: reloaded }
|
||||
- { name: "opendkim", enabled: true, action: reloaded }
|
||||
file:
|
||||
- { path: "/etc/opendkim-data", owner: "opendkim", group: "opendkim", mode: "700", state: directory }
|
||||
- { path: "/var/spool/postfix/opendkim", owner: "postfix", group: "opendkim", mode: "650", state: directory }
|
||||
- { path: "/var/lib/dovecot/sieve/", owner: "vmail", group: "vmail", mode: "655", state: directory }
|
||||
- { path: "/etc/ssl/private", owner: "root", group: "root", mode: "655", state: directory }
|
||||
- { path: "/etc/ssl/private/mail", owner: "root", group: "root", mode: "655", state: directory }
|
||||
users:
|
||||
- { name: "vmail", shell: "/sbin/nologin", lock: true }
|
||||
roles:
|
||||
- users
|
||||
- file
|
||||
- firewall
|
||||
- apt
|
||||
- postfix
|
||||
- dovecot
|
||||
- opendkim
|
||||
- systemd
|
@ -39,42 +39,12 @@
|
||||
- "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
|
||||
postgresql:
|
||||
address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
|
||||
|
||||
cloudwatch:
|
||||
- {
|
||||
region: "eu-central-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "48h",
|
||||
interval: "12h",
|
||||
namespace: "AWS/S3",
|
||||
ratelimit: 50,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "1h"
|
||||
}
|
||||
- {
|
||||
region: "eu-west-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "24h",
|
||||
interval: "6h",
|
||||
namespace: "AWS/SES",
|
||||
ratelimit: 15,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "1h"
|
||||
}
|
||||
- {
|
||||
region: "us-east-1",
|
||||
access_key: "{{ vault_telegraf.aws.access_key }}",
|
||||
secret_key: "{{ vault_telegraf.aws.secret_key }}",
|
||||
period: "24h",
|
||||
interval: "6h",
|
||||
namespace: "AWS/Billing",
|
||||
ratelimit: 15,
|
||||
statistic_include: ["average"],
|
||||
cache_ttl: "1h"
|
||||
}
|
||||
grafana:
|
||||
smtp:
|
||||
from: "grafana@redxen.eu"
|
||||
host: "mail.redxen.eu:465"
|
||||
user: "grafana"
|
||||
password: "{{ vault_grafana.smtp.password }}"
|
||||
listen:
|
||||
port: '{{ global.monitoring.grafana.port }}'
|
||||
domain: '{{ global.monitoring.grafana.domain }}'
|
||||
|
2
net.yml
2
net.yml
@ -33,6 +33,8 @@
|
||||
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
|
||||
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
|
||||
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
|
||||
- { bit: 16, pubkey: "d459SqKVWko+wBhoFrU+yrFVM4BqI8FSmPtdrWepkw0=" }
|
||||
- { bit: 18, pubkey: "Fb8sYfZghohEpznWpt46x1cmmkymt2ksQL7fEBI6qlc=" }
|
||||
vault:
|
||||
roles:
|
||||
- "wireguard"
|
||||
|
@ -45,3 +45,6 @@ n0
|
||||
|
||||
[homepage]
|
||||
n1
|
||||
|
||||
[mail]
|
||||
n1
|
||||
|
1
roles/dovecot
Submodule
1
roles/dovecot
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 5d7f2b0f4cf16f71c0469bb33e87998f7056e9c0
|
@ -1 +1 @@
|
||||
Subproject commit 7f80dca6c6c4aa1eda2ccc5a53398889fa20e0f9
|
||||
Subproject commit e31d393bb44cc4145dc4700d88406895d2df6036
|
@ -1 +1 @@
|
||||
Subproject commit d87f3eb533eb186139c0bb7efa4387d0c809d592
|
||||
Subproject commit 2f296892cb5b37198b1ff983d64c86e7c9d88692
|
1
roles/opendkim
Submodule
1
roles/opendkim
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit b2431d8f374e9cbe9e9229165f6673f720a8fbfb
|
@ -1 +1 @@
|
||||
Subproject commit c27fe21daba201c012fb6cb71684604bf5b8b676
|
||||
Subproject commit 505adf97339797b0cef9f14d810631dca9b870e3
|
1
roles/postfix
Submodule
1
roles/postfix
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 104494b70998780800bc5d852feec6aa5a42a7c6
|
@ -1 +1 @@
|
||||
Subproject commit 12081a5fc072bc78dac01afc9741ec8f8289c564
|
||||
Subproject commit 04998bc7f87c9aa08d7579f1fb954a23cb1fe80f
|
@ -1 +1 @@
|
||||
Subproject commit 8e2f773811063d04174b65113a11a245b22bf043
|
||||
Subproject commit 33c4e6de98bc280a2159b36ec4f7489a14c605d5
|
@ -1 +1 @@
|
||||
Subproject commit ec6918d583dc2971561799eb36c09800a247291d
|
||||
Subproject commit ae925a9400e421afdf5814b1eba219496f1351b6
|
@ -1 +1 @@
|
||||
Subproject commit 29c25ff02474d2eb9929f65b05acd71b81f0c108
|
||||
Subproject commit e5dfd2e8b5fcc8ec4d0537b5efe76d107829cc7e
|
Reference in New Issue
Block a user