Fix few deprecated options, add MX, update mail, remove AWS stuff and update commits

This commit is contained in:
Alex 2020-08-09 12:00:39 +02:00
parent aa18a04336
commit 02bb84f1f2
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
17 changed files with 85 additions and 44 deletions

9
.gitmodules vendored
View File

@ -94,3 +94,12 @@
[submodule "roles/factorio"]
path = roles/factorio
url = https://git.redxen.eu/RedXen/ansible-factorio
[submodule "roles/postfix"]
path = roles/postfix
url = https://git.redxen.eu/RedXen/ansible-postfix
[submodule "roles/dovecot"]
path = roles/dovecot
url = https://git.redxen.eu/RedXen/ansible-dovecot
[submodule "roles/opendkim"]
path = roles/opendkim
url = https://git.redxen.eu/RedXen/ansible-opendkim

View File

@ -3,7 +3,7 @@
vars:
systemd:
services:
- { name: "gitea", enabled: true, state: restarted }
- { name: "gitea", enabled: true, action: restarted }
file:
- { path: "{{ gitea.path.config }}", owner: "git", group: "git", mode: "770", state: directory }
- { path: "{{ gitea.path.data }}", owner: "git", group: "git", mode: "770", state: directory }

10
dns.yml
View File

@ -55,12 +55,17 @@
TXT:
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
- { name: "", content: "brave-ledger-verification=1f77ffecf7da410af2f4eeb5953ae13c5ee9ddfdfed5cae63458e63003b97444" }
- { name: "", content: "v=spf1 a mx -all" }
- { name: "_DMARC.", content: "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" }
- { name: "mail._domainkey.", content: "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8PakBAIZxmAmqyukuwZT92I5gsM8rCD2o+abGbtXSgNCXcKEz+sWZ6kY/EAO5ABxihjyXaETsVTBuoYB514GqCFM9mZNRHHKS87rAE", content2: "/UcXUmgeydxPjqlRzEPxladjh2MhiQijT+XZzfyBVLdK9oYGPlol3VVKn48odiJIx4oRCdQhyiGTzkZGf6QMIJ5XwFqj66+Qv7OkyT6munKhFk974acL4MdL5H+LZwFAWYbRjx6j1zx3Hm7ua/EUHDcPYG6rFbJEwbyFvr1529u9H0OCn9fnIfzqMT+JEgKZRSgOWtK4jLuHcyrXTUkZzbmY8Eho+FxZszDEdvUmUQexKKQIDAQAB" }
#- { name: "_acme-challenge.", content: "" }
#- { name: "_acme-challenge.", content: "" }
CNAME:
- { name: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.", pointer: "6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com" }
- { name: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou._domainkey.", pointer: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou.dkim.amazonses.com" }
- { name: "edzxe6qpinwhafgwlt6b44yarhhfn3xl._domainkey.", pointer: "edzxe6qpinwhafgwlt6b44yarhhfn3xl.dkim.amazonses.com" }
MX:
- { name: "", priority: 10, host: "mail.redxen.eu" }
group:
A:
- { domain: "stats.", group: "frontend" }
@ -68,9 +73,12 @@
- { domain: "seed.", group: "frontend" }
- { domain: "sd.", group: "frontend" }
- { domain: "social.", group: "frontend" }
- { domain: "mail.", group: "mail" }
- { domain: "smtp.", group: "mail" }
- { domain: "imap.", group: "mail" }
- { domain: "", group: "frontend" }
roles:
- file
#- file
- apt
#- nsd
- unbound

46
mail.yml Normal file
View File

@ -0,0 +1,46 @@
---
- hosts: mail
vars:
apt:
packages:
- { package: "postfix", state: present }
- { package: "postfix-pcre", state: present }
- { package: "dovecot-core", state: present }
- { package: "dovecot-lmtpd", state: present }
- { package: "dovecot-imapd", state: present }
- { package: "dovecot-sieve", state: present }
- { package: "opendkim", state: present }
- { package: "opendkim-tools", state: present }
firewall:
- { port: 25, ipv: "v4", proto: "tcp" }
- { port: 25, ipv: "v6", proto: "tcp" }
- { port: 143, ipv: "v4", proto: "tcp" }
- { port: 143, ipv: "v6", proto: "tcp" }
- { port: 465, ipv: "v4", proto: "tcp" }
- { port: 465, ipv: "v6", proto: "tcp" }
- { port: 587, ipv: "v4", proto: "tcp" }
- { port: 587, ipv: "v6", proto: "tcp" }
- { port: 993, ipv: "v4", proto: "tcp" }
- { port: 993, ipv: "v6", proto: "tcp" }
systemd:
services:
- { name: "dovecot", enabled: true, action: reloaded }
- { name: "postfix", enabled: true, action: reloaded }
- { name: "opendkim", enabled: true, action: reloaded }
file:
- { path: "/etc/opendkim-data", owner: "opendkim", group: "opendkim", mode: "700", state: directory }
- { path: "/var/spool/postfix/opendkim", owner: "postfix", group: "opendkim", mode: "650", state: directory }
- { path: "/var/lib/dovecot/sieve/", owner: "vmail", group: "vmail", mode: "655", state: directory }
- { path: "/etc/ssl/private", owner: "root", group: "root", mode: "655", state: directory }
- { path: "/etc/ssl/private/mail", owner: "root", group: "root", mode: "655", state: directory }
users:
- { name: "vmail", shell: "/sbin/nologin", lock: true }
roles:
- users
- file
- firewall
- apt
- postfix
- dovecot
- opendkim
- systemd

View File

@ -39,42 +39,12 @@
- "tcp://{{ global.backend.redis.host }}:{{ global.backend.redis.port }}"
postgresql:
address: "host={{ global.backend.postgres.host }} port={{ global.backend.postgres.port }} user={{ vault_postgres.user }} password={{ vault_postgres.password }} sslmode=prefer"
cloudwatch:
- {
region: "eu-central-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "48h",
interval: "12h",
namespace: "AWS/S3",
ratelimit: 50,
statistic_include: ["average"],
cache_ttl: "1h"
}
- {
region: "eu-west-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "24h",
interval: "6h",
namespace: "AWS/SES",
ratelimit: 15,
statistic_include: ["average"],
cache_ttl: "1h"
}
- {
region: "us-east-1",
access_key: "{{ vault_telegraf.aws.access_key }}",
secret_key: "{{ vault_telegraf.aws.secret_key }}",
period: "24h",
interval: "6h",
namespace: "AWS/Billing",
ratelimit: 15,
statistic_include: ["average"],
cache_ttl: "1h"
}
grafana:
smtp:
from: "grafana@redxen.eu"
host: "mail.redxen.eu:465"
user: "grafana"
password: "{{ vault_grafana.smtp.password }}"
listen:
port: '{{ global.monitoring.grafana.port }}'
domain: '{{ global.monitoring.grafana.domain }}'

View File

@ -33,6 +33,8 @@
- { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
- { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
- { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
- { bit: 16, pubkey: "d459SqKVWko+wBhoFrU+yrFVM4BqI8FSmPtdrWepkw0=" }
- { bit: 18, pubkey: "Fb8sYfZghohEpznWpt46x1cmmkymt2ksQL7fEBI6qlc=" }
vault:
roles:
- "wireguard"

View File

@ -45,3 +45,6 @@ n0
[homepage]
n1
[mail]
n1

1
roles/dovecot Submodule

@ -0,0 +1 @@
Subproject commit 5d7f2b0f4cf16f71c0469bb33e87998f7056e9c0

@ -1 +1 @@
Subproject commit 7f80dca6c6c4aa1eda2ccc5a53398889fa20e0f9
Subproject commit e31d393bb44cc4145dc4700d88406895d2df6036

@ -1 +1 @@
Subproject commit d87f3eb533eb186139c0bb7efa4387d0c809d592
Subproject commit 2f296892cb5b37198b1ff983d64c86e7c9d88692

1
roles/opendkim Submodule

@ -0,0 +1 @@
Subproject commit b2431d8f374e9cbe9e9229165f6673f720a8fbfb

@ -1 +1 @@
Subproject commit c27fe21daba201c012fb6cb71684604bf5b8b676
Subproject commit 505adf97339797b0cef9f14d810631dca9b870e3

1
roles/postfix Submodule

@ -0,0 +1 @@
Subproject commit 104494b70998780800bc5d852feec6aa5a42a7c6

@ -1 +1 @@
Subproject commit 12081a5fc072bc78dac01afc9741ec8f8289c564
Subproject commit 04998bc7f87c9aa08d7579f1fb954a23cb1fe80f

@ -1 +1 @@
Subproject commit 8e2f773811063d04174b65113a11a245b22bf043
Subproject commit 33c4e6de98bc280a2159b36ec4f7489a14c605d5

@ -1 +1 @@
Subproject commit ec6918d583dc2971561799eb36c09800a247291d
Subproject commit ae925a9400e421afdf5814b1eba219496f1351b6

@ -1 +1 @@
Subproject commit 29c25ff02474d2eb9929f65b05acd71b81f0c108
Subproject commit e5dfd2e8b5fcc8ec4d0537b5efe76d107829cc7e