Commit 2f275bbe authored by MichiK's avatar MichiK

YOLO deployment

parent 3275a221
acmetool_cert_domains:
- gabriel.c3heaven.de
- c3heaven.de
- lists.c3heaven.de
- wiki.c3heaven.de
nginx_http_locations:
- location: "/"
config: |
access_log off;
log_not_found off;
return 301 https://$host$request_uri;
nginx_https_default_headers:
- name: "Strict-Transport-Security"
value: "max-age=31536000; includeSubDomains"
- name: "X-XSS-Protection"
value: "1; mode=block"
- name: "X-Frame-Options"
value: "DENY"
- name: "X-Content-Type-Options"
value: "nosniff"
- name: "Referrer-Policy"
value: "same-origin"
rspamd_enabled: true
postfix_mydestination: "localhost, $myhostname, c3heaven.de"
postfix_myorigin: "c3heaven.de"
postfix_generic_map:
- "www-data@c3heaven.de noreply@c3heaven.de"
postfix_additional_admin_aliases:
- shift
- shifts
- ticket
postfix_alias_maps:
- "hash:/etc/aliases"
- "hash:/var/lib/mailman/data/aliases"
postfix_virtual_alias_domains:
- "lists.c3heaven.de"
postfix_virtual_alias_maps:
- "hash:/var/lib/mailman/data/virtual-mailman"
......@@ -16,13 +16,13 @@ server {
{% if nginx_https_default_headers %}
{% for header in nginx_https_default_headers %}
add_header {{ header }};
add_header {{ header.name }} "{{ header.value }}";
{% endfor %}
{% endif %}
{% if item.headers %}
{% for header in item.headers %}
add_header {{ header }};
add_header {{ header.name }} "{{ header.value }}";
{% endfor %}
{% endif %}
......
postfix_mydestination: "localhost, $myhostname"
postfix_myorigin: null
postfix_alias_maps:
- "hash:/etc/aliases"
postfix_virtual_alias_domains: []
......@@ -8,6 +10,4 @@ postfix_tls_high_cipherlist: "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-S
postfix_smtpd_tls_mandatory_protocols: "TLSv1.2"
postfix_ssl_dhparam: "/etc/postfix/dh_2048.pem"
postfix_ssl_dhparam_bits: 2048
opendkim_enabled: false
postfix_additional_admin_aliases: []
- name: newaliases
command: newaliases
- name: postmap generic
command: postmap /etc/postfix/generic
- name: restart postfix
systemd:
name: postfix
state: restarted
- name: newaliases
command: newaliases
......@@ -26,3 +26,9 @@
src: "aliases.j2"
dest: "/etc/aliases"
notify: newaliases
- name: configure generic map
template:
src: "generic.j2"
dest: "/etc/postfix/generic"
notify: postmap generic
......@@ -11,3 +11,10 @@ security: admins
postmaster: admins
webmaster: admins
root: admins
{% if postfix_additional_admin_aliases %}
# additional admin aliases
{% for alias in postfix_additional_admin_aliases %}
{{ alias }}: admins
{% endfor %}
{% endif %}
# {{ ansible_managed }}
{% for line in postfix_generic_map %}
{{ line }}
{% endfor %}
......@@ -5,25 +5,40 @@ biff = no
compatibility_level = 2
myhostname = {{ inventory_hostname }}
mydestination = localhost, $myhostname
mydestination = {{ postfix_mydestination }}
{% if postfix_myorigin %}
myorigin = {{ postfix_myorigin }}
{% endif %}
show_user_unknown_table_name = no
alias_database = hash:/etc/aliases
alias_maps = {{ postfix_alias_maps|join(', ') }}
{% if postfix_virtual_alias_domains %}virtual_alias_domains = {{ postfix_virtual_alias_domains|join(', ') }}{% endif %}
{% if postfix_virtual_alias_maps %}virtual_alias_maps = {{ postfix_virtual_alias_maps|join(', ') }}{% endif %}
{% if postfix_virtual_alias_domains %}
virtual_alias_domains = {{ postfix_virtual_alias_domains|join(', ') }}
{% endif %}
{% if postfix_virtual_alias_maps %}
virtual_alias_maps = {{ postfix_virtual_alias_maps|join(', ') }}
{% endif %}
inet_interfaces = all
inet_protocols = ipv6, ipv4
{% if rspamd_enabled %}
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_default_action = accept
{% endif %}
mailbox_size_limit = {{ postfix_mailbox_size_limit }}
message_size_limit = {{ postfix_message_size_limit }}
{% if opendkim_enabled %}non_smtpd_milters = inet:localhost:11332{% endif %}
tls_high_cipherlist = {{ postfix_tls_high_cipherlist }}
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_banner = $myhostname loves ESMTP
smtpd_tls_cert_file=/var/lib/acme/live/{{ inventory_hostname }}/fullchain
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment