Commit 9e1252b6 authored by MichiK's avatar MichiK

Adapt Postfix config and add Dovecot

parent b47ab11a
# Install and configure Dovecot and its dependencies
#
# Please run services-base.yml first.
- name: install and configure Dovecot
hosts: dovecot
become: yes
roles:
- dovecot
- dovecot-pop3d
......@@ -87,6 +87,10 @@ nginx_https_sites:
proxy_pass http://127.0.0.1:3000;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
- location: "~ ^/liste/?$"
config: |-
return 301 https://$host/Liste;
- name: "sso.c3heaven.de"
locations:
- location: "/"
......@@ -146,6 +150,7 @@ rspamd_enabled: true
postfix_mydestination: "localhost, $myhostname, c3heaven.de"
postfix_myorigin: "c3heaven.de"
postfix_mynetworks: "127.0.0.1/32 159.69.40.72/32 10.23.42.0/24 [::1]/128 [2a01:4f8:c2c:df32::]/64 [2a01:4f8:c2c:b190::]/64 [fe80::9400:ff:fe31:9902]/128 [fe80::8400:ff:fe34:27e5]/128"
postfix_generic_map:
- "www-data@c3heaven.de noreply@c3heaven.de"
postfix_additional_admin_aliases:
......@@ -159,3 +164,5 @@ postfix_virtual_alias_domains:
- "lists.c3heaven.de"
postfix_virtual_alias_maps:
- "hash:/var/lib/mailman/data/virtual-mailman"
# vim: set ft=yaml:
......@@ -22,3 +22,9 @@ ticket.c3heaven.de
# These are the Keycloak SSO servers (typically just one)
[keycloak]
gabriel.c3heaven.de
# Dovecot mail servers
#
# These are all servers that are serving mails via Dovecot
[dovecot]
gabriel.c3heaven.de
---
dependencies:
- { role: dovecot }
---
# Install and configure the Dovecot POP3 server
- name: install dovecot-pop3d
apt: name=dovecot-pop3d state=present
tags: [apt, packages, dovecot]
---
dovecot_hostname: "{{ inventory_hostname }}"
dovecot_ssl_ciphers: "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA"
dovecot_min_ssl_protocol: "TLSv1.2"
dovecot_prefer_server_ciphers: true
---
- name: restart dovecot
service: name=dovecot state=restarted
tags: [handlers, services, dovecot]
---
dependencies:
- { role: acmetool }
---
# Install and configure the core of the Dovecot mail server
- name: install dovecot-core
apt: name=dovecot-core state=present
tags: [apt, packages, dovecot]
- name: dovecot ssl configuration
template:
src: "10-ssl.conf.j2"
dest: "/etc/dovecot/conf.d/10-ssl.conf"
notify: restart dovecot
tags: [config, dovecot]
- name: start/enable dovecot
service: name=dovecot state=started enabled=yes
tags: [services, dovecot]
# {{ ansible_managed }}
ssl = required
ssl_cert = </var/lib/acme/live/{{ dovecot_hostname }}/fullchain
ssl_key = </var/lib/acme/live/{{ dovecot_hostname }}/privkey
ssl_min_protocol = {{ dovecot_min_ssl_protocol }}
ssl_prefer_server_ciphers = {{ "yes" if dovecot_prefer_server_ciphers else "no" }}
ssl_cipher_list = '{{ dovecot_ssl_ciphers }}'
postfix_mydestination: "localhost, $myhostname"
postfix_myorigin: null
postfix_mynetworks: null
postfix_alias_maps:
- "hash:/etc/aliases"
postfix_virtual_alias_domains: []
......
......@@ -9,6 +9,9 @@ mydestination = {{ postfix_mydestination }}
{% if postfix_myorigin %}
myorigin = {{ postfix_myorigin }}
{% endif %}
{% if postfix_mynetworks %}
mynetworks = {{ postfix_mynetworks }}
{% endif %}
show_user_unknown_table_name = no
alias_database = hash:/etc/aliases
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment