WIP: misc: test infrastructure for mail

group_vars/infra/firewall.yml

@@ -102,6 +102,10 @@ firewall__zones:
     addrs:
       - 2a09:6840:128::150
       - 10.128.0.150
+  mx.test:
+    addrs:
+      - 2a09:6840:211::1:5
+      - 45.66.111.205
 
 firewall__input:
   - iif:
@@ -146,6 +150,18 @@ firewall__forward:
     protocols:
       icmp: true
     verdict: accept
+  - dst: mx.test
+    protocols:
+      icmp: true
+    verdict: accept
+  - dst: mx.test
+    protocols:
+      tcp:
+        dport:
+          - 25
+          - 465
+          - 993
+    verdict: accept
   # SNMP
   - src: monit
     dst:

host_vars/mx.test.infra.auro.re.yml

@@ -0,0 +1,12 @@
+---
+systemd_link__links:
+  ext0: ae:ae:ae:1d:c8:b2
+
+ifupdown2__interfaces:
+  ext0:
+    addresses:
+      - 2a09:6840:211::1:5/64
+      - 10.211.1.5/16
+      - 45.66.111.205/30
+    gateways: "{{ ifupdown2__gateways.ext }}"
+...

host_vars/ns-master.int.infra.auro.re/knotd.yml

@@ -225,6 +225,10 @@ knotd__zones:
         target:
           - ns-1
           - ns-2
+      - name: test
+        target:
+          - ns-1
+          - ns-2
       - name: adm
         target:
           - serge
@@ -246,7 +250,7 @@ knotd__zones:
         preference: 5
       - exchange: proxy-ovh
         preference: 10
-    spf:
+    txt:
       - data: v=spf1 mx -all
     a:
       - address: 92.222.211.195
@@ -309,6 +313,31 @@ knotd__zones:
                | combine(knotd__hosts['adh.auro.re']
                          | add_origin_keys('adh.auro.re.')) }}"
 
+  test.auro.re:
+    dnssec_policy: public
+    notify:
+      - xfr-ns-1
+      - xfr-ns-2
+    acl:
+      - xfr
+    soa:
+      mname: ns-master.int.infra.auro.re.
+    txt:
+      - data: v=spf1 mx -all
+      - name: _dmarc
+        data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
+    ns:
+      - target:
+          - ns-1.auro.re.
+          - ns-2.auro.re.
+    mx:
+      - exchange: mx
+        preference: 5
+    hosts:
+      mx:
+        - 2a09:6840:211::1:5
+        - 45.66.111.205
+
   infra.auro.re:
     dnssec_policy: infra
     notify:
@@ -444,6 +473,9 @@ knotd__zones:
       ec-1.ups:
         - 2a09:6840:201::3:2
         - 10.201.3.2
+      mx.test:
+        - 2a09:6840:211::1:5
+        - 10.211.1.5
 
   108.66.45.in-addr.arpa:
     dnssec_policy: ripe

hosts

@@ -1,5 +1,8 @@
 # Aurore servers inventory
 
+[vm_test]
+mx.test.infra.auro.re
+
 [aruba]
 eb-1.acs.sw.infra.auro.re
 

playbooks/base.yml

@@ -2,6 +2,7 @@
 ---
 - hosts:
     - pve_network
+    - vm_test
     - vm_network
   roles:
     - base_utils

playbooks/ifupdown2.yml

@@ -1,6 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
+    - vm_test
     - vm_network
   roles:
     - ifupdown2

playbooks/knotd.yml

@@ -36,6 +36,11 @@
         acl:
           - notify-master
         master: xfr-master
+      test.auro.re:
+        dnssec_validation: true
+        acl:
+          - notify-master
+        master: xfr-master
       infra.auro.re:
         dnssec_validation: true
         acl:

playbooks/openssh.yml

@@ -2,6 +2,7 @@
 ---
 - hosts:
     - pve_network
+    - vm_test
     - vm_network
   roles:
     - openssh_server

playbooks/qemu_guest.yml

@@ -2,6 +2,7 @@
 ---
 - hosts:
     - vm_network
+    - vm_test
   roles:
     - qemu_guest
 ...

playbooks/resolvconf.yml

@@ -2,6 +2,7 @@
 ---
 - hosts:
     - vm_network
+    - vm_test
     - pve_network
   roles:
     - resolvconf

playbooks/root.yml

@@ -2,6 +2,7 @@
 ---
 - hosts:
     - vm_network
+    - vm_test
     - pve_network
   roles:
     - root_account

playbooks/systemd_link.yml

@@ -11,6 +11,7 @@
     - ldap
     - isp
     - vpn
+    - vm_test
   roles:
     - systemd_link
 ...