WIP: misc: test infrastructure for mail

This commit is contained in:
jeltz 2023-12-17 15:47:06 +01:00
parent 887aadb5fe
commit 91d3087047
Signed by: jeltz
GPG key ID: 800882B66C0C3326
12 changed files with 76 additions and 1 deletions

View file

@ -102,6 +102,10 @@ firewall__zones:
addrs:
- 2a09:6840:128::150
- 10.128.0.150
mx.test:
addrs:
- 2a09:6840:211::1:5
- 45.66.111.205
firewall__input:
- iif:
@ -146,6 +150,18 @@ firewall__forward:
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
icmp: true
verdict: accept
- dst: mx.test
protocols:
tcp:
dport:
- 25
- 465
- 993
verdict: accept
# SNMP
- src: monit
dst:

View file

@ -0,0 +1,12 @@
---
systemd_link__links:
ext0: ae:ae:ae:1d:c8:b2
ifupdown2__interfaces:
ext0:
addresses:
- 2a09:6840:211::1:5/64
- 10.211.1.5/16
- 45.66.111.205/30
gateways: "{{ ifupdown2__gateways.ext }}"
...

View file

@ -225,6 +225,10 @@ knotd__zones:
target:
- ns-1
- ns-2
- name: test
target:
- ns-1
- ns-2
- name: adm
target:
- serge
@ -246,7 +250,7 @@ knotd__zones:
preference: 5
- exchange: proxy-ovh
preference: 10
spf:
txt:
- data: v=spf1 mx -all
a:
- address: 92.222.211.195
@ -309,6 +313,31 @@ knotd__zones:
| combine(knotd__hosts['adh.auro.re']
| add_origin_keys('adh.auro.re.')) }}"
test.auro.re:
dnssec_policy: public
notify:
- xfr-ns-1
- xfr-ns-2
acl:
- xfr
soa:
mname: ns-master.int.infra.auro.re.
txt:
- data: v=spf1 mx -all
- name: _dmarc
data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
ns:
- target:
- ns-1.auro.re.
- ns-2.auro.re.
mx:
- exchange: mx
preference: 5
hosts:
mx:
- 2a09:6840:211::1:5
- 45.66.111.205
infra.auro.re:
dnssec_policy: infra
notify:
@ -444,6 +473,9 @@ knotd__zones:
ec-1.ups:
- 2a09:6840:201::3:2
- 10.201.3.2
mx.test:
- 2a09:6840:211::1:5
- 10.211.1.5
108.66.45.in-addr.arpa:
dnssec_policy: ripe

3
hosts
View file

@ -1,5 +1,8 @@
# Aurore servers inventory
[vm_test]
mx.test.infra.auro.re
[aruba]
eb-1.acs.sw.infra.auro.re

View file

@ -2,6 +2,7 @@
---
- hosts:
- pve_network
- vm_test
- vm_network
roles:
- base_utils

View file

@ -1,6 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts:
- vm_test
- vm_network
roles:
- ifupdown2

View file

@ -36,6 +36,11 @@
acl:
- notify-master
master: xfr-master
test.auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
infra.auro.re:
dnssec_validation: true
acl:

View file

@ -2,6 +2,7 @@
---
- hosts:
- pve_network
- vm_test
- vm_network
roles:
- openssh_server

View file

@ -2,6 +2,7 @@
---
- hosts:
- vm_network
- vm_test
roles:
- qemu_guest
...

View file

@ -2,6 +2,7 @@
---
- hosts:
- vm_network
- vm_test
- pve_network
roles:
- resolvconf

View file

@ -2,6 +2,7 @@
---
- hosts:
- vm_network
- vm_test
- pve_network
roles:
- root_account

View file

@ -11,6 +11,7 @@
- ldap
- isp
- vpn
- vm_test
roles:
- systemd_link
...