[rspamd] basic installation

group_vars/all/vars.yml

@@ -15,6 +15,8 @@ ldap_matrix_password: "{{ vault_ldap_matrix_password }}"
 ldap_replica_password: "{{ vault_ldap_replica_password }}"
 ldap_admin_password: "{{ vault_ldap_admin_password }}"
 ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
+ldap_dovecot_bind_dn: "cn=dovecot,ou=service-users,{{ ldap_base }}"
+ldap_dovecot_password: "{{ vault_ldap_dovecot_password }}"
 
 # Databases
 postgresql_services_url: 'services-bdd.adm.auro.re'
@@ -68,6 +70,9 @@ keepalived_password: "{{ vault_keepalived_password[apartment_block] }}"
 re2o_secret_key: "{{ vault_re2o_secret_key }}"
 re2o_db_password: "{{ vault_re2o_db_password }}"
 re2o_aes_key: "{{ vault_re2o_aes_key }}"
+re2o_hostname: "re2o.auro.re"
+re2o_api_username: "service-user"
+re2o_api_password: "{{ vault_re2o_serviceuser_passwd }}"
 
 # Radius
 radius_secret_aurore: "{{ vault_radius_secrets.aurore }}"
@@ -89,3 +94,10 @@ apartment_block_dhcp: "{{ apartment_block }}"
 ipv6_base_prefix: "2a09:6840"
 
 is_aurore_host: "{{ 'aurore_vm' in group_names }}"
+
+# Mail
+
+myorigin: "auro.re"
+# myhostname should be the FQDN (Fully Qualified Domain Name)
+myhostname: "mail.auro.re"
+local_network: "10.128.0.0/24"

group_vars/all/vault.yml

@@ -1,173 +1,176 @@
 $ANSIBLE_VAULT;1.1;AES256
-37356434643231623932626166316532633039323736303737363933373263623433653031356331
+66303361306465306436306562636265303832353830313933363965316261376162313738653737
-3431376135666263353431396663363539333164643462340a383832373965653835633937373432
+3334363661316563633238316632336463323737633066610a306236343636656261623835343466
-31393936666535633137333739346135316463636166343063666363633966626639663265373935
+39386437363564623661333465386338613632316563373164363839623138336165343834313237
-3865353439646331640a326137373039666263366330626537363566613135346263663761663732
+6433343439383431360a633139363034623861396633316632336131333137626239646639326131
-65363064356530373430633562623132373565326364656631313639376131313563316136623966
+65613236363733346330636565303039613737366263356230313734383033383435343433386536
-35386236313238396436303765366365346335353166376164353936313536393665326439653861
+30653263396339656337626239303662326134373231303364613066656339376662643934323466
-35623832623365386232353163656339333031323937383862656532636436386334643362653532
+30643261393463373063623865343537653862353766323538613731353534363639616438313663
-66636365316161316536636131613438356464636163386233333333313531353935346264366231
+66366133643462333935636231636638326364636334613430333062616264663961326362613466
-36346561303163663735386533333835313231333965633737376537396531323935383134643563
+66313730363933653631646638616166343030626465336361313239323731356534313963613530
-32643566323564363762306438376431383237313633376437333339623936376664346137333561
+65383735626234663261393834313232626239666135313566353839616162323732323265633031
-65656336303964623964616230306332636535343833336535303832666137663865336564623233
+62393862663438313237663335396332613661313864303630653533343362333834356262363465
-33653361646533613462373163363736386634663038666232313432653037643330653639666663
+30666232356539386437353438643038333766363362653432366263616338393066363532633064
-61643533363938366634616632626131663164393338623539636430363166323935396439373337
+63646561653264393162303430346662623536363364383862366264393532613461303935653261
-34343930336631326634366331353836323465613934383231313364383061636631346633383634
+39376462623561626336306435323934323130613031623865656432626233616563393365343036
-36646439336530353761613831343236373936666632333965323964643862616633303732333230
+37643463666436386230653339613463633133333661356564646234653632313931333765383666
-36313132323965323831336265306565346461343235383864613762343536653434333163616663
+39646331383939343663306634393531646265363531326636326636616632643437343566656464
-34303731666632666630313763323239633435386330363339363631646432633762383464303837
+64643638616264376130656637386134396161306636333064633731646234396566303934626332
-39336630343833646666383237376238316264393262336136393662363261643961666332623138
+66393466626137336265653933346362396639383064393663613866333337653166343262646536
-65633661343265643731396663376262613566613135663161393833373766396632303734336261
+61333864373737333133626438646538353338663531323961666335333166613363653230643139
-30326436363237653431396563326264646335643536616530343863623130643666653733323331
+38616462306461356135306164376332313538613465316563663566373533396635346635646134
-30616363306636396439376661633035326430313363656433636465623737636565333436653031
+31386661306533383130633130346539303666316663333762383131623535343038613963353336
-33326662336239633930303665373965393037303238393630343338383362363439386634613838
+32336135366435643463613962383833666130363765326631613963363266626633643966663063
-61356533383032656663613966383131623333613639633062343639393865376433316464653738
+33363235353765623961346331393963653130663434356234336538626438616334613761636161
-64346465633263383662313934343732363536343662653532393837383062333565636662626634
+32346234643531396530653636626531653033393863383963663938646135616238393861373738
-30393364336566343264373538386230623136316632666237646431333233376562356439626536
+30346664646465666666333165336636616265303265393236626534343163353633643737366264
-61613835346636346139316665623463363339623863373961386661656361363232396533636233
+63303937306637643033663333353633346166636361323538393063353438353135303665616663
-61326236643162623331633066333138326533323835366534336361396263353432373532326437
+34613230383836343861613661356162363831623363633435646234353839663530363936356238
-30666234666235343739343834316234346630373661666634616461383639363664656534663636
+63383038616631666633653032613435316265626137643730666539393561373264613663656464
-33376237313333393632313839373436616631336130393930373136623335666235386162376464
+30613033373435313036633938353461623335396264313236623065323339623537613164316366
-31646437393336313433643534363138636461373837336634646464356437306265353731663362
+33356432646438636530353230333762346165336661393038666138356561333363613563656665
-64316530326536333235386531613931303238363062383639626238346337356539323938663464
+34306136393233346532303461393736636561316231626231643633333938656435663638306261
-62613432376563616238303938663933363564613532333633346132373361346231643130653833
+33393064333662336466313461363638393339373637303735663736353537363364663235363263
-62313631313563343437373032626339366538313764333666353633363637333965633533373633
+36623663636235363332616433626266653330393633326339376562636165323539313532363535
-33353134373730636638633432313932363264623531303135636566653038396131633230343839
+64386136393631656665343337333738653664613966363361313931313763323563383265623935
-35303337613935666231303638663832663339626463353862616139346664356261656433313930
+31643532346363656462646436343761353938626661383336636436373233343530353130626463
-65383336393934633036663261636434636461363161646239363135643536633836353965353462
+36346330626432376338306339396563316233313836383863303232396439336436363833383063
-62636264373332643333356636616230376135363539393139383666363534626131663736393139
+39663864306533376630623334386336663237666635336661383630616139633736393835666534
-36653862303066633365383435363637316262646338663437313435643334383835393238613763
+61393036363763336632623236383236383639373662393761313834653833316332373733653830
-33656136646465373938653263376162633032336536613535356431393135396432636637356632
+62616563386435396433653930653637643031636462633336663033306531356239346564663564
-31306132353632333833643434663930613936646233623935323761353461363139353238396633
+30636462343263643236316635346163373765393262623365353933313065333532353562333932
-63363731613336643635333961336664343430353133373937396565343366363634653330663336
+62656234656363306266386135313466376665663166623038616637663333353731313564356434
-62393866643665393232636232373964616335646363613466373666666661346139373938616463
+61343235613639386364663533376362613364653562613431393862656265313432623532343965
-37613931613033323538323662356432306639626636666338666565343336323363633966316137
+65326362323534346535326331613262653130623336653231323564376534336261643538333434
-32346538303935616265313461383731356462336435303936663931376133616365626466346435
+31333830653933633562626364363364386630343364376337613436663030333865323433316163
-63313333643361363665653862663338376630613666356538616336643139666636663461323163
+33356438366161626666653731386438643064656538373036393532396432396138353564313833
-35613365363032343831653639373866393635633363393961613339313234366232346662646132
+34643231366439656439336534323039616364396137653661373761343635663366363134623032
-36636362356431366631373635613936653162323736303434353130343834323530393330613633
+62313734313061353065613561613337373338623732326362363436616134343864643439363631
-66393130323637346561616435623562313037393161666236323834323836326161613963626236
+38346339383864373635383462326466303635383661633665663362646165663934336632633838
-38343362343335343437656434303130626165646661393638336435343933326462343366323964
+64373332356664663663613735663163336465353030383365346661326634373832656137393061
-39346433663533346262316461623732363963396161353139613663393264623335623832653436
+34626363383964646439356338343439343336626237626366383663386161663037343339383066
-62306337653062666137373930303334643630623432303932303039343764633361613063643965
+30356332623337626437313235623161373937663532613238353333326265663937653034616135
-34646133353132663662303665373836643238323932336663333730363137323532663164633862
+64663731653965613933636561313730623030656666656232396433646563623137643661643132
-39383963336236646161653136626662313764373530623161663437373330666332316362623031
+30383439343764396137313231353161323835393934373561623666653630656335366434636235
-66653832653035353662353638336239313336663765373966383030316137316135303134616439
+36306162316464613365616330626433306335396130336266616566653661336335346566613763
-30386332366639653835663530643931326635373836663166313165633137623738636438663261
+30373638353230313433333539306664323333646463333334366362613832376534356636383235
-34613135643363343232313061616337333562373764663733666666376233313534396132303536
+30626263383036643034303465366137356665366238366663313837323937646631396262623331
-63643030623962626432653938336633313561303236363762353536613464353331373436666238
+62323366623530663561643036643733323230343832633639663737356530643564643534666366
-65623961383736633934326165336637323630613032326163303436646530363063316334366665
+64646339363235376561363835643166663735643333656230386565653234356565323135333731
-35303237613130326339306436343262313733663031333539343163323530653035356431386236
+65313864316166383566386564303461343031356138386362633834316230396436306533306239
-63373564383233653165623034616262393966343262646461303562363763613261656235623533
+62306132373535363931306664346637663561323530346339373234343633663062393361323532
-39643963646266623663343537663364633036373838313139313966663031376162666661363161
+32653938623738383565353965656636336662323939346331396162623862613038633035643766
-36626332313535616638623837666565343734643037343761346238366665646461343532643434
+30346431393237323735386337643062396433366434396531623130643038366465643132303532
-31356339613066646338306262323336373161326531326137353937343139386562383063666433
+62366266393166333138643238383764656461623361326236333565373762316431373132356263
-61343861396465316663373963333237633736313735653138646366323334653963323831383864
+30396263396264626330613734346361646531626531363639393431366636316135333566393561
-61636565333739663633623334336463643362343335663237393161383963373364303864393361
+65393661333837633236396563333631663036376633666538306564333565653030303135313866
-61333935353634336637343961363237346565313633313366376336366139613563333336316565
+32366234313532656437393964666438393737363437303562633937396437663062616636383564
-31653066323537646163666539356663633438386437386432313239356466356635303837326434
+33393564643066383662323765346535616164633239636235656263336663633562646665393734
-66373934303932323732616563353566663766626335356662383732363266346636666231333864
+31393232376662666431393064643161653730653263313536613963376561386536353536616163
-33663634313364353162666462383735653162383438393939306530393064626666366431633432
+63316237636630306165346633646437636636626331303262663032653662333236646564613363
-63363139663632336333333562656339366133646630343533386535393234383638346532326132
+63616263643266393861386166346139343237633232653734363465303935613264366130336261
-65326538373439373839656634613830656138643166616163663430323266366535646463303564
+63333137633266306465363837646163323266363665396266363437303931353938653638343630
-38383537613964643761623330313563633939616432643134333266653038306136613962303162
+61386561616663303330663634306235336432316365303461623665393338396434346533366130
-65393932353131323739333463363764346638633664383539616562353831653033633135656131
+35303363643334613862613831366464616264386338373566613431303939623638656536306532
-35663136613835383538303134646631386331393032653539336632373439326238376233346238
+31346365623766346566353564613761333563303233336139376639363634616564303336393737
-66623164643361646262373766353066633562343739393637653664623339333035323231663633
+38333637376566393437383264386561386336653135663135356466663430383634313535626233
-66373134346231313239616534613065656563653662376434366161303163346533643866376266
+65646131353961663064316434353564383163646166323832663662373031636531623736643566
-39383631396631633932653163343237313166633134346161653463393930613765373239303061
+37336530636133363561643438663563353963373265333333386434336361326338646666636263
-33373466376563373739646130613566666132636666343266306135376636333730613034356430
+64396438616335393338376632326162326530636431323466646261623531303335656135313834
-66373764376234363438613439643931323365636663376236666162643731646366623430373334
+34613764336234303230373737326662396562303439363535643562386661303861666530366332
-32653962343839316534383034353535303839336361366666343961383930383237373164333065
+62316635343436396535656163393737343664333963356539313037306432643166393333353036
-39643965386336393666633666376434303463633035373064383266646434343163396636343237
+63663266613332363364313863303465366136333862346164306335353838333830343261323365
-66366561383237666566643035633635373966306464313765316665363532623638343030633733
+61373565666665663065666233316639326238323763333336383665653434623031383063613162
-34663061663565303730613339623465653934363337396164383164363134373034356339643665
+33666532363638353130303665646536663139633463343764353962643838353037323865623236
-38333662313862393631336533383631306130353963313337663031363061323762613966346333
+39613832616265376464363234363532323265366362316564343964636539656263376632313538
-31356462336431336239353061653165376138326561346266353235636262613932633135303430
+38653066666165333866646437353264383638366138633538336434623139623264623033656661
-64326536643334313262383132616434633131356537393263613761316535356631336461393930
+36643336343764613136653432316361343963313162326439656662386334356535373361303330
-64386564306533656436653161383230313238396336656162656464663637336230663466323530
+31653963306365373633323937363332636633613266363064363535366136646639643632343031
-34353730623033623866393266346134666230623139636132653739313738633037303563396162
+34393363373861613863313039393336333165386637393265333439396230643735363230363530
-35366564376561306530353361616337386361326436366532656662376336373662636135663532
+61643036353062643164663063343930613536653762633231333931646239343661343738386232
-38616631343733646564616264636239623136313037386561646632663463383430343632643935
+66373934643837323266623866393166373837323034373662306565623534396562326635323362
-38663135346664626133373732306461383935366637303235316337376432626464396135343433
+31613138613261626231663330626664376539366165353836343039336138623931643537363931
-31623230653464656538333263353061343761656638386537313163386132326635666531373334
+62313862313164306337383465333464313966656538643836643639653632663564633232343362
-61313364646262346637623165643263313336626561376166326333333636303631353231373365
+61323033316630616536633938393735343332653965656565663163396335643738646463303130
-31656664646330663063383135626534306338303161313438313162313866343035363234333432
+64363334326165653962656534313939666230373362316438346139356266616566346462356162
-65613937373763623163653464636366316131653337346339626565643639663239313631336164
+61316233346463376162356461623734313431623330633239353730643964616662383966323932
-39626263303361653864636433653038613938663037373735343637383733386230353663653865
+35373962663333653738616562396638633136376635383032313634333931626530393532663531
-33663235613338636434303735386432383534663263656634353839663632343738376161393736
+30356232626566386632356334393939343262393536666130333537646338343063313565623163
-35393062656533376261336130663235333766373832306563366538393763646339333334373063
+64383337303665613630393164383337346132346462373338323933316231386233323061353661
-63396332303536336435323665316138613830306531356366383666343334323338616165306338
+64336337376231383035653861373639373763633337396236373161613833303630316663626331
-61626364613062643131656239336466386664316661636664336466303931643236613761323130
+62633336383834363033316539336261346137303463643337393465393339663966653464336162
-63656638633736383734313439366135613038326133646665303035646137393133636163393261
+66633832383734373635356165343336323866663735353931626466613361636632313437326566
-66633864636362393630323436646233303664326634613235633438343930346538633466623064
+36386631653935633036373831643763656564643138303564306630396539373536383261663366
-64643136326363356631343136366333613266336439326335323163306566313537646336383963
+63333061333431626465353839343564346331323961663939373538636261343336663461336566
-35373936356137396366656237343432656236343339376538363339366334646130333030383464
+61343231633064336561666362633739636435633663653432393862356232356434356439343936
-66333961643236653235663865353366313862633138376265366136636438633065653535663931
+35326237313033363031336162303436383733626365373832333438393436663938316366343161
-35393166326337633337313465306565396161393534393563353166343935646362303465333833
+65656566353535363664386336383137313962333339396530356361363630353365366532656464
-32326661633838333563663565643134616139353831343663313134306639656163653138383530
+39353639626639653535316665383962646331326463353663383630633961353031396131393562
-63336462363862353935646563393766316665653561643765326161396439393866643565313161
+64663661396330356664316536623666383762623934306532636562663038336165376262633661
-66343466313465343563316361643732313830633439336534316136303463366633653662643565
+30373531356163386531623738373837366666323637333932393131366531316439643338373230
-33653533626531393536343033333433393032363862343661313836346561376565316361653032
+39663131313531343736353666376532326566313963623432643965646666333939613538643463
-36613738663233333766613236613239336663323931653230313761643765666632363362643034
+66333762306162623963306136343930306638383933333835626231616466633561633766383564
-39646130623161613332636330393936336532653861393935366266396536616465356362396635
+36653163366336666565626665323966373434383432303430306632333636353337386265323534
-62643438643665326163366239386364633434383838613735396231383762316565373665363531
+61306435356164313731393862383531646665346134616330303237396136313765313233313434
-32666131653961656566376631303239323262623330383438386164363162303662306535313162
+35393065363264323232323537363237303330386635346263306463636233393461393232306534
-34343539636463626430386630653934306665333266336234313362343366633366373131383861
+34636138333038366165343434323937363864366463326330353438313662323035653965383138
-31616535346236666264316535646236633363623533656332353037646231653236613664356362
+34646331356237613461393464386465303834373536336666626539313431303635653831303237
-65656333303461646131366365323266656661343864633536396238333962393066336537353234
+66643536336330303438393161613833346337336333636137336435333830386137653139386665
-31353337646131373533346161643432656361366464613437643230366261613662356435303339
+34636463313438323038616134383932646266656434633861363331393634393030356562646134
-33623665373231656539326533353035383038633731386531633064623339653831306430333265
+36653830326330353962393736393566393839366132643163303862316566633838373537613531
-35386538323561663433323939393564336539636432633738663337353937633837323062616266
+30396636333564623930313636363762636437373138313835393362346237353731316662343661
-36363766373661356261643966623937633334303539343665343266386630363663663037396263
+36636536643534636632646463376333346230383866353736393535313931313066656231336234
-61346330313665373533326437623838366634303335383433626137383434333166623138383931
+65333935653537613239663166303636356466653337643362313834303634623535653166613138
-31643333366662333930393039333232613363313065633734303339323265323861633831646663
+33316638313233613239386235383737623361376132346666393661393464613963616233613033
-33663934353664306665346631653561613463643265336431643532333533323764323937653934
+35386534353462386238313833666234633662353166303463333463346636646565313333613866
-32356630383633666538386461653334343363656539383838613239626336366634383266323462
+62313066366131353961323761306461653732393737386539646461346133626363303563353035
-38393534656635313739653461343835336134333166653463316464393063613831653837346663
+63313536646234396433306361366338386539326366316163363132326230366632383032646233
-39626133643239353530303263663635326561306665363034393565326463343061313563366431
+35626138326633653032393263326261313761623437336630646634636463613533353239353734
-39303333396166346138376530646532376333646636613664326536663133623532663462316439
+65363236373038623965353166656131313835373834386635656361323931653237393336333938
-61343239623166616466316465653532646137336135656164386532623266386633326164336566
+38373737613966356366313636656366363031396639623633373162363363373830363564356336
-65623436343531623133353366623763333137303132396435653632623534623061393036656161
+37373537323462633337663462666637363661313166323038623665393562663862383161383363
-36373564306564363432373633326535383038623933343834386634653839353933343965366137
+64366663656537663837373662313564663033333663633333613733656662303639313630623162
-34343334626661656265393461393339346139633136373936653630383732393461386463313263
+65663165363164343364633132376538653834323764646664626266343534393763663936616339
-63366263333637363339323534636234386237393663316435323130663438343930336333643838
+37336336356164613534653862626230356635333361326266323365353665666531343337613331
-34353264373261306439393732343530393765346161653562383939623234356562626664373263
+61303731313431386633616230393562373331643966306161343730336539313935306662343865
-33343234366639663666346564383866623231356164396435363035373063643566326665373864
+39303237653733663162303664386237376266333963663034636564363032373235646430363837
-32616131383530663033633866613236366264636564343462326265373762396364323232393131
+38636261613564323565336639623533343964663733366138303635303833633738326165643938
-39636432356334353439333938643331366263353237633234643233373364393133366537653738
+38616364663737333535346661356333326238303439626138303465663932393839653362393432
-63383531643334656537316663393235646331613365393330633064663939353633383035643866
+33613236316161323135373162333866666136623062373037383665633034356534333530643037
-61376632636430646135363761393131626664326235316639646332366564396561633037363866
+33363466643030323061373633393233383838616631636266323165656137636532626136353561
-65353563643632323364313134613339356563333431353931653738323162316666346466663266
+64663936396364613236363663316534366162623735336235643631373263616330353036623333
-62653433666136613734623361363066336230326562663730643230616463613936633738643135
+32393334663663393264376630626630653962393632353239356236626334633833306335386333
-66373935653939613537306265623532616133353365303433303562353831663534343165316362
+30356630306630323334663334363063343462383837393663636133343465336537353433663536
-39613937326561383264323361666439613865316138386266393261616135346433323466333234
+66313265613032343838633164633366396236343136303163353365343032353239376539393965
-33356138623132383063356633613066356161616662623961313562636636386463346266366137
+32316361663438623731336537393135336465336161646661366565356338326537646561376434
-63396535353236623765626634663132633261643036333762323836636138643737373031653266
+36626332303661373561306338666533633435393433393832656166656264376266363035366637
-37333836383937386238326162626166656134313165336437323834326635623036616130313539
+64346432336339396636353930363263653838343266623430613730373235376538366465373764
-34356337666536666230333231326463343938396366353238313639656531663363636164626438
+31326537383336633434663231663865353763323235623866633339393633323836366637303536
-30656439626361386633343236373733656334353061316239303764363236353639626637376534
+62313139646562616339356336663838386439313531333030643032333838343332383533663134
-36313630613336633533613437663563656436356130336333346432616638343463316636326236
+32323935376462646130346631656362373035346436376266653164303263653566303037393136
-30323737623330393565616532363835373766626432356137376561336261353864333266313033
+36313038303862373662356662663437353265326433653330343437316230646338306639646532
-31663665626439336362363836613032393934613438333663373565393662663066353337343233
+35653732306239653133656361333330333634376332323737303831666461346165616138663637
-31356261396664653865326532326136356134626631333530306633666538376630396163643761
+63376263333365623037616336303038613536303163343930396635386536363936346465326137
-65636630346134353431646137613766326365613463373130666665663166356639333532326238
+63653835623135353161643765643563396636313635306461376531626332333335393661646431
-32303238346632303831316631303733346433366665643234646439363737363462336539343534
+33323430653464396230366465343236303033356432643066303730323132306238643737376533
-62623363353135303732613939613430363338313539616336656433356664343365663835626366
+65643232323138313562346661396361363730643736626166386664313732326136373531663466
-62663232386638323265643133343433303133616437666139616337363036316135356333366533
+36383630636161376431393135373863356137353737306166393934656437363063363630393864
-35666466303365623835663266373765393031643637333663663030366465333764653466373366
+62663464623932616532636231643964396533396230363837383235666561663032663938373165
-38303863373864656431666434353064343166613132656266393939393163326631363931616637
+32313931373935316137643937623161306330653161336138363562313033613132306164623364
-66396161633133646164646339396634623766643065306666373464323562363963333431636638
+38336435333432323237353734393666646361626535393665306662393831393765636265373938
-66616166643762656433646661643931663639353237623461616561363164333634613338636336
+61303832343631313634393037356662643162643233363731386265323862383034623564393661
-30626234333237366563663163366633666165343933316636646630653031393139393534376334
+30646566643336323038633161356437613666626431613762363530343166633735383365323462
-64346166623061303930313432316665646266613834633139306662343537653736393134623032
+36336364616531393031326361626638323834353365666437363466653234316532396662343365
-62643537393239643265663433653737386464353130303130323538626164306637323665623736
+63393331336336636363313438386461303838306539303161333433313037373361366336653462
-39626238333038366263336630373139343064303833646634313331653033396364646462356639
+65626531646338626532646563346566626536643166313432363231343163313039323461633265
-62333331336561373839636631363934653363386365363132646464653363313866616435633138
+61396263303433383830333865366537633066366231393034623233633436316133303030653236
-34623638666534663131616631306566303365623339386137623666633833393134393735623264
+64366638353634666661666534363763356164333065313136613761626262383239646539626330
-35323330366134613635656438323566346263306231343536306539633366653062316638396532
+31636665326134653836626364616161636265393534666138386234373635313834343338646139
-62306133386530386436633661356331323261353738623865333531363036633535643537393362
+39363432643962623339636463346264343530666133656361316437333837346236353532613131
-62396565636566343932373361373163356639313236306161366237356264336330366130333530
+36626562326536303263373361326565326364363934343430313662376464303532346361653563
-63613363313930386438343330376463626438343439313866653039363036316566613932313230
+62333238633765363363363265303438396631303463376561383832643633353065366633633364
-63323330373866613032343235623334336635343062623461366263623033353335623137356439
+65663634613638336638376632353733646536313839313335383939613565623463313534633335
-39393834343230363362
+33333139343633353830663434643139663839323364643235623832386536633264373434336133
+63303461383063313738626431663361633730343730623865613936373232616663373636646338
+31376261376139666531376663613331366539303133353564333036336239343233666238303361
+303137643632666133393733336431393664

host_vars/mail.auro.re.yml

@@ -0,0 +1,19 @@
+---
+certbot:
+  domains:
+    - mail.auro.re
+    - smtp.auro.re
+  mail: tech.aurore@lists.crans.org
+  certname: auro.re
+
+cert:
+  # path_cert: "/etc/letsencrypt/live/auro.re/cert.pem"
+  # path_chain: "/etc/letsencrypt/live/auro.re/chain.pem"
+  path_fullchain: "/etc/letsencrypt/live/auro.re/fullchain.pem"
+  path_privkey: "/etc/letsencrypt/live/auro.re/privkey.pem"
+
+nfs:
+  src: "10.128.0.6:/data_mail"  # caradoc
+  mount_path: "/var/vmail"
+  dir_owner: vmail
+  dir_group: vmail

hosts

@@ -32,7 +32,7 @@ re2o-db.adm.auro.re
 services-bdd-local.adm.auro.re
 backup.adm.auro.re
 services-web.adm.auro.re
-mail.adm.auro.re
+mail.auro.re
 wikijs.adm.auro.re
 prometheus-aurore.adm.auro.re
 portail.adm.auro.re

mailserver.yml

@@ -0,0 +1,31 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy mail server
+- hosts: mail.auro.re
+  roles:
+    - mail_utils
+    - mail_certificates
+    - nfs_client
+    # - postfix
+    - dovecot
+    - re2o_service_mailserver
+    - rspamd
+#    - mail-fail2ban
+#
+# Make OVH server send mails through proxy ?
+# Add multiple MX
+# Configure DKIM, SPF, Greylisting, etc...
+
+
+# Deploy Re2o mail service
+- hosts: mail.auro.re
+  vars:
+    service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git
+    service_name: mail-server
+    service_version: aurore
+    service_config:
+      hostname: re2o-test.adm.auro.re  # use test instance for now, should be changed for prod!
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+  roles:
+    - re2o-service

roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2

@@ -23,6 +23,9 @@ authenticator = dns-rfc2136
 dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
 dns-rfc2136-propagation-seconds = 30
 
+# Accept TOS
+agree-tos = True
+
 # Wildcard the domain
 cert-name = {{ certbot.certname }}
 domains = {{ ", ".join(certbot.domains) }}

roles/dovecot/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart dovecot
+  service:
+    name: dovecot
+    state: restarted

roles/dovecot/tasks/main.yml

@@ -0,0 +1,65 @@
+---
+# Install and configure Dovecot
+- name: Install Dovecot
+  apt:
+    update_cache: true
+    name:
+      - dovecot-core
+      - dovecot-imapd
+      - dovecot-managesieved
+      - dovecot-lmtpd
+      - dovecot-ldap
+      - dovecot-pop3d
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+# Create the vmail user with UID and GID 5000
+- name: Create vmail user
+  user:
+    name: vmail
+    uid: 5000
+    group: 5000
+    home: /var/vmail
+
+# Create mail user seive directory with right ownernship and rights
+- name: Create mail user sieve directory
+  file:
+    path: /var/vmail/sieve/global
+    state: directory
+    owner: vmail
+    group: vmail
+    mode: 0770
+
+# Do the same for mailboxes
+- name: Create mail user mailbox directory
+  file:
+    path: /var/vmail/mailboxes
+    state: directory
+    owner: vmail
+    group: vmail
+    mode: 0770
+
+# Add the Dovecot configuration files (conf.d)
+- name: Add Dovecot configuration in conf.d
+  template:
+    src: "conf.d/{{ item }}.j2"
+    dest: "/etc/dovecot/conf.d/{{ item }}"
+    mode: 0644
+  loop:
+    - "10-auth.conf"
+    - "10-mail.conf"
+    - "10-master.conf"
+    - "10-ssl.conf"
+    - "10-logging.conf"
+  notify: Restart dovecot
+
+# Add the Dovecot configuration file outside of conf.d
+- name: Add Dovecot configuration outside of conf.d
+  template:
+    src: "dovecot-ldap.conf.ext.j2"
+    dest: "/etc/dovecot/dovecot-ldap.conf.ext"
+    mode: 0600  # only legible by root
+    owner: root
+    group: root
+  notify: Restart dovecot

roles/dovecot/templates/conf.d/10-auth.conf.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+# Include LDAP conf
+!include auth-ldap.conf.ext
+
+# Authentification mechanisms
+auth_mechanisms = plain login

roles/dovecot/templates/conf.d/10-logging.conf.j2

@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+# Prefix for each line written to log file. % codes are in strftime(3) format.
+#log_timestamp = "%b %d %H:%M:%S "
+log_timestamp = "%Y-%m-%d %H:%M:%S "

roles/dovecot/templates/conf.d/10-mail.conf.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+# Mailbox locations and namespaces
+
+# Simple mail location
+mail_location = maildir:~/Maildir
+
+# Plugins
+mail_plugins = quota
+#mail_plugins = quota mail_log notify  # to be tested

roles/dovecot/templates/conf.d/10-master.conf.j2

@@ -0,0 +1,26 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+# IMAP/POP/STMP auth configuration
+
+# Authentification
+service auth {
+
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0660
+    user = postfix
+    group = postfix
+  }
+}
+
+# Local LMTP
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
+    group = postfix
+    mode = 0600
+    user = postfix
+  }
+}

roles/dovecot/templates/conf.d/10-ssl.conf.j2

@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+# SSL and certificates configuration
+
+# Cetificates location
+ssl_cert = </etc/letsencrypt/live/auro.re/fullchain.pem
+ssl_key = </etc/letsencrypt/live/auro.re/privkey.pem
+
+# Enforce TLS encryption
+ssl = required

roles/dovecot/templates/conf.d/20-lmtp.conf

@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+##
+## LMTP specific settings
+##
+
+# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
+#lmtp_proxy = no
+
+# When recipient address includes the detail (e.g. user+detail), try to save
+# the mail to the detail mailbox. See also recipient_delimiter and
+# lda_mailbox_autocreate settings.
+#lmtp_save_to_detail_mailbox = no
+
+# Verify quota before replying to RCPT TO. This adds a small overhead.
+#lmtp_rcpt_check_quota = no
+
+# Which recipient address to use for Delivered-To: header and Received:
+# header. The default is "final", which is the same as the one given to
+# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
+# parameter, "none" uses nothing. Note that "none" is currently always used
+# when a mail has multiple recipients.
+#lmtp_hdr_delivery_address = final
+
+protocol lmtp {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  mail_plugins = $mail_plugins sieve
+}

roles/dovecot/templates/conf.d/90-quota.conf

@@ -0,0 +1,97 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  #quota_grace = 10%%
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is executed, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  #quota_warning = storage=95%% quota-warning 95 %u
+  #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+#  executable = script /usr/local/bin/quota-warning.sh
+#  user = dovecot
+#  unix_listener quota-warning {
+#    user = vmail
+#  }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+#   dirsize: Find and sum all the files found from mail directory.
+#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+#   dict: Keep quota stored in dictionary (eg. SQL)
+#   maildir: Maildir++ quota
+#   fs: Read-only support for filesystem quota
+
+plugin {
+  #quota = dirsize:User quota
+  #quota = maildir:User quota
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+  #quota = dict:user::proxy::quota
+  #quota2 = dict:domain:%d:proxy::quota_domain
+  #quota_rule = *:storage=102400
+  #quota2_rule = *:storage=1048576
+}
+
+
+plugin {
+  quota = maildir:User quota
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "452 4.2.2 Mailbox is full and cannot receive any more emails"
+}

roles/dovecot/templates/dovecot-ldap.conf.ext.j2

@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+# Dovecot configuration for Aurore
+# More info at https://gitea.auro.re/Aurore/ansible
+# And on the Dovecot wiki : https://doc.dovecot.org/
+
+uris = {{ ldap_master_uri }}
+dn = {{ ldap_dovecot_bind_dn }}
+dnpass = {{ ldap_dovecot_password }}
+base = {{ ldap_user_tree }}
+
+#user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid
+#user_filter = (&(objectClass=posixAccount)(uid=%u))
+
+pass_attrs = uid=user, userPassword=password
+pass_filter = (&(objectClass=posixAccount)(uid=%u))
+
+# Convert LDAP lookup to lowercase
+# would be needed if re2o did not already had lowercase enforced by a
+# validator
+#auth_username_format = %Lu

roles/mail_certificates/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Generate certificates
+  command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"

roles/mail_certificates/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+# Very similar to the certbot role, but without nginx
+# Install Letscrypt tools to generate and manage certificates
+- name: Install Letsencrypt
+  apt:
+    name:
+      - certbot  # letsencrypt
+      - ca-certificates  # just in case
+    update_cache: true
+
+# Create the configuration directory for letsencrypt
+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+    mode: 0755
+
+# Configure certbot
+- name: Add certbot configuration
+  template:
+    src: "conf.ini.j2"
+    dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
+    mode: 0644
+  notify: Generate certificates
+
+- name: Make sure let's encrypt renewal-hooks exists
+  file:
+    path: /etc/letsencrypt/renewal-hooks/deploy
+    state: directory
+    mode: 0755
+
+- name: Reload Postfix and Dovecot after certificate renewal
+  template:
+    src: letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2
+    dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh
+    mode: 0755
+
+# TODO: add motd

roles/mail_certificates/templates/conf.ini.j2

@@ -0,0 +1,26 @@
+# {{ ansible_managed }}
+
+# Pour appliquer cette conf et générer la conf de renewal :
+# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+# server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+email = {{ certbot.mail }}
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Use nginx challenge
+authenticator = standalone
+
+# Accept TOS
+agree-tos = True
+
+# Wildcard the domain
+cert-name = {{ certbot.certname }}
+domains = {{ ", ".join(certbot.domains) }}

roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2

@@ -0,0 +1,6 @@
+#!/bin/sh
+{{ ansible_managed | comment }}
+# Reload Postcot and Dovecot after certificates are (re)generated
+
+systemctl reload postfix
+systemctl reload dovecot

roles/mail_utils/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Install small tools that are usefull on a mailserver
+- name: Install small utility tools
+  apt:
+    name:
+      - swaks  # Swiss Army Knife for SMTP
+      - mutt  # small CLI mail client for debug and on-server mail
+      - pwgen  # generate strong and cryptographically secure passwords

roles/nfs_client/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+nfs:
+  owner: root
+  group: root

roles/nfs_client/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+# Install NFS client, mount distant storage and add configuration to fstab to make it persistent
+- name: Install NFS client
+  apt:
+    name:
+      - nfs-common  # use this on any NFS machine, be either client or server
+    update_cache: true
+
+- name: Create mountable dir
+  file:
+    path: "{{ nfs.mount_path }}"
+    state: directory
+    mode: 0755
+    owner: "{{ nfs.dir_owner }}"
+    group: "{{ nfs.dir_group }}"
+
+- name: Mount and add to fstab
+  mount:
+    state: mounted  # actively mounted and configured in fstab
+    src: "{{ nfs.src }}"
+    path: "{{ nfs.mount_path }}"
+    fstype: nfs
+    opts: defaults
+# don't specify dump and fsck to keep the 0 (don't) variable

roles/postfix/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+# Restart Postfix
+- name: Restart postfix service
+  service:
+    name: postfix
+    state: restarted

roles/postfix/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+# Install and configure Postfix
+
+- name: Install Postfix
+  apt:
+    name: postfix
+    update_cache: true  # apt update beforehand
+
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+    mode: 0644
+  notify: Restart postfix service

roles/postfix/templates/main.cf.j2

@@ -0,0 +1,70 @@
+# {{ ansible_managed }}
+# See /usr/share/postfix/main.cf.dist for a full commented version
+# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights
+# More generally, see the Postfix documentation at http://www.postfix.org
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+# Send mail as user@{{ myorigin }}
+myorigin = {{ myorigin }}
+
+myhostname = {{ myhostname }}
+
+mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }}
+
+# Specify the trusted networks
+mynetworks = 127.0.0.0/8 {{ local_network }}
+
+# This host does not relay mail from untrusted networks
+relay_domains =
+
+# Allow plus delimiter
+recipient_delimiter = +
+
+# Re2o Generated files
+alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases
+alias_maps = $alias_database
+local_recipient_maps = $alias_maps unix:passwd.byname
+virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
+relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual
+
+# Tell Postfix to deliver emails to Dovecot through LMTP
+virtual_transport = lmtp:unix:private/dovecot-lmtp
+
+# TLS for reception
+smtpd_use_tls = yes
+smtpd_tls_security_level = may
+smtpd_tls_cert_file = {{ cert.path_fullchain }} 
+smtpd_tls_key_file = {{ cert.path_privkey }} 
+smtpd_tls_loglevel = 0
+smtpd_tls_received_header = yes
+
+# TLS for sending
+smtp_use_tls = yes
+smtp_tls_security_level = may
+smtp_tls_loglevel = 1 
+smtp_tls_cert_file =
+smtp_tls_key_file =
+smtp_tls_CApath = /etc/ssl/certs/
+
+# Caching TLS sessions
+smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache
+smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache
+
+# Reject mail if user if overquota
+smtpd_recipient_restrictions =
+    reject_unauth_destination
+    check_policy_service unix:private/quota-status

roles/re2o_service/tasks/main.yml

@@ -12,6 +12,11 @@
   retries: 3
   until: apt_result is succeeded
 
+- name: "Create the local user {{ service_user }}"
+  user:
+    create_home: false
+    name: "{{ service_user }}"
+
 - name: "Clone re2o {{ service_name }} project"
   git:
     repo: "{{ service_repo }}"

roles/re2o_service_mailserver/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+# Additional configuration for the re2o-service mailserver, you have to deploy the re2o_service first
+
+- name: Create generated directory
+  file:
+    path: /var/local/re2o-services/mail-server/generated
+    state: directory
+    mode: "0755"
+    owner: root
+    group: root
+
+- name: Deploy cron for re2o-mail-server
+  template:
+    src: cron.d/re2o-services-mail-server.j2
+    dest: /etc/cron.d/re2o-services-mail-server
+    mode: 0755

roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2

@@ -0,0 +1,3 @@
+{{ ansible_managed | comment }}
+# Regenerate Postfix configuration Re2o API every 5 minutes
+*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py

roles/rspamd/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Install rspamd packages
+  apt:
+    name: rspamd
+    update_cache: true
+  register: apt_result
+  until: apt_result is succeeded
+  retries: 3
+...