From b2fb30d46db1cfb7213edfe1888f58ca3a678ac1 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:14:57 +0100 Subject: [PATCH 001/149] Add mail vars --- group_vars/all/vars.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..6b3c1e5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -89,3 +89,9 @@ apartment_block_dhcp: "{{ apartment_block }}" ipv6_base_prefix: "2a09:6840" is_aurore_host: "{{ 'aurore_vm' in group_names }}" + +# Mail + +myorigin: "auro.re" +# myhostname should be the FQDN (Fully Qualified Domain Name) +myhostname: "mail.adm.auro.re" -- 2.45.2 From b412210d56f93393603dd0528ea754a03b535ca8 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:15:48 +0100 Subject: [PATCH 002/149] Add (initial) postfix role --- roles/postfix/handlers/main.yml | 6 +++++ roles/postfix/tasks/main.yml | 15 ++++++++++++ roles/postfix/templates/main.cf.j2 | 37 ++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 roles/postfix/handlers/main.yml create mode 100644 roles/postfix/tasks/main.yml create mode 100644 roles/postfix/templates/main.cf.j2 diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml new file mode 100644 index 0000000..d8755a0 --- /dev/null +++ b/roles/postfix/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Restart Postfix +- name: Restart postfix service + service: + name: postfix + state: restarted diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..4b5c269 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Install and configure Postfix + +- name: Install Postfix + apt: + name: postfix + update_cache: true # apt update beforehand + +- name: Configure Postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: Restart postfix service + + diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 new file mode 100644 index 0000000..82aacd5 --- /dev/null +++ b/roles/postfix/templates/main.cf.j2 @@ -0,0 +1,37 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a full commented version +# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights +# More generally, see the Postfix documentation at http://www.postfix.org + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ myorigin }} +# myorigin = auro.re +myorigin = {{ myorigin }} + +#myhostname = mail.adm.auro.re +myhostname = {{ myhostname }} + +mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }} + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# Allow plus delimiter +recipient_delimiter = + -- 2.45.2 From 846665961ad0c2b85658432614b129b711e8c234 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:16:00 +0100 Subject: [PATCH 003/149] Add (initial) mail-utils role --- roles/mail-utils/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 roles/mail-utils/tasks/main.yml diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail-utils/tasks/main.yml new file mode 100644 index 0000000..8f6b269 --- /dev/null +++ b/roles/mail-utils/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# Install small tools that are usefull on a mailserver +- name: Install small utility tools + apt: + name: + - swaks # Swiss Army Knife for SMTP + - mutt # small CLI mail client for debug and on-server mail + - pwgen # generate strong and cryptographically secure passwords + -- 2.45.2 From 9c0f7010a7062b5933580a0414d8081260d4a02b Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:16:20 +0100 Subject: [PATCH 004/149] Add (initial) mailserver playbook --- mailserver.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 mailserver.yml diff --git a/mailserver.yml b/mailserver.yml new file mode 100644 index 0000000..132c8ca --- /dev/null +++ b/mailserver.yml @@ -0,0 +1,26 @@ +#! /usr/bin/env ansible-playbook +--- +# Deploy base and security +- hosts: mail.adm.auro.re + roles: + - baseconfig + - basesecurity + +# Deploy LDAP +- hosts: mail.adm.auro.re + roles: + - ldap_client + +# Deploy mail server +- hosts: mail.adm.auro.re + roles: + - mail-utils + - postfix + - dovecot + - rspamd + - mail-certificates + - mail-fail2ban + +# Make OVH server send mails through proxy ? +# Add multiple MX +# Configure DKIM, SPF, Greylisting, etc... -- 2.45.2 From bb8bd718a933d251a27645cfe882e6f28fa73970 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:25:23 +0100 Subject: [PATCH 005/149] fix yaml lint --- mailserver.yml | 4 ++-- roles/mail-utils/tasks/main.yml | 7 +++---- roles/postfix/tasks/main.yml | 4 +--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index 132c8ca..8842e2b 100644 --- a/mailserver.yml +++ b/mailserver.yml @@ -1,4 +1,4 @@ -#! /usr/bin/env ansible-playbook +#!/usr/bin/env ansible-playbook --- # Deploy base and security - hosts: mail.adm.auro.re @@ -9,7 +9,7 @@ # Deploy LDAP - hosts: mail.adm.auro.re roles: - - ldap_client + - ldap_client # Deploy mail server - hosts: mail.adm.auro.re diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail-utils/tasks/main.yml index 8f6b269..ac9d64c 100644 --- a/roles/mail-utils/tasks/main.yml +++ b/roles/mail-utils/tasks/main.yml @@ -3,7 +3,6 @@ - name: Install small utility tools apt: name: - - swaks # Swiss Army Knife for SMTP - - mutt # small CLI mail client for debug and on-server mail - - pwgen # generate strong and cryptographically secure passwords - + - swaks # Swiss Army Knife for SMTP + - mutt # small CLI mail client for debug and on-server mail + - pwgen # generate strong and cryptographically secure passwords diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 4b5c269..46820e7 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -4,12 +4,10 @@ - name: Install Postfix apt: name: postfix - update_cache: true # apt update beforehand + update_cache: true # apt update beforehand - name: Configure Postfix template: src: main.cf.j2 dest: /etc/postfix/main.cf notify: Restart postfix service - - -- 2.45.2 From 9a04934bd253e85f94ff6806dc92204a1825fb43 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 22:47:29 +0100 Subject: [PATCH 006/149] Starting the dovecot task --- roles/dovecot/tasks/main.yml | 51 ++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 roles/dovecot/tasks/main.yml diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..afa08f5 --- /dev/null +++ b/roles/dovecot/tasks/main.yml @@ -0,0 +1,51 @@ +--- +# Install and configure Dovecot +- name: Install Dovecot + apt: + name: + - dovecot-core + - dovecot-imapd + - dovecot-managesieved + - dovecot-lmtpd + - dovecot-ldap + - dovecot-pop3d + update_cache: true + +# Create the vmail user with UID and GID 5000 +- name: Create vmail user + user: + name: vmail + uid: 5000 + gid: 5000 + home: /var/vmail + +# Create mail user seive directory with right ownernship and rights +- name: Create mail user sieve directory + file: + path: /var/vmail/sieve/global + state: directory + owner: vmail + group: vmail + mode: 0770 + +# Do the same for mailboxes +- name: Create mail user mailbox directory + file: + path: /var/vmail/mailboxes + state: directory + owner: vmail + group: vmail + mode: 0770 + +# Add the Dovecot configuration files +- name: Add Dovecot configuration + template: + src: "{{ item }}.j2" + dest: "/etc/dovecot/conf.d/{{ item }}" + mode: 0644 + notify: Reload dovecot + loop: + - "10-auth.conf" + - "10-mail.conf" + - "10-master.conf" + - "10-ssl.conf" -- 2.45.2 From ca6d4a98398ed83e5976b1d3618712b9c7324086 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 22:48:13 +0100 Subject: [PATCH 007/149] commented unused tasks for the moment --- mailserver.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 mailserver.yml diff --git a/mailserver.yml b/mailserver.yml old mode 100644 new mode 100755 index 8842e2b..f732d44 --- a/mailserver.yml +++ b/mailserver.yml @@ -17,9 +17,9 @@ - mail-utils - postfix - dovecot - - rspamd - - mail-certificates - - mail-fail2ban +# - rspamd +# - mail-certificates +# - mail-fail2ban # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From 8557db5e896dfb19aa2da20740812ff597e3ea0e Mon Sep 17 00:00:00 2001 From: otthorn Date: Fri, 15 Jan 2021 19:52:55 +0100 Subject: [PATCH 008/149] Added the certificates gestion --- host_vars/mail.auro.re.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/mail.auro.re.yml diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml new file mode 100644 index 0000000..7e3e383 --- /dev/null +++ b/host_vars/mail.auro.re.yml @@ -0,0 +1,8 @@ +--- +certbot: + domains: + - mail.auro.re + - webmail.auro.re + - smtp.auro.re + mail: tech.aurore@lists.crans.org + certname: auro.re -- 2.45.2 From 1847a5a69865f7f628f73a43f87b7f2840a1f9a2 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:31:30 +0100 Subject: [PATCH 009/149] Add nfs-client role --- roles/nfs-client/tasks/main.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 roles/nfs-client/tasks/main.yml diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml new file mode 100644 index 0000000..7137d1d --- /dev/null +++ b/roles/nfs-client/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# Install NFS client, mount distant storage and add configuration to fstab to make it persistent +- name: Install NFS client + apt: + name: + - nfs-common # use this on any NFS machine, be either client or server + update_cache: true + +- name: Create mountable dir + file: + path: {{ nfs-mount-path }} + state: directory + mode: 0644 + owner: {{ nfs-dir-owner }} + group: {{ nfs-dir-group }} + +- name: Mount and add to fstab + mount: + state: mounted # actively mounted and configured in fstab + src: {{ nfs-src }} + path: {{ nfs-mount-path }} + fstype: nfs + opts: defaults +# don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From f901669341c89e60f904677f8138e6ba3d1797c4 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:34:25 +0100 Subject: [PATCH 010/149] fix var names for better hierarchy --- roles/nfs-client/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index 7137d1d..7bade02 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -8,17 +8,17 @@ - name: Create mountable dir file: - path: {{ nfs-mount-path }} + path: {{ nfs.mount-path }} state: directory mode: 0644 - owner: {{ nfs-dir-owner }} - group: {{ nfs-dir-group }} + owner: {{ nfs.dir-owner }} + group: {{ nfs.dir-group }} - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab - src: {{ nfs-src }} - path: {{ nfs-mount-path }} + src: {{ nfs.src }} + path: {{ nfs.mount-path }} fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From 807ecda890a196ceb00bba99efdb8dd157befb61 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:41:09 +0100 Subject: [PATCH 011/149] Added NFS host_var for mail.auro.re --- host_vars/mail.auro.re.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 7e3e383..0c5d952 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -2,7 +2,12 @@ certbot: domains: - mail.auro.re - - webmail.auro.re - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re + +nfs: + src: "10.128.0.6:/data_mail" # caradoc + mount-path: /var/vmail + dir-owner: vmail + dir-group: vmail -- 2.45.2 From 17a64241d6a7d6a4e07124ecb04270583ac3c1f8 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:42:15 +0100 Subject: [PATCH 012/149] mail is no longer in adm --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index a06cac8..1d2bb1b 100644 --- a/hosts +++ b/hosts @@ -33,7 +33,7 @@ pendragon.adm.auro.re services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re -mail.adm.auro.re +mail.auro.re wikijs.adm.auro.re -- 2.45.2 From 5c9ae10a8c11225dbf6904387382abd763617a8b Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:47:58 +0100 Subject: [PATCH 013/149] Fix yaml lint --- mailserver.yml | 22 ++++++---------------- roles/dovecot/tasks/main.yml | 2 +- roles/nfs-client/tasks/main.yml | 14 +++++++------- 3 files changed, 14 insertions(+), 24 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index f732d44..56ac56a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -1,26 +1,16 @@ #!/usr/bin/env ansible-playbook --- -# Deploy base and security -- hosts: mail.adm.auro.re - roles: - - baseconfig - - basesecurity - -# Deploy LDAP -- hosts: mail.adm.auro.re - roles: - - ldap_client - # Deploy mail server -- hosts: mail.adm.auro.re +- hosts: mail.auro.re roles: - mail-utils - - postfix - - dovecot + - mail-certificates + - nfs-client +# - postfix +# - dovecot # - rspamd -# - mail-certificates # - mail-fail2ban - +# # Make OVH server send mails through proxy ? # Add multiple MX # Configure DKIM, SPF, Greylisting, etc... diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index afa08f5..8e4ce5f 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -36,7 +36,7 @@ owner: vmail group: vmail mode: 0770 - + # Add the Dovecot configuration files - name: Add Dovecot configuration template: diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index 7bade02..ffc792c 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -3,22 +3,22 @@ - name: Install NFS client apt: name: - - nfs-common # use this on any NFS machine, be either client or server + - nfs-common # use this on any NFS machine, be either client or server update_cache: true -- name: Create mountable dir +- name: Create mountable dir file: - path: {{ nfs.mount-path }} + path: "{{ nfs.mount-path }}" state: directory mode: 0644 - owner: {{ nfs.dir-owner }} - group: {{ nfs.dir-group }} + owner: "{{ nfs.dir-owner }}" + group: "{{ nfs.dir-group }}" - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab - src: {{ nfs.src }} - path: {{ nfs.mount-path }} + src: "{{ nfs.src }}" + path: "{{ nfs.mount-path }}" fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From d873b3f3a8021dd99fe37df2cd2e00613dafb28e Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:51:52 +0100 Subject: [PATCH 014/149] fix ansible-lint --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 56ac56a..8e76fe9 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -2,7 +2,7 @@ --- # Deploy mail server - hosts: mail.auro.re - roles: + roles: | - mail-utils - mail-certificates - nfs-client -- 2.45.2 From e77047a532f4658d36482e4ea37a6686c034ca0f Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:03:09 +0100 Subject: [PATCH 015/149] add sain defaults for NFS client --- roles/nfs-client/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 roles/nfs-client/defaults/main.yml diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml new file mode 100644 index 0000000..70224f5 --- /dev/null +++ b/roles/nfs-client/defaults/main.yml @@ -0,0 +1,3 @@ +nfs: + owner: root + groupe: root -- 2.45.2 From 7e03eafeaa6f827fa84a92b82ba0182c43a72e9e Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:24 +0100 Subject: [PATCH 016/149] dashes are evil, use underscore in var names --- host_vars/mail.auro.re.yml | 6 +++--- roles/nfs-client/tasks/main.yml | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 0c5d952..cc3ff9f 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -8,6 +8,6 @@ certbot: nfs: src: "10.128.0.6:/data_mail" # caradoc - mount-path: /var/vmail - dir-owner: vmail - dir-group: vmail + mount_path: "/var/vmail" + dir_owner: vmail + dir_group: vmail diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index ffc792c..0841ad3 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -8,17 +8,17 @@ - name: Create mountable dir file: - path: "{{ nfs.mount-path }}" + path: "{{ nfs.mount_path }}" state: directory - mode: 0644 - owner: "{{ nfs.dir-owner }}" - group: "{{ nfs.dir-group }}" + mode: 0755 + owner: "{{ nfs.dir_owner }}" + group: "{{ nfs.dir_group }}" - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab src: "{{ nfs.src }}" - path: "{{ nfs.mount-path }}" + path: "{{ nfs.mount_path }}" fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From 72d486119efcfd4474c057247eaa336e9553ede5 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:43 +0100 Subject: [PATCH 017/149] fix typo --- roles/nfs-client/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml index 70224f5..d9bbd93 100644 --- a/roles/nfs-client/defaults/main.yml +++ b/roles/nfs-client/defaults/main.yml @@ -1,3 +1,3 @@ nfs: owner: root - groupe: root + group: root -- 2.45.2 From a5a0e5ccfe5449377b2a408313709b0e3b967c40 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:55 +0100 Subject: [PATCH 018/149] oupsie, reverse this --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 8e76fe9..56ac56a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -2,7 +2,7 @@ --- # Deploy mail server - hosts: mail.auro.re - roles: | + roles: - mail-utils - mail-certificates - nfs-client -- 2.45.2 From 06917ce46bd0cf9e88988e5469e462f2fc706154 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 16:40:28 +0100 Subject: [PATCH 019/149] Agree to Letsencrypt TOS --- .../letsencrypt/conf.d/certname.ini.j2 | 3 +++ roles/mail-certificates/templates/conf.ini.j2 | 26 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 roles/mail-certificates/templates/conf.ini.j2 diff --git a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 index c23d930..1406498 100644 --- a/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 +++ b/roles/certbot/templates/letsencrypt/conf.d/certname.ini.j2 @@ -18,6 +18,9 @@ text = True # Use nginx challenge authenticator = nginx +# Accept TOS +agree-tos = True + # Wildcard the domain cert-name = {{ certbot.certname }} domains = {{ ", ".join(certbot.domains) }} diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail-certificates/templates/conf.ini.j2 new file mode 100644 index 0000000..cdcd8db --- /dev/null +++ b/roles/mail-certificates/templates/conf.ini.j2 @@ -0,0 +1,26 @@ +# {{ ansible_managed }} + +# Pour appliquer cette conf et générer la conf de renewal : +# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly + +# Use a 4096 bit RSA key instead of 2048 +rsa-key-size = 4096 + +# Always use the staging/testing server +# server = https://acme-staging.api.letsencrypt.org/directory + +# Uncomment and update to register with the specified e-mail address +email = {{ certbot.mail }} + +# Uncomment to use a text interface instead of ncurses +text = True + +# Use nginx challenge +authenticator = standalone + +# Accept TOS +agree-tos = True + +# Wildcard the domain +cert-name = {{ certbot.certname }} +domains = {{ ", ".join(certbot.domains) }} -- 2.45.2 From 9d4c630c7e696b963556fd7ef757a68964306013 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 17:02:05 +0100 Subject: [PATCH 020/149] Add the mail-certificate role --- roles/mail-certificates/tasks/main.yml | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 roles/mail-certificates/tasks/main.yml diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail-certificates/tasks/main.yml new file mode 100644 index 0000000..64e6c63 --- /dev/null +++ b/roles/mail-certificates/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Very similar to the certbot role, but without nginx +# Install Letscrypt tools to generate and manage certificates +- name: Install Letsencrypt + apt: + name: + - certbot # letsencrypt + - ca-certificates # just in case + update_cache: true + +# Create the configuration directory for letsencrypt +- name: Create /etc/letsencrypt/conf.d + file: + path: /etc/letsencrypt/conf.d + state: directory + mode: 0755 + +# Configure certbot +- name: Add certbot configuration + template: + src: "conf.ini.j2" + dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + mode: 0644 + register: certbot_config + +- name: Generate new certificates if the configuration changed + shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + when: certbot_config.changed -- 2.45.2 From ee162205918ca502e1eca5d1b79f901b137a5cc0 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 17:02:52 +0100 Subject: [PATCH 021/149] Please linter --- roles/nfs-client/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml index d9bbd93..6c55400 100644 --- a/roles/nfs-client/defaults/main.yml +++ b/roles/nfs-client/defaults/main.yml @@ -1,3 +1,4 @@ +--- nfs: owner: root group: root -- 2.45.2 From a8cbe4549cbf33fd17b226846f35811ee4e3aec0 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 23:45:09 +0100 Subject: [PATCH 022/149] fix ansible lint v2 -- we actually git add the file this time --- .ansible-lint | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index d03cb8f..a85e701 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,7 @@ skip_list: - '301' + +warn_list: + - '305' # Use shell only when shell functionality is required + - '503' # Tasks that run when changed should likely be handlers + - experimental # all rules tagged as experimental -- 2.45.2 From 851e459b6ff4fcd5554103bd3c7d763416e6759e Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 23:48:36 +0100 Subject: [PATCH 023/149] Starting to try out postfix config --- mailserver.yml | 2 +- roles/postfix/templates/main.cf.j2 | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index 56ac56a..124663d 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -6,7 +6,7 @@ - mail-utils - mail-certificates - nfs-client -# - postfix + - postfix # - dovecot # - rspamd # - mail-fail2ban diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 82aacd5..97412c2 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -19,10 +19,8 @@ readme_directory = no compatibility_level = 2 # Send mail as user@{{ myorigin }} -# myorigin = auro.re myorigin = {{ myorigin }} -#myhostname = mail.adm.auro.re myhostname = {{ myhostname }} mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }} -- 2.45.2 From a54c5832a350781c5996fef0ca4e7b394be055d5 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:07:23 +0100 Subject: [PATCH 024/149] Apt retry mechanism --- roles/dovecot/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 8e4ce5f..74669f9 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -2,6 +2,7 @@ # Install and configure Dovecot - name: Install Dovecot apt: + update_cache: true name: - dovecot-core - dovecot-imapd @@ -9,7 +10,9 @@ - dovecot-lmtpd - dovecot-ldap - dovecot-pop3d - update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Create the vmail user with UID and GID 5000 - name: Create vmail user -- 2.45.2 From 241997396ba5c08c265a29679ed4e565915962f3 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:11:36 +0100 Subject: [PATCH 025/149] Config outside of conf.d --- roles/dovecot/tasks/main.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 74669f9..053e154 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -40,15 +40,27 @@ group: vmail mode: 0770 -# Add the Dovecot configuration files -- name: Add Dovecot configuration +# Add the Dovecot configuration files (conf.d) +- name: Add Dovecot configuration in conf.d template: src: "{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 - notify: Reload dovecot loop: - "10-auth.conf" - "10-mail.conf" - "10-master.conf" - "10-ssl.conf" + - "10-loggin.conf" + - "auth-system.conf.ext" + notify: Reload dovecot + +# Add the Dovecot configuration file outside of conf.d +- name: Add Dovecot configuration outside of conf.d + template: + src: "dovecot-ldap.conf.ext.j2" + dest: "/etc/dovecot/dovecot-ldap-conf.ext" + mode: 0600 # only legible by root + owner: root + mode: root + notify: Reload dovecot -- 2.45.2 From e1d8382fed6ef0187ebf2e25c851620b4eb95374 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:13:08 +0100 Subject: [PATCH 026/149] fix typo --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 053e154..ddaf92d 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -51,7 +51,7 @@ - "10-mail.conf" - "10-master.conf" - "10-ssl.conf" - - "10-loggin.conf" + - "10-logging.conf" - "auth-system.conf.ext" notify: Reload dovecot -- 2.45.2 From d3cf2c7e5fc45da2d4ffc7005a62c771cc42a6b8 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:15:51 +0100 Subject: [PATCH 027/149] dovecot handlers --- roles/dovecot/handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 roles/dovecot/handlers/main.yml diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml new file mode 100644 index 0000000..d25b2b8 --- /dev/null +++ b/roles/dovecot/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload dovecot + service: + name: dovecot + state: reloaded -- 2.45.2 From 765ce3962561a54ffad46e7f43daf4e7de60718b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:11:32 +0100 Subject: [PATCH 028/149] auth config --- roles/dovecot/templates/conf.d/10-auth.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-auth.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/conf.d/10-auth.conf.j2 new file mode 100644 index 0000000..e850270 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-auth.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Include every configuration file in conf.d +!include conf.d/*.conf + +# Include LDAP conf +!include auth-ldap.conf.ext + +# Authentification mechanisms +auth_mechanisms = plain login -- 2.45.2 From 79b75cae00262e980e855c98007001294463df92 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:24:50 +0100 Subject: [PATCH 029/149] maildir conf --- roles/dovecot/templates/conf.d/10-mail.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-mail.conf diff --git a/roles/dovecot/templates/conf.d/10-mail.conf b/roles/dovecot/templates/conf.d/10-mail.conf new file mode 100644 index 0000000..b7046d4 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-mail.conf @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Mailbox locations and namespaces + +# Simple mail location +mail_location = maildir:~/Maildir + +# Plugins +mail_plugins = quota +#mail_plugins = quota mail_log notify # to be tested -- 2.45.2 From f991befbc68fc943ab0ac3a32849a27ef18e0f28 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:27:22 +0100 Subject: [PATCH 030/149] renamed to fit jinja template --- roles/dovecot/templates/conf.d/{10-mail.conf => 10-mail.conf.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/dovecot/templates/conf.d/{10-mail.conf => 10-mail.conf.j2} (100%) diff --git a/roles/dovecot/templates/conf.d/10-mail.conf b/roles/dovecot/templates/conf.d/10-mail.conf.j2 similarity index 100% rename from roles/dovecot/templates/conf.d/10-mail.conf rename to roles/dovecot/templates/conf.d/10-mail.conf.j2 -- 2.45.2 From 026e35adc70ebbe4bc07800350de85fd4dfafdb7 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:34:09 +0100 Subject: [PATCH 031/149] Add IMAP/POP/SMTP auth conf --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-master.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 new file mode 100644 index 0000000..39b2421 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# IMAP/POP/STMP auth configuration + +# Postfix smtp-auth +unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix +} -- 2.45.2 From 1297884ce181d722c082b683f6a59ae6a914ce5f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 03:15:45 +0100 Subject: [PATCH 032/149] Add ssl conf --- roles/dovecot/templates/conf.d/10-ssl.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-ssl.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-ssl.conf.j2 b/roles/dovecot/templates/conf.d/10-ssl.conf.j2 new file mode 100644 index 0000000..79ac059 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-ssl.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# SSL and certificates configuration + +# Cetificates location +ssl_cert = Date: Fri, 29 Jan 2021 00:16:42 +0100 Subject: [PATCH 033/149] dovecot ldap conf --- .../templates/dovecot-ldap.conf.ext.j2 | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 roles/dovecot/templates/dovecot-ldap.conf.ext.j2 diff --git a/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 b/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 new file mode 100644 index 0000000..f99e82e --- /dev/null +++ b/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 @@ -0,0 +1,20 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +uris = {{ ldap_master_uri }} +dn = {{ ldap_dovecot_bind_dn }} +dnpass = {{ ldap_dovecot_password }} +base = {{ ldap_user_tree }} + +#user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid +#user_filter = (&(objectClass=posixAccount)(uid=%u)) + +pass_attrs = uid=user, userPassword=password +pass_filter = (&(objectClass=posixAccount)(uid=%u)) + +# Convert LDAP lookup to lowercase +# would be needed if re2o did not already had lowercase enforced by a +# validator +#auth_username_format = %Lu -- 2.45.2 From eb257b966b3e5c20a8b8b8dd99952435e1de35a2 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:20:02 +0100 Subject: [PATCH 034/149] dovecot vars --- group_vars/all/vars.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6b3c1e5..2f6be0e 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -15,6 +15,8 @@ ldap_matrix_password: "{{ vault_ldap_matrix_password }}" ldap_replica_password: "{{ vault_ldap_replica_password }}" ldap_admin_password: "{{ vault_ldap_admin_password }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" +ldap_dovecot_bind_dn: "cn=dovecot,ou=service-users,{{ ldap_base }}" +ldap_dovecot_password: "{{ vault_ldap_dovecot_password }}" # Databases postgresql_services_url: 'services-bdd.adm.auro.re' -- 2.45.2 From 645f0fd445fc5b068dc15fd7b60f95ae127382bb Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:27:00 +0100 Subject: [PATCH 035/149] Add dovecot bind password into the vault --- group_vars/all/vault.yml | 349 ++++++++++++++++++++------------------- 1 file changed, 176 insertions(+), 173 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index b813ba3..b7f741f 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,174 +1,177 @@ $ANSIBLE_VAULT;1.1;AES256 -34336231623938346631313932323131336439623837626366646338396137633436646365386639 -6332383765386235396331373836366230663563376665380a616436373136633933376435653230 -64333963663436393265666434653164643164616134353665306462326666623530383838343135 -3531343533656332350a343432336636316131386132306238653736633966363235623833343638 -38643061383963396466346536343061653034333037393664356661376565643765306462626231 -39326233363962373839303464333833306532343834306232653731326135653934643836323639 -36343937626536346331613263663865346634666534646266623061303639626636393230616261 -32336366356439353738633234326138656464656630303362623664616634306230623538373965 -32346439306337623737616666353830626630373562366436653131393532313035303836326430 -64613235646366616533313065396663366434363832333535336631323366336437396664303834 -30336466313064636565326564356435306136396363373464326534303366323262303732626661 -38326663313332633530353739346538343434316133343066313530366637376135323564306537 -65626261303231656432333364333965663065346436626631666466643934623064333163626339 -32633565303734303862326365336339346133393431636266303530626564326361653230626536 -32313231373037633134623761663832393666353732613965613436323939343233613433343538 -37326438383130303861316663396333376662386337353964633930353536653437653061356635 -35646232343535313130646237643835376162623639333961323964353830653366626438346237 -36343663346332656537363434396633336161373730663364306239306432343930643230656465 -37633537616232656661313764626232303535383563353861396431643735326162383866626231 -61383165613332666537656137636430323332326335323763303537386662646263353539613964 -37323966306364306436653033393931663239383435613836356164633135306233356364313036 -39356661613434633930633066646437636535313565356366303732613731333062643231313035 -65333461396131663764626665393562623030343561313136363964393664376136303839333664 -65313465623331333538393734373264313562643232666130303930333662616465656432363039 -66616530336666343861336434633063343561323931323931346132376263376565313366306639 -64646465303432333136353661323936633965666364356633653861363139616562653834313861 -63306133613066373462383236613939316130623937643939323134343936356638376335323836 -39383334656236633037633230313138326238303863623231353465346661663162623138353461 -33343738613137366364633730346261366564646161373837613865393233663431636361663962 -38313230363737306265636435353533666262333666383639343364633464396566333433333538 -39643934646537653234336361613664333434623739353831316531313666396638333136343638 -33653034366362363562633462303165626333306664326366353334363964663936616430643662 -30616334326638323133366632663237356238353934323361376237613632396134663536336364 -39363439326335363437373939353564646663616464663763353931323233316135656634343137 -34396130386134386331643534353461663963323435656337653032376565313635623231343135 -34303130316239303065386134663332393938636332363665643832326439653733633231346537 -63383634333034323434376237663932613638363835393837613632663265616363303233653539 -61333765313463616665613136303533343230303735626437343635303934613365326166333966 -66613538393466666630363333643730653239393435616634303430396635383631613439623433 -36646431393865666162373232343335356366366633633264326639643434396234313863333163 -63396534623931633833656565396635333133376165613031663831633564663061656131303564 -61303132666264636139313738643161313134643733633366376538366135663135333333333564 -64366262353837363061653663616265393264373230346330636465336439623063636639356136 -65383638643961326661396336373163643832366561363764626461623662333436373136616437 -30316537653432356133616338353165633462643634323563306366343965326635363863316232 -61633135643861333635383464383937306236626632366235363433313335663431366531356337 -37303465323638383930336138356665343966336137356137656564303733373565366162343330 -38326366653733376138356339313564616165626235356363343430353239616339656239323964 -31643734653263653461333135386261646265323134633334376262323330396634643764323635 -30336262323035613338333166353364333836623865393132613338393237363734616330366463 -64646163303337323531636532383438356237306337656439663565643032633462316366663164 -33613039326337353531303831313136653539353261373930613030383134653261363833653439 -31343662623035393238646263633066653362323434306137633339393330376462356139333362 -35363436356530363134663064653031376561343732346262383333353733363136396262643135 -31326566303535343833326562376464643632363434323839366366626134303830323563633237 -37313964353033316163303738636632346137353437333463303135323631383132623133663130 -32373163393861366137303138363134653534613236636439623731393837306130626638343134 -39313532386338343662333134353761653162663665396664366239633536613132313735373334 -37613161383633653861376433633632333163653439633938386137313632396137616337373465 -65383238396439666537313833663364333731613434333739393161363437306665363834653761 -34303464386633633163353636643964393233383232623765373239376633393139326630653765 -62646439646534376234323661383063656463313437323231333165626163626262626562376338 -62646362346261313738323830613037663035666361386139666432613230346334323063326239 -65303065343061613736343663363630336333623439383032313137616131623933323636306331 -34636130626338303039356137353532346562363531623936316162336663306437386532363236 -36333661316161613237343032623764396435346632363963643438316430666539393566353939 -33333234313839636537366465356364303438313830663261373563346538626432313139303030 -33333066626463663663643833323764643737386162663766356665643064313263376434353038 -37643630643737663566653562353261333734636262626437393239383063613661643166626630 -31313564346239396561326162333534376264616435313762623032636432363832383630343964 -30343663643935633465393465626131633931623930653962303830333065363435383237653566 -65646632376330306437663334313932653230653562356338663366616463303466366263366137 -64633934626339633235386630396561376130373763313137386531356637633863393035306634 -65353432323235363135633832373032623837376333346131303162303464616234313062316563 -64646634633963663032613533636665333335656539323238623362306363313835626632306236 -30663637356463363530316434316639326639633539333335633330333834643035353932313638 -64356565653065666131373538356462306633343161376537323762313666373235353236313963 -65613561633266306632616538616461626532666435663038646138386430376164663766363138 -35316262393065653739323035666531333330326235386133383834383865356635666537333533 -31376138353231313262646334386566376264323066373934666363313431643738383064666437 -36656437313039656666373530346534393735353163646635663839326366643333393665626464 -36616637303631653661373433653865323634363065303433386534363064356564636465366265 -31333064383233636538393032376234663663353162343530376631356533653231303730396465 -33366162376464633633313664303939306330613865663431653037303061633130626635653638 -66626264363333376463386666313663333964333137333231303361616533393236373861656534 -32326335306566623332396638383133353434363565316432353963353062313662326361336537 -34396632656234333263663831326566353434316234613365316132363730643665373761666562 -31393565653663653731633333633730326265376135666162656132623238333765333363653130 -61353632313532616266363139336162336565356365316531336364623930636430353831623233 -61616131313438306633333066613764313161333934316139633738623164623564646365663566 -66356464376133363137313036623930373362306166623838373131313330393837396261656561 -66396233313530643164353264656563383632363139333262626532376562613630643437666266 -66656335656634613138316138643666623430363833663035616138336461303035633731636262 -36393939333765346239666433323032323361343934656463396365333366623337316663396263 -36616431626633663963636135643833666234613830366434636532373031343263316436306162 -39356365376561643665323866656465313434623138326238353662653735613565623264333336 -61393763363862613766653064636130323732663466366133666361636339356464313037353462 -63633936653235656538383433393065393162643034393538666433616131343462346235393164 -39353663373338626665663563663162633430343330373430376336326432346233663365376533 -32656465343538643137326366653232343530363834383831386634366262303333636261353863 -32633437343432653936643766363338636535613532323362656435613363393238626466303861 -38633861333638613466306338613932353964393365356637306261626535323732316362623731 -33313963623439613939333639346461663338373334396165636231666266613065323731373964 -64313133383435333935376531313432663766633133633863356563663535333263636237386136 -61653963633166383135333436646465383536373039383538326366636634313061613730653962 -37623962643866396637336231363038373465393637356463656566666661313130313863383233 -37343636346535363832626365396262303862393535336565393635663637323730373564336634 -37363036323733306535336366373630356531353737303165376530656433626634343365626239 -64346136363030663862313431653761666432393933366665346361626361623039326434633835 -32666538653037613361343536383634643762356234366433663639653461303933306434333864 -37386436393465323139306161333738383265323436376536656264356230303163326134323864 -63396331666431666464656161633466333764653631623131646566303366333030653834333335 -31323365353239366232643863386365633861376235643034303563613363663661616564363663 -63326562613365653539383336383339646164623864323830653434623365393432666466323134 -33626330373361393734656632393232363866613863373135636537613934343065306265623964 -34643765636165393336356630353663343065333431656164363638646233663762346536343362 -65653364343537383336373933313464663464653465383830363631316336303464313731356230 -34336130323766386465373162346535396565346630353734303937396130656132376331326563 -36386339383338346533646331666262396432336434646333653664326635386238333763626637 -31363464306465666339316436323265623437636533643431363161323139653065323534636533 -64386334353439373133313937343234373963353331646233346432646430636530663336316134 -66303337313034396232643531643262343036313762633165353665653938313665386363353865 -66333166303636626565613136653365313763303263313239333033353638616566656134396131 -38356434343931303134303362313363343634613361353538636634336332373132356165326163 -30386130326239366532363962316435663862393836326439623862366166376234343439306465 -36346639623939353232366333643963646336383833386565643435393734653936313638663930 -32323065343737663564333961373034393261613862333431663562353964666561643831316432 -35313832356639333937333266306166656538643065386639346337306134613536356137316331 -38376434666332366531393639303561663934353130333161636530383932653236313530616531 -61656664626663373164343863333039356362343034326131376666623264663732303734366363 -30306430353732616131346637626332656434393163313661356465393263393235396662623962 -62643538623331646265643561623366383937313136383939366164613235666234663137653432 -34316138643139336331356663333632656539653632626136613431393736613630353237356164 -33623632643335663163656236633134343464353837346237316162346634633336663564656531 -39373730346130363963376463326238366235613539613466653139306237343164336462353236 -39323361636333353661633863663162633563343937366461346338363061623730633537626562 -30353938383664333861366431343033313961376436363065373430353736343563313531386663 -37313534303564333237616331396437376436383833373936376664666366373235613533663239 -64653863613531356666646233393533646131333961343730663461346235633961306263343831 -64386332653330323937643266373437633465363933653833343930616134626566363339366362 -36356163333730656233653431326430326566386264343330666131393166323537623137396237 -65386234653231666631366533383762643830333261363532666138386263643662633932626335 -66303363613035643931393933303035323566373634663037313338616132373162366334373962 -33666463613435396331326565353433336361303562326562663035313639333232333430373266 -65383235356132353838636565636436356361653831356430663935613766613237366564316566 -37396130393363386566306162346466326165353863636633306335383265306139396339383866 -34326335323962633032386162623033353036643437313832323166363764653339343638343964 -66626662326234306362656162336538353131366337643761643930306163333661653062663832 -61303963623433313565633235306132366663336662616232613339366363373934613631623431 -34323736383366333032343364373533363761323338346163323836653235653136646162306166 -65333734623663346233343961396566313838653036396430396134393839326535363237363638 -38333232333863396334366561303136333863356666656335633630616531363766343535616533 -35656166303837653365303436623431613931336331356531666665346562613263363666626238 -62626236323863383366643162356462306163653032626130333863656337623136646439316337 -33306432663134383038646133346131333732633932383239643733643138303434646565663266 -34616265383733343963323538656138656331396438616133393063356638633965323363653066 -65353837333363613762333839313631373137363064383830353565333832356162323862393030 -35373038613133643466636537626437393837633865363566343565626633376262373766613738 -39343334336238363131373762646564653839623531323066356430326263376534373664363331 -64373735383933303638303661333964333464306338613363326261623438336530636262373766 -35346339643939666162386232666236326131366366303432393838326239313730323431376231 -39363032616666393431326533643865643937363937356431623763363037373333653266376561 -63323462363063343234373534663063353865363037383932386231313338343239653131633561 -34623439396232633265616438623562666333303932396366663330326565363736633461333463 -66346537323061306662323062393061353565393165363532306439343262343632616465363364 -30376331346430313536313963333136663833323064633631653935326366633862336163316538 -33383434336666303434363236396662366664393637656462363331356631613332353766636663 -62323264336235306532343065323834313730353237616463373766303439663533336366363565 -35646461636263646633343634323735383235376330616334373937646165623639363663353361 -65613034353736633332663333616564356265323731613537393430633137333337643663323137 -31623732663331653935316337306433333633353565343265666333363864346562363961333439 -30656136636661396335623566386362333861616663393738626632633537613564636261383138 -3233 +36346437356466383866303739373662633734346565653834343433386132346365313265633338 +6364643437383865653735303532333936653135363535300a343062393966636566323963316664 +30613136613730623338313565663336633361373136306437633865353838316361613237346634 +3563623366353332650a633564366135323935303636643061303839636535306334376639663463 +61363739366566303561353030316431333830313736353237633966393235626665666435313537 +62323737333564313734366133363739656266323138386339383538333638356235656634303163 +31343464393863666536636564626136383865343938393061353962653936626235373365313831 +33363030643430623138643639383862613662303864306361303839313361663737323432336130 +63613362326664373563646332303563363931303635356132616433643537623562366534396532 +34633161303965643762313932643330366166653238666234613337353234656235623336396334 +36663133353933636432346435363738653533306536663836396533623735646433363761356366 +35316133363039656363623332613939333463646365353434313664633730666463386165613431 +63313337643134366435656564643862313265326561623533323362343238356666333236373236 +35383362316637626164663330356332653832366235303935363261643637383963386631616637 +39316437363235623232653963376264646330333664663262626334393436623966356236303137 +31636133366232643234363538653963646365373266373262373732653832303839326662346236 +65393262353663626161346263396335333238393831626362393561346431343662376561616633 +64666264306536396231376133323036303337333635643634656139333865616336643939346562 +39643164643031613534323230653535393735306161663465353533323362326566643736373363 +39303465346533333636663434396239333761326538636462373731323131346335656330636636 +31666434323336373762633130343630633434373336376336646638313734626161393961306664 +36373939643633636261353737343262653438356138323864313166316630376634386335313139 +34376330313763666338316230646137373937616230316137626538323238383964363662326534 +35633564623762623439613533363361396335313330333733306437333131323233303363333830 +30306436383666346136383531643362326166643032653966616164633338353531396461343535 +31353366383263626664376135333739643463386135306335653232643964346533393733363061 +38383332363962663736643265366331653139313839323633656339616637303439623962343864 +33643339353964633439336532343835313334316261623439383266383465613238343435653065 +63653763643061653966323831383239326535383439383663666336303036633762356330636535 +38646237326562343937633164643732326633613737313262336633363465323238666463396439 +34303966633132663935666138656463313233333339313835386230373437666561633861626136 +64643230333838333831353734393837363564616163343534313334383237386332373365643231 +66333163303230626564336331643934383332336464303630636633326633346439313739656234 +62626564316530623332383038383130386562643338613761646639363732666566643363396631 +34346539666662656261663534323933366131393336373166363565373234333938343435386634 +65306131646665393036333834386233326438343163386665396138356239393339346164373132 +39343230646536323034343539386566623233373565633833373235373135366530336162363561 +62626665303430346461383663393534333664323037616639313238303232363335303462643939 +31643564643838306661656562623764356639613035373962633035343061643661636564626537 +35336538356131303839363065643561663563363938386634613639633962343364663832313061 +36383565316230643363383537336436323833343838333432313632396230343232653165356339 +66663563343431333739653231346436313531646233313237333237323864336265386263626633 +62623862656232336135363334623134623136316537316631316462303239626431376364323339 +39626662636239343835376131346536636566323836393733656330346464363431666639653932 +61636363326362633234386265613531323866373238366531633834363562623134656239373134 +33343131333766653362653239343137353135373334613739346237383531663736663465386435 +38633138643434393434383334313639343730616333373734393331653665373765396361623963 +61306165303933636664333334666161616433326436346438663232323735316366353833613763 +39396666306361386539303762343062333632663763613930663830666265306531643562386433 +36366237333931343664323265376130363535646533656436353066333865656261396636663235 +65376264383131353630303265313836363662346566316335356465353461623239376631643639 +38663835646433626237663634663961356337613362636638306139363035656461656462326637 +38353061353338393631376536393164353461623638623139316363623661353736336331313465 +61313732316535323439376438306135333538623163386535653239306261346463663537353437 +66363366376664336262363263353637613236333337383834633338666362393439373634353865 +33323631313436653639393061333334643361656531316639393464373133383936333138663163 +30353665363532376664373132333333643038303863643765343033306335646564313637383363 +34643165383438343933613061303437626663653034646637643764336434353438346163336161 +36393838613635363934376663306433373564653436386266643565396465326338303762343365 +37366238356430376136616634316431396330343862613336663761623335643761393732643566 +39376335396466373464623063333639653338663033363362376339303431376166316564333764 +37356433663436656163353965643465343738363062616337333434366261613966336439343736 +32636233323037393064366437386630633230663534646133613264636237356465613436363738 +66316439363339316137366164303230366563376233626630633936313665363764396530323637 +31616365313935343832393436396661326335386531303230643933663839613933363733356663 +34313837326639636366623132306162343936376335366534363230313334333661333730343565 +35643836356361633263343639343233656530373636316161373233373134646137633437346432 +37643539633432623364333962633861316238386437326632306339356135633836303932336365 +32656634386632323633326133343134326431333632396163623530323033323839616462306134 +32636165383061386130303236303865383234646332643964353835633465313465393765353663 +30323437346632356261396666393534616464363732633164653863666437353239343338623831 +63396163373865323938383436323839353937623036316631363237393333333862623438623130 +33616265386138303862333034346631376166386235373339306263323862323464653830306436 +31386666613463326131303934316536393336633834313033336365656565653437353261663837 +65366536623832396636313361343465613037303261313532313364636165663361396431663532 +32356233613734656166373739386435303131356166306636313538623737323835373661633865 +65393536633766636661613737616331366161383364373033393238656363383932336163396463 +61653766316461303166326238333465333635366334383131653336333935313737666135663065 +30626231336161396430616533383231393863303463373063663262376162613963356437343236 +31396165376635326263313666316535343033336366306339303466663035393236653338646232 +64353936336339613036633536366265373436653630313833376261663361353530626336363834 +63333635383666343039623235343832373762626366643165343230643435326238316636333132 +31333662373666663833393139343232383534313936623039303832383632363238396435353830 +62663936386630616139306461656239643938363763313634343132333931346335616331663633 +62633362613132396261383431343835396439376331343833393431363631653466363132316131 +66613933383265303739326331333862633933346162386637613136326639623764353531313066 +34386230623435666134643064636137303232386465646636343039393536373534663966393734 +37306337316436333633626137613936646562306634636263313531376233343763323739373265 +37633939343139393634323635303536313539323336343134343637343664396165323436353666 +39303637646462376332626136326136333264393433623337346161613938313566303162646334 +65633863343862633562623534386239653139386635623862346331316139353539626131623333 +62623264313832303433383034653161313732316636633533633833363665646134653234333037 +66383433653930326335396633366366633837366238626238646638653863653936383437393063 +66313338393837363964616466643438353665666331633164353737656535623066633466336539 +64633632343638396539366231353631383333656266653732616661613935633037363738646561 +38646530323462376263613038333631623132333637656664623663386635393062323765646333 +36383435663562373664303032353939623762613762346133393862353661336230366630626430 +66613233633036626564633636323962326361353961356561653264396635393861386335663662 +35643038623633636331643738316532666331653133643763336363643531636234393538323637 +30343164366138396535383335333464363161616665336166313266343633613835346161396432 +35383832386135613038323232376461636432653237333230343835613561653038353930353265 +65383839313366633537343031396562653630313964636339336361353838303431633139333734 +37366361306338393862616133633939326238393230306432316138393230353338393732303932 +37646464326531663035373562306464653837366266663437636663666639636133306438353063 +33623366623036363265303865356564346139646535306137653865353134373566616336353562 +62396661353166356535613962636337666536623562346335356133636336663232656237373537 +62376361626432373232343237633730613738613233316334643431393131373539386236376434 +30653766616261653162643236343930616535393166653563373637343963656465306139346138 +32323935643635666239643130623034663937633834393539376261326463616237656431653138 +61303630366337376531393135353662656661393038356137333632336264386533393466313561 +39373962333932373539346231653862643666373034623037376563333536323633396339316630 +66333864353664376433366132363636653832383130336466313264376539663530356330353636 +61653261396663616334663261623766303364376466383236666336383331346534633930613832 +39393136303936356365666535363331386437656532383565333361316161353064303032616531 +61373264623338376663643539306631356161623333336263646166656239613134366230303332 +33343866303265366535326130306634613132353361663366323130303162316135306466306636 +36653536373665643638373165343266303136653035626530386365623630336364653462396237 +63376162656638633430353538303137653931656166656531663438353139333737653861613037 +38666434363231333237323935326462656663356330313338356466366664346635313436323635 +33386538306537306639343830646136613966366636613639646561393866663230653663613666 +65633265343664336538316466353832366262623939646532646233626633346463346230656235 +36326166303839363261353965626261376636663939323334316233643835643831366631316333 +34393133396130653566366166333632643534613034623536313261363039626636643662313863 +38383266373866396338313334373664623665386338653230633638353530346335316163316636 +64343962313331623638666166613630313963353462383463393034376264393938313262323933 +30613633613339313534363534396534343638383962326437363166373039363933613930346633 +64386262326636316535363431336431306536303131313861336364343132663437633166613537 +39313662323338663433333565633266303766636436356536663337353732383039323536313437 +63376365353339653230613838636233346439333635643765666261313438316238376236393137 +31353265343265303862653866393237336166376630336162393835393362356634653433356261 +61343763313666353334666130393338383630383431313238353338383635393535386263653336 +35306565346638636264636436373235366239653738346239663365353065646536383261356436 +38303832316166326633313738326636633430346462303237313261333264396532363764336630 +35323639373334653562666264366639353431303635616330313462353761333830393466363630 +33333337653934623836656565373237303139643138313031383737626133303638393639353735 +31373037313764373237333838386637353636623931623135353432666236353537363330386431 +30643332343538303437303830323333383565653836643939383838323936643136333166383463 +37633863363439393238373166333831616530323164666230626664303233616131316432626262 +66633362393562623265323330333939666361353562373364376666626166326437356564336662 +61626165353861636266643838626563653631396638633336376537376536643335633434366536 +34336139626632333330383761656632653630343633633635623561633563643231663939306538 +61653737336463353438373563393335636433363835643162373061343664383736336336623439 +32323262313966376162623463623365323063663030373566633532363062323966663864396331 +66656636663665663338316466336638356135353461326561656262343431363337386330323330 +66386338343266333134386536376362626666336531373464376365633064316238396331323030 +39653363626636303230666264323364663938353633336631383133396138653139353230643865 +36353261363362343563613864303536353662373361343231396631613561313639653632663935 +63616262636231363331313832623632306237323362636361656138646137623137353035663032 +61376134613562356533616432323734396534373732616434393736333661333430333732303365 +34646135326130313761643862333630663534303739353932663337613865333839303835383138 +36663238383532656638643631643862383366383830653830303862663538613033333064383838 +33623338613038343939323032333333323938396561656539333561303463643366326162313832 +36333063343961353937323162323031376561393563313833346632646566326139366564383234 +64613330363239333663393535353038656635656536343364663365386437363330306431653366 +64366162303537313936356338366333343933386431346365663531613438383834623363343037 +64626633373065326362663666643764353433336365623365316530613238323639666261663134 +62663239393866663363623963653732336263313466663361623430626136313539316338663730 +39396536643536643762373431666132626562396166633661396365396634623837373966373465 +36363163303135616631343736336336383339313533333866363032386530323466653433343633 +31366466313334656334386162623061303933373031336131383661633963633235646337303764 +30633162326163353231323838616432626264363363393538353037666164343735616438336335 +66386137633237303135383535333834646334346364626266336461663466383537666366653431 +64303564636365393065303564653538643038643436666535343934343437626131653034623265 +33616562323462633431383632646237383962376433393561613462376264653666653936613462 +32346436376663303331623661626265613838363731386363343731323434636461323964346439 +61313163643033666661353266623561366265623361373632636632306338633334333930366638 +33373330323663346636303333366464383164666131336636366433643365613661353133653765 +33393631623037346663376637383934326632396636386330363531323231323236346465323264 +36323636643736373230636364323339653562636536373763306439653134373036393366323961 +38343232613135653335396362396534656235383462663439646237376165303734643836656131 +61333336366537616231326364336266373766626337356565656461386531626132623539646335 +39316333616233356238366630353533326236636466626363393236383666343065623964313965 +61303530643339653363646364383666323538383130623930336338616665316561623963666264 +64366465333965363765313231353436363833383931346637666337336162643664353739646430 +39386435623334333963333938333931326238626162613864363438666161313733303133623334 +66393061653037316639 -- 2.45.2 From 418da500499027d014085f22334be12af470824d Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:55:02 +0100 Subject: [PATCH 036/149] Add dovecot role to the mailserver --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 124663d..ca00641 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -7,7 +7,7 @@ - mail-certificates - nfs-client - postfix -# - dovecot + - dovecot # - rspamd # - mail-fail2ban # -- 2.45.2 From bd8942eff23aff1183e541d3929274ce8782e766 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:56:08 +0100 Subject: [PATCH 037/149] reload -> restart --- roles/dovecot/handlers/main.yml | 4 ++-- roles/dovecot/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml index d25b2b8..8f8b702 100644 --- a/roles/dovecot/handlers/main.yml +++ b/roles/dovecot/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Reload dovecot +- name: Restart dovecot service: name: dovecot - state: reloaded + state: restarted diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index ddaf92d..9b66d05 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -53,7 +53,7 @@ - "10-ssl.conf" - "10-logging.conf" - "auth-system.conf.ext" - notify: Reload dovecot + notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d - name: Add Dovecot configuration outside of conf.d -- 2.45.2 From 58064df0560ac02ea2e50d93c73ebe4eeaf01934 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:57:24 +0100 Subject: [PATCH 038/149] fix typo --- roles/dovecot/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 9b66d05..68e6387 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -62,5 +62,5 @@ dest: "/etc/dovecot/dovecot-ldap-conf.ext" mode: 0600 # only legible by root owner: root - mode: root - notify: Reload dovecot + group: root + notify: Restart dovecot -- 2.45.2 From de2758f4d67da07f208d0bfc90021e28c3c9bfca Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 01:01:10 +0100 Subject: [PATCH 039/149] rename roles to match regex set by linter --- roles/{mail-certificates => mail_certificates}/tasks/main.yml | 0 .../templates/conf.ini.j2 | 0 roles/{mail-utils => mail_utils}/tasks/main.yml | 0 roles/{nfs-client => nfs_client}/defaults/main.yml | 0 roles/{nfs-client => nfs_client}/tasks/main.yml | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename roles/{mail-certificates => mail_certificates}/tasks/main.yml (100%) rename roles/{mail-certificates => mail_certificates}/templates/conf.ini.j2 (100%) rename roles/{mail-utils => mail_utils}/tasks/main.yml (100%) rename roles/{nfs-client => nfs_client}/defaults/main.yml (100%) rename roles/{nfs-client => nfs_client}/tasks/main.yml (100%) diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml similarity index 100% rename from roles/mail-certificates/tasks/main.yml rename to roles/mail_certificates/tasks/main.yml diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail_certificates/templates/conf.ini.j2 similarity index 100% rename from roles/mail-certificates/templates/conf.ini.j2 rename to roles/mail_certificates/templates/conf.ini.j2 diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail_utils/tasks/main.yml similarity index 100% rename from roles/mail-utils/tasks/main.yml rename to roles/mail_utils/tasks/main.yml diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs_client/defaults/main.yml similarity index 100% rename from roles/nfs-client/defaults/main.yml rename to roles/nfs_client/defaults/main.yml diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs_client/tasks/main.yml similarity index 100% rename from roles/nfs-client/tasks/main.yml rename to roles/nfs_client/tasks/main.yml -- 2.45.2 From 094334e069186d86dc531690b93c288e8ca22f2b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 01:03:18 +0100 Subject: [PATCH 040/149] Fix mode, shoudl always be set --- roles/postfix/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 46820e7..c1a056a 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -10,4 +10,5 @@ template: src: main.cf.j2 dest: /etc/postfix/main.cf + mode: 0644 notify: Restart postfix service -- 2.45.2 From b8e4ece8a7f97e290e0f9ae611c838a0fed2d85f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 23:44:20 +0100 Subject: [PATCH 041/149] use underscores instead of dashes inside role names --- mailserver.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index ca00641..d557d2a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -3,13 +3,13 @@ # Deploy mail server - hosts: mail.auro.re roles: - - mail-utils - - mail-certificates - - nfs-client + - mail_utils + - mail_certificates + - nfs_client - postfix - dovecot # - rspamd -# - mail-fail2ban +# - mail_fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From 8b66ba059b5e61ce3fbac33eb10b02f1e48b5071 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 29 Jan 2021 23:59:53 +0100 Subject: [PATCH 042/149] use command instead of shell when no shell functionality is required --- roles/mail_certificates/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 64e6c63..76f4b9c 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -24,5 +24,5 @@ register: certbot_config - name: Generate new certificates if the configuration changed - shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" when: certbot_config.changed -- 2.45.2 From 99a46af244165a563b283320f2390a489b5b24ef Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:02:28 +0100 Subject: [PATCH 043/149] User handlers to run when something changed --- roles/mail_certificates/handlers/main.yml | 3 +++ roles/mail_certificates/tasks/main.yml | 6 +----- 2 files changed, 4 insertions(+), 5 deletions(-) create mode 100644 roles/mail_certificates/handlers/main.yml diff --git a/roles/mail_certificates/handlers/main.yml b/roles/mail_certificates/handlers/main.yml new file mode 100644 index 0000000..cc3f463 --- /dev/null +++ b/roles/mail_certificates/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Generate certificates + command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 76f4b9c..2a4e30f 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -21,8 +21,4 @@ src: "conf.ini.j2" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 - register: certbot_config - -- name: Generate new certificates if the configuration changed - command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" - when: certbot_config.changed + notify: Generate certificates -- 2.45.2 From 24fa5a969c998bebd32cec829d4763169e217984 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:25:15 +0100 Subject: [PATCH 044/149] add local_network variable --- group_vars/all/vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 2f6be0e..01dd26e 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -97,3 +97,4 @@ is_aurore_host: "{{ 'aurore_vm' in group_names }}" myorigin: "auro.re" # myhostname should be the FQDN (Fully Qualified Domain Name) myhostname: "mail.adm.auro.re" +local_network: "10.128.0.0/24" -- 2.45.2 From 8612f835af70dc7a99785c23c1b8ff72158d67f4 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:30:35 +0100 Subject: [PATCH 045/149] fix typo and indentation problem --- roles/dovecot/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 68e6387..81c10ed 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -10,16 +10,16 @@ - dovecot-lmtpd - dovecot-ldap - dovecot-pop3d - register: apt_result - retries: 3 - until: apt_result is succeeded + register: apt_result + retries: 3 + until: apt_result is succeeded # Create the vmail user with UID and GID 5000 - name: Create vmail user user: name: vmail uid: 5000 - gid: 5000 + group: 5000 home: /var/vmail # Create mail user seive directory with right ownernship and rights -- 2.45.2 From d05425745f4cd629f08d9d329940e4891b4676b2 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:34:54 +0100 Subject: [PATCH 046/149] Fix indentation... again --- roles/dovecot/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 81c10ed..91630d7 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -46,14 +46,14 @@ src: "{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 - loop: - - "10-auth.conf" - - "10-mail.conf" - - "10-master.conf" - - "10-ssl.conf" - - "10-logging.conf" - - "auth-system.conf.ext" - notify: Restart dovecot + loop: + - "10-auth.conf" + - "10-mail.conf" + - "10-master.conf" + - "10-ssl.conf" + - "10-logging.conf" + - "auth-system.conf.ext" + notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d - name: Add Dovecot configuration outside of conf.d @@ -63,4 +63,4 @@ mode: 0600 # only legible by root owner: root group: root - notify: Restart dovecot + notify: Restart dovecot -- 2.45.2 From b50ef60e8a84e7206436b664dd7223ba1997657b Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:38:15 +0100 Subject: [PATCH 047/149] fix conf.d template files path --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 91630d7..108ca58 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -43,7 +43,7 @@ # Add the Dovecot configuration files (conf.d) - name: Add Dovecot configuration in conf.d template: - src: "{{ item }}.j2" + src: "conf.d/{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 loop: -- 2.45.2 From fcb53b7cf5694af96953b87d6890e00184756465 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:41:30 +0100 Subject: [PATCH 048/149] Add sane logging timestamp format --- roles/dovecot/templates/conf.d/10-logging.conf.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-logging.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-logging.conf.j2 b/roles/dovecot/templates/conf.d/10-logging.conf.j2 new file mode 100644 index 0000000..a2840ce --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-logging.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Prefix for each line written to log file. % codes are in strftime(3) format. +#log_timestamp = "%b %d %H:%M:%S " +log_timestamp = "%Y-%m-%d %H:%M:%S " -- 2.45.2 From af4d66c85bf7cf75fe3cdb591c7131ddd79748d1 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:46:00 +0100 Subject: [PATCH 049/149] remove non-existant conf file from the role --- roles/dovecot/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 108ca58..24e1b01 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -52,7 +52,6 @@ - "10-master.conf" - "10-ssl.conf" - "10-logging.conf" - - "auth-system.conf.ext" notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d -- 2.45.2 From c45dab323a2e941d941f24e60c019bdb5fa366ba Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:56:17 +0100 Subject: [PATCH 050/149] Don't add conf.d/*.conf into a file that is itself already there! dumb dumb --- roles/dovecot/templates/conf.d/10-auth.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/dovecot/templates/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/conf.d/10-auth.conf.j2 index e850270..a6d6de4 100644 --- a/roles/dovecot/templates/conf.d/10-auth.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-auth.conf.j2 @@ -3,9 +3,6 @@ # More info at https://gitea.auro.re/Aurore/ansible # And on the Dovecot wiki : https://doc.dovecot.org/ -# Include every configuration file in conf.d -!include conf.d/*.conf - # Include LDAP conf !include auth-ldap.conf.ext -- 2.45.2 From 809f5f9cc934c89d059b3b4dba68a7a24d8266ce Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:05:37 +0100 Subject: [PATCH 051/149] Add config in the right section --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index 39b2421..4d91b7a 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -5,9 +5,12 @@ # IMAP/POP/STMP auth configuration -# Postfix smtp-auth -unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix +service auth { + + # Postfix smtp-auth + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } } -- 2.45.2 From b2a49c1e4219b0d1d63690f31d353ac503f94f39 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:10:31 +0100 Subject: [PATCH 052/149] Add LMTP for Postfix-Dovecot communication --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index 4d91b7a..b6a7d10 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -5,6 +5,7 @@ # IMAP/POP/STMP auth configuration +# Authentification service auth { # Postfix smtp-auth @@ -14,3 +15,12 @@ service auth { group = postfix } } + +# Local LMTP +service lmtp { + unix listener /var/spool/postfix/private/dovecot-lmtp { + group = postfix + mode = 0600 + user = postfix + } +} -- 2.45.2 From 52a29ff01060c2a03d7be798258099c7ce4b44ce Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:14:53 +0100 Subject: [PATCH 053/149] Fix syntax: don't forget the underscore --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index b6a7d10..6ba775b 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -18,7 +18,7 @@ service auth { # Local LMTP service lmtp { - unix listener /var/spool/postfix/private/dovecot-lmtp { + unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix -- 2.45.2 From 2673f771d9dd5db6873621869f0a45c072423465 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 3 Feb 2021 20:18:46 +0100 Subject: [PATCH 054/149] Enable Dovecot sieve --- roles/dovecot/templates/conf.d/20-lmtp.conf | 31 +++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/20-lmtp.conf diff --git a/roles/dovecot/templates/conf.d/20-lmtp.conf b/roles/dovecot/templates/conf.d/20-lmtp.conf new file mode 100644 index 0000000..4d40470 --- /dev/null +++ b/roles/dovecot/templates/conf.d/20-lmtp.conf @@ -0,0 +1,31 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +## +## LMTP specific settings +## + +# Support proxying to other LMTP/SMTP servers by performing passdb lookups. +#lmtp_proxy = no + +# When recipient address includes the detail (e.g. user+detail), try to save +# the mail to the detail mailbox. See also recipient_delimiter and +# lda_mailbox_autocreate settings. +#lmtp_save_to_detail_mailbox = no + +# Verify quota before replying to RCPT TO. This adds a small overhead. +#lmtp_rcpt_check_quota = no + +# Which recipient address to use for Delivered-To: header and Received: +# header. The default is "final", which is the same as the one given to +# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT +# parameter, "none" uses nothing. Note that "none" is currently always used +# when a mail has multiple recipients. +#lmtp_hdr_delivery_address = final + +protocol lmtp { + # Space separated list of plugins to load (default is global mail_plugins). + mail_plugins = $mail_plugins sieve +} -- 2.45.2 From c85b2b58fe1a0a63146b87eae7d6c43ff1f4fb4e Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 3 Feb 2021 23:20:10 +0100 Subject: [PATCH 055/149] Add quota to dovecot --- roles/dovecot/templates/conf.d/90-quota.conf | 97 ++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/90-quota.conf diff --git a/roles/dovecot/templates/conf.d/90-quota.conf b/roles/dovecot/templates/conf.d/90-quota.conf new file mode 100644 index 0000000..431acfb --- /dev/null +++ b/roles/dovecot/templates/conf.d/90-quota.conf @@ -0,0 +1,97 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +## +## Quota configuration. +## + +# Note that you also have to enable quota plugin in mail_plugins setting. +# + +## +## Quota limits +## + +# Quota limits are set using "quota_rule" parameters. To get per-user quota +# limits, you can set/override them by returning "quota_rule" extra field +# from userdb. It's also possible to give mailbox-specific limits, for example +# to give additional 100 MB when saving to Trash: + +plugin { + #quota_rule = *:storage=1G + #quota_rule2 = Trash:storage=+100M + + # LDA/LMTP allows saving the last mail to bring user from under quota to + # over quota, if the quota doesn't grow too high. Default is to allow as + # long as quota will stay under 10% above the limit. Also allowed e.g. 10M. + #quota_grace = 10%% + + # Quota plugin can also limit the maximum accepted mail size. + #quota_max_mail_size = 100M +} + +## +## Quota warnings +## + +# You can execute a given command when user exceeds a specified quota limit. +# Each quota root has separate limits. Only the command for the first +# exceeded limit is executed, so put the highest limit first. +# The commands are executed via script service by connecting to the named +# UNIX socket (quota-warning below). +# Note that % needs to be escaped as %%, otherwise "% " expands to empty. + +plugin { + #quota_warning = storage=95%% quota-warning 95 %u + #quota_warning2 = storage=80%% quota-warning 80 %u +} + +# Example quota-warning service. The unix listener's permissions should be +# set in a way that mail processes can connect to it. Below example assumes +# that mail processes run as vmail user. If you use mode=0666, all system users +# can generate quota warnings to anyone. +#service quota-warning { +# executable = script /usr/local/bin/quota-warning.sh +# user = dovecot +# unix_listener quota-warning { +# user = vmail +# } +#} + +## +## Quota backends +## + +# Multiple backends are supported: +# dirsize: Find and sum all the files found from mail directory. +# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. +# dict: Keep quota stored in dictionary (eg. SQL) +# maildir: Maildir++ quota +# fs: Read-only support for filesystem quota + +plugin { + #quota = dirsize:User quota + #quota = maildir:User quota + #quota = dict:User quota::proxy::quota + #quota = fs:User quota +} + +# Multiple quota roots are also possible, for example this gives each user +# their own 100MB quota and one shared 1GB quota within the domain: +plugin { + #quota = dict:user::proxy::quota + #quota2 = dict:domain:%d:proxy::quota_domain + #quota_rule = *:storage=102400 + #quota2_rule = *:storage=1048576 +} + + +plugin { + quota = maildir:User quota + + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "452 4.2.2 Mailbox is full and cannot receive any more emails" +} -- 2.45.2 From 1c20193fc859b066694fe3f1f7ba884ba462b44f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:03:18 +0100 Subject: [PATCH 056/149] Add re2o mail server to the roles of the mailserver playbook --- mailserver.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index d557d2a..00dd0a5 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -8,8 +8,9 @@ - nfs_client - postfix - dovecot + - re2o-service-mail # - rspamd -# - mail_fail2ban +# - mail-fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From cf58c2bac52a85a8d72c0d79b3fd785472635a29 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:30:14 +0100 Subject: [PATCH 057/149] Add re2o mail server --- roles/re2o-service-mail/tasks/main.yml | 43 ++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 roles/re2o-service-mail/tasks/main.yml diff --git a/roles/re2o-service-mail/tasks/main.yml b/roles/re2o-service-mail/tasks/main.yml new file mode 100644 index 0000000..1144480 --- /dev/null +++ b/roles/re2o-service-mail/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: Create re2o mail-server directory + file: + path: /var/local/re2o-services/mail-server + state: directory + mode: '0775' + owner: root + group: root + +- name: Clone re2o mail-server repository + git: + repo: 'http://gitea.auro.re/aurore/re2o-mail-server.git' + dest: /var/local/re2o-services/mail-server + umask: '002' + +- name: Add API configuration + template: + src: config.ini.j2 + dest: /var/local/re2o-services/mail-server/config.ini + owner: root + group: root + mode: "0700" + +- name: Create generated directory + file: + path: /var/local/re2o-services/mail-server/generated + state: directory + mode: "0755" + owner: root + group: root + +- name: Deploy cron for re2o-mail-server + template: + src: cron.d/re2o-services-mail-server.j2 + dest: /etc/cron.d/re2o-services-mail-server + +- name: Deploy local aliases + template: + src: re2o-services/mail-server/mail-aliases/{{ item }}.j2 + dest: /var/local/re2o-services/mail-server/{{ item }}_local + loop: + - aliases + - virtuals -- 2.45.2 From 9e91f2e9d578c05dae94e225a70af063cffc85af Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:38:49 +0100 Subject: [PATCH 058/149] Re2o API config --- roles/re2o-service-mail/templates/config.ini.j2 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/re2o-service-mail/templates/config.ini.j2 diff --git a/roles/re2o-service-mail/templates/config.ini.j2 b/roles/re2o-service-mail/templates/config.ini.j2 new file mode 100644 index 0000000..3db22a6 --- /dev/null +++ b/roles/re2o-service-mail/templates/config.ini.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +[Re2o] +hostname = {{ re2o_hostname }} +username = {{ re2o_api_username }} +password = {{ re2o_api_password }} -- 2.45.2 From 1c7b4f8560cd9253ec58e541d67e020a3daabb6d Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:46:55 +0100 Subject: [PATCH 059/149] add re2o service mail cron --- .../templates/cron.d/re2o-services-mail-server.j2 | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 diff --git a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 new file mode 100644 index 0000000..cc35882 --- /dev/null +++ b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 @@ -0,0 +1,2 @@ +{{ ansible_managed | comment }} +*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From 1e59bec323e92f57cc09a3dd1f258c7e3c83b4c1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 02:14:52 +0100 Subject: [PATCH 060/149] Add Re2o API vars --- group_vars/all/vars.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 01dd26e..acdc5cb 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -70,6 +70,9 @@ keepalived_password: "{{ vault_keepalived_password[apartment_block] }}" re2o_secret_key: "{{ vault_re2o_secret_key }}" re2o_db_password: "{{ vault_re2o_db_password }}" re2o_aes_key: "{{ vault_re2o_aes_key }}" +re2o_hostname: "re2o.auro.re" +re2o_api_username: "{{ vault_re2o_api_username }}" +re2o_api_password: "{{ vault_re2o_api_password }}" # Radius radius_secret_aurore: "{{ vault_radius_secrets.aurore }}" -- 2.45.2 From 0a7de4fc784e95a287f0d816d468f0bb0999eb53 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 02:24:35 +0100 Subject: [PATCH 061/149] Mail VM has a public addr now and FQDN is mail.auro.re --- group_vars/all/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index acdc5cb..0bd2855 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -99,5 +99,5 @@ is_aurore_host: "{{ 'aurore_vm' in group_names }}" myorigin: "auro.re" # myhostname should be the FQDN (Fully Qualified Domain Name) -myhostname: "mail.adm.auro.re" +myhostname: "mail.auro.re" local_network: "10.128.0.0/24" -- 2.45.2 From ebf712d0bcb6aef2c092458d758cef4feffd3cb6 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 13:02:52 +0100 Subject: [PATCH 062/149] Use correct re2o API vars (don't add them twice in vault, reuse them) --- group_vars/all/vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 0bd2855..5917a32 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -71,8 +71,8 @@ re2o_secret_key: "{{ vault_re2o_secret_key }}" re2o_db_password: "{{ vault_re2o_db_password }}" re2o_aes_key: "{{ vault_re2o_aes_key }}" re2o_hostname: "re2o.auro.re" -re2o_api_username: "{{ vault_re2o_api_username }}" -re2o_api_password: "{{ vault_re2o_api_password }}" +re2o_api_username: "service-user" +re2o_api_password: "{{ vault_re2o_serviceuser_passwd }}" # Radius radius_secret_aurore: "{{ vault_radius_secrets.aurore }}" -- 2.45.2 From 27cfcc13205c0cbc8d6fe6e4e6af2816322c9dc9 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 14:47:40 +0100 Subject: [PATCH 063/149] Don't reinvent the whell, use existing roles (have to be tested) --- mailserver.yml | 15 ++++++- roles/re2o-service-mail/tasks/main.yml | 43 ------------------- .../re2o-service-mail/templates/config.ini.j2 | 6 --- .../cron.d/re2o-services-mail-server.j2 | 2 - 4 files changed, 14 insertions(+), 52 deletions(-) delete mode 100644 roles/re2o-service-mail/tasks/main.yml delete mode 100644 roles/re2o-service-mail/templates/config.ini.j2 delete mode 100644 roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 diff --git a/mailserver.yml b/mailserver.yml index 00dd0a5..f9725e7 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -8,10 +8,23 @@ - nfs_client - postfix - dovecot - - re2o-service-mail # - rspamd # - mail-fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX # Configure DKIM, SPF, Greylisting, etc... + + +# Deploy Re2o mail service + - hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/roles/re2o-service-mail/tasks/main.yml b/roles/re2o-service-mail/tasks/main.yml deleted file mode 100644 index 1144480..0000000 --- a/roles/re2o-service-mail/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Create re2o mail-server directory - file: - path: /var/local/re2o-services/mail-server - state: directory - mode: '0775' - owner: root - group: root - -- name: Clone re2o mail-server repository - git: - repo: 'http://gitea.auro.re/aurore/re2o-mail-server.git' - dest: /var/local/re2o-services/mail-server - umask: '002' - -- name: Add API configuration - template: - src: config.ini.j2 - dest: /var/local/re2o-services/mail-server/config.ini - owner: root - group: root - mode: "0700" - -- name: Create generated directory - file: - path: /var/local/re2o-services/mail-server/generated - state: directory - mode: "0755" - owner: root - group: root - -- name: Deploy cron for re2o-mail-server - template: - src: cron.d/re2o-services-mail-server.j2 - dest: /etc/cron.d/re2o-services-mail-server - -- name: Deploy local aliases - template: - src: re2o-services/mail-server/mail-aliases/{{ item }}.j2 - dest: /var/local/re2o-services/mail-server/{{ item }}_local - loop: - - aliases - - virtuals diff --git a/roles/re2o-service-mail/templates/config.ini.j2 b/roles/re2o-service-mail/templates/config.ini.j2 deleted file mode 100644 index 3db22a6..0000000 --- a/roles/re2o-service-mail/templates/config.ini.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# {{ ansible_managed }} - -[Re2o] -hostname = {{ re2o_hostname }} -username = {{ re2o_api_username }} -password = {{ re2o_api_password }} diff --git a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 deleted file mode 100644 index cc35882..0000000 --- a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ ansible_managed | comment }} -*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From 2c531d1af2e5ef404eb1789419903c98f8211130 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 23:18:23 +0100 Subject: [PATCH 064/149] Postfix conf add certs and other security related modifications --- host_vars/mail.auro.re.yml | 5 +++++ roles/postfix/templates/main.cf.j2 | 31 ++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index cc3ff9f..64da62b 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,6 +5,11 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re + cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}" + cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem" + cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem" + cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem" + cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 97412c2..e312caa 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -33,3 +33,34 @@ relay_domains = # Allow plus delimiter recipient_delimiter = + + +# Re2o Generated files +alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases +alias_maps = $alias_database +local_recipient_maps = $alias_maps unix:passwd.byname +virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual +relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual + +# Tell Postfix to deliver emails to Dovecot through LMTP +virtual_transport = lmtp:unix:private/dovecot-lmtp + +# TLS for reception +smtpd_use_tls = yes +smtpd_tls_security_level = may +smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }} +smtpd_tls_key_file = {{ certbot.cert_path_privkey }} +smtpd_tls_loglevel = 0 +smtpd_tls_received_header = yes + +# TLS for sending +smtp_use_tls = yes +smtp_tls_security_level = may +smtp_tls_loglevel = 1 +smtp_tls_cert_file = +smtp_tls_key_file = +smtp_tls_CApath = /etc/ssl/certs/ + +# Caching TLS sessions +smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache +smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache + -- 2.45.2 From e316679e1359fb80d5f3d10c8b2b7f9ca590c9de Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:34:53 +0100 Subject: [PATCH 065/149] Add additional role for mailserver --- roles/re2o_service_mailserver/tasks/main.yml | 15 +++++++++++++++ .../templates/cron.d/re2o-services-mail-server.j2 | 3 +++ 2 files changed, 18 insertions(+) create mode 100644 roles/re2o_service_mailserver/tasks/main.yml create mode 100644 roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 diff --git a/roles/re2o_service_mailserver/tasks/main.yml b/roles/re2o_service_mailserver/tasks/main.yml new file mode 100644 index 0000000..cc2cce5 --- /dev/null +++ b/roles/re2o_service_mailserver/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Additional configuration for the re2o-service mailserver, you have to deploy the re2o_service first + +- name: Create generated directory + file: + path: /var/local/re2o-services/mail-server/generated + state: directory + mode: "0755" + owner: root + group: root + +- name: Deploy cron for re2o-mail-server + template: + src: cron.d/re2o-services-mail-server.j2 + dest: /etc/cron.d/re2o-services-mail-server diff --git a/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 new file mode 100644 index 0000000..a1b0231 --- /dev/null +++ b/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 @@ -0,0 +1,3 @@ +{{ ansible_managed | comment }} +# Regenerate Postfix configuration Re2o API every 5 minutes +*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From efa34dab42a1532d74e0f21c5727f4b8b2159cb5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:35:12 +0100 Subject: [PATCH 066/149] fix yaml syntax --- host_vars/mail.auro.re.yml | 10 +++++----- mailserver.yml | 25 +++++++++++++------------ 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 64da62b..289801a 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,11 +5,11 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re - cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}" - cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem" - cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem" - cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem" - cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem" + cert_path_prefix: "/etc/letsencrypt/live/{{ certbot.certname }}" + cert_path_cert: "{{ cerbot.cert_path_prefix }}/cert.pem" + cert_path_chain: "{{ cerbot.cert_path_prefix }}/chain.pem" + cert_path_fullchain: "{{ cerbot.cert_path_prefix }}/fullchain.pem" + cert_path_privkey: "{{ cerbot.cert_path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/mailserver.yml b/mailserver.yml index f9725e7..fcabd49 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -6,8 +6,9 @@ - mail_utils - mail_certificates - nfs_client - - postfix + # - postfix - dovecot + - re2o_service_mailserver # - rspamd # - mail-fail2ban # @@ -17,14 +18,14 @@ # Deploy Re2o mail service - - hosts: mail.auro.re - vars: - service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git - service_name: mail-server - service_version: aurore - service_config: - hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! - username: service-user - password: "{{ vault_serviceuser_passwd }}" - roles: - - re2o-service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service -- 2.45.2 From 43053e57f929da287a005f4d2c687f330afd6309 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:44:32 +0100 Subject: [PATCH 067/149] Fix broken vars --- host_vars/mail.auro.re.yml | 12 +++++++----- roles/postfix/templates/main.cf.j2 | 4 ++-- roles/re2o-service/tasks/main.yml | 5 +++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 289801a..7ff5f11 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,11 +5,13 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re - cert_path_prefix: "/etc/letsencrypt/live/{{ certbot.certname }}" - cert_path_cert: "{{ cerbot.cert_path_prefix }}/cert.pem" - cert_path_chain: "{{ cerbot.cert_path_prefix }}/chain.pem" - cert_path_fullchain: "{{ cerbot.cert_path_prefix }}/fullchain.pem" - cert_path_privkey: "{{ cerbot.cert_path_prefix }}/privkey.pem" + +cert: + path_prefix: "/etc/letsencrypt/live/{{ cerbot.certname }}" + #path_cert: "{{ path_prefix }}/cert.pem" + #path_chain: "{{ path_prefix }}/chain.pem" + path_fullchain: "{{ path_prefix }}/fullchain.pem" + path_privkey: "{{ path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index e312caa..2173961 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -47,8 +47,8 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp # TLS for reception smtpd_use_tls = yes smtpd_tls_security_level = may -smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }} -smtpd_tls_key_file = {{ certbot.cert_path_privkey }} +smtpd_tls_cert_file = {{ cert.path_fullchain }} +smtpd_tls_key_file = {{ cert.path_privkey }} smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o-service/tasks/main.yml index 68e963c..1f7902d 100644 --- a/roles/re2o-service/tasks/main.yml +++ b/roles/re2o-service/tasks/main.yml @@ -12,6 +12,11 @@ retries: 3 until: apt_result is succeeded +- name: "Create the local user {{ service_user }}" + user: + create_home: false + name: "{{ service_user }}" + - name: "Clone re2o {{ service_name }} project" git: repo: "{{ service_repo }}" -- 2.45.2 From 256d2d5df401a508ebcf3b6a02c3bbc565eb59d8 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:05:26 +0100 Subject: [PATCH 068/149] Post renewal hook for certbot to reload dovecot and postfix --- .../renewal-hooks/reload-mail-services.sh.j2 | 6 ++++++ roles/mail_certificates/tasks/main.yml | 13 +++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 new file mode 100644 index 0000000..094fc7b --- /dev/null +++ b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/sh +{{ ansible_manged | comment }} +# Reload Postcot and Dovecot after certificates are (re)generated + +systemctl reload postfix +systemctl reload dovecot diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 2a4e30f..2ad6314 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -22,3 +22,16 @@ dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 notify: Generate certificates + +- name: Make sure let's encrypt renewal-hooks exists + file: + path: /etc/letsencrypt/renewal-hooks/deploy + state: directory + +- name: Reload Postfix and Dovecot after certificate renewal + template: + src: letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 + dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh + mode: 0755 + +# TODO: add motd -- 2.45.2 From 77918e00cef27baf2e5f9b3bc92e14f420ffe411 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:07:36 +0100 Subject: [PATCH 069/149] move files to the right place and fix small typo --- .../renewal-hooks/deploy/reload-mail-services.sh.j2 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 b/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 new file mode 100644 index 0000000..87b217f --- /dev/null +++ b/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/sh +{{ ansible_managed | comment }} +# Reload Postcot and Dovecot after certificates are (re)generated + +systemctl reload postfix +systemctl reload dovecot -- 2.45.2 From b35922346e2c619fed821991eebd59a01e953c18 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:09:12 +0100 Subject: [PATCH 070/149] Remove file since I did not git mv correclty... --- .../letsencrypt/renewal-hooks/reload-mail-services.sh.j2 | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 deleted file mode 100644 index 094fc7b..0000000 --- a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -{{ ansible_manged | comment }} -# Reload Postcot and Dovecot after certificates are (re)generated - -systemctl reload postfix -systemctl reload dovecot -- 2.45.2 From c0cd3946fbf62ae7ebc96cd7b654d700e082f6f2 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:17:58 +0100 Subject: [PATCH 071/149] Fix postfix cert variables --- host_vars/mail.auro.re.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 7ff5f11..e369fa0 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -7,11 +7,10 @@ certbot: certname: auro.re cert: - path_prefix: "/etc/letsencrypt/live/{{ cerbot.certname }}" - #path_cert: "{{ path_prefix }}/cert.pem" - #path_chain: "{{ path_prefix }}/chain.pem" - path_fullchain: "{{ path_prefix }}/fullchain.pem" - path_privkey: "{{ path_prefix }}/privkey.pem" + #path_cert: "/etc/letsencrypt/live/auro.re/cert.pem" + #path_chain: "/etc/letsencrypt/live/auro.re/chain.pem" + path_fullchain: "/etc/letsencrypt/live/auro.re/fullchain.pem" + path_privkey: "/etc/letsencrypt/live/auro.re/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc -- 2.45.2 From 5f48a46522e41a33759f695a354e0b72be53f856 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:35:46 +0100 Subject: [PATCH 072/149] Add postfix quota check --- roles/postfix/templates/main.cf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 2173961..27f243c 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -64,3 +64,7 @@ smtp_tls_CApath = /etc/ssl/certs/ smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache +# Reject mail if user if overquota +smtpd_recipient_restrictions = + reject_unauth_destination + check_policy_service unix:private/quota-status -- 2.45.2 From faba1d200554300a48037cc2a059f23e2ba4e3bb Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:50:56 +0100 Subject: [PATCH 073/149] Correct typo, this one was sneaky! --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 24e1b01..2b8e320 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -58,7 +58,7 @@ - name: Add Dovecot configuration outside of conf.d template: src: "dovecot-ldap.conf.ext.j2" - dest: "/etc/dovecot/dovecot-ldap-conf.ext" + dest: "/etc/dovecot/dovecot-ldap.conf.ext" mode: 0600 # only legible by root owner: root group: root -- 2.45.2 From 4b3e4919832f92efaecb48ae4120b37e882360c5 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:14:57 +0100 Subject: [PATCH 074/149] Add mail vars --- group_vars/all/vars.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 599e834..6b3c1e5 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -89,3 +89,9 @@ apartment_block_dhcp: "{{ apartment_block }}" ipv6_base_prefix: "2a09:6840" is_aurore_host: "{{ 'aurore_vm' in group_names }}" + +# Mail + +myorigin: "auro.re" +# myhostname should be the FQDN (Fully Qualified Domain Name) +myhostname: "mail.adm.auro.re" -- 2.45.2 From f01533409f0dba85b80d0371764f01f568a40065 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:15:48 +0100 Subject: [PATCH 075/149] Add (initial) postfix role --- roles/postfix/handlers/main.yml | 6 +++++ roles/postfix/tasks/main.yml | 15 ++++++++++++ roles/postfix/templates/main.cf.j2 | 37 ++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 roles/postfix/handlers/main.yml create mode 100644 roles/postfix/tasks/main.yml create mode 100644 roles/postfix/templates/main.cf.j2 diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml new file mode 100644 index 0000000..d8755a0 --- /dev/null +++ b/roles/postfix/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Restart Postfix +- name: Restart postfix service + service: + name: postfix + state: restarted diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..4b5c269 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Install and configure Postfix + +- name: Install Postfix + apt: + name: postfix + update_cache: true # apt update beforehand + +- name: Configure Postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: Restart postfix service + + diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 new file mode 100644 index 0000000..82aacd5 --- /dev/null +++ b/roles/postfix/templates/main.cf.j2 @@ -0,0 +1,37 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a full commented version +# See BASIC_CONFIGURATION_README and STANDARD_CONFIGURATION_README for more insights +# More generally, see the Postfix documentation at http://www.postfix.org + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ myorigin }} +# myorigin = auro.re +myorigin = {{ myorigin }} + +#myhostname = mail.adm.auro.re +myhostname = {{ myhostname }} + +mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }} + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# Allow plus delimiter +recipient_delimiter = + -- 2.45.2 From 5377378bf7e25d2940982a9d400fcba7e625c8df Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:16:00 +0100 Subject: [PATCH 076/149] Add (initial) mail-utils role --- roles/mail-utils/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 roles/mail-utils/tasks/main.yml diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail-utils/tasks/main.yml new file mode 100644 index 0000000..8f6b269 --- /dev/null +++ b/roles/mail-utils/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# Install small tools that are usefull on a mailserver +- name: Install small utility tools + apt: + name: + - swaks # Swiss Army Knife for SMTP + - mutt # small CLI mail client for debug and on-server mail + - pwgen # generate strong and cryptographically secure passwords + -- 2.45.2 From de83af936d34e3c41de5f910db8d04fd3f46ed00 Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:16:20 +0100 Subject: [PATCH 077/149] Add (initial) mailserver playbook --- mailserver.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 mailserver.yml diff --git a/mailserver.yml b/mailserver.yml new file mode 100644 index 0000000..132c8ca --- /dev/null +++ b/mailserver.yml @@ -0,0 +1,26 @@ +#! /usr/bin/env ansible-playbook +--- +# Deploy base and security +- hosts: mail.adm.auro.re + roles: + - baseconfig + - basesecurity + +# Deploy LDAP +- hosts: mail.adm.auro.re + roles: + - ldap_client + +# Deploy mail server +- hosts: mail.adm.auro.re + roles: + - mail-utils + - postfix + - dovecot + - rspamd + - mail-certificates + - mail-fail2ban + +# Make OVH server send mails through proxy ? +# Add multiple MX +# Configure DKIM, SPF, Greylisting, etc... -- 2.45.2 From 673d77d1be7874f8ddd3bbce26d7f9c3a1b4c77d Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 12:25:23 +0100 Subject: [PATCH 078/149] fix yaml lint --- mailserver.yml | 4 ++-- roles/mail-utils/tasks/main.yml | 7 +++---- roles/postfix/tasks/main.yml | 4 +--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index 132c8ca..8842e2b 100644 --- a/mailserver.yml +++ b/mailserver.yml @@ -1,4 +1,4 @@ -#! /usr/bin/env ansible-playbook +#!/usr/bin/env ansible-playbook --- # Deploy base and security - hosts: mail.adm.auro.re @@ -9,7 +9,7 @@ # Deploy LDAP - hosts: mail.adm.auro.re roles: - - ldap_client + - ldap_client # Deploy mail server - hosts: mail.adm.auro.re diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail-utils/tasks/main.yml index 8f6b269..ac9d64c 100644 --- a/roles/mail-utils/tasks/main.yml +++ b/roles/mail-utils/tasks/main.yml @@ -3,7 +3,6 @@ - name: Install small utility tools apt: name: - - swaks # Swiss Army Knife for SMTP - - mutt # small CLI mail client for debug and on-server mail - - pwgen # generate strong and cryptographically secure passwords - + - swaks # Swiss Army Knife for SMTP + - mutt # small CLI mail client for debug and on-server mail + - pwgen # generate strong and cryptographically secure passwords diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 4b5c269..46820e7 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -4,12 +4,10 @@ - name: Install Postfix apt: name: postfix - update_cache: true # apt update beforehand + update_cache: true # apt update beforehand - name: Configure Postfix template: src: main.cf.j2 dest: /etc/postfix/main.cf notify: Restart postfix service - - -- 2.45.2 From 750753f16dbe1a6d79c9fb11399f77b9f7f3691c Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 22:47:29 +0100 Subject: [PATCH 079/149] Starting the dovecot task --- roles/dovecot/tasks/main.yml | 51 ++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 roles/dovecot/tasks/main.yml diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..afa08f5 --- /dev/null +++ b/roles/dovecot/tasks/main.yml @@ -0,0 +1,51 @@ +--- +# Install and configure Dovecot +- name: Install Dovecot + apt: + name: + - dovecot-core + - dovecot-imapd + - dovecot-managesieved + - dovecot-lmtpd + - dovecot-ldap + - dovecot-pop3d + update_cache: true + +# Create the vmail user with UID and GID 5000 +- name: Create vmail user + user: + name: vmail + uid: 5000 + gid: 5000 + home: /var/vmail + +# Create mail user seive directory with right ownernship and rights +- name: Create mail user sieve directory + file: + path: /var/vmail/sieve/global + state: directory + owner: vmail + group: vmail + mode: 0770 + +# Do the same for mailboxes +- name: Create mail user mailbox directory + file: + path: /var/vmail/mailboxes + state: directory + owner: vmail + group: vmail + mode: 0770 + +# Add the Dovecot configuration files +- name: Add Dovecot configuration + template: + src: "{{ item }}.j2" + dest: "/etc/dovecot/conf.d/{{ item }}" + mode: 0644 + notify: Reload dovecot + loop: + - "10-auth.conf" + - "10-mail.conf" + - "10-master.conf" + - "10-ssl.conf" -- 2.45.2 From 3714396b6ba2f882a2433f578bad85fa5677ef8b Mon Sep 17 00:00:00 2001 From: otthorn Date: Thu, 14 Jan 2021 22:48:13 +0100 Subject: [PATCH 080/149] commented unused tasks for the moment --- mailserver.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 mailserver.yml diff --git a/mailserver.yml b/mailserver.yml old mode 100644 new mode 100755 index 8842e2b..f732d44 --- a/mailserver.yml +++ b/mailserver.yml @@ -17,9 +17,9 @@ - mail-utils - postfix - dovecot - - rspamd - - mail-certificates - - mail-fail2ban +# - rspamd +# - mail-certificates +# - mail-fail2ban # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From 40df593f1156c8ca6284a82b5566c92212ef80a8 Mon Sep 17 00:00:00 2001 From: otthorn Date: Fri, 15 Jan 2021 19:52:55 +0100 Subject: [PATCH 081/149] Added the certificates gestion --- host_vars/mail.auro.re.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 host_vars/mail.auro.re.yml diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml new file mode 100644 index 0000000..7e3e383 --- /dev/null +++ b/host_vars/mail.auro.re.yml @@ -0,0 +1,8 @@ +--- +certbot: + domains: + - mail.auro.re + - webmail.auro.re + - smtp.auro.re + mail: tech.aurore@lists.crans.org + certname: auro.re -- 2.45.2 From 991e3063206c51e7346737224b09eaff14b5ea24 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:31:30 +0100 Subject: [PATCH 082/149] Add nfs-client role --- roles/nfs-client/tasks/main.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 roles/nfs-client/tasks/main.yml diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml new file mode 100644 index 0000000..7137d1d --- /dev/null +++ b/roles/nfs-client/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# Install NFS client, mount distant storage and add configuration to fstab to make it persistent +- name: Install NFS client + apt: + name: + - nfs-common # use this on any NFS machine, be either client or server + update_cache: true + +- name: Create mountable dir + file: + path: {{ nfs-mount-path }} + state: directory + mode: 0644 + owner: {{ nfs-dir-owner }} + group: {{ nfs-dir-group }} + +- name: Mount and add to fstab + mount: + state: mounted # actively mounted and configured in fstab + src: {{ nfs-src }} + path: {{ nfs-mount-path }} + fstype: nfs + opts: defaults +# don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From 260526613739ae854f1ce2ea5e6d3012ef8f5fa5 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:34:25 +0100 Subject: [PATCH 083/149] fix var names for better hierarchy --- roles/nfs-client/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index 7137d1d..7bade02 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -8,17 +8,17 @@ - name: Create mountable dir file: - path: {{ nfs-mount-path }} + path: {{ nfs.mount-path }} state: directory mode: 0644 - owner: {{ nfs-dir-owner }} - group: {{ nfs-dir-group }} + owner: {{ nfs.dir-owner }} + group: {{ nfs.dir-group }} - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab - src: {{ nfs-src }} - path: {{ nfs-mount-path }} + src: {{ nfs.src }} + path: {{ nfs.mount-path }} fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From b6355ebb0a9e4685441b55a64bbac21d67a3512b Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:41:09 +0100 Subject: [PATCH 084/149] Added NFS host_var for mail.auro.re --- host_vars/mail.auro.re.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 7e3e383..0c5d952 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -2,7 +2,12 @@ certbot: domains: - mail.auro.re - - webmail.auro.re - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re + +nfs: + src: "10.128.0.6:/data_mail" # caradoc + mount-path: /var/vmail + dir-owner: vmail + dir-group: vmail -- 2.45.2 From 8cb854813914be79c62b90020eb7eac66a5dcf62 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:42:15 +0100 Subject: [PATCH 085/149] mail is no longer in adm --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 55cf3fc..4263845 100644 --- a/hosts +++ b/hosts @@ -32,7 +32,7 @@ re2o-db.adm.auro.re services-bdd-local.adm.auro.re backup.adm.auro.re services-web.adm.auro.re -mail.adm.auro.re +mail.auro.re wikijs.adm.auro.re prometheus-aurore.adm.auro.re portail.adm.auro.re -- 2.45.2 From f7ee1403d95c403a89563a8133392ab8972afd25 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:47:58 +0100 Subject: [PATCH 086/149] Fix yaml lint --- mailserver.yml | 22 ++++++---------------- roles/dovecot/tasks/main.yml | 2 +- roles/nfs-client/tasks/main.yml | 14 +++++++------- 3 files changed, 14 insertions(+), 24 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index f732d44..56ac56a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -1,26 +1,16 @@ #!/usr/bin/env ansible-playbook --- -# Deploy base and security -- hosts: mail.adm.auro.re - roles: - - baseconfig - - basesecurity - -# Deploy LDAP -- hosts: mail.adm.auro.re - roles: - - ldap_client - # Deploy mail server -- hosts: mail.adm.auro.re +- hosts: mail.auro.re roles: - mail-utils - - postfix - - dovecot + - mail-certificates + - nfs-client +# - postfix +# - dovecot # - rspamd -# - mail-certificates # - mail-fail2ban - +# # Make OVH server send mails through proxy ? # Add multiple MX # Configure DKIM, SPF, Greylisting, etc... diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index afa08f5..8e4ce5f 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -36,7 +36,7 @@ owner: vmail group: vmail mode: 0770 - + # Add the Dovecot configuration files - name: Add Dovecot configuration template: diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index 7bade02..ffc792c 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -3,22 +3,22 @@ - name: Install NFS client apt: name: - - nfs-common # use this on any NFS machine, be either client or server + - nfs-common # use this on any NFS machine, be either client or server update_cache: true -- name: Create mountable dir +- name: Create mountable dir file: - path: {{ nfs.mount-path }} + path: "{{ nfs.mount-path }}" state: directory mode: 0644 - owner: {{ nfs.dir-owner }} - group: {{ nfs.dir-group }} + owner: "{{ nfs.dir-owner }}" + group: "{{ nfs.dir-group }}" - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab - src: {{ nfs.src }} - path: {{ nfs.mount-path }} + src: "{{ nfs.src }}" + path: "{{ nfs.mount-path }}" fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From ed9557d3428117cc6f24fd01436414d5f16be7c8 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 12:51:52 +0100 Subject: [PATCH 087/149] fix ansible-lint --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 56ac56a..8e76fe9 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -2,7 +2,7 @@ --- # Deploy mail server - hosts: mail.auro.re - roles: + roles: | - mail-utils - mail-certificates - nfs-client -- 2.45.2 From a0a61244819f8533218fc04e4fd86220b026924c Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:03:09 +0100 Subject: [PATCH 088/149] add sain defaults for NFS client --- roles/nfs-client/defaults/main.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 roles/nfs-client/defaults/main.yml diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml new file mode 100644 index 0000000..70224f5 --- /dev/null +++ b/roles/nfs-client/defaults/main.yml @@ -0,0 +1,3 @@ +nfs: + owner: root + groupe: root -- 2.45.2 From 9543c2f10dfe79756fe2bceff2bcc8317097260e Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:24 +0100 Subject: [PATCH 089/149] dashes are evil, use underscore in var names --- host_vars/mail.auro.re.yml | 6 +++--- roles/nfs-client/tasks/main.yml | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 0c5d952..cc3ff9f 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -8,6 +8,6 @@ certbot: nfs: src: "10.128.0.6:/data_mail" # caradoc - mount-path: /var/vmail - dir-owner: vmail - dir-group: vmail + mount_path: "/var/vmail" + dir_owner: vmail + dir_group: vmail diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs-client/tasks/main.yml index ffc792c..0841ad3 100644 --- a/roles/nfs-client/tasks/main.yml +++ b/roles/nfs-client/tasks/main.yml @@ -8,17 +8,17 @@ - name: Create mountable dir file: - path: "{{ nfs.mount-path }}" + path: "{{ nfs.mount_path }}" state: directory - mode: 0644 - owner: "{{ nfs.dir-owner }}" - group: "{{ nfs.dir-group }}" + mode: 0755 + owner: "{{ nfs.dir_owner }}" + group: "{{ nfs.dir_group }}" - name: Mount and add to fstab mount: state: mounted # actively mounted and configured in fstab src: "{{ nfs.src }}" - path: "{{ nfs.mount-path }}" + path: "{{ nfs.mount_path }}" fstype: nfs opts: defaults # don't specify dump and fsck to keep the 0 (don't) variable -- 2.45.2 From 3a2f073db53347debb2c6f58e71b110abe19b861 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:43 +0100 Subject: [PATCH 090/149] fix typo --- roles/nfs-client/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml index 70224f5..d9bbd93 100644 --- a/roles/nfs-client/defaults/main.yml +++ b/roles/nfs-client/defaults/main.yml @@ -1,3 +1,3 @@ nfs: owner: root - groupe: root + group: root -- 2.45.2 From d49ad0f8d8ba3facd120f4511269ad8fa2e02a39 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 13:27:55 +0100 Subject: [PATCH 091/149] oupsie, reverse this --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 8e76fe9..56ac56a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -2,7 +2,7 @@ --- # Deploy mail server - hosts: mail.auro.re - roles: | + roles: - mail-utils - mail-certificates - nfs-client -- 2.45.2 From 155daedd248c0393e48f4c0a0113712241cd9cc5 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 16:40:28 +0100 Subject: [PATCH 092/149] Agree to Letsencrypt TOS --- roles/mail-certificates/templates/conf.ini.j2 | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 roles/mail-certificates/templates/conf.ini.j2 diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail-certificates/templates/conf.ini.j2 new file mode 100644 index 0000000..cdcd8db --- /dev/null +++ b/roles/mail-certificates/templates/conf.ini.j2 @@ -0,0 +1,26 @@ +# {{ ansible_managed }} + +# Pour appliquer cette conf et générer la conf de renewal : +# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly + +# Use a 4096 bit RSA key instead of 2048 +rsa-key-size = 4096 + +# Always use the staging/testing server +# server = https://acme-staging.api.letsencrypt.org/directory + +# Uncomment and update to register with the specified e-mail address +email = {{ certbot.mail }} + +# Uncomment to use a text interface instead of ncurses +text = True + +# Use nginx challenge +authenticator = standalone + +# Accept TOS +agree-tos = True + +# Wildcard the domain +cert-name = {{ certbot.certname }} +domains = {{ ", ".join(certbot.domains) }} -- 2.45.2 From 769dc5619b3227cb83cd9a27b5f6b12eb8ac525a Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 17:02:05 +0100 Subject: [PATCH 093/149] Add the mail-certificate role --- roles/mail-certificates/tasks/main.yml | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 roles/mail-certificates/tasks/main.yml diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail-certificates/tasks/main.yml new file mode 100644 index 0000000..64e6c63 --- /dev/null +++ b/roles/mail-certificates/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Very similar to the certbot role, but without nginx +# Install Letscrypt tools to generate and manage certificates +- name: Install Letsencrypt + apt: + name: + - certbot # letsencrypt + - ca-certificates # just in case + update_cache: true + +# Create the configuration directory for letsencrypt +- name: Create /etc/letsencrypt/conf.d + file: + path: /etc/letsencrypt/conf.d + state: directory + mode: 0755 + +# Configure certbot +- name: Add certbot configuration + template: + src: "conf.ini.j2" + dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + mode: 0644 + register: certbot_config + +- name: Generate new certificates if the configuration changed + shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + when: certbot_config.changed -- 2.45.2 From facb7365fcac2827d0949a468a8d6d2e8d516c6d Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 17:02:52 +0100 Subject: [PATCH 094/149] Please linter --- roles/nfs-client/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml index d9bbd93..6c55400 100644 --- a/roles/nfs-client/defaults/main.yml +++ b/roles/nfs-client/defaults/main.yml @@ -1,3 +1,4 @@ +--- nfs: owner: root group: root -- 2.45.2 From cbdde70c2a18ab37531d46760e58aba0d2f1a9f9 Mon Sep 17 00:00:00 2001 From: otthorn Date: Sun, 17 Jan 2021 23:48:36 +0100 Subject: [PATCH 095/149] Starting to try out postfix config --- mailserver.yml | 2 +- roles/postfix/templates/main.cf.j2 | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index 56ac56a..124663d 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -6,7 +6,7 @@ - mail-utils - mail-certificates - nfs-client -# - postfix + - postfix # - dovecot # - rspamd # - mail-fail2ban diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 82aacd5..97412c2 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -19,10 +19,8 @@ readme_directory = no compatibility_level = 2 # Send mail as user@{{ myorigin }} -# myorigin = auro.re myorigin = {{ myorigin }} -#myhostname = mail.adm.auro.re myhostname = {{ myhostname }} mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }} -- 2.45.2 From 946b3c973e54aea3c4489fd3dc222d1000d9b724 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:07:23 +0100 Subject: [PATCH 096/149] Apt retry mechanism --- roles/dovecot/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 8e4ce5f..74669f9 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -2,6 +2,7 @@ # Install and configure Dovecot - name: Install Dovecot apt: + update_cache: true name: - dovecot-core - dovecot-imapd @@ -9,7 +10,9 @@ - dovecot-lmtpd - dovecot-ldap - dovecot-pop3d - update_cache: true + register: apt_result + retries: 3 + until: apt_result is succeeded # Create the vmail user with UID and GID 5000 - name: Create vmail user -- 2.45.2 From 46c8b82a575a691f805a89653f0cf06fd3984cfb Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:11:36 +0100 Subject: [PATCH 097/149] Config outside of conf.d --- roles/dovecot/tasks/main.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 74669f9..053e154 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -40,15 +40,27 @@ group: vmail mode: 0770 -# Add the Dovecot configuration files -- name: Add Dovecot configuration +# Add the Dovecot configuration files (conf.d) +- name: Add Dovecot configuration in conf.d template: src: "{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 - notify: Reload dovecot loop: - "10-auth.conf" - "10-mail.conf" - "10-master.conf" - "10-ssl.conf" + - "10-loggin.conf" + - "auth-system.conf.ext" + notify: Reload dovecot + +# Add the Dovecot configuration file outside of conf.d +- name: Add Dovecot configuration outside of conf.d + template: + src: "dovecot-ldap.conf.ext.j2" + dest: "/etc/dovecot/dovecot-ldap-conf.ext" + mode: 0600 # only legible by root + owner: root + mode: root + notify: Reload dovecot -- 2.45.2 From 74e722fef82ea6d06d8b585dafcdf8d06e259352 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:13:08 +0100 Subject: [PATCH 098/149] fix typo --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 053e154..ddaf92d 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -51,7 +51,7 @@ - "10-mail.conf" - "10-master.conf" - "10-ssl.conf" - - "10-loggin.conf" + - "10-logging.conf" - "auth-system.conf.ext" notify: Reload dovecot -- 2.45.2 From 1ec03eda87aedae2a740b9eda5307557ed726bb0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 00:15:51 +0100 Subject: [PATCH 099/149] dovecot handlers --- roles/dovecot/handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 roles/dovecot/handlers/main.yml diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml new file mode 100644 index 0000000..d25b2b8 --- /dev/null +++ b/roles/dovecot/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload dovecot + service: + name: dovecot + state: reloaded -- 2.45.2 From 9260b902d6f0a9dcb7c77a5252223e0f8b2478f9 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:11:32 +0100 Subject: [PATCH 100/149] auth config --- roles/dovecot/templates/conf.d/10-auth.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-auth.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/conf.d/10-auth.conf.j2 new file mode 100644 index 0000000..e850270 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-auth.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Include every configuration file in conf.d +!include conf.d/*.conf + +# Include LDAP conf +!include auth-ldap.conf.ext + +# Authentification mechanisms +auth_mechanisms = plain login -- 2.45.2 From 05e16f322608f33db11024c25d99ce0f1aa5a0d7 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:24:50 +0100 Subject: [PATCH 101/149] maildir conf --- roles/dovecot/templates/conf.d/10-mail.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-mail.conf diff --git a/roles/dovecot/templates/conf.d/10-mail.conf b/roles/dovecot/templates/conf.d/10-mail.conf new file mode 100644 index 0000000..b7046d4 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-mail.conf @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Mailbox locations and namespaces + +# Simple mail location +mail_location = maildir:~/Maildir + +# Plugins +mail_plugins = quota +#mail_plugins = quota mail_log notify # to be tested -- 2.45.2 From f3eeb243bb569f20660f7c2d04f93cf7c43f6441 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:27:22 +0100 Subject: [PATCH 102/149] renamed to fit jinja template --- roles/dovecot/templates/conf.d/{10-mail.conf => 10-mail.conf.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/dovecot/templates/conf.d/{10-mail.conf => 10-mail.conf.j2} (100%) diff --git a/roles/dovecot/templates/conf.d/10-mail.conf b/roles/dovecot/templates/conf.d/10-mail.conf.j2 similarity index 100% rename from roles/dovecot/templates/conf.d/10-mail.conf rename to roles/dovecot/templates/conf.d/10-mail.conf.j2 -- 2.45.2 From f0a2bfd7401e6529c852260b40bbc23ed9ef4a7b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 01:34:09 +0100 Subject: [PATCH 103/149] Add IMAP/POP/SMTP auth conf --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-master.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 new file mode 100644 index 0000000..39b2421 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# IMAP/POP/STMP auth configuration + +# Postfix smtp-auth +unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix +} -- 2.45.2 From 910838c4169fe2e4456efaf59f8b95625efc1ec9 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 28 Jan 2021 03:15:45 +0100 Subject: [PATCH 104/149] Add ssl conf --- roles/dovecot/templates/conf.d/10-ssl.conf.j2 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-ssl.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-ssl.conf.j2 b/roles/dovecot/templates/conf.d/10-ssl.conf.j2 new file mode 100644 index 0000000..79ac059 --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-ssl.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# SSL and certificates configuration + +# Cetificates location +ssl_cert = Date: Fri, 29 Jan 2021 00:16:42 +0100 Subject: [PATCH 105/149] dovecot ldap conf --- .../templates/dovecot-ldap.conf.ext.j2 | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 roles/dovecot/templates/dovecot-ldap.conf.ext.j2 diff --git a/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 b/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 new file mode 100644 index 0000000..f99e82e --- /dev/null +++ b/roles/dovecot/templates/dovecot-ldap.conf.ext.j2 @@ -0,0 +1,20 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +uris = {{ ldap_master_uri }} +dn = {{ ldap_dovecot_bind_dn }} +dnpass = {{ ldap_dovecot_password }} +base = {{ ldap_user_tree }} + +#user_attrs = homeDirectory=home, uidNumber=uid, gidNumber=gid +#user_filter = (&(objectClass=posixAccount)(uid=%u)) + +pass_attrs = uid=user, userPassword=password +pass_filter = (&(objectClass=posixAccount)(uid=%u)) + +# Convert LDAP lookup to lowercase +# would be needed if re2o did not already had lowercase enforced by a +# validator +#auth_username_format = %Lu -- 2.45.2 From f14da4530536886936344c3f8fe5eadab1d44b47 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:20:02 +0100 Subject: [PATCH 106/149] dovecot vars --- group_vars/all/vars.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6b3c1e5..2f6be0e 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -15,6 +15,8 @@ ldap_matrix_password: "{{ vault_ldap_matrix_password }}" ldap_replica_password: "{{ vault_ldap_replica_password }}" ldap_admin_password: "{{ vault_ldap_admin_password }}" ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}" +ldap_dovecot_bind_dn: "cn=dovecot,ou=service-users,{{ ldap_base }}" +ldap_dovecot_password: "{{ vault_ldap_dovecot_password }}" # Databases postgresql_services_url: 'services-bdd.adm.auro.re' -- 2.45.2 From 482bf1f8bcb8083aae4f512c1b3b15d9f4bd11a1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:27:00 +0100 Subject: [PATCH 107/149] Add dovecot bind password into the vault --- group_vars/all/vault.yml | 347 ++++++++++++++++++++------------------- 1 file changed, 175 insertions(+), 172 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 8698d49..9d00213 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,173 +1,176 @@ $ANSIBLE_VAULT;1.1;AES256 -37356434643231623932626166316532633039323736303737363933373263623433653031356331 -3431376135666263353431396663363539333164643462340a383832373965653835633937373432 -31393936666535633137333739346135316463636166343063666363633966626639663265373935 -3865353439646331640a326137373039666263366330626537363566613135346263663761663732 -65363064356530373430633562623132373565326364656631313639376131313563316136623966 -35386236313238396436303765366365346335353166376164353936313536393665326439653861 -35623832623365386232353163656339333031323937383862656532636436386334643362653532 -66636365316161316536636131613438356464636163386233333333313531353935346264366231 -36346561303163663735386533333835313231333965633737376537396531323935383134643563 -32643566323564363762306438376431383237313633376437333339623936376664346137333561 -65656336303964623964616230306332636535343833336535303832666137663865336564623233 -33653361646533613462373163363736386634663038666232313432653037643330653639666663 -61643533363938366634616632626131663164393338623539636430363166323935396439373337 -34343930336631326634366331353836323465613934383231313364383061636631346633383634 -36646439336530353761613831343236373936666632333965323964643862616633303732333230 -36313132323965323831336265306565346461343235383864613762343536653434333163616663 -34303731666632666630313763323239633435386330363339363631646432633762383464303837 -39336630343833646666383237376238316264393262336136393662363261643961666332623138 -65633661343265643731396663376262613566613135663161393833373766396632303734336261 -30326436363237653431396563326264646335643536616530343863623130643666653733323331 -30616363306636396439376661633035326430313363656433636465623737636565333436653031 -33326662336239633930303665373965393037303238393630343338383362363439386634613838 -61356533383032656663613966383131623333613639633062343639393865376433316464653738 -64346465633263383662313934343732363536343662653532393837383062333565636662626634 -30393364336566343264373538386230623136316632666237646431333233376562356439626536 -61613835346636346139316665623463363339623863373961386661656361363232396533636233 -61326236643162623331633066333138326533323835366534336361396263353432373532326437 -30666234666235343739343834316234346630373661666634616461383639363664656534663636 -33376237313333393632313839373436616631336130393930373136623335666235386162376464 -31646437393336313433643534363138636461373837336634646464356437306265353731663362 -64316530326536333235386531613931303238363062383639626238346337356539323938663464 -62613432376563616238303938663933363564613532333633346132373361346231643130653833 -62313631313563343437373032626339366538313764333666353633363637333965633533373633 -33353134373730636638633432313932363264623531303135636566653038396131633230343839 -35303337613935666231303638663832663339626463353862616139346664356261656433313930 -65383336393934633036663261636434636461363161646239363135643536633836353965353462 -62636264373332643333356636616230376135363539393139383666363534626131663736393139 -36653862303066633365383435363637316262646338663437313435643334383835393238613763 -33656136646465373938653263376162633032336536613535356431393135396432636637356632 -31306132353632333833643434663930613936646233623935323761353461363139353238396633 -63363731613336643635333961336664343430353133373937396565343366363634653330663336 -62393866643665393232636232373964616335646363613466373666666661346139373938616463 -37613931613033323538323662356432306639626636666338666565343336323363633966316137 -32346538303935616265313461383731356462336435303936663931376133616365626466346435 -63313333643361363665653862663338376630613666356538616336643139666636663461323163 -35613365363032343831653639373866393635633363393961613339313234366232346662646132 -36636362356431366631373635613936653162323736303434353130343834323530393330613633 -66393130323637346561616435623562313037393161666236323834323836326161613963626236 -38343362343335343437656434303130626165646661393638336435343933326462343366323964 -39346433663533346262316461623732363963396161353139613663393264623335623832653436 -62306337653062666137373930303334643630623432303932303039343764633361613063643965 -34646133353132663662303665373836643238323932336663333730363137323532663164633862 -39383963336236646161653136626662313764373530623161663437373330666332316362623031 -66653832653035353662353638336239313336663765373966383030316137316135303134616439 -30386332366639653835663530643931326635373836663166313165633137623738636438663261 -34613135643363343232313061616337333562373764663733666666376233313534396132303536 -63643030623962626432653938336633313561303236363762353536613464353331373436666238 -65623961383736633934326165336637323630613032326163303436646530363063316334366665 -35303237613130326339306436343262313733663031333539343163323530653035356431386236 -63373564383233653165623034616262393966343262646461303562363763613261656235623533 -39643963646266623663343537663364633036373838313139313966663031376162666661363161 -36626332313535616638623837666565343734643037343761346238366665646461343532643434 -31356339613066646338306262323336373161326531326137353937343139386562383063666433 -61343861396465316663373963333237633736313735653138646366323334653963323831383864 -61636565333739663633623334336463643362343335663237393161383963373364303864393361 -61333935353634336637343961363237346565313633313366376336366139613563333336316565 -31653066323537646163666539356663633438386437386432313239356466356635303837326434 -66373934303932323732616563353566663766626335356662383732363266346636666231333864 -33663634313364353162666462383735653162383438393939306530393064626666366431633432 -63363139663632336333333562656339366133646630343533386535393234383638346532326132 -65326538373439373839656634613830656138643166616163663430323266366535646463303564 -38383537613964643761623330313563633939616432643134333266653038306136613962303162 -65393932353131323739333463363764346638633664383539616562353831653033633135656131 -35663136613835383538303134646631386331393032653539336632373439326238376233346238 -66623164643361646262373766353066633562343739393637653664623339333035323231663633 -66373134346231313239616534613065656563653662376434366161303163346533643866376266 -39383631396631633932653163343237313166633134346161653463393930613765373239303061 -33373466376563373739646130613566666132636666343266306135376636333730613034356430 -66373764376234363438613439643931323365636663376236666162643731646366623430373334 -32653962343839316534383034353535303839336361366666343961383930383237373164333065 -39643965386336393666633666376434303463633035373064383266646434343163396636343237 -66366561383237666566643035633635373966306464313765316665363532623638343030633733 -34663061663565303730613339623465653934363337396164383164363134373034356339643665 -38333662313862393631336533383631306130353963313337663031363061323762613966346333 -31356462336431336239353061653165376138326561346266353235636262613932633135303430 -64326536643334313262383132616434633131356537393263613761316535356631336461393930 -64386564306533656436653161383230313238396336656162656464663637336230663466323530 -34353730623033623866393266346134666230623139636132653739313738633037303563396162 -35366564376561306530353361616337386361326436366532656662376336373662636135663532 -38616631343733646564616264636239623136313037386561646632663463383430343632643935 -38663135346664626133373732306461383935366637303235316337376432626464396135343433 -31623230653464656538333263353061343761656638386537313163386132326635666531373334 -61313364646262346637623165643263313336626561376166326333333636303631353231373365 -31656664646330663063383135626534306338303161313438313162313866343035363234333432 -65613937373763623163653464636366316131653337346339626565643639663239313631336164 -39626263303361653864636433653038613938663037373735343637383733386230353663653865 -33663235613338636434303735386432383534663263656634353839663632343738376161393736 -35393062656533376261336130663235333766373832306563366538393763646339333334373063 -63396332303536336435323665316138613830306531356366383666343334323338616165306338 -61626364613062643131656239336466386664316661636664336466303931643236613761323130 -63656638633736383734313439366135613038326133646665303035646137393133636163393261 -66633864636362393630323436646233303664326634613235633438343930346538633466623064 -64643136326363356631343136366333613266336439326335323163306566313537646336383963 -35373936356137396366656237343432656236343339376538363339366334646130333030383464 -66333961643236653235663865353366313862633138376265366136636438633065653535663931 -35393166326337633337313465306565396161393534393563353166343935646362303465333833 -32326661633838333563663565643134616139353831343663313134306639656163653138383530 -63336462363862353935646563393766316665653561643765326161396439393866643565313161 -66343466313465343563316361643732313830633439336534316136303463366633653662643565 -33653533626531393536343033333433393032363862343661313836346561376565316361653032 -36613738663233333766613236613239336663323931653230313761643765666632363362643034 -39646130623161613332636330393936336532653861393935366266396536616465356362396635 -62643438643665326163366239386364633434383838613735396231383762316565373665363531 -32666131653961656566376631303239323262623330383438386164363162303662306535313162 -34343539636463626430386630653934306665333266336234313362343366633366373131383861 -31616535346236666264316535646236633363623533656332353037646231653236613664356362 -65656333303461646131366365323266656661343864633536396238333962393066336537353234 -31353337646131373533346161643432656361366464613437643230366261613662356435303339 -33623665373231656539326533353035383038633731386531633064623339653831306430333265 -35386538323561663433323939393564336539636432633738663337353937633837323062616266 -36363766373661356261643966623937633334303539343665343266386630363663663037396263 -61346330313665373533326437623838366634303335383433626137383434333166623138383931 -31643333366662333930393039333232613363313065633734303339323265323861633831646663 -33663934353664306665346631653561613463643265336431643532333533323764323937653934 -32356630383633666538386461653334343363656539383838613239626336366634383266323462 -38393534656635313739653461343835336134333166653463316464393063613831653837346663 -39626133643239353530303263663635326561306665363034393565326463343061313563366431 -39303333396166346138376530646532376333646636613664326536663133623532663462316439 -61343239623166616466316465653532646137336135656164386532623266386633326164336566 -65623436343531623133353366623763333137303132396435653632623534623061393036656161 -36373564306564363432373633326535383038623933343834386634653839353933343965366137 -34343334626661656265393461393339346139633136373936653630383732393461386463313263 -63366263333637363339323534636234386237393663316435323130663438343930336333643838 -34353264373261306439393732343530393765346161653562383939623234356562626664373263 -33343234366639663666346564383866623231356164396435363035373063643566326665373864 -32616131383530663033633866613236366264636564343462326265373762396364323232393131 -39636432356334353439333938643331366263353237633234643233373364393133366537653738 -63383531643334656537316663393235646331613365393330633064663939353633383035643866 -61376632636430646135363761393131626664326235316639646332366564396561633037363866 -65353563643632323364313134613339356563333431353931653738323162316666346466663266 -62653433666136613734623361363066336230326562663730643230616463613936633738643135 -66373935653939613537306265623532616133353365303433303562353831663534343165316362 -39613937326561383264323361666439613865316138386266393261616135346433323466333234 -33356138623132383063356633613066356161616662623961313562636636386463346266366137 -63396535353236623765626634663132633261643036333762323836636138643737373031653266 -37333836383937386238326162626166656134313165336437323834326635623036616130313539 -34356337666536666230333231326463343938396366353238313639656531663363636164626438 -30656439626361386633343236373733656334353061316239303764363236353639626637376534 -36313630613336633533613437663563656436356130336333346432616638343463316636326236 -30323737623330393565616532363835373766626432356137376561336261353864333266313033 -31663665626439336362363836613032393934613438333663373565393662663066353337343233 -31356261396664653865326532326136356134626631333530306633666538376630396163643761 -65636630346134353431646137613766326365613463373130666665663166356639333532326238 -32303238346632303831316631303733346433366665643234646439363737363462336539343534 -62623363353135303732613939613430363338313539616336656433356664343365663835626366 -62663232386638323265643133343433303133616437666139616337363036316135356333366533 -35666466303365623835663266373765393031643637333663663030366465333764653466373366 -38303863373864656431666434353064343166613132656266393939393163326631363931616637 -66396161633133646164646339396634623766643065306666373464323562363963333431636638 -66616166643762656433646661643931663639353237623461616561363164333634613338636336 -30626234333237366563663163366633666165343933316636646630653031393139393534376334 -64346166623061303930313432316665646266613834633139306662343537653736393134623032 -62643537393239643265663433653737386464353130303130323538626164306637323665623736 -39626238333038366263336630373139343064303833646634313331653033396364646462356639 -62333331336561373839636631363934653363386365363132646464653363313866616435633138 -34623638666534663131616631306566303365623339386137623666633833393134393735623264 -35323330366134613635656438323566346263306231343536306539633366653062316638396532 -62306133386530386436633661356331323261353738623865333531363036633535643537393362 -62396565636566343932373361373163356639313236306161366237356264336330366130333530 -63613363313930386438343330376463626438343439313866653039363036316566613932313230 -63323330373866613032343235623334336635343062623461366263623033353335623137356439 -39393834343230363362 +66303361306465306436306562636265303832353830313933363965316261376162313738653737 +3334363661316563633238316632336463323737633066610a306236343636656261623835343466 +39386437363564623661333465386338613632316563373164363839623138336165343834313237 +6433343439383431360a633139363034623861396633316632336131333137626239646639326131 +65613236363733346330636565303039613737366263356230313734383033383435343433386536 +30653263396339656337626239303662326134373231303364613066656339376662643934323466 +30643261393463373063623865343537653862353766323538613731353534363639616438313663 +66366133643462333935636231636638326364636334613430333062616264663961326362613466 +66313730363933653631646638616166343030626465336361313239323731356534313963613530 +65383735626234663261393834313232626239666135313566353839616162323732323265633031 +62393862663438313237663335396332613661313864303630653533343362333834356262363465 +30666232356539386437353438643038333766363362653432366263616338393066363532633064 +63646561653264393162303430346662623536363364383862366264393532613461303935653261 +39376462623561626336306435323934323130613031623865656432626233616563393365343036 +37643463666436386230653339613463633133333661356564646234653632313931333765383666 +39646331383939343663306634393531646265363531326636326636616632643437343566656464 +64643638616264376130656637386134396161306636333064633731646234396566303934626332 +66393466626137336265653933346362396639383064393663613866333337653166343262646536 +61333864373737333133626438646538353338663531323961666335333166613363653230643139 +38616462306461356135306164376332313538613465316563663566373533396635346635646134 +31386661306533383130633130346539303666316663333762383131623535343038613963353336 +32336135366435643463613962383833666130363765326631613963363266626633643966663063 +33363235353765623961346331393963653130663434356234336538626438616334613761636161 +32346234643531396530653636626531653033393863383963663938646135616238393861373738 +30346664646465666666333165336636616265303265393236626534343163353633643737366264 +63303937306637643033663333353633346166636361323538393063353438353135303665616663 +34613230383836343861613661356162363831623363633435646234353839663530363936356238 +63383038616631666633653032613435316265626137643730666539393561373264613663656464 +30613033373435313036633938353461623335396264313236623065323339623537613164316366 +33356432646438636530353230333762346165336661393038666138356561333363613563656665 +34306136393233346532303461393736636561316231626231643633333938656435663638306261 +33393064333662336466313461363638393339373637303735663736353537363364663235363263 +36623663636235363332616433626266653330393633326339376562636165323539313532363535 +64386136393631656665343337333738653664613966363361313931313763323563383265623935 +31643532346363656462646436343761353938626661383336636436373233343530353130626463 +36346330626432376338306339396563316233313836383863303232396439336436363833383063 +39663864306533376630623334386336663237666635336661383630616139633736393835666534 +61393036363763336632623236383236383639373662393761313834653833316332373733653830 +62616563386435396433653930653637643031636462633336663033306531356239346564663564 +30636462343263643236316635346163373765393262623365353933313065333532353562333932 +62656234656363306266386135313466376665663166623038616637663333353731313564356434 +61343235613639386364663533376362613364653562613431393862656265313432623532343965 +65326362323534346535326331613262653130623336653231323564376534336261643538333434 +31333830653933633562626364363364386630343364376337613436663030333865323433316163 +33356438366161626666653731386438643064656538373036393532396432396138353564313833 +34643231366439656439336534323039616364396137653661373761343635663366363134623032 +62313734313061353065613561613337373338623732326362363436616134343864643439363631 +38346339383864373635383462326466303635383661633665663362646165663934336632633838 +64373332356664663663613735663163336465353030383365346661326634373832656137393061 +34626363383964646439356338343439343336626237626366383663386161663037343339383066 +30356332623337626437313235623161373937663532613238353333326265663937653034616135 +64663731653965613933636561313730623030656666656232396433646563623137643661643132 +30383439343764396137313231353161323835393934373561623666653630656335366434636235 +36306162316464613365616330626433306335396130336266616566653661336335346566613763 +30373638353230313433333539306664323333646463333334366362613832376534356636383235 +30626263383036643034303465366137356665366238366663313837323937646631396262623331 +62323366623530663561643036643733323230343832633639663737356530643564643534666366 +64646339363235376561363835643166663735643333656230386565653234356565323135333731 +65313864316166383566386564303461343031356138386362633834316230396436306533306239 +62306132373535363931306664346637663561323530346339373234343633663062393361323532 +32653938623738383565353965656636336662323939346331396162623862613038633035643766 +30346431393237323735386337643062396433366434396531623130643038366465643132303532 +62366266393166333138643238383764656461623361326236333565373762316431373132356263 +30396263396264626330613734346361646531626531363639393431366636316135333566393561 +65393661333837633236396563333631663036376633666538306564333565653030303135313866 +32366234313532656437393964666438393737363437303562633937396437663062616636383564 +33393564643066383662323765346535616164633239636235656263336663633562646665393734 +31393232376662666431393064643161653730653263313536613963376561386536353536616163 +63316237636630306165346633646437636636626331303262663032653662333236646564613363 +63616263643266393861386166346139343237633232653734363465303935613264366130336261 +63333137633266306465363837646163323266363665396266363437303931353938653638343630 +61386561616663303330663634306235336432316365303461623665393338396434346533366130 +35303363643334613862613831366464616264386338373566613431303939623638656536306532 +31346365623766346566353564613761333563303233336139376639363634616564303336393737 +38333637376566393437383264386561386336653135663135356466663430383634313535626233 +65646131353961663064316434353564383163646166323832663662373031636531623736643566 +37336530636133363561643438663563353963373265333333386434336361326338646666636263 +64396438616335393338376632326162326530636431323466646261623531303335656135313834 +34613764336234303230373737326662396562303439363535643562386661303861666530366332 +62316635343436396535656163393737343664333963356539313037306432643166393333353036 +63663266613332363364313863303465366136333862346164306335353838333830343261323365 +61373565666665663065666233316639326238323763333336383665653434623031383063613162 +33666532363638353130303665646536663139633463343764353962643838353037323865623236 +39613832616265376464363234363532323265366362316564343964636539656263376632313538 +38653066666165333866646437353264383638366138633538336434623139623264623033656661 +36643336343764613136653432316361343963313162326439656662386334356535373361303330 +31653963306365373633323937363332636633613266363064363535366136646639643632343031 +34393363373861613863313039393336333165386637393265333439396230643735363230363530 +61643036353062643164663063343930613536653762633231333931646239343661343738386232 +66373934643837323266623866393166373837323034373662306565623534396562326635323362 +31613138613261626231663330626664376539366165353836343039336138623931643537363931 +62313862313164306337383465333464313966656538643836643639653632663564633232343362 +61323033316630616536633938393735343332653965656565663163396335643738646463303130 +64363334326165653962656534313939666230373362316438346139356266616566346462356162 +61316233346463376162356461623734313431623330633239353730643964616662383966323932 +35373962663333653738616562396638633136376635383032313634333931626530393532663531 +30356232626566386632356334393939343262393536666130333537646338343063313565623163 +64383337303665613630393164383337346132346462373338323933316231386233323061353661 +64336337376231383035653861373639373763633337396236373161613833303630316663626331 +62633336383834363033316539336261346137303463643337393465393339663966653464336162 +66633832383734373635356165343336323866663735353931626466613361636632313437326566 +36386631653935633036373831643763656564643138303564306630396539373536383261663366 +63333061333431626465353839343564346331323961663939373538636261343336663461336566 +61343231633064336561666362633739636435633663653432393862356232356434356439343936 +35326237313033363031336162303436383733626365373832333438393436663938316366343161 +65656566353535363664386336383137313962333339396530356361363630353365366532656464 +39353639626639653535316665383962646331326463353663383630633961353031396131393562 +64663661396330356664316536623666383762623934306532636562663038336165376262633661 +30373531356163386531623738373837366666323637333932393131366531316439643338373230 +39663131313531343736353666376532326566313963623432643965646666333939613538643463 +66333762306162623963306136343930306638383933333835626231616466633561633766383564 +36653163366336666565626665323966373434383432303430306632333636353337386265323534 +61306435356164313731393862383531646665346134616330303237396136313765313233313434 +35393065363264323232323537363237303330386635346263306463636233393461393232306534 +34636138333038366165343434323937363864366463326330353438313662323035653965383138 +34646331356237613461393464386465303834373536336666626539313431303635653831303237 +66643536336330303438393161613833346337336333636137336435333830386137653139386665 +34636463313438323038616134383932646266656434633861363331393634393030356562646134 +36653830326330353962393736393566393839366132643163303862316566633838373537613531 +30396636333564623930313636363762636437373138313835393362346237353731316662343661 +36636536643534636632646463376333346230383866353736393535313931313066656231336234 +65333935653537613239663166303636356466653337643362313834303634623535653166613138 +33316638313233613239386235383737623361376132346666393661393464613963616233613033 +35386534353462386238313833666234633662353166303463333463346636646565313333613866 +62313066366131353961323761306461653732393737386539646461346133626363303563353035 +63313536646234396433306361366338386539326366316163363132326230366632383032646233 +35626138326633653032393263326261313761623437336630646634636463613533353239353734 +65363236373038623965353166656131313835373834386635656361323931653237393336333938 +38373737613966356366313636656366363031396639623633373162363363373830363564356336 +37373537323462633337663462666637363661313166323038623665393562663862383161383363 +64366663656537663837373662313564663033333663633333613733656662303639313630623162 +65663165363164343364633132376538653834323764646664626266343534393763663936616339 +37336336356164613534653862626230356635333361326266323365353665666531343337613331 +61303731313431386633616230393562373331643966306161343730336539313935306662343865 +39303237653733663162303664386237376266333963663034636564363032373235646430363837 +38636261613564323565336639623533343964663733366138303635303833633738326165643938 +38616364663737333535346661356333326238303439626138303465663932393839653362393432 +33613236316161323135373162333866666136623062373037383665633034356534333530643037 +33363466643030323061373633393233383838616631636266323165656137636532626136353561 +64663936396364613236363663316534366162623735336235643631373263616330353036623333 +32393334663663393264376630626630653962393632353239356236626334633833306335386333 +30356630306630323334663334363063343462383837393663636133343465336537353433663536 +66313265613032343838633164633366396236343136303163353365343032353239376539393965 +32316361663438623731336537393135336465336161646661366565356338326537646561376434 +36626332303661373561306338666533633435393433393832656166656264376266363035366637 +64346432336339396636353930363263653838343266623430613730373235376538366465373764 +31326537383336633434663231663865353763323235623866633339393633323836366637303536 +62313139646562616339356336663838386439313531333030643032333838343332383533663134 +32323935376462646130346631656362373035346436376266653164303263653566303037393136 +36313038303862373662356662663437353265326433653330343437316230646338306639646532 +35653732306239653133656361333330333634376332323737303831666461346165616138663637 +63376263333365623037616336303038613536303163343930396635386536363936346465326137 +63653835623135353161643765643563396636313635306461376531626332333335393661646431 +33323430653464396230366465343236303033356432643066303730323132306238643737376533 +65643232323138313562346661396361363730643736626166386664313732326136373531663466 +36383630636161376431393135373863356137353737306166393934656437363063363630393864 +62663464623932616532636231643964396533396230363837383235666561663032663938373165 +32313931373935316137643937623161306330653161336138363562313033613132306164623364 +38336435333432323237353734393666646361626535393665306662393831393765636265373938 +61303832343631313634393037356662643162643233363731386265323862383034623564393661 +30646566643336323038633161356437613666626431613762363530343166633735383365323462 +36336364616531393031326361626638323834353365666437363466653234316532396662343365 +63393331336336636363313438386461303838306539303161333433313037373361366336653462 +65626531646338626532646563346566626536643166313432363231343163313039323461633265 +61396263303433383830333865366537633066366231393034623233633436316133303030653236 +64366638353634666661666534363763356164333065313136613761626262383239646539626330 +31636665326134653836626364616161636265393534666138386234373635313834343338646139 +39363432643962623339636463346264343530666133656361316437333837346236353532613131 +36626562326536303263373361326565326364363934343430313662376464303532346361653563 +62333238633765363363363265303438396631303463376561383832643633353065366633633364 +65663634613638336638376632353733646536313839313335383939613565623463313534633335 +33333139343633353830663434643139663839323364643235623832386536633264373434336133 +63303461383063313738626431663361633730343730623865613936373232616663373636646338 +31376261376139666531376663613331366539303133353564333036336239343233666238303361 +303137643632666133393733336431393664 -- 2.45.2 From 5c7537f4ac032d31cca2383b436c4fdcda64e12f Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:55:02 +0100 Subject: [PATCH 108/149] Add dovecot role to the mailserver --- mailserver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index 124663d..ca00641 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -7,7 +7,7 @@ - mail-certificates - nfs-client - postfix -# - dovecot + - dovecot # - rspamd # - mail-fail2ban # -- 2.45.2 From 8436e64b3a6757bdc92029621bcc7746fa09ebd1 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:56:08 +0100 Subject: [PATCH 109/149] reload -> restart --- roles/dovecot/handlers/main.yml | 4 ++-- roles/dovecot/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml index d25b2b8..8f8b702 100644 --- a/roles/dovecot/handlers/main.yml +++ b/roles/dovecot/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Reload dovecot +- name: Restart dovecot service: name: dovecot - state: reloaded + state: restarted diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index ddaf92d..9b66d05 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -53,7 +53,7 @@ - "10-ssl.conf" - "10-logging.conf" - "auth-system.conf.ext" - notify: Reload dovecot + notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d - name: Add Dovecot configuration outside of conf.d -- 2.45.2 From b8aa50716618a2699213ff859a7063500381a714 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 00:57:24 +0100 Subject: [PATCH 110/149] fix typo --- roles/dovecot/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 9b66d05..68e6387 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -62,5 +62,5 @@ dest: "/etc/dovecot/dovecot-ldap-conf.ext" mode: 0600 # only legible by root owner: root - mode: root - notify: Reload dovecot + group: root + notify: Restart dovecot -- 2.45.2 From 5732fef21e664d3d1ae1d7c97a1eac9e1d37fd5a Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 01:01:10 +0100 Subject: [PATCH 111/149] rename roles to match regex set by linter --- roles/{mail-certificates => mail_certificates}/tasks/main.yml | 0 .../templates/conf.ini.j2 | 0 roles/{mail-utils => mail_utils}/tasks/main.yml | 0 roles/{nfs-client => nfs_client}/defaults/main.yml | 0 roles/{nfs-client => nfs_client}/tasks/main.yml | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename roles/{mail-certificates => mail_certificates}/tasks/main.yml (100%) rename roles/{mail-certificates => mail_certificates}/templates/conf.ini.j2 (100%) rename roles/{mail-utils => mail_utils}/tasks/main.yml (100%) rename roles/{nfs-client => nfs_client}/defaults/main.yml (100%) rename roles/{nfs-client => nfs_client}/tasks/main.yml (100%) diff --git a/roles/mail-certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml similarity index 100% rename from roles/mail-certificates/tasks/main.yml rename to roles/mail_certificates/tasks/main.yml diff --git a/roles/mail-certificates/templates/conf.ini.j2 b/roles/mail_certificates/templates/conf.ini.j2 similarity index 100% rename from roles/mail-certificates/templates/conf.ini.j2 rename to roles/mail_certificates/templates/conf.ini.j2 diff --git a/roles/mail-utils/tasks/main.yml b/roles/mail_utils/tasks/main.yml similarity index 100% rename from roles/mail-utils/tasks/main.yml rename to roles/mail_utils/tasks/main.yml diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs_client/defaults/main.yml similarity index 100% rename from roles/nfs-client/defaults/main.yml rename to roles/nfs_client/defaults/main.yml diff --git a/roles/nfs-client/tasks/main.yml b/roles/nfs_client/tasks/main.yml similarity index 100% rename from roles/nfs-client/tasks/main.yml rename to roles/nfs_client/tasks/main.yml -- 2.45.2 From 522d286bdd573944fa0ef7d5dd81616801479089 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 01:03:18 +0100 Subject: [PATCH 112/149] Fix mode, shoudl always be set --- roles/postfix/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 46820e7..c1a056a 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -10,4 +10,5 @@ template: src: main.cf.j2 dest: /etc/postfix/main.cf + mode: 0644 notify: Restart postfix service -- 2.45.2 From f8774587c2c2b71ae9fc19df50e7e2698833ef25 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Fri, 29 Jan 2021 23:44:20 +0100 Subject: [PATCH 113/149] use underscores instead of dashes inside role names --- mailserver.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mailserver.yml b/mailserver.yml index ca00641..d557d2a 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -3,13 +3,13 @@ # Deploy mail server - hosts: mail.auro.re roles: - - mail-utils - - mail-certificates - - nfs-client + - mail_utils + - mail_certificates + - nfs_client - postfix - dovecot # - rspamd -# - mail-fail2ban +# - mail_fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From 486216b8ff6fb40ce1816d564e6ae57958cd3979 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 29 Jan 2021 23:59:53 +0100 Subject: [PATCH 114/149] use command instead of shell when no shell functionality is required --- roles/mail_certificates/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 64e6c63..76f4b9c 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -24,5 +24,5 @@ register: certbot_config - name: Generate new certificates if the configuration changed - shell: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" + command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" when: certbot_config.changed -- 2.45.2 From 495f4c4343680388d00b33685e568894f60abb63 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:02:28 +0100 Subject: [PATCH 115/149] User handlers to run when something changed --- roles/mail_certificates/handlers/main.yml | 3 +++ roles/mail_certificates/tasks/main.yml | 6 +----- 2 files changed, 4 insertions(+), 5 deletions(-) create mode 100644 roles/mail_certificates/handlers/main.yml diff --git a/roles/mail_certificates/handlers/main.yml b/roles/mail_certificates/handlers/main.yml new file mode 100644 index 0000000..cc3f463 --- /dev/null +++ b/roles/mail_certificates/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Generate certificates + command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 76f4b9c..2a4e30f 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -21,8 +21,4 @@ src: "conf.ini.j2" dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 - register: certbot_config - -- name: Generate new certificates if the configuration changed - command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" - when: certbot_config.changed + notify: Generate certificates -- 2.45.2 From 32adecd5c1a14f422e9382d6d2c99cada326e857 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:25:15 +0100 Subject: [PATCH 116/149] add local_network variable --- group_vars/all/vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 2f6be0e..01dd26e 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -97,3 +97,4 @@ is_aurore_host: "{{ 'aurore_vm' in group_names }}" myorigin: "auro.re" # myhostname should be the FQDN (Fully Qualified Domain Name) myhostname: "mail.adm.auro.re" +local_network: "10.128.0.0/24" -- 2.45.2 From e26bc5f8c1849c80d602ed40e41c02ca7b10bce9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:30:35 +0100 Subject: [PATCH 117/149] fix typo and indentation problem --- roles/dovecot/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 68e6387..81c10ed 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -10,16 +10,16 @@ - dovecot-lmtpd - dovecot-ldap - dovecot-pop3d - register: apt_result - retries: 3 - until: apt_result is succeeded + register: apt_result + retries: 3 + until: apt_result is succeeded # Create the vmail user with UID and GID 5000 - name: Create vmail user user: name: vmail uid: 5000 - gid: 5000 + group: 5000 home: /var/vmail # Create mail user seive directory with right ownernship and rights -- 2.45.2 From ab124e560a57b9d104807f74de814206df726424 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:34:54 +0100 Subject: [PATCH 118/149] Fix indentation... again --- roles/dovecot/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 81c10ed..91630d7 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -46,14 +46,14 @@ src: "{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 - loop: - - "10-auth.conf" - - "10-mail.conf" - - "10-master.conf" - - "10-ssl.conf" - - "10-logging.conf" - - "auth-system.conf.ext" - notify: Restart dovecot + loop: + - "10-auth.conf" + - "10-mail.conf" + - "10-master.conf" + - "10-ssl.conf" + - "10-logging.conf" + - "auth-system.conf.ext" + notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d - name: Add Dovecot configuration outside of conf.d @@ -63,4 +63,4 @@ mode: 0600 # only legible by root owner: root group: root - notify: Restart dovecot + notify: Restart dovecot -- 2.45.2 From 012a6076f3c0b5a7b39b36780c362e7d2b1ad066 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:38:15 +0100 Subject: [PATCH 119/149] fix conf.d template files path --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 91630d7..108ca58 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -43,7 +43,7 @@ # Add the Dovecot configuration files (conf.d) - name: Add Dovecot configuration in conf.d template: - src: "{{ item }}.j2" + src: "conf.d/{{ item }}.j2" dest: "/etc/dovecot/conf.d/{{ item }}" mode: 0644 loop: -- 2.45.2 From c36e52c26351fd8cdd5add861f92bcf3690f3a53 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:41:30 +0100 Subject: [PATCH 120/149] Add sane logging timestamp format --- roles/dovecot/templates/conf.d/10-logging.conf.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/10-logging.conf.j2 diff --git a/roles/dovecot/templates/conf.d/10-logging.conf.j2 b/roles/dovecot/templates/conf.d/10-logging.conf.j2 new file mode 100644 index 0000000..a2840ce --- /dev/null +++ b/roles/dovecot/templates/conf.d/10-logging.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +# Prefix for each line written to log file. % codes are in strftime(3) format. +#log_timestamp = "%b %d %H:%M:%S " +log_timestamp = "%Y-%m-%d %H:%M:%S " -- 2.45.2 From c1fc197da72f95eae70d72d6fa30efaee78d6830 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:46:00 +0100 Subject: [PATCH 121/149] remove non-existant conf file from the role --- roles/dovecot/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 108ca58..24e1b01 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -52,7 +52,6 @@ - "10-master.conf" - "10-ssl.conf" - "10-logging.conf" - - "auth-system.conf.ext" notify: Restart dovecot # Add the Dovecot configuration file outside of conf.d -- 2.45.2 From 4bcdbec9c409d3cbd3896a75d0b22ad5cf8235af Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 00:56:17 +0100 Subject: [PATCH 122/149] Don't add conf.d/*.conf into a file that is itself already there! dumb dumb --- roles/dovecot/templates/conf.d/10-auth.conf.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/dovecot/templates/conf.d/10-auth.conf.j2 b/roles/dovecot/templates/conf.d/10-auth.conf.j2 index e850270..a6d6de4 100644 --- a/roles/dovecot/templates/conf.d/10-auth.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-auth.conf.j2 @@ -3,9 +3,6 @@ # More info at https://gitea.auro.re/Aurore/ansible # And on the Dovecot wiki : https://doc.dovecot.org/ -# Include every configuration file in conf.d -!include conf.d/*.conf - # Include LDAP conf !include auth-ldap.conf.ext -- 2.45.2 From 3b19ef06eed7454b41a63a476cb680a023a33a8f Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:05:37 +0100 Subject: [PATCH 123/149] Add config in the right section --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index 39b2421..4d91b7a 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -5,9 +5,12 @@ # IMAP/POP/STMP auth configuration -# Postfix smtp-auth -unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix +service auth { + + # Postfix smtp-auth + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } } -- 2.45.2 From 0d9de57a78fbe066bd8407561b86f0b0a61ffa76 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:10:31 +0100 Subject: [PATCH 124/149] Add LMTP for Postfix-Dovecot communication --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index 4d91b7a..b6a7d10 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -5,6 +5,7 @@ # IMAP/POP/STMP auth configuration +# Authentification service auth { # Postfix smtp-auth @@ -14,3 +15,12 @@ service auth { group = postfix } } + +# Local LMTP +service lmtp { + unix listener /var/spool/postfix/private/dovecot-lmtp { + group = postfix + mode = 0600 + user = postfix + } +} -- 2.45.2 From 477781e293e997b920b125ead475ac344424ba95 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 30 Jan 2021 01:14:53 +0100 Subject: [PATCH 125/149] Fix syntax: don't forget the underscore --- roles/dovecot/templates/conf.d/10-master.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/templates/conf.d/10-master.conf.j2 b/roles/dovecot/templates/conf.d/10-master.conf.j2 index b6a7d10..6ba775b 100644 --- a/roles/dovecot/templates/conf.d/10-master.conf.j2 +++ b/roles/dovecot/templates/conf.d/10-master.conf.j2 @@ -18,7 +18,7 @@ service auth { # Local LMTP service lmtp { - unix listener /var/spool/postfix/private/dovecot-lmtp { + unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix -- 2.45.2 From b8edf512f7717e4d3a3dfdf7a3b35e37d21c0819 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 3 Feb 2021 20:18:46 +0100 Subject: [PATCH 126/149] Enable Dovecot sieve --- roles/dovecot/templates/conf.d/20-lmtp.conf | 31 +++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/20-lmtp.conf diff --git a/roles/dovecot/templates/conf.d/20-lmtp.conf b/roles/dovecot/templates/conf.d/20-lmtp.conf new file mode 100644 index 0000000..4d40470 --- /dev/null +++ b/roles/dovecot/templates/conf.d/20-lmtp.conf @@ -0,0 +1,31 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +## +## LMTP specific settings +## + +# Support proxying to other LMTP/SMTP servers by performing passdb lookups. +#lmtp_proxy = no + +# When recipient address includes the detail (e.g. user+detail), try to save +# the mail to the detail mailbox. See also recipient_delimiter and +# lda_mailbox_autocreate settings. +#lmtp_save_to_detail_mailbox = no + +# Verify quota before replying to RCPT TO. This adds a small overhead. +#lmtp_rcpt_check_quota = no + +# Which recipient address to use for Delivered-To: header and Received: +# header. The default is "final", which is the same as the one given to +# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT +# parameter, "none" uses nothing. Note that "none" is currently always used +# when a mail has multiple recipients. +#lmtp_hdr_delivery_address = final + +protocol lmtp { + # Space separated list of plugins to load (default is global mail_plugins). + mail_plugins = $mail_plugins sieve +} -- 2.45.2 From 4d769ff6d3a1f769f0106a603cdb8a91c29d6987 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Wed, 3 Feb 2021 23:20:10 +0100 Subject: [PATCH 127/149] Add quota to dovecot --- roles/dovecot/templates/conf.d/90-quota.conf | 97 ++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 roles/dovecot/templates/conf.d/90-quota.conf diff --git a/roles/dovecot/templates/conf.d/90-quota.conf b/roles/dovecot/templates/conf.d/90-quota.conf new file mode 100644 index 0000000..431acfb --- /dev/null +++ b/roles/dovecot/templates/conf.d/90-quota.conf @@ -0,0 +1,97 @@ +# {{ ansible_managed }} +# Dovecot configuration for Aurore +# More info at https://gitea.auro.re/Aurore/ansible +# And on the Dovecot wiki : https://doc.dovecot.org/ + +## +## Quota configuration. +## + +# Note that you also have to enable quota plugin in mail_plugins setting. +# + +## +## Quota limits +## + +# Quota limits are set using "quota_rule" parameters. To get per-user quota +# limits, you can set/override them by returning "quota_rule" extra field +# from userdb. It's also possible to give mailbox-specific limits, for example +# to give additional 100 MB when saving to Trash: + +plugin { + #quota_rule = *:storage=1G + #quota_rule2 = Trash:storage=+100M + + # LDA/LMTP allows saving the last mail to bring user from under quota to + # over quota, if the quota doesn't grow too high. Default is to allow as + # long as quota will stay under 10% above the limit. Also allowed e.g. 10M. + #quota_grace = 10%% + + # Quota plugin can also limit the maximum accepted mail size. + #quota_max_mail_size = 100M +} + +## +## Quota warnings +## + +# You can execute a given command when user exceeds a specified quota limit. +# Each quota root has separate limits. Only the command for the first +# exceeded limit is executed, so put the highest limit first. +# The commands are executed via script service by connecting to the named +# UNIX socket (quota-warning below). +# Note that % needs to be escaped as %%, otherwise "% " expands to empty. + +plugin { + #quota_warning = storage=95%% quota-warning 95 %u + #quota_warning2 = storage=80%% quota-warning 80 %u +} + +# Example quota-warning service. The unix listener's permissions should be +# set in a way that mail processes can connect to it. Below example assumes +# that mail processes run as vmail user. If you use mode=0666, all system users +# can generate quota warnings to anyone. +#service quota-warning { +# executable = script /usr/local/bin/quota-warning.sh +# user = dovecot +# unix_listener quota-warning { +# user = vmail +# } +#} + +## +## Quota backends +## + +# Multiple backends are supported: +# dirsize: Find and sum all the files found from mail directory. +# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. +# dict: Keep quota stored in dictionary (eg. SQL) +# maildir: Maildir++ quota +# fs: Read-only support for filesystem quota + +plugin { + #quota = dirsize:User quota + #quota = maildir:User quota + #quota = dict:User quota::proxy::quota + #quota = fs:User quota +} + +# Multiple quota roots are also possible, for example this gives each user +# their own 100MB quota and one shared 1GB quota within the domain: +plugin { + #quota = dict:user::proxy::quota + #quota2 = dict:domain:%d:proxy::quota_domain + #quota_rule = *:storage=102400 + #quota2_rule = *:storage=1048576 +} + + +plugin { + quota = maildir:User quota + + quota_status_success = DUNNO + quota_status_nouser = DUNNO + quota_status_overquota = "452 4.2.2 Mailbox is full and cannot receive any more emails" +} -- 2.45.2 From 49243202b2f4c524e712a1a482b11759f8c2ead0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:03:18 +0100 Subject: [PATCH 128/149] Add re2o mail server to the roles of the mailserver playbook --- mailserver.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mailserver.yml b/mailserver.yml index d557d2a..00dd0a5 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -8,8 +8,9 @@ - nfs_client - postfix - dovecot + - re2o-service-mail # - rspamd -# - mail_fail2ban +# - mail-fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX -- 2.45.2 From 3af1aa8a1898314b1fe97de1e6bba9e5abedbbdd Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:30:14 +0100 Subject: [PATCH 129/149] Add re2o mail server --- roles/re2o-service-mail/tasks/main.yml | 43 ++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 roles/re2o-service-mail/tasks/main.yml diff --git a/roles/re2o-service-mail/tasks/main.yml b/roles/re2o-service-mail/tasks/main.yml new file mode 100644 index 0000000..1144480 --- /dev/null +++ b/roles/re2o-service-mail/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: Create re2o mail-server directory + file: + path: /var/local/re2o-services/mail-server + state: directory + mode: '0775' + owner: root + group: root + +- name: Clone re2o mail-server repository + git: + repo: 'http://gitea.auro.re/aurore/re2o-mail-server.git' + dest: /var/local/re2o-services/mail-server + umask: '002' + +- name: Add API configuration + template: + src: config.ini.j2 + dest: /var/local/re2o-services/mail-server/config.ini + owner: root + group: root + mode: "0700" + +- name: Create generated directory + file: + path: /var/local/re2o-services/mail-server/generated + state: directory + mode: "0755" + owner: root + group: root + +- name: Deploy cron for re2o-mail-server + template: + src: cron.d/re2o-services-mail-server.j2 + dest: /etc/cron.d/re2o-services-mail-server + +- name: Deploy local aliases + template: + src: re2o-services/mail-server/mail-aliases/{{ item }}.j2 + dest: /var/local/re2o-services/mail-server/{{ item }}_local + loop: + - aliases + - virtuals -- 2.45.2 From 5ae66dae15e14a75df937835ed6e91e2a85d9bb0 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:38:49 +0100 Subject: [PATCH 130/149] Re2o API config --- roles/re2o-service-mail/templates/config.ini.j2 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/re2o-service-mail/templates/config.ini.j2 diff --git a/roles/re2o-service-mail/templates/config.ini.j2 b/roles/re2o-service-mail/templates/config.ini.j2 new file mode 100644 index 0000000..3db22a6 --- /dev/null +++ b/roles/re2o-service-mail/templates/config.ini.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +[Re2o] +hostname = {{ re2o_hostname }} +username = {{ re2o_api_username }} +password = {{ re2o_api_password }} -- 2.45.2 From ed81571cb81b5ead3e911599f6d5ed4b0c069346 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 01:46:55 +0100 Subject: [PATCH 131/149] add re2o service mail cron --- .../templates/cron.d/re2o-services-mail-server.j2 | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 diff --git a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 new file mode 100644 index 0000000..cc35882 --- /dev/null +++ b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 @@ -0,0 +1,2 @@ +{{ ansible_managed | comment }} +*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From 8b59794013b4d99d0a7daeee9ab4ff9cfc5805a2 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 02:14:52 +0100 Subject: [PATCH 132/149] Add Re2o API vars --- group_vars/all/vars.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 01dd26e..acdc5cb 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -70,6 +70,9 @@ keepalived_password: "{{ vault_keepalived_password[apartment_block] }}" re2o_secret_key: "{{ vault_re2o_secret_key }}" re2o_db_password: "{{ vault_re2o_db_password }}" re2o_aes_key: "{{ vault_re2o_aes_key }}" +re2o_hostname: "re2o.auro.re" +re2o_api_username: "{{ vault_re2o_api_username }}" +re2o_api_password: "{{ vault_re2o_api_password }}" # Radius radius_secret_aurore: "{{ vault_radius_secrets.aurore }}" -- 2.45.2 From cac03b51c013620145a7df50d81e147e13b36135 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 02:24:35 +0100 Subject: [PATCH 133/149] Mail VM has a public addr now and FQDN is mail.auro.re --- group_vars/all/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index acdc5cb..0bd2855 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -99,5 +99,5 @@ is_aurore_host: "{{ 'aurore_vm' in group_names }}" myorigin: "auro.re" # myhostname should be the FQDN (Fully Qualified Domain Name) -myhostname: "mail.adm.auro.re" +myhostname: "mail.auro.re" local_network: "10.128.0.0/24" -- 2.45.2 From 95e67e8fe15ec71c6e688e9ea2be69a5e02a93bf Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 13:02:52 +0100 Subject: [PATCH 134/149] Use correct re2o API vars (don't add them twice in vault, reuse them) --- group_vars/all/vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 0bd2855..5917a32 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -71,8 +71,8 @@ re2o_secret_key: "{{ vault_re2o_secret_key }}" re2o_db_password: "{{ vault_re2o_db_password }}" re2o_aes_key: "{{ vault_re2o_aes_key }}" re2o_hostname: "re2o.auro.re" -re2o_api_username: "{{ vault_re2o_api_username }}" -re2o_api_password: "{{ vault_re2o_api_password }}" +re2o_api_username: "service-user" +re2o_api_password: "{{ vault_re2o_serviceuser_passwd }}" # Radius radius_secret_aurore: "{{ vault_radius_secrets.aurore }}" -- 2.45.2 From 59302b7fd822b5ff520f66e439eb6e26543df631 Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 14:47:40 +0100 Subject: [PATCH 135/149] Don't reinvent the whell, use existing roles (have to be tested) --- mailserver.yml | 15 ++++++- roles/re2o-service-mail/tasks/main.yml | 43 ------------------- .../re2o-service-mail/templates/config.ini.j2 | 6 --- .../cron.d/re2o-services-mail-server.j2 | 2 - 4 files changed, 14 insertions(+), 52 deletions(-) delete mode 100644 roles/re2o-service-mail/tasks/main.yml delete mode 100644 roles/re2o-service-mail/templates/config.ini.j2 delete mode 100644 roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 diff --git a/mailserver.yml b/mailserver.yml index 00dd0a5..f9725e7 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -8,10 +8,23 @@ - nfs_client - postfix - dovecot - - re2o-service-mail # - rspamd # - mail-fail2ban # # Make OVH server send mails through proxy ? # Add multiple MX # Configure DKIM, SPF, Greylisting, etc... + + +# Deploy Re2o mail service + - hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/roles/re2o-service-mail/tasks/main.yml b/roles/re2o-service-mail/tasks/main.yml deleted file mode 100644 index 1144480..0000000 --- a/roles/re2o-service-mail/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Create re2o mail-server directory - file: - path: /var/local/re2o-services/mail-server - state: directory - mode: '0775' - owner: root - group: root - -- name: Clone re2o mail-server repository - git: - repo: 'http://gitea.auro.re/aurore/re2o-mail-server.git' - dest: /var/local/re2o-services/mail-server - umask: '002' - -- name: Add API configuration - template: - src: config.ini.j2 - dest: /var/local/re2o-services/mail-server/config.ini - owner: root - group: root - mode: "0700" - -- name: Create generated directory - file: - path: /var/local/re2o-services/mail-server/generated - state: directory - mode: "0755" - owner: root - group: root - -- name: Deploy cron for re2o-mail-server - template: - src: cron.d/re2o-services-mail-server.j2 - dest: /etc/cron.d/re2o-services-mail-server - -- name: Deploy local aliases - template: - src: re2o-services/mail-server/mail-aliases/{{ item }}.j2 - dest: /var/local/re2o-services/mail-server/{{ item }}_local - loop: - - aliases - - virtuals diff --git a/roles/re2o-service-mail/templates/config.ini.j2 b/roles/re2o-service-mail/templates/config.ini.j2 deleted file mode 100644 index 3db22a6..0000000 --- a/roles/re2o-service-mail/templates/config.ini.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# {{ ansible_managed }} - -[Re2o] -hostname = {{ re2o_hostname }} -username = {{ re2o_api_username }} -password = {{ re2o_api_password }} diff --git a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 deleted file mode 100644 index cc35882..0000000 --- a/roles/re2o-service-mail/templates/cron.d/re2o-services-mail-server.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ ansible_managed | comment }} -*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From d0196c8c00530f24f06953633d0d8c31a30b638b Mon Sep 17 00:00:00 2001 From: Otthorn Date: Thu, 4 Feb 2021 23:18:23 +0100 Subject: [PATCH 136/149] Postfix conf add certs and other security related modifications --- host_vars/mail.auro.re.yml | 5 +++++ roles/postfix/templates/main.cf.j2 | 31 ++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index cc3ff9f..64da62b 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,6 +5,11 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re + cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}" + cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem" + cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem" + cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem" + cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 97412c2..e312caa 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -33,3 +33,34 @@ relay_domains = # Allow plus delimiter recipient_delimiter = + + +# Re2o Generated files +alias_database = hash:/var/local/re2o-services/mail-server/generated/aliases +alias_maps = $alias_database +local_recipient_maps = $alias_maps unix:passwd.byname +virtual_alias_maps = hash:/var/local/re2o-services/mail-server/generated/virtual +relay_recipient_maps = hash:/var/local/re2o-services/mail-server/generated/virtual + +# Tell Postfix to deliver emails to Dovecot through LMTP +virtual_transport = lmtp:unix:private/dovecot-lmtp + +# TLS for reception +smtpd_use_tls = yes +smtpd_tls_security_level = may +smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }} +smtpd_tls_key_file = {{ certbot.cert_path_privkey }} +smtpd_tls_loglevel = 0 +smtpd_tls_received_header = yes + +# TLS for sending +smtp_use_tls = yes +smtp_tls_security_level = may +smtp_tls_loglevel = 1 +smtp_tls_cert_file = +smtp_tls_key_file = +smtp_tls_CApath = /etc/ssl/certs/ + +# Caching TLS sessions +smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache +smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache + -- 2.45.2 From bf692f4501374897bce0ed6e970db00c962b9601 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:34:53 +0100 Subject: [PATCH 137/149] Add additional role for mailserver --- roles/re2o_service_mailserver/tasks/main.yml | 15 +++++++++++++++ .../templates/cron.d/re2o-services-mail-server.j2 | 3 +++ 2 files changed, 18 insertions(+) create mode 100644 roles/re2o_service_mailserver/tasks/main.yml create mode 100644 roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 diff --git a/roles/re2o_service_mailserver/tasks/main.yml b/roles/re2o_service_mailserver/tasks/main.yml new file mode 100644 index 0000000..cc2cce5 --- /dev/null +++ b/roles/re2o_service_mailserver/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Additional configuration for the re2o-service mailserver, you have to deploy the re2o_service first + +- name: Create generated directory + file: + path: /var/local/re2o-services/mail-server/generated + state: directory + mode: "0755" + owner: root + group: root + +- name: Deploy cron for re2o-mail-server + template: + src: cron.d/re2o-services-mail-server.j2 + dest: /etc/cron.d/re2o-services-mail-server diff --git a/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 b/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 new file mode 100644 index 0000000..a1b0231 --- /dev/null +++ b/roles/re2o_service_mailserver/templates/cron.d/re2o-services-mail-server.j2 @@ -0,0 +1,3 @@ +{{ ansible_managed | comment }} +# Regenerate Postfix configuration Re2o API every 5 minutes +*/5 * * * * root /usr/bin/python3 /var/local/re2o-services/mail-server/main.py -- 2.45.2 From 391d5ce9a022f193cdae9a50439e53b7325d5fe0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:35:12 +0100 Subject: [PATCH 138/149] fix yaml syntax --- host_vars/mail.auro.re.yml | 10 +++++----- mailserver.yml | 25 +++++++++++++------------ 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 64da62b..289801a 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,11 +5,11 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re - cert_path_prefix = "/etc/letsencrypt/live/{{ certbot.certname }}" - cert_path_cert = "{{ cerbot.cert_path_prefix }}/cert.pem" - cert_path_chain = "{{ cerbot.cert_path_prefix }}/chain.pem" - cert_path_fullchain = "{{ cerbot.cert_path_prefix }}/fullchain.pem" - cert_path_privkey = "{{ cerbot.cert_path_prefix }}/privkey.pem" + cert_path_prefix: "/etc/letsencrypt/live/{{ certbot.certname }}" + cert_path_cert: "{{ cerbot.cert_path_prefix }}/cert.pem" + cert_path_chain: "{{ cerbot.cert_path_prefix }}/chain.pem" + cert_path_fullchain: "{{ cerbot.cert_path_prefix }}/fullchain.pem" + cert_path_privkey: "{{ cerbot.cert_path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/mailserver.yml b/mailserver.yml index f9725e7..fcabd49 100755 --- a/mailserver.yml +++ b/mailserver.yml @@ -6,8 +6,9 @@ - mail_utils - mail_certificates - nfs_client - - postfix + # - postfix - dovecot + - re2o_service_mailserver # - rspamd # - mail-fail2ban # @@ -17,14 +18,14 @@ # Deploy Re2o mail service - - hosts: mail.auro.re - vars: - service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git - service_name: mail-server - service_version: aurore - service_config: - hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! - username: service-user - password: "{{ vault_serviceuser_passwd }}" - roles: - - re2o-service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service -- 2.45.2 From 9e6a127a8fcfccc137aa6a3bba70e0d90d188fb9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Thu, 4 Feb 2021 23:44:32 +0100 Subject: [PATCH 139/149] Fix broken vars --- host_vars/mail.auro.re.yml | 12 +++++++----- roles/postfix/templates/main.cf.j2 | 4 ++-- roles/re2o-service/tasks/main.yml | 5 +++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 289801a..7ff5f11 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,11 +5,13 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re - cert_path_prefix: "/etc/letsencrypt/live/{{ certbot.certname }}" - cert_path_cert: "{{ cerbot.cert_path_prefix }}/cert.pem" - cert_path_chain: "{{ cerbot.cert_path_prefix }}/chain.pem" - cert_path_fullchain: "{{ cerbot.cert_path_prefix }}/fullchain.pem" - cert_path_privkey: "{{ cerbot.cert_path_prefix }}/privkey.pem" + +cert: + path_prefix: "/etc/letsencrypt/live/{{ cerbot.certname }}" + #path_cert: "{{ path_prefix }}/cert.pem" + #path_chain: "{{ path_prefix }}/chain.pem" + path_fullchain: "{{ path_prefix }}/fullchain.pem" + path_privkey: "{{ path_prefix }}/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index e312caa..2173961 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -47,8 +47,8 @@ virtual_transport = lmtp:unix:private/dovecot-lmtp # TLS for reception smtpd_use_tls = yes smtpd_tls_security_level = may -smtpd_tls_cert_file = {{ certbot.cert_path_fullchain }} -smtpd_tls_key_file = {{ certbot.cert_path_privkey }} +smtpd_tls_cert_file = {{ cert.path_fullchain }} +smtpd_tls_key_file = {{ cert.path_privkey }} smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o-service/tasks/main.yml index 68e963c..1f7902d 100644 --- a/roles/re2o-service/tasks/main.yml +++ b/roles/re2o-service/tasks/main.yml @@ -12,6 +12,11 @@ retries: 3 until: apt_result is succeeded +- name: "Create the local user {{ service_user }}" + user: + create_home: false + name: "{{ service_user }}" + - name: "Clone re2o {{ service_name }} project" git: repo: "{{ service_repo }}" -- 2.45.2 From a2fbe9b1e6a09de4051294dc80ae21d1e3514ce5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:05:26 +0100 Subject: [PATCH 140/149] Post renewal hook for certbot to reload dovecot and postfix --- .../renewal-hooks/reload-mail-services.sh.j2 | 6 ++++++ roles/mail_certificates/tasks/main.yml | 13 +++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 new file mode 100644 index 0000000..094fc7b --- /dev/null +++ b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/sh +{{ ansible_manged | comment }} +# Reload Postcot and Dovecot after certificates are (re)generated + +systemctl reload postfix +systemctl reload dovecot diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 2a4e30f..2ad6314 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -22,3 +22,16 @@ dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini" mode: 0644 notify: Generate certificates + +- name: Make sure let's encrypt renewal-hooks exists + file: + path: /etc/letsencrypt/renewal-hooks/deploy + state: directory + +- name: Reload Postfix and Dovecot after certificate renewal + template: + src: letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 + dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh + mode: 0755 + +# TODO: add motd -- 2.45.2 From 402b2034891658ac15157b7836b34346bacbbec3 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:07:36 +0100 Subject: [PATCH 141/149] move files to the right place and fix small typo --- .../renewal-hooks/deploy/reload-mail-services.sh.j2 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 b/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 new file mode 100644 index 0000000..87b217f --- /dev/null +++ b/roles/mail_certificates/templates/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/sh +{{ ansible_managed | comment }} +# Reload Postcot and Dovecot after certificates are (re)generated + +systemctl reload postfix +systemctl reload dovecot -- 2.45.2 From 5dcb7eb0d16a034106ae76d1215407d3a39695bf Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 00:09:12 +0100 Subject: [PATCH 142/149] Remove file since I did not git mv correclty... --- .../letsencrypt/renewal-hooks/reload-mail-services.sh.j2 | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 diff --git a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 deleted file mode 100644 index 094fc7b..0000000 --- a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -{{ ansible_manged | comment }} -# Reload Postcot and Dovecot after certificates are (re)generated - -systemctl reload postfix -systemctl reload dovecot -- 2.45.2 From 18ca5b48058e3dad35c70a7e716d24b942fd38c2 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:17:58 +0100 Subject: [PATCH 143/149] Fix postfix cert variables --- host_vars/mail.auro.re.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index 7ff5f11..e369fa0 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -7,11 +7,10 @@ certbot: certname: auro.re cert: - path_prefix: "/etc/letsencrypt/live/{{ cerbot.certname }}" - #path_cert: "{{ path_prefix }}/cert.pem" - #path_chain: "{{ path_prefix }}/chain.pem" - path_fullchain: "{{ path_prefix }}/fullchain.pem" - path_privkey: "{{ path_prefix }}/privkey.pem" + #path_cert: "/etc/letsencrypt/live/auro.re/cert.pem" + #path_chain: "/etc/letsencrypt/live/auro.re/chain.pem" + path_fullchain: "/etc/letsencrypt/live/auro.re/fullchain.pem" + path_privkey: "/etc/letsencrypt/live/auro.re/privkey.pem" nfs: src: "10.128.0.6:/data_mail" # caradoc -- 2.45.2 From 11d5d19bb691a8784795bc0b8eb607bba36260a7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:35:46 +0100 Subject: [PATCH 144/149] Add postfix quota check --- roles/postfix/templates/main.cf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index 2173961..27f243c 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -64,3 +64,7 @@ smtp_tls_CApath = /etc/ssl/certs/ smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache smtp_tls_session_cache_database=btree:/var/lib/postfix/smtp_tls_session_cache +# Reject mail if user if overquota +smtpd_recipient_restrictions = + reject_unauth_destination + check_policy_service unix:private/quota-status -- 2.45.2 From 4cd6a2d2c55a9aa511560539831847dafe962370 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Fri, 5 Feb 2021 01:50:56 +0100 Subject: [PATCH 145/149] Correct typo, this one was sneaky! --- roles/dovecot/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 24e1b01..2b8e320 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -58,7 +58,7 @@ - name: Add Dovecot configuration outside of conf.d template: src: "dovecot-ldap.conf.ext.j2" - dest: "/etc/dovecot/dovecot-ldap-conf.ext" + dest: "/etc/dovecot/dovecot-ldap.conf.ext" mode: 0600 # only legible by root owner: root group: root -- 2.45.2 From 6dae04fe62afd2fd8d628e31c837a974b693fb7b Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 20 Feb 2021 14:14:25 +0100 Subject: [PATCH 146/149] :rotating_light: fix trailling spaces and space in front of comment --- host_vars/mail.auro.re.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/host_vars/mail.auro.re.yml b/host_vars/mail.auro.re.yml index e369fa0..0c32ac1 100644 --- a/host_vars/mail.auro.re.yml +++ b/host_vars/mail.auro.re.yml @@ -5,10 +5,10 @@ certbot: - smtp.auro.re mail: tech.aurore@lists.crans.org certname: auro.re - + cert: - #path_cert: "/etc/letsencrypt/live/auro.re/cert.pem" - #path_chain: "/etc/letsencrypt/live/auro.re/chain.pem" + # path_cert: "/etc/letsencrypt/live/auro.re/cert.pem" + # path_chain: "/etc/letsencrypt/live/auro.re/chain.pem" path_fullchain: "/etc/letsencrypt/live/auro.re/fullchain.pem" path_privkey: "/etc/letsencrypt/live/auro.re/privkey.pem" -- 2.45.2 From 6958bbf17a92ef41c2102630b2f11c682347de1c Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 20 Feb 2021 14:15:30 +0100 Subject: [PATCH 147/149] :rotating_light: fix risky-file-permission --- roles/mail_certificates/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 2ad6314..761fa44 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -27,6 +27,7 @@ file: path: /etc/letsencrypt/renewal-hooks/deploy state: directory + mode: 0755 - name: Reload Postfix and Dovecot after certificate renewal template: -- 2.45.2 From 5d8874b489d005707c2d69336e409c29902deda9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 20 Feb 2021 14:17:07 +0100 Subject: [PATCH 148/149] :rotating_light: fix trailling-spaces --- roles/mail_certificates/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml index 761fa44..c28bc8b 100644 --- a/roles/mail_certificates/tasks/main.yml +++ b/roles/mail_certificates/tasks/main.yml @@ -35,4 +35,4 @@ dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh mode: 0755 -# TODO: add motd +# TODO: add motd -- 2.45.2 From 0283c0c58952c9fabd820772d2f5dfb162d4083a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Sat, 20 Feb 2021 14:18:09 +0100 Subject: [PATCH 149/149] :rotating_light: fix risky-file-permissions --- roles/re2o_service_mailserver/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/re2o_service_mailserver/tasks/main.yml b/roles/re2o_service_mailserver/tasks/main.yml index cc2cce5..b1cc94e 100644 --- a/roles/re2o_service_mailserver/tasks/main.yml +++ b/roles/re2o_service_mailserver/tasks/main.yml @@ -13,3 +13,4 @@ template: src: cron.d/re2o-services-mail-server.j2 dest: /etc/cron.d/re2o-services-mail-server + mode: 0755 -- 2.45.2