diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-25 02:37:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:48 +0200 |
| commit | 2a2333cdfb016bb884887f46fbcbfdce6e064d74 (patch) | |
| tree | e85d7c802436e3c5615ee8eef2ca9c68cd5eb895 | |
| parent | e9e8ce2add2b7c020daa02228e506e7c02828c15 (diff) | |
Assume a DNS entry for each role.
E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone
would be provisioned by ansible, too.) It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though.
18 files changed, 40 insertions, 58 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 0dee19d..351aa09 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -3,17 +3,9 @@ postfix_instance: # The keys are the group names associated with a Postfix role, and the # values are the name and group (optional) of the instance dedicated # to that role. - IMAP: { name: mda } - MX: { name: mx, group: mta } - MTA-out: { name: mta-out,group: mta } - MSA: { name: msa } - webmail: { name: webmail } - lists: { name: lists } - -MTA_out: { host: outgoing.fripost.org, port: 2525 } -LDA: { host: lda.fripost.org, port: 2526 } -lists: { host: lists.fripost.org, port: 2527 } - -LDAP_provider: host1.libvirt.guilhem.org -NTP_master: host1.libvirt.guilhem.org -IMAP: host1.libvirt.guilhem.org + IMAP: { name: mda, port: 2526 } + MX: { name: mx, group: mta } + MTA-out: { name: mta-out,group: mta, port: 2525 } + MSA: { name: msa } + webmail: { name: webmail } + lists: { name: lists, port: 2527 } diff --git a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/20-imapc.conf.j2 b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf index a6b70c6..47785a4 100644 --- a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/20-imapc.conf.j2 +++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf @@ -4,7 +4,7 @@ # http://wiki2.dovecot.org/HowTo/ImapcProxy # http://wiki2.dovecot.org/Migration/Dsync -imapc_host = {{ IMAP }} +imapc_host = imap.fripost.org imapc_port = 143 imapc_user = %u diff --git a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/auth-imap.conf.ext.j2 b/roles/IMAP-proxy/files/etc/dovecot/conf.d/auth-imap.conf.ext index 5e2b28c..7478889 100644 --- a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/auth-imap.conf.ext.j2 +++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/auth-imap.conf.ext @@ -4,7 +4,7 @@ passdb { driver = imap - args = host={{ IMAP }} port=143 + args = host=imap.fripost.org port=143 default_fields = userdb_imapc_user=%u userdb_imapc_password=%w } diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml index c630cfd..f76ee72 100644 --- a/roles/IMAP-proxy/tasks/main.yml +++ b/roles/IMAP-proxy/tasks/main.yml @@ -17,28 +17,18 @@ owner=imapproxy group=imapproxy mode=0700 -- name: Configure Dovecot (1) +- name: Configure Dovecot copy: src=etc/dovecot/conf.d/{{ item }} dest=/etc/dovecot/conf.d/{{ item }} owner=root group=root mode=0644 - register: r1 + register: r with_items: - 10-auth.conf - 10-logging.conf - 10-mail.conf - 10-master.conf - 15-mailboxes.conf - notify: - - Restart Dovecot - -- name: Configure Dovecot (2) - template: src=etc/dovecot/conf.d/{{ item }}.j2 - dest=/etc/dovecot/conf.d/{{ item }} - owner=root group=root - mode=0644 - register: r2 - with_items: - 20-imapc.conf - auth-imap.conf.ext notify: @@ -46,6 +36,6 @@ - name: Start Dovecot service: name=dovecot state=started - when: not (r1.changed or r2.changed) + when: not r.changed - meta: flush_handlers diff --git a/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2 b/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2 index 00a82ce..503907e 100644 --- a/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2 +++ b/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2 @@ -111,9 +111,9 @@ $inet_socket_port = 10041; $interface_policy{'10041'} = 'INBOUND'; {% if 'MTA-out' in group_names %} -$notify_method = 'smtp:[127.0.0.1]:{{ MTA_out.port }}'; +$notify_method = 'smtp:[127.0.0.1]:{{ postfix_instance["MTA-out"].port }}'; {% else %} -$notify_method = 'smtp:[{{ MTA_out.host }}]:{{ MTA_out.port }}'; +$notify_method = 'smtp:[outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}'; {% endif %} $forward_method = 'lmtp:/var/run/dovecot/lmtp'; $requeue_method = $forward_method; diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2 index d0421ce..46f64aa 100644 --- a/roles/IMAP/templates/etc/postfix/main.cf.j2 +++ b/roles/IMAP/templates/etc/postfix/main.cf.j2 @@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = mda{{ imapno | default('') }}.$mydomain -mydomain = {{ ansible_domain }} +mydomain = fripost.org append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the MDA. diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2 index 88cb3be..b15b907 100644 --- a/roles/MSA/templates/etc/postfix/main.cf.j2 +++ b/roles/MSA/templates/etc/postfix/main.cf.j2 @@ -13,8 +13,8 @@ delay_warning_time = 4h maximal_queue_lifetime = 5d myorigin = /etc/mailname -myhostname = smtp{{ mdano | default('') }}.$mydomain -mydomain = {{ ansible_domain }} +myhostname = smtp{{ msano | default('') }}.$mydomain +mydomain = fripost.org append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the MSA. @@ -43,9 +43,9 @@ recipient_delimiter = + # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2 index 8bed701..e842537 100644 --- a/roles/MX/templates/etc/postfix/main.cf.j2 +++ b/roles/MX/templates/etc/postfix/main.cf.j2 @@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = mx{{ mxno | default('') }}.$mydomain -mydomain = {{ ansible_domain }} +mydomain = fripost.org append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the mail @@ -44,9 +44,9 @@ recipient_delimiter = + # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 index 6100c01..5988159 100644 --- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2 @@ -8,4 +8,4 @@ query_filter = (&(objectClass=FripostVirtualList)(fvl=%u)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. -result_format = %D/%U@lists.guilhem.org +result_format = %D/%U@lists.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 index fe27124..a108c0d 100644 --- a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 +++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 @@ -8,4 +8,4 @@ query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u)) result_attribute = fvl # Use a dedicated "virtual" domain to decongestion potential bottlenecks # on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps. -result_format = %D/%U@mda.guilhem.org +result_format = %D/%U@mda.fripost.org diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2 index 6d244dc..2250a71 100644 --- a/roles/MX/templates/etc/postfix/virtual/transport.j2 +++ b/roles/MX/templates/etc/postfix/virtual/transport.j2 @@ -1,13 +1,13 @@ reserved.locahost.localdomain reserved-alias: {% if 'LDA' in group_names %} -mda.guilhem.org smtpl:[127.0.0.1]:{{ LDA.port }} +mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }} {% else %} -mda.guilhem.org smtps:[{{ LDA.host }}]:{{ LDA.port }} +mda.fripost.org smtps:[mda.fripost.org]:{{ postfix_instance.IMAP.port }} {% endif %} {% if 'lists' in group_names %} -lists.guilhem.org smtpl:[127.0.0.1]:{{ lists.port }} +lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }} {% else %} -lists.guilhem.org smtps:[{{ lists.host }}]:{{ lists.port }} +lists.fripost.org smtps:[lists.fripost.org]:{{ postfix_instance.lists.port }} {% endif %} diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 index 33ef108..cde9069 100644 --- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 +++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 @@ -86,7 +86,7 @@ olcLimits: dn.exact="cn=lists-replicate,ou=services,o=mailHosting,dc=fripost,dc= size.hard=unlimited {% elif 'MX' in group_names %} olcSyncrepl: rid=000 - provider=ldap://{{ LDAP_provider }} + provider=ldap://ldap.fripost.org type=refreshAndPersist retry="5 5 300 +" searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org" @@ -100,7 +100,7 @@ olcSyncrepl: rid=000 # XXX: mlmmj is not compatible with the MX, see # http://mlmmj.org/bugs/bug.php?id=51 olcSyncrepl: rid=001 - provider=ldap://{{ LDAP_provider }} + provider=ldap://ldap.fripost.org type=refreshAndPersist retry="5 5 300 +" searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org" diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2 index 2f70cef..96cc16c 100644 --- a/roles/common/templates/etc/ntp.conf.j2 +++ b/roles/common/templates/etc/ntp.conf.j2 @@ -24,7 +24,7 @@ server ntp2.sth.netnod.se iburst {% else %} # Sychronize to our (stratum 2) NTP server through IPSec, to ensure our # network has a consistent time. -server {{ NTP_master }} iburst +server ntp.fripost.org iburst {% endif %} diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index 83f97b4..169ad40 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -35,9 +35,9 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2 index 955b901..45e66aa 100644 --- a/roles/lists/templates/etc/postfix/main.cf.j2 +++ b/roles/lists/templates/etc/postfix/main.cf.j2 @@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = lists{{ listsno | default('') }}.$mydomain -mydomain = {{ ansible_domain }} +mydomain = fripost.org append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the list server. @@ -48,9 +48,9 @@ recipient_delimiter = + # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = diff --git a/roles/webmail/templates/etc/postfix/main.cf.j2 b/roles/webmail/templates/etc/postfix/main.cf.j2 index 2ee2849..5d678a1 100644 --- a/roles/webmail/templates/etc/postfix/main.cf.j2 +++ b/roles/webmail/templates/etc/postfix/main.cf.j2 @@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d myorigin = /etc/mailname myhostname = webmail{{ webmailno | default('') }}.$mydomain -mydomain = {{ ansible_domain }} +mydomain = fripost.org append_dot_mydomain = no # Turn off all TCP/IP listener ports except that necessary for the webmail. @@ -43,9 +43,9 @@ recipient_delimiter = + # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 index 27b5b44..c716ddc 100644 --- a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 +++ b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 @@ -9,7 +9,7 @@ $rcmail_config['managesieve_port'] = 4190; // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld -$rcmail_config['managesieve_host'] = '{{ IMAP }}'; +$rcmail_config['managesieve_host'] = 'imap.fripost.org'; // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL // or none. Optional, defaults to best method supported by server. diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 index 35c73f9..a661909 100644 --- a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 +++ b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 @@ -28,7 +28,7 @@ $rcmail_config['password_log'] = false; // You can provide one or several hosts in an array in which case the hosts are tried from left to right. // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com'); // Default: 'localhost' -$rcmail_config['password_ldap_host'] = '{{ LDAP_provider }}'; +$rcmail_config['password_ldap_host'] = 'ldap.fripost.org'; // LDAP server port to connect to // Default: '389' |