summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-06-25 02:37:48 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:51:48 +0200
commit2a2333cdfb016bb884887f46fbcbfdce6e064d74 (patch)
treee85d7c802436e3c5615ee8eef2ca9c68cd5eb895
parente9e8ce2add2b7c020daa02228e506e7c02828c15 (diff)
Assume a DNS entry for each role.
E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
-rw-r--r--group_vars/all.yml20
-rw-r--r--roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf (renamed from roles/IMAP-proxy/templates/etc/dovecot/conf.d/20-imapc.conf.j2)2
-rw-r--r--roles/IMAP-proxy/files/etc/dovecot/conf.d/auth-imap.conf.ext (renamed from roles/IMAP-proxy/templates/etc/dovecot/conf.d/auth-imap.conf.ext.j2)2
-rw-r--r--roles/IMAP-proxy/tasks/main.yml16
-rw-r--r--roles/IMAP/templates/etc/amavis/conf.d/50-user.j24
-rw-r--r--roles/IMAP/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j28
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j26
-rw-r--r--roles/MX/templates/etc/postfix/virtual/list.cf.j22
-rw-r--r--roles/MX/templates/etc/postfix/virtual/mailbox.cf.j22
-rw-r--r--roles/MX/templates/etc/postfix/virtual/transport.j28
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j24
-rw-r--r--roles/common/templates/etc/ntp.conf.j22
-rw-r--r--roles/common/templates/etc/postfix/main.cf.j24
-rw-r--r--roles/lists/templates/etc/postfix/main.cf.j26
-rw-r--r--roles/webmail/templates/etc/postfix/main.cf.j26
-rw-r--r--roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j22
-rw-r--r--roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j22
18 files changed, 40 insertions, 58 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 0dee19d..351aa09 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -3,17 +3,9 @@ postfix_instance:
# The keys are the group names associated with a Postfix role, and the
# values are the name and group (optional) of the instance dedicated
# to that role.
- IMAP: { name: mda }
- MX: { name: mx, group: mta }
- MTA-out: { name: mta-out,group: mta }
- MSA: { name: msa }
- webmail: { name: webmail }
- lists: { name: lists }
-
-MTA_out: { host: outgoing.fripost.org, port: 2525 }
-LDA: { host: lda.fripost.org, port: 2526 }
-lists: { host: lists.fripost.org, port: 2527 }
-
-LDAP_provider: host1.libvirt.guilhem.org
-NTP_master: host1.libvirt.guilhem.org
-IMAP: host1.libvirt.guilhem.org
+ IMAP: { name: mda, port: 2526 }
+ MX: { name: mx, group: mta }
+ MTA-out: { name: mta-out,group: mta, port: 2525 }
+ MSA: { name: msa }
+ webmail: { name: webmail }
+ lists: { name: lists, port: 2527 }
diff --git a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/20-imapc.conf.j2 b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf
index a6b70c6..47785a4 100644
--- a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/20-imapc.conf.j2
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/20-imapc.conf
@@ -4,7 +4,7 @@
# http://wiki2.dovecot.org/HowTo/ImapcProxy
# http://wiki2.dovecot.org/Migration/Dsync
-imapc_host = {{ IMAP }}
+imapc_host = imap.fripost.org
imapc_port = 143
imapc_user = %u
diff --git a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/auth-imap.conf.ext.j2 b/roles/IMAP-proxy/files/etc/dovecot/conf.d/auth-imap.conf.ext
index 5e2b28c..7478889 100644
--- a/roles/IMAP-proxy/templates/etc/dovecot/conf.d/auth-imap.conf.ext.j2
+++ b/roles/IMAP-proxy/files/etc/dovecot/conf.d/auth-imap.conf.ext
@@ -4,7 +4,7 @@
passdb {
driver = imap
- args = host={{ IMAP }} port=143
+ args = host=imap.fripost.org port=143
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
}
diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml
index c630cfd..f76ee72 100644
--- a/roles/IMAP-proxy/tasks/main.yml
+++ b/roles/IMAP-proxy/tasks/main.yml
@@ -17,28 +17,18 @@
owner=imapproxy group=imapproxy
mode=0700
-- name: Configure Dovecot (1)
+- name: Configure Dovecot
copy: src=etc/dovecot/conf.d/{{ item }}
dest=/etc/dovecot/conf.d/{{ item }}
owner=root group=root
mode=0644
- register: r1
+ register: r
with_items:
- 10-auth.conf
- 10-logging.conf
- 10-mail.conf
- 10-master.conf
- 15-mailboxes.conf
- notify:
- - Restart Dovecot
-
-- name: Configure Dovecot (2)
- template: src=etc/dovecot/conf.d/{{ item }}.j2
- dest=/etc/dovecot/conf.d/{{ item }}
- owner=root group=root
- mode=0644
- register: r2
- with_items:
- 20-imapc.conf
- auth-imap.conf.ext
notify:
@@ -46,6 +36,6 @@
- name: Start Dovecot
service: name=dovecot state=started
- when: not (r1.changed or r2.changed)
+ when: not r.changed
- meta: flush_handlers
diff --git a/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2 b/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2
index 00a82ce..503907e 100644
--- a/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2
+++ b/roles/IMAP/templates/etc/amavis/conf.d/50-user.j2
@@ -111,9 +111,9 @@ $inet_socket_port = 10041;
$interface_policy{'10041'} = 'INBOUND';
{% if 'MTA-out' in group_names %}
-$notify_method = 'smtp:[127.0.0.1]:{{ MTA_out.port }}';
+$notify_method = 'smtp:[127.0.0.1]:{{ postfix_instance["MTA-out"].port }}';
{% else %}
-$notify_method = 'smtp:[{{ MTA_out.host }}]:{{ MTA_out.port }}';
+$notify_method = 'smtp:[outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}';
{% endif %}
$forward_method = 'lmtp:/var/run/dovecot/lmtp';
$requeue_method = $forward_method;
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index d0421ce..46f64aa 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d
myorigin = /etc/mailname
myhostname = mda{{ imapno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
+mydomain = fripost.org
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the MDA.
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 88cb3be..b15b907 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -13,8 +13,8 @@ delay_warning_time = 4h
maximal_queue_lifetime = 5d
myorigin = /etc/mailname
-myhostname = smtp{{ mdano | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
+myhostname = smtp{{ msano | default('') }}.$mydomain
+mydomain = fripost.org
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the MSA.
@@ -43,9 +43,9 @@ recipient_delimiter = +
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
+relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
{% else %}
-relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
{% endif %}
relay_domains =
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 8bed701..e842537 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d
myorigin = /etc/mailname
myhostname = mx{{ mxno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
+mydomain = fripost.org
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the mail
@@ -44,9 +44,9 @@ recipient_delimiter = +
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
+relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
{% else %}
-relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
{% endif %}
relay_domains =
diff --git a/roles/MX/templates/etc/postfix/virtual/list.cf.j2 b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
index 6100c01..5988159 100644
--- a/roles/MX/templates/etc/postfix/virtual/list.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/list.cf.j2
@@ -8,4 +8,4 @@ query_filter = (&(objectClass=FripostVirtualList)(fvl=%u))
result_attribute = fvl
# Use a dedicated "virtual" domain to decongestion potential bottlenecks
# on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps.
-result_format = %D/%U@lists.guilhem.org
+result_format = %D/%U@lists.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2 b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
index fe27124..a108c0d 100644
--- a/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
+++ b/roles/MX/templates/etc/postfix/virtual/mailbox.cf.j2
@@ -8,4 +8,4 @@ query_filter = (&(objectClass=FripostVirtualUser)(fvl=%u))
result_attribute = fvl
# Use a dedicated "virtual" domain to decongestion potential bottlenecks
# on trivial_rewrite(8) due to slow LDAP lookups in tranport_maps.
-result_format = %D/%U@mda.guilhem.org
+result_format = %D/%U@mda.fripost.org
diff --git a/roles/MX/templates/etc/postfix/virtual/transport.j2 b/roles/MX/templates/etc/postfix/virtual/transport.j2
index 6d244dc..2250a71 100644
--- a/roles/MX/templates/etc/postfix/virtual/transport.j2
+++ b/roles/MX/templates/etc/postfix/virtual/transport.j2
@@ -1,13 +1,13 @@
reserved.locahost.localdomain reserved-alias:
{% if 'LDA' in group_names %}
-mda.guilhem.org smtpl:[127.0.0.1]:{{ LDA.port }}
+mda.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.IMAP.port }}
{% else %}
-mda.guilhem.org smtps:[{{ LDA.host }}]:{{ LDA.port }}
+mda.fripost.org smtps:[mda.fripost.org]:{{ postfix_instance.IMAP.port }}
{% endif %}
{% if 'lists' in group_names %}
-lists.guilhem.org smtpl:[127.0.0.1]:{{ lists.port }}
+lists.fripost.org smtpl:[127.0.0.1]:{{ postfix_instance.lists.port }}
{% else %}
-lists.guilhem.org smtps:[{{ lists.host }}]:{{ lists.port }}
+lists.fripost.org smtps:[lists.fripost.org]:{{ postfix_instance.lists.port }}
{% endif %}
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index 33ef108..cde9069 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -86,7 +86,7 @@ olcLimits: dn.exact="cn=lists-replicate,ou=services,o=mailHosting,dc=fripost,dc=
size.hard=unlimited
{% elif 'MX' in group_names %}
olcSyncrepl: rid=000
- provider=ldap://{{ LDAP_provider }}
+ provider=ldap://ldap.fripost.org
type=refreshAndPersist
retry="5 5 300 +"
searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org"
@@ -100,7 +100,7 @@ olcSyncrepl: rid=000
# XXX: mlmmj is not compatible with the MX, see
# http://mlmmj.org/bugs/bug.php?id=51
olcSyncrepl: rid=001
- provider=ldap://{{ LDAP_provider }}
+ provider=ldap://ldap.fripost.org
type=refreshAndPersist
retry="5 5 300 +"
searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org"
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2
index 2f70cef..96cc16c 100644
--- a/roles/common/templates/etc/ntp.conf.j2
+++ b/roles/common/templates/etc/ntp.conf.j2
@@ -24,7 +24,7 @@ server ntp2.sth.netnod.se iburst
{% else %}
# Sychronize to our (stratum 2) NTP server through IPSec, to ensure our
# network has a consistent time.
-server {{ NTP_master }} iburst
+server ntp.fripost.org iburst
{% endif %}
diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2
index 83f97b4..169ad40 100644
--- a/roles/common/templates/etc/postfix/main.cf.j2
+++ b/roles/common/templates/etc/postfix/main.cf.j2
@@ -35,9 +35,9 @@ smtp_generic_maps = pcre:$config_directory/generic.pcre
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
+relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
{% else %}
-relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
{% endif %}
relay_domains =
diff --git a/roles/lists/templates/etc/postfix/main.cf.j2 b/roles/lists/templates/etc/postfix/main.cf.j2
index 955b901..45e66aa 100644
--- a/roles/lists/templates/etc/postfix/main.cf.j2
+++ b/roles/lists/templates/etc/postfix/main.cf.j2
@@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d
myorigin = /etc/mailname
myhostname = lists{{ listsno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
+mydomain = fripost.org
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the list server.
@@ -48,9 +48,9 @@ recipient_delimiter = +
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
+relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
{% else %}
-relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
{% endif %}
relay_domains =
diff --git a/roles/webmail/templates/etc/postfix/main.cf.j2 b/roles/webmail/templates/etc/postfix/main.cf.j2
index 2ee2849..5d678a1 100644
--- a/roles/webmail/templates/etc/postfix/main.cf.j2
+++ b/roles/webmail/templates/etc/postfix/main.cf.j2
@@ -14,7 +14,7 @@ maximal_queue_lifetime = 5d
myorigin = /etc/mailname
myhostname = webmail{{ webmailno | default('') }}.$mydomain
-mydomain = {{ ansible_domain }}
+mydomain = fripost.org
append_dot_mydomain = no
# Turn off all TCP/IP listener ports except that necessary for the webmail.
@@ -43,9 +43,9 @@ recipient_delimiter = +
# Forward everything to our internal mailhub
{% if 'MTA-out' in group_names %}
-relayhost = [127.0.0.1]:{{ MTA_out.port }}
+relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
{% else %}
-relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
{% endif %}
relay_domains =
diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
index 27b5b44..c716ddc 100644
--- a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
+++ b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
@@ -9,7 +9,7 @@ $rcmail_config['managesieve_port'] = 4190;
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
-$rcmail_config['managesieve_host'] = '{{ IMAP }}';
+$rcmail_config['managesieve_host'] = 'imap.fripost.org';
// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
index 35c73f9..a661909 100644
--- a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
+++ b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
@@ -28,7 +28,7 @@ $rcmail_config['password_log'] = false;
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
-$rcmail_config['password_ldap_host'] = '{{ LDAP_provider }}';
+$rcmail_config['password_ldap_host'] = 'ldap.fripost.org';
// LDAP server port to connect to
// Default: '389'