Assume a DNS entry for each role.

E.g., ldap.fripost.org, ntp.fripost.org, etc.  (Ideally the DNS zone
would be provisioned by ansible, too.)  It's a bit unclear how to index
the subdomains (mx{1,2,3}, etc), though.

3 files changed, 5 insertions, 5 deletions

diff --git a/roles/webmail/templates/etc/postfix/main.cf.j2 b/roles/webmail/templates/etc/postfix/main.cf.j2
index 2ee2849..5d678a1 100644
--- a/roles/webmail/templates/etc/postfix/main.cf.j2
+++ b/roles/webmail/templates/etc/postfix/main.cf.j2
@@ -1,68 +1,68 @@
 ########################################################################
 # Webmail configuration
 #
 # {{ ansible_managed }}
 # Do NOT edit this file directly!
 
 smtpd_banner     = $myhostname ESMTP $mail_name (Debian/GNU)
 biff             = no
 readme_directory = no
 mail_owner       = postfix
 
 delay_warning_time     = 4h
 maximal_queue_lifetime = 5d
 
 myorigin            = /etc/mailname
 myhostname          = webmail{{ webmailno | default('') }}.$mydomain
-mydomain            = {{ ansible_domain }}
+mydomain            = fripost.org
 append_dot_mydomain = no
 
 # Turn off all TCP/IP listener ports except that necessary for the webmail.
 master_service_disable = !127.0.0.1:2580.inet inet
 
 queue_directory       = /var/spool/postfix-{{ postfix_instance[inst].name }}
 data_directory        = /var/lib/postfix-{{ postfix_instance[inst].name }}
 multi_instance_group  = {{ postfix_instance[inst].group | default('') }}
 multi_instance_name   = postfix-{{ postfix_instance[inst].name }}
 multi_instance_enable = yes
 
 # This server is a nullclient 
 mynetworks_style = host
 inet_interfaces  = loopback-only
 inet_protocols   = all
 
 # No local delivery
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal mailhub
 {% if 'MTA-out' in group_names %}
-relayhost     = [127.0.0.1]:{{ MTA_out.port }}
+relayhost     = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }}
 {% else %}
-relayhost     = [{{ MTA_out.host }}]:{{ MTA_out.port }}
+relayhost     = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }}
 {% endif %}
 relay_domains =
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
 
 # Pass the mail to the antivirus
 #content_filter = amavisfeed:unix:public/amavisfeed-antivirus
 
 # Tunnel everything through IPSec
 smtp_tls_security_level  = none
 {% if 'MTA-out' in group_names %}
 smtp_bind_address        = 127.0.0.1
 {% else %}
 smtp_bind_address        = 172.16.0.1
 {% endif %}
diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
index 27b5b44..c716ddc 100644
--- a/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
+++ b/roles/webmail/templates/usr/share/roundcube/plugins/managesieve/config.inc.php.j2
@@ -1,32 +1,32 @@
 <?php
 
 // managesieve server port
 $rcmail_config['managesieve_port'] = 4190;
 
 // managesieve server address, default is localhost.
 // Replacement variables supported in host name:
 // %h - user's IMAP hostname
 // %n - http hostname ($_SERVER['SERVER_NAME'])
 // %d - domain (http hostname without the first part)
 // For example %n = mail.domain.tld, %d = domain.tld
-$rcmail_config['managesieve_host'] = '{{ IMAP }}';
+$rcmail_config['managesieve_host'] = 'imap.fripost.org';
 
 // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
 // or none. Optional, defaults to best method supported by server.
 $rcmail_config['managesieve_auth_type'] = 'PLAIN';
 
 // Optional managesieve authentication identifier to be used as authorization proxy.
 // Authenticate as a different user but act on behalf of the logged in user.
 // Works with PLAIN and DIGEST-MD5 auth.
 $rcmail_config['managesieve_auth_cid'] = null;
 
 // Optional managesieve authentication password to be used for imap_auth_cid
 $rcmail_config['managesieve_auth_pw'] = null;
 
 // use or not TLS for managesieve server connection
 // it's because I've problems with TLS and dovecot's managesieve plugin
 // and it's not needed on localhost
 $rcmail_config['managesieve_usetls'] = FALSE;
 
 // default contents of filters script (eg. default spam filter)
 $rcmail_config['managesieve_default'] = '/etc/dovecot/sieve/global';
diff --git a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2 b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
index 35c73f9..a661909 100644
--- a/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
+++ b/roles/webmail/templates/usr/share/roundcube/plugins/password/config.inc.php.j2
@@ -11,41 +11,41 @@ $rcmail_config['password_driver'] = 'ldap_simple';
 $rcmail_config['password_confirm_current'] = true;
 
 // Require the new password to be a certain length.
 // set to blank to allow passwords of any length
 $rcmail_config['password_minimum_length'] = 12;
 
 // Require the new password to contain a letter and punctuation character
 // Change to false to remove this check.
 $rcmail_config['password_require_nonalpha'] = false;
 
 // Enables logging of password changes into logs/password
 $rcmail_config['password_log'] = false;
 
 
 // LDAP and LDAP_SIMPLE Driver options
 // -----------------------------------
 // LDAP server name to connect to. 
 // You can provide one or several hosts in an array in which case the hosts are tried from left to right.
 // Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
 // Default: 'localhost'
-$rcmail_config['password_ldap_host'] = '{{ LDAP_provider }}';
+$rcmail_config['password_ldap_host'] = 'ldap.fripost.org';
 
 // LDAP server port to connect to
 // Default: '389'
 $rcmail_config['password_ldap_port'] = '389';
 
 // TLS is started after connecting
 // Using TLS for password modification is recommanded.
 // Default: false
 $rcmail_config['password_ldap_starttls'] = false;
 
 // LDAP version
 // Default: '3'
 $rcmail_config['password_ldap_version'] = '3';
 
 // LDAP base name (root directory)
 // Exemple: 'dc=exemple,dc=com'
 $rcmail_config['password_ldap_basedn'] = 'ou=virtual,o=mailHosting,dc=fripost,dc=org';
 
 // LDAP connection method
 // There is two connection method for changing a user's LDAP password.