diff options
Diffstat (limited to 'roles/common')
| -rw-r--r-- | roles/common/templates/etc/ntp.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/postfix/main.cf.j2 | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2 index 2f70cef..96cc16c 100644 --- a/roles/common/templates/etc/ntp.conf.j2 +++ b/roles/common/templates/etc/ntp.conf.j2 @@ -7,41 +7,41 @@ driftfile /var/lib/ntp/ntp.drift #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). {% if 'NTP-master' in group_names %} # Use Stratum One Time Servers: # http://support.ntp.org/bin/view/Servers/StratumOneTimeServers server ntp1.sp.se iburst server ntp2.sp.se iburst server ntp2.gbg.netnod.se iburst server ntp1.sth.netnod.se iburst server ntp2.sth.netnod.se iburst {% else %} # Sychronize to our (stratum 2) NTP server through IPSec, to ensure our # network has a consistent time. -server {{ NTP_master }} iburst +server ntp.fripost.org iburst {% endif %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if diff --git a/roles/common/templates/etc/postfix/main.cf.j2 b/roles/common/templates/etc/postfix/main.cf.j2 index 83f97b4..169ad40 100644 --- a/roles/common/templates/etc/postfix/main.cf.j2 +++ b/roles/common/templates/etc/postfix/main.cf.j2 @@ -18,43 +18,43 @@ append_dot_mydomain = no mynetworks_style = host inet_interfaces = loopback-only inet_protocols = ipv4 # No local delivery mydestination = local_transport = error:5.1.1 Mailbox unavailable alias_maps = local_recipient_maps = # All aliases are virtual default_database_type = cdb virtual_alias_maps = cdb:/etc/aliases alias_database = $virtual_alias_maps # Transform local FQDN addresses to addresses routable on the internet smtp_generic_maps = pcre:$config_directory/generic.pcre # Forward everything to our internal mailhub {% if 'MTA-out' in group_names %} -relayhost = [127.0.0.1]:{{ MTA_out.port }} +relayhost = [127.0.0.1]:{{ postfix_instance["MTA-out"].port }} {% else %} -relayhost = [{{ MTA_out.host }}]:{{ MTA_out.port }} +relayhost = [outgoing.fripost.org]:{{ postfix_instance["MTA-out"].port }} {% endif %} relay_domains = # Tunnel everything through IPSec smtp_tls_security_level = none {% if 'MTA-out' in group_names %} smtp_bind_address = 127.0.0.1 {% else %} smtp_bind_address = 172.16.0.1 {% endif %} smtpd_tls_security_level = none # Turn off all TCP/IP listener ports except that dedicated to # samhain(8), which sadly cannot use pickup through the sendmail binary. master_service_disable = !127.0.0.1:16132.inet inet {% set multi_instance = False %} {%- for g in postfix_instance.keys() | sort -%} {%- if g in group_names -%} {%- if not multi_instance -%} |