summaryrefslogtreecommitdiffstats
path: root/group_vars/all.yml
blob: 97e202457fea31fc1427f1d672a75c3bb0635461 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
non_free_packages:
  civett:
    - firmware-linux-nonfree
  elefant:
    - firmware-linux-nonfree

# Virtual (non-routable) IPv4 subnet for IPsec.  It is always nullrouted
# in the absence of xfrm lookup (i.e., when there is no matching IPsec
# Security Association) to avoid data leaks.
ipsec_subnet: 172.16.0.0/24
ipsec:
  # Virtual (non-routable) addresses for IPsec.  They all need to be
  # distinct and belong to the above subnet 'ipsec_subnet'.
  antilop:  172.16.0.1
  benjamin: 172.16.0.2
  civett:   172.16.0.3
  elefant:  172.16.0.4
  giraff:   172.16.0.5
  mistral:  172.16.0.6


postfix_instance:
  # The keys are the group names associated with a Postfix role, and the
  # values are the name and group (optional) of the instance dedicated
  # to that role.
  # For internal services, we also specify its (non-routable) IP address
  # and port.
  # XXX it's unfortunate that we can only specify a single address, and
  #     therefore have to limit the number of outgoing SMTP proxy and
  #     IMAP server to one. Since hosts(5) files cannot map and IP
  #     address to multiple hostnames, a workaround would be to use
  #     round-robin DNS, but we can't rely on DNS as long as our zone is
  #     unsigned.
  IMAP:    { name: mda
           , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.IMAP[0]].inventory_hostname_short ], '127.0.0.1') }}"
           , port: 2526 }
  MX:      { name: mx,  group: mta, backup: mx3.fripost.org }
  out:     { name: out, group: mta
           , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.out[0]].inventory_hostname_short ], '127.0.0.1') }}"
           , port: 2525 }
  MSA:     { name: msa
           , port: 587 }
  lists:   { name: lists
           , addr: "{{ (groups.all | length > 1) | ternary( ipsec[ hostvars[groups.lists[0]].inventory_hostname_short ], '127.0.0.1') }}"
           , port: 2527 }

imapsvr_addr: "{{ postfix_instance.IMAP.addr | ipaddr }}"