Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
56865f8c
Commit
56865f8c
authored
Dec 20, 2020
by
Kristian Klausen
🎉
Browse files
Migrate all services to use implicit TLS for SMTP Submission
parent
32e53cac
Changes
4
Hide whitespace changes
Inline
Side-by-side
roles/gitlab/tasks/main.yml
View file @
56865f8c
...
...
@@ -48,11 +48,11 @@
gitlab_rails['initial_root_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'mail.archlinux.org'
gitlab_rails['smtp_port'] =
587
gitlab_rails['smtp_port'] =
465
gitlab_rails['smtp_user_name'] = 'gitlab'
gitlab_rails['smtp_password'] = "{{ vault_gitlab_root_password }}"
gitlab_rails['smtp_domain'] = 'gitlab.archlinux.org'
gitlab_rails['smtp_
enable_starttls_auto
'] = true
gitlab_rails['smtp_
tls
'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@archlinux.org'
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
...
...
roles/postfix/templates/main.cf.j2
View file @
56865f8c
...
...
@@ -139,7 +139,8 @@ smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please
{% if postfix_relayhost %}
# relay all outbound mail via {{postfix_relayhost}}
# the square brackets prevents postfix from trying to lookup mx records
relayhost = [{{postfix_relayhost}}]:587
relayhost = [{{postfix_relayhost}}]:465
smtp_tls_wrappermode = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = ${indexed}/relay_passwords
# allow plaintext authentication only over tls secured connections
...
...
roles/prometheus/templates/alertmanager.yml.j2
View file @
56865f8c
global:
resolve_timeout: 5m
smtp_smarthost: 'mail.archlinux.org:
587
'
smtp_smarthost: 'mail.archlinux.org:
465
'
smtp_from: 'alertmanager@archlinux.org'
smtp_require_tls:
tru
e
smtp_require_tls:
fals
e
smtp_auth_username: alertmanager
smtp_auth_password: {{ vault_monitoring_alertmanager_smtp_pass }}
...
...
tf-stage2/keycloak.tf
View file @
56865f8c
...
...
@@ -76,10 +76,10 @@ resource "keycloak_realm" "archlinux" {
smtp_server
{
host
=
"mail.archlinux.org"
from
=
"accounts@archlinux.org"
port
=
"
587
"
port
=
"
465
"
from_display_name
=
"Arch Linux Accounts"
ssl
=
fals
e
starttls
=
tru
e
ssl
=
tru
e
starttls
=
fals
e
auth
{
username
=
data
.
external
.
vault_keycloak
.
result
.
vault_keycloak_smtp_user
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment