Commit ee8ae38b authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Merge branch 'mail.archlinux.org' into 'master'

Add mail.archlinux.org playbook

See merge request archlinux/infrastructure!112
parents dd714355 e38f4a57
Pipeline #2412 passed with stage
in 46 seconds
filesystem: btrfs
mail_domain: "mail.archlinux.org"
fail2ban_jails:
sshd: true
postfix: true
dovecot: true
ipv4_address: "95.216.189.61"
ipv6_address: "2a01:4f9:c010:3052::1"
$ANSIBLE_VAULT;1.1;AES256
39396466326266613063333338356431653461636562643535363038613865343230303430363564
3632646531646565336366396635353834633939316237610a343933366465663939303930376339
37363636363531323866653962353335613366333137343737316639323661636363633364346138
6462666365626134660a313632636537663137386437343662383335616665393561356165613333
38353364356238386364303065343333636463333234326234643332343137373639366130656335
64633533363034303664633435653937633566303537666164306130383738386235633232623965
38663164633230613432356266313135383838343331326534353365656432376463313366356231
61656338623134636265356561313630353935633037306430376430383034313631303538336637
33623733376363366336373337366663356434303931313132356164643334363630333834313665
32356336643436653763346333326432616438313530316530353937306237376563313032373333
34353763396166636161633036343935356334353335623034383238316532663930613864623335
61666165376662633934336232633634643961363064356566626235653530643261643039336436
62616438376161643930613063323739393237383563646630373430373734386430353933353433
35646463633034613166623233623164363638636533623037303465346239623962343337646665
31363065306539383066386362613635346431333135326461636136336232643030336464613430
35376537386236353236
......@@ -29,7 +29,7 @@
- { role: nginx }
- { role: spampd, tags: ["mail"] }
- { role: unbound, tags: ["mail"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail"] }
- { role: postfix, postfix_relayhost: "mail.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail"] }
- { role: opendkim, dkim_selector: apollo, tags: ['mail'] }
- { role: postfwd, tags: ['mail'] }
- role: postgres
......
......@@ -16,7 +16,7 @@
- { role: memcached }
- { role: uwsgi }
- { role: borg_client, tags: ["borg"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org" }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fail2ban }
- { role: aurweb, aurweb_domain: 'aur-dev.archlinux.org', aurweb_version: 'pu' }
- { role: prometheus_exporters }
......@@ -17,6 +17,6 @@
- { role: memcached }
- { role: uwsgi }
- { role: borg_client, tags: ["borg"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org" }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fail2ban }
- { role: aurweb }
......@@ -15,5 +15,5 @@
- { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
- { role: fluxbb }
- { role: borg_client, tags: ["borg"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org" }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fail2ban }
......@@ -15,5 +15,5 @@
- { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
- { role: flyspray }
- { role: borg_client, tags: ["borg"] }
- { role: postfix, postfix_relayhost: "orion.archlinux.org" }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fail2ban }
......@@ -20,6 +20,6 @@
- { role: archweb, archweb_site: false, archweb_services: true, archweb_mirrorcheck_locations: [5, 6] }
- { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources" }
- { role: archive }
- { role: postfix, postfix_relayhost: "orion.archlinux.org" }
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
- { role: fail2ban }
- sogrep
- name: setup mail.archlinux.org
hosts: mail.archlinux.org
remote_user: root
roles:
- { role: common }
- { role: tools }
- { role: sshd }
- { role: root_ssh }
- { role: borg_client, tags: ['borg'] }
- { role: certbot }
- { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
- { role: dovecot }
- { role: spampd, tags: ["mail"] }
- { role: unbound, tags: ["mail"] }
- { role: postfwd, tags: ['mail'] }
- { role: archusers }
- { role: fail2ban }
- { role: opendkim, dkim_selector: mail, tags: ['mail'] }
......@@ -19,6 +19,6 @@
postgres_maintenance_work_mem: 1GB
postgres_effective_cache_size: 3GB
- role: postfix
postfix_relayhost: "orion.archlinux.org"
postfix_relayhost: "mail.archlinux.org"
- { role: matrix }
- { role: fail2ban }
......@@ -39,7 +39,7 @@ $wgSMTP = array(
#'password' => "my_password" // Password to use for SMTP authentication (if being used)
);
$wgBounceHandlerInternalIPs = ["{{hostvars['orion.archlinux.org']['ipv4_address']}}", "{{hostvars['orion.archlinux.org']['ipv6_address']}}"];
$wgBounceHandlerInternalIPs = ["{{hostvars['mail.archlinux.org']['ipv4_address']}}", "{{hostvars['mail.archlinux.org']['ipv6_address']}}"];
# End of automatically generated settings.
......
......@@ -3,6 +3,10 @@
- name: install dovecot
pacman: name=dovecot,pigeonhole state=present
# FIXME: check directory permissions
- name: create dovecot configuration directory
file: path=/etc/dovecot state=directory owner=root group=root mode=0755
- name: create dhparam
command: openssl dhparam -out /etc/dovecot/dh.pem 4096 creates=/etc/dovecot/dh.pem
......
......@@ -90,8 +90,8 @@
notify:
- postmap relay_passwords
- name: create user account on orion to relay with
delegate_to: orion.archlinux.org
- name: create user account on mail to relay with
delegate_to: mail.archlinux.org
when: postfix_relayhost | length > 0
user:
name: "{{ inventory_hostname_short }}"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment