Merge branch 'mail.archlinux.org' into 'master'

Add mail.archlinux.org playbook See merge request archlinux/infrastructure!112

Merge branch 'mail.archlinux.org' into 'master'
Add mail.archlinux.org playbook See merge request archlinux/infrastructure!112
ee8ae38b · Jelle van der Waa · dd714355 · e38f4a57 · ee8ae38b · ee8ae38b
Commit ee8ae38b authored Oct 24, 2020 by Jelle van der Waa 🚧
--- a/host_vars/mail.archlinux.org/misc
+++ b/host_vars/mail.archlinux.org/misc
+filesystem: btrfs
+
+mail_domain: "mail.archlinux.org"
+
+fail2ban_jails:
+  sshd: true
+  postfix: true
+  dovecot: true
+
+ipv4_address: "95.216.189.61"
+ipv6_address: "2a01:4f9:c010:3052::1"
--- a/host_vars/mail.archlinux.org/wiki-bouncehandler
+++ b/host_vars/mail.archlinux.org/wiki-bouncehandler
+$ANSIBLE_VAULT;1.1;AES256
+39396466326266613063333338356431653461636562643535363038613865343230303430363564
+3632646531646565336366396635353834633939316237610a343933366465663939303930376339
+37363636363531323866653962353335613366333137343737316639323661636363633364346138
+6462666365626134660a313632636537663137386437343662383335616665393561356165613333
+38353364356238386364303065343333636463333234326234643332343137373639366130656335
+64633533363034303664633435653937633566303537666164306130383738386235633232623965
+38663164633230613432356266313135383838343331326534353365656432376463313366356231
+61656338623134636265356561313630353935633037306430376430383034313631303538336637
+33623733376363366336373337366663356434303931313132356164643334363630333834313665
+32356336643436653763346333326432616438313530316530353937306237376563313032373333
+34353763396166636161633036343935356334353335623034383238316532663930613864623335
+61666165376662633934336232633634643961363064356566626235653530643261643039336436
+62616438376161643930613063323739393237383563646630373430373734386430353933353433
+35646463633034613166623233623164363638636533623037303465346239623962343337646665
+31363065306539383066386362613635346431333135326461636136336232643030336464613430
+35376537386236353236
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -29,7 +29,7 @@
    - { role: nginx }
    - { role: spampd, tags: ["mail"] }
    - { role: unbound, tags: ["mail"] }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail"] }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org", postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail"] }
    - { role: opendkim, dkim_selector: apollo, tags: ['mail'] }
    - { role: postfwd, tags: ['mail'] }
    - role: postgres

--- a/playbooks/aur-dev.archlinux.org.yml
+++ b/playbooks/aur-dev.archlinux.org.yml
@@ -16,7 +16,7 @@
    - { role: memcached }
    - { role: uwsgi }
    - { role: borg_client, tags: ["borg"] }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org" }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - { role: fail2ban }
    - { role: aurweb, aurweb_domain: 'aur-dev.archlinux.org', aurweb_version: 'pu' }
    - { role: prometheus_exporters }
--- a/playbooks/aur.archlinux.org.yml
+++ b/playbooks/aur.archlinux.org.yml
@@ -17,6 +17,6 @@
    - { role: memcached }
    - { role: uwsgi }
    - { role: borg_client, tags: ["borg"] }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org" }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - { role: fail2ban }
    - { role: aurweb }
--- a/playbooks/bbs.archlinux.org.yml
+++ b/playbooks/bbs.archlinux.org.yml
@@ -15,5 +15,5 @@
    - { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
    - { role: fluxbb }
    - { role: borg_client, tags: ["borg"] }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org" }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - { role: fail2ban }
--- a/playbooks/bugs.archlinux.org.yml
+++ b/playbooks/bugs.archlinux.org.yml
@@ -15,5 +15,5 @@
    - { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
    - { role: flyspray }
    - { role: borg_client, tags: ["borg"] }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org" }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - { role: fail2ban }
--- a/playbooks/gemini.archlinux.org.yml
+++ b/playbooks/gemini.archlinux.org.yml
@@ -20,6 +20,6 @@
    - { role: archweb, archweb_site: false, archweb_services: true, archweb_mirrorcheck_locations: [5, 6] }
    - { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources" }
    - { role: archive }
-    - { role: postfix, postfix_relayhost: "orion.archlinux.org" }
+    - { role: postfix, postfix_relayhost: "mail.archlinux.org" }
    - { role: fail2ban }
    - sogrep
--- a/playbooks/mail.archlinux.org.yml
+++ b/playbooks/mail.archlinux.org.yml
+- name: setup mail.archlinux.org
+  hosts: mail.archlinux.org
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: tools }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: borg_client, tags: ['borg'] }
+    - { role: certbot }
+    - { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
+    - { role: dovecot }
+    - { role: spampd, tags: ["mail"] }
+    - { role: unbound, tags: ["mail"] }
+    - { role: postfwd, tags: ['mail'] }
+    - { role: archusers }
+    - { role: fail2ban }
+    - { role: opendkim, dkim_selector: mail, tags: ['mail'] }
--- a/playbooks/matrix.archlinux.org.yml
+++ b/playbooks/matrix.archlinux.org.yml
@@ -19,6 +19,6 @@
      postgres_maintenance_work_mem: 1GB
      postgres_effective_cache_size: 3GB
    - role: postfix
-      postfix_relayhost: "orion.archlinux.org"
+      postfix_relayhost: "mail.archlinux.org"
    - { role: matrix }
    - { role: fail2ban }
--- a/roles/archwiki/templates/LocalSettings.php.j2
+++ b/roles/archwiki/templates/LocalSettings.php.j2
@@ -39,7 +39,7 @@ $wgSMTP = array(
 #'password' => "my_password"       // Password to use for SMTP authentication (if being used)
 );

-$wgBounceHandlerInternalIPs = ["{{hostvars['orion.archlinux.org']['ipv4_address']}}", "{{hostvars['orion.archlinux.org']['ipv6_address']}}"];
+$wgBounceHandlerInternalIPs = ["{{hostvars['mail.archlinux.org']['ipv4_address']}}", "{{hostvars['mail.archlinux.org']['ipv6_address']}}"];

 # End of automatically generated settings.


--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -3,6 +3,10 @@
 - name: install dovecot
  pacman: name=dovecot,pigeonhole state=present

+# FIXME: check directory permissions
+- name: create dovecot configuration directory
+  file:  path=/etc/dovecot state=directory owner=root group=root mode=0755
+
 - name: create dhparam
  command: openssl dhparam -out /etc/dovecot/dh.pem 4096 creates=/etc/dovecot/dh.pem


--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -90,8 +90,8 @@
  notify:
    - postmap relay_passwords

- name: create user account on orion to relay with
-  delegate_to: orion.archlinux.org
+- name: create user account on mail to relay with
+  delegate_to: mail.archlinux.org
  when: postfix_relayhost | length > 0
  user:
    name: "{{ inventory_hostname_short }}"