pk/mail-server
1
0
Fork 0
mirror of https://github.com/pikami/mail-server.git synced 2025-02-17 09:45:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added ansible playbook for secondary MX server

Browse Source
This commit is contained in:
Pijus Kamandulis 2024-05-28 23:03:37 +03:00
parent fcfd816548
commit dd5869a62d
9 changed files with 62 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -13,7 +13,10 @@ Ansible is used for configuration. The playbooks use a `vars.yml` file for setti
ssh_public_key: "ssh-rsa AAAAB3...ak4EsUU=" ssh_public_key: "ssh-rsa AAAAB3...ak4EsUU="
mx1_domains: mx1_domains:
- mx1.pikami.org - mx1.pikami.org
mx1_mail_domain: "mx1.pikami.org" mx2_domains:
- mx2.pikami.org
mx1_mail_domain: mx1.pikami.org
mx2_mail_domain: mx2.pikami.org
mail_domains: mail_domains:
- pikami.net - pikami.net
- pikami.org - pikami.org
@ -36,6 +39,8 @@ all:
hosts: hosts:
mx1: mx1:
ansible_host: 51.158.215.227 ansible_host: 51.158.215.227
mx2:
ansible_host: 89.58.5.252
``` ```
## Environment setup ## Environment setup
@ -71,3 +76,4 @@ Current ansible playbooks:
- adds ssh public key - adds ssh public key
- 02-ssl.yml - generates ssl certificates and adds a renew cron job - 02-ssl.yml - generates ssl certificates and adds a renew cron job
- 03-mail.yml - installs and configures dovecot and opensmtpd - 03-mail.yml - installs and configures dovecot and opensmtpd
- 04-secondary-mail.yml - installs and configures opensmtpd as a backup mail receiver

4
ansible/01-initial_setup.yml
View File

@ -1,5 +1,7 @@
- name: Initial System Setup - name: Initial System Setup
hosts: mx1 hosts:
- mx1
- mx2
remote_user: root remote_user: root
become: true become: true
become_method: su become_method: su

10
ansible/02-ssl.yml
View File

@ -1,5 +1,7 @@
- name: SSL Setup - name: SSL Setup
hosts: mx1 hosts:
- mx1
- mx2
remote_user: root remote_user: root
vars_files: vars_files:
- vars.yml - vars.yml
@ -9,7 +11,7 @@
path: "/var/www/vhosts/{{ item }}" path: "/var/www/vhosts/{{ item }}"
state: directory state: directory
owner: www owner: www
with_items: "{{ mx1_domains }}" with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
- name: Install httpd.conf - name: Install httpd.conf
template: template:
@ -31,7 +33,7 @@
command: "/usr/sbin/acme-client {{ item }}" command: "/usr/sbin/acme-client {{ item }}"
args: args:
creates: "/etc/ssl/{{ item }}.fullchain.pem" creates: "/etc/ssl/{{ item }}.fullchain.pem"
with_items: "{{ mx1_domains }}" with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
notify: notify:
- reload httpd - reload httpd
@ -41,7 +43,7 @@
minute: "0" minute: "0"
job: "sleep $((RANDOM \\% 2048)) && acme-client {{ item }} && rcctl reload httpd" job: "sleep $((RANDOM \\% 2048)) && acme-client {{ item }} && rcctl reload httpd"
user: root user: root
with_items: "{{ mx1_domains }}" with_items: "{{ lookup('vars', inventory_hostname + '_domains') }}"
handlers: handlers:
- name: reload httpd - name: reload httpd

3
ansible/03-mail.yml
View File

@ -1,5 +1,6 @@
- name: OpenSMTPD Installation and Configuration - name: OpenSMTPD Installation and Configuration
hosts: mx1 hosts:
- mx1
remote_user: root remote_user: root
vars_files: vars_files:
- vars.yml - vars.yml

25
ansible/04-secondary-mail.yml Normal file
View File

@ -0,0 +1,25 @@
- name: Secondary MX OpenSMTPD Configuration
hosts:
- mx2
remote_user: root
vars_files:
- vars.yml
tasks:
- name: Configure OpenSMTPD smtpd.conf
template:
src: "templates/secondary-smtpd.conf"
dest: /etc/mail/smtpd.conf
notify:
- reload smtpd
- name: Enable and start OpenSMTPD service
service:
name: smtpd
enabled: yes
state: started
handlers:
- name: reload smtpd
service:
name: smtpd
state: restarted

2
ansible/templates/acme-client.conf
View File

@ -3,7 +3,7 @@ authority letsencrypt {
account key "/etc/acme/letsencrypt-privkey.pem" account key "/etc/acme/letsencrypt-privkey.pem"
} }
{% for domain in mx1_domains %} {% for domain in lookup('vars', inventory_hostname + '_domains') %}
domain "{{ domain }}" { domain "{{ domain }}" {
domain key "/etc/ssl/private/{{ domain }}.key" domain key "/etc/ssl/private/{{ domain }}.key"
domain full chain certificate "/etc/ssl/{{ domain }}.fullchain.pem" domain full chain certificate "/etc/ssl/{{ domain }}.fullchain.pem"

2
ansible/templates/httpd.conf
View File

@ -9,7 +9,7 @@ server "{{ inventory_hostname }}" {
} }
} }
{% for vhost in mx1_domains %} {% for vhost in lookup('vars', inventory_hostname + '_domains') %}
server "{{ vhost }}" { server "{{ vhost }}" {
listen on * tls port 443 listen on * tls port 443
tls { tls {

16
ansible/templates/secondary-smtpd.conf Normal file
View File

@ -0,0 +1,16 @@
{% set _mx_domain = lookup('vars', inventory_hostname + '_mail_domain') %}
pki {{ _mx_domain }} cert "/etc/ssl/{{ _mx_domain }}.fullchain.pem"
pki {{ _mx_domain }} key "/etc/ssl/private/{{ _mx_domain }}.key"
listen on all tls pki {{ _mx_domain }}
table aliases file:/etc/mail/aliases
action "local" mbox alias <aliases>
action "relay" relay host {{ mx1_mail_domain }}
{% for domain in mail_domains %}
match from any for domain {{ domain }} action "relay"
{% endfor %}
match from local for local action "local"
match from local for any action "relay"

1
ansible/templates/smtpd.conf
View File

@ -21,3 +21,4 @@ match from any for domain {{ domain }} action "local_mail"
{% endfor %} {% endfor %}
match from local for local action "local_mail" match from local for local action "local_mail"
match from local for any action "outbound" match from local for any action "outbound"
match auth from any for any action "outbound"