feat: backup + mail stuff

2025-12-06 17:31:36 +01:00 · 2023-01-09 21:26:06 +01:00
parent 753c3ae814
commit 31c56db27f
4 changed files with 200 additions and 0 deletions
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -11,6 +11,14 @@
  roles:
    - { role : web1, tags : [ "web1" ] }

+- hosts: mail
+  roles:
+    - { role : mail, tags : [ "mail" ] }
+
+- hosts: backup
+  roles:
+    - { role : backup, tags : [ "backup" ] }
+
 - hosts: kube1
  roles:
    - { role : docker-deployments, tags : [ "docker", "kube1" ] }
--- a/roles/mail/files/dovecot.conf
+++ b/roles/mail/files/dovecot.conf
@@ -0,0 +1,122 @@
+# Enable installed protocols
+!include_try /usr/share/dovecot/protocols.d/*.protocol
+
+# logs
+info_log_path = /var/dovecot/logs/dovecot_info.log
+log_path = /var/dovecot/logs/dovecot.log
+
+protocols = imap pop3 lmtp
+
+# We're using Maildir format
+mail_location = maildir:~/Maildir
+
+# If you're using POP3, you'll need this:
+pop3_uidl_format = %g
+
+# Authentication configuration:
+auth_verbose = yes
+auth_mechanisms = plain
+disable_plaintext_auth = no
+
+passdb {
+  driver = passwd-file
+  args = scheme=SHA512-CRYPT username_format=%n /var/dovecot/auth/passwd
+}
+userdb {
+  driver = passwd-file
+  args = username_format=%n /var/dovecot/auth/passwd
+}
+
+# Postmaster
+protocol lda {
+  postmaster_address = postmaster@example.com
+}
+
+# Quotas mus be defined like this in passwd userdb_quota_rule=*:storage=100M
+mail_plugins = $mail_plugins quota
+protocol imap {
+  mail_plugins = $mail_plugins imap_quota
+}
+plugin {
+  quota = maildir
+}
+## SSL settings
+# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+ssl = yes
+ssl_cert = </etc/letsencrypt/live/atlantishq.de/fullchain.pem
+ssl_key  = </etc/letsencrypt/live/atlantishq.de/privkey.pem
+ssl_min_protocol = TLSv1.1
+ssl_cipher_list = HIGH:!aNULL
+ssl_prefer_server_ciphers = yes
+
+default_login_user = dovenull
+default_internal_user = dovecot
+
+####### IMAP #######
+service imap-login {
+  inet_listener imaps {
+    port = 993
+    ssl = yes
+  }
+  inet_listener imap {
+    port = 0
+  }
+
+  service_count = 1
+  process_min_avail = 1
+  vsz_limit = 100M
+}
+
+protocol imap {
+  imap_client_workarounds = tb-extra-mailbox-sep
+}
+service imap {
+  vsz_limit = 100M
+  process_limit = 100
+}
+
+
+####### POP3 #######
+service pop3-login {
+  inet_listener pop3s {
+    port = 995
+    ssl = yes
+  }
+  inet_listener pop3 {
+    port = 0
+  }
+}
+service pop3 {
+  process_limit = 100
+}
+
+###### LMTP #######
+service lmtp {
+  unix_listener /var/spool/postfix/private/dovecot_lmtp_target {
+    mode = 0600
+    group = postfix
+    user = postfix
+  }
+}
+
+###### AUTH ######
+service auth {
+  unix_listener auth-userdb {
+    mode = 0600
+    group = postfix
+    user = postfix
+  }
+  # Postfix smtp-auth
+  unix_listener /var/spool/postfix/private/auth {
+    mode = 0600
+    group = postfix
+    user = postfix
+  }
+  user = dovecot
+}
+
+service auth-worker {
+  user = dovecot
+}
+
+first_valid_uid = 100
--- a/roles/mail/files/nginx_default.conf
+++ b/roles/mail/files/nginx_default.conf
@@ -0,0 +1,26 @@
+server {
+
+    server_name mail.atlantishq.de autoconfig.atlantishq.de autodiscover.atlantishq.de autoconfig.potaris.de;
+    listen 443 ssl;
+    listen 80;
+    listen [::]:443 ssl;
+
+    location /.well-known/acme-challenge/ {
+        auth_basic off;
+        alias /var/www/.well-known/acme-challenge/;
+    }
+
+    location /initdb {
+        allow 127.0.0.1;
+        deny all;
+    }
+
+    location /{
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_pass http://localhost:8080;
+    }
+
+}
--- a/roles/mail/tasks/main.yaml
+++ b/roles/mail/tasks/main.yaml
@@ -0,0 +1,44 @@
+- name: Install Mail stuff
+  apt:
+    pkg:
+      - postfix
+      - dovecot
+      - spamassassin
+      - nginx
+    state: present
+
+- name: Deploy Postfix config
+  file:
+    src: {{ item }}
+    dest: /etc/postfix/{{ item }}
+  with_items:
+    - dynamicmaps.cf
+    - enabled_senders
+    - main.cf
+    - master.cf
+    - relocated
+    - sender_blacklist
+    - tls_policy
+    - transport
+    - virtual
+  notify: restart postfix
+
+- name: Deploy Dovecot config
+  file:
+    src: {{ item }}
+    dest: /etc/dovecot/{{ item }}
+  with_items:
+    - dovecot.conf
+  notify: restart dovecot
+
+- name: Deploy nginx-config
+  file:
+    src: nginx.conf
+    dest: /etc/nginx/nginx.conf
+  notify: restart nginx
+
+- name: Deploy nginx-config (page)
+  file:
+    src: nginx_default.conf
+    dest: /etc/nginx/sites-available/default
+  notify: restart nginx