fix: use start tls for internal smtp

do this by adding a new non transparent port forward and connect via this port
and the normal mail.atlantishq.de address

also always copy the passwd file for dovecot

group_vars/all.yaml

@@ -7,7 +7,8 @@ nsca_password: HISTORY_PURGED_SECRET
 RSYSLOG_SERVER: internal.monitoring.atlantishq.de
 influxdb_telegraf_password: HISTORY_PURGED_SECRET
 
-smtp_internal_host: 192.168.122.101
+smtp_internal_host: mail.atlantishq.de
+smtp_internal_host_port: 8025
 smtp_service_user: noreply
 smtp_service_pass: HISTORY_PURGED_SECRET
 

roles/mail/tasks/main.yaml

@@ -78,3 +78,11 @@
     src: nginx_default.conf
     dest: /etc/nginx/sites-available/default
   notify: restart nginx
+
+- name: Deploy user passwd config
+  copy:
+    src: dovecot_passwd
+    dest: /var/dovecot/auth/passwd
+    owner: dovecot
+    group: dovecot
+  notify: restart dovecot

roles/usermanagement/tasks/keycloak.yaml

@@ -83,13 +83,13 @@
     smtpServer :
         password : "{{ smtp_service_pass }}"
         replyToDisplayName: ""
-        starttls: "false"
+        starttls: "true"
         auth: "true"
         replyTo: ""
         envelopeFrom: ""
         from: "{{ smtp_service_user }}@atlantishq.de"
         fromDisplayName: ""
         host: "{{ smtp_internal_host }}"
-        port: "25"
+        port: "{{ smtp_internal_host_port }}"
         ssl: "false"
         user: "{{ smtp_service_user }}"