From 80f6b89b3df2b697a82b99ccf3627f9d0c1e37a8 Mon Sep 17 00:00:00 2001 From: Sheppy Date: Thu, 6 Apr 2023 19:23:20 +0200 Subject: [PATCH] fix: use start tls for internal smtp do this by adding a new non transparent port forward and connect via this port and the normal mail.atlantishq.de address also always copy the passwd file for dovecot --- group_vars/all.yaml | 3 ++- roles/mail/tasks/main.yaml | 8 ++++++++ roles/usermanagement/tasks/keycloak.yaml | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 53e120c..9c78372 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -7,7 +7,8 @@ nsca_password: HISTORY_PURGED_SECRET RSYSLOG_SERVER: internal.monitoring.atlantishq.de influxdb_telegraf_password: HISTORY_PURGED_SECRET -smtp_internal_host: 192.168.122.101 +smtp_internal_host: mail.atlantishq.de +smtp_internal_host_port: 8025 smtp_service_user: noreply smtp_service_pass: HISTORY_PURGED_SECRET diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml index a582802..b257884 100644 --- a/roles/mail/tasks/main.yaml +++ b/roles/mail/tasks/main.yaml @@ -78,3 +78,11 @@ src: nginx_default.conf dest: /etc/nginx/sites-available/default notify: restart nginx + +- name: Deploy user passwd config + copy: + src: dovecot_passwd + dest: /var/dovecot/auth/passwd + owner: dovecot + group: dovecot + notify: restart dovecot diff --git a/roles/usermanagement/tasks/keycloak.yaml b/roles/usermanagement/tasks/keycloak.yaml index 672e9e1..f20ec27 100644 --- a/roles/usermanagement/tasks/keycloak.yaml +++ b/roles/usermanagement/tasks/keycloak.yaml @@ -83,13 +83,13 @@ smtpServer : password : "{{ smtp_service_pass }}" replyToDisplayName: "" - starttls: "false" + starttls: "true" auth: "true" replyTo: "" envelopeFrom: "" from: "{{ smtp_service_user }}@atlantishq.de" fromDisplayName: "" host: "{{ smtp_internal_host }}" - port: "25" + port: "{{ smtp_internal_host_port }}" ssl: "false" user: "{{ smtp_service_user }}"