diff --git a/roles/mail/files/opendkim/trusted.hosts b/roles/mail/files/opendkim/trusted.hosts index c41ec31..b89d223 100644 --- a/roles/mail/files/opendkim/trusted.hosts +++ b/roles/mail/files/opendkim/trusted.hosts @@ -2,3 +2,4 @@ localhost atlantishq.de 192.168.122.112 +192.168.122.107 diff --git a/roles/mail/files/policy-spf/policyd-spf.conf b/roles/mail/files/policy-spf/policyd-spf.conf index 90f0b52..2f86dbd 100644 --- a/roles/mail/files/policy-spf/policyd-spf.conf +++ b/roles/mail/files/policy-spf/policyd-spf.conf @@ -12,5 +12,5 @@ Mail_From_reject = False PermError_reject = False TempError_Defer = False -skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,192.168.122.112 +skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,192.168.122.112,192.168.122.107 diff --git a/roles/monitoring-master/tasks/icinga.yaml b/roles/monitoring-master/tasks/icinga.yaml index 2287332..c1477ff 100644 --- a/roles/monitoring-master/tasks/icinga.yaml +++ b/roles/monitoring-master/tasks/icinga.yaml @@ -90,6 +90,18 @@ notify: - restart icinga +- name: Template icinga configuration + template: + src: "{{ item }}" + dest: /etc/icinga2/conf.d/ + owner: root + group: nagios + mode: 0640 + with_items: + - mail_notifications.conf + notify: + - restart icinga + - name: Change icinga log level lineinfile: path: /etc/icinga2/features-enabled/mainlog.conf diff --git a/roles/monitoring-master/tasks/icinga_postfix.yaml b/roles/monitoring-master/tasks/icinga_postfix.yaml new file mode 100644 index 0000000..4c6a33c --- /dev/null +++ b/roles/monitoring-master/tasks/icinga_postfix.yaml @@ -0,0 +1,11 @@ +- name: install postfix + apt: + pkg: + - postfix + +- name: copy postfix config + template: + src: postfix_main.cf + dest: /etc/postfix/main.cf + notify: + - restart postfix diff --git a/roles/monitoring-master/tasks/main.yaml b/roles/monitoring-master/tasks/main.yaml index f5817e7..c1a5a83 100644 --- a/roles/monitoring-master/tasks/main.yaml +++ b/roles/monitoring-master/tasks/main.yaml @@ -5,6 +5,13 @@ - icinga - monitoring-master +- name: Postfix/Mail for icinga + include: icinga_postfix.yaml + when: monitoring_master + tags: + - icinga + - monitoring-master + - name: Grafana.yaml include: icinga.yaml when: monitoring_master diff --git a/roles/monitoring-master/templates/mail_notifications.conf b/roles/monitoring-master/templates/mail_notifications.conf new file mode 100644 index 0000000..5df19b9 --- /dev/null +++ b/roles/monitoring-master/templates/mail_notifications.conf @@ -0,0 +1,25 @@ +apply Notification "mail-icingaadmin" to Host { + import "mail-host-notification" + + user_groups = host.vars.notification.mail.groups + users = host.vars.notification.mail.users + + interval = 2h + + vars.notification_logtosyslog = true + vars.notification_from = "Icinga <{{ smtp_service_user }}@atlantishq.de>" + + assign where host.vars.notification.mail +} + +apply Notification "mail-icingaadmin" to Service { + import "mail-service-notification" + + user_groups = host.vars.notification.mail.groups + users = host.vars.notification.mail.users + + interval = 2h + vars.notification_logtosyslog = true + vars.notification_from = "Icinga <{{ smtp_service_user }}@atlantishq.de>" + assign where host.vars.notification.mail +} diff --git a/roles/monitoring-master/templates/postfix_main.cf b/roles/monitoring-master/templates/postfix_main.cf new file mode 100644 index 0000000..99a5636 --- /dev/null +++ b/roles/monitoring-master/templates/postfix_main.cf @@ -0,0 +1,13 @@ +# Set username and password +smtp_sasl_password_maps = static:{{ smtp_service_user }}:{{ smtp_service_pass }} +smtp_sasl_security_options = noanonymous + +# Turn on tls encryption +# smtp_tls_security_level = encrypt +header_size_limit = 4096000 + +# Set external SMTP relay host here IP or hostname accepted along with a port number. +relayhost = {{ smtp_internal_host }}:25 + +# accept email from our web-server only (adjust to match your VPC/VLAN etc) +inet_interfaces = 127.0.0.1