finetuning lldap mail settings (#6)

Reviewed-on: #6
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

docker-compose/mail-relay/docker-compose.yml.j2

@@ -11,11 +11,14 @@ services:
       SMTP_USERNAME: info@mgrote.net
       SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
       SERVER_HOSTNAME: mgrote.net
-      # DEBUG: "yes" # literal
-      ALWAYS_ADD_MISSING_HEADERS: "no" # literal
-      # LOG_SUBJECT: "yes" # literal
+      # DEBUG: "yes" # as string not boolean
+      ALWAYS_ADD_MISSING_HEADERS: "no" # as string not boolean
+      # LOG_SUBJECT: "yes" # as string not boolean
       INET_PROTOCOL: ipv4
-      #SMTP_GENERIC_MAP: "/.*/ info@mgrote.net" # deactivated; dont overwrite sender
+      SMTP_GENERIC_MAP: |
+        /nobody@lldap/ lldap@mgrote.net
+      # rewrite FROM "nobody@lldap" to "lldap@mgrote.net"
+      # /.*/ würde alle absender adressen ersetzen
     networks:
       - mail-relay
     healthcheck:

group_vars/ldap.yml

@@ -35,7 +35,7 @@ lldap_logging_verbose: "true" # must be a string not a boolean
 lldap_http_port: 17170
 lldap_http_host: "0.0.0.0"
 lldap_ldap_host: "0.0.0.0"
-lldap_public_url: http://localhost
+lldap_public_url: http://ldap.mgrote.net:17170
 lldap_jwt_secret: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}"
 lldap_ldap_base_dn: "dc=mgrote,dc=net"
 lldap_admin_username: ladmin # only used on setup
@@ -43,12 +43,12 @@ lldap_admin_password: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password')
 lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
 lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
 lldap_key_seed: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}"
-lldap_smtp_from: "LLDAP Admin <info@mgrote.net>"
+#lldap_smtp_from: "lldap@mgrote.net" # unused in role
 lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
 lldap_smtp_server: "docker10.mgrote.net"
 lldap_smtp_port: "1025"
 lldap_smtp_smtp_encryption: "NONE"
-lldap_smtp_user: "info@mgrote.net"
+#lldap_smtp_user: "info@mgrote.net" # unused in role
 lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
 # "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
 lldap_db_name: "lldap"

playbooks/3_service/lldap.yml

@@ -5,5 +5,7 @@
       tags: "db"
       become: true
     - role: mgrote_lldap
-      tags: "lldap"
+      tags:
+        - lldap
+        - ldap
       become: true

roles/mgrote_lldap/handlers/main.yml

@@ -6,4 +6,10 @@
     masked: false
     enabled: true
     state: started
+
+- name: Ensure service is restarted
+  become: true
+  ansible.builtin.systemd:
+    name: lldap.service
+    state: restarted
 ...

roles/mgrote_lldap/tasks/main.yml

@@ -23,5 +23,7 @@
     owner: lldap
     group: lldap
     mode: "0644"
-  notify: Ensure services are enabled and started
+  notify:
+    - Ensure services are enabled and started
+    - Ensure service is restarted
 ...

roles/mgrote_lldap/templates/lldap_config.toml.j2

@@ -121,12 +121,12 @@ port={{ lldap_smtp_port }}
 ## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS".
 smtp_encryption = "{{ lldap_smtp_smtp_encryption }}"
 ## The SMTP user, usually your email address.
-user="{{ lldap_smtp_user }}"
+#user="{{ lldap_smtp_user }}"
 ## The SMTP password.
 #password="password" #gitleaks:allow
 ## The header field, optional: how the sender appears in the email. The first
 ## is a free-form name, followed by an email between <>.
-from="{{ lldap_smtp_from }}"
+#from="{{ lldap_smtp_from }}"
 ## Same for reply-to, optional.
 reply_to="{{ lldap_smtp_reply_to }}"