From 5e6034bf59682e6d7f69820468a69666e1326711 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 4 Apr 2024 22:25:20 +0200 Subject: [PATCH] finetuning lldap mail settings (#6) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/6 Co-authored-by: Michael Grote Co-committed-by: Michael Grote --- docker-compose/mail-relay/docker-compose.yml.j2 | 11 +++++++---- group_vars/ldap.yml | 6 +++--- playbooks/3_service/lldap.yml | 4 +++- roles/mgrote_lldap/handlers/main.yml | 6 ++++++ roles/mgrote_lldap/tasks/main.yml | 4 +++- roles/mgrote_lldap/templates/lldap_config.toml.j2 | 4 ++-- 6 files changed, 24 insertions(+), 11 deletions(-) diff --git a/docker-compose/mail-relay/docker-compose.yml.j2 b/docker-compose/mail-relay/docker-compose.yml.j2 index e6c4bb08..9b76abf6 100644 --- a/docker-compose/mail-relay/docker-compose.yml.j2 +++ b/docker-compose/mail-relay/docker-compose.yml.j2 @@ -11,11 +11,14 @@ services: SMTP_USERNAME: info@mgrote.net SMTP_PASSWORD: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}" SERVER_HOSTNAME: mgrote.net - # DEBUG: "yes" # literal - ALWAYS_ADD_MISSING_HEADERS: "no" # literal - # LOG_SUBJECT: "yes" # literal + # DEBUG: "yes" # as string not boolean + ALWAYS_ADD_MISSING_HEADERS: "no" # as string not boolean + # LOG_SUBJECT: "yes" # as string not boolean INET_PROTOCOL: ipv4 - #SMTP_GENERIC_MAP: "/.*/ info@mgrote.net" # deactivated; dont overwrite sender + SMTP_GENERIC_MAP: | + /nobody@lldap/ lldap@mgrote.net + # rewrite FROM "nobody@lldap" to "lldap@mgrote.net" + # /.*/ würde alle absender adressen ersetzen networks: - mail-relay healthcheck: diff --git a/group_vars/ldap.yml b/group_vars/ldap.yml index 48291d61..eb8db91b 100644 --- a/group_vars/ldap.yml +++ b/group_vars/ldap.yml @@ -35,7 +35,7 @@ lldap_logging_verbose: "true" # must be a string not a boolean lldap_http_port: 17170 lldap_http_host: "0.0.0.0" lldap_ldap_host: "0.0.0.0" -lldap_public_url: http://localhost +lldap_public_url: http://ldap.mgrote.net:17170 lldap_jwt_secret: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}" lldap_ldap_base_dn: "dc=mgrote,dc=net" lldap_admin_username: ladmin # only used on setup @@ -43,12 +43,12 @@ lldap_admin_password: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}" lldap_key_seed: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}" -lldap_smtp_from: "LLDAP Admin " +#lldap_smtp_from: "lldap@mgrote.net" # unused in role lldap_smtp_reply_to: "Do not reply " lldap_smtp_server: "docker10.mgrote.net" lldap_smtp_port: "1025" lldap_smtp_smtp_encryption: "NONE" -lldap_smtp_user: "info@mgrote.net" +#lldap_smtp_user: "info@mgrote.net" # unused in role lldap_smtp_enable_password_reset: "true" # must be a string not a boolean # "meta vars"; daraus werden die db-url und die postgres-db abgeleitet lldap_db_name: "lldap" diff --git a/playbooks/3_service/lldap.yml b/playbooks/3_service/lldap.yml index 99f024e4..2c0325bb 100644 --- a/playbooks/3_service/lldap.yml +++ b/playbooks/3_service/lldap.yml @@ -5,5 +5,7 @@ tags: "db" become: true - role: mgrote_lldap - tags: "lldap" + tags: + - lldap + - ldap become: true diff --git a/roles/mgrote_lldap/handlers/main.yml b/roles/mgrote_lldap/handlers/main.yml index 81b2c4ad..0373bbd1 100644 --- a/roles/mgrote_lldap/handlers/main.yml +++ b/roles/mgrote_lldap/handlers/main.yml @@ -6,4 +6,10 @@ masked: false enabled: true state: started + +- name: Ensure service is restarted + become: true + ansible.builtin.systemd: + name: lldap.service + state: restarted ... diff --git a/roles/mgrote_lldap/tasks/main.yml b/roles/mgrote_lldap/tasks/main.yml index a658d7ae..3b0f69d6 100644 --- a/roles/mgrote_lldap/tasks/main.yml +++ b/roles/mgrote_lldap/tasks/main.yml @@ -23,5 +23,7 @@ owner: lldap group: lldap mode: "0644" - notify: Ensure services are enabled and started + notify: + - Ensure services are enabled and started + - Ensure service is restarted ... diff --git a/roles/mgrote_lldap/templates/lldap_config.toml.j2 b/roles/mgrote_lldap/templates/lldap_config.toml.j2 index d7c546d6..ffe1e431 100644 --- a/roles/mgrote_lldap/templates/lldap_config.toml.j2 +++ b/roles/mgrote_lldap/templates/lldap_config.toml.j2 @@ -121,12 +121,12 @@ port={{ lldap_smtp_port }} ## How the connection is encrypted, either "NONE" (no encryption), "TLS" or "STARTTLS". smtp_encryption = "{{ lldap_smtp_smtp_encryption }}" ## The SMTP user, usually your email address. -user="{{ lldap_smtp_user }}" +#user="{{ lldap_smtp_user }}" ## The SMTP password. #password="password" #gitleaks:allow ## The header field, optional: how the sender appears in the email. The first ## is a free-form name, followed by an email between <>. -from="{{ lldap_smtp_from }}" +#from="{{ lldap_smtp_from }}" ## Same for reply-to, optional. reply_to="{{ lldap_smtp_reply_to }}"