move to containerized mail relayhost (#588)

Reviewed-on: #588
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

docker-compose/mail-relay/docker-compose.yml.j2

@@ -0,0 +1,27 @@
+version: '3.3'
+services:
+    postfix:
+      image: registry.mgrote.net/postfix:master
+      container_name: mail-relay
+      restart: always
+      labels:
+        com.centurylinklabs.watchtower.enable: true
+      ports:
+          - 1025:25
+      environment:
+        SMTP_SERVER: smtp.strato.de
+        SMTP_USERNAME: info@mgrote.net
+        SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }}
+        SERVER_HOSTNAME: mgrote.net
+        # DEBUG: "yes" # literal
+        ALWAYS_ADD_MISSING_HEADERS: "no" # literal
+        OVERWRITE_FROM: info@mgrote.net
+        # LOG_SUBJECT: "yes" # literal
+        INET_PROTOCOL: ipv4
+      networks:
+        - mail-relay
+
+######## Networks ########
+networks:
+  mail-relay:
+    external: true

docker-compose/nextcloud/.env.j2

@@ -1,5 +0,0 @@
-MYSQL_ROOT_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}
-MYSQL_PASSWORD={{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
-REDIS_HOST_PASSWORD={{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
-SMTP_PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
-NC_MAJOR_VERSION=26

docker-compose/nextcloud/docker-compose.yml.j2

@@ -11,8 +11,8 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - db:/var/lib/mysql
     environment:
-      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_root_password', 'password') }}
-      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
       MYSQL_DATABASE: nextcloud
       MYSQL_USER: nextcloud
       MYSQL_INITDB_SKIP_TZINFO: 1
@@ -29,7 +29,7 @@ services:
     networks:
       - intern
     restart: unless-stopped
-    command: redis-server --requirepass ${REDIS_HOST_PASSWORD}
+    command: redis-server --requirepass {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
     labels:
       com.centurylinklabs.watchtower.enable: true
 
@@ -52,7 +52,7 @@ services:
 
 ######## Nextcloud ########
   nextcloud-app:
-    image: nextcloud:${NC_MAJOR_VERSION}
+    image: nextcloud:27
     container_name: nextcloud-app
     restart: unless-stopped
     depends_on:
@@ -60,18 +60,18 @@ services:
       - nextcloud-redis
     environment:
         REDIS_HOST: nextcloud-redis
-        REDIS_HOST_PASSWORD: ${REDIS_HOST_PASSWORD}
+        REDIS_HOST_PASSWORD: {{ lookup('keepass', 'nextcloud_redis_host_password', 'password') }}
         MYSQL_DATABASE: nextcloud
         MYSQL_USER: nextcloud
-        MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+        MYSQL_PASSWORD: {{ lookup('keepass', 'nextcloud_mysql_password', 'password') }}
         MYSQL_HOST: nextcloud-db
         NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.mgrote.net"
-        SMTP_HOST: smtp.strato.de
+        SMTP_HOST: mail-relay
-        SMTP_SECURE: tls
+        #SMTP_SECURE: tls
-        SMTP_PORT: 587
+        SMTP_PORT: 25
-        SMTP_AUTHTYPE: LOGIN
+        #SMTP_AUTHTYPE: LOGIN
         SMTP_NAME: info@mgrote.net
-        SMTP_PASSWORD: ${SMTP_PASSWORD}
+        #SMTP_PASSWORD: {{ lookup('keepass', 'strato_smtp_password', 'password') }}
         MAIL_FROM_ADDRESS: info@mgrote.net
         PHP_MEMORY_LIMIT: 1024M
         PHP_UPLOAD_LIMIT: 10G
@@ -87,6 +87,7 @@ services:
     networks:
       - intern
       - traefik
+      - mail-relay
     labels:
       com.centurylinklabs.watchtower.enable: true
       com.centurylinklabs.watchtower.depends-on: nextcloud-redis,nextcloud-db
@@ -114,6 +115,8 @@ networks:
     driver: bridge
   traefik:
     external: true
+  mail-relay:
+    external: true
 ######## Volumes ########
 volumes:
   db:

docker-compose/watchtower/docker-compose.yml.j2

@@ -16,15 +16,17 @@ services:
       WATCHTOWER_LABEL_ENABLE: true
       WATCHTOWER_NOTIFICATIONS: email
       WATCHTOWER_NOTIFICATION_EMAIL_FROM: info@mgrote.net
-      WATCHTOWER_NOTIFICATION_EMAIL_TO: michael.grote@posteo.de
+      WATCHTOWER_NOTIFICATION_EMAIL_TO: info@mgrote.net
-      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: smtp.strato.de
+      WATCHTOWER_NOTIFICATION_EMAIL_SERVER: mail-relay # "container_name" des Relays
-      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: 587
+      # WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: 25 # nicht benötigt, nur als Referenz stehen gelassen
-      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: info@mgrote.net
+      # WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "" # nicht benötigt, nur als Referenz stehen gelassen
-      WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: {{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
+      # WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "" # nicht benötigt, nur als Referenz stehen gelassen
       WATCHTOWER_NOTIFICATION_EMAIL_DELAY: 2
       WATCHTOWER_NO_STARTUP_MESSAGE: true
     labels:
       com.centurylinklabs.watchtower.enable: true
+    networks:
+      - mail-relay # binde externe Netzwerk an Container
 
 # monitore diesen Container nur
 #   labels:
@@ -33,3 +35,8 @@ services:
 #     com.centurylinklabs.watchtower.depends-on: mf-db
 # aktualisiere container
 #     com.centurylinklabs.watchtower.enable: true
+
+######## Networks ########
+networks:
+  mail-relay: # damit das mail-relaay im anderen Container erreicht werden kann
+    external: true

friedhof/mgrote_apcupsd/handlers/main.yml

@@ -8,5 +8,5 @@
 
 - name: apc_access_mail
   ansible.builtin.shell:
-    cmd: set -o pipefail && /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
+    cmd: set -o pipefail && /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ my_mail }}
     executable: /bin/bash

friedhof/mgrote_apcupsd/mgrote.apcupsd/handlers/main.yml

@@ -7,4 +7,4 @@
     enabled: true
 
 - name: apc_access_mail
-  ansible.builtin.shell: /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
+  ansible.builtin.shell: /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ my_mail }}

friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/main.yml

@@ -32,7 +32,7 @@
   ansible.builtin.lineinfile:
     path: /etc/apcupsd/apccontrol #wo
     regexp: export SYSADMIN=root #suche nach
-    line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
+    line: export SYSADMIN={{ my_mail }} #ersetze durch...
     backrefs: true #verhindert das die zeile bei "nicht zutreffen"  am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
 
 - name: copy test script

friedhof/mgrote_apcupsd/tasks/main.yml

@@ -32,7 +32,7 @@
   ansible.builtin.lineinfile:
     path: /etc/apcupsd/apccontrol #wo
     regexp: export SYSADMIN=root #suche nach
-    line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
+    line: export SYSADMIN={{ my_mail }} #ersetze durch...
     backrefs: true #verhindert das die zeile bei "nicht zutreffen"  am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
 
 - name: copy test script

group_vars/all.yml

@@ -1,11 +1,13 @@
 ---
 ### wird in vielen Rollen verwendet
 ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
-empfaenger_mail: michael.grote@posteo.de
+my_mail: info@mgrote.net # wird von Strato an info@mgrote.net weitergeleitet, direkter Versand an Posteo geht warum auch immer nicht, Einstellung bei Strato: "Mail -> Verwaltung -> info@mgrote.net -> Filterreglen verwalten"
+# Ticket bei Posteo ist offen
 file_header: |
   #----------------------------------------------------------------#
   #              This file is managed with ansible!                #
   #----------------------------------------------------------------#
+
 ### mgrote.restic
 restic_user: root
 restic_group: restic
@@ -27,7 +29,8 @@ restic_repository: "//fileserver3.grote.lan/restic"
 restic_repository_password: "{{ lookup('keepass', 'restic_repository_password', 'password') }}"
 restic_mount_user: restic
 restic_mount_password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
-restic_fail_mail: "{{ empfaenger_mail }}"
+restic_fail_mail: "{{ my_mail }}"
+
 ### mgrote.user
 users:
   - username: mg
@@ -58,13 +61,15 @@ dotfiles_files:
   - repo_path: "{{ dotfiles_repo_path }}/.gitconfig"
     local_path: "/home/mg/.gitconfig"
 dotfiles_owner: mg
+
 ### jnv.unattended_upgrades
-unattended_mail: "{{ empfaenger_mail }}"
+unattended_mail: "{{ my_mail }}"
 unattended_mail_only_on_error: true
 unattended_syslog_enable: true
 unattended_origins_patterns:
   - 'origin=Ubuntu,archive=${distro_codename}-security'
   - 'o=Ubuntu,a=${distro_codename}-updates'
+
 ### mgrote.ntp_chrony_client
 ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
 ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
@@ -76,23 +81,21 @@ ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
 ntp_chrony_logging: false
 
 ### mgrote.postfix
-postfix_absender_mailadresse: info@mgrote.net
+postfix_smtp_server: docker10.grote.lan
-postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
+postfix_smtp_server_port: 1025
-postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
+
-postfix_mail_nach_cronjob: false
-postfix_smtp_server: smtp.strato.de
-postfix_smtp_server_port: 587
-postfix_smtp_use_tls: "yes"
 ### mgrote.tmux
 tmux_conf_destination: "/home/mg/.tmux.conf"
 tmux_bashrc_destination: "/home/mg/.bashrc"
 tmux_standardsession_name: "default"
+
 ### mgrote.fail2ban
 f2b_bantime: 300
 f2b_findtime: 300
 f2b_maxretry: 5
-f2b_destemail: "{{ empfaenger_mail }}"
+f2b_destemail: "{{ my_mail }}"
-f2b_sender: "{{ postfix_absender_mailadresse }}"
+f2b_sender: info@mgrote.net
+
 ### oefenweb.ufw
 ufw_rules:
   - rule: allow
@@ -102,6 +105,7 @@ ufw_rules:
     from_ip: 0.0.0.0/0
 ufw_default_incoming_policy: deny
 ufw_default_outgoing_policy: allow
+
 ### mgrote.apt_manage_packages
 apt_packages_common:
   - locales

group_vars/gitea.yml

@@ -65,7 +65,7 @@ gitea_mailer_tls_enabled: true
 gitea_mailer_host: smtp.strato.de:465
 gitea_mailer_from: info@mgrote.net
 gitea_mailer_user: "info@mgrote.net"
-gitea_mailer_password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
+gitea_mailer_password: "{{ lookup('keepass', 'strato_smtp_password', 'password') }}"
 gitea_mailer_type: smtp
 
 gitea_default_branch: 'master'

host_vars/docker10.grote.lan.yml

@@ -53,6 +53,9 @@ compose_files:
   - name: registry
     state: present
     network: traefik
+  - name: mail-relay
+    state: present
+    network: mail-relay
     
 ### oefenweb.ufw
 ufw_rules:

roles/mgrote_cv4pve_autosnap/templates/cv4pve_mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in cv4pve.service.
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/bin/systemctl status cv4pve.service | mail -s "[ERROR] cv4pve - %H" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '/bin/systemctl status cv4pve.service | mail -s "[ERROR] cv4pve - %H" {{ my_mail }}'

roles/mgrote_postfix/README.md

@@ -2,20 +2,3 @@
 
 ### Beschreibung
 Installiert und konfiguriert postfix.
-
-### getestet auf
-- [x] Ubuntu (>=18.04)
-- [x] Debian
-- [x] ProxMox 6.1
-
-### Variablen + Defaults
-##### Wer soll die Mails bekommen.
-``empfaenger_mail: michael.grote@posteo.de``
-##### Nutzer
-``postfix_absender_mailadresse: info@mgrote.net``
-##### Passwort
-``postfix_absender_passwort: FKXaOXXXXXX5kHC``
-##### Soll nach Aufuehrung eines cronjobs eine Mail versendet werden?
-``postfix_mail_nach_cronjob: false``
-##### Netzwerke aus denen postfix Mails annimmt
-``postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"``

roles/mgrote_postfix/defaults/main.yml

@@ -1,12 +1,3 @@
 ---
-postfix_mail_nach_cronjob: false
+postfix_smtp_server: docker10.grote.lan
-postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
+postfix_smtp_server_port: 1025
-postfix_smtp_server: smtp.strato.de
-postfix_smtp_server_port: 587
-postfix_absender_mailadresse: info@mgrote.net
-postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
-postfix_smtp_use_tls: "yes"
-postfix_smtp_sasl_auth_enable: "yes"
-postfix_smtp_tls_session_cache_timeout: 3600s
-postfix_inet_protocols: ipv4
-postfix_append_dot_mydomain: "no"

roles/mgrote_postfix/handlers/main.yml

@@ -1,21 +1,13 @@
 ---
-- name: hash_sasl_passwd  # noqa no-changed-when
+- name: reload postfix
-  become: true
-  ansible.builtin.command: /usr/sbin/postmap hash:/etc/postfix/sasl_passwd
-
-- name: hash_sender_canonical # noqa no-changed-when
-  become: true
-  ansible.builtin.command: /usr/sbin/postmap hash:/etc/postfix/sender_canonical
-
-- name: postfix_reload
   become: true
   ansible.builtin.systemd:
     name: postfix
     enabled: true
     state: restarted
-  notify: postfix_testmail
+  notify: send testmail
 
-- name: postfix_testmail # noqa no-changed-when
+- name: send testmail # noqa no-changed-when
   ansible.builtin.shell:
-    cmd: "set -o pipefail && echo 'postfix ist eingerichtet' | mail -s '{{ ansible_hostname }} - postfix' {{ empfaenger_mail }}"
+    cmd: "set -o pipefail && echo 'postfix ist eingerichtet' | mail -s '{{ ansible_hostname }} - postfix' {{ my_mail }}"
     executable: /bin/bash

roles/mgrote_postfix/tasks/main.yml

@@ -1,41 +1,26 @@
 ---
-### postfix fuer gmail; http://dokuwiki2.grote.lan/artikel/technik/postfix_mit_gmail_fuer_benachrichtigungen_einrichten
+- name: Ensure needed packages are installed
-- name: postfix + Hilfsprogramme installieren
   become: true
   ansible.builtin.package:
     name:
       - postfix
       - mailutils
-      - libsasl2-modules
+#      - libsasl2-modules
     state: present
 
-- name: kopiere sasl_passwd
+- name: kopiere sasl_passwd # entfernen
   become: true
-  ansible.builtin.template:
+  ansible.builtin.file:
-    src: sasl_passwd
+    path: /etc/postfix/sasl_passwd
-    dest: /etc/postfix/sasl_passwd
+    state: absent
-    force: true
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - hash_sasl_passwd
-    - postfix_testmail
 
-- name: kopiere sender_canonical
+- name: kopiere sender_canonical # entfernen
   become: true
-  ansible.builtin.template:
+  ansible.builtin.file:
-    src: sender_canonical
+    path: /etc/postfix/sasl_passwd
-    dest: /etc/postfix/sender_canonical
+    state: absent
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - hash_sender_canonical
-    - postfix_reload
-    - postfix_testmail
 
-- name: kopiere postfix_main.cf
+- name: Template postfix configuration
   become: true
   ansible.builtin.template:
     src: main.cf
@@ -44,22 +29,11 @@
     group: root
     mode: "0644"
   notify:
-    - postfix_reload
+    - reload postfix
-    - postfix_testmail
+    - send testmail
 
-- name: Mail Cronjob - Anlegen
+- name: Ensure default cron mailing is disabled
   become: true
-  when: postfix_mail_nach_cronjob # ohne parameter wird auf true geprueft  https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/
-  ansible.builtin.cron:
-    name: MAILTO
-    env: true
-    job: "{{ empfaenger_mail }}"
-  notify:
-    - postfix_testmail
-
-- name: Mail Cronjob - Entfernen
-  become: true
-  when: not postfix_mail_nach_cronjob
   ansible.builtin.cron:
     name: MAILTO
     env: true

roles/mgrote_postfix/templates/main.cf

@@ -1,14 +1,2 @@
 {{ file_header | default () }}
 relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_server_port }}
-smtp_use_tls = {{ postfix_smtp_use_tls }}
-smtp_sasl_auth_enable = {{ postfix_smtp_sasl_auth_enable }}
-smtp_sasl_security_options =
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
-smtp_tls_session_cache_timeout = {{ postfix_smtp_tls_session_cache_timeout }}
-inet_protocols = {{ postfix_inet_protocols }}
-append_dot_mydomain = {{ postfix_append_dot_mydomain }}
-mynetworks = {{ postfix_erlaubte_netzwerke }}
-smtpd_relay_restrictions = permit_mynetworks
-sender_canonical_classes = envelope_sender, header_sender
-sender_canonical_maps =  regexp:/etc/postfix/sender_canonical

roles/mgrote_postfix/templates/sasl_passwd

@@ -1,2 +0,0 @@
-{{ file_header | default () }}
-{{ postfix_smtp_server }} {{ postfix_absender_mailadresse }}:{{ postfix_absender_passwort }}

roles/mgrote_postfix/templates/sender_canonical

@@ -1,2 +0,0 @@
-{{ file_header | default () }}
-/.+/    {{ postfix_absender_mailadresse }}

roles/mgrote_restic/templates/restic_mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in restic.service.
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -s "[ERROR] restic - %H" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '/bin/systemctl status restic.service | mail -s "[ERROR] restic - %H" {{ my_mail }}'

roles/mgrote_smart/templates/smartd.conf

@@ -3,7 +3,7 @@
 # Reihenfolge der Zeilen ist wichtig
 
 # Mail nach Neustart
-/dev/sda -m {{ empfaenger_mail }} -M test
+/dev/sda -m {{ my_mail }} -M test
 
 # Alles nach dieser Zeile wir nicht mehr ausgewertet
-DEVICESCAN -d scsi -n standby -m {{ empfaenger_mail }} -H -l error -f
+DEVICESCAN -d scsi -n standby -m {{ my_mail }} -H -l error -f

roles/mgrote_youtubedl/templates/youtubedl_mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in youtubedl.service.
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/bin/systemctl status youtubedl.service | mail -s "[ERROR] youtubedl" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '/bin/systemctl status youtubedl.service | mail -s "[ERROR] youtubedl" {{ my_mail }}'

roles/mgrote_zfs_health/templates/zfs-health.sh

@@ -42,7 +42,7 @@ fi
 
 if [ "$problems" -ne 0 ]; then
   logger $emailSubject
-        echo -e "$emailSubject \n\n\n `/sbin/zpool list` \n\n\n `/sbin/zpool status`" | mail -s "$emailSubject" {{ empfaenger_mail }}
+        echo -e "$emailSubject \n\n\n `/sbin/zpool list` \n\n\n `/sbin/zpool status`" | mail -s "$emailSubject" {{ my_mail }}
 fi
 
 ### EOF ###

roles/mgrote_zfs_sanoid/templates/sanoid_mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in sanoid.service.
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/bin/systemctl status sanoid.service | mail -s "[ERROR] sanoid - %H" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '/bin/systemctl status sanoid.service | mail -s "[ERROR] sanoid - %H" {{ my_mail }}'

roles/mgrote_zfs_sanoid/templates/syncoid_mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail for sanoid service after error or success sanoid.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '/usr/bin/journalctl -u syncoid.service -n 20| mail -s "syncoid - %H" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '/usr/bin/journalctl -u syncoid.service -n 20| mail -s "syncoid - %H" {{ my_mail }}'

roles/mgrote_zfs_scrub/templates/zpool-scrub-mail.service.j2

@@ -5,4 +5,4 @@ Description=Send a Mail in case of an error in zpool-scrub@.service.
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c '{{ zfs_extra_path_zpool }} status | mail -s "[ERROR] zpool scrub - %H" {{ empfaenger_mail }}'
+ExecStart=/bin/bash -c '{{ zfs_extra_path_zpool }} status | mail -s "[ERROR] zpool scrub - %H" {{ my_mail }}'

roles/mgrote_zfs_zed/handlers/main.yml

@@ -1,5 +1,5 @@
 ---
 - name: testmail # noqa no-changed-when
   ansible.builtin.shell:
-    cmd: "set -o pipefail && echo 'zed ist eingerichtet' | mail -s '{{ ansible_hostname }} - zed' '{{ empfaenger_mail }}'"
+    cmd: "set -o pipefail && echo 'zed ist eingerichtet' | mail -s '{{ ansible_hostname }} - zed' '{{ my_mail }}'"
     executable: /bin/bash

roles/mgrote_zfs_zed/templates/zed.rc

@@ -16,7 +16,7 @@
 # Email will only be sent if ZED_EMAIL_ADDR is defined.
 # Disabled by default; uncomment to enable.
 #
-ZED_EMAIL_ADDR="{{ empfaenger_mail }}"
+ZED_EMAIL_ADDR="{{ my_mail }}"
 
 ##
 # Name or path of executable responsible for sending notifications via email;