Merge branch 'master' of https://git.mgrote.net/mg/ansible
This commit is contained in:
Michael Grote
commit
8f26e89a81
24 changed files with 66 additions and 52 deletions
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
### mgrote.postfix-gmail
|
||||
empfaenger_mail: michael.grote@posteo.de
|
||||
gmail_nutzer_gmail: michael.grote@gmail.com
|
||||
gmail_nutzer_passwort: "{{ lookup('keepass', 'gmail_nutzer_passwort', 'password') }}"
|
||||
gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
||||
gmail_mail_nach_cronjob: false
|
||||
gmail_smtp_server: smtp.gmail.com
|
||||
gmail_smtp_server_port: 587
|
||||
gmail_smtp_use_tls: "yes"
|
||||
### mgrote.postfix
|
||||
postfix_absender_mailadresse: info@mgrote.net
|
||||
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
||||
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
||||
postfix_mail_nach_cronjob: false
|
||||
postfix_smtp_server: smtp.strato.de
|
||||
postfix_smtp_server_port: 587
|
||||
postfix_smtp_use_tls: "yes"
|
||||
### mgrote.set_apt_sources
|
||||
acng_server: acng.grote.lan
|
||||
acng_server_port: 9999
|
||||
|
|
@ -33,6 +33,8 @@
|
|||
f2b_bantime: 300
|
||||
f2b_findtime: 300
|
||||
f2b_maxretry: 5
|
||||
f2b_destemail: "{{ empfaenger_mail }}"
|
||||
f2b_sender: "{{ postfix_absender_mailadresse }}"
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
|
|
|
|||
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
|
|
@ -2,6 +2,7 @@
|
|||
- hosts: all
|
||||
roles:
|
||||
- { role: mgrote.fail2ban, tags: "f2b" }
|
||||
- { role: mgrote.postfix, tags: "postfix" }
|
||||
- { role: mgrote.deactivate_ssh_password_login, tags: "ssh" }
|
||||
- { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
|
||||
tags: "ufw",
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
- hosts: testeinzeln
|
||||
become: yes
|
||||
roles:
|
||||
- { role: mgrote.postfix-gmail, tags: "postfix-gmail" }
|
||||
- { role: mgrote.postfix, tags: "postfix" }
|
||||
- { role: mgrote.fail2ban, tags: "f2b" }
|
||||
|
|
|
|||
|
|
@ -14,5 +14,5 @@
|
|||
---
|
||||
- hosts: storage
|
||||
roles:
|
||||
- { role: mgrote.postfix-gmail, tags: "gmail" }
|
||||
- { role: mgrote.postfix, tags: "postfix" }
|
||||
- { role: mgrote.fileserver_smb, tags: "fileserver_smb" }
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
- { role: mgrote.apcupsd, tags: "apcupsd" }
|
||||
- { role: mgrote.smart, tags: "smart" }
|
||||
- { role: mgrote.zfs_tools, tags: "zfs_tools" }
|
||||
- { role: mgrote.postfix-gmail, tags: "postfix-gmail" }
|
||||
- { role: mgrote.postfix, tags: "postfix" }
|
||||
- { role: mgrote.sanoid, tags: "sanoid" }
|
||||
- { role: mgrote.ecc-rasdaemon,
|
||||
tags: "ecc",
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
### Beschreibung
|
||||
Installiert APCUPSD fuer eine APC UPS mit USB Verbindung.
|
||||
Benoetigt mgrote.postfix-gmail.
|
||||
Benoetigt mgrote.postfix.
|
||||
https://linux.die.net/man/5/apcupsd.conf
|
||||
|
||||
### Funktioniert auf
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: mgrote.postfix-gmail
|
||||
- role: mgrote.postfix
|
||||
galaxy_info:
|
||||
author: mgrote
|
||||
description: installs apcupsd
|
||||
|
|
|
|||
|
|
@ -3,3 +3,5 @@
|
|||
f2b_bantime: 60
|
||||
f2b_findtime: 600
|
||||
f2b_maxretry: 5
|
||||
f2b_destemail: michael.grote@posteo.de
|
||||
f2b_sender: info@mgrote.net
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: mgrote.postfix-gmail
|
||||
- role: mgrote.postfix
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ findtime = {{ f2b_findtime }}
|
|||
maxretry = {{ f2b_maxretry }}
|
||||
|
||||
# Mail Reporting
|
||||
destemail = michael.grote@posteo.de
|
||||
sender = michael.grote@gmail.com
|
||||
destemail = {{ f2b_destemail }}
|
||||
sender = {{ f2b_sender }}
|
||||
|
||||
# to ban & send an e-mail with whois report to the destemail.
|
||||
#action = %(action_mw)s
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
gmail_mail_nach_cronjob: false
|
||||
gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
||||
gmail_smtp_server: smtp.gmail.com
|
||||
gmail_smtp_server_port: 587
|
||||
gmail_smtp_use_tls: yes
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
relayhost = [{{ gmail_smtp_server }}]:{{ gmail_smtp_server_port }}
|
||||
smtp_use_tls = {{ gmail_smtp_use_tls }}
|
||||
smtp_sasl_auth_enable = yes
|
||||
smtp_sasl_security_options =
|
||||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
|
||||
smtp_tls_session_cache_timeout = 3600s
|
||||
inet_protocols = ipv4
|
||||
append_dot_mydomain = no
|
||||
|
||||
mynetworks = {{ gmail_postfix_erlaubte_netzwerke }}
|
||||
|
||||
smtpd_relay_restrictions = permit_mynetworks
|
||||
|
|
@ -1 +0,0 @@
|
|||
{{ gmail_smtp_server }} {{ gmail_nutzer_gmail }}:{{ gmail_nutzer_passwort }}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
## mgrote.postfix-gmail
|
||||
## mgrote.postfix
|
||||
|
||||
### Beschreibung
|
||||
Installiert und konfiguriert postfix fuer den GMail.
|
||||
Installiert und konfiguriert postfix.
|
||||
|
||||
### Funktioniert auf
|
||||
- [x] Ubuntu (>=18.04)
|
||||
|
|
@ -11,11 +11,11 @@ Installiert und konfiguriert postfix fuer den GMail.
|
|||
### Variablen + Defaults
|
||||
##### Wer soll die Mails bekommen.
|
||||
empfaenger_mail: michael.grote@posteo.de
|
||||
##### Nutzer fuer GMail
|
||||
gmail_nutzer_gmail: michael.grote@gmail.com
|
||||
##### Passwort fuer GMail
|
||||
gmail_nutzer_passwort: FKXaOXXXXXX5kHC
|
||||
##### Nutzer
|
||||
postfix_absender_mailadresse: info@mgrote.net
|
||||
##### Passwort
|
||||
postfix_absender_passwort: FKXaOXXXXXX5kHC
|
||||
##### Soll nach Aufuehrung eines cronjobs eine Mail versendet werden?
|
||||
gmail_mail_nach_cronjob: false
|
||||
postfix_mail_nach_cronjob: false
|
||||
##### Netzwerke aus denen postfix Mails annimmt
|
||||
gmail_postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
||||
postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24"
|
||||
|
|
@ -1,7 +1,11 @@
|
|||
- name: create_db_passwordfile
|
||||
- name: hash_sasl_passwd
|
||||
become: yes
|
||||
command: /usr/sbin/postmap hash:/etc/postfix/sasl_passwd
|
||||
|
||||
- name: hash_sender_canonical
|
||||
become: yes
|
||||
command: /usr/sbin/postmap hash:/etc/postfix/sender_canonical
|
||||
|
||||
- name: postfix_reload
|
||||
become: yes
|
||||
systemd:
|
||||
|
|
@ -16,7 +16,17 @@
|
|||
dest: /etc/postfix/sasl_passwd
|
||||
force: yes
|
||||
notify:
|
||||
- create_db_passwordfile
|
||||
- hash_sasl_passwd
|
||||
- postfix_testmail
|
||||
|
||||
- name: kopiere sender_canonical
|
||||
become: yes
|
||||
ansible.builtin.template:
|
||||
src: sender_canonical
|
||||
dest: /etc/postfix/sender_canonical
|
||||
notify:
|
||||
- hash_sender_canonical
|
||||
- postfix_reload
|
||||
- postfix_testmail
|
||||
|
||||
- name: kopiere postfix_main.cf
|
||||
|
|
@ -30,7 +40,7 @@
|
|||
|
||||
- name: Mail Cronjob - Anlegen
|
||||
become: yes
|
||||
when: gmail_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/
|
||||
when: postfix_mail_nach_cronjob # ohne parameter wird auf true geprueft https://www.buildahomelab.com/2018/11/12/using-ansible-when-statements/
|
||||
ansible.builtin.cron:
|
||||
name: MAILTO
|
||||
env: yes
|
||||
|
|
@ -40,7 +50,7 @@
|
|||
|
||||
- name: Mail Cronjob - Entfernen
|
||||
become: yes
|
||||
when: not gmail_mail_nach_cronjob
|
||||
when: not postfix_mail_nach_cronjob
|
||||
ansible.builtin.cron:
|
||||
name: MAILTO
|
||||
env: yes
|
||||
13
roles/mgrote.postfix/templates/main.cf
Normal file
13
roles/mgrote.postfix/templates/main.cf
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_server_port }}
|
||||
smtp_use_tls = {{ postfix_smtp_use_tls }}
|
||||
smtp_sasl_auth_enable = {{ postfix_smtp_sasl_auth_enable }}
|
||||
smtp_sasl_security_options =
|
||||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
|
||||
smtp_tls_session_cache_timeout = {{ postfix_smtp_tls_session_cache_timeout }}
|
||||
inet_protocols = {{ postfix_inet_protocols }}
|
||||
append_dot_mydomain = {{ postfix_append_dot_mydomain }}
|
||||
mynetworks = {{ postfix_erlaubte_netzwerke }}
|
||||
smtpd_relay_restrictions = permit_mynetworks
|
||||
sender_canonical_classes = envelope_sender, header_sender
|
||||
sender_canonical_maps = regexp:/etc/postfix/sender_canonical
|
||||
1
roles/mgrote.postfix/templates/sasl_passwd
Normal file
1
roles/mgrote.postfix/templates/sasl_passwd
Normal file
|
|
@ -0,0 +1 @@
|
|||
{{ postfix_smtp_server }} {{ postfix_absender_mailadresse }}:{{ postfix_absender_passwort }}
|
||||
1
roles/mgrote.postfix/templates/sender_canonical
Normal file
1
roles/mgrote.postfix/templates/sender_canonical
Normal file
|
|
@ -0,0 +1 @@
|
|||
/.+/ {{ postfix_absender_mailadresse }}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: mgrote.postfix-gmail
|
||||
- role: mgrote.postfix
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: mgrote.postfix-gmail
|
||||
- role: mgrote.postfix
|
||||
galaxy_info:
|
||||
author: mgrote
|
||||
description: installs smartctl and configures it
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
### Beschreibung
|
||||
Aktiviert die Mail Funktion von ZED (ZFS Event Daemon).
|
||||
Setzt die maximale ARC-Groesse.
|
||||
Benoetigt "mgrote.postfix-gmail".
|
||||
Benoetigt "mgrote.postfix".
|
||||
Richtet regelmaessige Scrubs(jeden Sonntag) und Trim(alle 4 Monate) ein.
|
||||
Richtet "zfs_health.sh", ein ZFS-Checkscript das auch Mails versendet bei Fehlern.
|
||||
Deaktiviert das mitinstallierte scrub-Script in /etc/cron.d/zfsutils-linux.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: mgrote.postfix-gmail
|
||||
- role: mgrote.postfix
|
||||
galaxy_info:
|
||||
author: mgrote
|
||||
description: installs zfs-tools
|
||||
|
|
|
|||
Loading…
Reference in a new issue