diff options
| -rw-r--r-- | playbooks/roles/bin/tasks/main.yml | 6 | ||||
| -rw-r--r-- | playbooks/roles/ceph/tasks/main.yml | 2 | ||||
| -rw-r--r-- | playbooks/roles/mail/tasks/main.yml | 48 | ||||
| -rw-r--r-- | playbooks/roles/mail/templates/stacks/docker-compose.yml | 16 | ||||
| -rw-r--r-- | playbooks/roles/outbound/tasks/main.yml | 12 | ||||
| -rw-r--r-- | playbooks/roles/outbound/templates/headscale/config/config.yaml | 3 | ||||
| -rw-r--r-- | playbooks/roles/outbound/templates/proxy/docker-compose.yml | 1 | ||||
| -rw-r--r-- | playbooks/roles/outbound/templates/proxy/toplevel.conf.d/stream.conf | 38 | ||||
| -rw-r--r-- | playbooks/roles/pihole/tasks/main.yml | 6 | ||||
| -rw-r--r-- | playbooks/roles/traefik/templates/stacks/traefik.yml | 6 |
10 files changed, 72 insertions, 66 deletions
diff --git a/playbooks/roles/bin/tasks/main.yml b/playbooks/roles/bin/tasks/main.yml index 69516ab..5254826 100644 --- a/playbooks/roles/bin/tasks/main.yml +++ b/playbooks/roles/bin/tasks/main.yml @@ -4,9 +4,6 @@ ansible.builtin.file: state: directory dest: '{{ bin_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 755 with_filetree: '../templates' when: item.state == 'directory' @@ -14,9 +11,6 @@ ansible.builtin.template: src: '{{ item.src }}' dest: '{{ bin_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 755 with_filetree: '../templates' when: item.state == 'file' diff --git a/playbooks/roles/ceph/tasks/main.yml b/playbooks/roles/ceph/tasks/main.yml index b949cce..69a769a 100644 --- a/playbooks/roles/ceph/tasks/main.yml +++ b/playbooks/roles/ceph/tasks/main.yml @@ -36,7 +36,7 @@ ansible.builtin.lineinfile: path: /etc/fstab regexp: '{{ ceph_base }}\w+fuse.ceph' - line: "none {{ ceph_base }} fuse.ceph ceph.id={{ ceph_client_name }},_netdev,defaults 0 0" + line: "none {{ ceph_base }} fuse.ceph ceph.id={{ ceph_client_name }},_netdev,defaults,umask=000 0 0" create: true mode: "0644" diff --git a/playbooks/roles/mail/tasks/main.yml b/playbooks/roles/mail/tasks/main.yml index 12b789d..4576500 100644 --- a/playbooks/roles/mail/tasks/main.yml +++ b/playbooks/roles/mail/tasks/main.yml @@ -4,9 +4,6 @@ ansible.builtin.file: state: directory dest: '{{ mail_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 0755 with_filetree: '../templates' when: item.state == 'directory' @@ -14,54 +11,9 @@ ansible.builtin.template: src: '{{ item.src }}' dest: '{{ mail_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 0755 with_filetree: '../templates' when: item.state == 'file' -# https://github.com/docker-mailserver/docker-mailserver/blob/23bb1c8e50dad1462c645b8a9cf50aeee8bc2625/Dockerfile#L149C19-L149C20 -- name: Build DMS compose dirs - ansible.builtin.file: - state: directory - dest: '{{ mail_base }}/volumes/data/dms/{{ item.path }}' - owner: 5000 - group: 5000 - mode: 0755 - with_filetree: '../templates/volumes/data/dms' - when: item.state == 'directory' - -- name: Build DMS template files with correct UID for docker mailserver - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ mail_base }}/volumes/data/dms/{{ item.path }}' - owner: 5000 - group: 5000 - mode: 0755 - with_filetree: '../templates/volumes/data/dms' - when: item.state == 'file' - -- name: Build Roundcube compose dirs - ansible.builtin.file: - state: directory - dest: '{{ mail_base }}/volumes/data/roundcube/{{ item.path }}' - mode: 0755 - # https://github.com/roundcube/roundcubemail-docker/blob/ef4b8cc59eecbf0e25c66c7f3c464594cc310761/apache/Dockerfile#L145 - owner: 33 - group: 33 - with_filetree: '../templates/volumes/data/roundcube' - when: item.state == 'directory' - -- name: Build Roundcube template files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ mail_base }}/volumes/data/roundcube/{{ item.path }}' - owner: 33 - group: 33 - mode: 0755 - with_filetree: '../templates/volumes/data/roundcube' - when: item.state == 'file' - - name: Deploy mail stack ansible.builtin.command: cmd: 'docker stack deploy -c {{ mail_base }}/stacks/docker-compose.yml mail' diff --git a/playbooks/roles/mail/templates/stacks/docker-compose.yml b/playbooks/roles/mail/templates/stacks/docker-compose.yml index 654f264..bdba6ac 100644 --- a/playbooks/roles/mail/templates/stacks/docker-compose.yml +++ b/playbooks/roles/mail/templates/stacks/docker-compose.yml @@ -59,12 +59,24 @@ services: - traefik.tcp.routers.imap.entrypoints=imap - traefik.tcp.routers.imap.service=imap - traefik.tcp.services.imap.loadbalancer.server.port=993 - # SMTP + # SMTPS + - traefik.tcp.routers.smtps.tls.passthrough=true + - traefik.tcp.routers.smtps.rule=HostSNI(`*`) + - traefik.tcp.routers.smtps.entrypoints=smtp + - traefik.tcp.routers.smtps.service=smtp + - traefik.tcp.services.smtps.loadbalancer.server.port=465 + # SMTP (StartTLS) + - traefik.tcp.routers.smtptls.tls.passthrough=true + - traefik.tcp.routers.smtptls.rule=HostSNI(`*`) + - traefik.tcp.routers.smtptls.entrypoints=smtptls + - traefik.tcp.routers.smtptls.service=smtptls + - traefik.tcp.services.smtptls.loadbalancer.server.port=587 + # SMTP ("ye' old") - traefik.tcp.routers.smtp.tls.passthrough=true - traefik.tcp.routers.smtp.rule=HostSNI(`*`) - traefik.tcp.routers.smtp.entrypoints=smtp - traefik.tcp.routers.smtp.service=smtp - - traefik.tcp.services.smtp.loadbalancer.server.port=465 + - traefik.tcp.services.smtp.loadbalancer.server.port=25 volumes: - {{ mail_base }}/volumes/data/dms/vmail:/var/mail/ - {{ mail_base }}/volumes/data/dms/mail-state:/var/mail-state/ diff --git a/playbooks/roles/outbound/tasks/main.yml b/playbooks/roles/outbound/tasks/main.yml index 863351f..107e71a 100644 --- a/playbooks/roles/outbound/tasks/main.yml +++ b/playbooks/roles/outbound/tasks/main.yml @@ -94,6 +94,18 @@ with_filetree: '../templates/proxy' when: item.state == 'file' +- name: Allow mail ports + with_items: + - "25" + - "587" + - "465" + - "993" + - "4190" + community.general.ufw: + rule: allow + port: "{{ item }}" + state: "enabled" + - name: Daemon-reload and enable proxy ansible.builtin.systemd_service: state: started diff --git a/playbooks/roles/outbound/templates/headscale/config/config.yaml b/playbooks/roles/outbound/templates/headscale/config/config.yaml index 660708e..6bfbfb9 100644 --- a/playbooks/roles/outbound/templates/headscale/config/config.yaml +++ b/playbooks/roles/outbound/templates/headscale/config/config.yaml @@ -105,10 +105,9 @@ database: # SQLite config sqlite: path: /var/lib/headscale/db.sqlite - write_ahead_log: true + write_ahead_log: false # cuz we sometimes need to rollout. ahhhhh. wal_autocheckpoint: 1000 - log: # Output formatting for logs: text or json format: text diff --git a/playbooks/roles/outbound/templates/proxy/docker-compose.yml b/playbooks/roles/outbound/templates/proxy/docker-compose.yml index 7deea56..9642d6a 100644 --- a/playbooks/roles/outbound/templates/proxy/docker-compose.yml +++ b/playbooks/roles/outbound/templates/proxy/docker-compose.yml @@ -28,6 +28,7 @@ services: - headscale-client volumes: - ./sites-enabled:/etc/nginx/conf.d + - ./toplevel.conf.d:/etc/nginx/toplevel.conf.d networks: proxy: diff --git a/playbooks/roles/outbound/templates/proxy/toplevel.conf.d/stream.conf b/playbooks/roles/outbound/templates/proxy/toplevel.conf.d/stream.conf new file mode 100644 index 0000000..68d5445 --- /dev/null +++ b/playbooks/roles/outbound/templates/proxy/toplevel.conf.d/stream.conf @@ -0,0 +1,38 @@ +stream { + upstream imaps { + server {{ loadbalancer_ip }}:993; + } + upstream smtps { + server {{ loadbalancer_ip }}:465; + } + upstream smtptls { + server {{ loadbalancer_ip }}:587; + } + upstream smtp { + server {{ loadbalancer_ip }}:25; + } + upstream managesieve { + server {{ loadbalancer_ip }}:4190; + } + + server { + listen 993; + proxy_pass imaps; + } + server { + listen 25; + proxy_pass smtp; + } + server { + listen 587; + proxy_pass smtptls; + } + server { + listen 465; + proxy_pass smtps; + } + server { + listen 4190; + proxy_pass managesieve; + } +} diff --git a/playbooks/roles/pihole/tasks/main.yml b/playbooks/roles/pihole/tasks/main.yml index a0094f4..6990623 100644 --- a/playbooks/roles/pihole/tasks/main.yml +++ b/playbooks/roles/pihole/tasks/main.yml @@ -4,9 +4,6 @@ ansible.builtin.file: state: directory dest: '{{ pihole_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 0755 with_filetree: '../templates' when: item.state == 'directory' @@ -14,9 +11,6 @@ ansible.builtin.template: src: '{{ item.src }}' dest: '{{ pihole_base }}/{{ item.path }}' - owner: 1000 - group: 1000 - mode: 0755 with_filetree: '../templates' when: item.state == 'file' diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml index 27af9a3..976ad7a 100644 --- a/playbooks/roles/traefik/templates/stacks/traefik.yml +++ b/playbooks/roles/traefik/templates/stacks/traefik.yml @@ -26,8 +26,12 @@ entryPoints: address: ":4190/tcp" imap: address: ":993/tcp" - smtp: + smtps: address: ":465/tcp" + smtp: + address: ":25/tcp" + smtptls: + address: ":587/tcp" serversTransport: insecureSkipVerify: true providers: |