diff --git a/package-postfix_access/defaults/main.yml b/package-postfix_access/defaults/main.yml deleted file mode 100644 index c4d182e..0000000 --- a/package-postfix_access/defaults/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Default configurations -# I populate these from external configs; I indicate what they are as inline comments - -domain: "{{ blsedomains_admindomain }}" # Base domain name -postmaster: "root@{{ blsedomains_rootdomain }}" # Postmaster email address - -# Roundcube -smtp_host: "{{ blsecluster_smtphost }}" # The hostname for SMTP access, usually the public name of your mail server -support_url: "https://www.{{ blsedomains_webdomain }}" # Some website address for Roundcube support -logo_filename: "bl-logo-roundcube.png" # The Roundcube logo under files/ -roundcube_deskey: "{{ passwd_roundcube_deskey }}" # The Roundcube DES key - -# Postfix -banner_hostname: "{{ ansible_hostname }}.{{ domain }}" # Public hostname of *this* mail host -myhostname: "{{ banner_hostname }}" # Hostname for Postfix myhostame -mydomain: "{{ domain }}" # Domain for Postfix mydomain -mynetworks: "{{ blsecluster_remote1v4 }} {{ blsecluster_remote2v4 }} {{ blsecluster_remote3v4 }} {{ blsecluster_hostsubnetv4 }}" # IP addresses for Postfix mynetworks - -# Dovecot -# Note: SSL listeners aren't provided; HAProxy is expected to do SSL termination for us -trusted_networks: "{{ blsecluster_hostsubnetv4 }} {{ blsecluster_hostsubnetv6 }}" # Trusted network ranges for Dovecot -haproxy: yes # Enable HAProxy-specific (Proxy protocol) listeners on ports 10143 and 10110 - -# LDAP integration (Postfix, Dovecot, Roundcube) -ldap_host: "{{ blsecluster_ldaphost }}" # The hostname for LDAP access -ldap_port: 389 # The LDAP port (always non-SSL) -ldap_basedn: "o=domains,dc=bonilan,dc=net" # The LDAP base DN -ldap_bind_username: "{{ username_ldap_admin }}" # The LDAP bind user name (usually cn=admin) -ldap_bind_password: "{{ passwd_ldap_admin }}" # The LDAP bind user password - -# MySQL integration (Roundcube) -mysql_host: "{{ blsecluster_sqlhost }}" # The hostname for MySQL access -mysql_port: "{{ mysql_client['mail'].port }}" # The port for MySQL access -mysql_database: "{{ mysql_client['mail'].database }}" # The database name -mysql_username: "{{ mysql_client['mail'].username }}" # The database user -mysql_password: "{{ mysql_client['mail'].passwd }}" # The database password diff --git a/package-postfix_access/files/bl-logo-roundcube.png b/package-postfix_access/files/bl-logo-roundcube.png deleted file mode 100644 index d47c557..0000000 Binary files a/package-postfix_access/files/bl-logo-roundcube.png and /dev/null differ diff --git a/package-postfix_access/handlers/main.yml b/package-postfix_access/handlers/main.yml deleted file mode 100644 index fb24197..0000000 --- a/package-postfix_access/handlers/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: postmap transport - command: "postmap /etc/postfix/transport" -- name: restart amavis - service: - name: "amavis" - state: "restarted" -- name: restart saslauthd - service: - name: "saslauthd" - state: "restarted" -- name: restart postfix - service: - name: "postfix" - state: "restarted" -- name: restart dovecot - service: - name: "dovecot" - state: "restarted" -- name: restart apache2 - service: - name: "apache2" - state: "restarted" diff --git a/package-postfix_access/tasks/main.yml b/package-postfix_access/tasks/main.yml deleted file mode 100644 index 617ccd8..0000000 --- a/package-postfix_access/tasks/main.yml +++ /dev/null @@ -1,222 +0,0 @@ ---- -- name: install filtering packages and monitoring components - apt: - name: - - postfix - - postfix-ldap - - postfix-pcre - - dovecot-core - - dovecot-imapd - - dovecot-pop3d - - dovecot-lmtpd - - dovecot-sieve - - dovecot-managesieved - - dovecot-ldap - - dovecot-mysql - - apache2 - - libapache2-mod-php - - roundcube - - roundcube-plugins - - php-ldap - - php-net-sieve - - mailgraph - - amavis - - spamassassin - - clamav-daemon - - libnet-dns-perl - - libmail-spf-perl - - pyzor - - razor - - pfqueue - state: latest - -- name: install compression algorithms for scanning - apt: - name: - - p7zip-full - - arj - - bzip2 - - cabextract - - cpio - - file - - gzip - - lhasa - - liblz4-tool - - lrzip - - lzop - - nomarch - - pax - - rar - - rpm - - unrar-free - - unzip - - xz-utils - - zip - state: latest - -# ClamAV -- name: ensure clamav is in amavis group - user: - name: "clamav" - append: "yes" - groups: "amavis" - -- name: ensure amavis is in clamav group - user: - name: "amavis" - append: "yes" - groups: "clamav" - -# Amavis -- name: install Amavis configs - template: - src: "{{ item }}.j2" - dest: "/etc/amavis/conf.d/{{ item }}" - notify: - - restart amavis - with_items: - - 15-content_filter_mode - - 50-user - -# Postfix -- name: install Postfix main configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/{{ item }}" - notify: - - restart postfix - with_items: - - main.cf - - master.cf - - helo_access.pcre - - transport - -- name: map transport - command: postmap /etc/postfix/transport - -- name: create LDAP config dir - file: - name: "/etc/postfix/ldap" - state: "directory" - -- name: install Postfix LDAP configs - template: - src: "postfix-ldap/{{ item }}.j2" - dest: "/etc/postfix/ldap/{{ item }}" - mode: "640" - group: "postfix" - notify: - - restart postfix - with_items: - - catchall_maps.cf - - recipient_bcc_maps_domain.cf - - recipient_bcc_maps_user.cf - - relay_domains.cf - - sender_bcc_maps_domain.cf - - sender_bcc_maps_user.cf - - sender_login_maps.cf - - transport_maps_domain.cf - - transport_maps_user.cf - - virtual_alias_maps.cf - - virtual_group_maps.cf - - virtual_group_members_maps.cf - - virtual_mailbox_domains.cf - - virtual_mailbox_maps.cf - -- name: link /etc/mailname to /etc/hostname - file: - dest: "/etc/mailname" - src: "/etc/hostname" - state: "link" - force: "yes" - -# Dovecot -- name: install Dovecot main configs - template: - src: "{{ item }}.j2" - dest: "/etc/dovecot/{{ item }}" - notify: - - restart dovecot - with_items: - - dovecot.conf - - dovecot-ldap.conf - -- name: add vmail group - group: - name: "vmail" - gid: "2000" - state: "present" - -- name: add vmail user - user: - name: "vmail" - home: "/srv/vmail" - shell: "/bin/false" - uid: "2000" - group: "vmail" - state: "present" - -- name: ensure log ownership - file: - dest: "/var/log/{{ item }}" - owner: "vmail" - group: "adm" - mode: "644" - state: "touch" - with_items: - - dovecot.log - - dovecot-lmtp.log - -# Roundcube -- name: Install roundcube PHP configs - template: - src: "{{ item }}.j2" - dest: "/etc/roundcube/{{ item }}" - mode: "640" - group: "www-data" - with_items: - - debian-db.php - - config.inc.php - -- name: Remove default apache2 config - file: - name: "/etc/apache2/sites-enabled/000-default.conf" - state: "absent" - notify: - - restart apache2 - -- name: Install roundcube ports config - template: - src: "ports.conf.j2" - dest: "/etc/apache2/ports.conf" - notify: - - restart apache2 - -- name: Install roundcube apache2 config - template: - src: "roundcube.conf.j2" - dest: "/etc/roundcube/apache.conf" - notify: - - restart apache2 - -- name: create logo dir - file: - dest: "/var/lib/roundcube/images" - state: "directory" - -- name: install Roundcube logo - copy: - src: "{{ logo_filename }}" - dest: "/var/lib/roundcube/images/{{ logo_filename }}" - -# General -- name: ensure services are running (and enabled at boot) - service: - name: "{{ item }}" - state: "started" - enabled: "yes" - with_items: - - postfix - - amavis - - clamav-daemon - - dovecot diff --git a/package-postfix_access/templates/15-content_filter_mode.j2 b/package-postfix_access/templates/15-content_filter_mode.j2 deleted file mode 100644 index 8ea341f..0000000 --- a/package-postfix_access/templates/15-content_filter_mode.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -# Amavis filter configuration -# {{ ansible_managed }} - -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); - -1; # ensure a defined return diff --git a/package-postfix_access/templates/50-user.j2 b/package-postfix_access/templates/50-user.j2 deleted file mode 100644 index 3f9136a..0000000 --- a/package-postfix_access/templates/50-user.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -@local_domains_acl = ( "." ); -$sa_tag_level_deflt = -9999; -$sa_tag2_level_deflt = 4.5; -$sa_kill_level_deflt = 4.5; -$sa_spam_subject_tag = '*** SPAM *** '; - -$forward_method = 'smtp:[::1]:10025'; - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/package-postfix_access/templates/config.inc.php.j2 b/package-postfix_access/templates/config.inc.php.j2 deleted file mode 100644 index a6bd5af..0000000 --- a/package-postfix_access/templates/config.inc.php.j2 +++ /dev/null @@ -1,111 +0,0 @@ - "/images/logo_login_small.png", - "elastic:login" => "/images/logo_login.png", - "elastic:*[small]" => "/images/logo_small.png", - "larry:*" => "/images/larry.png", - "login" => "/images/logo_login.png", - "[print]" => "/images/logo_print.png", -); -$config['skin_logo'] = 'images/{{ logo_filename }}'; - -$config['des_key'] = '{{ roundcube_deskey }}'; - -// ---------------------------------- -// PLUGINS -// ---------------------------------- -$config['plugins'] = array('managesieve'); -$config['create_default_folders'] = true; -$config['quota_zero_as_unlimited'] = true; -$config['ldap_public'] = array ( - 'global_ldap_abook' => - array ( - 'name' => 'Global LDAP Address Book', - 'hosts' => - array ( - 0 => '{{ ldap_host }}', - ), - 'port' => {{ ldap_port }}, - 'use_tls' => false, - 'ldap_version' => '3', - 'network_timeout' => 10, - 'user_specific' => true, - 'base_dn' => '{{ ldap_basedn }}', - 'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,{{ ldap_basedn }}', - 'hidden' => false, - 'searchonly' => false, - 'writable' => false, - 'search_fields' => - array ( - 0 => 'mail', - 1 => 'cn', - 2 => 'sn', - 3 => 'givenName', - 4 => 'street', - 5 => 'telephoneNumber', - 6 => 'mobile', - 7 => 'stree', - 8 => 'postalCode', - ), - 'fieldmap' => - array ( - 'name' => 'cn', - 'surname' => 'sn', - 'firstname' => 'givenName', - 'title' => 'title', - 'email' => 'mail:*', - 'phone:work' => 'telephoneNumber', - 'phone:mobile' => 'mobile', - 'street' => 'street', - 'zipcode' => 'postalCode', - 'locality' => 'l', - 'department' => 'departmentNumber', - 'notes' => 'description', - 'phone:workfax' => 'facsimileTelephoneNumber', - 'photo' => 'jpegPhoto', - ), - 'sort' => 'cn', - 'scope' => 'sub', - 'filter' => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))', - 'fuzzy_search' => true, - 'vlv' => false, - 'sizelimit' => '0', - 'timelimit' => '0', - 'referrals' => false, - 'group_filters' => - array ( - 'departments' => - array ( - 'name' => 'Mailing Lists', - 'scope' => 'sub', - 'base_dn' => '{{ ldap_basedn }}', - 'filter' => '(&(objectclass=mailList)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))', - 'name_attr' => 'cn', - 'email' => 'mail', - ), - ), - ), -); -$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook'); -$config['skin'] = 'elastic'; -$config['addressbook_sort_col'] = 'name'; -$config['draft_autosave'] = 60; -$config['check_all_folders'] = true; -$config['autoexpand_threads'] = 2; - -include_once("/etc/roundcube/debian-db-roundcube.php"); diff --git a/package-postfix_access/templates/debian-db.php.j2 b/package-postfix_access/templates/debian-db.php.j2 deleted file mode 100644 index 191b384..0000000 --- a/package-postfix_access/templates/debian-db.php.j2 +++ /dev/null @@ -1,9 +0,0 @@ - - Options +FollowSymLinks - # This is needed to parse /var/lib/roundcube/.htaccess. See its - # content before setting AllowOverride to None. - AllowOverride All - = 2.3> - Require all granted - - - Order allow,deny - Allow from all - - - -# Protecting basic directories: - - Options -FollowSymLinks - AllowOverride None - - - - Options -FollowSymLinks - AllowOverride None - = 2.3> - Require all denied - - - Order allow,deny - Deny from all - - - - - Options -FollowSymLinks - AllowOverride None - = 2.3> - Require all denied - - - Order allow,deny - Deny from all - - - diff --git a/package-postfix_access/templates/transport.j2 b/package-postfix_access/templates/transport.j2 deleted file mode 100644 index da9f35c..0000000 --- a/package-postfix_access/templates/transport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# Gmail-specific transfer policy -# {{ ansible_managed }} -gmail.com smtp-ipv4: diff --git a/package-postfix_filter/defaults/main.yml b/package-postfix_filter/defaults/main.yml deleted file mode 100644 index ffb7036..0000000 --- a/package-postfix_filter/defaults/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Default configurations -# I populate these from external configs; I indicate what the are as inline comments - -# Postfix - -# A list of relay domains and their target (square-bracked hostname/IP + port); examples follow -relay_domains: "{{ blse_relaydomains }}" -# - domain: "some.domain.tld" -# relay: "[mail.domain.tld]" -# - domain: "other.domain.tld" -# relay: "[secure.domain.tld]:465" - -# A list of RBLs to check for rejecting incoming mail -remote_block_lists: - - bl.spamcop.net - - zen.spamhaus.org - - cbl.abuseat.org - -# Enable TLS (literal yes/no only) and, if yes, the cert and key files -tls_enabled: "yes" -tls_cert: "/etc/ssl/{{ ansible_fqdn }}.crt" -tls_key: "/etc/ssl/{{ ansible_fqdn }}.key" - -# Virtual address maps -virtual_maps: - - regex: "/^postmaster@/" - map: "root@{{ blsedomains_admindomain }}" - -# SpamAssassin -notify_admin: "joshua@boniface.me" # Administrative address to notify -notify_method: "smtp:{{ blsecluster_smtphost }}:25" -custom_sender_scores: - - "[qr'^(offers)@'i => 1.0]" - - "[qr'^.*@pizzanova.com'i => 1.0]" diff --git a/package-postfix_filter/files/ham-sample/README b/package-postfix_filter/files/ham-sample/README deleted file mode 100644 index 76b5c47..0000000 --- a/package-postfix_filter/files/ham-sample/README +++ /dev/null @@ -1,2 +0,0 @@ -Populate me with spam-tagged legit emails. -Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory. diff --git a/package-postfix_filter/files/spam-sample/README b/package-postfix_filter/files/spam-sample/README deleted file mode 100644 index 76b5c47..0000000 --- a/package-postfix_filter/files/spam-sample/README +++ /dev/null @@ -1,2 +0,0 @@ -Populate me with spam-tagged legit emails. -Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory. diff --git a/package-postfix_filter/handlers/main.yml b/package-postfix_filter/handlers/main.yml deleted file mode 100644 index e7784cc..0000000 --- a/package-postfix_filter/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: postmap transport - command: "postmap /etc/postfix/transport" -- name: restart amavis - service: - name: "amavis" - state: "restarted" -- name: restart saslauthd - service: - name: "saslauthd" - state: "restarted" -- name: restart postfix - service: - name: "postfix" - state: "restarted" -- name: restart spamassassin - service: - name: "spamassassin" - state: "restarted" diff --git a/package-postfix_filter/tasks/main.yml b/package-postfix_filter/tasks/main.yml deleted file mode 100644 index ba1f684..0000000 --- a/package-postfix_filter/tasks/main.yml +++ /dev/null @@ -1,220 +0,0 @@ ---- -# -# Install role packages -# - -- name: install filtering packages and monitoring components - apt: - name: - - postfix - - postfix-pcre - - mailgraph - - amavis - - spamassassin - - clamav-daemon - - libnet-dns-perl - - libmail-spf-perl - - postfix-policyd-spf-python - - pfqueue - state: latest - -- name: install compression algorithms for scanning - apt: - name: - - p7zip-full - - arj - - bzip2 - - cabextract - - cpio - - file - - gzip - - lhasa - - liblz4-tool - - lrzip - - lzop - - nomarch - - pax - - rar - - rpm - - unrar-free - - unzip - - xz-utils - - zip - state: latest - -# -# ClamAV -# - -- name: ensure clamav is in amavis group - user: - name: "clamav" - append: "yes" - groups: "amavis" - -- name: ensure amavis is in clamav group - user: - name: "amavis" - append: "yes" - groups: "clamav" - -# -# policyd SPF -# - -- name: install policyd-spf config - template: - src: "{{ item }}.j2" - dest: "/etc/postfix-policyd-spf-python/{{ item }}" - notify: - - restart postfix - with_items: - - "policyd-spf.conf" - -# -# SpamAssassin -# - -- name: install SpamAssassin config - template: - src: "{{ item }}.j2" - dest: "/etc/spamassassin/{{ item }}" - notify: - - restart spamassassin - - restart amavis - with_items: - - "local.cf" - - "90_customrules.cf" - -# -# Amavis -# - -- name: install Amavis configs - template: - src: "{{ item }}.j2" - dest: "/etc/amavis/conf.d/{{ item }}" - notify: - - restart amavis - with_items: - - "15-content_filter_mode" - - "50-user" - -# -# Postfix -# - -- name: create the Postfix local config dir - file: - state: directory - dest: "/etc/postfix/local" - -- name: install the Postfix main configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/{{ item }}" - notify: - - restart postfix - with_items: - - "main.cf" - - "master.cf" - -- name: install the Postfix local configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/local/{{ item }}" - notify: - - restart postfix - with_items: - - helo_access - - recipient_access - - relay_domains - - transport - - virtual - -- name: link /etc/mailname to /etc/hostname - file: - dest: "/etc/mailname" - src: "/etc/hostname" - state: "link" - force: "yes" - -# -# Verify and enable services -# - -- name: verify and enable services - service: - name: "{{ item }}" - state: "started" - enabled: "yes" - with_items: - - "postfix" - - "amavis" - - "clamav-daemon" - -# -# SpamAssassin training -# - -- name: download spam sample archive - copy: - src: "spam-sample.txz" - dest: "/var/cache/spam-sample.txz" - owner: "root" - group: "root" - mode: "400" - register: spamsample - -- name: make temporary directory - command: "mktemp -d" - register: tempdirspam - when: spamsample.changed - -- name: extract spam sample archive to temporary directory - unarchive: - remote_src: "yes" - src: "/var/cache/spam-sample.txz" - dest: "{{ tempdirspam.stdout }}/" - when: spamsample.changed - -- name: sa-learn from the spam sample - command: "sa-learn --spam {{ tempdirspam.stdout }}/spam-sample/" - when: spamsample.changed - -- name: remove temporary directory - file: - dest: "{{ tempdirspam.stdout }}" - state: "absent" - when: spamsample.changed - -- name: download ham sample archive - copy: - src: "ham-sample.txz" - dest: "/var/cache/ham-sample.txz" - owner: "root" - group: "root" - mode: "400" - register: hamsample - -- name: make temporary directory - command: "mktemp -d" - register: tempdirham - when: hamsample.changed - -- name: extract ham sample archive to temporary directory - unarchive: - remote_src: "yes" - src: "/var/cache/ham-sample.txz" - dest: "{{ tempdirham.stdout }}/" - when: hamsample.changed - -- name: sa-learn from the ham sample - command: "sa-learn --ham {{ tempdirham.stdout }}/ham-sample/" - when: hamsample.changed - -- name: remove temporary directory - file: - dest: "{{ tempdirham.stdout }}" - state: "absent" - when: hamsample.changed diff --git a/package-postfix_filter/templates/15-content_filter_mode.j2 b/package-postfix_filter/templates/15-content_filter_mode.j2 deleted file mode 100644 index 8ea341f..0000000 --- a/package-postfix_filter/templates/15-content_filter_mode.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -# Amavis filter configuration -# {{ ansible_managed }} - -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); - -1; # ensure a defined return diff --git a/package-postfix_filter/templates/50-user.j2 b/package-postfix_filter/templates/50-user.j2 deleted file mode 100644 index 50125ae..0000000 --- a/package-postfix_filter/templates/50-user.j2 +++ /dev/null @@ -1,40 +0,0 @@ -use strict; - -@local_domains_acl = ( "." ); -$sa_tag_level_deflt = -9999; -$sa_tag2_level_deflt = 5; -$sa_kill_level_deflt = 9999; -$sa_spam_subject_tag = '*** SPAM *** '; -$final_spam_destiny = 'D_PASS'; - -$bad_header_quarantine_method = undef; - -$notify_method = '{{ notify_method }}'; - -$newvirus_admin = '{{ notify_admin }}'; -$virus_admin = '{{ notify_admin }}'; -$spam_admin = '{{ notify_admin }}'; - -$banned_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1 -$bad_header_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1 -@newvirus_admin_maps = (\$newvirus_admin); -@virus_admin_maps = (\%virus_admin, \$virus_admin); -@spam_admin_maps = (\%spam_admin, \$spam_admin); -@banned_admin_maps = (\$banned_admin); -@bad_header_admin_maps= (\$bad_header_admin); - -{% if custom_sender_scores is defined %} -# Custom sender_map scores -@score_sender_maps = ({ - '.' => [ - new_RE( -{% for score in custom_sender_scores %} - {{ score }}, -{% endfor %} - ), - ], -}); -{% endif %} - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/package-postfix_filter/templates/90_customrules.cf.j2 b/package-postfix_filter/templates/90_customrules.cf.j2 deleted file mode 100644 index 92bacf9..0000000 --- a/package-postfix_filter/templates/90_customrules.cf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# Adjustments to default SpamAssassin scoring -# {{ ansible_managed }} -score RCVD_IN_PSBL 3.5 # Increase default score significantly -score URIBL_BLACK 3.5 # Increase default score significantly -score LOTS_OF_MONEY 2 # Increase default score a little -score ADVANCE_FEE_4_NEW 2 # Increase default score a little -score RDNS_NONE 0.5 # Decrease default score a little diff --git a/package-postfix_filter/templates/helo_access.j2 b/package-postfix_filter/templates/helo_access.j2 deleted file mode 100644 index 266c7fb..0000000 --- a/package-postfix_filter/templates/helo_access.j2 +++ /dev/null @@ -1,2 +0,0 @@ -/^\[[0-9]{1,3}(\.[0-9]{1,3}){3}\]$/ DUNNO announced self using an address literal -/^[0-9]{1,3}(\.[0-9]{1,3}){3}$/ REJECT announced self with an IP address instead of a domain name diff --git a/package-postfix_filter/templates/local.cf.j2 b/package-postfix_filter/templates/local.cf.j2 deleted file mode 100644 index 73e0a67..0000000 --- a/package-postfix_filter/templates/local.cf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# SpamAssassin local config -# {{ ansible_managed }} - -report_safe 1 -required_score 4.5 - -use_bayes 1 -bayes_auto_learn 1 -bayes_auto_learn_threshold_nonspam -0.1 -bayes_auto_learn_threshold_spam 9.0 - -score BAYES_00 -4 -score BAYES_05 -2 -score BAYES_80 2 -score BAYES_95 6 -score BAYES_99 8 - -bayes_ignore_header X-Bogosity -bayes_ignore_header X-Spam-Flag -bayes_ignore_header X-Spam-Status - -bayes_path /var/spamassassin/bayes_db/bayes -bayes_file_mode 0777 - -skip_rbl_checks 0 -ok_languages all -ok_locales all diff --git a/package-postfix_filter/templates/main.cf.j2 b/package-postfix_filter/templates/main.cf.j2 deleted file mode 100644 index 9b71172..0000000 --- a/package-postfix_filter/templates/main.cf.j2 +++ /dev/null @@ -1,91 +0,0 @@ -# Main Postfix configuration -# {{ ansible_managed }} - -myorigin = /etc/mailname -myhostname = {{ ansible_fqdn }} - -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -message_size_limit = 26214400 -mailbox_size_limit = 0 -default_process_limit = 1000 -recipient_delimiter = + -inet_interfaces = all - -smtpd_banner = {{ ansible_fqdn }} ESMTP $mail_name (Debian/GNU) -biff = no -append_dot_mydomain = no -delay_warning_time = 48h -maximal_queue_lifetime = 14d -bounce_queue_lifetime = 14d -readme_directory = no -compatibility_level = 2 - -smtpd_use_tls={{ tls_enabled }} -smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem -smtpd_tls_cert_file={{ tls_cert }} -smtpd_tls_key_file={{ tls_key }} -smtpd_tls_ask_ccert = yes -smtpd_tls_received_header = yes -smtpd_tls_loglevel = 1 -smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache -smtpd_tls_security_level = may -smtpd_tls_protocols = !SSLv2,!SSLv3 -smtpd_tls_ciphers = medium -smtpd_tls_exclude_ciphers = RC4, CAMELLIA, SEED, 3DES - -smtp_use_tls={{ tls_enabled }} -smtp_tls_cert_file={{ tls_cert }} -smtp_tls_key_file={{ tls_key }} -smtp_tls_session_cache_database = btree:$data_directory/smtp_scache -smtp_tls_loglevel = 1 -smtp_tls_security_level = may -smtp_tls_protocols = $smtpd_tls_protocols -smtp_tls_ciphers = $smtpd_tls_ciphers -smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers - -mydestination = -local_recipient_maps = -alias_maps = -alias_database = -virtual_alias_maps = pcre:$config_directory/local/virtual -local_transport = error:local mail delivery is disabled -transport_maps = pcre:$config_directory/local/transport -relay_domains = $config_directory/local/relay_domains - -content_filter = smtp-amavis:[127.0.0.1]:10024 -smtpd_client_recipient_rate_limit = 250 -strict_rfc821_envelopes = yes -receive_override_options = no_address_mappings -policyd-spf_time_limit = 3600 -smtpd_relay_restrictions = - permit_mynetworks - reject_unauth_destination - check_policy_service unix:private/policyd-spf -{% for rbl in remote_block_lists %} - reject_rbl_client {{ rbl }} -{% endfor %} - warn_if_reject reject_unknown_client - -smtpd_helo_required = yes -smtpd_helo_restrictions = - check_helo_access pcre:$config_directory/local/helo_access - reject_invalid_hostname - -smtpd_sender_restrictions = - check_sender_mx_access cidr:$config_directory/local/mx_access - reject_unknown_sender_domain - reject_non_fqdn_sender - check_sender_access pcre:$config_directory/local/sender_access - -smtpd_recipient_restrictions = - reject_unknown_recipient_domain - reject_non_fqdn_recipient - reject_unauth_pipelining - reject_unauth_destination - check_policy_service unix:private/policyd-spf - check_recipient_access pcre:$config_directory/local/recipient_access - reject_unverified_recipient - -smtpd_data_restrictions = - reject_multi_recipient_bounce - reject_unauth_pipelining diff --git a/package-postfix_filter/templates/master.cf.j2 b/package-postfix_filter/templates/master.cf.j2 deleted file mode 100644 index dea0256..0000000 --- a/package-postfix_filter/templates/master.cf.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# Postfix master process configuration file -# {{ ansible_managed }} - -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -smtp inet n - y - - smtpd -pickup unix n - y 60 1 pickup - -o content_filter= - -o receive_override_options=no_header_body_checks -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache - -policyd-spf unix - n n - 0 spawn - user=policyd-spf argv=/usr/bin/policyd-spf - -smtp-amavis unix - - y - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o disable_dns_lookups=yes - -o max_use=20 - -127.0.0.1:10025 inet n - y - - smtpd - -o content_filter= - -o local_recipient_maps= - -o relay_recipient_maps= - -o smtpd_restriction_classes= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_data_restrictions=reject_unauth_pipelining - -o smtpd_end_of_data_restrictions= - -o mynetworks=127.0.0.0/8 - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks diff --git a/package-postfix_filter/templates/policyd-spf.conf.j2 b/package-postfix_filter/templates/policyd-spf.conf.j2 deleted file mode 100644 index cccd84a..0000000 --- a/package-postfix_filter/templates/policyd-spf.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# policyd SPF config -# {{ ansible_managed }} - -debugLevel = 1 - -HELO_reject = False -Mail_From_reject = False - -PermError_reject = False -TempError_Defer = False - -skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 diff --git a/package-postfix_filter/templates/recipient_access.j2 b/package-postfix_filter/templates/recipient_access.j2 deleted file mode 100644 index eeee382..0000000 --- a/package-postfix_filter/templates/recipient_access.j2 +++ /dev/null @@ -1,4 +0,0 @@ -/[%!@].*[%!@]/ REJECT sender-specified routing in recipient address -/&.*@/ REJECT invalid user -/^(daemon|bin|sys|sync|games|man|lp|news|uucp|proxy|www-data|backup|list|irc|gnats|nobody)@/ REJECT reserved system user -/^(ntp|sshd|munin|postfix|clamav|sqlgrey|policyd-spf|bind|statd|freerad|mysql|smokeping|systemd-.+|)@/ REJECT reserved system user diff --git a/package-postfix_filter/templates/relay_domains.j2 b/package-postfix_filter/templates/relay_domains.j2 deleted file mode 100644 index 16dbac2..0000000 --- a/package-postfix_filter/templates/relay_domains.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for domain in relay_domains %} -{{ domain.domain }} -{% endfor %} diff --git a/package-postfix_filter/templates/transport.j2 b/package-postfix_filter/templates/transport.j2 deleted file mode 100644 index 80a2133..0000000 --- a/package-postfix_filter/templates/transport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for domain in relay_domains %} -/@{{ domain.domain }}$/ relay:{{ domain.relay }} -{% endfor %} diff --git a/package-postfix_filter/templates/virtual.j2 b/package-postfix_filter/templates/virtual.j2 deleted file mode 100644 index d89602a..0000000 --- a/package-postfix_filter/templates/virtual.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for map in virtual_maps %} -{{ map.regex }} {{ map.map }} -{% endfor %} diff --git a/package-radarr/README.md b/package-radarr/README.md deleted file mode 100644 index 840a3b5..0000000 --- a/package-radarr/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# package-radarr - -This package configures the Radarr Movie download manager on a Debian/Ubuntu system. - -# Package variables - -## Configurable - -These variables should be configured in the host group that imports this role. - -### `radarr_version`: The version to use. -* Should be a valid release version. - -### `radarr_sha256sum`: The SHA256 sum of the GitHub release binary. -* Must match the artifact for the version specified in `radarr_version`. - -## Defaults - -These variables should not need to be changed. - -### `radarr_user`: The service username. -* Default: `radarr` - -### `radarr_uid`: The service user UID. -* Default: `219` - -### `radarr_path`: The homedir for the service user and application. -* Default: `/srv/radarr` - -### `radarr_url`: The GitHub release artifact URL -* Default: `https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz` diff --git a/package-radarr/handlers/main.yml b/package-radarr/handlers/main.yml deleted file mode 100644 index 42bb9b1..0000000 --- a/package-radarr/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart radarr - service: - name: "radarr" - state: "restarted" diff --git a/package-radarr/tasks/main.yml b/package-radarr/tasks/main.yml deleted file mode 100644 index d999d85..0000000 --- a/package-radarr/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: install dependency packages - apt: - pkg: - - mono-runtime - - libmono-cil-dev - - libcurl3-nss - - mediainfo - state: latest - -- name: add service user - user: - name: "{{ radarr_user }}" - group: "daemon" - system: yes - uid: "{{ radarr_uid }}" - home: "{{ radarr_path }}" - shell: "/usr/sbin/nologin" - state: present - -- name: create service directories - file: - dest: "{{ item }}" - state: directory - owner: "{{ radarr_user }}" - group: "daemon" - mode: 0755 - with_items: - - "{{ radarr_path }}" - - "{{ radarr_path }}/bin" - -- name: download application from GitHub - get_url: - url: "{{ radarr_url }}" - checksum: "sha256:{{ radarr_sha256sum }}" - dest: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz" - owner: "{{ radarr_user }}" - group: "sudo" - register: download - notify: - - restart radarr - -- name: extract application tarball - unarchive: - src: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz" - dest: "{{ radarr_path }}/bin" - remote_src: yes - when: download.changed - -- name: correct archive permissions - file: - owner: "{{ radarr_user }}" - group: "sudo" - mode: "u+rw,g+r" - recurse: yes - dest: "{{ radarr_path }}/bin" - when: download.changed - -- name: install systemd unit files - template: - src: "{{ item }}.j2" - dest: "/etc/systemd/system/{{ item }}" - register: systemd_file - with_items: - - radarr.service - -- name: reload systemd to apply previous changes - command: "systemctl daemon-reload" - when: systemd_file.changed - notify: - - restart radarr - -- name: start and enable systemd units - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - radarr.service diff --git a/package-radarr/templates/radarr.service.j2 b/package-radarr/templates/radarr.service.j2 deleted file mode 100644 index 40fb21c..0000000 --- a/package-radarr/templates/radarr.service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Radarr service unit file -# {{ ansible_managed }} -[Unit] -Description = Radarr Movie download manager -After = network-online.target - -[Service] -Type = simple -User = {{ radarr_user }} -ExecStart = /usr/bin/mono --debug {{ radarr_path }}/bin/Radarr/Radarr.exe -nobrowser -Restart = on-failure - -[Install] -WantedBy = multi-user.target diff --git a/package-radarr/vars/main.yml b/package-radarr/vars/main.yml deleted file mode 100644 index 951a48d..0000000 --- a/package-radarr/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -radarr_user: "radarr" -radarr_uid: "219" -radarr_path: "/srv/radarr" -radarr_url: "https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz" diff --git a/package-riot/handlers/main.yml b/package-riot/handlers/main.yml deleted file mode 100644 index 3fb11db..0000000 --- a/package-riot/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: restart matrix-synapse - service: - name: matrix-synapse - state: restarted - -- name: restart mxisd - service: - name: mxisd - state: restarted - -- name: restart nginx - service: - name: nginx - state: restarted diff --git a/package-riot/tasks/main.yml b/package-riot/tasks/main.yml deleted file mode 100644 index 5f3f683..0000000 --- a/package-riot/tasks/main.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -- name: install matrix packages - apt: - pkg: - - matrix-synapse - - matrix-synapse-ldap3 - - python3-psycopg2 - - python3-jinja2 - - python3-bleach - - openjdk-8-jre-headless - - mxisd - state: latest - -- name: install the rest auth provider - get_url: - url: "https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py" - dest: "/usr/lib/python3/dist-packages/rest_auth_provider.py" - -- name: ensure services are started and enabled - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - matrix-synapse - - mxisd - -- name: install matrix-synapse configurations - template: - src: "{{ item.src }}.j2" - dest: "{{ item.dest }}" - owner: matrix-synapse - group: adm - mode: 0640 - notify: restart matrix-synapse - with_items: - - { src: "matrix-homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml" } - - { src: "matrix-server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" } - - { src: "matrix-report_stats.yaml", dest: "/etc/matrix-synapse/conf.d/report_stats.yaml" } - - { src: "matrix-homeserver.signing.key", dest: "/etc/matrix-synapse/homeserver.signing.key" } - -- name: install mxisd configurations - template: - src: "{{ item.src }}.j2" - dest: "{{ item.dest }}" - owner: mxisd - group: adm - mode: 0640 - notify: restart mxisd - with_items: - - { src: "mxisd.yaml", dest: "/etc/mxisd/mxisd.yaml" } - -- name: link the res folder to the right place - file: - src: "/usr/lib/python3/dist-packages/synapse/res" - dest: "/var/lib/matrix-synapse/res" - state: link - -- name: create matrix data directories - file: - dest: "/srv/matrix/{{ item }}" - state: directory - owner: matrix-synapse - group: sudo - mode: 0750 - with_items: - - media - - uploads - -- name: install nginx packages - apt: - pkg: - - nginx - state: latest - -- name: ensure services are started and enabled - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - nginx - -- name: disable default nginx configuration - file: - dest: "/etc/nginx/sites-enabled/default" - state: "absent" - -- name: install nginx configuration - template: - src: "riot-nginx.j2" - dest: "/etc/nginx/sites-enabled/riot" - notify: restart nginx - -- name: download riot - get_url: - url: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz" - dest: "/var/www/riot.tar.gz" - -- name: extract riot - unarchive: - src: "/var/www/riot.tar.gz" - dest: "/var/www" - owner: www-data - group: www-data - copy: no - creates: "/var/www/riot-{{ riot_version }}" - -- name: create versionless riot symlink - file: - src: "/var/www/riot-{{ riot_version }}" - dest: "/var/www/riot" - state: link - -- name: install riot configuration - template: - src: "riot-config.json.j2" - dest: "/var/www/riot/config.json" - owner: www-data - group: www-data - notify: restart nginx - diff --git a/package-riot/templates/matrix-homeserver.signing.key.j2 b/package-riot/templates/matrix-homeserver.signing.key.j2 deleted file mode 100644 index 05ff090..0000000 --- a/package-riot/templates/matrix-homeserver.signing.key.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ matrix_homeserver_signing_key }} diff --git a/package-riot/templates/matrix-homeserver.yaml.j2 b/package-riot/templates/matrix-homeserver.yaml.j2 deleted file mode 100644 index fd9c94e..0000000 --- a/package-riot/templates/matrix-homeserver.yaml.j2 +++ /dev/null @@ -1,123 +0,0 @@ ---- -# Matrix homeserver configuration -# {{ ansible_managed }} -no_tls: True -tls_fingerprints: [] -pid_file: "/var/run/matrix-synapse.pid" -soft_file_limit: 0 -public_baseurl: "https://im.{{ blsedomains_webdomain }}" -listeners: - - port: 8008 - tls: false - bind_addresses: - - '::' - type: http - x_forwarded: true - resources: - - names: [client, webclient] - compress: true - - names: [federation] - compress: false -database: - name: psycopg2 - args: - user: "{{ postgres_client['matrix'].username }}" - password: "{{ postgres_client['matrix'].passwd }}" - database: "{{ postgres_client['matrix'].database }}" - host: "{{ postgres_client['matrix'].host }}" - port: "{{ postgres_client['matrix'].port_readwrite }}" - cp_min: 5 - cp_max: 10 -event_cache_size: "10K" -log_config: "/etc/matrix-synapse/log.yaml" -rc_messages_per_second: 2.0 -rc_message_burst_count: 10.0 -federation_rc_window_size: 1000 -federation_rc_sleep_limit: 10 -federation_rc_sleep_delay: 500 -federation_rc_reject_limit: 50 -federation_rc_concurrent: 3 -media_store_path: "/srv/matrix/media" -uploads_path: "/srv/matrix/uploads" -max_upload_size: "10M" -max_image_pixels: "32M" -dynamic_thumbnails: false -thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 320 - height: 240 - method: scale - - width: 640 - height: 480 - method: scale - - width: 800 - height: 600 - method: scale -url_preview_enabled: False -max_spider_size: "10M" -enable_registration_captcha: False -enable_registration: False -bcrypt_rounds: 12 -allow_guest_access: False -trusted_third_party_id_servers: - - "im.{{ blsedomains_webdomain }}" -auto_join_rooms: - - "#hallway:{{ blsedomains_webdomain }}" - - "#fun:{{ blsedomains_webdomain }}" - - "#games:{{ blsedomains_webdomain }}" -enable_metrics: False -room_invite_state_types: - - "m.room.join_rules" - - "m.room.canonical_alias" - - "m.room.avatar" - - "m.room.name" -app_service_config_files: [] -expire_access_token: False -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" -old_signing_keys: {} -key_refresh_interval: "1d" # 1 Day. -perspectives: - servers: - "matrix.org": - verify_keys: - "ed25519:auto": - key: "{{ matrixorg_verify_key }}" -password_config: - enabled: true -email: - enable_notifs: true - smtp_host: "{{ blsecluster_smtphost }}" - smtp_port: 587 - smtp_user: "{{ username_email_root }}" - smtp_pass: "{{ passwd_email_root }}" - require_transport_security: True - notif_from: "The BLSE Matrix Server