From 40fd7b3c42468d7079edf63e6b134bbab5b712e8 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Fri, 5 May 2023 15:49:56 -0400 Subject: [PATCH] Remove obsolete roles --- package-postfix_access/defaults/main.yml | 37 --- .../files/bl-logo-roundcube.png | Bin 6516 -> 0 bytes package-postfix_access/handlers/main.yml | 23 -- package-postfix_access/tasks/main.yml | 222 ------------------ .../templates/15-content_filter_mode.j2 | 12 - package-postfix_access/templates/50-user.j2 | 12 - .../templates/config.inc.php.j2 | 111 --------- .../templates/debian-db.php.j2 | 9 - .../templates/dovecot-ldap.conf.j2 | 21 -- .../templates/dovecot.conf.j2 | 177 -------------- .../templates/helo_access.pcre.j2 | 143 ----------- package-postfix_access/templates/main.cf.j2 | 89 ------- package-postfix_access/templates/master.cf.j2 | 73 ------ .../templates/ports.conf.j2 | 4 - .../postfix-ldap/catchall_maps.cf.j2 | 13 - .../recipient_bcc_maps_domain.cf.j2 | 13 - .../recipient_bcc_maps_user.cf.j2 | 13 - .../postfix-ldap/relay_domains.cf.j2 | 13 - .../postfix-ldap/sender_bcc_maps_domain.cf.j2 | 13 - .../postfix-ldap/sender_bcc_maps_user.cf.j2 | 13 - .../postfix-ldap/sender_login_maps.cf.j2 | 13 - .../postfix-ldap/transport_maps_domain.cf.j2 | 13 - .../postfix-ldap/transport_maps_user.cf.j2 | 13 - .../postfix-ldap/virtual_alias_maps.cf.j2 | 13 - .../postfix-ldap/virtual_group_maps.cf.j2 | 13 - .../virtual_group_members_maps.cf.j2 | 13 - .../virtual_mailbox_domains.cf.j2 | 13 - .../postfix-ldap/virtual_mailbox_maps.cf.j2 | 14 -- .../templates/roundcube.conf.j2 | 47 ---- package-postfix_access/templates/transport.j2 | 3 - package-postfix_filter/defaults/main.yml | 35 --- .../files/ham-sample/README | 2 - .../files/spam-sample/README | 2 - package-postfix_filter/handlers/main.yml | 19 -- package-postfix_filter/tasks/main.yml | 220 ----------------- .../templates/15-content_filter_mode.j2 | 12 - package-postfix_filter/templates/50-user.j2 | 40 ---- .../templates/90_customrules.cf.j2 | 7 - .../templates/helo_access.j2 | 2 - package-postfix_filter/templates/local.cf.j2 | 27 --- package-postfix_filter/templates/main.cf.j2 | 91 ------- package-postfix_filter/templates/master.cf.j2 | 62 ----- .../templates/policyd-spf.conf.j2 | 12 - .../templates/recipient_access.j2 | 4 - .../templates/relay_domains.j2 | 3 - package-postfix_filter/templates/transport.j2 | 3 - package-postfix_filter/templates/virtual.j2 | 3 - package-radarr/README.md | 31 --- package-radarr/handlers/main.yml | 5 - package-radarr/tasks/main.yml | 79 ------- package-radarr/templates/radarr.service.j2 | 14 -- package-radarr/vars/main.yml | 5 - package-riot/handlers/main.yml | 15 -- package-riot/tasks/main.yml | 122 ---------- .../matrix-homeserver.signing.key.j2 | 1 - .../templates/matrix-homeserver.yaml.j2 | 123 ---------- .../templates/matrix-report_stats.yaml.j2 | 4 - .../templates/matrix-server_name.yaml.j2 | 4 - package-riot/templates/mxisd.yaml.j2 | 47 ---- package-riot/templates/riot-config.json.j2 | 37 --- package-riot/templates/riot-nginx.j2 | 16 -- 61 files changed, 2213 deletions(-) delete mode 100644 package-postfix_access/defaults/main.yml delete mode 100644 package-postfix_access/files/bl-logo-roundcube.png delete mode 100644 package-postfix_access/handlers/main.yml delete mode 100644 package-postfix_access/tasks/main.yml delete mode 100644 package-postfix_access/templates/15-content_filter_mode.j2 delete mode 100644 package-postfix_access/templates/50-user.j2 delete mode 100644 package-postfix_access/templates/config.inc.php.j2 delete mode 100644 package-postfix_access/templates/debian-db.php.j2 delete mode 100644 package-postfix_access/templates/dovecot-ldap.conf.j2 delete mode 100644 package-postfix_access/templates/dovecot.conf.j2 delete mode 100644 package-postfix_access/templates/helo_access.pcre.j2 delete mode 100644 package-postfix_access/templates/main.cf.j2 delete mode 100644 package-postfix_access/templates/master.cf.j2 delete mode 100644 package-postfix_access/templates/ports.conf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/catchall_maps.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/recipient_bcc_maps_domain.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/recipient_bcc_maps_user.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/relay_domains.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/sender_bcc_maps_domain.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/sender_bcc_maps_user.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/sender_login_maps.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/transport_maps_domain.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/transport_maps_user.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/virtual_alias_maps.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/virtual_group_maps.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/virtual_group_members_maps.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/virtual_mailbox_domains.cf.j2 delete mode 100644 package-postfix_access/templates/postfix-ldap/virtual_mailbox_maps.cf.j2 delete mode 100644 package-postfix_access/templates/roundcube.conf.j2 delete mode 100644 package-postfix_access/templates/transport.j2 delete mode 100644 package-postfix_filter/defaults/main.yml delete mode 100644 package-postfix_filter/files/ham-sample/README delete mode 100644 package-postfix_filter/files/spam-sample/README delete mode 100644 package-postfix_filter/handlers/main.yml delete mode 100644 package-postfix_filter/tasks/main.yml delete mode 100644 package-postfix_filter/templates/15-content_filter_mode.j2 delete mode 100644 package-postfix_filter/templates/50-user.j2 delete mode 100644 package-postfix_filter/templates/90_customrules.cf.j2 delete mode 100644 package-postfix_filter/templates/helo_access.j2 delete mode 100644 package-postfix_filter/templates/local.cf.j2 delete mode 100644 package-postfix_filter/templates/main.cf.j2 delete mode 100644 package-postfix_filter/templates/master.cf.j2 delete mode 100644 package-postfix_filter/templates/policyd-spf.conf.j2 delete mode 100644 package-postfix_filter/templates/recipient_access.j2 delete mode 100644 package-postfix_filter/templates/relay_domains.j2 delete mode 100644 package-postfix_filter/templates/transport.j2 delete mode 100644 package-postfix_filter/templates/virtual.j2 delete mode 100644 package-radarr/README.md delete mode 100644 package-radarr/handlers/main.yml delete mode 100644 package-radarr/tasks/main.yml delete mode 100644 package-radarr/templates/radarr.service.j2 delete mode 100644 package-radarr/vars/main.yml delete mode 100644 package-riot/handlers/main.yml delete mode 100644 package-riot/tasks/main.yml delete mode 100644 package-riot/templates/matrix-homeserver.signing.key.j2 delete mode 100644 package-riot/templates/matrix-homeserver.yaml.j2 delete mode 100644 package-riot/templates/matrix-report_stats.yaml.j2 delete mode 100644 package-riot/templates/matrix-server_name.yaml.j2 delete mode 100644 package-riot/templates/mxisd.yaml.j2 delete mode 100644 package-riot/templates/riot-config.json.j2 delete mode 100644 package-riot/templates/riot-nginx.j2 diff --git a/package-postfix_access/defaults/main.yml b/package-postfix_access/defaults/main.yml deleted file mode 100644 index c4d182e..0000000 --- a/package-postfix_access/defaults/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Default configurations -# I populate these from external configs; I indicate what they are as inline comments - -domain: "{{ blsedomains_admindomain }}" # Base domain name -postmaster: "root@{{ blsedomains_rootdomain }}" # Postmaster email address - -# Roundcube -smtp_host: "{{ blsecluster_smtphost }}" # The hostname for SMTP access, usually the public name of your mail server -support_url: "https://www.{{ blsedomains_webdomain }}" # Some website address for Roundcube support -logo_filename: "bl-logo-roundcube.png" # The Roundcube logo under files/ -roundcube_deskey: "{{ passwd_roundcube_deskey }}" # The Roundcube DES key - -# Postfix -banner_hostname: "{{ ansible_hostname }}.{{ domain }}" # Public hostname of *this* mail host -myhostname: "{{ banner_hostname }}" # Hostname for Postfix myhostame -mydomain: "{{ domain }}" # Domain for Postfix mydomain -mynetworks: "{{ blsecluster_remote1v4 }} {{ blsecluster_remote2v4 }} {{ blsecluster_remote3v4 }} {{ blsecluster_hostsubnetv4 }}" # IP addresses for Postfix mynetworks - -# Dovecot -# Note: SSL listeners aren't provided; HAProxy is expected to do SSL termination for us -trusted_networks: "{{ blsecluster_hostsubnetv4 }} {{ blsecluster_hostsubnetv6 }}" # Trusted network ranges for Dovecot -haproxy: yes # Enable HAProxy-specific (Proxy protocol) listeners on ports 10143 and 10110 - -# LDAP integration (Postfix, Dovecot, Roundcube) -ldap_host: "{{ blsecluster_ldaphost }}" # The hostname for LDAP access -ldap_port: 389 # The LDAP port (always non-SSL) -ldap_basedn: "o=domains,dc=bonilan,dc=net" # The LDAP base DN -ldap_bind_username: "{{ username_ldap_admin }}" # The LDAP bind user name (usually cn=admin) -ldap_bind_password: "{{ passwd_ldap_admin }}" # The LDAP bind user password - -# MySQL integration (Roundcube) -mysql_host: "{{ blsecluster_sqlhost }}" # The hostname for MySQL access -mysql_port: "{{ mysql_client['mail'].port }}" # The port for MySQL access -mysql_database: "{{ mysql_client['mail'].database }}" # The database name -mysql_username: "{{ mysql_client['mail'].username }}" # The database user -mysql_password: "{{ mysql_client['mail'].passwd }}" # The database password diff --git a/package-postfix_access/files/bl-logo-roundcube.png b/package-postfix_access/files/bl-logo-roundcube.png deleted file mode 100644 index d47c557541db6369628b5a300cf3cb209e4923c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6516 zcmY*cby(ET*ZnL@cOw$g-QC^Y-AD-tSd<_O(nvQfDc!Yz)PjU`cS=elwIKEKegFH- zJTvpm{p+4H=Q(q4q>h#{4(3Zt003}QRTT7|&${Qug^v2XJCWb$0|2I?i@dy!s=Pdn z=Q|Ha7dHn0@L7WDI~nNjlS(4iF6GoCf|Aue^hnTY^yH$0h!dFDXfg2BB53m$Np!mj z6cv#ve&t1gV`GD2NOU={qc9iHwrLAuLkc6JhVFj*7rM^1BX&n0o93nVDlec7<7jYn z>{JzgUBMviGC693jgW!f{@>eNG7wA#PXHgi;Wh312YL{26DT3UP6tQp1VBF1Sm*#; zGYif`8UBQKAeUhQ3i=9ye@GBfM-L(fWc*^~iUAoVP!KeoNgv2V25g4y?Y00NPQZrw z%kDG~1ii`d2La~Ev?QRs1b~LfAwmIg76&TFjiM9*6CQxrQN33bSl|SBRE-@~fZApN zK8BA~51?ZMJh~B~tN^k2fXS5d&K4ZAmV`D(ko#i+;|a2}6;|FyM6_c)o=g*vx4&e3;rSmo ziuv)ai;Fwk+Y4&Fa^|)}#sQB`J=SpJ2e;cmiF?G=M&~92gwGP9jC`}vGjgd>L^+;_ z@zri+H%|G!8SCkuYMQQB)vncqjd)9!&?{CUGvgo07I>#MYYF!Yh zeIo_(Pv9)Ivc>AP{@O@)yh&_cE8|&qf&OGtaM}D+X#J?W9aRX!gR zL))!_Oc>2TGZ;avOQ)V7sKTokWk6%7LUk_r4oNiJLg`0>_%DDj_&%&%nKv0yuPZr& z-6Y>yD*W=RQUTV)>kqt{ain=!6Ym;dO2!D~?@d%V<1NKW$q(?r|GYrs?{(wh>i;QM zC&Gb|WItR-SBYKG|FYJo65JMfWj|i$jZ6qpgkuOHd&|+-Qp>8CXqad%sFc!BG6)bX zVF+V@zv}id(a8CAK1W%WfXYkyq`{@vuJvf5$s9E7ze2a6+dsGYw<)%1&&@HRb~0YyZ}c}= z^oHK3k?-K|2<)Ibr1Qxd7G~3whQHv=>g~-Y;s>HHyin zqsa#hc!YTm)Aus)GCT}T*kEj*NfL%IQ`AzJQYhHC4a&-k%h$@W3@;3a4dTkI^aHAu z4Ego9$}nb9D-6q_I*0lc`c7ryrQzjHr5*;--vdn_B2i6$YW&oe|E`-?XT8xxqm_7Ni3%TzbI`1uoCTlxc4TeM_(S-z+|zZ$=BgWg55qcqx9y4Owi2Q7>} zmXfrKz^FCiQ`SvZiedqcR$d1S*Yeb~RFevo3f&6j!w#Y9;}U3bhhm%Q9Ryc)K#kdg zS=lLW3}bUDJgbU%~kGNM3LX7;NA7M~fz16B%aaZs(_HY+wgfwjL4H4`;0GBGr>Y*4C#Rx!@CRkf86l(cFkX;tLR zIsL5t3mb%$HIvuwETAq|!`xv3woZ0rPR)JQKTnc6k^+7Ne0z{Y!wFx+t)Mca3Vh%A zj#$h{Y%Oyv`$RgR?=p3t+sR}ce|&*|3q~}|+Uo+<&ze?tB6DheA94{99jP8X%#|j^ zl||9N`m1AG?ZcIqBYpHj+TT)vR!fSkMrq(0E@aA95 z!`eSRa;!tw<-gEBy?*k0ngmLM7(q_pNQf-N9O>@H?=x*zthCs&!*%`Qv209Ut1O9Z zTyRzJPIncp^RJ`$Dq6%|`dGr43vQ@R;Gek(G}~R<=%0bu%%S0-#$nR2o)IQ5CwbEZ zy(d@X->)nDQ%F@<%W~q?7Omk_6J(Pr=XxWtB>Y3*hjc%eqv^=33DiW@O`TGdi>+Gd zty|~%{qaTkCUg^P%bzTr`sRKo_;w8(jnyo%9Ma5B zH12$oVja98i3#yua^aiP z%vk2x(CVEWj2*j1BZov&D{|OJk4GAYmg9x9PjjD+33~{CC&G%t)Qvf*Om;ge--y;r zc=;}4Zjqp{hZ&((O0-15*xYBeD~^rRsslTi{4`x5R^3Cv-Ay3ZLo7qgozQ^8mHA^! zZ4++O^(NbYVNePwlE|oP;$^Zlk}nG^D?U3E;T}U>87s++Wfi@xug4vy9QSwEICIQ# zQ_ItK({SJ7EG{+TtQ$2RUtKFMbEl26EVqTgsf8}qq=~thqoT#|p$Yq{qDrMr9s^B*1_W~5uGlOW!2I{@$JXEAd7S>h|L}WC@hN&wyj^_E;=JXj);_~=%)0$hyD8!`SI7|OgUta1&_nkWTf1IH?xQH zW0UEV`Dy2ANnP%riyjW(hvYTO{XPBEor6C7yjGV+cgNk{E8bM6h3k0Q+n;H^usk{6 z)?MjOl-wneCnY^0gVQhWPX&{MpX*9gJ9T9R;OW1a*HM!69KrBZF?|mJSVaFV5RjSu z;yH-+K~+-`?KcuBIyLdybx0=w;MS@t$Qt-89cKl!lNmw>*3-~@jgZr3N{Ja?sc9M{ z&q>Nfu(M@0jTI1~PKLqQpbirxACm{EsVJ=zI%<Q{zVS?-5zr^= zfrw;V5Y1mkyf1yy*B>5E6qi0(?_Kz<&ObbidF+n(-ejNt+{*@`{qG2W(rlc$qeXNO zz>RK~EQ=QDPv@VFLL6V@g$Q7RCs8(aL@P{%dx{nLe*F+{8*Y<_vw)J0GJ+O}d!VVEFW!1==}?Ex5p2g(HeS2d&Ml_y5&mH-=8&pgxWDL2Oxe>^~0 zeX<*F3~|AUSSDEjr-Lje#){fN;ea=I;D?LXpGL;9fYTQnTsHB#pP6~67u;6wI5*nh zk#M;bN7t$!Qn;T%H-r-dH!e7}xFQyv^D&<)L0Y;l*A&8nxT6KpR}Vlm9AJkuGiLMr zmGG2018=OYAo|IXAB8t)Ww0Q*C|saeP%OAV%CKw5OvN28B+Q8m#bpjUnM1q+64V;Z zPW-JwsbDa~*f7&F?QYFfhTZeU+4Ks6(B`|zVq!dzLFPm0=3>ouCqjV7BI0=CtTX-w z4}J(gksAv)%yds`@sZ>isD*K|jlLZV@L=Vky2&=N3hF{KE)~dfurP0U^-P5PiN7~F z!&}ggXT%E$o^~lLcq%JD3f8{aLCp;^JJ8#mP5-{Fr&()-L4}U&K3ic){4VaxpH4L? zT3lK|%tig1cy;4Uq!5U%qjyP;!ORtZX4k0Jz^Dl;LY2sys%%b7y@q*nfZcKuq_Xtg?GJ38}KSEd6Fcek4QX8#7ar04EKABc6ft&mV5d^ zY=-j-mOA#C;O%;}+;zFaiNECgb#n&fK+>C1wFYs6Oih%rg!G%o6-4z=K#ew3%q$3` z#NxI5#EeCtpenp!7Y%QTcVSL?P8ckw7Nou1Io}-o*%Go0Az~3?)zWc+4V7+**(BeS z0@A7eZrD6bJ`lAA(9K~FT1nUOp2 z1i7h)XR51AuzgSb@4(|aDsP4%g_XmPQNgr5XicA zTqkCf2WEX8O(HW@VHFZ%enw=pu*FnHuTt%OjjT#P_pNCoSi_)Hb6@`3We}b|H^{@p zqtMH3VtnY<{q#ry_nxTs84iZt9EDH1oSZoZi!P^gNzNm@5UyiWpw@7!w-##m-d=ly zf^F1MfY--ytAZ{y?x?C}|MzEb4YE?pw?;I+`=Uip=M zAuD@g+jv!Vmyc!=9dqk~y)RnYp|NEHTUqNrBYIgsd49V%alc4<*X zb0C4S!6ztOWJv7$2&aP?FR3%vJa7L4-!u$hi5{cymvWR5A7vG7OZ&`st&(1owmQ*pKUW8nyDoTPb+1L-*pDL&Ac6yMe@x zBYRrrWPERMbnoglN^xq^Y6h}K(IR(m`A1MJ*_C~nTEij~d-TobW`AG46pXHzno40% ziqFRJ#W_S|M!7$qn%xM_(0xOr=4UbwULg$kI~AGP0xkPpl{%YyZ0PNuvK8KYdzFG! z&(=__lE$~TbaDy8{jz^$avD8sLGaQUBIN@VC=XQOe+yBM2Vji?iGb>G9~@P%LxT4GE>!zRNq4f4tQX(6Gp+dUfo(8l65ld^i5)i zdC2$5=9YNElIN7$=~G1z9aeIQ9Slrj+MC6akkHmss+y^zZ(8v;jO*;bI2nX^5`+n?ci_>BBKNeI2QV;v5o;=(X< zIx|wtsDj=uH zY7M;bxSeK_^I|3XY)1CkUWF+8Om0;q0YOBEta$uFlW_NXgG#GEmGB}p#wS!Q!lryT zbMhQYl5oFfRKzveZKVZ%M=%TdONBv5!7prBwX{Cp!}Q_3<;?4>yQmQnozAW|ziisT z^PlV}&8lu)h@vHtL{tvi6|qa8_g|_qJn8tP(*9a!K&f$8((bJ2p*Qx1!6IkHDz?qT zZyuvE+=U{?QFPxuTd6RP?@%Nj=q7IQL?`L$4=dW4JL_+Mv<9@m;zco zkH}{Tt;$jeBq@sUe}cN4*Z7Ox^$8a<&ArdcVWyx0x;X8PQXI1kGI5BYC-^psC;qF4 zp@eLsT-7vZd?}9Hr2=g~S-MQ*;$m%R`cj3Ig6-IdD>ik;Yte6Oo(23G``~ZbK`;Y; z*BiQ#C0*`W+`5ZE2 zn6gmYkmK1=7B_b(Y}N1?+Xf{AifVRDJiad^zGBon`Sng}OQ-8)_`iKj?&)gAKqKO> ze@R|)5PLYUaN_whAv!SFMvw9W)Sf?Pq})^z36+(etA0U#^#t?AX)mgnl4|sVZG|ZB zOWgY82nQvV_YDN6QsfGQ@8x3YtNh=_BYQc86G^9hN~v@FX2*Ou{n6s22BJx~IvbSn ztR>_ezD9or58q5XZ3gJ z7nTISyrM%E8s1gQ#ysr|wZtn%?7NthvmLjDJB$u_Zn_`dGD56>cc6Wh!0_S{uC7tF z6P$}+%>_I5=dTfl|3li~t9ay9nzNqsa-=*6&!RjvUVKdc%@P71jyacSh5c$XoSCc$ zhPy&Ayh?ME*VpPL{t!pQ9V)vz{;Qbry`F1#YUte>YKr5Nq3rf3JhJsvkbVKe#_UC2Og-p=X8Ca4prFOTgh&O z`U1aX5Lml1Kswl$>U5SmXFV&Lqa)p{&3I`X$$qAs|f45b$irrp4=$}Qn+9FQlDLk%#6eM=iKc;>&a4*&njA? zQG3*=qi{KxnSKr4b~7zqb+}LcMYqO=@t!X15Pz6mGfMs;GiEfAMh!RVQ=Fi{Henjz zo#kYI)C?VuhX`_Beq$SzT9;AF(jyoS$d9_83;4+b3sUDWblJ69^!|hI_WtQd<>%>t z60^7%;S_cJsnp`nZi5GoRBQP5vAkvGU#HWvR4WAh`!&DGJM}p}^Tl{>yuW#!#9$lx zTik9D+tnYa z$bpG=^U5j6so!go*O{j4n$wzVJ4{YDCVqR`3H5!l^Y<}N{@TYj3KLLS^HUKDpjdwO z9mZ>3w21Q7jPeshwsXS#*`Cgy)K$jnDqZK#SV6bYkBHV&D0}3F=i029xk7O3vxG&V zlDqpGDi(^{czToxu3$66Ov%SUNdtpuStXSQrJ}``$~OPo9sd6E?YkN+UG3OO R`g1!As48kHRLj`}{~wHZUxNSu diff --git a/package-postfix_access/handlers/main.yml b/package-postfix_access/handlers/main.yml deleted file mode 100644 index fb24197..0000000 --- a/package-postfix_access/handlers/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: postmap transport - command: "postmap /etc/postfix/transport" -- name: restart amavis - service: - name: "amavis" - state: "restarted" -- name: restart saslauthd - service: - name: "saslauthd" - state: "restarted" -- name: restart postfix - service: - name: "postfix" - state: "restarted" -- name: restart dovecot - service: - name: "dovecot" - state: "restarted" -- name: restart apache2 - service: - name: "apache2" - state: "restarted" diff --git a/package-postfix_access/tasks/main.yml b/package-postfix_access/tasks/main.yml deleted file mode 100644 index 617ccd8..0000000 --- a/package-postfix_access/tasks/main.yml +++ /dev/null @@ -1,222 +0,0 @@ ---- -- name: install filtering packages and monitoring components - apt: - name: - - postfix - - postfix-ldap - - postfix-pcre - - dovecot-core - - dovecot-imapd - - dovecot-pop3d - - dovecot-lmtpd - - dovecot-sieve - - dovecot-managesieved - - dovecot-ldap - - dovecot-mysql - - apache2 - - libapache2-mod-php - - roundcube - - roundcube-plugins - - php-ldap - - php-net-sieve - - mailgraph - - amavis - - spamassassin - - clamav-daemon - - libnet-dns-perl - - libmail-spf-perl - - pyzor - - razor - - pfqueue - state: latest - -- name: install compression algorithms for scanning - apt: - name: - - p7zip-full - - arj - - bzip2 - - cabextract - - cpio - - file - - gzip - - lhasa - - liblz4-tool - - lrzip - - lzop - - nomarch - - pax - - rar - - rpm - - unrar-free - - unzip - - xz-utils - - zip - state: latest - -# ClamAV -- name: ensure clamav is in amavis group - user: - name: "clamav" - append: "yes" - groups: "amavis" - -- name: ensure amavis is in clamav group - user: - name: "amavis" - append: "yes" - groups: "clamav" - -# Amavis -- name: install Amavis configs - template: - src: "{{ item }}.j2" - dest: "/etc/amavis/conf.d/{{ item }}" - notify: - - restart amavis - with_items: - - 15-content_filter_mode - - 50-user - -# Postfix -- name: install Postfix main configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/{{ item }}" - notify: - - restart postfix - with_items: - - main.cf - - master.cf - - helo_access.pcre - - transport - -- name: map transport - command: postmap /etc/postfix/transport - -- name: create LDAP config dir - file: - name: "/etc/postfix/ldap" - state: "directory" - -- name: install Postfix LDAP configs - template: - src: "postfix-ldap/{{ item }}.j2" - dest: "/etc/postfix/ldap/{{ item }}" - mode: "640" - group: "postfix" - notify: - - restart postfix - with_items: - - catchall_maps.cf - - recipient_bcc_maps_domain.cf - - recipient_bcc_maps_user.cf - - relay_domains.cf - - sender_bcc_maps_domain.cf - - sender_bcc_maps_user.cf - - sender_login_maps.cf - - transport_maps_domain.cf - - transport_maps_user.cf - - virtual_alias_maps.cf - - virtual_group_maps.cf - - virtual_group_members_maps.cf - - virtual_mailbox_domains.cf - - virtual_mailbox_maps.cf - -- name: link /etc/mailname to /etc/hostname - file: - dest: "/etc/mailname" - src: "/etc/hostname" - state: "link" - force: "yes" - -# Dovecot -- name: install Dovecot main configs - template: - src: "{{ item }}.j2" - dest: "/etc/dovecot/{{ item }}" - notify: - - restart dovecot - with_items: - - dovecot.conf - - dovecot-ldap.conf - -- name: add vmail group - group: - name: "vmail" - gid: "2000" - state: "present" - -- name: add vmail user - user: - name: "vmail" - home: "/srv/vmail" - shell: "/bin/false" - uid: "2000" - group: "vmail" - state: "present" - -- name: ensure log ownership - file: - dest: "/var/log/{{ item }}" - owner: "vmail" - group: "adm" - mode: "644" - state: "touch" - with_items: - - dovecot.log - - dovecot-lmtp.log - -# Roundcube -- name: Install roundcube PHP configs - template: - src: "{{ item }}.j2" - dest: "/etc/roundcube/{{ item }}" - mode: "640" - group: "www-data" - with_items: - - debian-db.php - - config.inc.php - -- name: Remove default apache2 config - file: - name: "/etc/apache2/sites-enabled/000-default.conf" - state: "absent" - notify: - - restart apache2 - -- name: Install roundcube ports config - template: - src: "ports.conf.j2" - dest: "/etc/apache2/ports.conf" - notify: - - restart apache2 - -- name: Install roundcube apache2 config - template: - src: "roundcube.conf.j2" - dest: "/etc/roundcube/apache.conf" - notify: - - restart apache2 - -- name: create logo dir - file: - dest: "/var/lib/roundcube/images" - state: "directory" - -- name: install Roundcube logo - copy: - src: "{{ logo_filename }}" - dest: "/var/lib/roundcube/images/{{ logo_filename }}" - -# General -- name: ensure services are running (and enabled at boot) - service: - name: "{{ item }}" - state: "started" - enabled: "yes" - with_items: - - postfix - - amavis - - clamav-daemon - - dovecot diff --git a/package-postfix_access/templates/15-content_filter_mode.j2 b/package-postfix_access/templates/15-content_filter_mode.j2 deleted file mode 100644 index 8ea341f..0000000 --- a/package-postfix_access/templates/15-content_filter_mode.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -# Amavis filter configuration -# {{ ansible_managed }} - -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); - -1; # ensure a defined return diff --git a/package-postfix_access/templates/50-user.j2 b/package-postfix_access/templates/50-user.j2 deleted file mode 100644 index 3f9136a..0000000 --- a/package-postfix_access/templates/50-user.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -@local_domains_acl = ( "." ); -$sa_tag_level_deflt = -9999; -$sa_tag2_level_deflt = 4.5; -$sa_kill_level_deflt = 4.5; -$sa_spam_subject_tag = '*** SPAM *** '; - -$forward_method = 'smtp:[::1]:10025'; - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/package-postfix_access/templates/config.inc.php.j2 b/package-postfix_access/templates/config.inc.php.j2 deleted file mode 100644 index a6bd5af..0000000 --- a/package-postfix_access/templates/config.inc.php.j2 +++ /dev/null @@ -1,111 +0,0 @@ - "/images/logo_login_small.png", - "elastic:login" => "/images/logo_login.png", - "elastic:*[small]" => "/images/logo_small.png", - "larry:*" => "/images/larry.png", - "login" => "/images/logo_login.png", - "[print]" => "/images/logo_print.png", -); -$config['skin_logo'] = 'images/{{ logo_filename }}'; - -$config['des_key'] = '{{ roundcube_deskey }}'; - -// ---------------------------------- -// PLUGINS -// ---------------------------------- -$config['plugins'] = array('managesieve'); -$config['create_default_folders'] = true; -$config['quota_zero_as_unlimited'] = true; -$config['ldap_public'] = array ( - 'global_ldap_abook' => - array ( - 'name' => 'Global LDAP Address Book', - 'hosts' => - array ( - 0 => '{{ ldap_host }}', - ), - 'port' => {{ ldap_port }}, - 'use_tls' => false, - 'ldap_version' => '3', - 'network_timeout' => 10, - 'user_specific' => true, - 'base_dn' => '{{ ldap_basedn }}', - 'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,{{ ldap_basedn }}', - 'hidden' => false, - 'searchonly' => false, - 'writable' => false, - 'search_fields' => - array ( - 0 => 'mail', - 1 => 'cn', - 2 => 'sn', - 3 => 'givenName', - 4 => 'street', - 5 => 'telephoneNumber', - 6 => 'mobile', - 7 => 'stree', - 8 => 'postalCode', - ), - 'fieldmap' => - array ( - 'name' => 'cn', - 'surname' => 'sn', - 'firstname' => 'givenName', - 'title' => 'title', - 'email' => 'mail:*', - 'phone:work' => 'telephoneNumber', - 'phone:mobile' => 'mobile', - 'street' => 'street', - 'zipcode' => 'postalCode', - 'locality' => 'l', - 'department' => 'departmentNumber', - 'notes' => 'description', - 'phone:workfax' => 'facsimileTelephoneNumber', - 'photo' => 'jpegPhoto', - ), - 'sort' => 'cn', - 'scope' => 'sub', - 'filter' => '(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))', - 'fuzzy_search' => true, - 'vlv' => false, - 'sizelimit' => '0', - 'timelimit' => '0', - 'referrals' => false, - 'group_filters' => - array ( - 'departments' => - array ( - 'name' => 'Mailing Lists', - 'scope' => 'sub', - 'base_dn' => '{{ ldap_basedn }}', - 'filter' => '(&(objectclass=mailList)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))', - 'name_attr' => 'cn', - 'email' => 'mail', - ), - ), - ), -); -$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook'); -$config['skin'] = 'elastic'; -$config['addressbook_sort_col'] = 'name'; -$config['draft_autosave'] = 60; -$config['check_all_folders'] = true; -$config['autoexpand_threads'] = 2; - -include_once("/etc/roundcube/debian-db-roundcube.php"); diff --git a/package-postfix_access/templates/debian-db.php.j2 b/package-postfix_access/templates/debian-db.php.j2 deleted file mode 100644 index 191b384..0000000 --- a/package-postfix_access/templates/debian-db.php.j2 +++ /dev/null @@ -1,9 +0,0 @@ - - Options +FollowSymLinks - # This is needed to parse /var/lib/roundcube/.htaccess. See its - # content before setting AllowOverride to None. - AllowOverride All - = 2.3> - Require all granted - - - Order allow,deny - Allow from all - - - -# Protecting basic directories: - - Options -FollowSymLinks - AllowOverride None - - - - Options -FollowSymLinks - AllowOverride None - = 2.3> - Require all denied - - - Order allow,deny - Deny from all - - - - - Options -FollowSymLinks - AllowOverride None - = 2.3> - Require all denied - - - Order allow,deny - Deny from all - - - diff --git a/package-postfix_access/templates/transport.j2 b/package-postfix_access/templates/transport.j2 deleted file mode 100644 index da9f35c..0000000 --- a/package-postfix_access/templates/transport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -# Gmail-specific transfer policy -# {{ ansible_managed }} -gmail.com smtp-ipv4: diff --git a/package-postfix_filter/defaults/main.yml b/package-postfix_filter/defaults/main.yml deleted file mode 100644 index ffb7036..0000000 --- a/package-postfix_filter/defaults/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Default configurations -# I populate these from external configs; I indicate what the are as inline comments - -# Postfix - -# A list of relay domains and their target (square-bracked hostname/IP + port); examples follow -relay_domains: "{{ blse_relaydomains }}" -# - domain: "some.domain.tld" -# relay: "[mail.domain.tld]" -# - domain: "other.domain.tld" -# relay: "[secure.domain.tld]:465" - -# A list of RBLs to check for rejecting incoming mail -remote_block_lists: - - bl.spamcop.net - - zen.spamhaus.org - - cbl.abuseat.org - -# Enable TLS (literal yes/no only) and, if yes, the cert and key files -tls_enabled: "yes" -tls_cert: "/etc/ssl/{{ ansible_fqdn }}.crt" -tls_key: "/etc/ssl/{{ ansible_fqdn }}.key" - -# Virtual address maps -virtual_maps: - - regex: "/^postmaster@/" - map: "root@{{ blsedomains_admindomain }}" - -# SpamAssassin -notify_admin: "joshua@boniface.me" # Administrative address to notify -notify_method: "smtp:{{ blsecluster_smtphost }}:25" -custom_sender_scores: - - "[qr'^(offers)@'i => 1.0]" - - "[qr'^.*@pizzanova.com'i => 1.0]" diff --git a/package-postfix_filter/files/ham-sample/README b/package-postfix_filter/files/ham-sample/README deleted file mode 100644 index 76b5c47..0000000 --- a/package-postfix_filter/files/ham-sample/README +++ /dev/null @@ -1,2 +0,0 @@ -Populate me with spam-tagged legit emails. -Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory. diff --git a/package-postfix_filter/files/spam-sample/README b/package-postfix_filter/files/spam-sample/README deleted file mode 100644 index 76b5c47..0000000 --- a/package-postfix_filter/files/spam-sample/README +++ /dev/null @@ -1,2 +0,0 @@ -Populate me with spam-tagged legit emails. -Then `tar -cvJf ham-sample.txz ham-sample/` in the parent directory. diff --git a/package-postfix_filter/handlers/main.yml b/package-postfix_filter/handlers/main.yml deleted file mode 100644 index e7784cc..0000000 --- a/package-postfix_filter/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: postmap transport - command: "postmap /etc/postfix/transport" -- name: restart amavis - service: - name: "amavis" - state: "restarted" -- name: restart saslauthd - service: - name: "saslauthd" - state: "restarted" -- name: restart postfix - service: - name: "postfix" - state: "restarted" -- name: restart spamassassin - service: - name: "spamassassin" - state: "restarted" diff --git a/package-postfix_filter/tasks/main.yml b/package-postfix_filter/tasks/main.yml deleted file mode 100644 index ba1f684..0000000 --- a/package-postfix_filter/tasks/main.yml +++ /dev/null @@ -1,220 +0,0 @@ ---- -# -# Install role packages -# - -- name: install filtering packages and monitoring components - apt: - name: - - postfix - - postfix-pcre - - mailgraph - - amavis - - spamassassin - - clamav-daemon - - libnet-dns-perl - - libmail-spf-perl - - postfix-policyd-spf-python - - pfqueue - state: latest - -- name: install compression algorithms for scanning - apt: - name: - - p7zip-full - - arj - - bzip2 - - cabextract - - cpio - - file - - gzip - - lhasa - - liblz4-tool - - lrzip - - lzop - - nomarch - - pax - - rar - - rpm - - unrar-free - - unzip - - xz-utils - - zip - state: latest - -# -# ClamAV -# - -- name: ensure clamav is in amavis group - user: - name: "clamav" - append: "yes" - groups: "amavis" - -- name: ensure amavis is in clamav group - user: - name: "amavis" - append: "yes" - groups: "clamav" - -# -# policyd SPF -# - -- name: install policyd-spf config - template: - src: "{{ item }}.j2" - dest: "/etc/postfix-policyd-spf-python/{{ item }}" - notify: - - restart postfix - with_items: - - "policyd-spf.conf" - -# -# SpamAssassin -# - -- name: install SpamAssassin config - template: - src: "{{ item }}.j2" - dest: "/etc/spamassassin/{{ item }}" - notify: - - restart spamassassin - - restart amavis - with_items: - - "local.cf" - - "90_customrules.cf" - -# -# Amavis -# - -- name: install Amavis configs - template: - src: "{{ item }}.j2" - dest: "/etc/amavis/conf.d/{{ item }}" - notify: - - restart amavis - with_items: - - "15-content_filter_mode" - - "50-user" - -# -# Postfix -# - -- name: create the Postfix local config dir - file: - state: directory - dest: "/etc/postfix/local" - -- name: install the Postfix main configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/{{ item }}" - notify: - - restart postfix - with_items: - - "main.cf" - - "master.cf" - -- name: install the Postfix local configs - template: - src: "{{ item }}.j2" - dest: "/etc/postfix/local/{{ item }}" - notify: - - restart postfix - with_items: - - helo_access - - recipient_access - - relay_domains - - transport - - virtual - -- name: link /etc/mailname to /etc/hostname - file: - dest: "/etc/mailname" - src: "/etc/hostname" - state: "link" - force: "yes" - -# -# Verify and enable services -# - -- name: verify and enable services - service: - name: "{{ item }}" - state: "started" - enabled: "yes" - with_items: - - "postfix" - - "amavis" - - "clamav-daemon" - -# -# SpamAssassin training -# - -- name: download spam sample archive - copy: - src: "spam-sample.txz" - dest: "/var/cache/spam-sample.txz" - owner: "root" - group: "root" - mode: "400" - register: spamsample - -- name: make temporary directory - command: "mktemp -d" - register: tempdirspam - when: spamsample.changed - -- name: extract spam sample archive to temporary directory - unarchive: - remote_src: "yes" - src: "/var/cache/spam-sample.txz" - dest: "{{ tempdirspam.stdout }}/" - when: spamsample.changed - -- name: sa-learn from the spam sample - command: "sa-learn --spam {{ tempdirspam.stdout }}/spam-sample/" - when: spamsample.changed - -- name: remove temporary directory - file: - dest: "{{ tempdirspam.stdout }}" - state: "absent" - when: spamsample.changed - -- name: download ham sample archive - copy: - src: "ham-sample.txz" - dest: "/var/cache/ham-sample.txz" - owner: "root" - group: "root" - mode: "400" - register: hamsample - -- name: make temporary directory - command: "mktemp -d" - register: tempdirham - when: hamsample.changed - -- name: extract ham sample archive to temporary directory - unarchive: - remote_src: "yes" - src: "/var/cache/ham-sample.txz" - dest: "{{ tempdirham.stdout }}/" - when: hamsample.changed - -- name: sa-learn from the ham sample - command: "sa-learn --ham {{ tempdirham.stdout }}/ham-sample/" - when: hamsample.changed - -- name: remove temporary directory - file: - dest: "{{ tempdirham.stdout }}" - state: "absent" - when: hamsample.changed diff --git a/package-postfix_filter/templates/15-content_filter_mode.j2 b/package-postfix_filter/templates/15-content_filter_mode.j2 deleted file mode 100644 index 8ea341f..0000000 --- a/package-postfix_filter/templates/15-content_filter_mode.j2 +++ /dev/null @@ -1,12 +0,0 @@ -use strict; - -# Amavis filter configuration -# {{ ansible_managed }} - -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); - -1; # ensure a defined return diff --git a/package-postfix_filter/templates/50-user.j2 b/package-postfix_filter/templates/50-user.j2 deleted file mode 100644 index 50125ae..0000000 --- a/package-postfix_filter/templates/50-user.j2 +++ /dev/null @@ -1,40 +0,0 @@ -use strict; - -@local_domains_acl = ( "." ); -$sa_tag_level_deflt = -9999; -$sa_tag2_level_deflt = 5; -$sa_kill_level_deflt = 9999; -$sa_spam_subject_tag = '*** SPAM *** '; -$final_spam_destiny = 'D_PASS'; - -$bad_header_quarantine_method = undef; - -$notify_method = '{{ notify_method }}'; - -$newvirus_admin = '{{ notify_admin }}'; -$virus_admin = '{{ notify_admin }}'; -$spam_admin = '{{ notify_admin }}'; - -$banned_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1 -$bad_header_admin = \@virus_admin_maps; # for compatibility with pre-2.2.1 -@newvirus_admin_maps = (\$newvirus_admin); -@virus_admin_maps = (\%virus_admin, \$virus_admin); -@spam_admin_maps = (\%spam_admin, \$spam_admin); -@banned_admin_maps = (\$banned_admin); -@bad_header_admin_maps= (\$bad_header_admin); - -{% if custom_sender_scores is defined %} -# Custom sender_map scores -@score_sender_maps = ({ - '.' => [ - new_RE( -{% for score in custom_sender_scores %} - {{ score }}, -{% endfor %} - ), - ], -}); -{% endif %} - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/package-postfix_filter/templates/90_customrules.cf.j2 b/package-postfix_filter/templates/90_customrules.cf.j2 deleted file mode 100644 index 92bacf9..0000000 --- a/package-postfix_filter/templates/90_customrules.cf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -# Adjustments to default SpamAssassin scoring -# {{ ansible_managed }} -score RCVD_IN_PSBL 3.5 # Increase default score significantly -score URIBL_BLACK 3.5 # Increase default score significantly -score LOTS_OF_MONEY 2 # Increase default score a little -score ADVANCE_FEE_4_NEW 2 # Increase default score a little -score RDNS_NONE 0.5 # Decrease default score a little diff --git a/package-postfix_filter/templates/helo_access.j2 b/package-postfix_filter/templates/helo_access.j2 deleted file mode 100644 index 266c7fb..0000000 --- a/package-postfix_filter/templates/helo_access.j2 +++ /dev/null @@ -1,2 +0,0 @@ -/^\[[0-9]{1,3}(\.[0-9]{1,3}){3}\]$/ DUNNO announced self using an address literal -/^[0-9]{1,3}(\.[0-9]{1,3}){3}$/ REJECT announced self with an IP address instead of a domain name diff --git a/package-postfix_filter/templates/local.cf.j2 b/package-postfix_filter/templates/local.cf.j2 deleted file mode 100644 index 73e0a67..0000000 --- a/package-postfix_filter/templates/local.cf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# SpamAssassin local config -# {{ ansible_managed }} - -report_safe 1 -required_score 4.5 - -use_bayes 1 -bayes_auto_learn 1 -bayes_auto_learn_threshold_nonspam -0.1 -bayes_auto_learn_threshold_spam 9.0 - -score BAYES_00 -4 -score BAYES_05 -2 -score BAYES_80 2 -score BAYES_95 6 -score BAYES_99 8 - -bayes_ignore_header X-Bogosity -bayes_ignore_header X-Spam-Flag -bayes_ignore_header X-Spam-Status - -bayes_path /var/spamassassin/bayes_db/bayes -bayes_file_mode 0777 - -skip_rbl_checks 0 -ok_languages all -ok_locales all diff --git a/package-postfix_filter/templates/main.cf.j2 b/package-postfix_filter/templates/main.cf.j2 deleted file mode 100644 index 9b71172..0000000 --- a/package-postfix_filter/templates/main.cf.j2 +++ /dev/null @@ -1,91 +0,0 @@ -# Main Postfix configuration -# {{ ansible_managed }} - -myorigin = /etc/mailname -myhostname = {{ ansible_fqdn }} - -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -message_size_limit = 26214400 -mailbox_size_limit = 0 -default_process_limit = 1000 -recipient_delimiter = + -inet_interfaces = all - -smtpd_banner = {{ ansible_fqdn }} ESMTP $mail_name (Debian/GNU) -biff = no -append_dot_mydomain = no -delay_warning_time = 48h -maximal_queue_lifetime = 14d -bounce_queue_lifetime = 14d -readme_directory = no -compatibility_level = 2 - -smtpd_use_tls={{ tls_enabled }} -smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem -smtpd_tls_cert_file={{ tls_cert }} -smtpd_tls_key_file={{ tls_key }} -smtpd_tls_ask_ccert = yes -smtpd_tls_received_header = yes -smtpd_tls_loglevel = 1 -smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache -smtpd_tls_security_level = may -smtpd_tls_protocols = !SSLv2,!SSLv3 -smtpd_tls_ciphers = medium -smtpd_tls_exclude_ciphers = RC4, CAMELLIA, SEED, 3DES - -smtp_use_tls={{ tls_enabled }} -smtp_tls_cert_file={{ tls_cert }} -smtp_tls_key_file={{ tls_key }} -smtp_tls_session_cache_database = btree:$data_directory/smtp_scache -smtp_tls_loglevel = 1 -smtp_tls_security_level = may -smtp_tls_protocols = $smtpd_tls_protocols -smtp_tls_ciphers = $smtpd_tls_ciphers -smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers - -mydestination = -local_recipient_maps = -alias_maps = -alias_database = -virtual_alias_maps = pcre:$config_directory/local/virtual -local_transport = error:local mail delivery is disabled -transport_maps = pcre:$config_directory/local/transport -relay_domains = $config_directory/local/relay_domains - -content_filter = smtp-amavis:[127.0.0.1]:10024 -smtpd_client_recipient_rate_limit = 250 -strict_rfc821_envelopes = yes -receive_override_options = no_address_mappings -policyd-spf_time_limit = 3600 -smtpd_relay_restrictions = - permit_mynetworks - reject_unauth_destination - check_policy_service unix:private/policyd-spf -{% for rbl in remote_block_lists %} - reject_rbl_client {{ rbl }} -{% endfor %} - warn_if_reject reject_unknown_client - -smtpd_helo_required = yes -smtpd_helo_restrictions = - check_helo_access pcre:$config_directory/local/helo_access - reject_invalid_hostname - -smtpd_sender_restrictions = - check_sender_mx_access cidr:$config_directory/local/mx_access - reject_unknown_sender_domain - reject_non_fqdn_sender - check_sender_access pcre:$config_directory/local/sender_access - -smtpd_recipient_restrictions = - reject_unknown_recipient_domain - reject_non_fqdn_recipient - reject_unauth_pipelining - reject_unauth_destination - check_policy_service unix:private/policyd-spf - check_recipient_access pcre:$config_directory/local/recipient_access - reject_unverified_recipient - -smtpd_data_restrictions = - reject_multi_recipient_bounce - reject_unauth_pipelining diff --git a/package-postfix_filter/templates/master.cf.j2 b/package-postfix_filter/templates/master.cf.j2 deleted file mode 100644 index dea0256..0000000 --- a/package-postfix_filter/templates/master.cf.j2 +++ /dev/null @@ -1,62 +0,0 @@ -# Postfix master process configuration file -# {{ ansible_managed }} - -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) -# ========================================================================== -smtp inet n - y - - smtpd -pickup unix n - y 60 1 pickup - -o content_filter= - -o receive_override_options=no_header_body_checks -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache - -policyd-spf unix - n n - 0 spawn - user=policyd-spf argv=/usr/bin/policyd-spf - -smtp-amavis unix - - y - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o disable_dns_lookups=yes - -o max_use=20 - -127.0.0.1:10025 inet n - y - - smtpd - -o content_filter= - -o local_recipient_maps= - -o relay_recipient_maps= - -o smtpd_restriction_classes= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_data_restrictions=reject_unauth_pipelining - -o smtpd_end_of_data_restrictions= - -o mynetworks=127.0.0.0/8 - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks diff --git a/package-postfix_filter/templates/policyd-spf.conf.j2 b/package-postfix_filter/templates/policyd-spf.conf.j2 deleted file mode 100644 index cccd84a..0000000 --- a/package-postfix_filter/templates/policyd-spf.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# policyd SPF config -# {{ ansible_managed }} - -debugLevel = 1 - -HELO_reject = False -Mail_From_reject = False - -PermError_reject = False -TempError_Defer = False - -skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 diff --git a/package-postfix_filter/templates/recipient_access.j2 b/package-postfix_filter/templates/recipient_access.j2 deleted file mode 100644 index eeee382..0000000 --- a/package-postfix_filter/templates/recipient_access.j2 +++ /dev/null @@ -1,4 +0,0 @@ -/[%!@].*[%!@]/ REJECT sender-specified routing in recipient address -/&.*@/ REJECT invalid user -/^(daemon|bin|sys|sync|games|man|lp|news|uucp|proxy|www-data|backup|list|irc|gnats|nobody)@/ REJECT reserved system user -/^(ntp|sshd|munin|postfix|clamav|sqlgrey|policyd-spf|bind|statd|freerad|mysql|smokeping|systemd-.+|)@/ REJECT reserved system user diff --git a/package-postfix_filter/templates/relay_domains.j2 b/package-postfix_filter/templates/relay_domains.j2 deleted file mode 100644 index 16dbac2..0000000 --- a/package-postfix_filter/templates/relay_domains.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for domain in relay_domains %} -{{ domain.domain }} -{% endfor %} diff --git a/package-postfix_filter/templates/transport.j2 b/package-postfix_filter/templates/transport.j2 deleted file mode 100644 index 80a2133..0000000 --- a/package-postfix_filter/templates/transport.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for domain in relay_domains %} -/@{{ domain.domain }}$/ relay:{{ domain.relay }} -{% endfor %} diff --git a/package-postfix_filter/templates/virtual.j2 b/package-postfix_filter/templates/virtual.j2 deleted file mode 100644 index d89602a..0000000 --- a/package-postfix_filter/templates/virtual.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for map in virtual_maps %} -{{ map.regex }} {{ map.map }} -{% endfor %} diff --git a/package-radarr/README.md b/package-radarr/README.md deleted file mode 100644 index 840a3b5..0000000 --- a/package-radarr/README.md +++ /dev/null @@ -1,31 +0,0 @@ -# package-radarr - -This package configures the Radarr Movie download manager on a Debian/Ubuntu system. - -# Package variables - -## Configurable - -These variables should be configured in the host group that imports this role. - -### `radarr_version`: The version to use. -* Should be a valid release version. - -### `radarr_sha256sum`: The SHA256 sum of the GitHub release binary. -* Must match the artifact for the version specified in `radarr_version`. - -## Defaults - -These variables should not need to be changed. - -### `radarr_user`: The service username. -* Default: `radarr` - -### `radarr_uid`: The service user UID. -* Default: `219` - -### `radarr_path`: The homedir for the service user and application. -* Default: `/srv/radarr` - -### `radarr_url`: The GitHub release artifact URL -* Default: `https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz` diff --git a/package-radarr/handlers/main.yml b/package-radarr/handlers/main.yml deleted file mode 100644 index 42bb9b1..0000000 --- a/package-radarr/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart radarr - service: - name: "radarr" - state: "restarted" diff --git a/package-radarr/tasks/main.yml b/package-radarr/tasks/main.yml deleted file mode 100644 index d999d85..0000000 --- a/package-radarr/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: install dependency packages - apt: - pkg: - - mono-runtime - - libmono-cil-dev - - libcurl3-nss - - mediainfo - state: latest - -- name: add service user - user: - name: "{{ radarr_user }}" - group: "daemon" - system: yes - uid: "{{ radarr_uid }}" - home: "{{ radarr_path }}" - shell: "/usr/sbin/nologin" - state: present - -- name: create service directories - file: - dest: "{{ item }}" - state: directory - owner: "{{ radarr_user }}" - group: "daemon" - mode: 0755 - with_items: - - "{{ radarr_path }}" - - "{{ radarr_path }}/bin" - -- name: download application from GitHub - get_url: - url: "{{ radarr_url }}" - checksum: "sha256:{{ radarr_sha256sum }}" - dest: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz" - owner: "{{ radarr_user }}" - group: "sudo" - register: download - notify: - - restart radarr - -- name: extract application tarball - unarchive: - src: "{{ radarr_path }}/radarr.{{ radarr_version }}.tgz" - dest: "{{ radarr_path }}/bin" - remote_src: yes - when: download.changed - -- name: correct archive permissions - file: - owner: "{{ radarr_user }}" - group: "sudo" - mode: "u+rw,g+r" - recurse: yes - dest: "{{ radarr_path }}/bin" - when: download.changed - -- name: install systemd unit files - template: - src: "{{ item }}.j2" - dest: "/etc/systemd/system/{{ item }}" - register: systemd_file - with_items: - - radarr.service - -- name: reload systemd to apply previous changes - command: "systemctl daemon-reload" - when: systemd_file.changed - notify: - - restart radarr - -- name: start and enable systemd units - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - radarr.service diff --git a/package-radarr/templates/radarr.service.j2 b/package-radarr/templates/radarr.service.j2 deleted file mode 100644 index 40fb21c..0000000 --- a/package-radarr/templates/radarr.service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Radarr service unit file -# {{ ansible_managed }} -[Unit] -Description = Radarr Movie download manager -After = network-online.target - -[Service] -Type = simple -User = {{ radarr_user }} -ExecStart = /usr/bin/mono --debug {{ radarr_path }}/bin/Radarr/Radarr.exe -nobrowser -Restart = on-failure - -[Install] -WantedBy = multi-user.target diff --git a/package-radarr/vars/main.yml b/package-radarr/vars/main.yml deleted file mode 100644 index 951a48d..0000000 --- a/package-radarr/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -radarr_user: "radarr" -radarr_uid: "219" -radarr_path: "/srv/radarr" -radarr_url: "https://github.com/Radarr/Radarr/releases/download/v{{ radarr_version }}/Radarr.develop.{{ radarr_version }}.linux.tar.gz" diff --git a/package-riot/handlers/main.yml b/package-riot/handlers/main.yml deleted file mode 100644 index 3fb11db..0000000 --- a/package-riot/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: restart matrix-synapse - service: - name: matrix-synapse - state: restarted - -- name: restart mxisd - service: - name: mxisd - state: restarted - -- name: restart nginx - service: - name: nginx - state: restarted diff --git a/package-riot/tasks/main.yml b/package-riot/tasks/main.yml deleted file mode 100644 index 5f3f683..0000000 --- a/package-riot/tasks/main.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -- name: install matrix packages - apt: - pkg: - - matrix-synapse - - matrix-synapse-ldap3 - - python3-psycopg2 - - python3-jinja2 - - python3-bleach - - openjdk-8-jre-headless - - mxisd - state: latest - -- name: install the rest auth provider - get_url: - url: "https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py" - dest: "/usr/lib/python3/dist-packages/rest_auth_provider.py" - -- name: ensure services are started and enabled - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - matrix-synapse - - mxisd - -- name: install matrix-synapse configurations - template: - src: "{{ item.src }}.j2" - dest: "{{ item.dest }}" - owner: matrix-synapse - group: adm - mode: 0640 - notify: restart matrix-synapse - with_items: - - { src: "matrix-homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml" } - - { src: "matrix-server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" } - - { src: "matrix-report_stats.yaml", dest: "/etc/matrix-synapse/conf.d/report_stats.yaml" } - - { src: "matrix-homeserver.signing.key", dest: "/etc/matrix-synapse/homeserver.signing.key" } - -- name: install mxisd configurations - template: - src: "{{ item.src }}.j2" - dest: "{{ item.dest }}" - owner: mxisd - group: adm - mode: 0640 - notify: restart mxisd - with_items: - - { src: "mxisd.yaml", dest: "/etc/mxisd/mxisd.yaml" } - -- name: link the res folder to the right place - file: - src: "/usr/lib/python3/dist-packages/synapse/res" - dest: "/var/lib/matrix-synapse/res" - state: link - -- name: create matrix data directories - file: - dest: "/srv/matrix/{{ item }}" - state: directory - owner: matrix-synapse - group: sudo - mode: 0750 - with_items: - - media - - uploads - -- name: install nginx packages - apt: - pkg: - - nginx - state: latest - -- name: ensure services are started and enabled - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: - - nginx - -- name: disable default nginx configuration - file: - dest: "/etc/nginx/sites-enabled/default" - state: "absent" - -- name: install nginx configuration - template: - src: "riot-nginx.j2" - dest: "/etc/nginx/sites-enabled/riot" - notify: restart nginx - -- name: download riot - get_url: - url: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz" - dest: "/var/www/riot.tar.gz" - -- name: extract riot - unarchive: - src: "/var/www/riot.tar.gz" - dest: "/var/www" - owner: www-data - group: www-data - copy: no - creates: "/var/www/riot-{{ riot_version }}" - -- name: create versionless riot symlink - file: - src: "/var/www/riot-{{ riot_version }}" - dest: "/var/www/riot" - state: link - -- name: install riot configuration - template: - src: "riot-config.json.j2" - dest: "/var/www/riot/config.json" - owner: www-data - group: www-data - notify: restart nginx - diff --git a/package-riot/templates/matrix-homeserver.signing.key.j2 b/package-riot/templates/matrix-homeserver.signing.key.j2 deleted file mode 100644 index 05ff090..0000000 --- a/package-riot/templates/matrix-homeserver.signing.key.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ matrix_homeserver_signing_key }} diff --git a/package-riot/templates/matrix-homeserver.yaml.j2 b/package-riot/templates/matrix-homeserver.yaml.j2 deleted file mode 100644 index fd9c94e..0000000 --- a/package-riot/templates/matrix-homeserver.yaml.j2 +++ /dev/null @@ -1,123 +0,0 @@ ---- -# Matrix homeserver configuration -# {{ ansible_managed }} -no_tls: True -tls_fingerprints: [] -pid_file: "/var/run/matrix-synapse.pid" -soft_file_limit: 0 -public_baseurl: "https://im.{{ blsedomains_webdomain }}" -listeners: - - port: 8008 - tls: false - bind_addresses: - - '::' - type: http - x_forwarded: true - resources: - - names: [client, webclient] - compress: true - - names: [federation] - compress: false -database: - name: psycopg2 - args: - user: "{{ postgres_client['matrix'].username }}" - password: "{{ postgres_client['matrix'].passwd }}" - database: "{{ postgres_client['matrix'].database }}" - host: "{{ postgres_client['matrix'].host }}" - port: "{{ postgres_client['matrix'].port_readwrite }}" - cp_min: 5 - cp_max: 10 -event_cache_size: "10K" -log_config: "/etc/matrix-synapse/log.yaml" -rc_messages_per_second: 2.0 -rc_message_burst_count: 10.0 -federation_rc_window_size: 1000 -federation_rc_sleep_limit: 10 -federation_rc_sleep_delay: 500 -federation_rc_reject_limit: 50 -federation_rc_concurrent: 3 -media_store_path: "/srv/matrix/media" -uploads_path: "/srv/matrix/uploads" -max_upload_size: "10M" -max_image_pixels: "32M" -dynamic_thumbnails: false -thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 320 - height: 240 - method: scale - - width: 640 - height: 480 - method: scale - - width: 800 - height: 600 - method: scale -url_preview_enabled: False -max_spider_size: "10M" -enable_registration_captcha: False -enable_registration: False -bcrypt_rounds: 12 -allow_guest_access: False -trusted_third_party_id_servers: - - "im.{{ blsedomains_webdomain }}" -auto_join_rooms: - - "#hallway:{{ blsedomains_webdomain }}" - - "#fun:{{ blsedomains_webdomain }}" - - "#games:{{ blsedomains_webdomain }}" -enable_metrics: False -room_invite_state_types: - - "m.room.join_rules" - - "m.room.canonical_alias" - - "m.room.avatar" - - "m.room.name" -app_service_config_files: [] -expire_access_token: False -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" -old_signing_keys: {} -key_refresh_interval: "1d" # 1 Day. -perspectives: - servers: - "matrix.org": - verify_keys: - "ed25519:auto": - key: "{{ matrixorg_verify_key }}" -password_config: - enabled: true -email: - enable_notifs: true - smtp_host: "{{ blsecluster_smtphost }}" - smtp_port: 587 - smtp_user: "{{ username_email_root }}" - smtp_pass: "{{ passwd_email_root }}" - require_transport_security: True - notif_from: "The BLSE Matrix Server