diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-12-05 01:04:27 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-12-05 01:04:27 +0100 |
commit | 562d174484f41bef84eeb3a41f757e01f570b126 (patch) | |
tree | 3a6f3227a246d2924a3b9e65d4635f6d54d22216 /inventory/host_vars/ch-testvm-prometheus.yml | |
parent | ch-equinox-(t450s|ws): add dia (diff) |
add ch-atlas and sk-2019vm to backup list for ch-epimetheus
Diffstat (limited to 'inventory/host_vars/ch-testvm-prometheus.yml')
-rw-r--r-- | inventory/host_vars/ch-testvm-prometheus.yml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index f95366b0..2eaa0f90 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -33,3 +33,53 @@ network: gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" interfaces: - *_network_primary_ + + + + +postfix_base_mynetworks: + - "127.0.0.0/8" + - "[::ffff:127.0.0.0]/104" + - "[::1]/128" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32" + - "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy + +postfix_base_mydestination: + - "$myhostname" + - "{{ host_name }}.{{ host_domain }}" + - "localhost" + - mailrelay.helsinki.at + +postfix_base_inet_interfaces: + - "all" + + +postfix_relay_hostname: mailrelay.helsinki.at + +postfix_relay_sender_canonical_maps: + rewrite_helsinki_subdomains: + type: regexp + content: | + /^(.+)@(.+)\.helsinki\.at$/i ${1}%${2}@helsinki.at + +postfix_relay_local_header_rewrite_clients: + - "permit_inet_interfaces" + - "permit_mynetworks" + +postfix_relay_tls: + acme: yes + acme_challenge_nginx_is_default_server: yes + +postfix_relay_auth_saslauthd: + mechanism: ldap + ldap_options: + auth_method: fastbind + servers: ldap://ldap.helsinki.at + start_tls: yes + tls_check_peer: yes + tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem" + filter: "uid=%u,ou=People,dc=helsinki,dc=at" + +postfix_relay_allowed_sender_domains: + - helsinki.at |