add ch-atlas and sk-2019vm to backup list for ch-epimetheus

1 files changed, 50 insertions, 0 deletions

diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index f95366b0..2eaa0f90 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -33,3 +33,53 @@ network:
       gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
   interfaces:
   - *_network_primary_
+
+
+
+
+postfix_base_mynetworks:
+  - "127.0.0.0/8"
+  - "[::ffff:127.0.0.0]/104"
+  - "[::1]/128"
+  - "{{ network_zones.svc.prefix }}"
+  - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32"
+  - "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy
+
+postfix_base_mydestination:
+  - "$myhostname"
+  - "{{ host_name }}.{{ host_domain }}"
+  - "localhost"
+  - mailrelay.helsinki.at
+
+postfix_base_inet_interfaces:
+  - "all"
+
+
+postfix_relay_hostname: mailrelay.helsinki.at
+
+postfix_relay_sender_canonical_maps:
+  rewrite_helsinki_subdomains:
+    type: regexp
+    content: |
+      /^(.+)@(.+)\.helsinki\.at$/i   ${1}%${2}@helsinki.at
+
+postfix_relay_local_header_rewrite_clients:
+  - "permit_inet_interfaces"
+  - "permit_mynetworks"
+
+postfix_relay_tls:
+  acme: yes
+  acme_challenge_nginx_is_default_server: yes
+
+postfix_relay_auth_saslauthd:
+  mechanism: ldap
+  ldap_options:
+    auth_method: fastbind
+    servers: ldap://ldap.helsinki.at
+    start_tls: yes
+    tls_check_peer: yes
+    tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem"
+    filter: "uid=%u,ou=People,dc=helsinki,dc=at"
+
+postfix_relay_allowed_sender_domains:
+  - helsinki.at