summaryrefslogtreecommitdiff
path: root/inventory/host_vars/ch-testvm-prometheus.yml
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-12-05 01:04:27 +0100
committerChristian Pointner <equinox@spreadspace.org>2022-12-05 01:04:27 +0100
commit562d174484f41bef84eeb3a41f757e01f570b126 (patch)
tree3a6f3227a246d2924a3b9e65d4635f6d54d22216 /inventory/host_vars/ch-testvm-prometheus.yml
parentch-equinox-(t450s|ws): add dia (diff)
add ch-atlas and sk-2019vm to backup list for ch-epimetheus
Diffstat (limited to 'inventory/host_vars/ch-testvm-prometheus.yml')
-rw-r--r--inventory/host_vars/ch-testvm-prometheus.yml50
1 files changed, 50 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index f95366b0..2eaa0f90 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -33,3 +33,53 @@ network:
gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
interfaces:
- *_network_primary_
+
+
+
+
+postfix_base_mynetworks:
+ - "127.0.0.0/8"
+ - "[::ffff:127.0.0.0]/104"
+ - "[::1]/128"
+ - "{{ network_zones.svc.prefix }}"
+ - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32"
+ - "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy
+
+postfix_base_mydestination:
+ - "$myhostname"
+ - "{{ host_name }}.{{ host_domain }}"
+ - "localhost"
+ - mailrelay.helsinki.at
+
+postfix_base_inet_interfaces:
+ - "all"
+
+
+postfix_relay_hostname: mailrelay.helsinki.at
+
+postfix_relay_sender_canonical_maps:
+ rewrite_helsinki_subdomains:
+ type: regexp
+ content: |
+ /^(.+)@(.+)\.helsinki\.at$/i ${1}%${2}@helsinki.at
+
+postfix_relay_local_header_rewrite_clients:
+ - "permit_inet_interfaces"
+ - "permit_mynetworks"
+
+postfix_relay_tls:
+ acme: yes
+ acme_challenge_nginx_is_default_server: yes
+
+postfix_relay_auth_saslauthd:
+ mechanism: ldap
+ ldap_options:
+ auth_method: fastbind
+ servers: ldap://ldap.helsinki.at
+ start_tls: yes
+ tls_check_peer: yes
+ tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem"
+ filter: "uid=%u,ou=People,dc=helsinki,dc=at"
+
+postfix_relay_allowed_sender_domains:
+ - helsinki.at