--- install_jumphost: ch-jump install: vm: memory: 1G numcpus: 1 autostart: False disks: primary: /dev/sda scsi: sda: type: zfs name: root size: 10g properties: 'syncoid:sync': 'false' interfaces: - bridge: br-svc name: svc0 network: nameservers: "{{ network_zones.svc.dns }}" domain: "{{ host_domain }}" systemd_link: interfaces: "{{ install.interfaces }}" primary: &_network_primary_ name: svc0 address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}" gateway: "{{ network_zones.svc.gateway }}" static_routes: - destination: "{{ network_zones.lan.prefix }}" gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" interfaces: - *_network_primary_ postfix_base_mynetworks: - "127.0.0.0/8" - "[::ffff:127.0.0.0]/104" - "[::1]/128" - "{{ network_zones.svc.prefix }}" - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32" - "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy postfix_base_mydestination: - "$myhostname" - "{{ host_name }}.{{ host_domain }}" - "localhost" - mailrelay.helsinki.at postfix_base_inet_interfaces: - "all" postfix_relay_hostname: mailrelay.helsinki.at postfix_relay_sender_canonical_maps: rewrite_helsinki_subdomains: type: regexp content: | /^(.+)@(.+)\.helsinki\.at$/i ${1}%${2}@helsinki.at postfix_relay_local_header_rewrite_clients: - "permit_inet_interfaces" - "permit_mynetworks" postfix_relay_tls: acme: yes acme_challenge_nginx_is_default_server: yes postfix_relay_auth_saslauthd: mechanism: ldap ldap_options: auth_method: fastbind servers: ldap://ldap.helsinki.at start_tls: yes tls_check_peer: yes tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem" filter: "uid=%u,ou=People,dc=helsinki,dc=at" postfix_relay_allowed_sender_domains: - helsinki.at