blob: e1d0afd177cef2d1ff04b2b3d5da9909d9dd41da (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
---
install_jumphost: ch-jump
install:
vm:
memory: 1G
numcpus: 1
autostart: False
disks:
primary: /dev/sda
scsi:
sda:
type: zfs
name: root
size: 10g
properties:
'syncoid:sync': 'false'
interfaces:
- bridge: br-svc
name: svc0
network:
nameservers: "{{ network_zones.svc.dns }}"
domain: "{{ host_domain }}"
systemd_link:
interfaces: "{{ install.interfaces }}"
primary: &_network_primary_
name: svc0
address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
gateway: "{{ network_zones.svc.gateway }}"
static_routes:
- destination: "{{ network_zones.lan.prefix }}"
gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
interfaces:
- *_network_primary_
ntp_variant: systemd-timesyncd
sshd_allowusers_host: "{{ normal_users_host | union(admin_users_host) | union(['greenbone']) }}"
## test
redis_server_storage:
type: lvm
vg: "{{ host_name }}"
lv: redis
size: 1G
fs: ext4
redis_server_legacy_auth_password: "changeme"
opendkim_admin_mail: postmaster@chaox.org
opendkim_internal_hosts:
- 127.0.0.1
# - "{{ network_zones.lan.prefix }}"
# - "{{ network_zones.svc.prefix }}"
opendkim_domains:
chaox.org:
keys:
test-2024-07:
keylength: 2048
rspamd_web:
hostname: mx0.chaox.org
password: secret
enable_password: very-secret
rspamd_modules_local_config:
antivirus: |
enabled = false;
fuzzy_check: |
enabled = false;
greylist: |
enabled = false;
rbl: |
enabled = false;
rspamd_modules_override_config:
redis: |
servers = "127.0.0.1";
password = "{{ redis_server_legacy_auth_password }}"
postfix_base_mynetworks:
- "127.0.0.0/8"
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
postfix_base_mydestination:
- "$myhostname"
- "{{ host_name }}.{{ host_domain }}"
- "localhost"
- mx0.chaox.org
- mailrelay.chaox.org
postfix_base_inet_interfaces:
- "all"
postfix_base_relayhost: 192.168.28.250
postfix_submission_hostname: mailrelay.chaox.org
postfix_submission_tls:
certificate_provider: static-ca
certificate_config:
ca:
key_content: "{{ chaos_at_home_internal_ca_key }}"
cert_content: "{{ chaos_at_home_internal_ca_cert }}"
postfix_submission_auth_saslauthd:
mechanism: ldap
ldap_options:
auth_method: fastbind
servers: ldaps://ldap.chaos-at-home.org
tls_check_peer: yes
tls_cacert_content: "{{ chaos_at_home_internal_ca_cert }}"
filter: "%u@chaos-at-home.org"
postfix_submission_allowed_sender_domains:
- chaox.org
postfix_submission_dkim_signer: "opendkim"
postfix_mx_spam_filter: "rspamd"
|
