blob: 2eaa0f906634942b15522b08a65a31ea246f44d6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
---
install_jumphost: ch-jump
install:
vm:
memory: 1G
numcpus: 1
autostart: False
disks:
primary: /dev/sda
scsi:
sda:
type: zfs
name: root
size: 10g
properties:
'syncoid:sync': 'false'
interfaces:
- bridge: br-svc
name: svc0
network:
nameservers: "{{ network_zones.svc.dns }}"
domain: "{{ host_domain }}"
systemd_link:
interfaces: "{{ install.interfaces }}"
primary: &_network_primary_
name: svc0
address: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) }}"
gateway: "{{ network_zones.svc.gateway }}"
static_routes:
- destination: "{{ network_zones.lan.prefix }}"
gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}"
interfaces:
- *_network_primary_
postfix_base_mynetworks:
- "127.0.0.0/8"
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
- "{{ network_zones.svc.prefix }}"
- "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['bigmama']) | ansible.utils.ipaddr('address') }}/32"
- "{{ network_zones.legacy.prefix }}" ## TODO: remove once all mail sending hosts are moved out of legacy
postfix_base_mydestination:
- "$myhostname"
- "{{ host_name }}.{{ host_domain }}"
- "localhost"
- mailrelay.helsinki.at
postfix_base_inet_interfaces:
- "all"
postfix_relay_hostname: mailrelay.helsinki.at
postfix_relay_sender_canonical_maps:
rewrite_helsinki_subdomains:
type: regexp
content: |
/^(.+)@(.+)\.helsinki\.at$/i ${1}%${2}@helsinki.at
postfix_relay_local_header_rewrite_clients:
- "permit_inet_interfaces"
- "permit_mynetworks"
postfix_relay_tls:
acme: yes
acme_challenge_nginx_is_default_server: yes
postfix_relay_auth_saslauthd:
mechanism: ldap
ldap_options:
auth_method: fastbind
servers: ldap://ldap.helsinki.at
start_tls: yes
tls_check_peer: yes
tls_cacert_file: "{{ global_files_dir }}/common/ldapscert.pem"
filter: "uid=%u,ou=People,dc=helsinki,dc=at"
postfix_relay_allowed_sender_domains:
- helsinki.at
|
