mail1: add role to set up new mailserver

This is just the base OS for now. Let's hope
someone who knows more about mail wants
to continue..

7 files changed, 96 insertions, 0 deletions

diff --git a/inventory b/inventory
index e5b8fd3..4395cd5 100644
--- a/inventory
+++ b/inventory
@@ -1,4 +1,5 @@
 space.labitat.dk
+mail1.labitat.dk
 
 [rpis]
 jumbotron.s
diff --git a/mail1.yml b/mail1.yml
new file mode 100644
index 0000000..5b5f535
--- /dev/null
+++ b/mail1.yml
@@ -0,0 +1,11 @@
+---
+- hosts: mail1.labitat.dk
+  pre_tasks:
+  - name: Detect chroot
+    set_fact:
+      chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}"
+    tags: always
+  roles:
+  - mail1
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/files/ens3.network b/roles/mail1/files/ens3.network
new file mode 100644
index 0000000..e4c3f7b
--- /dev/null
+++ b/roles/mail1/files/ens3.network
@@ -0,0 +1,10 @@
+[Match]
+Name=ens3
+
+[Network]
+DHCP=no
+IPv6AcceptRA=yes
+Address=10.72.40.20/24
+Gateway=10.72.40.1
+DNS=10.72.40.1
+Domains=labitat.dk
diff --git a/roles/mail1/meta/main.yml b/roles/mail1/meta/main.yml
new file mode 100644
index 0000000..1e8f40f
--- /dev/null
+++ b/roles/mail1/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+- role: debian
+- role: users
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/tasks/haveged.yml b/roles/mail1/tasks/haveged.yml
new file mode 100644
index 0000000..2b2cb65
--- /dev/null
+++ b/roles/mail1/tasks/haveged.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable haveged service
+  systemd:
+    name: 'haveged.service'
+    enabled: yes
+    masked: no
+    state: started
+  when: not chroot
+- name: '- when in chroot'
+  command: 'systemctl enable haveged.service'
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/tasks/main.yml b/roles/mail1/tasks/main.yml
new file mode 100644
index 0000000..c66a6f8
--- /dev/null
+++ b/roles/mail1/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Install network configuration
+  copy:
+    dest: '/etc/systemd/network/10-ens3.network'
+    src: ens3.network
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - networkd-config
+
+- name: Disable unused services
+  systemd:
+    name: '{{ item }}'
+    enabled: no
+  with_items:
+  - remote-fs.target
+  tags:
+  - systemd
+
+- import_tasks: haveged.yml
+  tags: haveged
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/vars/main.yml b/roles/mail1/vars/main.yml
new file mode 100644
index 0000000..7bda909
--- /dev/null
+++ b/roles/mail1/vars/main.yml
@@ -0,0 +1,32 @@
+---
+hostname: 'mail1'
+
+apt_sources:
+  base:
+    components:
+    - main
+    - contrib
+    - non-free
+  security:
+    components:
+    - main
+    - contrib
+    - non-free
+  updates:
+    components:
+    - main
+    - contrib
+    - non-free
+
+apt_packages:
+  'haveged': present
+
+journald_conf:
+  'Journal.Storage': 'persistent'
+
+users:
+  'esmil': sudo
+  'ast': sudo
+  'flummer': sudo
+
+# vim: set ts=2 sw=2 et: