From 8ebf2d6db3067650191ab96f9d1d2b9c1599d580 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Tue, 8 Oct 2019 20:33:44 +0200 Subject: mail1: add role to set up new mailserver This is just the base OS for now. Let's hope someone who knows more about mail wants to continue.. --- inventory | 1 + mail1.yml | 11 +++++++++++ roles/mail1/files/ens3.network | 10 ++++++++++ roles/mail1/meta/main.yml | 6 ++++++ roles/mail1/tasks/haveged.yml | 12 ++++++++++++ roles/mail1/tasks/main.yml | 24 ++++++++++++++++++++++++ roles/mail1/vars/main.yml | 32 ++++++++++++++++++++++++++++++++ 7 files changed, 96 insertions(+) create mode 100644 mail1.yml create mode 100644 roles/mail1/files/ens3.network create mode 100644 roles/mail1/meta/main.yml create mode 100644 roles/mail1/tasks/haveged.yml create mode 100644 roles/mail1/tasks/main.yml create mode 100644 roles/mail1/vars/main.yml diff --git a/inventory b/inventory index e5b8fd3..4395cd5 100644 --- a/inventory +++ b/inventory @@ -1,4 +1,5 @@ space.labitat.dk +mail1.labitat.dk [rpis] jumbotron.s diff --git a/mail1.yml b/mail1.yml new file mode 100644 index 0000000..5b5f535 --- /dev/null +++ b/mail1.yml @@ -0,0 +1,11 @@ +--- +- hosts: mail1.labitat.dk + pre_tasks: + - name: Detect chroot + set_fact: + chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}" + tags: always + roles: + - mail1 + +# vim: set ts=2 sw=2 et: diff --git a/roles/mail1/files/ens3.network b/roles/mail1/files/ens3.network new file mode 100644 index 0000000..e4c3f7b --- /dev/null +++ b/roles/mail1/files/ens3.network @@ -0,0 +1,10 @@ +[Match] +Name=ens3 + +[Network] +DHCP=no +IPv6AcceptRA=yes +Address=10.72.40.20/24 +Gateway=10.72.40.1 +DNS=10.72.40.1 +Domains=labitat.dk diff --git a/roles/mail1/meta/main.yml b/roles/mail1/meta/main.yml new file mode 100644 index 0000000..1e8f40f --- /dev/null +++ b/roles/mail1/meta/main.yml @@ -0,0 +1,6 @@ +--- +dependencies: +- role: debian +- role: users + +# vim: set ts=2 sw=2 et: diff --git a/roles/mail1/tasks/haveged.yml b/roles/mail1/tasks/haveged.yml new file mode 100644 index 0000000..2b2cb65 --- /dev/null +++ b/roles/mail1/tasks/haveged.yml @@ -0,0 +1,12 @@ +--- +- name: Enable haveged service + systemd: + name: 'haveged.service' + enabled: yes + masked: no + state: started + when: not chroot +- name: '- when in chroot' + command: 'systemctl enable haveged.service' + +# vim: set ts=2 sw=2 et: diff --git a/roles/mail1/tasks/main.yml b/roles/mail1/tasks/main.yml new file mode 100644 index 0000000..c66a6f8 --- /dev/null +++ b/roles/mail1/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install network configuration + copy: + dest: '/etc/systemd/network/10-ens3.network' + src: ens3.network + owner: root + group: root + mode: 0644 + tags: + - networkd-config + +- name: Disable unused services + systemd: + name: '{{ item }}' + enabled: no + with_items: + - remote-fs.target + tags: + - systemd + +- import_tasks: haveged.yml + tags: haveged + +# vim: set ts=2 sw=2 et: diff --git a/roles/mail1/vars/main.yml b/roles/mail1/vars/main.yml new file mode 100644 index 0000000..7bda909 --- /dev/null +++ b/roles/mail1/vars/main.yml @@ -0,0 +1,32 @@ +--- +hostname: 'mail1' + +apt_sources: + base: + components: + - main + - contrib + - non-free + security: + components: + - main + - contrib + - non-free + updates: + components: + - main + - contrib + - non-free + +apt_packages: + 'haveged': present + +journald_conf: + 'Journal.Storage': 'persistent' + +users: + 'esmil': sudo + 'ast': sudo + 'flummer': sudo + +# vim: set ts=2 sw=2 et: -- cgit v1.2.1