From 8ebf2d6db3067650191ab96f9d1d2b9c1599d580 Mon Sep 17 00:00:00 2001
From: Emil Renner Berthing <esmil@labitat.dk>
Date: Tue, 8 Oct 2019 20:33:44 +0200
Subject: mail1: add role to set up new mailserver

This is just the base OS for now. Let's hope
someone who knows more about mail wants
to continue..
---
 roles/mail1/files/ens3.network | 10 ++++++++++
 roles/mail1/meta/main.yml      |  6 ++++++
 roles/mail1/tasks/haveged.yml  | 12 ++++++++++++
 roles/mail1/tasks/main.yml     | 24 ++++++++++++++++++++++++
 roles/mail1/vars/main.yml      | 32 ++++++++++++++++++++++++++++++++
 5 files changed, 84 insertions(+)
 create mode 100644 roles/mail1/files/ens3.network
 create mode 100644 roles/mail1/meta/main.yml
 create mode 100644 roles/mail1/tasks/haveged.yml
 create mode 100644 roles/mail1/tasks/main.yml
 create mode 100644 roles/mail1/vars/main.yml

(limited to 'roles')

diff --git a/roles/mail1/files/ens3.network b/roles/mail1/files/ens3.network
new file mode 100644
index 0000000..e4c3f7b
--- /dev/null
+++ b/roles/mail1/files/ens3.network
@@ -0,0 +1,10 @@
+[Match]
+Name=ens3
+
+[Network]
+DHCP=no
+IPv6AcceptRA=yes
+Address=10.72.40.20/24
+Gateway=10.72.40.1
+DNS=10.72.40.1
+Domains=labitat.dk
diff --git a/roles/mail1/meta/main.yml b/roles/mail1/meta/main.yml
new file mode 100644
index 0000000..1e8f40f
--- /dev/null
+++ b/roles/mail1/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+- role: debian
+- role: users
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/tasks/haveged.yml b/roles/mail1/tasks/haveged.yml
new file mode 100644
index 0000000..2b2cb65
--- /dev/null
+++ b/roles/mail1/tasks/haveged.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable haveged service
+  systemd:
+    name: 'haveged.service'
+    enabled: yes
+    masked: no
+    state: started
+  when: not chroot
+- name: '- when in chroot'
+  command: 'systemctl enable haveged.service'
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/tasks/main.yml b/roles/mail1/tasks/main.yml
new file mode 100644
index 0000000..c66a6f8
--- /dev/null
+++ b/roles/mail1/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Install network configuration
+  copy:
+    dest: '/etc/systemd/network/10-ens3.network'
+    src: ens3.network
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - networkd-config
+
+- name: Disable unused services
+  systemd:
+    name: '{{ item }}'
+    enabled: no
+  with_items:
+  - remote-fs.target
+  tags:
+  - systemd
+
+- import_tasks: haveged.yml
+  tags: haveged
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/mail1/vars/main.yml b/roles/mail1/vars/main.yml
new file mode 100644
index 0000000..7bda909
--- /dev/null
+++ b/roles/mail1/vars/main.yml
@@ -0,0 +1,32 @@
+---
+hostname: 'mail1'
+
+apt_sources:
+  base:
+    components:
+    - main
+    - contrib
+    - non-free
+  security:
+    components:
+    - main
+    - contrib
+    - non-free
+  updates:
+    components:
+    - main
+    - contrib
+    - non-free
+
+apt_packages:
+  'haveged': present
+
+journald_conf:
+  'Journal.Storage': 'persistent'
+
+users:
+  'esmil': sudo
+  'ast': sudo
+  'flummer': sudo
+
+# vim: set ts=2 sw=2 et:
-- 
cgit v1.2.1