Merge pull request 'kunsi-feature-rspamd-rotating-keys' (#3) from kunsi-feature-rspamd-rotating-keys into main
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
Reviewed-on: https://git.kunsmann.eu/kunsi/bundlewrap/pulls/3
This commit is contained in:
commit
277808a9c5
8 changed files with 40 additions and 8 deletions
|
@ -1,4 +1,4 @@
|
||||||
# TODO
|
|
||||||
path = "/var/lib/rspamd/dkim/$selector.key";
|
path = "/var/lib/rspamd/dkim/$selector.key";
|
||||||
|
# selector = "${node.metadata['rspamd']['dkim']}";
|
||||||
selector = "2019";
|
selector = "2019";
|
||||||
allow_username_mismatch = true;
|
allow_username_mismatch = true;
|
||||||
|
|
|
@ -20,6 +20,11 @@ directories = {
|
||||||
'svc_systemd:rspamd:restart',
|
'svc_systemd:rspamd:restart',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'/var/lib/rspamd/dkim': {
|
||||||
|
'owner': '_rspamd',
|
||||||
|
'group': '_rspamd',
|
||||||
|
'mode': '0750',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
svc_systemd = {
|
svc_systemd = {
|
||||||
|
@ -51,16 +56,40 @@ files = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
actions = {
|
||||||
|
'rspamd_assure_dkim_key_permissions': {
|
||||||
|
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
|
||||||
|
'needs': {
|
||||||
|
'directory:/var/lib/rspamd/dkim',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
# TODO manage this using bundlewrap
|
# TODO manage this using bundlewrap
|
||||||
if node.metadata.get('rspamd', {}).get('dkim', False):
|
if 'dkim' in node.metadata.get('rspamd', {}):
|
||||||
for i in {'arc', 'dkim_signing'}:
|
for i in {'arc', 'dkim_signing'}:
|
||||||
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
||||||
'source': 'dkim.conf',
|
'source': 'dkim.conf',
|
||||||
|
'content_type': 'mako',
|
||||||
|
'needs': {
|
||||||
|
'action:rspamd_generate_dkim_key',
|
||||||
|
},
|
||||||
'triggers': {
|
'triggers': {
|
||||||
'svc_systemd:rspamd:restart',
|
'svc_systemd:rspamd:restart',
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
actions['rspamd_generate_dkim_key'] = {
|
||||||
|
'command': node.metadata['rspamd']['dkim'].format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{0}" -b 2048 -k "{0}.key" > "{0}.txt"'),
|
||||||
|
'unless': node.metadata['rspamd']['dkim'].format_into('test -f "/var/lib/rspamd/dkim/{0}.key"'),
|
||||||
|
'needs': {
|
||||||
|
'directory:/var/lib/rspamd/dkim',
|
||||||
|
},
|
||||||
|
'needed_by': {
|
||||||
|
'action:rspamd_assure_dkim_key_permissions',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
if 'password' in node.metadata.get('rspamd', {}):
|
if 'password' in node.metadata.get('rspamd', {}):
|
||||||
files['/etc/rspamd/local.d/worker-controller.inc'] = {
|
files['/etc/rspamd/local.d/worker-controller.inc'] = {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
|
|
|
@ -31,6 +31,9 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
'rspamd': {
|
||||||
|
'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'),
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -39,3 +39,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||||
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
|
_token._dnswl IN TXT "gg3mbwjx9bbuo5osvh7oz6bc881wcmc"
|
||||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||||
|
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||||
|
|
|
@ -32,6 +32,9 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||||
_token._dnswl IN TXT "6akc10htbgmg56e072w0w2n0wql4oezu"
|
_token._dnswl IN TXT "6akc10htbgmg56e072w0w2n0wql4oezu"
|
||||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||||
|
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||||
|
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||||
|
|
||||||
f2k1.de._report._dmarc IN TXT "v=DMARC1"
|
f2k1.de._report._dmarc IN TXT "v=DMARC1"
|
||||||
franzi.business._report._dmarc IN TXT "v=DMARC1"
|
franzi.business._report._dmarc IN TXT "v=DMARC1"
|
||||||
kunsmann.eu._report._dmarc IN TXT "v=DMARC1"
|
kunsmann.eu._report._dmarc IN TXT "v=DMARC1"
|
||||||
|
|
|
@ -35,3 +35,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||||
|
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||||
|
|
|
@ -16,3 +16,4 @@ _mta-sts IN TXT "v=STSv1;id=20201111;"
|
||||||
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net"
|
||||||
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
_token._dnswl IN TXT "5mx0rv9ru8s1zz4tf4xlt48osh09czmg"
|
||||||
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
2019._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg6UAcu3V98hal1UVf6yB0WT1CKDS0AK83CUlSP8bUwraPxkxK1nkQOUsmjbQs6a3FhdsKprMi32GeUaTVvZg81JIybPk3jNugfNWfSjs2TXPomYu+XD2pmmbR3cZlzC5NGR2nmBFt/P/S2ihPHj35KziiBIwK1TdvOi1M2+upCjK33Icco0ByCm0gJpD2O0cbqcBcUKqd6X440vYhNXH1ygp0e91P0iRnvS9sg6yD0xjD8kD6j/8GfxBY+9bpU3EvDoBgyJSbjw5b6PUVJbKMXzw1NIRNj0SXKs5BakjS8+7u62vR11IPCYRwy+yr0rDT0tNegM7gStIIgoTpOoQIDAQAB"
|
||||||
|
uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB"
|
||||||
|
|
|
@ -58,11 +58,6 @@ nodes['htz.ex42-1048908'] = {
|
||||||
'deb http://deb.debian.org/debian {os_release}-backports main',
|
'deb http://deb.debian.org/debian {os_release}-backports main',
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
'rspamd': {
|
|
||||||
'items': {
|
|
||||||
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'weechat': {
|
'weechat': {
|
||||||
'items': {
|
'items': {
|
||||||
'deb https://weechat.org/debian {os_release} main',
|
'deb https://weechat.org/debian {os_release} main',
|
||||||
|
@ -304,7 +299,6 @@ nodes['htz.ex42-1048908'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'rspamd': {
|
'rspamd': {
|
||||||
'dkim': True,
|
|
||||||
'ignore_spam_check_for_ips': {
|
'ignore_spam_check_for_ips': {
|
||||||
# entropia
|
# entropia
|
||||||
'188.40.158.213',
|
'188.40.158.213',
|
||||||
|
|
Loading…
Reference in a new issue