From 2a7ab3a1837bef48fa67591af64e7d6b621af9a3 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 21 Aug 2021 07:34:18 +0200 Subject: [PATCH] move mail to rx300 --- .../bind-zones/die-brontosaurier-waren-es.org | 2 +- .../files/bind-zones/felix-kunsmann.de | 2 +- .../files/bind-zones/flauschehorn.sexy | 2 +- .../powerdns/files/bind-zones/franzi.business | 9 +- data/powerdns/files/bind-zones/kunbox.net | 6 +- data/powerdns/files/bind-zones/kunsmann.eu | 9 +- .../powerdns/files/bind-zones/trans-agenda.eu | 3 +- nodes/htz/ex42-1048908.py | 105 ------------------ nodes/rx300.py | 27 +++-- 9 files changed, 32 insertions(+), 133 deletions(-) diff --git a/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org b/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org index b2a06d9..8633268 100644 --- a/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org +++ b/data/powerdns/files/bind-zones/die-brontosaurier-waren-es.org @@ -5,5 +5,5 @@ $ORIGIN die-brontosaurier-waren-es.org. ; ends up on rx300.kunbox.net @ IN A 31.47.232.106 IN AAAA 2a00:f820:528::2 - IN MX 10 mx0.kunbox.net. + IN MX 10 rx300.kunbox.net. IN TXT "v=spf1 mx ~all" diff --git a/data/powerdns/files/bind-zones/felix-kunsmann.de b/data/powerdns/files/bind-zones/felix-kunsmann.de index 46f6cca..ea21366 100644 --- a/data/powerdns/files/bind-zones/felix-kunsmann.de +++ b/data/powerdns/files/bind-zones/felix-kunsmann.de @@ -2,4 +2,4 @@ ${header} $ORIGIN felix-kunsmann.de. -@ IN MX 10 mx0.kunbox.net. +@ IN MX 10 rx300.kunbox.net. diff --git a/data/powerdns/files/bind-zones/flauschehorn.sexy b/data/powerdns/files/bind-zones/flauschehorn.sexy index 3b6e8a1..ac032b6 100644 --- a/data/powerdns/files/bind-zones/flauschehorn.sexy +++ b/data/powerdns/files/bind-zones/flauschehorn.sexy @@ -4,7 +4,7 @@ $ORIGIN flauschehorn.sexy. @ IN A 5.189.140.103 IN AAAA 2a02:c207:3002:8320:feed:f2c1:c0ff:ee - IN MX 10 mx0.kunbox.net. + IN MX 10 rx300.kunbox.net. IN TXT "v=spf1 mx ~all" _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" diff --git a/data/powerdns/files/bind-zones/franzi.business b/data/powerdns/files/bind-zones/franzi.business index 74f52c5..5ed8c59 100644 --- a/data/powerdns/files/bind-zones/franzi.business +++ b/data/powerdns/files/bind-zones/franzi.business @@ -5,7 +5,7 @@ $ORIGIN franzi.business. ; ends up on rx300.kunbox.net @ IN A 31.47.232.106 IN AAAA 2a00:f820:528::2 - IN MX 10 mx0.kunbox.net. + IN MX 10 rx300.kunbox.net. IN TXT "v=spf1 mx ~all" chat IN CNAME rx300.kunbox.net. @@ -13,14 +13,11 @@ dimension IN CNAME rx300.kunbox.net. git IN CNAME rx300.kunbox.net. jenkins IN CNAME rx300.kunbox.net. matrix IN CNAME rx300.kunbox.net. - -mta-sts IN A 94.130.52.224 -mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 - +mta-sts IN CNAME rx300.kunbox.net. sewfile IN CNAME sewfile.htz-cloud.kunbox.net. IN TXT "v=spf1 a mx ~all" - paste IN CNAME rx300.kunbox.net. +postfixadmin IN CNAME rx300.kunbox.net. radicale IN CNAME rx300.kunbox.net. rss IN CNAME rx300.kunbox.net. status IN CNAME icinga2.ovh.kunbox.net. diff --git a/data/powerdns/files/bind-zones/kunbox.net b/data/powerdns/files/bind-zones/kunbox.net index aaf6ca1..505a73d 100644 --- a/data/powerdns/files/bind-zones/kunbox.net +++ b/data/powerdns/files/bind-zones/kunbox.net @@ -7,15 +7,15 @@ $ORIGIN kunbox.net. IN AAAA 2a00:f820:528::2 ; Needs to have a working Mail address, otherwise Telekom goes mimimi - IN MX 10 mx0 + IN MX 10 rx300 IN TXT "v=spf1 mx ~all" ; Mail servers mx0 IN A 94.130.52.224 IN AAAA 2a01:4f8:10b:2a5f::2 IN AAAA 2a01:4f8:10b:2a5f::1337 -mta-sts IN CNAME mx0 -mta-sts.mx0 IN CNAME mx0 +mta-sts IN CNAME rx300 +mta-sts.mx0 IN CNAME rx300 postfixadmin.mx0 IN CNAME mx0 rspamd.mx0 IN CNAME mx0 webmail.mx0 IN CNAME mx0 diff --git a/data/powerdns/files/bind-zones/kunsmann.eu b/data/powerdns/files/bind-zones/kunsmann.eu index a51deaf..03d2be9 100644 --- a/data/powerdns/files/bind-zones/kunsmann.eu +++ b/data/powerdns/files/bind-zones/kunsmann.eu @@ -5,7 +5,7 @@ $ORIGIN kunsmann.eu. ; ends up on rx300.kunbox.net @ IN A 31.47.232.106 IN AAAA 2a00:f820:528::2 - IN MX 10 mx0.kunbox.net. + IN MX 10 rx300.kunbox.net. IN TXT "v=spf1 mx ~all" dav IN A 94.130.52.224 @@ -16,14 +16,13 @@ icinga IN CNAME icinga2.ovh.kunbox.net. influxdb IN CNAME influxdb.htz-cloud.kunbox.net. statusmonitor.icinga IN CNAME icinga2.ovh.kunbox.net. -mta-sts IN A 94.130.52.224 -mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 +mta-sts IN CNAME rx300.kunbox.net. luther-ps IN CNAME luther.htz-cloud.kunbox.net. ; legacy, for redirect -git IN CNAME ex42-1048908.htz.kunbox.net. -paste IN CNAME ex42-1048908.htz.kunbox.net. +git IN CNAME ex42-1048908.htz.kunbox.net. +paste IN CNAME ex42-1048908.htz.kunbox.net. _dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@kunsmann.eu; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" _mta-sts IN TXT "v=STSv1;id=20201111;" diff --git a/data/powerdns/files/bind-zones/trans-agenda.eu b/data/powerdns/files/bind-zones/trans-agenda.eu index 0431a29..c7457fb 100644 --- a/data/powerdns/files/bind-zones/trans-agenda.eu +++ b/data/powerdns/files/bind-zones/trans-agenda.eu @@ -5,8 +5,7 @@ $ORIGIN trans-agenda.eu. @ IN MX 10 mx0.kunbox.net. IN TXT "v=spf1 a mx ~all" -mta-sts IN A 94.130.52.224 -mta-sts IN AAAA 2a01:4f8:10b:2a5f::2 +mta-sts IN CNAME rx300.kunbox.net. part.of.the IN A 94.130.52.224 part.of.the IN AAAA 2a01:4f8:10b:2a5f::1337 diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py index 04a7182..5d3f28e 100644 --- a/nodes/htz/ex42-1048908.py +++ b/nodes/htz/ex42-1048908.py @@ -1,18 +1,8 @@ nodes['htz.ex42-1048908'] = { 'bundles': { - # to be migrated to rx300 - 'dovecot', - 'postfixadmin', - 'redis', - 'rspamd', - - # no migration needed 'check-mail-received', 'lm-sensors', - 'nodejs', - 'php', 'postgresql', - 'unbound', 'smartd', 'vmhost', }, @@ -32,37 +22,6 @@ nodes['htz.ex42-1048908'] = { 'gateway6': 'fe80::1', }, }, - 'apt': { - 'packages': { - # TODO - 'php-imagick': {}, - - # No need to create a bundle just to install packages, - # configs will be managed by users nevertheless. - 'mosh': {}, - 'weechat': {}, - 'weechat-core': {}, - 'weechat-curses': {}, - 'weechat-perl': {}, - 'weechat-plugins': {}, - 'weechat-python': {}, - 'weechat-ruby': {}, - }, - 'repos': { - 'backports': { - 'install_gpg_key': False, # default debian signing key - 'items': { - 'deb http://deb.debian.org/debian {os_release}-backports main', - }, - }, - }, - }, - 'backups': { - 'paths': { - '/home/kunsi/.weechat', - '/opt/matrix/matrix-dimension', - }, - }, 'check-mail-received': { 't-online': { 'email': 'franzi.kunsmann@t-online.de', @@ -119,15 +78,6 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'mta-sts': { - 'domain': 'mta-sts.mx0.kunbox.net', - 'domain_aliases': { - 'mta-sts.franzi.business', - 'mta-sts.kunbox.net', - 'mta-sts.kunsmann.eu', - 'mta-sts.trans-agenda.eu', - }, - }, 'paste.kunsmann.eu': { 'locations': { '/': { @@ -135,19 +85,6 @@ nodes['htz.ex42-1048908'] = { }, }, }, - 'postfixadmin.mx0.kunbox.net': { - 'webroot': '/opt/postfixadmin/public/', - 'php': True, - 'website_check_path': '/login.php', - 'website_check_string': 'login', - }, - 'rspamd.mx0.kunbox.net': { - 'locations': { - '/': { - 'target': 'http://localhost:11334/', - }, - }, - }, 'vliedel.random.franzi.business': { 'webroot_config': { 'mode': '0775', @@ -155,44 +92,9 @@ nodes['htz.ex42-1048908'] = { 'group': 'vliedel', }, }, - 'webmail.mx0.kunbox.net': { - 'php': True, - 'website_check_path': '/', - 'website_check_string': 'roundcube', - }, }, 'worker_processes': 4, }, - 'php': { - 'version': '7.4', - 'packages': { - 'gd', - 'imap', - 'intl', - 'json', - 'mbstring', - 'opcache', - 'pgsql', - 'readline', - 'xml', - }, - }, - 'postfix': { - 'myhostname': 'mx0.kunbox.net', - 'message_size_limit_mb': 50, - 'mynetworks': { - 'ovh', - }, - }, - 'postfixadmin': { - 'version': '3.3.10', - 'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='), - }, - 'radicale': { - 'users': { - 'kunsi': bwpass.password('dav.kunsmann.eu/kunsi'), - }, - }, 'rspamd': { 'ignore_spam_check_for_ips': { # entropia @@ -249,16 +151,9 @@ nodes['htz.ex42-1048908'] = { 'kunsi': { 'enable_linger': True, 'groups': [ - 'www-data', 'libvirt', ], }, - 'vliedel': { - 'ssh_pubkey': { - 'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVOBnzs/QDzhvg70VK6xaV318Euaag1cWNjAJfsA266618UiZVx4xsHzNwYN960v0MhiVPMwnl3NoGWAT9/j/b5l3HAkihv4rEPYQkoGV0Mvtwee37dT5nCL8o54Kl+rhl4WPD4Ju5+iZ3AP84YMUJXUrETpZLRzQD1pKOWLaGxBSJolICjz5A7glDVNmvI8uH58EkzhA7q4lCPhzFLxfvFfJPRuEHdVViL2usvHpRnIDRQOCjLYF2fIpG3ULrvWGl4VZ+9cZCNqSN6ywjlH8U8e5Vc3Fi4sbqYh71LrBqs/lSJ+5BL9/rB3GZD1SVTbivyEDJGJu3HPDV4ahwYYKn minecraft@irc', - 'command="/usr/local/bin/rrsync /var/www/vliedel.random.franzi.business/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVB179psVd1HMcqOvQm0BXzVELake6ZFCZeV6DnR2/6baLvRqne/PWtfMDQpT9joc0iZtjW7dhI96Wga89PccaG1OnjzBuHDU9xRQ9pKYn64czmJYiG3uDKCPAWUnzvuqzMU3Prq9JWdjURwkEIRkwE98dzaLcUvop3DdbWFluGgq6+btP4UBc0Dkkd/EjngQsbcs2bPE935ySEW7rHBfOm/1bMjmyNx/5tCqfJI6GblSLRvWRhXmJJmKJM1GjdoBOuFS68mhPgkvP6An+nTzlWBsiilYjokYlbL3avveqiQV/qySAKkwX2nsAnYhY+sjoohcWzlhTWX9yq7yk7N8dJAEKAhpHFaLAXTwhkKG6qeUma194Z/ADHnP4YaD645dq+FAjflKIl430JlKe4FxkT77mOIf90prLCFenYfrEl4f4/lazKBudcmauhX+8oa/FPfuw+Nhc4q5oIAZDoiKdOLRPYInT/2kPv2xkLioi124UDotkEMnS4FennCxaq3Rf13AXkyQfc945RClkjAzEp6dU+82B9Oy+civUnEOtWQZcbrWTAeNMo6sg7fJoS+md8PxhOZ5QWR+uc/388idpxeOlGJTRpFYGQDMTXcexey0caSJuK9r/Qee2shMOoIjUwn0Z8LOUtI3m5UCpF9jbAWcp/7KXRr4L/itgsVhN7Q== minecraft@asus-mini', - }, - }, }, 'vm': { 'cpu': 8, diff --git a/nodes/rx300.py b/nodes/rx300.py index 5752bdf..d91adad 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -8,7 +8,7 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { 'check-mail-received', - #'dovecot', + 'dovecot', 'element-web', 'gitea', 'jenkins-ci', @@ -23,11 +23,11 @@ nodes['rx300'] = { 'nodejs', 'oidentd', 'php', - #'postfixadmin', + 'postfixadmin', 'postgresql', 'radicale', 'redis', - #'rspamd', + 'rspamd', 'smartd', 'travelynx', 'unbound', @@ -317,6 +317,15 @@ nodes['rx300'] = { }, }, }, + 'mta-sts': { + 'domain': 'mta-sts.kunbox.net', + 'domain_aliases': { + 'mta-sts.franzi.business', + 'mta-sts.mx0.kunbox.net', + 'mta-sts.kunsmann.eu', + 'mta-sts.trans-agenda.eu', + }, + }, 'paste.franzi.business': { 'ssl': '_.franzi.business', 'extras': True, @@ -324,12 +333,12 @@ nodes['rx300'] = { 'owner': 'kunsi', }, }, -# 'postfixadmin': { -# 'domain': 'postfixadmin.franzi.business', -# 'ssl': '_.franzi.business', -# 'webroot': '/opt/postfixadmin/public/', -# 'php': True, -# }, + 'postfixadmin': { + 'domain': 'postfixadmin.franzi.business', + 'ssl': '_.franzi.business', + 'webroot': '/opt/postfixadmin/public/', + 'php': True, + }, 'unicornsden-redirect': { 'domain': 'unicornsden.franzi.business', 'ssl': '_.franzi.business',