nodes/rx300: prepare for moving mail

2021-07-18 07:56:49 +02:00 · 2021-07-18 07:56:49 +02:00 · 58f33b86c4
commit 58f33b86c4
parent 66fce8e076
1 changed files with 56 additions and 0 deletions
--- a/nodes/rx300.py
+++ b/nodes/rx300.py
@ -8,6 +8,7 @@ nodes['rx300'] = {
    'hostname': '31.47.232.106',
    'bundles': {
        'check-mail-received',
+        #'dovecot',
        'element-web',
        'gitea',
        'jenkins-ci',
@ -15,7 +16,12 @@ nodes['rx300'] = {
        'miniflux',
        'nodejs',
        'php',
+        #'postfixadmin',
        'postgresql',
+        'redis',
+        # does not yet have packages for bullseye, buster version depends
+        # on libicu63, which does not exist in bullseye (but libicu67)
+        #'rspamd',
        'smartd',
        'travelynx',
        'vmhost',
@ -231,6 +237,12 @@ nodes['rx300'] = {
                    'ssl': '_.franzi.business',
                    'extras': True,
                },
+                'postfixadmin': {
+                    'domain': 'postfixadmin.franzi.business',
+                    'ssl': '_.franzi.business',
+                    'webroot': '/opt/postfixadmin/public/',
+                    'php': True,
+                },
                'unicornsden-redirect': {
                    'domain': 'unicornsden.franzi.business',
                    'ssl': '_.franzi.business',
@ -275,9 +287,53 @@ nodes['rx300'] = {
                'xml',
            },
        },
+        'postfix': {
+            'message_size_limit_mb': 50,
+            'mynetworks': {
+                'ovh',
+            },
+        },
+        'postfixadmin': {
+            'version': '3.3.9',
+            'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
+        },
        'postgresql': {
            'version': '13',
        },
+        'rspamd': {
+            'ignore_spam_check_for_ips': {
+                # entropia
+                ## hetzner (legacy)
+                '188.40.158.213',
+                '188.40.158.214',
+                '188.40.158.218',
+                '2a01:4f8:221:2f83:2130::2',
+                '2a01:4f8:221:2f83:2140::2',
+                '2a01:4f8:221:2f83:2180::2',
+                # yolocolo
+                '45.140.180.32/27', # Entropia e. V.
+                '45.140.180.112/28', # MicroPOC
+                '2a0e:c5c0:0:201::/64', # Entropia e. V.
+                '2a0e:c5c0:0:307::/64', # MicroPOC
+
+                # ccc
+                '212.12.55.65',
+                '212.12.55.67',
+                '2a00:14b0:4200:3000:23:55:0:65',
+
+                # IN-Berlin mailman
+                '130.133.8.35',
+                '192.109.42.28',
+                '192.109.42.122',
+                '193.29.188.9',
+                '217.197.80.23',
+                '217.197.80.134',
+                '2001:bf0:c000:a::2:134',
+            },
+            # TODO change this
+            'password': bwpass.password('rspamd.mx0.kunbox.net'),
+            'dkim': 'uO4aNejDvVdw8BKne3KJIqAvCQMJ0416',
+        },
        'smartd': {
            'disks': {
                '/dev/nvme0',