From dd8fd452eb2442a74fe02f9847699c64a2f92240 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Fri, 1 Sep 2023 05:55:27 +0200 Subject: [PATCH] move mail from rx300 to carlene --- groups/locations.py | 6 ++-- nodes/carlene.toml | 77 ++++++++++++++++++++++++++++++++++++++++++--- nodes/rx300.py | 63 ------------------------------------- 3 files changed, 76 insertions(+), 70 deletions(-) diff --git a/groups/locations.py b/groups/locations.py index 15177f6..63447d6 100644 --- a/groups/locations.py +++ b/groups/locations.py @@ -22,7 +22,7 @@ groups['gce'] = { # It's fine to do this without authentificating to the relayhost. # These Systems are not supposed to send mail anywhere else # than our own domains. - 'relayhost': '[rx300.kunbox.net]:2525', + 'relayhost': '[mail.franzi.business]:2525', }, 'sysctl': { 'options': { @@ -90,7 +90,7 @@ groups['home'] = { # It's fine to do this without authentificating to the relayhost. # These Systems are not supposed to send mail anywhere else # than our own domains. - 'relayhost': '[rx300.kunbox.net]:2525', + 'relayhost': '[mail.franzi.business]:2525', }, }, } @@ -102,7 +102,7 @@ groups['ovh'] = { 'metadata': { 'location': 'ovh', 'postfix': { - 'relayhost': '[rx300.kunbox.net]:2525', + 'relayhost': '[mail.franzi.business]:2525', }, 'users': { 'debian': { diff --git a/nodes/carlene.toml b/nodes/carlene.toml index 05c5a0b..c761435 100644 --- a/nodes/carlene.toml +++ b/nodes/carlene.toml @@ -4,6 +4,8 @@ groups = [ "webserver", ] bundles = [ + "check-mail-received", + "dovecot", "element-web", "forgejo", "matrix-media-repo", @@ -14,10 +16,12 @@ bundles = [ "netbox", "nodejs", "ntfy", - "redis", - "smartd", - "check-mail-received", + "php", + "postfixadmin", "postgresql", + "redis", + "rspamd", + "smartd", "travelynx", "weechat", "zfs", @@ -110,10 +114,13 @@ domain = "netbox.franzi.business" version = "v3.5.8" admins.kunsi = "hostmaster@kunbox.net" +[metadata.nginx.'security.txt'] +contact = "mailto:security@kunsmann.eu" +Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc" + [metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config] owner = "skye" - [metadata.ntfy] domain = "ntfy.franzi.business" ratelimit-exempt-hosts = [ @@ -122,9 +129,71 @@ ratelimit-exempt-hosts = [ "rx300", ] +[metadata.php] +version = "8.2" +packages = [ + 'gd', + 'imagick', + 'imap', + 'intl', + 'mbstring', + 'opcache', + 'pgsql', + 'readline', + 'xml', + 'yaml', +] + +[metadata.postfix] +message_size_limit_mb = 100 +myhostname = "mail.franzi.business" +mynetworks = ["gce", "ovh"] + +[metadata.postfixadmin] +domain = "postfixadmin.franzi.business" +setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ==" +version = "3.3.13" + [metadata.postgresql] version = 15 +[metadata.rspamd] +ignore_spam_check_for_ips = [ + # entropia + '45.140.180.32/27', # Entropia e. V. + '45.140.180.112/28', # MicroPOC + '2a0e:c5c0:0:201::/64', # Entropia e. V. + '2a0e:c5c0:0:307::/64', # MicroPOC + + # c3kl + '116.202.19.236', + '2a01:4f8:1c17:cc52::/64', + + # ccc + '212.12.55.65', + '212.12.55.67', + '2a00:14b0:4200:3000:23:55:0:65', + + # IN-Berlin mailman + '130.133.8.35', + '192.109.42.28', + '192.109.42.122', + '193.29.188.9', + '217.197.80.23', + '217.197.80.134', + '2001:bf0:c000:a::2:134', + + # c3voc + '185.106.84.32/26', + '2001:67c:20a0:e::/64', + + # DENOG + '195.20.121.100', + '2001:1440:201:101::5', +] +password = "!bwpass:bw/rx300/rspamd" +dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416" + [metadata.smartd] disks = [ "/dev/nvme0", diff --git a/nodes/rx300.py b/nodes/rx300.py index c7f07be..bccf91a 100644 --- a/nodes/rx300.py +++ b/nodes/rx300.py @@ -8,7 +8,6 @@ nodes['rx300'] = { 'hostname': '31.47.232.106', 'bundles': { 'check-mail-received', - 'dovecot', 'ipmitool', 'jenkins-ci', 'jugendhackt_tools', @@ -18,11 +17,9 @@ nodes['rx300'] = { 'nodejs', 'oidentd', 'php', - 'postfixadmin', 'postgresql', 'radicale', 'redis', - 'rspamd', 'smartd', 'unbound', 'vmhost', @@ -213,18 +210,6 @@ nodes['rx300'] = { 'owner': 'kunsi', }, }, - 'postfixadmin': { - 'domain': 'postfixadmin.franzi.business', - 'ssl': '_.franzi.business', - 'webroot': '/opt/postfixadmin/public/', - 'php': True, - 'locations': { - '/rspamd/': { - 'target': 'http://localhost:11334/', - 'websockets': True, - }, - } - }, 'wiki.franzi.business': { 'ssl': '_.franzi.business', 'extras': True, @@ -262,17 +247,6 @@ nodes['rx300'] = { 'yaml', }, }, - 'postfix': { - 'message_size_limit_mb': 75, - 'mynetworks': { - 'gce', - 'ovh', - }, - }, - 'postfixadmin': { - 'version': '3.3.13', - 'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='), - }, 'postgresql': { 'version': '13', 'max_connections': 500, @@ -287,43 +261,6 @@ nodes['rx300'] = { 'kunsi': bwpass.password('radicale.franzi.business/kunsi'), }, }, - 'rspamd': { - 'ignore_spam_check_for_ips': { - # entropia - '45.140.180.32/27', # Entropia e. V. - '45.140.180.112/28', # MicroPOC - '2a0e:c5c0:0:201::/64', # Entropia e. V. - '2a0e:c5c0:0:307::/64', # MicroPOC - - # c3kl - '116.202.19.236', - '2a01:4f8:1c17:cc52::/64', - - # ccc - '212.12.55.65', - '212.12.55.67', - '2a00:14b0:4200:3000:23:55:0:65', - - # IN-Berlin mailman - '130.133.8.35', - '192.109.42.28', - '192.109.42.122', - '193.29.188.9', - '217.197.80.23', - '217.197.80.134', - '2001:bf0:c000:a::2:134', - - # c3voc - '185.106.84.32/26', - '2001:67c:20a0:e::/64', - - # DENOG - '195.20.121.100', - '2001:1440:201:101::5', - }, - 'password': bwpass.password('bw/rx300/rspamd'), - 'dkim': 'uO4aNejDvVdw8BKne3KJIqAvCQMJ0416', - }, 'smartd': { 'disks': { '/dev/nvme0',