move mail from rx300 to carlene

This commit is contained in:
Franzi 2023-09-01 05:55:27 +02:00
parent 97afd6c522
commit dd8fd452eb
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 76 additions and 70 deletions

View file

@ -22,7 +22,7 @@ groups['gce'] = {
# It's fine to do this without authentificating to the relayhost. # It's fine to do this without authentificating to the relayhost.
# These Systems are not supposed to send mail anywhere else # These Systems are not supposed to send mail anywhere else
# than our own domains. # than our own domains.
'relayhost': '[rx300.kunbox.net]:2525', 'relayhost': '[mail.franzi.business]:2525',
}, },
'sysctl': { 'sysctl': {
'options': { 'options': {
@ -90,7 +90,7 @@ groups['home'] = {
# It's fine to do this without authentificating to the relayhost. # It's fine to do this without authentificating to the relayhost.
# These Systems are not supposed to send mail anywhere else # These Systems are not supposed to send mail anywhere else
# than our own domains. # than our own domains.
'relayhost': '[rx300.kunbox.net]:2525', 'relayhost': '[mail.franzi.business]:2525',
}, },
}, },
} }
@ -102,7 +102,7 @@ groups['ovh'] = {
'metadata': { 'metadata': {
'location': 'ovh', 'location': 'ovh',
'postfix': { 'postfix': {
'relayhost': '[rx300.kunbox.net]:2525', 'relayhost': '[mail.franzi.business]:2525',
}, },
'users': { 'users': {
'debian': { 'debian': {

View file

@ -4,6 +4,8 @@ groups = [
"webserver", "webserver",
] ]
bundles = [ bundles = [
"check-mail-received",
"dovecot",
"element-web", "element-web",
"forgejo", "forgejo",
"matrix-media-repo", "matrix-media-repo",
@ -14,10 +16,12 @@ bundles = [
"netbox", "netbox",
"nodejs", "nodejs",
"ntfy", "ntfy",
"redis", "php",
"smartd", "postfixadmin",
"check-mail-received",
"postgresql", "postgresql",
"redis",
"rspamd",
"smartd",
"travelynx", "travelynx",
"weechat", "weechat",
"zfs", "zfs",
@ -110,10 +114,13 @@ domain = "netbox.franzi.business"
version = "v3.5.8" version = "v3.5.8"
admins.kunsi = "hostmaster@kunbox.net" admins.kunsi = "hostmaster@kunbox.net"
[metadata.nginx.'security.txt']
contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"
[metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config] [metadata.nginx.vhosts.'gaenseblum.eu'.webroot_config]
owner = "skye" owner = "skye"
[metadata.ntfy] [metadata.ntfy]
domain = "ntfy.franzi.business" domain = "ntfy.franzi.business"
ratelimit-exempt-hosts = [ ratelimit-exempt-hosts = [
@ -122,9 +129,71 @@ ratelimit-exempt-hosts = [
"rx300", "rx300",
] ]
[metadata.php]
version = "8.2"
packages = [
'gd',
'imagick',
'imap',
'intl',
'mbstring',
'opcache',
'pgsql',
'readline',
'xml',
'yaml',
]
[metadata.postfix]
message_size_limit_mb = 100
myhostname = "mail.franzi.business"
mynetworks = ["gce", "ovh"]
[metadata.postfixadmin]
domain = "postfixadmin.franzi.business"
setup_password = "!decrypt:encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=="
version = "3.3.13"
[metadata.postgresql] [metadata.postgresql]
version = 15 version = 15
[metadata.rspamd]
ignore_spam_check_for_ips = [
# entropia
'45.140.180.32/27', # Entropia e. V.
'45.140.180.112/28', # MicroPOC
'2a0e:c5c0:0:201::/64', # Entropia e. V.
'2a0e:c5c0:0:307::/64', # MicroPOC
# c3kl
'116.202.19.236',
'2a01:4f8:1c17:cc52::/64',
# ccc
'212.12.55.65',
'212.12.55.67',
'2a00:14b0:4200:3000:23:55:0:65',
# IN-Berlin mailman
'130.133.8.35',
'192.109.42.28',
'192.109.42.122',
'193.29.188.9',
'217.197.80.23',
'217.197.80.134',
'2001:bf0:c000:a::2:134',
# c3voc
'185.106.84.32/26',
'2001:67c:20a0:e::/64',
# DENOG
'195.20.121.100',
'2001:1440:201:101::5',
]
password = "!bwpass:bw/rx300/rspamd"
dkim = "uO4aNejDvVdw8BKne3KJIqAvCQMJ0416"
[metadata.smartd] [metadata.smartd]
disks = [ disks = [
"/dev/nvme0", "/dev/nvme0",

View file

@ -8,7 +8,6 @@ nodes['rx300'] = {
'hostname': '31.47.232.106', 'hostname': '31.47.232.106',
'bundles': { 'bundles': {
'check-mail-received', 'check-mail-received',
'dovecot',
'ipmitool', 'ipmitool',
'jenkins-ci', 'jenkins-ci',
'jugendhackt_tools', 'jugendhackt_tools',
@ -18,11 +17,9 @@ nodes['rx300'] = {
'nodejs', 'nodejs',
'oidentd', 'oidentd',
'php', 'php',
'postfixadmin',
'postgresql', 'postgresql',
'radicale', 'radicale',
'redis', 'redis',
'rspamd',
'smartd', 'smartd',
'unbound', 'unbound',
'vmhost', 'vmhost',
@ -213,18 +210,6 @@ nodes['rx300'] = {
'owner': 'kunsi', 'owner': 'kunsi',
}, },
}, },
'postfixadmin': {
'domain': 'postfixadmin.franzi.business',
'ssl': '_.franzi.business',
'webroot': '/opt/postfixadmin/public/',
'php': True,
'locations': {
'/rspamd/': {
'target': 'http://localhost:11334/',
'websockets': True,
},
}
},
'wiki.franzi.business': { 'wiki.franzi.business': {
'ssl': '_.franzi.business', 'ssl': '_.franzi.business',
'extras': True, 'extras': True,
@ -262,17 +247,6 @@ nodes['rx300'] = {
'yaml', 'yaml',
}, },
}, },
'postfix': {
'message_size_limit_mb': 75,
'mynetworks': {
'gce',
'ovh',
},
},
'postfixadmin': {
'version': '3.3.13',
'setup_password': vault.decrypt('encrypt$gAAAAABgnNGpAqUs--qBXII9ZPcHtxaELy9e2Dx9O44n4l0O4nMHPoIyaPW5HkvpQ2zWTlh5OfjjOgunRtE_voJuY0Kdtji37ixAnuL9ErOJ0LDY5QfMkNPUgPs5alwz1baqYq6rqJ7NDmB0gHraY46v5eG79R2EyQ=='),
},
'postgresql': { 'postgresql': {
'version': '13', 'version': '13',
'max_connections': 500, 'max_connections': 500,
@ -287,43 +261,6 @@ nodes['rx300'] = {
'kunsi': bwpass.password('radicale.franzi.business/kunsi'), 'kunsi': bwpass.password('radicale.franzi.business/kunsi'),
}, },
}, },
'rspamd': {
'ignore_spam_check_for_ips': {
# entropia
'45.140.180.32/27', # Entropia e. V.
'45.140.180.112/28', # MicroPOC
'2a0e:c5c0:0:201::/64', # Entropia e. V.
'2a0e:c5c0:0:307::/64', # MicroPOC
# c3kl
'116.202.19.236',
'2a01:4f8:1c17:cc52::/64',
# ccc
'212.12.55.65',
'212.12.55.67',
'2a00:14b0:4200:3000:23:55:0:65',
# IN-Berlin mailman
'130.133.8.35',
'192.109.42.28',
'192.109.42.122',
'193.29.188.9',
'217.197.80.23',
'217.197.80.134',
'2001:bf0:c000:a::2:134',
# c3voc
'185.106.84.32/26',
'2001:67c:20a0:e::/64',
# DENOG
'195.20.121.100',
'2001:1440:201:101::5',
},
'password': bwpass.password('bw/rx300/rspamd'),
'dkim': 'uO4aNejDvVdw8BKne3KJIqAvCQMJ0416',
},
'smartd': { 'smartd': {
'disks': { 'disks': {
'/dev/nvme0', '/dev/nvme0',