add dma

2020-12-31 12:48:53 -05:00 · 2020-12-31 12:48:53 -05:00 · 9ddd275ed8
parent 9c39e0a9ba
commit 9ddd275ed8
5 changed files with 101 additions and 8 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -1,4 +1,8 @@
-Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY gandi=true" --limit=cabinet`
+Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "gandi_api_key=GANDI_API_KEY" --limit=cabinet`
+
+All additional variables:
+- `gandi_api_key`: gandi api key for dynamic dns
+- `dma_auth`: smtp password to be used by dma

 Assumes:

--- a/ansible/files/dma.conf
+++ b/ansible/files/dma.conf
@ -0,0 +1,68 @@
+# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
+#
+# Your smarthost (also called relayhost).  Leave blank if you don't want
+# smarthost support.
+# NOTE: on Debian systems this is handled via debconf!
+# Please use dpkg-reconfigure dma to change this value.
+SMARTHOST smtp.gmail.com
+
+# Use this SMTP port.  Most users will be fine with the default (25)
+PORT 587
+
+# Path to your alias file.  Just stay with the default.
+#ALIASES /etc/aliases
+
+# Path to your spooldir.  Just stay with the default.
+#SPOOLDIR /var/spool/dma
+
+# SMTP authentication
+AUTHPATH /etc/dma/auth.conf
+
+# Uncomment if you want TLS/SSL support
+SECURETRANSFER
+
+# Uncomment if you want STARTTLS support (only used in combination with
+# SECURETRANSFER)
+STARTTLS
+
+# Uncomment if you have specified STARTTLS above and it should be allowed
+# to fail ("opportunistic TLS", use an encrypted connection when available
+# but allow an unencrypted one to servers that do not support it)
+#OPPORTUNISTIC_TLS
+
+# Path to your local SSL certificate
+#CERTFILE
+
+# If you want to use plain text SMTP login without using encryption, change
+# the SECURE entry below to INSECURE.  Otherwise plain login will only work
+# over a secure connection.  Use this option with caution.
+#SECURE
+
+# Uncomment if you want to defer your mails.  This is useful if you are
+# behind a dialup line.  You have to submit your mails manually with dma -q
+#DEFER
+
+# Uncomment if you want the bounce message to include the complete original
+# message, not just the headers.
+#FULLBOUNCE
+
+# The internet hostname dma uses to identify the host.
+# If not set or empty, the result of gethostname(2) is used.
+# If MAILNAME is an absolute path to a file, the first line of this file
+# will be used as the hostname.
+# NOTE: on Debian systems this is handled via debconf!
+# Please use dpkg-reconfigure dma to change this value.
+MAILNAME /etc/mailname
+
+# Masquerade envelope from addresses with this address/hostname.
+# Use this if mails are not accepted by destination mail servers because
+# your sender domain is invalid.
+# By default, MASQUERADE is not set.
+# Format: MASQUERADE [user@][host]
+# Examples:
+# MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
+# MASQUERADE percolator  will send mails as $username@percolator, e.g. fish@percolator
+# MASQUERADE herb@ert  will send all mails as herb@ert
+
+# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
+#NULLCLIENT
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -95,6 +95,23 @@
        mode: '0644'
      notify: Restart sshd service

+    - name: Configure dma
+      copy:
+        src: files/dma.conf
+        dest: /etc/dma/dma.conf
+        owner: root
+        group: mail
+        mode: '0640'
+
+    - name: Configure dma auth
+      template:
+        src: templates/auth.conf.j2
+        dest: /etc/dma/auth.conf
+        owner: root
+        group: mail
+        mode: '0640'
+      when: dma_auth is defined
+
    ## Changes will take effect during next reboot, does not effect static IPs
    - name: Configure sysctl with IPv6 privacy extensions
      template:
@ -138,7 +155,7 @@
        owner: root
        group: root
        mode: '0755'
-      when: gandi is defined
+      when: gandi_api_key is defined

    - name: Add Dynamic DNS cronjob
      cron:
@ -146,7 +163,7 @@
        job: /usr/local/bin/gandi-ddns.sh
        special_time: daily
        user: root
-      when: gandi is defined
+      when: gandi_api_key is defined

 # Custom repo config
 - hosts: compute
@ -198,11 +215,10 @@
  handlers:
    - import_tasks: handlers.yml
  tasks:
-    - name: Install zfs-zed, dma, and nfs-kernel-server
+    - name: Install zfs-zed, and nfs-kernel-server
      apt:
        name:
          - beets
-          - dma
          - nfs-kernel-server
          - zfs-auto-snapshot
          - zfs-zed
@ -220,9 +236,9 @@

    - name: Install weekly bigdata scrub cron job
      cron:
-        name: 'Scrub bigdata zfs pool'
+        name: 'Weekly zfs pool status check'
        special_time: weekly
-        job: 'zpool scrub bigdata'
+        job: 'zpool status | mail -s "ZFS STATUS" paulsw.pw+alerts@gmail.com'
        user: root

    - name: Install rclone
--- a/ansible/templates/auth.conf.j2
+++ b/ansible/templates/auth.conf.j2
@ -0,0 +1,5 @@
+# $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $
+#
+# SMTP authentication entries (currently AUTH LOGIN only)
+# Format: user|my.smarthost.example.com:password
+zedseaturtlepw@gmail.com|smtp.gmail.com:{{ dma_auth }}
--- a/ansible/templates/gandi-ddns.sh.j2
+++ b/ansible/templates/gandi-ddns.sh.j2
@ -1,6 +1,6 @@
 #!/bin/bash

-APIKEY={{ api_key }}
+APIKEY={{ gandi_api_key }}
 NAME=$(hostname --short)

 IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')