From 9ddd275ed81cace14acd3ae8a328151e49ebf79f Mon Sep 17 00:00:00 2001 From: Paul Walko Date: Thu, 31 Dec 2020 12:48:53 -0500 Subject: [PATCH] add dma --- ansible/README.md | 6 ++- ansible/files/dma.conf | 68 ++++++++++++++++++++++++++++++ ansible/main.yml | 28 +++++++++--- ansible/templates/auth.conf.j2 | 5 +++ ansible/templates/gandi-ddns.sh.j2 | 2 +- 5 files changed, 101 insertions(+), 8 deletions(-) create mode 100644 ansible/files/dma.conf create mode 100644 ansible/templates/auth.conf.j2 diff --git a/ansible/README.md b/ansible/README.md index 41b1dcb..3eb7abf 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,4 +1,8 @@ -Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY gandi=true" --limit=cabinet` +Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "gandi_api_key=GANDI_API_KEY" --limit=cabinet` + +All additional variables: +- `gandi_api_key`: gandi api key for dynamic dns +- `dma_auth`: smtp password to be used by dma Assumes: diff --git a/ansible/files/dma.conf b/ansible/files/dma.conf new file mode 100644 index 0000000..cf75ef0 --- /dev/null +++ b/ansible/files/dma.conf @@ -0,0 +1,68 @@ +# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $ +# +# Your smarthost (also called relayhost). Leave blank if you don't want +# smarthost support. +# NOTE: on Debian systems this is handled via debconf! +# Please use dpkg-reconfigure dma to change this value. +SMARTHOST smtp.gmail.com + +# Use this SMTP port. Most users will be fine with the default (25) +PORT 587 + +# Path to your alias file. Just stay with the default. +#ALIASES /etc/aliases + +# Path to your spooldir. Just stay with the default. +#SPOOLDIR /var/spool/dma + +# SMTP authentication +AUTHPATH /etc/dma/auth.conf + +# Uncomment if you want TLS/SSL support +SECURETRANSFER + +# Uncomment if you want STARTTLS support (only used in combination with +# SECURETRANSFER) +STARTTLS + +# Uncomment if you have specified STARTTLS above and it should be allowed +# to fail ("opportunistic TLS", use an encrypted connection when available +# but allow an unencrypted one to servers that do not support it) +#OPPORTUNISTIC_TLS + +# Path to your local SSL certificate +#CERTFILE + +# If you want to use plain text SMTP login without using encryption, change +# the SECURE entry below to INSECURE. Otherwise plain login will only work +# over a secure connection. Use this option with caution. +#SECURE + +# Uncomment if you want to defer your mails. This is useful if you are +# behind a dialup line. You have to submit your mails manually with dma -q +#DEFER + +# Uncomment if you want the bounce message to include the complete original +# message, not just the headers. +#FULLBOUNCE + +# The internet hostname dma uses to identify the host. +# If not set or empty, the result of gethostname(2) is used. +# If MAILNAME is an absolute path to a file, the first line of this file +# will be used as the hostname. +# NOTE: on Debian systems this is handled via debconf! +# Please use dpkg-reconfigure dma to change this value. +MAILNAME /etc/mailname + +# Masquerade envelope from addresses with this address/hostname. +# Use this if mails are not accepted by destination mail servers because +# your sender domain is invalid. +# By default, MASQUERADE is not set. +# Format: MASQUERADE [user@][host] +# Examples: +# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet +# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator +# MASQUERADE herb@ert will send all mails as herb@ert + +# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery +#NULLCLIENT diff --git a/ansible/main.yml b/ansible/main.yml index d3aaa5c..64a44eb 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -95,6 +95,23 @@ mode: '0644' notify: Restart sshd service + - name: Configure dma + copy: + src: files/dma.conf + dest: /etc/dma/dma.conf + owner: root + group: mail + mode: '0640' + + - name: Configure dma auth + template: + src: templates/auth.conf.j2 + dest: /etc/dma/auth.conf + owner: root + group: mail + mode: '0640' + when: dma_auth is defined + ## Changes will take effect during next reboot, does not effect static IPs - name: Configure sysctl with IPv6 privacy extensions template: @@ -138,7 +155,7 @@ owner: root group: root mode: '0755' - when: gandi is defined + when: gandi_api_key is defined - name: Add Dynamic DNS cronjob cron: @@ -146,7 +163,7 @@ job: /usr/local/bin/gandi-ddns.sh special_time: daily user: root - when: gandi is defined + when: gandi_api_key is defined # Custom repo config - hosts: compute @@ -198,11 +215,10 @@ handlers: - import_tasks: handlers.yml tasks: - - name: Install zfs-zed, dma, and nfs-kernel-server + - name: Install zfs-zed, and nfs-kernel-server apt: name: - beets - - dma - nfs-kernel-server - zfs-auto-snapshot - zfs-zed @@ -220,9 +236,9 @@ - name: Install weekly bigdata scrub cron job cron: - name: 'Scrub bigdata zfs pool' + name: 'Weekly zfs pool status check' special_time: weekly - job: 'zpool scrub bigdata' + job: 'zpool status | mail -s "ZFS STATUS" paulsw.pw+alerts@gmail.com' user: root - name: Install rclone diff --git a/ansible/templates/auth.conf.j2 b/ansible/templates/auth.conf.j2 new file mode 100644 index 0000000..d1eaf6e --- /dev/null +++ b/ansible/templates/auth.conf.j2 @@ -0,0 +1,5 @@ +# $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $ +# +# SMTP authentication entries (currently AUTH LOGIN only) +# Format: user|my.smarthost.example.com:password +zedseaturtlepw@gmail.com|smtp.gmail.com:{{ dma_auth }} diff --git a/ansible/templates/gandi-ddns.sh.j2 b/ansible/templates/gandi-ddns.sh.j2 index 21e5efd..2ee288a 100644 --- a/ansible/templates/gandi-ddns.sh.j2 +++ b/ansible/templates/gandi-ddns.sh.j2 @@ -1,6 +1,6 @@ #!/bin/bash -APIKEY={{ api_key }} +APIKEY={{ gandi_api_key }} NAME=$(hostname --short) IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')