pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add dma

master
Paul Walko 2020-12-31 12:48:53 -05:00
parent 9c39e0a9ba
commit 9ddd275ed8
5 changed files with 101 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/README.md
View File

@ -1,4 +1,8 @@
Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY gandi=true" --limit=cabinet` Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "gandi_api_key=GANDI_API_KEY" --limit=cabinet`
All additional variables:
- `gandi_api_key`: gandi api key for dynamic dns
- `dma_auth`: smtp password to be used by dma
Assumes: Assumes:

68
ansible/files/dma.conf Normal file
View File

@ -0,0 +1,68 @@
# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
#
# Your smarthost (also called relayhost). Leave blank if you don't want
# smarthost support.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
SMARTHOST smtp.gmail.com
# Use this SMTP port. Most users will be fine with the default (25)
PORT 587
# Path to your alias file. Just stay with the default.
#ALIASES /etc/aliases
# Path to your spooldir. Just stay with the default.
#SPOOLDIR /var/spool/dma
# SMTP authentication
AUTHPATH /etc/dma/auth.conf
# Uncomment if you want TLS/SSL support
SECURETRANSFER
# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS
# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS
# Path to your local SSL certificate
#CERTFILE
# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE. Otherwise plain login will only work
# over a secure connection. Use this option with caution.
#SECURE
# Uncomment if you want to defer your mails. This is useful if you are
# behind a dialup line. You have to submit your mails manually with dma -q
#DEFER
# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE
# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
MAILNAME /etc/mailname
# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert will send all mails as herb@ert
# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
#NULLCLIENT

28
ansible/main.yml
View File

@ -95,6 +95,23 @@
mode: '0644' mode: '0644'
notify: Restart sshd service notify: Restart sshd service
- name: Configure dma
copy:
src: files/dma.conf
dest: /etc/dma/dma.conf
owner: root
group: mail
mode: '0640'
- name: Configure dma auth
template:
src: templates/auth.conf.j2
dest: /etc/dma/auth.conf
owner: root
group: mail
mode: '0640'
when: dma_auth is defined
## Changes will take effect during next reboot, does not effect static IPs ## Changes will take effect during next reboot, does not effect static IPs
- name: Configure sysctl with IPv6 privacy extensions - name: Configure sysctl with IPv6 privacy extensions
template: template:
@ -138,7 +155,7 @@
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
when: gandi is defined when: gandi_api_key is defined
- name: Add Dynamic DNS cronjob - name: Add Dynamic DNS cronjob
cron: cron:
@ -146,7 +163,7 @@
job: /usr/local/bin/gandi-ddns.sh job: /usr/local/bin/gandi-ddns.sh
special_time: daily special_time: daily
user: root user: root
when: gandi is defined when: gandi_api_key is defined
# Custom repo config # Custom repo config
- hosts: compute - hosts: compute
@ -198,11 +215,10 @@
handlers: handlers:
- import_tasks: handlers.yml - import_tasks: handlers.yml
tasks: tasks:
- name: Install zfs-zed, dma, and nfs-kernel-server - name: Install zfs-zed, and nfs-kernel-server
apt: apt:
name: name:
- beets - beets
- dma
- nfs-kernel-server - nfs-kernel-server
- zfs-auto-snapshot - zfs-auto-snapshot
- zfs-zed - zfs-zed
@ -220,9 +236,9 @@
- name: Install weekly bigdata scrub cron job - name: Install weekly bigdata scrub cron job
cron: cron:
name: 'Scrub bigdata zfs pool' name: 'Weekly zfs pool status check'
special_time: weekly special_time: weekly
job: 'zpool scrub bigdata' job: 'zpool status | mail -s "ZFS STATUS" paulsw.pw+alerts@gmail.com'
user: root user: root
- name: Install rclone - name: Install rclone

5
ansible/templates/auth.conf.j2 Normal file
View File

@ -0,0 +1,5 @@
# $DragonFly: src/etc/dma/auth.conf,v 1.1 2008/02/02 18:24:00 matthias Exp $
#
# SMTP authentication entries (currently AUTH LOGIN only)
# Format: user|my.smarthost.example.com:password
zedseaturtlepw@gmail.com|smtp.gmail.com:{{ dma_auth }}

2
ansible/templates/gandi-ddns.sh.j2
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
APIKEY={{ api_key }} APIKEY={{ gandi_api_key }}
NAME=$(hostname --short) NAME=$(hostname --short)
IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}') IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')