From 40aab44deced38fa5074241c19d5add7b43300b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torma=20Krist=C3=B3f?= <tormakristof@tormakristof.eu>
Date: Thu, 14 Apr 2022 14:48:45 +0200
Subject: [PATCH] ansibleify smtp

---
 docker-host.yaml                        | 1 +
 drone-runner.yaml                       | 1 +
 inventory.yaml                          | 4 +++-
 neko.yaml                               | 3 ++-
 roles/internalsmtp/defaults/main.yaml   | 2 +-
 roles/neko/tasks/main.yaml              | 2 +-
 roles/smtpgateway/defaults/main.yaml    | 6 ++----
 roles/smtpgateway/tasks/main.yaml       | 9 ---------
 roles/smtpgateway/templates/main.cf     | 6 +-----
 roles/smtpgateway/templates/sasl_passwd | 1 -
 smtp.yaml                               | 7 +++++++
 11 files changed, 19 insertions(+), 23 deletions(-)
 delete mode 100644 roles/smtpgateway/templates/sasl_passwd
 create mode 100644 smtp.yaml

diff --git a/docker-host.yaml b/docker-host.yaml
index ae9cd93..30c21da 100644
--- a/docker-host.yaml
+++ b/docker-host.yaml
@@ -6,3 +6,4 @@
     - common
     - docker
     - webserver
+    - internalsmtp
diff --git a/drone-runner.yaml b/drone-runner.yaml
index a36ec69..d67f70f 100644
--- a/drone-runner.yaml
+++ b/drone-runner.yaml
@@ -5,3 +5,4 @@
     - netplan
     - common
     - docker
+    - internalsmtp
diff --git a/inventory.yaml b/inventory.yaml
index ba14bfd..68a51a7 100644
--- a/inventory.yaml
+++ b/inventory.yaml
@@ -17,4 +17,6 @@ all:
         swagger:
           ansible_host: swagger.stargate.internal
         drone-runner:
-          ansible_host: drone-runner.stargate.internal
\ No newline at end of file
+          ansible_host: drone-runner.stargate.internal
+        smtp:
+          ansible_host: smtp.stargate.internal
diff --git a/neko.yaml b/neko.yaml
index 1134d8a..8851316 100644
--- a/neko.yaml
+++ b/neko.yaml
@@ -4,4 +4,5 @@
   roles:
     - common
     - docker
-    - neko
\ No newline at end of file
+    - neko
+    - internalsmtp
diff --git a/roles/internalsmtp/defaults/main.yaml b/roles/internalsmtp/defaults/main.yaml
index 217ecf1..b5bfcce 100644
--- a/roles/internalsmtp/defaults/main.yaml
+++ b/roles/internalsmtp/defaults/main.yaml
@@ -1,4 +1,4 @@
 ---
 postfix_relayhost: 'smtp.stargate.internal'
 
-external_domain: 'kmlabz.com'
+external_domain: 'tormakris.dev'
diff --git a/roles/neko/tasks/main.yaml b/roles/neko/tasks/main.yaml
index b7d0467..d918cd0 100644
--- a/roles/neko/tasks/main.yaml
+++ b/roles/neko/tasks/main.yaml
@@ -60,6 +60,6 @@
   community.general.ufw:
     rule: allow
     direction: in
-    port: 52000:52100
+    port: 59000:59049
     proto: udp
     interface: eth1
diff --git a/roles/smtpgateway/defaults/main.yaml b/roles/smtpgateway/defaults/main.yaml
index 1f58d24..064d259 100644
--- a/roles/smtpgateway/defaults/main.yaml
+++ b/roles/smtpgateway/defaults/main.yaml
@@ -1,5 +1,3 @@
 ---
-postfix_relayhost: 'smtp.sendgrid.net'
-external_domain: 'kmlabz.com'
-username: lofasz
-password: lofasz
\ No newline at end of file
+postfix_relayhost: 'smtp-relay.gmail.com:25'
+external_domain: 'tormakris.dev'
\ No newline at end of file
diff --git a/roles/smtpgateway/tasks/main.yaml b/roles/smtpgateway/tasks/main.yaml
index 3a44146..b019131 100644
--- a/roles/smtpgateway/tasks/main.yaml
+++ b/roles/smtpgateway/tasks/main.yaml
@@ -6,12 +6,6 @@
     name:
      - postfix
 
-- name: Install Postfix SASL credentials
-  template:
-    src: templates/sasl_passwd
-    mode: 600
-    dest: /etc/postfix/sasl_passwd
-
 - name: Install Postfix mail gateway config
   template:
     src: templates/main.cf
@@ -20,9 +14,6 @@
 - name: Build /etc/mailname
   shell: hostname --fqdn > /etc/mailname
 
-- name: Build hashtable of SASL creds
-  command: postmap /etc/postfix/sasl_passwd
-
 - name: Restart Postfix
   service:
     name: postfix
diff --git a/roles/smtpgateway/templates/main.cf b/roles/smtpgateway/templates/main.cf
index 5fe5791..022fc7c 100644
--- a/roles/smtpgateway/templates/main.cf
+++ b/roles/smtpgateway/templates/main.cf
@@ -14,10 +14,6 @@ smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_tls_security_level=may
 
 smtp_tls_CApath=/etc/ssl/certs
-smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_sasl_tls_security_options = noanonymous
 smtp_tls_security_level = encrypt
 header_size_limit = 4096000
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@@ -29,7 +25,7 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = {{ansible_hostname}}.{{external_domain}}, $myhostname, {{ansible_hostname}}, localhost.localdomain, localhost
-relayhost = {{postfix_relayhost}}
+relayhost = [{{postfix_relayhost}}]
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
 recipient_delimiter = +
diff --git a/roles/smtpgateway/templates/sasl_passwd b/roles/smtpgateway/templates/sasl_passwd
deleted file mode 100644
index c246f93..0000000
--- a/roles/smtpgateway/templates/sasl_passwd
+++ /dev/null
@@ -1 +0,0 @@
-[{{postfix_relayhost}}:587 {{username}}:{{password}}
\ No newline at end of file
diff --git a/smtp.yaml b/smtp.yaml
new file mode 100644
index 0000000..145956f
--- /dev/null
+++ b/smtp.yaml
@@ -0,0 +1,7 @@
+---
+- name: "Deploy smtpgateway to smtp.stargate.internal"
+  hosts: smtp
+  roles:
+    - netplan
+    - common
+    - smtpgateway