gaschz/ansible-qubes
1
0
Fork 0
mirror of https://github.com/Rudd-O/ansible-qubes.git synced 2025-11-04 05:28:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

alter the way that SSL certificates are chosen for mail servers, and add a TLS secrets readme

Browse Source
This commit is contained in:
Manuel Amador (Rudd-O) 2016-02-21 13:25:00 +00:00
parent a8da17099e
commit 58bba600b6
4 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf
View File

@ -53,8 +53,8 @@ plugin {
} }
disable_plaintext_auth = yes disable_plaintext_auth = yes
ssl = required ssl = required
ssl_cert = <{{ ssl[mail.ssl]["assembled"] }} ssl_cert = <{{ ssl[mail.hostname]["assembled"] }}
ssl_key = <{{ ssl[mail.ssl]["key"] }} ssl_key = <{{ ssl[mail.hostname]["key"] }}
ssl_protocols = !SSLv2 !SSLv3 ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH
ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6

4
examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf
View File

@ -711,8 +711,8 @@ smtpd_use_tls = yes
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_tls_cert_file = {{ ssl[mail.ssl]["assembled"] }} smtpd_tls_cert_file = {{ ssl[mail.hostname]["assembled"] }}
smtpd_tls_key_file = {{ ssl[mail.ssl]["key"] }} smtpd_tls_key_file = {{ ssl[mail.hostname]["key"] }}
smtp_tls_security_level = may smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1

2
examples/sampleplaybooks/mailserver/files/secrets/tls/README.md Normal file
View File

@ -0,0 +1,2 @@
Here you deploy your SSL keys. See the file `vars/mail.yml` relative
to the great-grandparent directory.

6
examples/sampleplaybooks/mailserver/vars/mail.yml
View File

@ -29,14 +29,14 @@ mail:
- mailserver.domain.com - mailserver.domain.com
- domain.com - domain.com
- bond.name - bond.name
ssl: mailserver.domain.com
ssl: ssl:
# Deploy your key files locally in the Ansible master node # Deploy your key files locally in the Ansible master node
# within folder files/secrets/tls, relative to the # within folder files/secrets/tls, relative to the
# ../role-mailserver.yml file. Edit these variables # ../role-mailserver.yml file. Edit these variables
# to fit the file names of your keys. # to fit the file names of your keys.
# This dictionary is also referred by name above, so if # The followig key mailserver.domain.com must match the
# you alter the name of the dictonary, alter it there too. # `mail.hostname` variable defined in this file. If you
# alter it here, alter it there too.
mailserver.domain.com: mailserver.domain.com:
key: /etc/pki/tls/private/mailserver.domain.com.key key: /etc/pki/tls/private/mailserver.domain.com.key
intermediates: intermediates: