From a8da17099e147735c9e8d52b079a5e437cb1e140 Mon Sep 17 00:00:00 2001 From: "Manuel Amador (Rudd-O)" Date: Sun, 21 Feb 2016 13:21:12 +0000 Subject: [PATCH] stop hardcoding the domain name in the config files --- .../files/mailserver/etc/dovecot/local.conf | 4 ++-- .../mailserver/files/mailserver/etc/postfix/main.cf | 4 ++-- examples/sampleplaybooks/mailserver/vars/mail.yml | 11 ++++------- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf b/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf index a3a423b..cce4b55 100644 --- a/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf +++ b/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf @@ -53,8 +53,8 @@ plugin { } disable_plaintext_auth = yes ssl = required -ssl_cert = <{{ ssl["mailserver.domain.com"]["assembled"] }} -ssl_key = <{{ ssl["mailserver.domain.com"]["key"] }} +ssl_cert = <{{ ssl[mail.ssl]["assembled"] }} +ssl_key = <{{ ssl[mail.ssl]["key"] }} ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 diff --git a/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf b/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf index 72ed0a8..5ee5c70 100644 --- a/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf +++ b/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf @@ -711,8 +711,8 @@ smtpd_use_tls = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_auth_only = yes -smtpd_tls_cert_file = {{ ssl["mailserver.domain.com"]["assembled"] }} -smtpd_tls_key_file = {{ ssl["mailserver.domain.com"]["key"] }} +smtpd_tls_cert_file = {{ ssl[mail.ssl]["assembled"] }} +smtpd_tls_key_file = {{ ssl[mail.ssl]["key"] }} smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 diff --git a/examples/sampleplaybooks/mailserver/vars/mail.yml b/examples/sampleplaybooks/mailserver/vars/mail.yml index b2f8d74..003b49b 100644 --- a/examples/sampleplaybooks/mailserver/vars/mail.yml +++ b/examples/sampleplaybooks/mailserver/vars/mail.yml @@ -29,17 +29,14 @@ mail: - mailserver.domain.com - domain.com - bond.name + ssl: mailserver.domain.com ssl: # Deploy your key files locally in the Ansible master node # within folder files/secrets/tls, relative to the # ../role-mailserver.yml file. Edit these variables - # to fit the file names of your keys. Then look at the - # templates within files/mailserver/etc/postfix and - # files/mailserver/etc/dovecot to modify the appropriate - # SSL key file parameters so that these variables - # can be reused there (search for "mailserver.domain.com" - # in the files of this repository to get an idea where - # that hostname needs to be replaced with yours). + # to fit the file names of your keys. + # This dictionary is also referred by name above, so if + # you alter the name of the dictonary, alter it there too. mailserver.domain.com: key: /etc/pki/tls/private/mailserver.domain.com.key intermediates: