gaschz/ansible-qubes
1
0
Fork 0
mirror of https://github.com/Rudd-O/ansible-qubes.git synced 2025-03-01 14:22:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

stop hardcoding the domain name in the config files

Browse Source
This commit is contained in:
Manuel Amador (Rudd-O) 2016-02-21 13:21:12 +00:00
parent aad9fc0cc0
commit a8da17099e
3 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf
View File

@ -53,8 +53,8 @@ plugin {
} }
disable_plaintext_auth = yes disable_plaintext_auth = yes
ssl = required ssl = required
ssl_cert = <{{ ssl["mailserver.domain.com"]["assembled"] }} ssl_cert = <{{ ssl[mail.ssl]["assembled"] }}
ssl_key = <{{ ssl["mailserver.domain.com"]["key"] }} ssl_key = <{{ ssl[mail.ssl]["key"] }}
ssl_protocols = !SSLv2 !SSLv3 ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH
ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6

4
examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf
View File

@ -711,8 +711,8 @@ smtpd_use_tls = yes
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_tls_cert_file = {{ ssl["mailserver.domain.com"]["assembled"] }} smtpd_tls_cert_file = {{ ssl[mail.ssl]["assembled"] }}
smtpd_tls_key_file = {{ ssl["mailserver.domain.com"]["key"] }} smtpd_tls_key_file = {{ ssl[mail.ssl]["key"] }}
smtp_tls_security_level = may smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1

11
examples/sampleplaybooks/mailserver/vars/mail.yml
View File

@ -29,17 +29,14 @@ mail:
- mailserver.domain.com - mailserver.domain.com
- domain.com - domain.com
- bond.name - bond.name
ssl: mailserver.domain.com
ssl: ssl:
# Deploy your key files locally in the Ansible master node # Deploy your key files locally in the Ansible master node
# within folder files/secrets/tls, relative to the # within folder files/secrets/tls, relative to the
# ../role-mailserver.yml file. Edit these variables # ../role-mailserver.yml file. Edit these variables
# to fit the file names of your keys. Then look at the # to fit the file names of your keys.
# templates within files/mailserver/etc/postfix and # This dictionary is also referred by name above, so if
# files/mailserver/etc/dovecot to modify the appropriate # you alter the name of the dictonary, alter it there too.
# SSL key file parameters so that these variables
# can be reused there (search for "mailserver.domain.com"
# in the files of this repository to get an idea where
# that hostname needs to be replaced with yours).
mailserver.domain.com: mailserver.domain.com:
key: /etc/pki/tls/private/mailserver.domain.com.key key: /etc/pki/tls/private/mailserver.domain.com.key
intermediates: intermediates: