stop hardcoding the domain name in the config files

2025-11-04 13:38:55 +01:00 · 2016-02-21 13:21:12 +00:00 · 2016-02-21 13:21:12 +00:00 · a8da17099e
commit a8da17099e
parent aad9fc0cc0
3 changed files with 8 additions and 11 deletions
--- a/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf
+++ b/examples/sampleplaybooks/mailserver/files/mailserver/etc/dovecot/local.conf
@ -53,8 +53,8 @@ plugin {
 }
 disable_plaintext_auth = yes
 ssl = required
-ssl_cert = <{{ ssl["mailserver.domain.com"]["assembled"] }}
-ssl_key = <{{ ssl["mailserver.domain.com"]["key"] }}
+ssl_cert = <{{ ssl[mail.ssl]["assembled"] }}
+ssl_key = <{{ ssl[mail.ssl]["key"] }}
 ssl_protocols = !SSLv2 !SSLv3
 ssl_cipher_list = EECDH+AESGCM:AES256+EECDH:AES128+EECDH
 ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
--- a/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf
+++ b/examples/sampleplaybooks/mailserver/files/mailserver/etc/postfix/main.cf
@ -711,8 +711,8 @@ smtpd_use_tls = yes
 smtpd_tls_loglevel = 1
 smtpd_tls_received_header = yes
 smtpd_tls_auth_only = yes
-smtpd_tls_cert_file = {{ ssl["mailserver.domain.com"]["assembled"] }}
-smtpd_tls_key_file = {{ ssl["mailserver.domain.com"]["key"] }}
+smtpd_tls_cert_file = {{ ssl[mail.ssl]["assembled"] }}
+smtpd_tls_key_file = {{ ssl[mail.ssl]["key"] }}
 smtp_tls_security_level = may
 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
--- a/examples/sampleplaybooks/mailserver/vars/mail.yml
+++ b/examples/sampleplaybooks/mailserver/vars/mail.yml
@ -29,17 +29,14 @@ mail:
  - mailserver.domain.com
  - domain.com
  - bond.name
+  ssl: mailserver.domain.com
 ssl:
  # Deploy your key files locally in the Ansible master node
  # within folder files/secrets/tls, relative to the
  # ../role-mailserver.yml file.  Edit these variables
-  # to fit the file names of your keys.  Then look at the
-  # templates within files/mailserver/etc/postfix and 
-  # files/mailserver/etc/dovecot to modify the appropriate
-  # SSL key file parameters so that these variables
-  # can be reused there (search for "mailserver.domain.com"
-  # in the files of this repository to get an idea where
-  # that hostname needs to be replaced with yours).
+  # to fit the file names of your keys.
+  # This dictionary is also referred by name above, so if
+  # you alter the name of the dictonary, alter it there too.
  mailserver.domain.com:
    key:           /etc/pki/tls/private/mailserver.domain.com.key
    intermediates: