Use var for the main virtual_domain

2024-01-12 20:44:44 +01:00 · 2024-01-12 20:44:44 +01:00 · 3641d2dd35
commit 3641d2dd35
parent 96b171baab
7 changed files with 17 additions and 22 deletions
--- a/playbook_mailserver.yml
+++ b/playbook_mailserver.yml
@ -5,13 +5,15 @@
 - name: Install mail server
  gather_facts: true
  hosts: mailserver,mailserver-test
+  vars:
+    virtual_domain: tunuifranken.info
  roles:
    - role: common_handlers
      tags: always
    - role: deploy_certificate
      vars:
-        server_admin: dns@tunuifranken.info
-        domain: "{{ ansible_hostname }}.tunuifranken.info"
+        server_admin: "dns@{{ virtual_domain }}"
+        domain: "{{ ansible_hostname }}.{{ virtual_domain }}"
      tags: cert
    - role: mailserver_database
      tags: database
--- a/roles/deploy_certificate/templates/renewal.conf.j2
+++ b/roles/deploy_certificate/templates/renewal.conf.j2
@ -1,10 +0,0 @@
-archive_dir = /etc/letsencrypt/archive/{{ domain }}
-cert = /etc/letsencrypt/live/{{ domain }}/cert.pem
-privkey = /etc/letsencrypt/live/{{ domain }}/privkey.pem
-chain = /etc/letsencrypt/live/{{ domain }}/chain.pem
-fullchain = /etc/letsencrypt/live/{{ domain }}/fullchain.pem
-
-[renewalparams]
-authenticator = webroot
-installer = null
-server = https://acme-v02.api.letsencrypt.org/directory
--- a/roles/mailserver_database/tasks/main.yml
+++ b/roles/mailserver_database/tasks/main.yml
@ -31,8 +31,8 @@
 - name: Upload postgresql tables script
  become: true
  become_user: postgres
-  ansible.builtin.copy:
-    src: tables.sql
+  ansible.builtin.template:
+    src: tables.sql.j2
    dest: ~/mailserver_tables.sql
    mode: "644"

--- a/roles/mailserver_database/templates/tables.sql.j2
+++ b/roles/mailserver_database/templates/tables.sql.j2
@ -2,7 +2,7 @@ CREATE TABLE IF NOT EXISTS virtual_domains (
    id integer primary key generated by default as identity,
    name varchar(50) NOT NULL UNIQUE
 );
-INSERT INTO virtual_domains (name) VALUES ('tunuifranken.info') ON CONFLICT (name) DO NOTHING;
+INSERT INTO virtual_domains (name) VALUES ('{{ virtual_domain }}') ON CONFLICT (name) DO NOTHING;

 CREATE TABLE IF NOT EXISTS virtual_users (
    id integer primary key generated by default as identity,
@ -13,12 +13,15 @@ CREATE TABLE IF NOT EXISTS virtual_users (
    FOREIGN KEY (domain_id) REFERENCES virtual_domains(id)
    ON DELETE CASCADE
 );
+
+{% for user in 'abuse', 'dns' %}
 INSERT INTO virtual_users (domain_id, email, password, quota) VALUES (
-    (SELECT id FROM virtual_domains WHERE name = 'tunuifranken.info'),
-    'abuse@tunuifranken.info',
+    (SELECT id FROM virtual_domains WHERE name = '{{ virtual_domain }}'),
+    '{{ user }}@{{ virtual_domain }}',
    'foo',
    0
 ) ON CONFLICT (email) DO UPDATE SET password = EXCLUDED.password, quota = EXCLUDED.quota;
+{% endfor %}

 CREATE TABLE IF NOT EXISTS virtual_aliases (
    id integer primary key generated by default as identity,
--- a/roles/mailserver_dovecot/tasks/main.yml
+++ b/roles/mailserver_dovecot/tasks/main.yml
@ -98,9 +98,9 @@
  become: true
  loop:
    - regexp: '^ssl_cert =.*'
-      line: "ssl_cert = </etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/fullchain.pem"
+      line: "ssl_cert = </etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/fullchain.pem"
    - regexp: '^ssl_key =.*'
-      line: "ssl_key = </etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/privkey.pem"
+      line: "ssl_key = </etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/privkey.pem"
    - regexp: '^ssl =.*'
      line: ssl = required
  ansible.builtin.lineinfile:
--- a/roles/mailserver_dovecot/templates/quota-warning.sh.j2
+++ b/roles/mailserver_dovecot/templates/quota-warning.sh.j2
@ -4,7 +4,7 @@ PERCENT=$1
 USER=$2

 cat << EOF | /usr/lib/dovecot/dovecot-lda -d "$USER" -o "plugin/quota=maildir:User quota:noenforcing"
-From: postmaster@{{ ansible_hostname }}.tunuifranken.info
+From: postmaster@{{ ansible_hostname }}.{{ virtual_domain }}
 Subject: Quota warning - $PERCENT% reached

 Your mailbox can only store a limited amount of emails.
--- a/roles/mailserver_postfix/tasks/main.yml
+++ b/roles/mailserver_postfix/tasks/main.yml
@ -32,8 +32,8 @@
    - smtpd_sasl_auth_enable = yes
    - smtpd_tls_security_level = may
    - smtpd_tls_auth_only = yes
-    - "smtpd_tls_cert_file = /etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/fullchain.pem"
-    - "smtpd_tls_key_file = /etc/letsencrypt/live/{{ ansible_hostname }}.tunuifranken.info/privkey.pem"
+    - "smtpd_tls_cert_file = /etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/fullchain.pem"
+    - "smtpd_tls_key_file = /etc/letsencrypt/live/{{ ansible_hostname }}.{{ virtual_domain }}/privkey.pem"
    - smtp_tls_security_level = may
  ansible.builtin.lineinfile:
    path: /etc/postfix/main.cf