majic-ansible-roles Changeset

Changeset - 46d3f100d3d6

Parent rev.

Child rev.

[Not reviewed]

0 7 0

Branko Majic (branko) - 22 months ago 2024-02-10 20:59:30
branko@majic.rs

MAR-191: Drop support for Debian 10 Buster from the mail_server role.

7 files changed with 0 insertions and 167 deletions:

docs/rolereference.rst

roles/mail_server/meta/main.yml

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

roles/mail_server/molecule/default/host_vars/ldap-server.yml

roles/mail_server/molecule/default/molecule.yml

roles/mail_server/molecule/default/prepare.yml

roles/mail_server/molecule/default/tests/test_default.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1252,25 +1252,24 @@ Parameters @@
 **smtp_allow_relay_from** (list, optional, [])
   List of networks from which mail relaying is allowed even without
   authentication. Each item in the list is a string defining a network. The
   format must be compatible with Postfix ``mynetworks`` setting (for example:
   ``192.168.1.0/24``, ``myhost.example.com`` etc).
 Distribution compatibility
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 Role is compatible with the following distributions:
 - Debian 10 (Buster)
 - Debian 11 (Bullseye)
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up XMPP server using Prosody:
 .. code-block:: yaml
   ---

roles/mail_server/meta/main.yml

➞

Show inline comments

@@ @@ -7,14 +7,13 @@ dependencies: @@
     backup_patterns_filename: "mail_server"
     backup_patterns:
       - "/var/{{ mail_user }}"
 galaxy_info:
   author: Branko Majic
   description: Sets-up mail server with SMTP and IMAP services, using LDAP as source of allowed destinations (domains, mail addresses)
   license: BSD
   min_ansible_version: 2.9
   platforms:
     - name: Debian
       versions:
         - 10
         - 11

roles/mail_server/molecule/default/group_vars/parameters-optional.yml

➞

Show inline comments

@@ @@ -27,25 +27,24 @@ smtp_rbl: @@
   - zen.spamhaus.org
 mail_postmaster: "webmaster@parameters-optional"
 smtp_allow_relay_from:
   - "{{ release_based_smtp_allow_relay_from[ansible_distribution_release] }}"
 mail_message_size_limit: 20480001
 mail_server_smtp_additional_configuration: |
   mail_name = MySMTP
   smtp_skip_5xx_greeting = no
 # Variables dependant on distribution release.
 release_based_smtp_allow_relay_from:
   buster: "192.168.56.21"
   bullseye: "192.168.56.41"
 # common
 ca_certificates:
   testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
 # backup_client
 enable_backup: true
 backup_client_username: "bak-param-optional-{{ ansible_distribution_release }}"
 backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
 backup_server: ldap-server
 backup_server_host_ssh_public_keys:

roles/mail_server/molecule/default/host_vars/ldap-server.yml

➞

Show inline comments

@@ @@ -34,19 +34,15 @@ ldap_client_config: @@
     value: dc=local
   - comment: URI
     option: URI
     value: ldapi:///
 # backup_server role
 backup_host_ssh_private_keys:
   rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
   ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
   ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
 backup_clients:
   - server: param-optional-buster
     ip: 192.168.56.32
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
   - server: param-optional-bullseye
     ip: 192.168.56.52
     public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

roles/mail_server/molecule/default/molecule.yml

➞

Show inline comments

@@ @@ -41,92 +41,24 @@ platforms: @@
     box: debian/bullseye64
     memory: 256
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.12
         network_name: private_network
         type: static
   # Debian 10 Buster
   # ================
   - name: client1-buster
     groups:
       - client
       - client-relay-allowed
       - buster
       - smtp-server-requiring-tls
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.21
         network_name: private_network
         type: static
   - name: client2-buster
     groups:
       - client
       - client-relay-forbidden
       - buster
       - smtp-server-refusing-tls
     box: debian/contrib-buster64
     memory: 256
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.22
         network_name: private_network
         type: static
   - name: parameters-mandatory-buster
     groups:
       - parameters-mandatory
       - buster
     box: debian/contrib-buster64
     memory: 2048
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.31
         network_name: private_network
         type: static
   - name: parameters-optional-buster
     groups:
       - parameters-optional
       - buster
     box: debian/contrib-buster64
     memory: 2048
     cpus: 1
     provider_raw_config_args:
       - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"
     interfaces:
       - auto_config: true
         ip: 192.168.56.32
         network_name: private_network
         type: static
   # Debian 11 Bullseye
   # ================
   - name: client1-bullseye
     groups:
       - client
       - client-relay-allowed
       - bullseye
       - smtp-server-requiring-tls
     box: debian/bullseye64
     memory: 256
     cpus: 1

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -20,33 +20,24 @@ @@
         argv:
           - "gimmecert"
           - "server"
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
           - "{{ item.fqdn[:item.fqdn.rfind('-')] }}"
       with_items:
         - name: clamav-database_https
           fqdn: database.clamav.net
         - name: ldap-server_ldap
           fqdn: ldap-server
         - name: parameters-mandatory-buster_imap
           fqdn: parameters-mandatory-buster
         - name: parameters-mandatory-buster_smtp
           fqdn: parameters-mandatory-buster
         - name: parameters-optional-buster_imap
           fqdn: parameters-optional-buster
         - name: parameters-optional-buster_smtp
           fqdn: parameters-optional-buster
         - name: parameters-mandatory-bullseye_imap
           fqdn: parameters-mandatory-bullseye
         - name: parameters-mandatory-bullseye_smtp
           fqdn: parameters-mandatory-bullseye
         - name: parameters-optional-bullseye_imap
           fqdn: parameters-optional-bullseye
         - name: parameters-optional-bullseye_smtp
           fqdn: parameters-optional-bullseye
     - name: Set-up link to generated X.509 material
       file:
         src: ".gimmecert"
@@ @@ -173,46 +164,24 @@ @@
         group: root
         mode: 0644
       notify:
         - Restart nginx
   handlers:
     - name: Restart nginx
       service:
         name: nginx
         state: restarted
 - hosts: buster
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644
         state: present
       with_dict:
         # Force mail servers to use local ClamAV database mirror.
 .168.56.11: "db.local.clamav.net database.clamav.net"
 .168.56.12: "ldap-server backup-server"
 .168.56.21: "client1 smtp-server-requiring-tls"
 .168.56.22: "client2 smtp-server-refusing-tls"
 .168.56.31: "parameters-mandatory parameters-mandatory-buster"
 .168.56.32: "parameters-optional parameters-optional-buster"
 - hosts: bullseye
   become: true
   tasks:
     - name: Set-up the hosts file
       lineinfile:
         path: /etc/hosts
         regexp: "^{{ item.key }}"
         line: "{{ item.key }} {{ item.value }}"
         owner: root
         group: root
         mode: 0644

roles/mail_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -610,85 +610,24 @@ def test_certificate_validity_check_configuration(host): @@
     assert config.content_string == "/etc/ssl/certs/%s_imap.pem" % hostname
 def test_smtp_default_port_tls_version_and_ciphers(host):
     """
     Tests TLS configuration for SMTP default port (needs to be less
     restrictive for interoperability purposes).
     """
     expected_tls_versions = ["TLSv1.0", "TLSv1.1", "TLSv1.2"]
     expected_tls_ciphers = {
         "buster": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_128_CCM',
             'TLS_DHE_RSA_WITH_AES_128_CCM_8',
             'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CCM',
             'TLS_DHE_RSA_WITH_AES_256_CCM_8',
             'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_DHE_RSA_WITH_SEED_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA',
             'TLS_DH_anon_WITH_AES_128_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_128_GCM_SHA256',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA',
             'TLS_DH_anon_WITH_AES_256_CBC_SHA256',
             'TLS_DH_anon_WITH_AES_256_GCM_SHA384',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_DH_anon_WITH_SEED_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384',
             'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
             'TLS_ECDH_anon_WITH_AES_128_CBC_SHA',
             'TLS_ECDH_anon_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA',
             'TLS_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_RSA_WITH_AES_128_CCM',
             'TLS_RSA_WITH_AES_128_CCM_8',
             'TLS_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_RSA_WITH_AES_256_CBC_SHA',
             'TLS_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_RSA_WITH_AES_256_CCM',
             'TLS_RSA_WITH_AES_256_CCM_8',
             'TLS_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_RSA_WITH_ARIA_128_GCM_SHA256',
             'TLS_RSA_WITH_ARIA_256_GCM_SHA384',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA',
             'TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256',
             'TLS_RSA_WITH_SEED_CBC_SHA',
         ],
         "bullseye": [
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_128_CCM',
             'TLS_DHE_RSA_WITH_AES_128_CCM_8',
             'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
             'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
             'TLS_DHE_RSA_WITH_AES_256_CCM',
             'TLS_DHE_RSA_WITH_AES_256_CCM_8',
             'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
             'TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256',

0 comments (0 inline, 0 general)