diff --git a/mail/docker-compose.yml b/mail/docker-compose.yml new file mode 100644 index 0000000..f406edb --- /dev/null +++ b/mail/docker-compose.yml @@ -0,0 +1,32 @@ +version: '2.4' +services: + mailserver: + image: mailserver/docker-mailserver:9.1.0 + hostname: mail + domainname: kagent.at + container_name: mailserver + #env_file: mailserver.env + environment: + - ENABLE_SPAMASSASSIN=1 + - SPAMASSASSIN_SPAM_TO_INBOX=1 + - ENABLE_CLAMAV=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_POSTGREY=0 + - ENABLE_SASLAUTHD=0 + - ONE_DIR=1 + - DMS_DEBUG=0 + - SSL_TYPE=letsencrypt + ports: + - "25:25" + - "143:143" + - "587:587" + - "993:993" + volumes: + - /var/mail/data:/var/mail + - /var/mail/state:/var/mail-state + - /var/log/mail:/var/log/mail + - /etc/localtime:/etc/localtime:ro + - ./config/:/tmp/docker-mailserver/${SELINUX_LABEL} + - /etc/letsencrypt:/etc/letsencrypt + restart: unless-stopped + cap_add: [ "NET_ADMIN", "SYS_PTRACE" ] \ No newline at end of file diff --git a/mail/start.yml b/mail/start.yml new file mode 100644 index 0000000..743e98a --- /dev/null +++ b/mail/start.yml @@ -0,0 +1,36 @@ +--- +- hosts: teier.eu + gather_facts: no + tasks: + - name: Check dc directory + stat: + path: /dc/mail + register: mail_dc_dir_stat + + - name: Create mail dc directory + file: + path: /dc/mail + state: directory + mode: 0755 + group: root + owner: root + when: mail_dc_dir_stat.islnk is not defined + + - name: Copy mailserver.env + copy: + src: mailserver.env + dest: /dc/mail/ + + - name: Copy setup.sh + copy: + src: setup.sh + dest: /dc/mail/ + + - name: Copy compose file + copy: + src: docker-compose.yml + dest: /dc/mail/ + + - name: Start mail + shell: "cd /dc/mail && docker-compose up -d" + \ No newline at end of file diff --git a/mail/teardown.yml b/mail/teardown.yml new file mode 100644 index 0000000..962dec5 --- /dev/null +++ b/mail/teardown.yml @@ -0,0 +1,6 @@ +--- +- hosts: teier.eu + gather_facts: no + tasks: + - name: Teardown mail + shell: "cd /dc/mail && docker-compose down" \ No newline at end of file diff --git a/ufw/playbook-ufw.yml b/ufw/playbook-ufw.yml index 26b2424..f754f40 100644 --- a/ufw/playbook-ufw.yml +++ b/ufw/playbook-ufw.yml @@ -1,7 +1,7 @@ --- - name: Configure UFW hosts: teier.eu - gather_facts: yes + gather_facts: no tasks: - name: Install ufw @@ -47,13 +47,66 @@ port: '8448' proto: tcp - - name: Allow SMTP Outgoing + - name: Allow SMTP community.general.ufw: rule: allow - direction: out port: '587' proto: tcp - + + - name: Allow Mail + community.general.ufw: + rule: allow + port: '25' + proto: tcp + + - name: Allow Mail + community.general.ufw: + rule: allow + port: '143' + proto: tcp + + - name: Allow Mail + community.general.ufw: + rule: allow + port: '587' + proto: tcp + + - name: Allow Mail + community.general.ufw: + rule: allow + port: '993' + proto: tcp + + - name: Allow Taript + community.general.ufw: + rule: allow + port: '22' + proto: tcp + + - name: Allow Retrocraft + community.general.ufw: + rule: allow + port: '25566' + proto: tcp + + - name: Allow Garry's Mod + community.general.ufw: + rule: allow + port: '17015' + proto: udp + + - name: Allow Garry's Mod + community.general.ufw: + rule: allow + port: '27015' + proto: udp + + - name: Allow Garry's Mod + community.general.ufw: + rule: allow + port: '27015' + proto: tcp + - name: Allow all access from RFC1918 networks to this host community.general.ufw: rule: allow