Mercurial > code > home > repos > infra
annotate mail.py @ 324:99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 20 Jan 2025 14:09:37 -0800 |
| parents | c44677a25baf |
| children |
| rev | line source |
|---|---|
| 16 | 1 from pyinfra import host |
| 2 from pyinfra.operations import apt, files, server, systemd | |
| 3 | |
| 4 if host.name == 'prime': | |
| 218 | 5 apt.packages(packages=['postfix', 'isync', 'opendkim', 'opendkim-tools']) |
|
324
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
6 ''' |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
7 per domain keygen: |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
8 prime(pts/4):~# mkdir /etc/opendkim/keys/chat.bigasterisk.com |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
9 prime(pts/4):~# opendkim-genkey -b 1024 -d chat.bigasterisk.com -D /etc/opendkim/keys/chat.bigasterisk.com -s default -v |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
10 opendkim-genkey: generating private key |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
11 opendkim-genkey: private key written to default.private |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
12 opendkim-genkey: extracting public key |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
13 opendkim-genkey: DNS TXT record written to default.txt |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
14 prime(pts/4):~# chown opendkim /etc/opendkim/keys/*/* |
|
99c81fa0f2fc
add chat.bigasterisk.com dns and dkim
drewp@bigasterisk.com
parents:
311
diff
changeset
|
15 ''' |
| 218 | 16 |
| 17 files.template(src='templates/mail/opendkim-KeyTable.j2', dest='/etc/opendkim/KeyTable') | |
| 18 files.template(src='templates/mail/opendkim-SigningTable.j2', dest='/etc/opendkim/SigningTable') | |
| 19 files.template(src='templates/mail/opendkim-TrustedHosts.j2', dest='/etc/opendkim/TrustedHosts') | |
| 20 files.template(src='templates/mail/opendkim.conf.j2', dest='/etc/opendkim.conf') | |
| 21 files.put(src='secrets/mail/bigasterisk.com-default.private', | |
| 22 dest='/etc/opendkim/keys/bigasterisk.com/default.private', | |
| 23 mode='0600', user='opendkim') | |
| 24 | |
| 25 files.template(src='templates/mail/opendkim.service.j2', dest='/usr/lib/systemd/system/opendkim.service') | |
| 311 | 26 systemd.service(service='opendkim.service', enabled=True, running=True, restarted=True, daemon_reload=True) |
| 218 | 27 |
| 16 | 28 files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf') |
| 29 files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination') | |
| 183 | 30 files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases') |
| 16 | 31 files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access') |
| 32 files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual') | |
| 33 | |
|
18
fb226978c4d7
fix prime postfix setup. forwards to gmail were piling up
drewp@bigasterisk.com
parents:
16
diff
changeset
|
34 server.shell(commands=[ |
|
fb226978c4d7
fix prime postfix setup. forwards to gmail were piling up
drewp@bigasterisk.com
parents:
16
diff
changeset
|
35 'postmap /etc/postfix/sender_access', |
|
fb226978c4d7
fix prime postfix setup. forwards to gmail were piling up
drewp@bigasterisk.com
parents:
16
diff
changeset
|
36 'postmap /etc/postfix/virtual', |
| 218 | 37 'postmap /etc/postfix/aliases', # broken |
|
18
fb226978c4d7
fix prime postfix setup. forwards to gmail were piling up
drewp@bigasterisk.com
parents:
16
diff
changeset
|
38 'postfix reload', |
|
fb226978c4d7
fix prime postfix setup. forwards to gmail were piling up
drewp@bigasterisk.com
parents:
16
diff
changeset
|
39 ]) |
|
184
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
40 systemd.service(service='postfix@-.service', enabled=True, running=True) |
| 16 | 41 |
| 42 # something to run ~drewp/mbsync/go at startup | |
| 43 | |
| 41 | 44 server.shell(commands=[ |
| 45 "cd /home/drewp/mbsync; /usr/bin/mbsync-get-cert 10.5.0.1 > servercert", | |
| 46 ]) | |
| 16 | 47 |
| 253 | 48 files.put(src='templates/file-count/file_count.py', dest='/opt/file_count.py') |
| 49 files.template(src='templates/file-count/file-count.service.j2', dest='/etc/systemd/system/maildir-count.service') | |
| 50 systemd.service(service='maildir-count.service', enabled=True, running=True, daemon_reload=True) | |
| 51 | |
| 52 | |
| 16 | 53 # other machines, route mail to bang or prime for delivery |
| 41 | 54 |
| 55 if host.name == 'bang': | |
|
184
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
56 apt.packages(packages=['postfix']) |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
57 files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf') |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
58 files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination') |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
59 files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases') |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
60 files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access') |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
61 files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual') |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
62 |
| 41 | 63 server.shell(commands=[ |
|
184
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
64 'postmap /etc/postfix/sender_access', |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
65 'postmap /etc/postfix/virtual', |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
66 'postmap /etc/postfix/aliases', |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
67 'postfix reload', |
| 41 | 68 ]) |
|
184
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
69 systemd.service(service='postfix@-.service', enabled=True, running=True) |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
70 |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
71 # server.shell(commands=[ |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
72 # # not working |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
73 # "cd /my/serv/dovecot; runuser -u drewp -- invoke certs", |
|
53b6457f75f3
also config postfix on bang (others, soon)
drewp@bigasterisk.com
parents:
183
diff
changeset
|
74 # ]) |