Mercurial > code > home > repos > infra

comparison mail/mail.py @ 326:5b88b38f2471

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
author drewp@bigasterisk.com
date Mon, 20 Jan 2025 21:55:08 -0800
parents mail.py@99c81fa0f2fc
children
comparison
equal deleted inserted replaced
325:4d1b6a6e65d2 326:5b88b38f2471
1 from pyinfra.context import host
2 from pyinfra.operations import apt, files, server, systemd
3
4 # ditto (and others?) might also run postfix; not sure how
5
6
7 def dkim():
8 if host.name != 'prime':
9 return
10 '''
11 per domain keygen:
12 prime(pts/4):~# mkdir /etc/opendkim/keys/chat.bigasterisk.com
13 prime(pts/4):~# opendkim-genkey -b 1024 -d chat.bigasterisk.com -D /etc/opendkim/keys/chat.bigasterisk.com -s default -v
14 opendkim-genkey: generating private key
15 opendkim-genkey: private key written to default.private
16 opendkim-genkey: extracting public key
17 opendkim-genkey: DNS TXT record written to default.txt
18 prime(pts/4):~# chown opendkim /etc/opendkim/keys/*/*
19 '''
20 apt.packages(packages=['opendkim', 'opendkim-tools'])
21
22 files.template(src='mail/dkim/opendkim-KeyTable', dest='/etc/opendkim/KeyTable')
23 files.template(src='mail/dkim/opendkim-SigningTable', dest='/etc/opendkim/SigningTable')
24 files.template(src='mail/dkim/opendkim-TrustedHosts', dest='/etc/opendkim/TrustedHosts')
25 files.template(src='mail/dkim/opendkim.conf', dest='/etc/opendkim.conf')
26
27 for domain in ['bigasterisk.com', 'chat.bigasterisk.com']:
28 files.put(src=f'secrets/mail/{domain}-default.private',
29 dest=f'/etc/opendkim/keys/{domain}/default.private',
30 mode='0600',
31 user='opendkim')
32
33 files.template(src='mail/opendkim.service', dest='/usr/lib/systemd/system/opendkim.service')
34 systemd.service(service='opendkim.service', enabled=True, running=True, restarted=True, daemon_reload=True)
35
36
37 def postfix():
38 if host.name != 'prime':
39 return
40 apt.packages(packages=['postfix', 'isync'])
41
42 files.template(src='mail/main.cf.j2', dest='/etc/postfix/main.cf')
43 files.put(src='mail/mydestination', dest='/etc/postfix/mydestination')
44 files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases')
45 files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access')
46 files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual')
47
48 server.shell(commands=[
49 'postmap /etc/postfix/sender_access',
50 'postmap /etc/postfix/virtual',
51 'postmap /etc/postfix/aliases', # broken
52 'postfix reload',
53 ])
54 systemd.service(service='postfix@-.service', enabled=True, running=True)
55
56
57 def mbsync():
58 if host.name != 'prime':
59 return
60
61 # todo: something to run ~drewp/mbsync/go at startup
62
63 server.shell(commands=[
64 "cd /home/drewp/mbsync; /usr/bin/mbsync-get-cert 10.5.0.1 > servercert",
65 ])
66
67 files.put(src='mail/file-count/file_count.py', dest='/opt/file_count.py')
68 files.put(src='mail/file-count/file-count.service', dest='/etc/systemd/system/maildir-count.service')
69 systemd.service(service='maildir-count.service', enabled=True, running=True, daemon_reload=True)
70
71
72 # other machines, route mail to bang or prime for delivery
73
74 # if host.name == 'bang':
75 # apt.packages(packages=['postfix'])
76 # files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf')
77 # files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination')
78 # files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases')
79 # files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access')
80 # files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual')
81
82 # server.shell(commands=[
83 # 'postmap /etc/postfix/sender_access',
84 # 'postmap /etc/postfix/virtual',
85 # 'postmap /etc/postfix/aliases',
86 # 'postfix reload',
87 # ])
88 # systemd.service(service='postfix@-.service', enabled=True, running=True)
89
90 # # server.shell(commands=[
91 # # # not working
92 # # "cd /my/serv/dovecot; runuser -u drewp -- invoke certs",
93 # # ])
94
95 operations = [
96 dkim,
97 postfix,
98 mbsync,
99 ]