Mercurial > code > home > repos > infra
diff mail/mail.py @ 326:5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 20 Jan 2025 21:55:08 -0800 |
| parents | mail.py@99c81fa0f2fc |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mail/mail.py Mon Jan 20 21:55:08 2025 -0800 @@ -0,0 +1,99 @@ +from pyinfra.context import host +from pyinfra.operations import apt, files, server, systemd + +# ditto (and others?) might also run postfix; not sure how + + +def dkim(): + if host.name != 'prime': + return + ''' + per domain keygen: + prime(pts/4):~# mkdir /etc/opendkim/keys/chat.bigasterisk.com + prime(pts/4):~# opendkim-genkey -b 1024 -d chat.bigasterisk.com -D /etc/opendkim/keys/chat.bigasterisk.com -s default -v + opendkim-genkey: generating private key + opendkim-genkey: private key written to default.private + opendkim-genkey: extracting public key + opendkim-genkey: DNS TXT record written to default.txt + prime(pts/4):~# chown opendkim /etc/opendkim/keys/*/* + ''' + apt.packages(packages=['opendkim', 'opendkim-tools']) + + files.template(src='mail/dkim/opendkim-KeyTable', dest='/etc/opendkim/KeyTable') + files.template(src='mail/dkim/opendkim-SigningTable', dest='/etc/opendkim/SigningTable') + files.template(src='mail/dkim/opendkim-TrustedHosts', dest='/etc/opendkim/TrustedHosts') + files.template(src='mail/dkim/opendkim.conf', dest='/etc/opendkim.conf') + + for domain in ['bigasterisk.com', 'chat.bigasterisk.com']: + files.put(src=f'secrets/mail/{domain}-default.private', + dest=f'/etc/opendkim/keys/{domain}/default.private', + mode='0600', + user='opendkim') + + files.template(src='mail/opendkim.service', dest='/usr/lib/systemd/system/opendkim.service') + systemd.service(service='opendkim.service', enabled=True, running=True, restarted=True, daemon_reload=True) + + +def postfix(): + if host.name != 'prime': + return + apt.packages(packages=['postfix', 'isync']) + + files.template(src='mail/main.cf.j2', dest='/etc/postfix/main.cf') + files.put(src='mail/mydestination', dest='/etc/postfix/mydestination') + files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases') + files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access') + files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual') + + server.shell(commands=[ + 'postmap /etc/postfix/sender_access', + 'postmap /etc/postfix/virtual', + 'postmap /etc/postfix/aliases', # broken + 'postfix reload', + ]) + systemd.service(service='postfix@-.service', enabled=True, running=True) + + +def mbsync(): + if host.name != 'prime': + return + + # todo: something to run ~drewp/mbsync/go at startup + + server.shell(commands=[ + "cd /home/drewp/mbsync; /usr/bin/mbsync-get-cert 10.5.0.1 > servercert", + ]) + + files.put(src='mail/file-count/file_count.py', dest='/opt/file_count.py') + files.put(src='mail/file-count/file-count.service', dest='/etc/systemd/system/maildir-count.service') + systemd.service(service='maildir-count.service', enabled=True, running=True, daemon_reload=True) + + +# other machines, route mail to bang or prime for delivery + +# if host.name == 'bang': +# apt.packages(packages=['postfix']) +# files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf') +# files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination') +# files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases') +# files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access') +# files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual') + +# server.shell(commands=[ +# 'postmap /etc/postfix/sender_access', +# 'postmap /etc/postfix/virtual', +# 'postmap /etc/postfix/aliases', +# 'postfix reload', +# ]) +# systemd.service(service='postfix@-.service', enabled=True, running=True) + +# # server.shell(commands=[ +# # # not working +# # "cd /my/serv/dovecot; runuser -u drewp -- invoke certs", +# # ]) + +operations = [ + dkim, + postfix, + mbsync, +]