Mercurial > code > home > repos > infra

view mail.py @ 324:99c81fa0f2fc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add chat.bigasterisk.com dns and dkim
author drewp@bigasterisk.com
date Mon, 20 Jan 2025 14:09:37 -0800
parents c44677a25baf
children
line wrap: on
line source

from pyinfra import host
from pyinfra.operations import apt, files, server, systemd

if host.name == 'prime':
    apt.packages(packages=['postfix', 'isync', 'opendkim', 'opendkim-tools'])
    '''
    per domain keygen:
        prime(pts/4):~# mkdir /etc/opendkim/keys/chat.bigasterisk.com
        prime(pts/4):~# opendkim-genkey -b 1024 -d chat.bigasterisk.com -D /etc/opendkim/keys/chat.bigasterisk.com -s default -v
        opendkim-genkey: generating private key
        opendkim-genkey: private key written to default.private
        opendkim-genkey: extracting public key
        opendkim-genkey: DNS TXT record written to default.txt
        prime(pts/4):~# chown opendkim /etc/opendkim/keys/*/*
    '''

    files.template(src='templates/mail/opendkim-KeyTable.j2', dest='/etc/opendkim/KeyTable')
    files.template(src='templates/mail/opendkim-SigningTable.j2', dest='/etc/opendkim/SigningTable')
    files.template(src='templates/mail/opendkim-TrustedHosts.j2', dest='/etc/opendkim/TrustedHosts')
    files.template(src='templates/mail/opendkim.conf.j2', dest='/etc/opendkim.conf')
    files.put(src='secrets/mail/bigasterisk.com-default.private',
              dest='/etc/opendkim/keys/bigasterisk.com/default.private',
              mode='0600', user='opendkim')

    files.template(src='templates/mail/opendkim.service.j2', dest='/usr/lib/systemd/system/opendkim.service')
    systemd.service(service='opendkim.service', enabled=True, running=True, restarted=True, daemon_reload=True)

    files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf')
    files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination')
    files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases')
    files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access')
    files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual')

    server.shell(commands=[
        'postmap /etc/postfix/sender_access',
        'postmap /etc/postfix/virtual',
        'postmap /etc/postfix/aliases',  # broken
        'postfix reload',
    ])
    systemd.service(service='postfix@-.service', enabled=True, running=True)

    # something to run ~drewp/mbsync/go at startup

    server.shell(commands=[
        "cd /home/drewp/mbsync; /usr/bin/mbsync-get-cert 10.5.0.1 > servercert",
    ])

    files.put(src='templates/file-count/file_count.py', dest='/opt/file_count.py')
    files.template(src='templates/file-count/file-count.service.j2', dest='/etc/systemd/system/maildir-count.service')
    systemd.service(service='maildir-count.service', enabled=True, running=True, daemon_reload=True)


# other machines, route mail to bang or prime for delivery

if host.name == 'bang':
    apt.packages(packages=['postfix'])
    files.template(src='templates/mail/main.cf.j2', dest='/etc/postfix/main.cf')
    files.template(src='templates/mail/mydestination.j2', dest='/etc/postfix/mydestination')
    files.put(src='secrets/mail/aliases', dest='/etc/postfix/aliases')
    files.put(src='secrets/mail/sender_access', dest='/etc/postfix/sender_access')
    files.put(src='secrets/mail/virtual', dest='/etc/postfix/virtual')

    server.shell(commands=[
        'postmap /etc/postfix/sender_access',
        'postmap /etc/postfix/virtual',
        'postmap /etc/postfix/aliases',
        'postfix reload',
    ])
    systemd.service(service='postfix@-.service', enabled=True, running=True)

    # server.shell(commands=[
    #     # not working
    #     "cd /my/serv/dovecot; runuser -u drewp -- invoke certs",
    # ])