Browse Source

postfix: temporarily open 80/443 for certbot

instead of leaving it open at all times

Fixes: main/infrastructure#69
keep-around/616557fed9cf704af83b53b0bccbaea74dcf6014
singuliere 3 years ago
parent
commit
6a6340a313
No known key found for this signature in database GPG Key ID: 900857755EF189C2
  1. 1
      inventories/common/firewall.yml
  2. 26
      molecule/postfix/postfix-relay-playbook.yml

1
inventories/common/firewall.yml

@ -53,7 +53,6 @@ firewall_web_server_group:
gitlab-host:
icinga-host:
packages-host:
postfix-host: # not a web host but has a web site for the purpose of obtaining letsencrypt certificates
weblate-host:
website-host:

26
molecule/postfix/postfix-relay-playbook.yml

@ -2,14 +2,34 @@
- name: install letsencrypt certificate if needed
hosts: 'postfix-host'
become: true
roles:
- role: certbot-postfix
- role: firewall
vars:
firewall_server: "{{ inventory_hostname }}"
firewall_clients: [ 0.0.0.0/0 ]
firewall_protocols: [ tcp ]
firewall_ports: [ 80, 443 ]
firewall_rule_state: present
delegate_to: localhost
become: false
- role: certbot-postfix
become: true
- role: firewall
vars:
firewall_server: "{{ inventory_hostname }}"
firewall_clients: [ 0.0.0.0/0 ]
firewall_protocols: [ tcp ]
firewall_ports: [ 80, 443 ]
firewall_rule_state: absent
delegate_to: localhost
become: false
- name: install and configure postfix relay
hosts: 'postfix-host'
become: True
become: true
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))

Loading…
Cancel
Save