Merge pull request #2092 from etkecc/postmoogle-091

Update Postmoogle 0.9.0 -> 0.9.1
This commit is contained in:
Slavi Pantaleev 2022-09-09 14:16:10 +03:00 committed by GitHub
commit 5714ddf894
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 69 additions and 19 deletions

View file

@ -29,7 +29,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
## DNS settings for optional services/features ## DNS settings for optional services/features
| Type | Host | Priority | Weight | Port | Target | | Type | Host | Priority | Weight | Port | Target |
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- | | ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- |
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` | | SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
| CNAME | `dimension` | - | - | - | `matrix.<your-domain>` | | CNAME | `dimension` | - | - | - | `matrix.<your-domain>` |
| CNAME | `jitsi` | - | - | - | `matrix.<your-domain>` | | CNAME | `jitsi` | - | - | - | `matrix.<your-domain>` |
@ -40,6 +40,10 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
| CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` | | CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
| CNAME | `cinny` | - | - | - | `matrix.<your-domain>` | | CNAME | `cinny` | - | - | - | `matrix.<your-domain>` |
| CNAME | `buscarron` | - | - | - | `matrix.<your-domain>` | | CNAME | `buscarron` | - | - | - | `matrix.<your-domain>` |
| MX | `matrix` | 10 | 0 | - | `matrix.<your-domain>` |
| TXT | `matrix` | - | - | - | `v=spf1 ip4:<your-ip> -all` |
| TXT | `_dmarc.matrix` | - | - | - | `v=DMARC1; p=quarantine;` |
| TXT | `postmoogle._domainkey.matrix` | - | - | - | get it from `!pm dkim` |
## Subdomains setup ## Subdomains setup
@ -77,3 +81,8 @@ This is an optional feature for the optionally-installed [ma1sd service](configu
Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md). When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md).
## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup
To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure
SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records

View file

@ -35,6 +35,9 @@ matrix_bot_postmoogle_enabled: true
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
``` ```
You will also need to add several DNS records so that postmoogle can send emails.
See [Configuring DNS](configuring-dns.md).
## Installing ## Installing

View file

@ -1210,6 +1210,9 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
# We don't enable bots by default. # We don't enable bots by default.
matrix_bot_postmoogle_enabled: false matrix_bot_postmoogle_enabled: false
matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
matrix_bot_postmoogle_systemd_required_services_list: | matrix_bot_postmoogle_systemd_required_services_list: |
{{ {{
@ -1791,6 +1794,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+ +
([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
+ +
([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else [])
+
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
+ +
matrix_ssl_additional_domains_to_obtain_certificates_for matrix_ssl_additional_domains_to_obtain_certificates_for

View file

@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.0 matrix_bot_postmoogle_version: v0.9.1
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@ -110,11 +110,35 @@ matrix_bot_postmoogle_noencryption: false
matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}" matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
# in-container port # in-container ports
matrix_bot_postmoogle_port: '2525' matrix_bot_postmoogle_port: '2525'
matrix_bot_postmoogle_tls_port: '25587'
# on-host port # on-host ports
matrix_bot_postmoogle_smtp_host_bind_port: '25' matrix_bot_postmoogle_smtp_host_bind_port: '25'
matrix_bot_postmoogle_submission_host_bind_port: '587'
### SSL
## on-host SSL dir
matrix_bot_postmoogle_ssl_path: ""
## in-container SSL paths
# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate.
# This is likely set via group_vars/matrix_servers, so you don't need to set it.
# If you do need to set it manually, note that this is an in-container path.
# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem
matrix_bot_postmoogle_tls_cert: ""
# matrix_bot_postmoogle_tls_key is the SSL certificate's key.
# This is likely set via group_vars/matrix_servers, so you don't need to set it.
# If you do need to set it manually, note that this is an in-container path.
# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem
matrix_bot_postmoogle_tls_key: ""
# Mandatory TLS, even on plain SMTP port
matrix_bot_postmoogle_tls_required: false
# Additional environment variables to pass to the postmoogle container # Additional environment variables to pass to the postmoogle container
# #

View file

@ -10,7 +10,10 @@ POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }} POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }} POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }} POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
POSTMOOGLE_USERS={{ matrix_bot_postmoogle_users | join(' ') }}
POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }} POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }}
POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
{{ matrix_bot_postmoogle_environment_variables_extension }} {{ matrix_bot_postmoogle_environment_variables_extension }}

View file

@ -24,7 +24,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_postmoogle_config_path }}/env \ --env-file={{ matrix_bot_postmoogle_config_path }}/env \
-p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \ -p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \
{% if matrix_bot_postmoogle_ssl_path %}
-p {{ matrix_bot_postmoogle_submission_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \
{% endif %}
--mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \ --mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \
{% if matrix_bot_postmoogle_ssl_path %}
--mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \
{% endif %}
{% for arg in matrix_bot_postmoogle_container_extra_arguments %} {% for arg in matrix_bot_postmoogle_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}

View file

@ -26,7 +26,7 @@
- name: Obtain Let's Encrypt certificates - name: Obtain Let's Encrypt certificates
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
loop_control: loop_control:
loop_var: domain_name loop_var: domain_name

View file

@ -2,7 +2,7 @@
- name: Verify certificates - name: Verify certificates
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml"
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
loop_control: loop_control:
loop_var: domain_name loop_var: domain_name
when: "matrix_ssl_retrieval_method == 'manually-managed'" when: "matrix_ssl_retrieval_method == 'manually-managed'"

View file

@ -5,7 +5,7 @@
- name: Generate self-signed certificates - name: Generate self-signed certificates
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml" ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}" with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
loop_control: loop_control:
loop_var: domain_name loop_var: domain_name
when: "matrix_ssl_retrieval_method == 'self-signed'" when: "matrix_ssl_retrieval_method == 'self-signed'"