postmoogle feedback

docs/configuring-dns.md

@@ -84,5 +84,5 @@ When you're done with the DNS configuration and ready to proceed, continue with
 
 ## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup
 
-To make the [postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge enable its email sending features, you need to configure
+To make the [postmoogle](configuring-playbook-bot-postmoogle.md) email bridge enable its email sending features, you need to configure
 SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records

group_vars/matrix_servers

@@ -1210,6 +1210,9 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
 
 # We don't enable bots by default.
 matrix_bot_postmoogle_enabled: false
+matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
+matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
+matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
 
 matrix_bot_postmoogle_systemd_required_services_list: |
   {{

roles/matrix-bot-postmoogle/defaults/main.yml

@@ -17,7 +17,6 @@ matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_
 matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"
 matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config"
 matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data"
-matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
 
 # A list of extra arguments to pass to the container
 matrix_bot_postmoogle_container_extra_arguments: []
@@ -111,20 +110,35 @@ matrix_bot_postmoogle_noencryption: false
 
 matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
 
-# Mandatory TLS, even on plain SMTP port
-matrix_bot_postmoogle_tls_required: false
-
 # in-container ports
 matrix_bot_postmoogle_port: '2525'
 matrix_bot_postmoogle_tls_port: '25587'
 
 # on-host ports
 matrix_bot_postmoogle_smtp_host_bind_port: '25'
-matrix_bot_postmoogle_smtps_host_bind_port: '587'
+matrix_bot_postmoogle_submission_host_bind_port: '587'
 
-# in-container SSL paths
+### SSL
-matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
+## on-host SSL dir
-matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
+matrix_bot_postmoogle_ssl_path: ""
+
+## in-container SSL paths
+# matrix_bot_postmoogle_tls_cert is the SSL certificate's certificate.
+# This is likely set via group_vars/matrix_servers, so you don't need to set it.
+# If you do need to set it manually, note that this is an in-container path.
+# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
+# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem
+matrix_bot_postmoogle_tls_cert: ""
+
+# matrix_bot_postmoogle_tls_key is the SSL certificate's key.
+# This is likely set via group_vars/matrix_servers, so you don't need to set it.
+# If you do need to set it manually, note that this is an in-container path.
+# To mount a certificates volumes into the container, use matrix_bot_postmoogle_ssl_path
+# Example value: /ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem
+matrix_bot_postmoogle_tls_key: ""
+
+# Mandatory TLS, even on plain SMTP port
+matrix_bot_postmoogle_tls_required: false
 
 # Additional environment variables to pass to the postmoogle container
 #

roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2

@@ -24,9 +24,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_bot_postmoogle_config_path }}/env \
 			-p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \
-			-p {{ matrix_bot_postmoogle_smtps_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \
+			{% if matrix_bot_postmoogle_ssl_path %}
+			-p {{ matrix_bot_postmoogle_submission_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \
+			{% endif %}
 			--mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \
+			{% if matrix_bot_postmoogle_ssl_path %}
 			--mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \
+			{% endif %}
 			{% for arg in matrix_bot_postmoogle_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -26,7 +26,7 @@
 
     - name: Obtain Let's Encrypt certificates
       ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
-      with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
+      with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
       loop_control:
         loop_var: domain_name
 

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_manually_managed.yml

@@ -2,7 +2,7 @@
 
 - name: Verify certificates
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml"
-  with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
+  with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
   loop_control:
     loop_var: domain_name
   when: "matrix_ssl_retrieval_method == 'manually-managed'"

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed.yml

@@ -5,7 +5,7 @@
 
 - name: Generate self-signed certificates
   ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"
-  with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
+  with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for | unique }}"
   loop_control:
     loop_var: domain_name
   when: "matrix_ssl_retrieval_method == 'self-signed'"