Move dh2048 creation to base, remove server-scripts from base
authorRalf Jung <post@ralfj.de>
Fri, 11 May 2018 08:47:45 +0000 (10:47 +0200)
committerRalf Jung <post@ralfj.de>
Fri, 11 May 2018 08:47:45 +0000 (10:47 +0200)
roles/base/tasks/main.yml
roles/postfix/defaults/main.yml [deleted file]
roles/postfix/tasks/main.yml
roles/postfix/templates/main.cf
roles/prosody/defaults/main.yml
roles/prosody/templates/prosody.cfg.lua

index 5f264c6..0bc1caf 100644 (file)
   apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
 - name: install some basic tools
   apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
-# server-scripts
-- name: clone server-scripts git repository
-  git:
-    dest: /root/server-scripts
-    repo: 'https://git.ralfj.de/server-scripts.git'
-    version: 07d301fd8adeaf8ad40591a418da394ad37816ce
+# dh2048
+- name: create dh2048 file
+  command: openssl dhparam -out /etc/ssl/dh2048.pem 2048
+  args:
+    creates: "/etc/ssl/dh2048.pem"
 # configuration
 - name: configure root shell
   copy:
diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
deleted file mode 100644 (file)
index b05f8de..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-postfix:
-  paths:
-    dh2048: /etc/ssl/dh2048.pem
index 45eb9ee..af796d3 100644 (file)
@@ -1,8 +1,3 @@
-# base
-- name: create dh2048 file
-  command: openssl dhparam -out {{ postfix.paths.dh2048 }} 2048
-  args:
-    creates: "{{ postfix.paths.dh2048 }}"
 # daemons
 - import_tasks: unbound.yml
   tags: unbound
index fa2082c..4488ec4 100644 (file)
@@ -13,7 +13,7 @@ smtpd_tls_key_file=/etc/ssl/private/letsencrypt/live.key
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_tls_security_level = may
 smtpd_tls_loglevel = 1
-smtpd_tls_dh1024_param_file = {{ postfix.paths.dh2048 }}
+smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
 smtpd_tls_ciphers = low
 smtpd_tls_mandatory_ciphers = high
index 9fc3074..ebe7068 100644 (file)
@@ -1,4 +1,3 @@
 prosody:
   paths:
     modules: /var/lib/prosody/modules
-    dh2048: /etc/ssl/dh2048.pem
index 4f99029..fd805cc 100644 (file)
@@ -119,7 +119,7 @@ ssl = {
        key = "/etc/ssl/private/letsencrypt/live.key";
        certificate = "/etc/ssl/mycerts/letsencrypt/live.crt+chain";
        ciphers = "ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:!3DES";
-       dhparam = "{{ prosody.paths.dh2048 }}";
+       dhparam = "/etc/ssl/dh2048.pem";
 }
 -- support legacy clients
 legacy_ssl_ports = { 5223 }