darklajid/ansible-communication

My setup for running my own infrastructure

This provides:

  • NTP (as a prerequisite)
  • Mail via postfix/dovecot, using virtual users
  • Spam protection using dspam and postgrey
  • DKIM signing/verification
  • Full-text search over imap via dovecot-clucene
  • XMPP for all mail accounts

Open issues:

  • postfix, add smtpd_sender_login_maps to allow sending from aliases?
  • postfix, think about adding proxymap to pool connections?
  • test sieve and managedsieve
  • radicale is installed from git, which is less than optimal for reproducable builds…
  • backup & restore scripts

Roadmap:

  • Evaluate Mozilla Persona / OpenID
  • Evaluate bitmessage
  • Offer CalDAV/CardDAV web interfaces? CalDavZAP & CardDavMate?
  • Offer webmail? Roundcube?
  • Administrative interface for domains/users

Requirements:

  • Arch target host

  • Sudo privileges on the target host

  • SSL certificate in /roles/common/files/certs/{{ansible_fqdn}}.pem

  • SSL certificate private key in /roles/common/files/certs/{{ansible_fqdn}}.key.enc This is expected to be encrypted with openssl aes-256-cbc -in $hostname.key -out $hostname.key.enc

  • Opendkim keys below /roles/mail/files/opendkim/keys One folder per domain, below that a key named default.private.enc Again, this is encrypted with openssl (see ssl key above)

    Example: /roles/mail/files/opendkim/keys/example.com/default.private.enc