diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-02-11 22:24:42 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-02-11 22:37:08 +0100 |
| commit | a552f67e9433a476c49db0b7166538f1d3d68f47 (patch) | |
| tree | 3f441555c5f38c47cc273cf14d61ed615047545c | |
| parent | 348fac27bcacd395ed1420be258ca99674208e87 (diff) | |
| download | infrastructure-a552f67e9433a476c49db0b7166538f1d3d68f47.tar.gz infrastructure-a552f67e9433a476c49db0b7166538f1d3d68f47.zip | |
WIP (not tested) switch Postfix to bottin2 and use separate secrets
| -rw-r--r-- | consul/configuration/email/postfix/ldap-account.cf.sample | 12 | ||||
| -rw-r--r-- | consul/configuration/email/postfix/ldap-account.cf.tpl | 12 | ||||
| -rw-r--r-- | consul/configuration/email/postfix/ldap-alias.cf.tpl (renamed from consul/configuration/email/postfix/ldap-alias.cf.sample) | 6 | ||||
| -rw-r--r-- | nomad/email.hcl | 29 |
4 files changed, 36 insertions, 23 deletions
diff --git a/consul/configuration/email/postfix/ldap-account.cf.sample b/consul/configuration/email/postfix/ldap-account.cf.sample deleted file mode 100644 index 1b90252..0000000 --- a/consul/configuration/email/postfix/ldap-account.cf.sample +++ /dev/null @@ -1,12 +0,0 @@ -bind = yes -bind_dn = cn=<user>,dc=deuxfleurs,dc=fr -bind_pw = <secret> -version = 3 -timeout = 20 -start_tls = no -tls_require_cert = no -server_host = ldap://bottin.service.2.cluster.deuxfleurs.fr -scope = sub -search_base = ou=users,dc=deuxfleurs,dc=fr -query_filter = mail=%s -result_attribute = mail diff --git a/consul/configuration/email/postfix/ldap-account.cf.tpl b/consul/configuration/email/postfix/ldap-account.cf.tpl new file mode 100644 index 0000000..2575f10 --- /dev/null +++ b/consul/configuration/email/postfix/ldap-account.cf.tpl @@ -0,0 +1,12 @@ +bind = yes +bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} +bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} +version = 3 +timeout = 20 +start_tls = no +tls_require_cert = no +server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr +scope = sub +search_base = ou=users,dc=deuxfleurs,dc=fr +query_filter = mail=%s +result_attribute = mail diff --git a/consul/configuration/email/postfix/ldap-alias.cf.sample b/consul/configuration/email/postfix/ldap-alias.cf.tpl index 8ed3361..775c0ad 100644 --- a/consul/configuration/email/postfix/ldap-alias.cf.sample +++ b/consul/configuration/email/postfix/ldap-alias.cf.tpl @@ -1,9 +1,9 @@ -server_host = bottin.service.2.cluster.deuxfleurs.fr +server_host = bottin2.service.2.cluster.deuxfleurs.fr server_port = 389 search_base = dc=deuxfleurs,dc=fr query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr)) result_attribute = mail bind = yes -bind_dn = cn=<someone>,dc=deuxfleurs,dc=fr -bind_pw = <password> +bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }} +bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }} version = 3 diff --git a/nomad/email.hcl b/nomad/email.hcl index 1d5c8c1..649231c 100644 --- a/nomad/email.hcl +++ b/nomad/email.hcl @@ -328,6 +328,27 @@ job "email" { } } + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-account.cf.tpl?raw" + destination = "secrets/postfix/ldap-account.cf.tpl" + mode = "file" + } + template { + source = "secrets/postfix/ldap-account.cf.tpl" + destination = "secrets/postfix/ldap-account.cf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/email/postfix/ldap-alias.cf.tpl?raw" + destination = "secrets/postfix/ldap-alias.cf.tpl" + mode = "file" + } + template { + source = "secrets/postfix/ldap-alias.cf.tpl" + destination = "secrets/postfix/ldap-alias.cf" + } + + template { data = "{{ key \"configuration/email/postfix/postfix.crt\" }}" destination = "secrets/ssl/certs/postfix.crt" @@ -347,14 +368,6 @@ job "email" { destination = "secrets/postfix/header_checks" } template { - data = "{{ key \"configuration/email/postfix/ldap-account.cf\" }}" - destination = "secrets/postfix/ldap-account.cf" - } - template { - data = "{{ key \"configuration/email/postfix/ldap-alias.cf\" }}" - destination = "secrets/postfix/ldap-alias.cf" - } - template { data = "{{ key \"configuration/email/postfix/main.cf\" }}" destination = "secrets/postfix/main.cf" } |