experimental mail transport

deploy/ansible/inventory.yml.sample

@@ -8,6 +8,7 @@ c3lf-nodes:
       git_branch: master
       git_repo: <git_repo_url>
       db_password: <db_password>
+      mail_domain: <mail_domain>
       main_email: <main_email>
       legacy_api_user: <legacy_api_user>
       legacy_api_password: <legacy_api_password>

deploy/ansible/playbooks/deploy-c3lf-sys3.yml

@@ -222,7 +222,7 @@
 
         - name: install requirements
           pip:
-            requirements: /var/www/c3lf-sys3/repo/core/requirements.txt
+            requirements: /var/www/c3lf-sys3/repo/core/requirements.prod.txt
             virtualenv: /var/www/c3lf-sys3/venv
             state: present
           when: git_repo.changed == true
@@ -274,4 +274,35 @@
       service:
         name: c3lf-sys3
         state: started
-        enabled: yes
+        enabled: yes
+
+    - name: add postfix to www-data group
+      user:
+        name: postfix
+        groups: www-data
+        append: yes
+      notify:
+        - restart postfix
+
+    - name: add custom transport config
+      lineinfile:
+        path: /etc/postfix/master.cf
+        line: "c3lf-sys3 unix - n n - - lmtp"
+        state: present
+        create: yes
+      notify:
+        - restart postfix
+
+    - name: configure postfix
+      template:
+        src: templates/postfix.cf.j2
+        dest: /etc/postfix/main.cf
+      notify:
+        - restart postfix
+
+    - name: UFW allow smtp
+      ufw:
+        rule: allow
+        port: 25
+        proto: tcp
+        state: enabled

deploy/ansible/playbooks/templates/django.env.j2

@@ -4,6 +4,7 @@ DB_NAME=c3lf_sys3
 DB_USER=c3lf_sys3
 DB_PASSWORD={{ db_password }}
 HTTP_HOST={{ web_domain }}
+MAIL_DOMAIN={{ mail_domain }}
 LEGACY_API_USER={{ legacy_api_user }}
 LEGACY_API_PASSWORD={{ legacy_api_password }}
 MEDIA_ROOT=/var/www/c3lf-sys3/userfiles

deploy/ansible/playbooks/templates/postfix.cf.j2

@@ -0,0 +1,50 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
+# fresh installs.
+compatibility_level = 3.6
+
+# TLS parameters
+smtp_use_tls = yes
+smtp_force_tls = yes
+smtpd_use_tls = yes
+smtpd_tls_cert_file=/etc/letsencrypt/live/{{ web_domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/{{ web_domain }}/privkey.pem
+smtpd_tls_security_level=may
+
+smtp_tls_CApath=/etc/ssl/certs
+smtp_tls_security_level=may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = polaris.c3lf.de
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = $myhostname, , localhost
+relayhost = firefly.lab.or.it
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+maillog_file = /var/log/mail.log
+
+virtual_mailbox_domains = {{ mail_domain }}
+virtual_transport=c3lf-sys3:unix:/var/www/c3lf-sys3/lmtp.sock