├── roles ├── xchat │ ├── handlers │ │ └── main.yml │ ├── templates │ │ ├── servlist_.conf.j2 │ │ ├── colors.conf.j2 │ │ └── xchat.conf.j2 │ └── tasks │ │ └── main.yml ├── email │ ├── templates │ │ ├── mailname.j2 │ │ ├── postfix │ │ │ ├── aliases_regexp.j2 │ │ │ ├── generic.j2 │ │ │ └── main.cf.j2 │ │ └── dovecot │ │ │ └── conf.d │ │ │ ├── auth-static.conf.ext.j2 │ │ │ ├── 15-lda.conf.j2 │ │ │ └── 10-auth.conf.j2 │ ├── files │ │ ├── default │ │ │ └── postgrey │ │ ├── pam.d │ │ │ └── dovecot │ │ ├── dovecot │ │ │ ├── conf.d │ │ │ │ ├── 10-tcpwrapper.conf │ │ │ │ ├── 90-plugin.conf │ │ │ │ ├── 90-acl.conf │ │ │ │ ├── auth-system.conf.ext │ │ │ │ ├── 15-mailboxes.conf │ │ │ │ ├── 10-director.conf │ │ │ │ ├── 10-ssl.conf │ │ │ │ ├── 90-quota.conf │ │ │ │ ├── 10-logging.conf │ │ │ │ ├── 10-master.conf │ │ │ │ └── 10-mail.conf │ │ │ └── default.sieve │ │ └── postfix │ │ │ └── master.cf │ ├── tasks │ │ ├── main.yml │ │ ├── dovecot.yml │ │ └── postfix.yml │ └── handlers │ │ └── main.yml ├── tinc │ ├── files │ │ ├── default_args │ │ ├── nets.boot │ │ └── init_d_tinc │ ├── templates │ │ ├── tinc-up.j2 │ │ ├── host.j2 │ │ └── tinc.conf.j2 │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── ddclient │ ├── handlers │ │ └── main.yml │ ├── templates │ │ └── ddclient.conf.j2 │ └── tasks │ │ └── main.yml ├── mutt │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── Muttrc.j2 ├── irc_bouncer │ ├── handlers │ │ └── main.yml │ ├── templates │ │ └── znc.conf.j2 │ ├── tasks │ │ └── main.yml │ └── files │ │ └── initd_znc ├── gpg │ └── tasks │ │ └── main.yml ├── backups │ └── tasks │ │ └── main.yml └── openttd │ ├── defaults │ └── main.yml │ ├── files │ └── initd_openttd │ ├── tasks │ └── main.yml │ └── templates │ └── openttd.cfg.j2 ├── config.example ├── files │ ├── duply │ │ ├── b.enjam.info.pre │ │ ├── b.enjam.info.post │ │ ├── b.enjam.info.exclude │ │ └── b.enjam.info.conf │ └── postgrey │ │ ├── whitelist_recipients.local │ │ └── whitelist_clients.local ├── group_vars │ ├── laptops │ └── all └── host_vars │ ├── pipeep-laptop │ ├── pipeep-netbook │ └── b.enjam.info ├── headless.yml ├── site.yml ├── plugins └── jinja2_plugins │ ├── __init__.py │ ├── znc.py │ └── openttd.py ├── .gitignore ├── workstations.yml ├── .editorconfig ├── setup.py ├── buyvm.yml ├── ansible.cfg ├── secrets.example ├── duply │ └── b.enjam.info ├── main.yml └── tinc │ ├── example.com.pub │ ├── gen_keypairs.sh │ └── example.com.priv ├── README.md └── library └── gpg_key /roles/xchat/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /config.example/files/duply/b.enjam.info.pre: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /config.example/files/duply/b.enjam.info.post: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /headless.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: buyvm.yml 3 | -------------------------------------------------------------------------------- /roles/email/templates/mailname.j2: -------------------------------------------------------------------------------- 1 | {{ domain }} 2 | -------------------------------------------------------------------------------- /config.example/group_vars/laptops: -------------------------------------------------------------------------------- 1 | --- 2 | debian_release: sid 3 | -------------------------------------------------------------------------------- /config.example/files/postgrey/whitelist_recipients.local: -------------------------------------------------------------------------------- 1 | # nothing here 2 | -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: headless.yml 3 | - include: workstations.yml 4 | -------------------------------------------------------------------------------- /plugins/jinja2_plugins/__init__.py: -------------------------------------------------------------------------------- 1 | from .openttd import openttd 2 | from .znc import znc 3 | -------------------------------------------------------------------------------- /roles/email/files/default/postgrey: -------------------------------------------------------------------------------- 1 | POSTGREY_OPTS="--inet=10023 --delay=300 --max-age=90" 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.egg-info 2 | *.py[cod] 3 | .env 4 | hosts 5 | secrets 6 | secrets.yml 7 | config 8 | -------------------------------------------------------------------------------- /roles/tinc/files/default_args: -------------------------------------------------------------------------------- 1 | # Extra options to be passed to tincd. 2 | EXTRA=--user=tinc 3 | -------------------------------------------------------------------------------- /roles/ddclient/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart ddclient 3 | service: name=ddclient state=restarted 4 | -------------------------------------------------------------------------------- /roles/email/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: postfix.yml tags=email,postfix 3 | - include: dovecot.yml tags=email,dovecot 4 | -------------------------------------------------------------------------------- /roles/email/templates/postfix/aliases_regexp.j2: -------------------------------------------------------------------------------- 1 | # http://serverfault.com/a/480251/36311 2 | !/^owner-/ {{ primary_user }} 3 | -------------------------------------------------------------------------------- /roles/email/files/pam.d/dovecot: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | 3 | @include common-auth 4 | @include common-account 5 | @include common-session 6 | 7 | -------------------------------------------------------------------------------- /roles/email/templates/postfix/generic.j2: -------------------------------------------------------------------------------- 1 | {{ primary_user }} {{ email.send_as }}@{{ domain }} 2 | @{{ domain }} {{ email.send_as }}@{{ domain }} 3 | -------------------------------------------------------------------------------- /roles/tinc/files/nets.boot: -------------------------------------------------------------------------------- 1 | # This file contains all names of the networks to be started on system startup. 2 | # A dot refers to the default network (configured in /etc/tinc/./) 3 | . 4 | -------------------------------------------------------------------------------- /workstations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: workstations 3 | user: pipeep 4 | sudo: yes 5 | vars_files: [secrets/main.yml] 6 | 7 | roles: 8 | - xchat 9 | - tinc 10 | - gpg 11 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [**] 4 | indent_style = space 5 | indent_size = 4 6 | 7 | [{group_,host_,}vars/**] 8 | indent_size = 2 9 | 10 | [**.yml{,.example}] 11 | indent_size = 2 12 | -------------------------------------------------------------------------------- /roles/tinc/templates/tinc-up.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | {% for addr in tinc.local %} 3 | ip addr add local {{addr.address}}/{{addr.prefix}} dev $INTERFACE 4 | {% endfor %} 5 | ip link set up dev $INTERFACE 6 | -------------------------------------------------------------------------------- /config.example/host_vars/pipeep-laptop: -------------------------------------------------------------------------------- 1 | --- 2 | debian_release: sid 3 | arch: amd64 4 | tinc: 5 | local: 6 | - {address: 10.10.0.2, prefix: 16} 7 | - {address: "fec0:dead:beef:0000::2", prefix: 64} 8 | -------------------------------------------------------------------------------- /config.example/host_vars/pipeep-netbook: -------------------------------------------------------------------------------- 1 | --- 2 | debian_release: sid 3 | arch: i386 4 | tinc: 5 | local: 6 | - {address: 10.10.0.3, prefix: 16} 7 | - {address: "fec0:dead:beef:0000::3", prefix: 64} 8 | -------------------------------------------------------------------------------- /roles/tinc/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart tinc 3 | service: > 4 | name=tinc 5 | state=restarted 6 | 7 | - name: reload tinc configuration 8 | service: > 9 | name=tinc 10 | state=reloaded 11 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | from setuptools import find_packages 3 | 4 | setup(name="pipeep-ansible-playbooks", 5 | package_dir={"": "plugins"}, 6 | packages=["jinja2_plugins"], 7 | install_requires=["ansible>=1.7,<1.8"]) 8 | -------------------------------------------------------------------------------- /roles/tinc/templates/host.j2: -------------------------------------------------------------------------------- 1 | {% if item in tinc.connect_to %} 2 | Address = {{ item }} 3 | {% endif %} 4 | 5 | {% for subnet in tinc.local %} 6 | Subnet = {{ subnet.address }} 7 | {% endfor %} 8 | 9 | {{ lookup("file", "secrets/tinc/" + item + ".pub") }} 10 | -------------------------------------------------------------------------------- /buyvm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: buyvm 3 | user: pipeep 4 | sudo: yes 5 | vars_files: [secrets/main.yml] 6 | 7 | roles: 8 | - backups 9 | - ddclient 10 | - email 11 | - mutt 12 | - irc_bouncer 13 | - openttd 14 | - tinc 15 | - gpg 16 | -------------------------------------------------------------------------------- /roles/ddclient/templates/ddclient.conf.j2: -------------------------------------------------------------------------------- 1 | # Generated via Ansible 2 | {% for key, value in ddclient.iteritems() %} 3 | {% if key != "domain" and key != "password" %} 4 | {{ key }}={{ value }} 5 | {% endif %} 6 | {% endfor %} 7 | password='{{ ddclient_password }}' 8 | {{ ddclient.domain }} 9 | -------------------------------------------------------------------------------- /roles/tinc/templates/tinc.conf.j2: -------------------------------------------------------------------------------- 1 | Name = {{ inventory_hostname | replace(".", "_") | replace("-", "_") }} 2 | {% for hub in tinc.connect_to %} 3 | {% if hub != inventory_hostname %} 4 | ConnectTo = {{ hub | replace(".", "_") | replace("-", "_") }} 5 | {% endif %} 6 | {% endfor %} 7 | LocalDiscovery = yes 8 | IndirectData = yes 9 | -------------------------------------------------------------------------------- /roles/mutt/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install mutt-patched 3 | apt: pkg=mutt-patched state=present 4 | tags: mutt 5 | 6 | - name: configure mutt 7 | template: > 8 | src={{ item }}.j2 9 | dest=/etc/{{ item }} 10 | owner=root 11 | group=root 12 | mode=644 13 | with_items: 14 | - Muttrc 15 | tags: mutt 16 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | ask_sudo_pass = yes 3 | error_on_undefined_vars = yes 4 | hash_behaviour = merge 5 | hostfile = config/hosts 6 | jinja2_extensions = jinja2_plugins.openttd,jinja2_plugins.znc 7 | nocows = yes 8 | transport = ssh 9 | 10 | [ssh_connection] 11 | pipelining = yes 12 | ssh_args = -o ControlMaster=auto -o ControlPersist=60s 13 | -------------------------------------------------------------------------------- /secrets.example/duply/b.enjam.info: -------------------------------------------------------------------------------- 1 | TARGET_USER="AWS key ID" 2 | TARGET_PASS="AWS key secret" 3 | 4 | # Change the default password! 5 | GPG_KEY="disabled" 6 | GPG_PW="something super secret" 7 | 8 | # alternatively, you can use gpg public/private keys 9 | #GPG_KEYS_ENC=",,..." 10 | #GPG_KEY_SIGN="" 11 | #GPG_PW_SIGN="" 12 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-tcpwrapper.conf: -------------------------------------------------------------------------------- 1 | # 10-tcpwrapper.conf 2 | # 3 | # service name for hosts.{allow|deny} are those defined as 4 | # inet_listener in master.conf 5 | # 6 | #login_access_sockets = tcpwrap 7 | # 8 | #service tcpwrap { 9 | # unix_listener login/tcpwrap { 10 | # group = $default_login_user 11 | # mode = 0600 12 | # user = $default_login_user 13 | # } 14 | #} 15 | -------------------------------------------------------------------------------- /secrets.example/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Move this file to secrets.yml and modify it as appropriate 3 | irc_znc_password: superSecret 4 | ddclient_password: superSecret 5 | openttd_password: "" # Empty string makes the server public 6 | openttd_rcon_password: "" # Empty string disables 7 | openttd_admin_password: "" # Empty string disables 8 | email_password: superSecret # only needed with "static" authentication 9 | -------------------------------------------------------------------------------- /plugins/jinja2_plugins/znc.py: -------------------------------------------------------------------------------- 1 | from jinja2.ext import Extension 2 | from hashlib import sha256 3 | 4 | class znc(Extension): 5 | def __init__(self, environment): 6 | super(znc, self).__init__(environment) 7 | environment.globals["irc_znc_hash"] = self.__hash_pw 8 | 9 | def __hash_pw(self, pw, salt): 10 | return "sha256#%s#%s#" % (sha256(pw + salt).hexdigest()[:64], salt) 11 | -------------------------------------------------------------------------------- /roles/irc_bouncer/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: register znc init.d script 3 | command: update-rc.d znc defaults 4 | 5 | - name: restart znc service 6 | service: name=znc state=restarted 7 | 8 | - name: keep znc private key from being world-readable 9 | # The default mode is 644, which is too liberal 10 | file: > 11 | dest=/var/lib/znc/znc.pem 12 | mode=600 13 | owner=znc 14 | group=znc 15 | -------------------------------------------------------------------------------- /roles/gpg/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: install public keys 2 | gpg_key: > 3 | id="{{ item.id }}" 4 | keyserver="{{ item.keyserver }}" 5 | state=latest 6 | sudo_user: "{{ primary_user }}" 7 | with_items: gpg.public 8 | tags: gpg 9 | 10 | - name: install private keys 11 | gpg_key: > 12 | file="secrets/{{ item.file }}" 13 | state=latest 14 | sudo_user: "{{ primary_user }}" 15 | with_items: gpg.private 16 | tags: gpg 17 | -------------------------------------------------------------------------------- /roles/email/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: run postmap 3 | command: postmap /etc/postfix/generic 4 | 5 | - name: rebuild default sieve 6 | command: sievec /etc/dovecot/default.sieve 7 | 8 | - name: restart postfix 9 | service: name=postfix state=restarted enabled=yes 10 | 11 | - name: restart postgrey 12 | service: name=postgrey state=restarted enabled=yes 13 | 14 | - name: restart dovecot 15 | service: name=dovecot state=restarted enabled=yes 16 | -------------------------------------------------------------------------------- /secrets.example/tinc/example.com.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuyWR0a/WLYLD9eGPqy4 3 | /UcrdbuJmoU4Yp5xnyEpwmc9MF0t7i3CJtKqvTpH8wTpXD90YU4MQce1s8+owQdl 4 | smi9NCb24jG7Z6Rj/grFEtZos4qLcCCF9ZLMVkruReY6LG1TCb6VJRPRUnRgI801 5 | rQArCFGxDrvl3lE2eOhOSa4rK5FG7XcWRCtSRIbTuR5kzxiIWyPzSnUb0X159kuc 6 | iA7qWQNFieRaVZenu9nMsY0Xk9s+tsUdOSz/xuPriNWKjLiGkciRrmxOZmDgMfA+ 7 | WODa3ug3tCyMEc9va+FY+B+73sTymW2QFOE3uV0HrMQbkz1CSoo3FSMWDqMtMU1F 8 | lQIDAQAB 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/default.sieve: -------------------------------------------------------------------------------- 1 | require ["fileinto", "variables", "mailbox", "editheader"]; 2 | 3 | if header :matches "x-original-to" "root*" { 4 | fileinto "root"; 5 | } elsif header :matches "x-original-to" "*@*" { 6 | set "target" "${1}"; 7 | if mailboxexists "${target}" { 8 | fileinto "${target}"; 9 | if header :matches "subject" "*" { 10 | deleteheader "subject"; 11 | addheader "subject" "[${target}] ${1}"; 12 | } 13 | keep; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /roles/xchat/templates/servlist_.conf.j2: -------------------------------------------------------------------------------- 1 | #jinja2: trim_blocks: False 2 | 3 | v=2.8.8 4 | 5 | {% for network in irc.networks %} 6 | {% set nick = network.nick | default(irc.nick) -%} 7 | N={{ network.name }}{% if nick != irc.nick %} ({{ nick }}){% endif %} 8 | I={{ nick }} 9 | i={{ nick }}_ 10 | U={{ nick }}-{{ network.name }} 11 | R={{ nick }} 12 | P={{ nick }}-{{ network.name }}:{{ irc_znc_password }} 13 | F={% if irc.znc.ssl %}45{% else %}9{% endif %} 14 | D=0 15 | S={{ irc.znc.address }}/{{ irc.znc.port }} 16 | {% endfor %} 17 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/90-plugin.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Plugin settings 3 | ## 4 | 5 | # All wanted plugins must be listed in mail_plugins setting before any of the 6 | # settings take effect. See for list of plugins and 7 | # their configuration. Note that %variable expansion is done for all values. 8 | 9 | plugin { 10 | sieve_default = /etc/dovecot/default.sieve 11 | sieve_extensions = +editheader 12 | # Dovecot 2.2.9+ supports liblzma/xz, but Debian Wheezy doesn't have it 13 | zlib_save = bz2 14 | zlib_save_level = 6 15 | } 16 | -------------------------------------------------------------------------------- /config.example/files/postgrey/whitelist_clients.local: -------------------------------------------------------------------------------- 1 | # UF Email Forwarding 2 | /^(.*\.)?ufl\.edu$/ 3 | 4 | # Gmail 5 | /^.*-out-.*\.google\.com$/ 6 | 7 | # Comcast (seems to error on greylist) 8 | /^.+\.mail.comcast.net$/ 9 | comcast.net 10 | 76.96.0.0/17 11 | 12 | # Hotmail (sigh) 13 | hotmail.com 14 | 15 | # Github 16 | github.com 17 | github.net 18 | 19 | # Friends 20 | lumeh.org 21 | thomdixon.org 22 | 23 | # BTC-e 24 | btc-e.com 25 | server-1.biz 26 | 27 | # Other sites 28 | reddit.com 29 | amazon.com 30 | 31 | # mailing services 32 | amazonses.com 33 | smtp-out.amazonses.com 34 | -------------------------------------------------------------------------------- /secrets.example/tinc/gen_keypairs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | NUMBITS=2048 3 | 4 | if [ $# -eq 0 ]; then 5 | echo "USAGE: $0 example.com example2.com ..." 6 | echo "" 7 | echo " This tool generates public and private keys for tinc hosts. Run" \ 8 | "it for each host you want to use with tinc. Don't share the" \ 9 | "private keys with anyone, and don't use the example keypairs." \ 10 | | fmt -c 11 | fi 12 | 13 | for HOSTNAME in "$@"; do 14 | openssl genrsa $NUMBITS > "$HOSTNAME.priv" 15 | openssl rsa -in "$HOSTNAME.priv" -pubout > "$HOSTNAME.pub" 16 | done 17 | -------------------------------------------------------------------------------- /roles/xchat/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install xchat 3 | apt: pkg=xchat state=present 4 | tags: xchat 5 | 6 | - name: build xchat directory structure 7 | file: > 8 | dest=~{{ primary_user }}/.xchat2 9 | state=directory 10 | mode=700 11 | owner={{ primary_user }} 12 | group={{ primary_user }} 13 | tags: xchat 14 | 15 | - name: configure xchat 16 | template: > 17 | src={{ item }}.j2 18 | dest=~{{ primary_user }}/.xchat2/{{ item }} 19 | mode=600 20 | owner={{ primary_user }} 21 | group={{ primary_user }} 22 | with_items: 23 | - servlist_.conf 24 | - colors.conf 25 | - xchat.conf 26 | tags: xchat 27 | -------------------------------------------------------------------------------- /config.example/files/duply/b.enjam.info.exclude: -------------------------------------------------------------------------------- 1 | + /var/games 2 | + /var/log 3 | + /var/mail 4 | + /var/www 5 | 6 | **.deb 7 | **.egg 8 | **.egg-info 9 | **.gem 10 | **.log 11 | **.py[oc] 12 | **/__pycache__ 13 | **/cache 14 | **/npm_modules 15 | **/tmp 16 | **/.npm 17 | **/.node-gyp 18 | /aquota.* 19 | /bin 20 | /boot 21 | /dev 22 | /etc/.git 23 | /initrd.img* 24 | /lib 25 | /lib32 26 | /lib64 27 | /media 28 | /mnt 29 | /proc 30 | /run 31 | /sbin 32 | /selinux 33 | /srv 34 | /sys 35 | /tmp 36 | /usr/bin 37 | /usr/include 38 | /usr/lib 39 | /usr/lib32 40 | /usr/lib64 41 | /usr/local/bin 42 | /usr/local/include 43 | /usr/local/lib 44 | /usr/local/lib32 45 | /usr/local/lib64 46 | /usr/local/man 47 | /usr/sbin 48 | /usr/share 49 | /var 50 | /vmlinux* 51 | -------------------------------------------------------------------------------- /plugins/jinja2_plugins/openttd.py: -------------------------------------------------------------------------------- 1 | from jinja2 import contextfunction 2 | from jinja2.ext import Extension 3 | 4 | class openttd(Extension): 5 | def __init__(self, environment): 6 | super(openttd, self).__init__(environment) 7 | environment.globals["openttd_auto"] = self.__auto 8 | 9 | @contextfunction 10 | def __auto(self, context, key): 11 | """ 12 | Shorthand for creating a ``key = value`` entry in an openttd config. 13 | """ 14 | 15 | config_key = context["openttd"]["config"] 16 | config = context["openttd"]["config_def"][config_key] 17 | value = config[key] 18 | 19 | if isinstance(value, bool): 20 | value = "true" if value else "false" 21 | return "%s = %s" % (key, value) 22 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/90-acl.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Mailbox access control lists. 3 | ## 4 | 5 | # vfile backend reads ACLs from "dovecot-acl" file from mail directory. 6 | # You can also optionally give a global ACL directory path where ACLs are 7 | # applied to all users' mailboxes. The global ACL directory contains 8 | # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter 9 | # specifies how many seconds to wait between stat()ing dovecot-acl file 10 | # to see if it changed. 11 | plugin { 12 | #acl = vfile:/etc/dovecot/global-acls:cache_secs=300 13 | } 14 | 15 | # To let users LIST mailboxes shared by other users, Dovecot needs a 16 | # shared mailbox dictionary. For example: 17 | plugin { 18 | #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes 19 | } 20 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/auth-system.conf.ext: -------------------------------------------------------------------------------- 1 | # Authentication for system users. Included from auth.conf. 2 | # 3 | # 4 | # 5 | 6 | # PAM authentication. Preferred nowadays by most systems. 7 | # PAM is typically used with either userdb passwd or userdb static. 8 | # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM 9 | # authentication to actually work. 10 | passdb { 11 | driver = pam 12 | args = dovecot 13 | } 14 | 15 | ## User databases 16 | 17 | # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this 18 | # uses Name Service Switch, which is configured in /etc/nsswitch.conf. 19 | userdb { 20 | # 21 | driver = passwd 22 | } 23 | -------------------------------------------------------------------------------- /config.example/host_vars/b.enjam.info: -------------------------------------------------------------------------------- 1 | --- 2 | domain: b.enjam.info 3 | secondary_domains: 4 | - enjam.info 5 | - mail.b.enjam.info 6 | - benjam.info.tm 7 | debian_release: wheezy 8 | arch: amd64 9 | tinc: 10 | local: 11 | - {address: 10.10.0.1, prefix: 16} 12 | - {address: "fec0:dead:beef:0000::1", prefix: 64} 13 | openttd: 14 | server_name: pipeepTTD 15 | version: 1.4.1 # https://secure.openttd.org/www/en/download-stable 16 | opengfx_version: 0.5.0 17 | currency: USD # https://secure.openttd.org/wiki/Currency 18 | language: ENGLISH 19 | units: imperial 20 | config: casual 21 | ddclient: 22 | daemon: 3600 # We have a static IP, so it shouldn't really change 23 | protocol: freedns 24 | syslog: "yes" 25 | use: web 26 | login: pipeep 27 | domain: benjam.info.tm 28 | email: 29 | server: yes 30 | client: yes 31 | -------------------------------------------------------------------------------- /roles/email/templates/dovecot/conf.d/auth-static.conf.ext.j2: -------------------------------------------------------------------------------- 1 | # Static passdb. Included from auth.conf. 2 | 3 | # This can be used for situations where Dovecot doesn't need to verify the 4 | # username or the password, or if there is a single password for all users: 5 | # 6 | # - proxy frontend, where the backend verifies the password 7 | # - proxy backend, where the frontend already verified the password 8 | # - authentication with SSL certificates 9 | # - simple testing 10 | 11 | #passdb { 12 | # driver = static 13 | # args = proxy=y host=%1Mu.example.com nopassword=y 14 | #} 15 | 16 | passdb { 17 | driver = static 18 | args = password={{ email_password }} 19 | } 20 | 21 | userdb { 22 | driver = passwd 23 | } 24 | 25 | #userdb { 26 | # driver = static 27 | # args = uid=1000 gid=1000 home=/home/%n 28 | # #args = allow_all_users=yes 29 | #} 30 | -------------------------------------------------------------------------------- /roles/ddclient/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use ddclient to setup a free (or cheap) subdomain with a dynamic dns provider 3 | - name: install ddclient 4 | apt: pkg=ddclient default_release=unstable state=present 5 | tags: ddclient 6 | 7 | - name: install libdigest-sha-perl for ddclient (needed for freedns) 8 | apt: pkg=libdigest-sha-perl state=present 9 | tags: ddclient 10 | 11 | # ddclient on debian is missing a patch for freedns 12 | # http://sourceforge.net/p/ddclient/discussion/399428/thread/9742ac09/ 13 | - name: install cpanminus for Digest::SHA1 (due to ddclient bug) 14 | apt: pkg=cpanminus state=present 15 | tags: ddclient 16 | 17 | - name: install Digest::SHA1 (due to ddclient bug) 18 | cpanm: name=Digest::SHA1 19 | tags: ddclient 20 | 21 | - name: configure ddclient 22 | template: > 23 | src=ddclient.conf.j2 24 | dest=/etc/ddclient.conf 25 | owner=root 26 | group=root 27 | mode=600 28 | notify: restart ddclient 29 | tags: ddclient 30 | -------------------------------------------------------------------------------- /roles/email/tasks/dovecot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install dovecot 3 | apt: pkg={{ item }} state=present 4 | with_items: 5 | - dovecot-core 6 | - dovecot-imapd 7 | - dovecot-sieve 8 | 9 | - name: configure dovecot 10 | action: > 11 | {{ item.action }} 12 | src={{ item.file }}{% if item.action == "template" %}.j2{% endif %} 13 | dest=/etc/{{ item.file }} 14 | owner=root 15 | group=root 16 | mode=644 17 | with_items: 18 | - {file: pam.d/dovecot, action: copy} 19 | - {file: dovecot/conf.d/10-auth.conf, action: template} 20 | - {file: dovecot/conf.d/10-logging.conf, action: copy} 21 | - {file: dovecot/conf.d/10-mail.conf, action: copy} 22 | - {file: dovecot/conf.d/10-master.conf, action: copy} 23 | - {file: dovecot/conf.d/10-ssl.conf, action: copy} 24 | - {file: dovecot/conf.d/15-lda.conf, action: template} 25 | - {file: dovecot/conf.d/90-plugin.conf, action: copy} 26 | - {file: dovecot/conf.d/auth-system.conf.ext, action: copy} 27 | - {file: dovecot/conf.d/auth-static.conf.ext, action: template} 28 | - {file: dovecot/default.sieve, action: copy} 29 | notify: 30 | - restart dovecot 31 | - rebuild default sieve 32 | -------------------------------------------------------------------------------- /roles/xchat/templates/colors.conf.j2: -------------------------------------------------------------------------------- 1 | color_0 = cccc cccc cccc 2 | color_1 = 0000 0000 0000 3 | color_2 = 7c7c 7c7c c2c2 4 | color_3 = 2a3d 8ccc 2a3d 5 | color_4 = c3c3 3b3b 3b3b 6 | color_5 = c7c7 3232 3232 7 | color_6 = 8000 2666 7fff 8 | color_7 = 6666 3636 1f1f 9 | color_8 = d999 a6d3 4147 10 | color_9 = 3d70 cccc 3d70 11 | color_10 = 199a 5555 5555 12 | color_11 = 2eef 8ccc 74df 13 | color_12 = 8181 8181 e0e0 14 | color_13 = b0b0 3737 b0b0 15 | color_14 = 6666 6666 6666 16 | color_15 = 3a3a 3a3a 3a3a 17 | color_16 = cccc cccc cccc 18 | color_17 = 0000 0000 0000 19 | color_18 = 7c7c 7c7c c2c2 20 | color_19 = 2a3d 8ccc 2a3d 21 | color_20 = c3c3 3b3b 3b3b 22 | color_21 = c7c7 3232 3232 23 | color_22 = 8000 2666 7fff 24 | color_23 = 6666 3636 1f1f 25 | color_24 = d999 a6d3 4147 26 | color_25 = 3d70 cccc 3d70 27 | color_26 = 199a 5555 5555 28 | color_27 = 2eef 8ccc 74df 29 | color_28 = 8181 8181 e0e0 30 | color_29 = b0b0 3737 b0b0 31 | color_30 = 6666 6666 6666 32 | color_31 = 3a3a 3a3a 3a3a 33 | color_256 = ffff ffff ffff 34 | color_257 = 3535 6e6e c1c1 35 | color_258 = dad6 dad6 dad6 36 | color_259 = 0000 0000 0000 37 | color_260 = cccc 1010 1010 38 | color_261 = 9999 0000 0000 39 | color_262 = 0000 0000 ffff 40 | color_263 = ffff 0000 0000 41 | color_264 = 9595 9595 9595 42 | -------------------------------------------------------------------------------- /config.example/files/duply/b.enjam.info.conf: -------------------------------------------------------------------------------- 1 | # Duply includes lots of comments in the example files. I've deleted them. You 2 | # can look up the original example files, or just look at the duplicity man page 3 | # to figure things out, which seems better that duply's comments IMO. 4 | 5 | # Load non-public passwords and secret keys (don't write them in here!) 6 | . /etc/duply/secrets # From ansible: secrets/duply/{{inventory_hostname}} 7 | 8 | # base directory to backup (also see the exclude file) 9 | SOURCE='/' 10 | DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present .duplicity-ignore " 11 | 12 | GPG_OPTS='--compress-algo=bzip2 --bzip2-compress-level=6' 13 | #GPG_TEST='disabled' 14 | 15 | #TARGET='scheme://user[:password]@host[:port]/[/]path' 16 | TARGET='s3+http://backups.pipeep/buyvm' 17 | 18 | MAX_AGE=1M 19 | MAX_FULL_BACKUPS=2 20 | MAX_FULLBKP_AGE=1M 21 | DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " 22 | VOLSIZE=100 23 | DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE " 24 | VERBOSITY=notice 25 | ARCH_DIR=/var/lib/duply/cache 26 | 27 | DUPL_PARAMS="$DUPL_PARAMS --s3-use-new-style --s3-use-rrs " 28 | 29 | # more duplicity command line options can be added in the following way 30 | # don't forget to leave a separating space char at the end 31 | #DUPL_PARAMS="$DUPL_PARAMS --put_your_options_here " 32 | -------------------------------------------------------------------------------- /roles/email/tasks/postfix.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: uninstall exim4 3 | apt: pkg={{ item }} state=absent purge=yes 4 | with_items: 5 | - exim4 6 | - exim4-base 7 | - exim4-config 8 | - exim4-daemon-light 9 | 10 | - name: install postfix 11 | apt: pkg={{ item }} state=present 12 | with_items: 13 | - postfix 14 | - postgrey 15 | 16 | - name: configure postfix 17 | action: > 18 | {{ item.action }} 19 | src={{ item.file }}{% if item.action == "template" %}.j2{% endif %} 20 | dest=/etc/{{ item.file }} 21 | owner=root 22 | group=root 23 | mode=644 24 | with_items: 25 | - {file: postfix/aliases_regexp, action: template} 26 | - {file: default/postgrey, action: copy} 27 | - {file: mailname, action: template} 28 | - {file: postfix/generic, action: template} 29 | - {file: postfix/main.cf, action: template} 30 | - {file: postfix/master.cf, action: copy} 31 | notify: 32 | - run postmap 33 | - restart postfix 34 | - restart postgrey 35 | 36 | - name: configure postgrey whitelist 37 | copy: 38 | src=config/files/postgrey/whitelist_{{ item }}.local 39 | dest=/etc/postgrey/whitelist_{{ item }}.local 40 | owner=root 41 | group=root 42 | mode=644 43 | with_items: 44 | - clients 45 | - recipients 46 | notify: 47 | - restart postgrey 48 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/15-mailboxes.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Mailbox definitions 3 | ## 4 | 5 | # NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. 6 | namespace inbox { 7 | 8 | #mailbox name { 9 | # auto=create will automatically create this mailbox. 10 | # auto=subscribe will both create and subscribe to the mailbox. 11 | #auto = no 12 | 13 | # Space separated list of IMAP SPECIAL-USE attributes as specified by 14 | # RFC 6154: \All \Archive \Drafts \Flagged \Junk \Sent \Trash 15 | #special_use = 16 | #} 17 | 18 | # These mailboxes are widely used and could perhaps be created automatically: 19 | mailbox Drafts { 20 | special_use = \Drafts 21 | } 22 | mailbox Junk { 23 | special_use = \Junk 24 | } 25 | mailbox Trash { 26 | special_use = \Trash 27 | } 28 | 29 | # For \Sent mailboxes there are two widely used names. We'll mark both of 30 | # them as \Sent. User typically deletes one of them if duplicates are created. 31 | mailbox Sent { 32 | special_use = \Sent 33 | } 34 | mailbox "Sent Messages" { 35 | special_use = \Sent 36 | } 37 | 38 | # If you have a virtual "All messages" mailbox: 39 | #mailbox virtual/All { 40 | # special_use = \All 41 | #} 42 | 43 | # If you have a virtual "Flagged" mailbox: 44 | #mailbox virtual/Flagged { 45 | # special_use = \Flagged 46 | #} 47 | } 48 | -------------------------------------------------------------------------------- /roles/backups/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: installing duply and duplicity 3 | apt: pkg=duply state=present 4 | tags: backups 5 | 6 | - name: installing duplicity backends 7 | apt: pkg={{ item }} state=present 8 | with_items: duplicity.backends 9 | tags: backups 10 | 11 | - name: create duply configuration folder 12 | file: path=/etc/duply state=directory 13 | tags: backups 14 | 15 | - name: installing configuration files 16 | copy: > 17 | src={{ item.src }} dest={{ item.dest }} 18 | mode={{ item.mode }} 19 | owner=root group=root 20 | with_items: 21 | - src: config/files/duply/{{ inventory_hostname }}.conf 22 | dest: /etc/duply/conf 23 | mode: "644" 24 | - src: config/files/duply/{{ inventory_hostname }}.pre 25 | dest: /etc/duply/pre 26 | mode: "644" 27 | - src: config/files/duply/{{ inventory_hostname }}.post 28 | dest: /etc/duply/post 29 | mode: "644" 30 | - src: config/files/duply/{{ inventory_hostname }}.exclude 31 | dest: /etc/duply/exclude 32 | mode: "644" 33 | - src: secrets/duply/{{ inventory_hostname }} 34 | dest: /etc/duply/secrets 35 | mode: "600" 36 | tags: backups 37 | 38 | - name: setup backup cron job 39 | cron: > 40 | name="run a backup with duply" 41 | cron_file=duply 42 | special_time=hourly 43 | user=root 44 | job="ionice -t -c idle nice -n 17 45 | duply /etc/duply cleanup_backup_purge-full_purge --force > /dev/null" 46 | tags: backups 47 | -------------------------------------------------------------------------------- /roles/irc_bouncer/templates/znc.conf.j2: -------------------------------------------------------------------------------- 1 | #jinja2: trim_blocks: False 2 | // Do NOT edit this file while ZNC is running! 3 | // Use ansible to re-deploy 4 | // 5 | // http://en.znc.in/wiki/Configuration 6 | 7 | Listener = 6667 8 | Listener = +6697 9 | PidFile = /var/run/znc/znc.pid 10 | {{ irc.znc.extra | default("") }} 11 | 12 | {% for network in irc.networks %} 13 | {% set nick = network.nick | default(irc.nick) -%} 14 | 15 | Pass = {{ irc_znc_hash(irc_znc_password, irc.znc.salt) }} 16 | Admin = true 17 | Nick = {{ nick }} 18 | AltNick = {{ nick }}_ 19 | Ident = {{ nick }} 20 | RealName = {{ nick }} 21 | Buffer = 1000 22 | KeepBuffer = false 23 | ChanModes = +stn 24 | QuitMsg = {{ irc.quitmsg }} 25 | 26 | LoadModule = nickserv 27 | LoadModule = simple_away 28 | 29 | {% for s in network.servers %} 30 | {% if s.ssl -%} 31 | {% set port = s.port | default(6697) -%} 32 | {% else -%} 33 | {% set port = s.port | default(6667) -%} 34 | {%- endif %} 35 | Server = {{ s.address }} {% if s.ssl %}+{% endif %}{{ port }} 36 | {% endfor %} 37 | 38 | {% if network.force_ipv4 | default(False) %} 39 | BindHost = 0.0.0.0 40 | {% endif %} 41 | 42 | {% for channel in network.channels | default([]) %} 43 | 44 | 45 | {% endfor %} 46 | 47 | {{ network.znc_extra | default("") }} 48 | 49 | {% endfor %} 50 | -------------------------------------------------------------------------------- /config.example/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | domain: localhost 3 | debian_release: wheezy 4 | arch: amd64 5 | primary_user: pipeep 6 | tinc: 7 | # Central nodes 8 | connect_to: 9 | - b.enjam.info 10 | # All nodes on the network 11 | hosts: 12 | - b.enjam.info 13 | - pipeep-laptop 14 | - pipeep-netbook 15 | irc: 16 | nick: changetheconfig 17 | quitmsg: Bye! 18 | znc: 19 | address: b.enjam.info 20 | port: 6697 21 | ssl: yes 22 | salt: "0OlNhr46Y4wXEV0M" # Changing this will cause ZNC to be restarted 23 | networks: 24 | - name: freenode 25 | servers: 26 | - { address: chat.freenode.net, ssl: yes } 27 | channels: 28 | - "##math" 29 | - "##security" 30 | - name: Foonetic 31 | servers: 32 | - { address: irc.foonetic.net, ssl: yes } 33 | channels: 34 | - "#xkcd" 35 | - "#xkcd-compsci" 36 | duplicity: 37 | backends: 38 | - python-paramiko 39 | - python-boto 40 | email: 41 | password_db: static # Alternatively, "pam" is supported for system users 42 | send_as: me # username to send email from (eg. me@b.enjam.info) 43 | # Optional manual binds 44 | ipv4_bind: 198.98.49.103 45 | ipv6_bind: 2605:6400:10:a15d:feed:face:dead:beef 46 | inet_protocols: all # Valid options: `all`, `ipv4`, `ipv6`, `ipv4, ipv6` 47 | gpg: 48 | public: # fetch these from keyservers 49 | - email: me@b.enjam.info 50 | id: 3F4B 2B30 E887 36F4 5B3A 2C0C 2213 A73C 4E25 69F1 51 | keyserver: pgp.mit.edu 52 | private: [] # load these from /secrets/ 53 | -------------------------------------------------------------------------------- /roles/irc_bouncer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # http://wiki.znc.in/Running_ZNC_as_a_system_daemon 3 | - name: install znc 4 | apt: pkg=znc state=present 5 | tags: irc_bouncer 6 | 7 | - name: create znc user 8 | user: > 9 | user=znc 10 | comment="ZNC IRC Bouncer Service" 11 | system=yes 12 | home=/var/lib/znc 13 | createhome=yes 14 | tags: irc_bouncer 15 | 16 | - name: install znc init.d script 17 | copy: > 18 | src=initd_znc 19 | dest=/etc/init.d/znc 20 | mode=755 21 | owner=root 22 | group=root 23 | notify: 24 | - register znc init.d script 25 | - restart znc service 26 | tags: irc_bouncer 27 | 28 | - name: generate znc directory structure 29 | file: > 30 | dest=/var/lib/znc/{{item}} 31 | mode=700 32 | owner=znc 33 | group=znc 34 | state=directory 35 | with_items: 36 | - configs 37 | - modules 38 | tags: irc_bouncer 39 | 40 | - name: configure znc 41 | template: > 42 | src=znc.conf.j2 43 | dest=/var/lib/znc/configs/znc.conf 44 | mode=600 45 | owner=znc 46 | group=znc 47 | notify: 48 | - restart znc service 49 | tags: irc_bouncer 50 | 51 | - name: link znc configuration to /etc 52 | file: > 53 | src=/var/lib/znc/configs 54 | dest=/etc/znc 55 | state=link 56 | tags: irc_bouncer 57 | 58 | - name: generate znc pem file (for ssl) 59 | command: > 60 | sudo -u znc znc --datadir=/var/lib/znc --makepem 61 | creates=/var/lib/znc/znc.pem 62 | notify: 63 | - keep znc private key from being world-readable 64 | - restart znc service 65 | tags: irc_bouncer 66 | -------------------------------------------------------------------------------- /secrets.example/tinc/example.com.priv: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAvuyWR0a/WLYLD9eGPqy4/UcrdbuJmoU4Yp5xnyEpwmc9MF0t 3 | 7i3CJtKqvTpH8wTpXD90YU4MQce1s8+owQdlsmi9NCb24jG7Z6Rj/grFEtZos4qL 4 | cCCF9ZLMVkruReY6LG1TCb6VJRPRUnRgI801rQArCFGxDrvl3lE2eOhOSa4rK5FG 5 | 7XcWRCtSRIbTuR5kzxiIWyPzSnUb0X159kuciA7qWQNFieRaVZenu9nMsY0Xk9s+ 6 | tsUdOSz/xuPriNWKjLiGkciRrmxOZmDgMfA+WODa3ug3tCyMEc9va+FY+B+73sTy 7 | mW2QFOE3uV0HrMQbkz1CSoo3FSMWDqMtMU1FlQIDAQABAoIBAGZ2ymAOU/rkGCO0 8 | Y1OXluA3JdfVgg/vl0c2CXyBa8vtZCVknJXK8Pus6/0KHjsKU8MyOt9N574V1Cpg 9 | NA0ET0vkckZe8viKAC2rSA668PEfKKnSnOrcSYh19DwLkrzoxie5tGryYVC4xgoe 10 | cspEA56JDI82aHOj28Xoh/dzlTBs31PYYRX5DY0x+iYqGWOV1oYvwt1qaPKWPEvm 11 | pr+4dGuawi5AgwdNbOjGkwywb7qm5sCJnXdHLpShu1tyfgsUKJ/qVXlvienDzW+x 12 | l4Zz9bZj38J+37IWHqFNWwGrllaKzOXIHzXHYTcmNq8VnJwuEDvMn4lPgLGlAk5R 13 | /bNa2QECgYEA4xEuY/kAtH22BiQxL8SiuKrrbKSuGMYeAfEgXKX4vqGmGI0CbljB 14 | OYemBS/ECoIGQ7Op5bEue+V1h7fmFnLpsG1lHh4jqCA2dnc3KIY/qMSBwT8w1iCA 15 | H12Hqr2k1qkPGNM/wF6K00/vDcXQy6hcE7wl/GQ7GunJxcmRobmkjxECgYEA10Bw 16 | xGWr5aVFhqUBaqzlsMUwgccxEabYqrQPTWwLzF94wtMsw6/WnWWLaq7Deqi1mo3i 17 | dpDscebMddZZ6MjPq/ndFA0+HYO+8oxT6NCcNAfEomJw8DMeOe75cv5eVunTu/3U 18 | Srrwi3X2sTwn98LDiHtRL44Zs0NTlBTTCWezVkUCgYBkfLcGAS1Bsxx57UxjMmc8 19 | yE81nk95oTuoaliDB+RkIM+Lr+Oyh87DMffT9caRS+eP0JPQla/Xnr17mXPW3XXz 20 | 4QXN5VKsVc0kci/T3E2R150As4FeUbXBq7edZR3s7ZZDy0E8VdqkF4zYkIGNj21o 21 | QmyhHI5Xo7zqrgCoDKr5sQKBgGgKeLclIYIdcU6UYOvr6BWaKkkAO6J5j85qu97D 22 | M6y0FM2ufruTOVvYohuNn2ShOS4cGHMQt4iScw8d7VVMArzwR8CSagygCmJ4G3Kz 23 | qlynyI5ooIgpXRnJfX7snjLKUJJULRF17CCsgvHFzte9pv9IA8TFnXx9NV+k9SBd 24 | pFw1AoGBANq2y6CPm5aP9XQuSkiUrp26uqglC3ixx9FW+9GYtnKdIegM10d9d7GU 25 | hvo/WlxJXGPtl7xju77HumehoNcNUu01wC9t+vBV7pmraDNUxBAZ0DaokHcVDIhz 26 | VZgVUtczH/k3p5/kKPGQOhpVOFXYsX2p78nnz8uYW5lbyjlhykFH 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /roles/email/templates/dovecot/conf.d/15-lda.conf.j2: -------------------------------------------------------------------------------- 1 | ## 2 | ## LDA specific settings (also used by LMTP) 3 | ## 4 | 5 | # Address to use when sending rejection mails. 6 | # Default is postmaster@. 7 | postmaster_address = postmaster@{{ domain }} 8 | 9 | # Hostname to use in various parts of sent mails, eg. in Message-Id. 10 | # Default is the system's real hostname. 11 | hostname = {{ domain }} 12 | 13 | # If user is over quota, return with temporary failure instead of 14 | # bouncing the mail. 15 | #quota_full_tempfail = no 16 | 17 | # Binary to use for sending mails. 18 | #sendmail_path = /usr/sbin/sendmail 19 | 20 | # If non-empty, send mails via this SMTP host[:port] instead of sendmail. 21 | #submission_host = 22 | 23 | # Subject: header to use for rejection mails. You can use the same variables 24 | # as for rejection_reason below. 25 | #rejection_subject = Rejected: %s 26 | 27 | # Human readable error message for rejection mails. You can use variables: 28 | # %n = CRLF, %r = reason, %s = original subject, %t = recipient 29 | #rejection_reason = Your message to <%t> was automatically rejected:%n%r 30 | 31 | # Delimiter character between local-part and detail in email address. 32 | #recipient_delimiter = + 33 | 34 | # Header where the original recipient address (SMTP's RCPT TO: address) is taken 35 | # from if not available elsewhere. With dovecot-lda -a parameter overrides this. 36 | # A commonly used header for this is X-Original-To. 37 | #lda_original_recipient_header = 38 | 39 | # Should saving a mail to a nonexistent mailbox automatically create it? 40 | lda_mailbox_autocreate = yes 41 | 42 | # Should automatically created mailboxes be also automatically subscribed? 43 | #lda_mailbox_autosubscribe = no 44 | 45 | protocol lda { 46 | # Space separated list of plugins to load (default is global mail_plugins). 47 | mail_plugins = $mail_plugins sieve 48 | } 49 | -------------------------------------------------------------------------------- /roles/openttd/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | openttd: 3 | server_name: Magical Rainbows 4 | version: 1.3.2 # https://secure.openttd.org/www/en/download-stable 5 | opengfx_version: 0.4.7 6 | currency: USD # https://secure.openttd.org/wiki/Currency 7 | language: ALL 8 | units: imperial # alternatively, metric 9 | config: casual 10 | config_def: 11 | casual: 12 | # [difficulty] 13 | disasters: no 14 | initial_interest: 2 # 2% interest 15 | max_loan: 400000 # in British Pounds 16 | number_towns: 3 # high 17 | quantity_sea_lakes: 0 # very low 18 | terrain_type: 1 # flat 19 | town_council_tolerance: 0 # permissive 20 | vehicle_breakdowns: 1 # reduced 21 | vehicle_costs: 0 # low maintenance 22 | # [game_creation] 23 | map_x: 7 24 | map_y: 7 25 | starting_year: 1980 26 | # [economy] 27 | dist_local_authority: 5 28 | found_town: 1 # allow 29 | larger_towns: 4 # 1/4 of towns become cities 30 | town_growth_rate: 3 # fast 31 | normal: 32 | # [difficulty] 33 | disasters: yes 34 | initial_interest: 3 # 3% interest 35 | max_loan: 200000 # in British Pounds 36 | number_towns: 2 # normal 37 | quantity_sea_lakes: 1 # low 38 | terrain_type: 2 # hilly 39 | town_council_tolerance: 0 # tolerant 40 | vehicle_breakdowns: 2 # normal 41 | vehicle_costs: 1 # medium maintenance 42 | # [game_creation] 43 | map_x: 9 44 | map_y: 9 45 | starting_year: 1950 46 | # [economy] 47 | dist_local_authority: 20 48 | found_town: 0 # disallow 49 | larger_towns: 10 # 1/10 of towns become cities 50 | town_growth_rate: 2 # normal 51 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-director.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Director-specific settings. 3 | ## 4 | 5 | # Director can be used by Dovecot proxy to keep a temporary user -> mail server 6 | # mapping. As long as user has simultaneous connections, the user is always 7 | # redirected to the same server. Each proxy server is running its own director 8 | # process, and the directors are communicating the state to each others. 9 | # Directors are mainly useful with NFS-like setups. 10 | 11 | # List of IPs or hostnames to all director servers, including ourself. 12 | # Ports can be specified as ip:port. The default port is the same as 13 | # what director service's inet_listener is using. 14 | #director_servers = 15 | 16 | # List of IPs or hostnames to all backend mail servers. Ranges are allowed 17 | # too, like 10.0.0.10-10.0.0.30. 18 | #director_mail_servers = 19 | 20 | # How long to redirect users to a specific server after it no longer has 21 | # any connections. 22 | #director_user_expire = 15 min 23 | 24 | # TCP/IP port that accepts doveadm connections (instead of director connections) 25 | # If you enable this, you'll also need to add inet_listener for the port. 26 | #director_doveadm_port = 0 27 | 28 | # To enable director service, uncomment the modes and assign a port. 29 | service director { 30 | unix_listener login/director { 31 | #mode = 0666 32 | } 33 | fifo_listener login/proxy-notify { 34 | #mode = 0666 35 | } 36 | unix_listener director-userdb { 37 | #mode = 0600 38 | } 39 | inet_listener { 40 | #port = 41 | } 42 | } 43 | 44 | # Enable director for the wanted login services by telling them to 45 | # connect to director socket instead of the default login socket: 46 | service imap-login { 47 | #executable = imap-login director 48 | } 49 | service pop3-login { 50 | #executable = pop3-login director 51 | } 52 | 53 | # Enable director for LMTP proxying: 54 | protocol lmtp { 55 | #auth_socket_path = director-userdb 56 | } 57 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-ssl.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## SSL settings 3 | ## 4 | 5 | # SSL/TLS support: yes, no, required. 6 | ssl = required 7 | 8 | # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before 9 | # dropping root privileges, so keep the key file unreadable by anyone but 10 | # root. Included doc/mkcert.sh can be used to easily generate self-signed 11 | # certificate, just make sure to update the domains in dovecot-openssl.cnf 12 | #ssl_cert = 28 | - **Email**: A single-user mailserver using postfix and dovecot 29 | - **Mutt**: *(in develoment)* Command-line email access 30 | - **IRC Bouncer**: A simple IRC bouncer using ZNC, making IRC across multiple 31 | machines easy 32 | - **XChat**: A configuration for XChat that connects through ZNC 33 | - **Tinc**: A mesh-routing VPN 34 | - **OpenTTD**: Dedicated server for the game, set up with init.d and stuff 35 | 36 | Installation 37 | ------------ 38 | 39 | Installing isn't... too... bad? 40 | 41 | ```sh 42 | sudo aptitude install python-pip python-dev 43 | sudo pip install virtualenv 44 | virtualenv .env 45 | .env/bin/pip install -e . 46 | cp -r config.example config # Modify as appropriate 47 | cp -r secrets.example secrets # Modify as appropriate 48 | .env/bin/ansible-playbook site.yml 49 | ``` 50 | 51 | If you only want to install specific roles, pass the desired tags, such as 52 | `-t ddclient`. If you only want to configure a specific machine or group of 53 | machines, you can pass something like `-l workstations` depending on the hosts 54 | file. 55 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/90-quota.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Quota configuration. 3 | ## 4 | 5 | # Note that you also have to enable quota plugin in mail_plugins setting. 6 | # 7 | 8 | ## 9 | ## Quota limits 10 | ## 11 | 12 | # Quota limits are set using "quota_rule" parameters. To get per-user quota 13 | # limits, you can set/override them by returning "quota_rule" extra field 14 | # from userdb. It's also possible to give mailbox-specific limits, for example 15 | # to give additional 100 MB when saving to Trash: 16 | 17 | plugin { 18 | #quota_rule = *:storage=1G 19 | #quota_rule2 = Trash:storage=+100M 20 | } 21 | 22 | ## 23 | ## Quota warnings 24 | ## 25 | 26 | # You can execute a given command when user exceeds a specified quota limit. 27 | # Each quota root has separate limits. Only the command for the first 28 | # exceeded limit is excecuted, so put the highest limit first. 29 | # The commands are executed via script service by connecting to the named 30 | # UNIX socket (quota-warning below). 31 | # Note that % needs to be escaped as %%, otherwise "% " expands to empty. 32 | 33 | plugin { 34 | #quota_warning = storage=95%% quota-warning 95 %u 35 | #quota_warning2 = storage=80%% quota-warning 80 %u 36 | } 37 | 38 | # Example quota-warning service. The unix listener's permissions should be 39 | # set in a way that mail processes can connect to it. Below example assumes 40 | # that mail processes run as vmail user. If you use mode=0666, all system users 41 | # can generate quota warnings to anyone. 42 | #service quota-warning { 43 | # executable = script /usr/local/bin/quota-warning.sh 44 | # user = dovecot 45 | # unix_listener quota-warning { 46 | # user = vmail 47 | # } 48 | #} 49 | 50 | ## 51 | ## Quota backends 52 | ## 53 | 54 | # Multiple backends are supported: 55 | # dirsize: Find and sum all the files found from mail directory. 56 | # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O. 57 | # dict: Keep quota stored in dictionary (eg. SQL) 58 | # maildir: Maildir++ quota 59 | # fs: Read-only support for filesystem quota 60 | 61 | plugin { 62 | #quota = dirsize:User quota 63 | #quota = maildir:User quota 64 | #quota = dict:User quota::proxy::quota 65 | #quota = fs:User quota 66 | } 67 | 68 | # Multiple quota roots are also possible, for example this gives each user 69 | # their own 100MB quota and one shared 1GB quota within the domain: 70 | plugin { 71 | #quota = dict:user::proxy::quota 72 | #quota2 = dict:domain:%d:proxy::quota_domain 73 | #quota_rule = *:storage=102400 74 | #quota2_rule = *:storage=1048576 75 | } 76 | -------------------------------------------------------------------------------- /roles/tinc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install tinc 3 | apt: package=tinc state=present 4 | tags: tinc 5 | 6 | # Debian configures tinc to run as root by default. Unacceptable! 7 | - name: create tinc user 8 | user: > 9 | name=tinc 10 | system=yes 11 | createhome=no 12 | state=present 13 | tags: tinc 14 | 15 | - name: configure default tincd arguments 16 | copy: > 17 | src=default_args 18 | dest=/etc/default/tinc 19 | mode=644 20 | owner=root 21 | group=root 22 | notify: 23 | - restart tinc 24 | tags: tinc 25 | 26 | # Debian's default init.d script for tinc has a broken nets.boot parser 27 | - name: install modified init.d script 28 | copy: > 29 | src=init_d_tinc 30 | dest=/etc/init.d/tinc 31 | mode=755 32 | owner=root 33 | group=root 34 | notify: 35 | - restart tinc 36 | tags: tinc 37 | 38 | - name: configure tinc 39 | template: > 40 | src={{ item.name }}.j2 41 | dest=/etc/tinc/{{ item.name }} 42 | mode={{ item.mode }} 43 | owner=tinc 44 | group=tinc 45 | with_items: 46 | - {name: tinc.conf, mode: 644} 47 | - {name: tinc-up, mode: 755} 48 | notify: 49 | - reload tinc configuration 50 | tags: tinc 51 | 52 | - name: configure default tinc networks 53 | copy: > 54 | src=nets.boot 55 | dest=/etc/tinc/nets.boot 56 | mode=644 57 | owner=root 58 | group=root 59 | notify: 60 | - restart tinc 61 | tags: tinc 62 | 63 | - name: create tinc hosts directory 64 | file: > 65 | dest=/etc/tinc/hosts 66 | mode=755 67 | owner=tinc 68 | group=tinc 69 | state=directory 70 | notify: 71 | - reload tinc configuration 72 | tags: tinc 73 | 74 | - name: generate host files 75 | template: > 76 | src=host.j2 77 | dest=/etc/tinc/hosts/{{ item | replace(".", "_") | replace("-", "_") }} 78 | mode=644 79 | owner=tinc 80 | group=tinc 81 | with_items: tinc.hosts 82 | notify: 83 | - reload tinc configuration 84 | tags: tinc 85 | 86 | - name: install localhost's keys 87 | copy: > 88 | src=secrets/tinc/{{ inventory_hostname }}.{{ item.extension }} 89 | dest=/etc/tinc/rsa_key.{{ item.extension }} 90 | mode={{ item.mode }} 91 | owner=tinc 92 | group=tinc 93 | with_items: 94 | - {extension: pub, mode: 644} 95 | - {extension: priv, mode: 600} 96 | notify: 97 | - reload tinc configuration 98 | tags: tinc 99 | 100 | - name: enable tinc 101 | service: > 102 | name=tinc 103 | enabled=yes 104 | notify: 105 | - restart tinc 106 | tags: tinc 107 | -------------------------------------------------------------------------------- /roles/tinc/files/init_d_tinc: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | ### BEGIN INIT INFO 4 | # Provides: tinc 5 | # Required-Start: $remote_fs $network 6 | # Required-Stop: $remote_fs $network 7 | # Should-Start: $syslog $named 8 | # Should-Stop: $syslog 9 | # Default-Start: 2 3 4 5 10 | # Default-Stop: 0 1 6 11 | # Short-Description: Start tinc daemons 12 | # Description: Create a file $NETSFILE (/etc/tinc/nets.boot), 13 | # and put all the names of the networks in there. 14 | # These names must be valid directory names under 15 | # $TCONF (/etc/tinc). Lines starting with a # will be 16 | # ignored in this file. 17 | ### END INIT INFO 18 | # 19 | # Based on Lubomir Bulej's Redhat init script. 20 | 21 | . /lib/lsb/init-functions 22 | 23 | DAEMON="/usr/sbin/tincd" 24 | NAME="tinc" 25 | DESC="tinc daemons" 26 | TCONF="/etc/tinc" 27 | NETSFILE="$TCONF/nets.boot" 28 | NETS="" 29 | 30 | test -f $DAEMON || exit 0 31 | 32 | [ -r /etc/default/tinc ] && . /etc/default/tinc 33 | 34 | # foreach_net "what-to-say" action [arguments...] 35 | foreach_net() { 36 | if [ ! -f $NETSFILE ] ; then 37 | echo "Please create $NETSFILE." 38 | exit 0 39 | fi 40 | echo -n "$1" 41 | shift 42 | egrep '^[ ]*[-_.a-zA-Z0-9]+' $NETSFILE | while read net args; do 43 | echo -n " $net" 44 | "$@" $net $args 45 | done 46 | echo "." 47 | } 48 | 49 | signal_running() { 50 | for i in /var/run/tinc.*pid; do 51 | if [ -f "$i" ]; then 52 | head -1 $i | while read pid; do 53 | kill -$1 $pid 54 | done 55 | fi 56 | done 57 | } 58 | 59 | start() { 60 | $DAEMON $EXTRA -n "$@" 61 | } 62 | stop() { 63 | $DAEMON -n $1 -k 64 | } 65 | reload() { 66 | $DAEMON -n $1 -kHUP 67 | } 68 | alarm() { 69 | $DAEMON -n $1 -kALRM 70 | } 71 | restart() { 72 | stop "$@" 73 | sleep 0.5 74 | i=0; 75 | while [ -f /var/run/tinc.$1.pid ] ; do 76 | if [ $i = '10' ] ; then 77 | break 78 | else 79 | echo -n "." 80 | sleep 0.5 81 | i=$(($i+1)) 82 | fi 83 | done 84 | start "$@" 85 | } 86 | 87 | case "$1" in 88 | start) 89 | foreach_net "Starting $DESC:" start 90 | ;; 91 | stop) 92 | foreach_net "Stopping $DESC:" stop 93 | ;; 94 | reload|force-reload) 95 | foreach_net "Reloading $DESC configuration:" reload 96 | ;; 97 | restart) 98 | foreach_net "Restarting $DESC:" restart 99 | ;; 100 | alarm) 101 | signal_running ALRM 102 | ;; 103 | *) 104 | echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|alarm}" 105 | exit 1 106 | ;; 107 | esac 108 | 109 | exit 0 110 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-logging.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Log destination. 3 | ## 4 | 5 | # Log file to use for error messages. "syslog" logs to syslog, 6 | # /dev/stderr logs to stderr. 7 | log_path = syslog 8 | 9 | # Log file to use for informational messages. Defaults to log_path. 10 | #info_log_path = 11 | # Log file to use for debug messages. Defaults to info_log_path. 12 | #debug_log_path = 13 | 14 | # Syslog facility to use if you're logging to syslog. Usually if you don't 15 | # want to use "mail", you'll use local0..local7. Also other standard 16 | # facilities are supported. 17 | syslog_facility = mail 18 | 19 | ## 20 | ## Logging verbosity and debugging. 21 | ## 22 | 23 | # Log unsuccessful authentication attempts and the reasons why they failed. 24 | #auth_verbose = no 25 | 26 | # In case of password mismatches, log the attempted password. Valid values are 27 | # no, plain and sha1. sha1 can be useful for detecting brute force password 28 | # attempts vs. user simply trying the same password over and over again. 29 | #auth_verbose_passwords = no 30 | 31 | # Even more verbose logging for debugging purposes. Shows for example SQL 32 | # queries. 33 | #auth_debug = no 34 | 35 | # In case of password mismatches, log the passwords and used scheme so the 36 | # problem can be debugged. Enabling this also enables auth_debug. 37 | #auth_debug_passwords = no 38 | 39 | # Enable mail process debugging. This can help you figure out why Dovecot 40 | # isn't finding your mails. 41 | #mail_debug = no 42 | 43 | # Show protocol level SSL errors. 44 | #verbose_ssl = no 45 | 46 | # mail_log plugin provides more event logging for mail processes. 47 | plugin { 48 | # Events to log. Also available: flag_change append 49 | #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename 50 | # Available fields: uid, box, msgid, from, subject, size, vsize, flags 51 | # size and vsize are available only for expunge and copy events. 52 | #mail_log_fields = uid box msgid size 53 | } 54 | 55 | ## 56 | ## Log formatting. 57 | ## 58 | 59 | # Prefix for each line written to log file. % codes are in strftime(3) 60 | # format. 61 | log_timestamp = "%b %d %H:%M:%S " 62 | 63 | # Space-separated list of elements we want to log. The elements which have 64 | # a non-empty variable value are joined together to form a comma-separated 65 | # string. 66 | login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c 67 | 68 | # Login log format. %$ contains login_log_format_elements string, %s contains 69 | # the data we want to log. 70 | login_log_format = %$: %s 71 | 72 | # Log prefix for mail processes. See doc/wiki/Variables.txt for list of 73 | # possible variables you can use. 74 | mail_log_prefix = "%s(%u): " 75 | 76 | # Format to use for logging mail deliveries. You can use variables: 77 | # %$ - Delivery status message (e.g. "saved to INBOX") 78 | # %m - Message-ID 79 | # %s - Subject 80 | # %f - From address 81 | # %p - Physical size 82 | # %w - Virtual size 83 | deliver_log_format = msgid=%m (%s): %$ 84 | -------------------------------------------------------------------------------- /roles/openttd/files/initd_openttd: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: openttd 4 | # Required-Start: $network $remote_fs $syslog 5 | # Required-Stop: $network $remote_fs $syslog 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # Short-Description: Example initscript 9 | # Description: A dedicated network server for OpenTTD, a transportation 10 | # simulation game 11 | ### END INIT INFO 12 | 13 | # Author: Benjamin Woodruff 14 | # Modified from /etc/init.d/skeleton 15 | 16 | PATH=/sbin:/usr/sbin:/bin:/usr/bin 17 | DESC="OpenTTD game server" 18 | NAME=openttd 19 | DAEMON=/usr/games/$NAME 20 | DAEMON_ARGS="-D" 21 | USER=openttd 22 | PIDFILE=/var/run/$NAME.pid 23 | SCRIPTNAME=/etc/init.d/$NAME 24 | 25 | # Exit if the package is not installed 26 | [ -x "$DAEMON" ] || exit 0 27 | 28 | # Read configuration variable file if it is present 29 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME 30 | 31 | # Load the VERBOSE setting and other rcS variables 32 | . /lib/init/vars.sh 33 | 34 | # Define LSB log_* functions. 35 | # Depend on lsb-base (>= 3.2-14) to ensure that this file is present 36 | # and status_of_proc is working. 37 | . /lib/lsb/init-functions 38 | 39 | # 40 | # Function that starts the daemon/service 41 | # 42 | do_start() 43 | { 44 | # Return 45 | # 0 if daemon has been started 46 | # 1 if daemon was already running 47 | # 2 if daemon could not be started 48 | start-stop-daemon --start --quiet --pidfile $PIDFILE --user $USER \ 49 | --exec $DAEMON --test > /dev/null \ 50 | || return 1 51 | start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \ 52 | --user $USER --chuid $USER --background --no-close \ 53 | --exec $DAEMON -- $DAEMON_ARGS >> /var/log/openttd 2>&1 \ 54 | || return 2 55 | # Add code here, if necessary, that waits for the process to be ready 56 | # to handle requests from services started subsequently which depend 57 | # on this one. As a last resort, sleep for some time. 58 | } 59 | 60 | # 61 | # Function that stops the daemon/service 62 | # 63 | do_stop() 64 | { 65 | # Return 66 | # 0 if daemon has been stopped 67 | # 1 if daemon was already stopped 68 | # 2 if daemon could not be stopped 69 | # other if a failure occurred 70 | start-stop-daemon --stop --quiet --retry TERM/30/KILL/5 --pidfile $PIDFILE \ 71 | --name $NAME 72 | RETVAL="$?" 73 | [ "$RETVAL" = 2 ] && return 2 74 | # Many daemons don't delete their pidfiles when they exit. 75 | rm -f $PIDFILE 76 | return "$RETVAL" 77 | } 78 | 79 | case "$1" in 80 | start) 81 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" 82 | do_start 83 | case "$?" in 84 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 85 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 86 | esac 87 | ;; 88 | stop) 89 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" 90 | do_stop 91 | case "$?" in 92 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 93 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 94 | esac 95 | ;; 96 | status) 97 | status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? 98 | ;; 99 | restart|force-reload) 100 | log_daemon_msg "Restarting $DESC" "$NAME" 101 | do_stop 102 | case "$?" in 103 | 0|1) 104 | do_start 105 | case "$?" in 106 | 0) log_end_msg 0 ;; 107 | 1) log_end_msg 1 ;; # Old process is still running 108 | *) log_end_msg 1 ;; # Failed to start 109 | esac 110 | ;; 111 | *) 112 | # Failed to stop 113 | log_end_msg 1 114 | ;; 115 | esac 116 | ;; 117 | *) 118 | echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 119 | exit 3 120 | ;; 121 | esac 122 | 123 | : 124 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-master.conf: -------------------------------------------------------------------------------- 1 | protocols = imap 2 | 3 | # Sanity checks 4 | default_process_limit = 50 5 | default_client_limit = 200 6 | 7 | # Default VSZ (virtual memory size) limit for service processes. This is mainly 8 | # intended to catch and kill processes that leak memory before they eat up 9 | # everything. 10 | default_vsz_limit = 256M 11 | 12 | # Login user is internally used by login processes. This is the most untrusted 13 | # user in Dovecot system. It shouldn't have access to anything at all. 14 | #default_login_user = dovenull 15 | 16 | # Internal user is used by unprivileged processes. It should be separate from 17 | # login user, so that login processes can't disturb other processes. 18 | #default_internal_user = dovecot 19 | 20 | service imap-login { 21 | inet_listener imap { 22 | port = 143 23 | } 24 | inet_listener imaps { 25 | port = 993 26 | ssl = yes 27 | } 28 | 29 | # Number of connections to handle before starting a new process. Typically 30 | # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 31 | # is faster. 32 | service_count = 1 33 | 34 | # Number of processes to always keep waiting for more connections. 35 | #process_min_avail = 0 36 | 37 | # If you set service_count=0, you probably need to grow this. 38 | #vsz_limit = $default_vsz_limit 39 | } 40 | 41 | service pop3-login { 42 | inet_listener pop3 { 43 | #port = 110 44 | port = 0 45 | } 46 | inet_listener pop3s { 47 | #port = 995 48 | #ssl = yes 49 | port = 0 50 | } 51 | } 52 | 53 | service lmtp { 54 | unix_listener lmtp { 55 | #mode = 0666 56 | } 57 | 58 | # Create inet listener only if you can't use the above UNIX socket 59 | #inet_listener lmtp { 60 | # Avoid making LMTP visible for the entire internet 61 | #address = 62 | #port = 63 | #} 64 | } 65 | 66 | service imap { 67 | # Most of the memory goes to mmap()ing files. You may need to increase this 68 | # limit if you have huge mailboxes. 69 | #vsz_limit = $default_vsz_limit 70 | } 71 | 72 | service pop3 { 73 | } 74 | 75 | service auth { 76 | # auth_socket_path points to this userdb socket by default. It's typically 77 | # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have 78 | # full permissions to this socket are able to get a list of all usernames and 79 | # get the results of everyone's userdb lookups. 80 | # 81 | # The default 0666 mode allows anyone to connect to the socket, but the 82 | # userdb lookups will succeed only if the userdb returns an "uid" field that 83 | # matches the caller process's UID. Also if caller's uid or gid matches the 84 | # socket's uid or gid the lookup succeeds. Anything else causes a failure. 85 | # 86 | # To give the caller full permissions to lookup all users, set the mode to 87 | # something else than 0666 and Dovecot lets the kernel enforce the 88 | # permissions (e.g. 0777 allows everyone full permissions). 89 | unix_listener auth-userdb { 90 | #mode = 0666 91 | #user = 92 | #group = 93 | } 94 | 95 | # Postfix smtp-auth 96 | unix_listener /var/spool/postfix/private/auth { 97 | mode = 0666 98 | user = postfix 99 | group = postfix 100 | } 101 | 102 | # Auth process is run as this user. 103 | #user = $default_internal_user 104 | } 105 | 106 | service auth-worker { 107 | # Auth worker process is run as root by default, so that it can access 108 | # /etc/shadow. If this isn't necessary, the user should be changed to 109 | # $default_internal_user. 110 | user = root 111 | } 112 | 113 | service dict { 114 | # If dict proxy is used, mail processes should have access to its socket. 115 | # For example: mode=0660, group=vmail and global mail_access_groups=vmail 116 | unix_listener dict { 117 | #mode = 0600 118 | #user = 119 | #group = 120 | } 121 | } 122 | -------------------------------------------------------------------------------- /roles/email/files/postfix/master.cf: -------------------------------------------------------------------------------- 1 | # Postfix master process configuration file. For details on the format 2 | # of the file, see the master(5) manual page (command: "man 5 master"). 3 | # 4 | # Do not forget to execute "postfix reload" after editing this file. 5 | # 6 | # ========================================================================== 7 | # service type private unpriv chroot wakeup maxproc command + args 8 | # (yes) (yes) (yes) (never) (100) 9 | # ========================================================================== 10 | 11 | # Use postscreen as the first pass (instead of directly passing to smtpd) 12 | smtp inet n - - - 1 postscreen 13 | # postfix smtp daemon 14 | smtpd pass - - - - - smtpd 15 | # record to syslog when postscreen blocks a host 16 | dnsblog unix - - - - 0 dnsblog 17 | # needed to support TLS in postscreen 18 | tlsproxy unix - - - - 0 tlsproxy 19 | 20 | #smtps inet n - - - - smtpd 21 | # -o syslog_name=postfix/smtps 22 | # -o smtpd_tls_wrappermode=yes 23 | # -o smtpd_sasl_auth_enable=yes 24 | # -o smtpd_client_restrictions=permit_sasl_authenticated,reject 25 | # -o milter_macro_daemon_name=ORIGINATING 26 | submission inet n - - - - smtpd 27 | -o smtpd_tls_security_level=encrypt 28 | -o smtpd_sasl_auth_enable=yes 29 | 30 | pickup fifo n - - 60 1 pickup 31 | cleanup unix n - - - 0 cleanup 32 | qmgr fifo n - n 300 1 qmgr 33 | tlsmgr unix - - - 1000? 1 tlsmgr 34 | rewrite unix - - - - - trivial-rewrite 35 | bounce unix - - - - 0 bounce 36 | defer unix - - - - 0 bounce 37 | trace unix - - - - 0 bounce 38 | verify unix - - - - 1 verify 39 | flush unix n - - 1000? 0 flush 40 | proxymap unix - - n - - proxymap 41 | proxywrite unix - - n - 1 proxymap 42 | smtp unix - - - - - smtp 43 | relay unix - - - - - smtp 44 | # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 45 | showq unix n - - - - showq 46 | error unix - - - - - error 47 | retry unix - - - - - error 48 | discard unix - - - - - discard 49 | local unix - n n - - local 50 | virtual unix - n n - - virtual 51 | lmtp unix - - - - - lmtp 52 | anvil unix - - - - 1 anvil 53 | scache unix - - - - 1 scache 54 | 55 | # ==================================================================== 56 | # Interfaces to non-Postfix software. Be sure to examine the manual 57 | # pages of the non-Postfix software to find out what options it wants. 58 | # 59 | # Many of the following services use the Postfix pipe(8) delivery 60 | # agent. See the pipe(8) man page for information about ${recipient} 61 | # and other message envelope options. 62 | # ==================================================================== 63 | 64 | # maildrop. See the Postfix MAILDROP_README file for details. 65 | # Also specify in main.cf: maildrop_destination_recipient_limit=1 66 | #maildrop unix - n n - - pipe 67 | # flags=DRhu user=mail argv=/usr/bin/maildrop -d ${recipient} 68 | 69 | #dovecot unix - n n - - pipe 70 | # flags=DRhu user=mail:mail 71 | # argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient} 72 | -------------------------------------------------------------------------------- /roles/openttd/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install and configure OpenTTD for use as a dedicated server. 3 | # Warning: This installs x11-common and friends (because openttd *requires* sdl) 4 | 5 | - name: stop existing openttd server (if it exists) 6 | service: name=openttd enabled=yes state=stopped 7 | failed_when: False 8 | tags: openttd 9 | 10 | - name: ensure /var/games exists 11 | file: > 12 | dest=/var/games 13 | mode=755 14 | owner=root 15 | group=root 16 | state=directory 17 | tags: openttd 18 | 19 | - name: create 'openttd' user 20 | user: > 21 | name=openttd 22 | comment="OpenTTD Server Service" 23 | system=yes 24 | home=/var/games/openttd 25 | createhome=yes 26 | tags: openttd 27 | 28 | - name: create temporary directory 29 | file: > 30 | dest=/tmp/ansible-openttd 31 | mode=700 32 | owner=openttd 33 | group=openttd 34 | state=directory 35 | tags: openttd 36 | 37 | - name: download OpenTTD 38 | get_url: > 39 | url=http://us.binaries.openttd.org/binaries/releases/{{openttd.version 40 | }}/openttd-{{openttd.version}}-linux-debian-{{debian_release}}-{{arch}}.deb 41 | dest=/tmp/ansible-openttd/openttd-{{openttd.version}}.deb 42 | tags: openttd 43 | 44 | - name: install OpenTTD 45 | apt: deb=/tmp/ansible-openttd/openttd-{{openttd.version}}.deb 46 | tags: openttd 47 | 48 | - name: download opengfx 49 | get_url: > 50 | url=http://binaries.openttd.org/extra/opengfx/{{openttd.opengfx_version 51 | }}/opengfx-{{openttd.opengfx_version}}-all.zip 52 | dest=/tmp/ansible-openttd/opengfx-{{openttd.opengfx_version}}.zip 53 | tags: openttd 54 | 55 | - name: remove previous opengfx installations 56 | shell: rm -r /usr/share/games/openttd/baseset/opengfx* 57 | register: result 58 | changed_when: result.rc == 0 59 | tags: openttd 60 | 61 | - name: install opengfx 62 | command: unzip /tmp/ansible-openttd/opengfx-{{openttd.opengfx_version}}.zip 63 | -d /usr/share/games/openttd/baseset 64 | tags: openttd 65 | 66 | - name: install init.d script 67 | copy: > 68 | src=initd_openttd 69 | dest=/etc/init.d/openttd 70 | mode=755 71 | owner=root 72 | group=root 73 | tags: openttd 74 | 75 | - name: register init.d script 76 | command: update-rc.d openttd defaults 77 | tags: openttd 78 | 79 | - name: clean up temporary files 80 | file: dest=/tmp/ansible-openttd state=absent 81 | tags: openttd 82 | 83 | - name: create openttd gamedata folder 84 | file: > 85 | dest=/var/games/openttd/.openttd 86 | mode=755 87 | owner=openttd 88 | group=openttd 89 | state=directory 90 | tags: openttd 91 | 92 | - name: configure openttd 93 | template: > 94 | src=openttd.cfg.j2 95 | dest=/var/games/openttd/.openttd/openttd.cfg 96 | mode=600 97 | owner=openttd 98 | group=openttd 99 | tags: openttd 100 | 101 | - name: link the openttd config file to the gamedata folder 102 | file: > 103 | src=/var/games/openttd/.openttd/openttd.cfg 104 | dest=/etc/openttd.cfg 105 | mode=600 106 | owner=openttd 107 | group=openttd 108 | state=link 109 | tags: openttd 110 | 111 | # Really, openttd should make this, but it doesn't when run with `-f` 112 | - name: make openttd logfile 113 | command: > 114 | /usr/bin/touch /var/games/openttd/.openttd/openttd.log 115 | creates=/var/games/openttd/.openttd/openttd.log 116 | tags: openttd 117 | 118 | - name: set permissions on openttd logfile 119 | file: > 120 | dest=/var/games/openttd/.openttd/openttd.log 121 | mode=644 122 | owner=openttd 123 | group=openttd 124 | tags: openttd 125 | 126 | - name: link the openttd logfile to /var/log 127 | file: > 128 | src=/var/games/openttd/.openttd/openttd.log 129 | dest=/var/log/openttd 130 | mode=644 131 | owner=openttd 132 | group=openttd 133 | state=link 134 | tags: openttd 135 | 136 | - name: start openttd server 137 | service: name=openttd enabled=yes state=started 138 | tags: openttd 139 | -------------------------------------------------------------------------------- /roles/irc_bouncer/files/initd_znc: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: znc 4 | # Required-Start: $remote_fs $syslog 5 | # Required-Stop: $remote_fs $syslog 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # Short-Description: ZNC IRC bouncer 9 | # Description: ZNC is an IRC bouncer 10 | ### END INIT INFO 11 | 12 | PATH=/sbin:/usr/sbin:/bin:/usr/bin 13 | DESC="ZNC daemon" 14 | NAME=znc 15 | DAEMON=/usr/bin/$NAME 16 | DATADIR=/var/lib/znc 17 | DAEMON_ARGS="--datadir=$DATADIR" 18 | PIDDIR=/var/run/znc 19 | PIDFILE=$PIDDIR/$NAME.pid 20 | SCRIPTNAME=/etc/init.d/$NAME 21 | USER=znc 22 | GROUP=znc 23 | 24 | # Exit if the package is not installed 25 | [ -x "$DAEMON" ] || exit 0 26 | 27 | # Read configuration variable file if it is present 28 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME 29 | 30 | # Load the VERBOSE setting and other rcS variables 31 | . /lib/init/vars.sh 32 | 33 | # Define LSB log_* functions. 34 | # Depend on lsb-base (>= 3.2-14) to ensure that this file is present 35 | # and status_of_proc is working. 36 | . /lib/lsb/init-functions 37 | 38 | # 39 | # Function that starts the daemon/service 40 | # 41 | do_start() 42 | { 43 | # Return 44 | # 0 if daemon has been started 45 | # 1 if daemon was already running 46 | # 2 if daemon could not be started 47 | if [ ! -d $PIDDIR ] 48 | then 49 | mkdir $PIDDIR 50 | fi 51 | chown $USER:$GROUP $PIDDIR 52 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1 53 | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2 54 | } 55 | 56 | # 57 | # Function that stops the daemon/service 58 | # 59 | do_stop() 60 | { 61 | # Return 62 | # 0 if daemon has been stopped 63 | # 1 if daemon was already stopped 64 | # 2 if daemon could not be stopped 65 | # other if a failure occurred 66 | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER 67 | RETVAL="$?" 68 | [ "$RETVAL" = 2 ] && return 2 69 | # Wait for children to finish too if this is a daemon that forks 70 | # and if the daemon is only ever run from this initscript. 71 | # If the above conditions are not satisfied then add some other code 72 | # that waits for the process to drop all resources that could be 73 | # needed by services started subsequently. A last resort is to 74 | # sleep for some time. 75 | start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER 76 | [ "$?" = 2 ] && return 2 77 | # Many daemons don't delete their pidfiles when they exit. 78 | rm -f $PIDFILE 79 | return "$RETVAL" 80 | } 81 | 82 | # 83 | # Function that sends a SIGHUP to the daemon/service 84 | # 85 | do_reload() { 86 | start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER 87 | return 0 88 | } 89 | 90 | case "$1" in 91 | start) 92 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" 93 | do_start 94 | case "$?" in 95 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 96 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 97 | esac 98 | ;; 99 | stop) 100 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" 101 | do_stop 102 | case "$?" in 103 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 104 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 105 | esac 106 | ;; 107 | status) 108 | status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? 109 | ;; 110 | reload) 111 | log_daemon_msg "Reloading $DESC" "$NAME" 112 | do_reload 113 | log_end_msg $? 114 | ;; 115 | restart) 116 | log_daemon_msg "Restarting $DESC" "$NAME" 117 | do_stop 118 | case "$?" in 119 | 0|1) 120 | do_start 121 | case "$?" in 122 | 0) log_end_msg 0 ;; 123 | 1) log_end_msg 1 ;; # Old process is still running 124 | *) log_end_msg 1 ;; # Failed to start 125 | esac 126 | ;; 127 | *) 128 | # Failed to stop 129 | log_end_msg 1 130 | ;; 131 | esac 132 | ;; 133 | *) 134 | echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2 135 | exit 3 136 | ;; 137 | esac 138 | 139 | : 140 | -------------------------------------------------------------------------------- /roles/xchat/templates/xchat.conf.j2: -------------------------------------------------------------------------------- 1 | version = 2.8.8 2 | auto_save = 1 3 | auto_save_url = 0 4 | away_auto_unmark = 1 5 | away_reason = Away 6 | away_show_message = 0 7 | away_show_once = 1 8 | away_size_max = 300 9 | away_timeout = 60 10 | away_track = 1 11 | completion_amount = 5 12 | completion_auto = 0 13 | completion_sort = 0 14 | completion_suffix = , 15 | completion_cinsens = 0 16 | dcc_auto_chat = 0 17 | dcc_auto_resume = 1 18 | dcc_auto_send = 2 19 | dcc_blocksize = 1024 20 | dcc_completed_dir = ~{{ primary_user }}/Downloads 21 | dcc_dir = ~{{ primary_user }}/Downloads 22 | dcc_fast_send = 1 23 | dcc_global_max_get_cps = 0 24 | dcc_global_max_send_cps = 0 25 | dcc_ip = 26 | dcc_ip_from_server = 1 27 | dcc_max_get_cps = 0 28 | dcc_max_send_cps = 0 29 | dcc_permissions = 384 30 | dcc_port_first = 0 31 | dcc_port_last = 0 32 | dcc_remove = 0 33 | dcc_save_nick = 0 34 | dcc_send_fillspaces = 0 35 | dcc_stall_timeout = 60 36 | dcc_timeout = 180 37 | dnsprogram = host 38 | flood_ctcp_num = 5 39 | flood_ctcp_time = 30 40 | flood_msg_num = 5 41 | flood_msg_time = 30 42 | gui_auto_open_chat = 1 43 | gui_auto_open_dialog = 1 44 | gui_auto_open_recv = 1 45 | gui_auto_open_send = 1 46 | gui_dialog_height = 550 47 | gui_dialog_left = 0 48 | gui_dialog_top = 25 49 | gui_dialog_width = 1024 50 | gui_hide_menu = 0 51 | gui_input_spell = 1 52 | gui_input_style = 0 53 | gui_join_dialog = 0 54 | gui_lagometer = 3 55 | gui_mode_buttons = 1 56 | gui_pane_left_size = 186 57 | gui_pane_right_size = 130 58 | gui_quit_dialog = 0 59 | gui_slist_select = 0 60 | gui_slist_skip = 1 61 | gui_throttlemeter = 3 62 | gui_topicbar = 1 63 | gui_tray = 0 64 | gui_tray_flags = 1 65 | gui_tweaks = 0 66 | gui_ulist_buttons = 0 67 | gui_ulist_doubleclick = QUOTE WHOIS %s %s 68 | gui_ulist_hide = 0 69 | gui_ulist_left = 0 70 | gui_ulist_pos = 3 71 | gui_ulist_resizable = 1 72 | gui_ulist_show_hosts = 0 73 | gui_ulist_sort = 0 74 | gui_ulist_style = 0 75 | gui_url_mod = 4 76 | gui_usermenu = 0 77 | gui_win_height = 743 78 | gui_win_left = 0 79 | gui_win_save = 1 80 | gui_win_state = 1 81 | gui_win_top = 27 82 | gui_win_width = 1280 83 | input_balloon_chans = 0 84 | input_balloon_hilight = 1 85 | input_balloon_priv = 1 86 | input_balloon_time = 20 87 | input_beep_chans = 0 88 | input_beep_hilight = 0 89 | input_beep_msg = 0 90 | input_command_char = / 91 | input_filter_beep = 0 92 | input_flash_chans = 0 93 | input_flash_hilight = 0 94 | input_flash_priv = 0 95 | input_perc_ascii = 0 96 | input_perc_color = 0 97 | input_tray_chans = 0 98 | input_tray_hilight = 1 99 | input_tray_priv = 1 100 | irc_auto_rejoin = 0 101 | irc_ban_type = 2 102 | irc_conf_mode = 0 103 | irc_extra_hilight = 104 | irc_hide_version = 0 105 | irc_id_ntext = 106 | irc_id_ytext = 107 | irc_invisible = 0 108 | irc_join_delay = 3 109 | irc_logging = 1 110 | irc_logmask = %n-%c.log 111 | irc_nick1 = {{ irc.nick }} 112 | irc_nick2 = {{ irc.nick }}_ 113 | irc_nick3 = {{ irc.nick }}__ 114 | irc_nick_hilight = 115 | irc_no_hilight = NickServ,ChanServ,RizonIRPG,Rizon,Global,*status,bot 116 | irc_part_reason = Ex-Chat 117 | irc_quit_reason = Ex-Chat 118 | irc_raw_modes = 0 119 | irc_real_name = {{ irc.nick }} 120 | irc_servernotice = 1 121 | irc_skip_motd = 0 122 | irc_user_name = {{ irc.nick }} 123 | irc_wallops = 0 124 | irc_who_join = 1 125 | irc_whois_front = 0 126 | net_auto_reconnect = 1 127 | net_auto_reconnectonfail = 0 128 | net_bind_host = 129 | net_ping_timeout = 0 130 | net_proxy_auth = 0 131 | net_proxy_host = 132 | net_proxy_pass = 133 | net_proxy_port = 0 134 | net_proxy_type = 0 135 | net_proxy_use = 0 136 | net_proxy_user = 137 | net_reconnect_delay = 10 138 | net_throttle = 1 139 | notify_timeout = 15 140 | notify_whois_online = 0 141 | perl_warnings = 0 142 | sound_command = 143 | sound_dir = ~{{ primary_user }}/.xchat2/sounds 144 | stamp_log = 1 145 | stamp_log_format = %b %d %H:%M:%S 146 | stamp_text = 1 147 | stamp_text_format = [%H:%M] 148 | tab_chans = 1 149 | tab_dialogs = 1 150 | tab_layout = 2 151 | tab_new_to_front = 2 152 | tab_notices = 0 153 | tab_pos = 1 154 | tab_position = 2 155 | tab_server = 1 156 | tab_small = 1 157 | tab_sort = 1 158 | tab_trunc = 20 159 | tab_utils = 0 160 | text_background = 161 | text_color_nicks = 0 162 | text_font = Inconsolata Medium 10 163 | text_indent = 1 164 | text_max_indent = 256 165 | text_max_lines = 2000 166 | text_replay = 1 167 | text_show_marker = 1 168 | text_show_sep = 1 169 | text_stripcolor = 0 170 | text_thin_sep = 1 171 | text_tint_blue = 195 172 | text_tint_green = 195 173 | text_tint_red = 195 174 | text_transparent = 0 175 | text_wordwrap = 1 176 | -------------------------------------------------------------------------------- /roles/email/templates/postfix/main.cf.j2: -------------------------------------------------------------------------------- 1 | # See /usr/share/postfix/main.cf.dist for a commented, more complete version 2 | 3 | myorigin = /etc/mailname 4 | 5 | {% if email.ipv4_bind %} 6 | smtp_bind_address = {{ email.ipv4_bind }} 7 | {% endif %} 8 | {% if email.ipv6_bind %} 9 | smtp_bind_address6 = {{ email.ipv6_bind }} 10 | {% endif %} 11 | 12 | {% if email.inet_protocols %} 13 | inet_protocols = {{ email.inet_protocols }} 14 | {% endif %} 15 | 16 | smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) 17 | biff = no 18 | 19 | # appending .domain is the MUA's job. 20 | append_dot_mydomain = no 21 | delay_warning_time = 4h 22 | readme_directory = no 23 | 24 | ################################################################################ 25 | ### Domains and Aliases ######################################################## 26 | ################################################################################ 27 | 28 | myhostname = {{ domain }} 29 | smtp_generic_maps = hash:/etc/postfix/generic 30 | alias_maps = regexp:/etc/postfix/aliases_regexp 31 | mydestination = $myhostname, {% for d in secondary_domains %}{{d}}, {% endfor %} 32 | {{ inventory_hostname }}, localhost.localdomain, localhost, 33 | ip6-localhost, ip6-loopback 34 | mynetworks_style = host 35 | recipient_delimiter = + 36 | inet_interfaces = all 37 | 38 | ################################################################################ 39 | ### Size Restrictions ########################################################## 40 | ################################################################################ 41 | 42 | # 50 MB/message 43 | message_size_limit = 51200000 44 | mailbox_size_limit = 0 45 | 46 | ################################################################################ 47 | ### Maildir Support ############################################################ 48 | ################################################################################ 49 | 50 | home_mailbox = Maildir/ 51 | 52 | ################################################################################ 53 | ### Dovecot #################################################################### 54 | ################################################################################ 55 | 56 | mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" 57 | dovecot_destination_recipient_limit = 1 58 | 59 | ################################################################################ 60 | ### Enable TLS ################################################################# 61 | ################################################################################ 62 | 63 | # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for 64 | # information on enabling SSL in the smtp client. 65 | 66 | smtpd_use_tls = yes 67 | smtpd_tls_security_level = may 68 | # TODO: use a self-signed cert 69 | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 70 | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 71 | smtp_tls_protocols = !SSLv2, !SSLv3 72 | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache 73 | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 74 | 75 | ################################################################################ 76 | ### SMTP Login ################################################################# 77 | ################################################################################ 78 | 79 | smtpd_sasl_auth_enable = yes 80 | smtpd_sasl_type = dovecot 81 | queue_directory = /var/spool/postfix 82 | smtpd_sasl_path = private/auth 83 | smtpd_tls_auth_only = yes 84 | smtpd_sasl_security_options = noanonymous 85 | smtpd_sasl_local_domain = $myhostname 86 | 87 | ################################################################################ 88 | ### Spam Blocking ############################################################## 89 | ################################################################################ 90 | 91 | # postscreen is the first line of defense, and blocks the most obvious spam 92 | 93 | postscreen_dnsbl_sites = 94 | zen.spamhaus.org 95 | bl.spamcop.net 96 | postscreen_dnsbl_action = enforce 97 | postscreen_greet_action = enforce 98 | 99 | # typical postfix defenses 100 | 101 | smtpd_helo_required = yes 102 | smtpd_helo_restrictions = 103 | reject_non_fqdn_helo_hostname 104 | permit 105 | smtpd_sender_restrictions = 106 | reject_unknown_sender_domain 107 | permit 108 | smtpd_recipient_restrictions = 109 | permit_mynetworks 110 | permit_sasl_authenticated 111 | reject_invalid_hostname 112 | reject_non_fqdn_recipient 113 | reject_unauth_destination 114 | check_policy_service inet:localhost:10023 115 | permit 116 | 117 | # postgrey should be running on inet:localhost:10023 118 | -------------------------------------------------------------------------------- /roles/mutt/templates/Muttrc.j2: -------------------------------------------------------------------------------- 1 | # 2 | # System configuration file for Mutt 3 | # 4 | 5 | set mbox_type=Maildir 6 | 7 | # Default list of header fields to weed when displaying. 8 | # Ignore all lines by default... 9 | ignore * 10 | 11 | # ... then allow these through. 12 | unignore from: subject to cc date x-mailer x-url user-agent 13 | 14 | # Display the fields in this order 15 | hdr_order date from to cc subject 16 | 17 | # emacs-like bindings 18 | bind editor "\e" kill-word 19 | bind editor "\e" kill-word 20 | 21 | # map delete-char to a sane value 22 | bind editor delete-char 23 | 24 | # some people actually like these settings 25 | #set pager_stop 26 | #bind pager previous-line 27 | #bind pager next-line 28 | 29 | # Specifies how to sort messages in the index menu. 30 | set sort=threads 31 | 32 | # The behavior of this option on the Debian mutt package is 33 | # not the original one because exim4, the default SMTP on Debian 34 | # does not strip bcc headers so this can cause privacy problems; 35 | # see man muttrc for more info 36 | #unset write_bcc 37 | # Postfix and qmail use Delivered-To for detecting loops 38 | unset bounce_delivered 39 | 40 | set mixmaster="mixmaster-filter" 41 | 42 | # System-wide CA file managed by the ca-certificates package 43 | set ssl_ca_certificates_file="/etc/ssl/certs/ca-certificates.crt" 44 | 45 | # imitate the old search-body function 46 | macro index \eb "~b " "search in message bodies" 47 | 48 | # simulate the old url menu 49 | macro index,pager,attach,compose \cb "\ 50 | set my_pipe_decode=\$pipe_decode pipe_decode\ 51 | urlview\ 52 | set pipe_decode=\$my_pipe_decode; unset my_pipe_decode" \ 53 | "call urlview to extract URLs out of a message" 54 | 55 | # Show documentation when pressing F1 56 | macro generic,pager " zcat /usr/share/doc/mutt/manual.txt.gz | sensible-pager" "show Mutt documentation" 57 | 58 | # show the incoming mailboxes list (just like "mutt -y") and back when pressing "y" 59 | macro index,pager y "?" "show incoming mailboxes list" 60 | bind browser y exit 61 | 62 | # If Mutt is unable to determine your site's domain name correctly, you can 63 | # set the default here. (better: fix /etc/mailname) 64 | # 65 | # set hostname=cs.hmc.edu 66 | 67 | # If your sendmail supports the -B8BITMIME flag, enable the following 68 | # 69 | # set use_8bitmime 70 | 71 | # Use mime.types to look up handlers for application/octet-stream. Can 72 | # be undone with unmime_lookup. 73 | mime_lookup application/octet-stream 74 | 75 | # Upgrade the progress counter every 250ms, good for mutt over SSH 76 | # see http://bugs.debian.org/537746 77 | set time_inc=250 78 | 79 | ## 80 | ## *** DEFAULT SETTINGS FOR THE ATTACHMENTS PATCH *** 81 | ## 82 | 83 | ## 84 | ## Please see the manual (section "attachments") for detailed 85 | ## documentation of the "attachments" command. 86 | ## 87 | ## Removing a pattern from a list removes that pattern literally. It 88 | ## does not remove any type matching the pattern. 89 | ## 90 | ## attachments +A */.* 91 | ## attachments +A image/jpeg 92 | ## unattachments +A */.* 93 | ## 94 | ## This leaves "attached" image/jpeg files on the allowed attachments 95 | ## list. It does not remove all items, as you might expect, because the 96 | ## second */.* is not a matching expression at this time. 97 | ## 98 | ## Remember: "unattachments" only undoes what "attachments" has done! 99 | ## It does not trigger any matching on actual messages. 100 | 101 | ## Qualify any MIME part with an "attachment" disposition, EXCEPT for 102 | ## text/x-vcard and application/pgp parts. (PGP parts are already known 103 | ## to mutt, and can be searched for with ~g, ~G, and ~k.) 104 | ## 105 | ## I've added x-pkcs7 to this, since it functions (for S/MIME) 106 | ## analogously to PGP signature attachments. S/MIME isn't supported 107 | ## in a stock mutt build, but we can still treat it specially here. 108 | ## 109 | attachments +A */.* 110 | attachments -A text/x-vcard application/pgp.* 111 | attachments -A application/x-pkcs7-.* 112 | 113 | ## Discount all MIME parts with an "inline" disposition, unless they're 114 | ## text/plain. (Why inline a text/plain part unless it's external to the 115 | ## message flow?) 116 | ## 117 | attachments +I text/plain 118 | 119 | ## These two lines make Mutt qualify MIME containers. (So, for example, 120 | ## a message/rfc822 forward will count as an attachment.) The first 121 | ## line is unnecessary if you already have "attach-allow */.*", of 122 | ## course. These are off by default! The MIME elements contained 123 | ## within a message/* or multipart/* are still examined, even if the 124 | ## containers themselves don't qualify. 125 | ## 126 | #attachments +A message/.* multipart/.* 127 | #attachments +I message/.* multipart/.* 128 | 129 | ## You probably don't really care to know about deleted attachments. 130 | attachments -A message/external-body 131 | attachments -I message/external-body 132 | 133 | ## 134 | # See /usr/share/doc/mutt/README.Debian for details. 135 | source /usr/lib/mutt/source-muttrc.d| 136 | -------------------------------------------------------------------------------- /roles/email/templates/dovecot/conf.d/10-auth.conf.j2: -------------------------------------------------------------------------------- 1 | ## 2 | ## Authentication processes 3 | ## 4 | 5 | # Disable LOGIN command and all other plaintext authentications unless 6 | # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP 7 | # matches the local IP (ie. you're connecting from the same computer), the 8 | # connection is considered secure and plaintext authentication is allowed. 9 | disable_plaintext_auth = yes 10 | 11 | # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that 12 | # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. 13 | auth_cache_size = 0 14 | 15 | # Space separated list of realms for SASL authentication mechanisms that need 16 | # them. You can leave it empty if you don't want to support multiple realms. 17 | # Many clients simply use the first one listed here, so keep the default realm 18 | # first. 19 | auth_realms = {{ domain }} {% for d in secondary_domains %}{{ d }} {% endfor %} 20 | 21 | # Default realm/domain to use if none was specified. This is used for both 22 | # SASL realms and appending @domain to username in plaintext logins. 23 | #auth_default_realm = 24 | 25 | # List of allowed characters in username. If the user-given username contains 26 | # a character not listed in here, the login automatically fails. This is just 27 | # an extra check to make sure user can't exploit any potential quote escaping 28 | # vulnerabilities with SQL/LDAP databases. If you want to allow all characters, 29 | # set this value to empty. 30 | #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ 31 | 32 | # Username character translations before it's looked up from databases. The 33 | # value contains series of from -> to characters. For example "#@/@" means 34 | # that '#' and '/' characters are translated to '@'. 35 | #auth_username_translation = 36 | 37 | # Username formatting before it's looked up from databases. You can use 38 | # the standard variables here, eg. %Lu would lowercase the username, %n would 39 | # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into 40 | # "-AT-". This translation is done after auth_username_translation changes. 41 | #auth_username_format = %Lu 42 | 43 | # If you want to allow master users to log in by specifying the master 44 | # username within the normal username string (ie. not using SASL mechanism's 45 | # support for it), you can specify the separator character here. The format 46 | # is then . UW-IMAP uses "*" as the 47 | # separator, so that could be a good choice. 48 | #auth_master_user_separator = 49 | 50 | # Username to use for users logging in with ANONYMOUS SASL mechanism 51 | #auth_anonymous_username = anonymous 52 | 53 | # Maximum number of dovecot-auth worker processes. They're used to execute 54 | # blocking passdb and userdb queries (eg. MySQL and PAM). They're 55 | # automatically created and destroyed as needed. 56 | auth_worker_max_count = 2 57 | 58 | # Host name to use in GSSAPI principal names. The default is to use the 59 | # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab 60 | # entries. 61 | #auth_gssapi_hostname = 62 | 63 | # Kerberos keytab to use for the GSSAPI mechanism. Will use the system 64 | # default (usually /etc/krb5.keytab) if not specified. You may need to change 65 | # the auth service to run as root to be able to read this file. 66 | #auth_krb5_keytab = 67 | 68 | # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and 69 | # ntlm_auth helper. 70 | #auth_use_winbind = no 71 | 72 | # Path for Samba's ntlm_auth helper binary. 73 | #auth_winbind_helper_path = /usr/bin/ntlm_auth 74 | 75 | # Time to delay before replying to failed authentications. 76 | auth_failure_delay = 5 secs 77 | 78 | # Require a valid SSL client certificate or the authentication fails. 79 | #auth_ssl_require_client_cert = no 80 | 81 | # Take the username from client's SSL certificate, using 82 | # X509_NAME_get_text_by_NID() which returns the subject's DN's 83 | # CommonName. 84 | #auth_ssl_username_from_cert = no 85 | 86 | # Space separated list of wanted authentication mechanisms: 87 | # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey 88 | # gss-spnego 89 | # NOTE: See also disable_plaintext_auth setting. 90 | 91 | {% if email.password_db == "pam" %} 92 | # PAM only allows you to use plain authentication 93 | auth_mechanisms = plain 94 | {% else %} 95 | # we keep plain on the list because some clients only support plain 96 | # (plain is actually fine if we use TLS, which is enforced above) 97 | auth_mechanisms = digest-md5 cram-md5 plain 98 | {% endif %} 99 | 100 | 101 | ## 102 | ## Password and user databases 103 | ## 104 | 105 | # 106 | # Password database is used to verify user's password (and nothing more). 107 | # You can have multiple passdbs and userdbs. This is useful if you want to 108 | # allow both system users (/etc/passwd) and virtual users to login without 109 | # duplicating the system users into virtual database. 110 | # 111 | # 112 | # 113 | # User database specifies where mails are located and what user/group IDs 114 | # own them. For single-UID configuration use "static" userdb. 115 | # 116 | # 117 | 118 | #!include auth-deny.conf.ext 119 | #!include auth-master.conf.ext 120 | 121 | {% if email.password_db == "pam" %} 122 | !include auth-system.conf.ext 123 | {% else %} 124 | !include auth-static.conf.ext 125 | {% endif %} 126 | 127 | #!include auth-sql.conf.ext 128 | #!include auth-ldap.conf.ext 129 | #!include auth-passwdfile.conf.ext 130 | #!include auth-checkpassword.conf.ext 131 | #!include auth-vpopmail.conf.ext 132 | -------------------------------------------------------------------------------- /library/gpg_key: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | DOCUMENTATION = ''' 5 | --- 6 | module: gpg_key 7 | author: Benjamin Woodruff 8 | version_added: "1.6.0" 9 | short_description: Add or remove a GnuPG key 10 | description: 11 | - Add or remove a I(Gnu Privacy Guard) key, reading from a file, downloading 12 | from a url, or via a keyserver 13 | notes: 14 | - If an C(id) value is specified, and the key already exists, it won't be 15 | downloaded. For performance reasons, you should always specify an C(id) with 16 | a C(url). 17 | - If a key is downloaded and doesn't match the specified C(id), it might still 18 | be imported. There's no easy way to check this in gpg, but it shouldn't 19 | matter, as simply importing a key doesn't imply any trust of that key. 20 | options: 21 | state: 22 | description: 23 | - Specify if the key should be added, revoked, or re-added in the case of 24 | a potentially updated key. Updated keys may contain new information. 25 | required: no 26 | default: present 27 | choices: [present, absent, latest] 28 | id: 29 | description: 30 | - The key id (long or short form) or fingerprint. A long key id or full 31 | fingerprint is recommended, as short IDs could be subject to collision 32 | attacks. 33 | required: no 34 | aliases: [name] 35 | file: 36 | description: 37 | - A file on the remote machine to read keys from. This may contain private 38 | keys. 39 | required: no 40 | url: 41 | description: 42 | - A url to download the key from. This may contain private keys. Be 43 | careful transfering private keys over an unencrypted connection. 44 | Different installations of gpg may support different protocols (HTTP, 45 | FTP, LDAP, etc.). 46 | required: no 47 | aliases: [uri] 48 | keyserver: 49 | description: 50 | - When downloading using the given C(id), use a specific keyserver. If not 51 | provided, the system-default keyserver is used. This may be useful if 52 | you're running your own keyserver. 53 | required: no 54 | homedir: 55 | description: 56 | - GnuPG's home directory, containing it's configuration file. Usually this 57 | is C(~/.gnupg/). 58 | required: no 59 | options: 60 | description: 61 | - A configuration file on the remote machine to pass to C(gpg) using the 62 | C(--options) flag. Normally this is found in gpg's homedir. 63 | required: no 64 | requirements: [gpg] 65 | ''' 66 | 67 | EXAMPLES = ''' 68 | # Use a long-form key id, and pull key from the default keyserver 69 | - gpg_key: id=2213A73C4E2569F1 70 | 71 | # Make sure we have the latest version of a key. Updated keys can contain new 72 | # signatures, user IDs, expiration dates, etc. 73 | - gpg_key: id=2213A73C4E2569F1 74 | 75 | # Pull explicitly from MIT's keyserver 76 | - gpg_key: id=2213A73C4E2569F1 keyserver=pgp.mit.edu 77 | 78 | # Load a key (or keys) from a file, this may contain private keys 79 | - gpg_key: file=keyfile.gpg state=present 80 | 81 | # Load a key from a website 82 | - gpg_key: url='http://pgp.mit.edu/pks/lookup?op=get&search=0x2213A73C4E2569F1' 83 | ''' 84 | 85 | def main(): 86 | module = AnsibleModule( 87 | argument_spec=dict( 88 | state = dict( 89 | default = 'present', 90 | choices = ['present', 'absent', 'latest'] 91 | ), 92 | id = dict(aliases=['name']), 93 | file = dict(), 94 | url = dict(aliases=['uri']), 95 | keyserver = dict(), 96 | homedir = dict(), 97 | options = dict(aliases=['config']) 98 | ), 99 | mutually_exclusive=[['file', 'url', 'keyserver']], 100 | required_one_of=[['id', 'file', 'url']], 101 | supports_check_mode=True 102 | ) 103 | 104 | params = module.params 105 | cmd = get_gpg_cmd(module, params['homedir'], params['options']) 106 | 107 | if params['state'] == 'present': 108 | if params['id'] is not None: 109 | # If we know the id, we can check if the key exists locally before 110 | # attempting to fetch the key 111 | if has_key(module, cmd, params['id']): 112 | module.exit_json(changed=False) 113 | if module.check_mode: 114 | module.exit_json(changed=True) 115 | update_key(module, cmd) 116 | elif params['state'] == 'absent': 117 | del_key(module, cmd, params['id']) 118 | elif params['state'] == 'latest': 119 | update_key(module, cmd) 120 | 121 | 122 | # Helper Functions 123 | 124 | def get_gpg_cmd(m, homedir, options): 125 | '''Generate and return an array with the path to ``gpg2`` (preferred) or 126 | ``gpg`` (fallback), along with basic arguments that are common across 127 | subcommands.''' 128 | cmd = [m.get_bin_path('gpg2', required=False) or 129 | m.get_bin_path('gpg', required=True)] 130 | if homedir is not None: 131 | cmd += ['--homedir', homedir] 132 | if options is not None: 133 | cmd += ['--options', options] 134 | if m.check_mode: 135 | # --dry-run is 'not completely implemented', but it works well enough 136 | cmd += ['--dry-run'] 137 | return cmd 138 | 139 | def has_key(m, cmd, key_id): 140 | '''Is the given ``key_id`` already in gpg's database? If someone supplies an 141 | id, we can avoid re-downloading it by simply checking our local database 142 | first.''' 143 | args = cmd + ['--fast-list-mode', '--list-keys', key_id] 144 | rc, out, err = m.run_command(args, check_rc=False) 145 | return rc == 0 146 | 147 | def is_changed(stderr): 148 | '''Given the stderr output of gpg's execution, determine if the operation 149 | resulted in a changed state.''' 150 | return not re.search(r'^gpg:\s+unchanged:\s+[1-9]', stderr, re.MULTILINE) 151 | 152 | 153 | # Action Functions: 154 | 155 | def update_key(m, cmd): 156 | '''Given a file, url, or id-keyserver pair, attempt to import the key into 157 | gpg's database, updating it if it already exists.''' 158 | p = m.params 159 | if p['file'] is not None: 160 | import_key(m, cmd, p['file']) 161 | elif p['url'] is not None: 162 | fetch_key(m, cmd, p['url']) 163 | else: 164 | recv_key(m, cmd, p['keyserver'], p['id']) 165 | 166 | def recv_key(m, cmd, keyserver, key_id): 167 | '''Download and import a key from either the default keyserver or a given 168 | keyserver, using it's id or fingerprint.''' 169 | args = list(cmd) 170 | if keyserver is not None: 171 | args += ['--keyserver', keyserver] 172 | args += ['--recv-keys', key_id] 173 | rc, out, err = m.run_command(args, check_rc=True) 174 | m.exit_json(changed=is_changed(err)) 175 | 176 | def import_key(m, cmd, path): 177 | '''Read all the keys from a file and import them.''' 178 | args = cmd + ['--import', path] 179 | rc, out, err = m.run_command(args, check_rc=True) 180 | m.exit_json(changed=is_changed(err)) 181 | 182 | def fetch_key(m, cmd, url): 183 | '''Download a key from a url/uri. Depending on installation, different 184 | protocols may be supported.''' 185 | args = cmd + ['--fetch-keys', url] 186 | rc, out, err = m.run_command(args, check_rc=True) 187 | m.exit_json(changed=is_changed(err)) 188 | 189 | def del_key(m, cmd, key_id): 190 | '''Causes gpg to forget about a given key.''' 191 | args = cmd + ['--batch', '--yes', '--delete-key', key_id] 192 | rc, out, err = m.run_command(args, check_rc=False) 193 | m.exit_json(changed=(rc == 0)) 194 | 195 | from ansible.module_utils.basic import * 196 | main() 197 | -------------------------------------------------------------------------------- /roles/openttd/templates/openttd.cfg.j2: -------------------------------------------------------------------------------- 1 | {% set cfg = openttd_auto %} 2 | 3 | [misc] 4 | language = english_US.lng 5 | screenshot_format = png 6 | savegame_format = lzma:4 7 | 8 | [difficulty] 9 | competitor_speed = 2 10 | construction_cost = 0 11 | {{ cfg("disasters") }} 12 | economy = false 13 | industry_density = 5 14 | {{ cfg("initial_interest") }} 15 | line_reverse_mode = false 16 | {{ cfg("max_loan") }} 17 | max_no_competitors = 0 18 | {{ cfg("number_towns") }} 19 | {{ cfg("quantity_sea_lakes") }} 20 | subsidy_multiplier = 2 21 | {{ cfg("terrain_type") }} 22 | {{ cfg("town_council_tolerance") }} 23 | {{ cfg("vehicle_breakdowns") }} 24 | {{ cfg("vehicle_costs") }} 25 | 26 | [game_creation] 27 | amount_of_rivers = 2 28 | heightmap_rotation = 0 29 | land_generator = 1 30 | landscape = temperate 31 | {{ cfg("map_x") }} 32 | {{ cfg("map_y") }} 33 | min_river_length = 16 34 | oil_refinery_limit = 32 35 | river_route_random = 5 36 | se_flat_world_height = 1 37 | snow_line_height = 7 38 | {{ cfg("starting_year") }} 39 | tgen_smoothness = 1 40 | town_name = english 41 | tree_placer = 2 42 | variety = 0 43 | water_borders = 15 44 | 45 | [vehicle] 46 | disable_elrails = false 47 | dynamic_engines = true 48 | extend_vehicle_life = 0 49 | freight_trains = 1 50 | max_aircraft = 200 51 | max_roadveh = 500 52 | max_ships = 300 53 | max_train_length = 7 54 | max_trains = 500 55 | never_expire_vehicles = false 56 | plane_crashes = 2 57 | plane_speed = 4 58 | road_side = right 59 | roadveh_acceleration_model = 0 60 | roadveh_slope_steepness = 7 61 | servint_aircraft = 100 62 | servint_ispercent = false 63 | servint_roadveh = 150 64 | servint_ships = 360 65 | servint_trains = 150 66 | smoke_amount = 1 67 | train_acceleration_model = 0 68 | train_slope_steepness = 3 69 | wagon_speed_limits = true 70 | 71 | [construction] 72 | autoslope = true 73 | build_on_slopes = true 74 | clear_frame_burst = 4096 75 | clear_per_64k_frames = 4194304 76 | command_pause_level = 1 77 | extra_dynamite = true 78 | extra_tree_placement = 2 79 | freeform_edges = true 80 | industry_platform = 1 81 | max_bridge_length = 64 82 | max_tunnel_length = 64 83 | raw_industry_construction = 0 84 | road_stop_on_competitor_road = true 85 | road_stop_on_town_road = true 86 | terraform_frame_burst = 4096 87 | terraform_per_64k_frames = 4194304 88 | train_signal_side = 1 89 | tree_frame_burst = 4096 90 | tree_per_64k_frames = 4194304 91 | 92 | [station] 93 | adjacent_stations = true 94 | distant_join_stations = true 95 | modified_catchment = true 96 | never_expire_airports = false 97 | station_spread = 12 98 | 99 | [economy] 100 | allow_shares = false 101 | allow_town_level_crossings = true 102 | allow_town_roads = true 103 | bribe = true 104 | {{ cfg("dist_local_authority") }} 105 | exclusive_rights = true 106 | feeder_payment_share = 75 107 | {{ cfg("found_town") }} 108 | fund_buildings = true 109 | fund_roads = true 110 | give_money = true 111 | inflation = true 112 | infrastructure_maintenance = false 113 | initial_city_size = 2 114 | {{ cfg("larger_towns") }} 115 | mod_road_rebuild = true 116 | multiple_industry_per_town = false 117 | smooth_economy = true 118 | station_noise_level = false 119 | {{ cfg("town_growth_rate") }} 120 | town_layout = 0 121 | town_noise_population[0] = 800 122 | town_noise_population[1] = 2000 123 | town_noise_population[2] = 4000 124 | 125 | [pf] 126 | forbid_90_deg = false 127 | npf.maximum_go_to_depot_penalty = 2000 128 | npf.npf_buoy_penalty = 200 129 | npf.npf_crossing_penalty = 300 130 | npf.npf_max_search_nodes = 10000 131 | npf.npf_rail_curve_penalty = 100 132 | npf.npf_rail_depot_reverse_penalty = 5000 133 | npf.npf_rail_firstred_exit_penalty = 10000 134 | npf.npf_rail_firstred_penalty = 1000 135 | npf.npf_rail_lastred_penalty = 1000 136 | npf.npf_rail_pbs_cross_penalty = 300 137 | npf.npf_rail_pbs_signal_back_penalty = 1500 138 | npf.npf_rail_slope_penalty = 100 139 | npf.npf_rail_station_penalty = 100 140 | npf.npf_road_bay_occupied_penalty = 1500 141 | npf.npf_road_curve_penalty = 100 142 | npf.npf_road_drive_through_penalty = 800 143 | npf.npf_road_dt_occupied_penalty = 800 144 | npf.npf_water_curve_penalty = 100 145 | opf.pf_maxdepth = 48 146 | opf.pf_maxlength = 4096 147 | path_backoff_interval = 20 148 | pathfinder_for_roadvehs = 2 149 | pathfinder_for_ships = 2 150 | pathfinder_for_trains = 2 151 | reserve_paths = false 152 | reverse_at_signals = false 153 | roadveh_queue = true 154 | wait_for_pbs_path = 30 155 | wait_oneway_signal = 15 156 | wait_twoway_signal = 41 157 | yapf.disable_node_optimization = false 158 | yapf.max_search_nodes = 10000 159 | yapf.maximum_go_to_depot_penalty = 2000 160 | yapf.rail_crossing_penalty = 300 161 | yapf.rail_curve45_penalty = 100 162 | yapf.rail_curve90_penalty = 600 163 | yapf.rail_depot_reverse_penalty = 5000 164 | yapf.rail_doubleslip_penalty = 100 165 | yapf.rail_firstred_exit_penalty = 10000 166 | yapf.rail_firstred_penalty = 1000 167 | yapf.rail_firstred_twoway_eol = false 168 | yapf.rail_lastred_exit_penalty = 10000 169 | yapf.rail_lastred_penalty = 1000 170 | yapf.rail_longer_platform_penalty = 800 171 | yapf.rail_longer_platform_per_tile_penalty = 0 172 | yapf.rail_look_ahead_max_signals = 10 173 | yapf.rail_look_ahead_signal_p0 = 500 174 | yapf.rail_look_ahead_signal_p1 = -100 175 | yapf.rail_look_ahead_signal_p2 = 5 176 | yapf.rail_pbs_cross_penalty = 300 177 | yapf.rail_pbs_signal_back_penalty = 1500 178 | yapf.rail_pbs_station_penalty = 800 179 | yapf.rail_shorter_platform_penalty = 4000 180 | yapf.rail_shorter_platform_per_tile_penalty = 0 181 | yapf.rail_slope_penalty = 200 182 | yapf.rail_station_penalty = 1000 183 | yapf.road_crossing_penalty = 300 184 | yapf.road_curve_penalty = 100 185 | yapf.road_slope_penalty = 200 186 | yapf.road_stop_bay_occupied_penalty = 1500 187 | yapf.road_stop_occupied_penalty = 800 188 | yapf.road_stop_penalty = 800 189 | 190 | [order] 191 | no_servicing_if_no_breakdowns = true 192 | improved_load = true 193 | selectgoods = true 194 | serviceathelipad = true 195 | gradual_loading = true 196 | 197 | [script] 198 | settings_profile = easy 199 | script_max_opcode_till_suspend = 10000 200 | 201 | [ai] 202 | ai_in_multiplayer = true 203 | ai_disable_veh_train = false 204 | ai_disable_veh_roadveh = false 205 | ai_disable_veh_aircraft = false 206 | ai_disable_veh_ship = false 207 | 208 | [locale] 209 | currency = {{ openttd.currency }} 210 | units = {{ openttd.units }} 211 | digit_group_separator = 212 | digit_group_separator_currency = 213 | digit_decimal_separator = 214 | 215 | [gui] 216 | autosave = monthly 217 | threaded_saves = true 218 | date_format_in_default_names = long 219 | pause_on_newgame = false 220 | 221 | [sound] 222 | 223 | [music] 224 | 225 | [news_display] 226 | 227 | [network] 228 | commands_per_frame = 2 229 | max_commands_in_queue = 16 230 | bytes_per_frame = 8 231 | bytes_per_frame_burst = 256 232 | max_init_time = 100 233 | max_join_time = 500 234 | max_download_time = 1000 235 | max_password_time = 2000 236 | max_lag_time = 500 237 | pause_on_join = true 238 | server_port = 3979 239 | server_admin_port = 3977 240 | server_admin_chat = true 241 | server_advertise = false 242 | lan_internet = 0 243 | client_name = Server 244 | server_password = {{ openttd_password }} 245 | rcon_password = {{ openttd_rcon_password }} 246 | admin_password = {{ openttd_admin_password }} 247 | default_company_pass = 248 | server_name = {{ openttd.server_name }} 249 | connect_to_ip = 250 | network_id = 251 | autoclean_companies = false 252 | autoclean_unprotected = 12 253 | autoclean_protected = 36 254 | autoclean_novehicles = 0 255 | max_companies = 15 256 | max_clients = 25 257 | max_spectators = 15 258 | restart_game_year = 0 259 | min_active_clients = 1 260 | server_lang = {{ openttd.language }} 261 | reload_cfg = false 262 | last_host = 263 | last_port = 0 264 | no_http_content_downloads = false 265 | 266 | [currency] 267 | rate = 1 268 | separator = . 269 | to_euro = 0 270 | prefix = "" 271 | suffix = " credits" 272 | 273 | [company] 274 | engine_renew = false 275 | engine_renew_months = 6 276 | engine_renew_money = 100000 277 | renew_keep_length = false 278 | 279 | [server_bind_addresses] 280 | 281 | [servers] 282 | 283 | [bans] 284 | 285 | [newgrf] 286 | 287 | [newgrf-static] 288 | 289 | [ai_players] 290 | none = start_date=730 291 | none = start_date=730 292 | none = start_date=730 293 | none = start_date=730 294 | none = start_date=730 295 | none = start_date=730 296 | none = start_date=730 297 | none = start_date=730 298 | none = start_date=730 299 | none = start_date=730 300 | none = start_date=730 301 | none = start_date=730 302 | none = start_date=730 303 | none = start_date=730 304 | none = start_date=730 305 | 306 | [game_scripts] 307 | none = 308 | 309 | [version] 310 | version_string = 311 | version_number = 312 | -------------------------------------------------------------------------------- /roles/email/files/dovecot/conf.d/10-mail.conf: -------------------------------------------------------------------------------- 1 | ## 2 | ## Mailbox locations and namespaces 3 | ## 4 | 5 | # Location for users' mailboxes. The default is empty, which means that Dovecot 6 | # tries to find the mailboxes automatically. This won't work if the user 7 | # doesn't yet have any mail, so you should explicitly tell Dovecot the full 8 | # location. 9 | # 10 | # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) 11 | # isn't enough. You'll also need to tell Dovecot where the other mailboxes are 12 | # kept. This is called the "root mail directory", and it must be the first 13 | # path given in the mail_location setting. 14 | # 15 | # There are a few special variables you can use, eg.: 16 | # 17 | # %u - username 18 | # %n - user part in user@domain, same as %u if there's no domain 19 | # %d - domain part in user@domain, empty if there's no domain 20 | # %h - home directory 21 | # 22 | # See doc/wiki/Variables.txt for full list. Some examples: 23 | # 24 | # mail_location = maildir:~/Maildir 25 | # mail_location = mbox:~/mail:INBOX=/var/mail/%u 26 | # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n 27 | # 28 | # 29 | # 30 | mail_location = maildir:~/Maildir 31 | 32 | # If you need to set multiple mailbox locations or want to change default 33 | # namespace settings, you can do it by defining namespace sections. 34 | # 35 | # You can have private, shared and public namespaces. Private namespaces 36 | # are for user's personal mails. Shared namespaces are for accessing other 37 | # users' mailboxes that have been shared. Public namespaces are for shared 38 | # mailboxes that are managed by sysadmin. If you create any shared or public 39 | # namespaces you'll typically want to enable ACL plugin also, otherwise all 40 | # users can access all the shared mailboxes, assuming they have permissions 41 | # on filesystem level to do so. 42 | namespace inbox { 43 | # Namespace type: private, shared or public 44 | #type = private 45 | 46 | # Hierarchy separator to use. You should use the same separator for all 47 | # namespaces or some clients get confused. '/' is usually a good one. 48 | # The default however depends on the underlying mail storage format. 49 | #separator = 50 | 51 | # Prefix required to access this namespace. This needs to be different for 52 | # all namespaces. For example "Public/". 53 | #prefix = 54 | 55 | # Physical location of the mailbox. This is in same format as 56 | # mail_location, which is also the default for it. 57 | #location = 58 | 59 | # There can be only one INBOX, and this setting defines which namespace 60 | # has it. 61 | inbox = yes 62 | 63 | # If namespace is hidden, it's not advertised to clients via NAMESPACE 64 | # extension. You'll most likely also want to set list=no. This is mostly 65 | # useful when converting from another server with different namespaces which 66 | # you want to deprecate but still keep working. For example you can create 67 | # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". 68 | #hidden = no 69 | 70 | # Show the mailboxes under this namespace with LIST command. This makes the 71 | # namespace visible for clients that don't support NAMESPACE extension. 72 | # "children" value lists child mailboxes, but hides the namespace prefix. 73 | #list = yes 74 | 75 | # Namespace handles its own subscriptions. If set to "no", the parent 76 | # namespace handles them (empty prefix should always have this as "yes") 77 | #subscriptions = yes 78 | } 79 | 80 | # Example shared namespace configuration 81 | #namespace { 82 | #type = shared 83 | #separator = / 84 | 85 | # Mailboxes are visible under "shared/user@domain/" 86 | # %%n, %%d and %%u are expanded to the destination user. 87 | #prefix = shared/%%u/ 88 | 89 | # Mail location for other users' mailboxes. Note that %variables and ~/ 90 | # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the 91 | # destination user's data. 92 | #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u 93 | 94 | # Use the default namespace for saving subscriptions. 95 | #subscriptions = no 96 | 97 | # List the shared/ namespace only if there are visible shared mailboxes. 98 | #list = children 99 | #} 100 | # Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? 101 | #mail_shared_explicit_inbox = yes 102 | 103 | # System user and group used to access mails. If you use multiple, userdb 104 | # can override these by returning uid or gid fields. You can use either numbers 105 | # or names. 106 | #mail_uid = 107 | #mail_gid = 108 | 109 | # Group to enable temporarily for privileged operations. Currently this is 110 | # used only with INBOX when either its initial creation or dotlocking fails. 111 | # Typically this is set to "mail" to give access to /var/mail. 112 | #mail_privileged_group = 113 | 114 | # Grant access to these supplementary groups for mail processes. Typically 115 | # these are used to set up access to shared mailboxes. Note that it may be 116 | # dangerous to set these if users can create symlinks (e.g. if "mail" group is 117 | # set here, ln -s /var/mail ~/mail/var could allow a user to delete others' 118 | # mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). 119 | #mail_access_groups = 120 | 121 | # Allow full filesystem access to clients. There's no access checks other than 122 | # what the operating system does for the active UID/GID. It works with both 123 | # maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ 124 | # or ~user/. 125 | #mail_full_filesystem_access = no 126 | 127 | ## 128 | ## Mail processes 129 | ## 130 | 131 | # Don't use mmap() at all. This is required if you store indexes to shared 132 | # filesystems (NFS or clustered filesystem). 133 | #mmap_disable = no 134 | 135 | # Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL 136 | # since version 3, so this should be safe to use nowadays by default. 137 | #dotlock_use_excl = yes 138 | 139 | # When to use fsync() or fdatasync() calls: 140 | # optimized (default): Whenever necessary to avoid losing important data 141 | # always: Useful with e.g. NFS when write()s are delayed 142 | # never: Never use it (best performance, but crashes can lose data) 143 | #mail_fsync = optimized 144 | 145 | # Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches 146 | # whenever needed. If you're using only a single mail server this isn't needed. 147 | #mail_nfs_storage = no 148 | # Mail index files also exist in NFS. Setting this to yes requires 149 | # mmap_disable=yes and fsync_disable=no. 150 | #mail_nfs_index = no 151 | 152 | # Locking method for index files. Alternatives are fcntl, flock and dotlock. 153 | # Dotlocking uses some tricks which may create more disk I/O than other locking 154 | # methods. NFS users: flock doesn't work, remember to change mmap_disable. 155 | #lock_method = fcntl 156 | 157 | # Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. 158 | #mail_temp_dir = /tmp 159 | 160 | # Valid UID range for users, defaults to 500 and above. This is mostly 161 | # to make sure that users can't log in as daemons or other system users. 162 | # Note that denying root logins is hardcoded to dovecot binary and can't 163 | # be done even if first_valid_uid is set to 0. 164 | #first_valid_uid = 500 165 | #last_valid_uid = 0 166 | 167 | # Valid GID range for users, defaults to non-root/wheel. Users having 168 | # non-valid GID as primary group ID aren't allowed to log in. If user 169 | # belongs to supplementary groups with non-valid GIDs, those groups are 170 | # not set. 171 | #first_valid_gid = 1 172 | #last_valid_gid = 0 173 | 174 | # Maximum allowed length for mail keyword name. It's only forced when trying 175 | # to create new keywords. 176 | #mail_max_keyword_length = 50 177 | 178 | # ':' separated list of directories under which chrooting is allowed for mail 179 | # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). 180 | # This setting doesn't affect login_chroot, mail_chroot or auth chroot 181 | # settings. If this setting is empty, "/./" in home dirs are ignored. 182 | # WARNING: Never add directories here which local users can modify, that 183 | # may lead to root exploit. Usually this should be done only if you don't 184 | # allow shell access for users. 185 | #valid_chroot_dirs = 186 | 187 | # Default chroot directory for mail processes. This can be overridden for 188 | # specific users in user database by giving /./ in user's home directory 189 | # (eg. /home/./user chroots into /home). Note that usually there is no real 190 | # need to do chrooting, Dovecot doesn't allow users to access files outside 191 | # their mail directory anyway. If your home directories are prefixed with 192 | # the chroot directory, append "/." to mail_chroot. 193 | #mail_chroot = 194 | 195 | # UNIX socket path to master authentication server to find users. 196 | # This is used by imap (for shared users) and lda. 197 | #auth_socket_path = /var/run/dovecot/auth-userdb 198 | 199 | # Directory where to look up mail plugins. 200 | #mail_plugin_dir = /usr/lib/dovecot/modules 201 | 202 | # Space separated list of plugins to load for all services. Plugins specific to 203 | # IMAP, LDA, etc. are added to this list in their own .conf files. 204 | mail_plugins = $mail_plugins zlib 205 | 206 | ## 207 | ## Mailbox handling optimizations 208 | ## 209 | 210 | # The minimum number of mails in a mailbox before updates are done to cache 211 | # file. This allows optimizing Dovecot's behavior to do less disk writes at 212 | # the cost of more disk reads. 213 | #mail_cache_min_mail_count = 0 214 | 215 | # When IDLE command is running, mailbox is checked once in a while to see if 216 | # there are any new mails or other changes. This setting defines the minimum 217 | # time to wait between those checks. Dovecot can also use dnotify, inotify and 218 | # kqueue to find out immediately when changes occur. 219 | #mailbox_idle_check_interval = 30 secs 220 | 221 | # Save mails with CR+LF instead of plain LF. This makes sending those mails 222 | # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. 223 | # But it also creates a bit more disk I/O which may just make it slower. 224 | # Also note that if other software reads the mboxes/maildirs, they may handle 225 | # the extra CRs wrong and cause problems. 226 | #mail_save_crlf = no 227 | 228 | # Max number of mails to keep open and prefetch to memory. This only works with 229 | # some mailbox formats and/or operating systems. 230 | #mail_prefetch_count = 0 231 | 232 | # How often to scan for stale temporary files and delete them (0 = never). 233 | # These should exist only after Dovecot dies in the middle of saving mails. 234 | #mail_temp_scan_interval = 1w 235 | 236 | ## 237 | ## Maildir-specific settings 238 | ## 239 | 240 | # By default LIST command returns all entries in maildir beginning with a dot. 241 | # Enabling this option makes Dovecot return only entries which are directories. 242 | # This is done by stat()ing each entry, so it causes more disk I/O. 243 | # (For systems setting struct dirent->d_type, this check is free and it's 244 | # done always regardless of this setting) 245 | #maildir_stat_dirs = no 246 | 247 | # When copying a message, do it with hard links whenever possible. This makes 248 | # the performance much better, and it's unlikely to have any side effects. 249 | #maildir_copy_with_hardlinks = yes 250 | 251 | # Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only 252 | # when its mtime changes unexpectedly or when we can't find the mail otherwise. 253 | #maildir_very_dirty_syncs = no 254 | 255 | # If enabled, Dovecot doesn't use the S= in the Maildir filenames for 256 | # getting the mail's physical size, except when recalculating Maildir++ quota. 257 | # This can be useful in systems where a lot of the Maildir filenames have a 258 | # broken size. The performance hit for enabling this is very small. 259 | #maildir_broken_filename_sizes = no 260 | 261 | ## 262 | ## mbox-specific settings 263 | ## 264 | 265 | # Which locking methods to use for locking mbox. There are four available: 266 | # dotlock: Create .lock file. This is the oldest and most NFS-safe 267 | # solution. If you want to use /var/mail/ like directory, the users 268 | # will need write access to that directory. 269 | # dotlock_try: Same as dotlock, but if it fails because of permissions or 270 | # because there isn't enough disk space, just skip it. 271 | # fcntl : Use this if possible. Works with NFS too if lockd is used. 272 | # flock : May not exist in all systems. Doesn't work with NFS. 273 | # lockf : May not exist in all systems. Doesn't work with NFS. 274 | # 275 | # You can use multiple locking methods; if you do the order they're declared 276 | # in is important to avoid deadlocks if other MTAs/MUAs are using multiple 277 | # locking methods as well. Some operating systems don't allow using some of 278 | # them simultaneously. 279 | #mbox_read_locks = fcntl 280 | #mbox_write_locks = dotlock fcntl 281 | 282 | # Maximum time to wait for lock (all of them) before aborting. 283 | #mbox_lock_timeout = 5 mins 284 | 285 | # If dotlock exists but the mailbox isn't modified in any way, override the 286 | # lock file after this much time. 287 | #mbox_dotlock_change_timeout = 2 mins 288 | 289 | # When mbox changes unexpectedly we have to fully read it to find out what 290 | # changed. If the mbox is large this can take a long time. Since the change 291 | # is usually just a newly appended mail, it'd be faster to simply read the 292 | # new mails. If this setting is enabled, Dovecot does this but still safely 293 | # fallbacks to re-reading the whole mbox file whenever something in mbox isn't 294 | # how it's expected to be. The only real downside to this setting is that if 295 | # some other MUA changes message flags, Dovecot doesn't notice it immediately. 296 | # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK 297 | # commands. 298 | #mbox_dirty_syncs = yes 299 | 300 | # Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, 301 | # EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. 302 | #mbox_very_dirty_syncs = no 303 | 304 | # Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK 305 | # commands and when closing the mailbox). This is especially useful for POP3 306 | # where clients often delete all mails. The downside is that our changes 307 | # aren't immediately visible to other MUAs. 308 | #mbox_lazy_writes = yes 309 | 310 | # If mbox size is smaller than this (e.g. 100k), don't write index files. 311 | # If an index file already exists it's still read, just not updated. 312 | #mbox_min_index_size = 0 313 | 314 | # Mail header selection algorithm to use for MD5 POP3 UIDLs when 315 | # pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired 316 | # algorithm, but it fails if the first Received: header isn't unique in all 317 | # mails. An alternative algorithm is "all" that selects all headers. 318 | #mbox_md5 = apop3d 319 | 320 | ## 321 | ## mdbox-specific settings 322 | ## 323 | 324 | # Maximum dbox file size until it's rotated. 325 | #mdbox_rotate_size = 2M 326 | 327 | # Maximum dbox file age until it's rotated. Typically in days. Day begins 328 | # from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. 329 | #mdbox_rotate_interval = 0 330 | 331 | # When creating new mdbox files, immediately preallocate their size to 332 | # mdbox_rotate_size. This setting currently works only in Linux with some 333 | # filesystems (ext4, xfs). 334 | #mdbox_preallocate_space = no 335 | 336 | ## 337 | ## Mail attachments 338 | ## 339 | 340 | # sdbox and mdbox support saving mail attachments to external files, which 341 | # also allows single instance storage for them. Other backends don't support 342 | # this for now. 343 | 344 | # WARNING: This feature hasn't been tested much yet. Use at your own risk. 345 | 346 | # Directory root where to store mail attachments. Disabled, if empty. 347 | #mail_attachment_dir = 348 | 349 | # Attachments smaller than this aren't saved externally. It's also possible to 350 | # write a plugin to disable saving specific attachments externally. 351 | #mail_attachment_min_size = 128k 352 | 353 | # Filesystem backend to use for saving attachments: 354 | # posix : No SiS done by Dovecot (but this might help FS's own deduplication) 355 | # sis posix : SiS with immediate byte-by-byte comparison during saving 356 | # sis-queue posix : SiS with delayed comparison and deduplication 357 | #mail_attachment_fs = sis posix 358 | 359 | # Hash format to use in attachment filenames. You can add any text and 360 | # variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}. 361 | # Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits 362 | #mail_attachment_hash = %{sha1} 363 | --------------------------------------------------------------------------------