diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-07-25 17:14:39 +0200 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-07-25 17:14:39 +0200 |
| commit | 1114d8728212e0c62059507f8da307240a30fd88 (patch) | |
| tree | 67f1874b4e67804a5f0bce53b722a21c3240790e /roles | |
| parent | b50e9d042a113703bc866391e3df66460b414f8f (diff) | |
| download | playbooks-ansible-1114d8728212e0c62059507f8da307240a30fd88.tar.gz playbooks-ansible-1114d8728212e0c62059507f8da307240a30fd88.tar.xz playbooks-ansible-1114d8728212e0c62059507f8da307240a30fd88.zip | |
dovecot master config has been moved in templates and update tor exit rules
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/mtaserver/tasks/config.yml | 4 | ||||
| -rw-r--r-- | roles/mtaserver/templates/10-master.conf.j2 (renamed from roles/mtaserver/files/10-master.conf) | 11 | ||||
| -rw-r--r-- | roles/torrelay/templates/torrc.j2 | 11 |
3 files changed, 24 insertions, 2 deletions
diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml index 3d754ad..89578c4 100644 --- a/roles/mtaserver/tasks/config.yml +++ b/roles/mtaserver/tasks/config.yml @@ -180,8 +180,8 @@ notify: restart dovecot - name: Configuration de l'authentification - copy: - src: 10-master.conf + template: + src: 10-master.conf.j2 dest: /etc/dovecot/conf.d/10-master.conf owner: root group: root diff --git a/roles/mtaserver/files/10-master.conf b/roles/mtaserver/templates/10-master.conf.j2 index 441f95a..95189be 100644 --- a/roles/mtaserver/files/10-master.conf +++ b/roles/mtaserver/templates/10-master.conf.j2 @@ -45,6 +45,12 @@ service pop3-login { } } +service submission-login { + inet_listener submission { + #port = 587 + } +} + service lmtp { unix_listener lmtp { #mode = 0666 @@ -72,6 +78,11 @@ service pop3 { #process_limit = 1024 } +service submission { + # Max. number of SMTP Submission processes (connections) + #process_limit = 1024 +} + service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have diff --git a/roles/torrelay/templates/torrc.j2 b/roles/torrelay/templates/torrc.j2 index 43a8220..fafce1f 100644 --- a/roles/torrelay/templates/torrc.j2 +++ b/roles/torrelay/templates/torrc.j2 @@ -9,6 +9,7 @@ HiddenServicePort 22 127.0.0.1:22 HiddenServicePort 54444 127.0.0.1:54444 HiddenServicePort 9090 127.0.0.1:9090 HiddenServicePort 80 127.0.0.1:4433 +HiddenServicePort 5222 127.0.0.1:5222 {% if mtadomain is defined %} @@ -29,9 +30,11 @@ HiddenServicePort {{ service.port }} {{ service.host }} {% if orport is defined and dirport is defined %} ORPort {{ orport }} +ORPort {{ ansible_default_ipv6.address }}:{{ orport }} DirPort {{ dirport }} {% elif orport is defined and dirport is not defined %} ORPort {{ orport }} +ORPort {{ ansible_default_ipv6.address }}:{{ orport }} BridgeRelay 1 {% endif %} @@ -56,6 +59,14 @@ MyFamily {% for item in fingerprints %}${{ item }}, {% endfor %} {% if is_exit is defined %} ExitRelay 1 +# # Exit policy for Web Browsing (only) +# # See https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy +ExitPolicy accept *:53 # DNS +ExitPolicy accept 157.240.0.0/16:80 # HTTP - Facebook, Inc. (THEFA-3) +ExitPolicy accept [2a03:2880::/29]:80 # HTTP - IE-FACEBOOK-201100822 Facebook Ireland Ltd +ExitPolicy accept 157.240.0.0/16:443 # HTTPS - Facebook, Inc. (THEFA-3) +ExitPolicy accept [2a03:2880::/29]:443 # HTTPS - IE-FACEBOOK-201100822 Facebook Ireland Ltd +ExitPolicy reject *:* {% else %} ExitPolicy reject *:* {% endif %} |