From 1a8a30cc82cd5dd2a727d66e4f8b0d7d40ddb3a6 Mon Sep 17 00:00:00 2001 From: Anarion Date: Sun, 6 Oct 2024 18:31:43 +0200 Subject: [PATCH] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Update=20to=20latest=20ver?= =?UTF-8?q?sion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/simplelogin/defaults/main.yml | 12 ++++++------ roles/simplelogin/tasks/main.yml | 2 +- roles/simplelogin/templates/main.cf.j2 | 13 +++++++------ .../simplelogin/templates/pgsql-relay-domains.cf.j2 | 2 +- .../templates/pgsql-transport-maps.cf.j2 | 3 ++- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/roles/simplelogin/defaults/main.yml b/roles/simplelogin/defaults/main.yml index 978dff5b2..9546c32a9 100644 --- a/roles/simplelogin/defaults/main.yml +++ b/roles/simplelogin/defaults/main.yml @@ -32,14 +32,14 @@ simplelogin_postfix_container_name: simplelogin-postfix simplelogin_postfix_image_name: anarion/postfix simplelogin_postfix_image_version: latest-ubuntu simplelogin_webapp_container_name: simplelogin-webapp -simplelogin_webapp_image_name: simplelogin/app -simplelogin_webapp_image_version: 3.4.0 +simplelogin_webapp_image_name: simplelogin/app-ci +simplelogin_webapp_image_version: latest simplelogin_email_handler_container_name: simplelogin-email-handler -simplelogin_email_handler_image_name: simplelogin/app -simplelogin_email_handler_image_version: 3.4.0 +simplelogin_email_handler_image_name: simplelogin/app-ci +simplelogin_email_handler_image_version: latest simplelogin_job_runner_container_name: simplelogin-job-runner -simplelogin_job_runner_image_name: simplelogin/app -simplelogin_job_runner_image_version: 3.4.0 +simplelogin_job_runner_image_name: simplelogin/app-ci +simplelogin_job_runner_image_version: latest simplelogin_user_id: "1000" simplelogin_group_id: "1000" diff --git a/roles/simplelogin/tasks/main.yml b/roles/simplelogin/tasks/main.yml index a01a0b2f3..84f8a0476 100644 --- a/roles/simplelogin/tasks/main.yml +++ b/roles/simplelogin/tasks/main.yml @@ -105,7 +105,7 @@ - name: "{{ simplelogin_network_name }}" network_mode: "{{ simplelogin_network_name }}" container_default_behavior: no_defaults - command: ['flask', 'db', 'upgrade'] + command: ['alembic', 'upgrade', 'head'] env: "{{ simplelogin_env }}" restart_policy: "no" tags: molecule-idempotence-notest diff --git a/roles/simplelogin/templates/main.cf.j2 b/roles/simplelogin/templates/main.cf.j2 index 315b1f644..ac8c06b92 100644 --- a/roles/simplelogin/templates/main.cf.j2 +++ b/roles/simplelogin/templates/main.cf.j2 @@ -12,7 +12,7 @@ readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. -compatibility_level = 2 +compatibility_level = 4 header_size_limit = 4096000 @@ -22,7 +22,7 @@ smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_security_level = may -smtpd_tls_security_level = may +smtpd_tls_security_level = none # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. @@ -44,11 +44,10 @@ relayhost = {{ simplelogin_postfix_relayhost }} # HELO restrictions smtpd_delay_reject = yes smtpd_helo_required = yes -smtpd_helo_restrictions = permit_mynetworks,reject_invalid_helo_hostname,permit +smtpd_helo_restrictions = permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,permit # Client restrictions -smtpd_client_restrictions = permit_mynetworks,reject -# smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, permit +smtpd_client_restrictions = # Sender restrictions: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit @@ -57,4 +56,6 @@ smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_un smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, permit # Relay restrictions: -smtpd_relay_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, permit \ No newline at end of file +smtpd_relay_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_rbl_client bl.spamcop.net, permit + +# debug_peer_list = 209.85.0.0/16 193.222.0.0/16 \ No newline at end of file diff --git a/roles/simplelogin/templates/pgsql-relay-domains.cf.j2 b/roles/simplelogin/templates/pgsql-relay-domains.cf.j2 index 52141f173..3c49ba75d 100644 --- a/roles/simplelogin/templates/pgsql-relay-domains.cf.j2 +++ b/roles/simplelogin/templates/pgsql-relay-domains.cf.j2 @@ -4,4 +4,4 @@ user = {{ simplelogin_postgres_username }} password = {{ simplelogin_postgres_password }} dbname = {{ simplelogin_postgres_database }} -query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true UNION SELECT '%s' WHERE '%s' = '{{ simplelogin_email_domain }}' LIMIT 1 \ No newline at end of file +query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true UNION SELECT domain FROM public_domain WHERE domain='%s' UNION SELECT '%s' WHERE '%s' = '{{ simplelogin_email_domain }}' LIMIT 1; \ No newline at end of file diff --git a/roles/simplelogin/templates/pgsql-transport-maps.cf.j2 b/roles/simplelogin/templates/pgsql-transport-maps.cf.j2 index 6a23c37ce..df5d495d8 100644 --- a/roles/simplelogin/templates/pgsql-transport-maps.cf.j2 +++ b/roles/simplelogin/templates/pgsql-transport-maps.cf.j2 @@ -5,4 +5,5 @@ password = {{ simplelogin_postgres_password }} dbname = {{ simplelogin_postgres_database }} # forward to smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }} for custom domain AND email domain -query = SELECT 'smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }}' FROM custom_domain WHERE domain = '%s' AND verified=true UNION SELECT 'smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }}' WHERE '%s' = '{{ simplelogin_email_domain }}' LIMIT 1; \ No newline at end of file + +query = SELECT 'smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }}' FROM custom_domain WHERE domain = '%s' AND verified=true UNION SELECT 'smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }}' FROM public_domain WHERE domain = '%s' UNION SELECT 'smtp:{{ simplelogin_email_handler_container_name }}:{{ simplelogin_email_handler_port }}' WHERE '%s' = '{{ simplelogin_email_domain }}' LIMIT 1; \ No newline at end of file