start email nightmare

apps/exim/saslauthd-conf

@@ -0,0 +1,61 @@
+#
+# Settings for saslauthd daemon
+# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
+#
+
+# Description of this saslauthd instance. Recommended.
+# (suggestion: SASL Authentication Daemon)
+DESC="SASL Authentication Daemon"
+
+# Short name of this saslauthd instance. Strongly recommended.
+# (suggestion: saslauthd)
+NAME="saslauthd"
+
+# Which authentication mechanisms should saslauthd use? (default: pam)
+#
+# Available options in this Debian package:
+# getpwent  -- use the getpwent() library function
+# kerberos5 -- use Kerberos 5
+# pam       -- use PAM
+# rimap     -- use a remote IMAP server
+# shadow    -- use the local shadow password file
+# sasldb    -- use the local sasldb database file
+# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
+#
+# Only one option may be used at a time. See the saslauthd man page
+# for more information.
+#
+# Example: MECHANISMS="pam"
+MECHANISMS="pam"
+
+# Additional options for this mechanism. (default: none)
+# See the saslauthd man page for information about mech-specific options.
+MECH_OPTIONS=""
+
+# How many saslauthd processes should we run? (default: 5)
+# A value of 0 will fork a new process for each connection.
+THREADS=5
+
+# Other options (default: -c -m /var/run/saslauthd)
+# Note: You MUST specify the -m option or saslauthd won't run!
+#
+# WARNING: DO NOT SPECIFY THE -d OPTION.
+# The -d option will cause saslauthd to run in the foreground instead of as
+# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
+# to run saslauthd in debug mode, please run it by hand to be safe.
+#
+# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
+# See the saslauthd man page and the output of 'saslauthd -h' for general
+# information about these options.
+#
+# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
+# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
+#
+# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
+# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
+# then your Postfix is running in a chroot.
+# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
+# running in a chroot.
+OPTIONS="-c -m /var/run/saslauthd"
+
+START=yes

playbooks/vps2.yml

@@ -118,9 +118,54 @@
         src: "../secrets/minecraft/.env"
         mode: "u=r,g=r,o=r"
     #####
+    # APP: Exim mail server
+    #####
+    - name: Install exim4
+      ansible.builtin.apt:
+        name: exim4
+        state: present
+    - name: Ensure Exim is started
+      ansible.builtin.service:
+        name: exim4
+        state: started
+      # Using mbox, domain nilstrieb.dev
+    - name: Copy Exim config file
+      ansible.builtin.copy:
+        dest: "/etc/exim4/exim4.conf.template"
+        src: "../apps/exim/exim4.conf.template"
+        mode: "u=r,g=r,o=r"
+      notify:
+        - "Exim configuration changed"
+    - name: Copy Exim passwd
+      ansible.builtin.copy:
+        dest: "/etc/exim4/passwd"
+        src: "../secrets/exim/passwd"
+        owner: Debian-exim
+        group: root
+        # Use should explicitly make it rw before adding users to not forget to update ../secrets/exim/passwd
+        mode: "u=r,g=r,o="
+    # Install saslauthd
+    - name: Install saslauthd
+      ansible.builtin.apt:
+        name: sasl2-bin
+        state: present
+    - name: Copy saslauthd config
+      ansible.builtin.copy:
+        dest: "/etc/default/saslauthd"
+        src: "../apps/exim/saslauthd-conf"
+        mode: "u=r,g=r,o=r"
+    - name: Debian-exim in sasl group
+      ansible.builtin.user:
+        name: Debian-exim
+        groups: sasl
+        append: true
+    - name: Start salsauthd
+      ansible.builtin.service:
+        name: syslauthd
+    #####
     # END: docker compose up!
     #####
-      # We want this to be last so that all app-specific config has been done.
+    # We want this to be last so that all app-specific config has been done.
     - name: Copy .env
       ansible.builtin.copy:
         dest: "/apps/.env"
@@ -136,3 +181,6 @@
     - name: Run CORS db migrations
       ansible.builtin.shell: |
         docker exec -w /app/server cors-school-server diesel migration run
+  handlers:
+    - name: "Exim configuration changed"
+      ansible.builtin.shell: set -e ; update-exim4.conf && systemctl restart exim4.service