lets try another go at patching
This commit is contained in:
Stephen Smoogen
parent
d2764137e5
commit
6780736eb3
2 changed files with 16 additions and 21 deletions
|
|
@ -710,16 +710,15 @@ message_size_limit = 20971520
|
||||||
smtpd_use_tls = yes
|
smtpd_use_tls = yes
|
||||||
smtpd_tls_security_level = may
|
smtpd_tls_security_level = may
|
||||||
smtpd_tls_auth_only = yes
|
smtpd_tls_auth_only = yes
|
||||||
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
||||||
smtpd_tls_mandatory_ciphers = high
|
smtpd_tls_mandatory_ciphers = high
|
||||||
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
|
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, RC4
|
||||||
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
||||||
tls_ssl_options = no_ticket, no_compression
|
tls_ssl_options = no_ticket, no_compression
|
||||||
|
|
||||||
smtpd_tls_loglevel = 1
|
smtpd_tls_loglevel = 1
|
||||||
smtpd_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr
|
smtpd_tls_cert_file = /etc/pki/tls/certs/gateway.csr
|
||||||
smtpd_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key
|
smtpd_tls_key_file = /etc/pki/tls/private/gateway.key
|
||||||
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
||||||
smtpd_tls_session_cache_timeout = 3600s
|
smtpd_tls_session_cache_timeout = 3600s
|
||||||
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
|
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
|
||||||
smtpd_tls_received_header = yes
|
smtpd_tls_received_header = yes
|
||||||
|
|
@ -739,6 +738,6 @@ smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
|
||||||
smtp_tls_mandatory_ciphers = high
|
smtp_tls_mandatory_ciphers = high
|
||||||
smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
|
smtp_tls_mandatory_exclude_ciphers= aNULL, MD5, RC4
|
||||||
smtp_tls_loglevel = 1
|
smtp_tls_loglevel = 1
|
||||||
smtp_tls_cert_file = /etc/pki/tls/certs/bastion.fedoraproject.org.csr
|
smtp_tls_cert_file = /etc/pki/tls/certs/gateway.csr
|
||||||
smtp_tls_key_file = /etc/pki/tls/private/bastion.fedoraproject.org.key
|
smtp_tls_key_file = /etc/pki/tls/private/gateway.key
|
||||||
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
|
||||||
|
|
|
||||||
|
|
@ -48,31 +48,27 @@
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
|
||||||
- name: install /etc/pki/tls/certs/{{name}}.csr
|
- name: install /etc/pki/tls/certs/gateway.csr
|
||||||
copy: >
|
when: inventory_hostname.startswith(('bastion'))
|
||||||
src={{item}}
|
copy:
|
||||||
dest=/etc/pki/tls/certs/{{item | basename}}
|
src="{{private}}/files/smtpd/gateway.crt"
|
||||||
|
dest=/etc/pki/tls/certs/
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=0644
|
mode=0644
|
||||||
with_first_found:
|
|
||||||
- "{{private}}/files/httpd/{{cert}}.cert"
|
|
||||||
- "{{private}}/files/httpd/{{name}}.cert"
|
|
||||||
notify:
|
notify:
|
||||||
- restart postfix
|
- restart postfix
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
- name: Copy {{name}}.key
|
- name: Copy gateway.key
|
||||||
copy: >
|
when: inventory_hostname.startswith(('bastion'))
|
||||||
src={{item}}
|
copy:
|
||||||
dest=/etc/pki/tls/private/{{item | basename}}
|
src="{{private}}/files/smtpd/gateway.key"
|
||||||
|
dest=/etc/pki/tls/private/
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=0600
|
mode=0600
|
||||||
with_first_found:
|
|
||||||
- "{{private}}/files/httpd/{{key}}.key"
|
|
||||||
- "{{private}}/files/httpd/{{name}}.key"
|
|
||||||
notify:
|
notify:
|
||||||
- restart postfix
|
- restart postfix
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue