Update Postmoogle 0.9.0 -> 0.9.1

docs/configuring-dns.md

@@ -28,18 +28,22 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
 
 ## DNS settings for optional services/features
 
-| Type  | Host                         | Priority | Weight | Port | Target                 |
-| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
-| SRV   | `_matrix-identity._tcp`      | 10       | 0      | 443  | `matrix.<your-domain>` |
-| CNAME | `dimension`                  | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `jitsi`                      | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `stats`                      | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `goneb`                      | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `sygnal`                     | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `ntfy`                       | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `hydrogen`                   | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `cinny`                      | -        | -      | -    | `matrix.<your-domain>` |
-| CNAME | `buscarron`                  | -        | -      | -    | `matrix.<your-domain>` |
+| Type  | Host                           | Priority | Weight | Port | Target                      |
+| ----- | ------------------------------ | -------- | ------ | ---- | --------------------------- |
+| SRV   | `_matrix-identity._tcp`        | 10       | 0      | 443  | `matrix.<your-domain>`      |
+| CNAME | `dimension`                    | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `jitsi`                        | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `stats`                        | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `goneb`                        | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `sygnal`                       | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `ntfy`                         | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `hydrogen`                     | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `cinny`                        | -        | -      | -    | `matrix.<your-domain>`      |
+| CNAME | `buscarron`                    | -        | -      | -    | `matrix.<your-domain>`      |
+| MX    | `matrix`                       | 10       | 0      | -    | `matrix.<your-domain>`      |
+| TXT   | `matrix`                       | -        | -      | -    | `v=spf1 ip4:<your-ip> -all` |
+| TXT   | `_dmarc.matrix`                | -        | -      | -    | `v=DMARC1; p=quarantine;`   |
+| TXT   | `postmoogle._domainkey.matrix` | -        | -      | -    | get it from `!pm dkim`      |
 
 ## Subdomains setup
 
@@ -77,3 +81,8 @@ This is an optional feature for the optionally-installed [ma1sd service](configu
 Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation.
 
 When you're done with the DNS configuration and ready to proceed, continue with [Getting the playbook](getting-the-playbook.md).
+
+## `_dmarc`, `postmoogle._domainkey` TXT and `matrix` MX records setup
+
+To make the [postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge enable its email sending features, you need to configure
+SPF (TXT), DMARC (TXT), DKIM (TXT) and MX records

docs/configuring-playbook-bot-postmoogle.md

@@ -35,6 +35,9 @@ matrix_bot_postmoogle_enabled: true
 matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
 ```
 
+You will also need to add several DNS records so that postmoogle can send emails.
+See [Configuring DNS](configuring-dns.md).
+
 
 ## Installing
 

group_vars/matrix_servers

@@ -1791,6 +1791,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     +
     ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
     +
+    ([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else [])
+    +
     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
     +
     matrix_ssl_additional_domains_to_obtain_certificates_for

roles/matrix-bot-postmoogle/defaults/main.yml

@@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
 matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
-matrix_bot_postmoogle_version: v0.9.0
+matrix_bot_postmoogle_version: v0.9.1
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
@@ -17,6 +17,7 @@ matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_
 matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"
 matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config"
 matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data"
+matrix_bot_postmoogle_ssl_path: "{{ matrix_ssl_config_dir_path }}"
 
 # A list of extra arguments to pass to the container
 matrix_bot_postmoogle_container_extra_arguments: []
@@ -110,11 +111,20 @@ matrix_bot_postmoogle_noencryption: false
 
 matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
 
-# in-container port
+# Mandatory TLS, even on plain SMTP port
+matrix_bot_postmoogle_tls_required: false
+
+# in-container ports
 matrix_bot_postmoogle_port: '2525'
+matrix_bot_postmoogle_tls_port: '25587'
 
-# on-host port
+# on-host ports
 matrix_bot_postmoogle_smtp_host_bind_port: '25'
+matrix_bot_postmoogle_smtps_host_bind_port: '587'
+
+# in-container SSL paths
+matrix_bot_postmoogle_tls_cert: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/fullchain.pem"
+matrix_bot_postmoogle_tls_key: "/ssl/live/{{ matrix_bot_postmoogle_domain }}/privkey.pem"
 
 # Additional environment variables to pass to the postmoogle container
 #

roles/matrix-bot-postmoogle/templates/env.j2

@@ -10,7 +10,10 @@ POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
 POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
 POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
 POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
-POSTMOOGLE_USERS={{ matrix_bot_postmoogle_users | join(' ') }}
 POSTMOOGLE_ADMINS={{ matrix_bot_postmoogle_admins | join(' ') }}
+POSTMOOGLE_TLS_PORT={{ matrix_bot_postmoogle_tls_port }}
+POSTMOOGLE_TLS_CERT={{ matrix_bot_postmoogle_tls_cert }}
+POSTMOOGLE_TLS_KEY={{ matrix_bot_postmoogle_tls_key }}
+POSTMOOGLE_TLS_REQUIRED={{ matrix_bot_postmoogle_tls_required }}
 
 {{ matrix_bot_postmoogle_environment_variables_extension }}

roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2

@@ -24,7 +24,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle
 			--network={{ matrix_docker_network }} \
 			--env-file={{ matrix_bot_postmoogle_config_path }}/env \
 			-p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \
+			-p {{ matrix_bot_postmoogle_smtps_host_bind_port }}:{{ matrix_bot_postmoogle_tls_port }} \
 			--mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \
+			--mount type=bind,src={{ matrix_bot_postmoogle_ssl_path }},dst=/ssl \
 			{% for arg in matrix_bot_postmoogle_container_extra_arguments %}
 			{{ arg }} \
 			{% endfor %}