From 46f35ff1ad01eb01762377988c25c44ef0620c20 Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Sat, 6 May 2023 15:46:48 +0200 Subject: [PATCH 1/6] begin anonaddy --- group_vars/mash_servers | 58 ++++++++++++++++++++++++++++++++++++++--- requirements.yml | 3 +++ 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 3cb824c3..ede49c39 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -65,6 +65,8 @@ devture_systemd_service_manager_services_list_auto: | {{ ([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else []) + + ([{'name': (anonaddy_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'anonaddy']}] if anonaddy_enabled else []) + + ([{'name': (appsmith_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'appsmith']}] if appsmith_enabled else []) + ([{'name': (authentik_server_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'authentik']}] if authentik_enabled else []) @@ -514,6 +516,50 @@ adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_cert # # ######################################################################## +######################################################################## +# # +# anonaddy # +# # +######################################################################## + +anonaddy_enabled: false + +anonaddy_identifier: "{{ mash_playbook_service_identifier_prefix }}anonaddy" + +anonaddy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}anonaddy" + +anonaddy_uid: "{{ mash_playbook_uid }}" +anonaddy_gid: "{{ mash_playbook_uid }}" + +anonaddy_database_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}" +anonaddy_database_port: "{{ '3306' if mariadb_enabled else '' }}" +anonaddy_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) | password_hash('sha512', 'db.anonaddy', rounds=655555) | to_uuid }}" +anonaddy_database_username: "{{ anonaddy_identifier }}" + + +authentik_server_systemd_required_services_list_auto: | + {{ + ([mariadb_identifier ~ '.service'] if mariadb_enabled and anonaddy_database_hostname == mariadb_identifier else []) + }} + +anonaddy_container_additional_networks: | + {{ + ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + + + ([mariadb_container_network] if mariadb_enabled and anonaddy_database_hostname == mariadb_identifier and anonaddy_container_network != mariadb_enabled else []) + }} + +anonaddy_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}" +anonaddy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}" +anonaddy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +anonaddy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + + +######################################################################## +# # +# /anonaddy # +# # +######################################################################## ######################################################################## @@ -1732,10 +1778,14 @@ mariadb_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_ mariadb_uid: "{{ mash_playbook_uid }}" mariadb_gid: "{{ mash_playbook_gid }}" -# This will be extended in the future, to auto-create datases for services -# which depend on MariaDB. -# See `devture_postgres_managed_databases_auto` -mariadb_managed_databases_auto: [] +mariadb_managed_databases_auto: | + {{ + ([{ + 'name': anonaddy_database_name, + 'username': anonaddy_database_username, + 'password': anonaddy_database_password, + }] if anonaddy_enabled and anonaddy_database_hostname == mariadb_identifier else []) + }} ######################################################################## # # diff --git a/requirements.yml b/requirements.yml index 310f23dc..09565f8e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,6 +3,9 @@ - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git version: v0.107.26-1 name: adguard_home +- src: git+https://github.com/nielscil/ansible-role-anonaddy.git + version: main + name: anonaddy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-appsmith.git version: v1.9.17-0 name: appsmith From 26a39b1e13a8bf594e2d1451cc26b8e2f6687fd1 Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Sun, 7 May 2023 13:40:10 +0200 Subject: [PATCH 2/6] fixes --- group_vars/mash_servers | 5 ++++- setup.yml | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index ede49c39..0d970f5a 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -537,7 +537,7 @@ anonaddy_database_password: "{{ '%s' | format(mash_playbook_generic_secret_key) anonaddy_database_username: "{{ anonaddy_identifier }}" -authentik_server_systemd_required_services_list_auto: | +anonaddy_systemd_required_services_list_auto: | {{ ([mariadb_identifier ~ '.service'] if mariadb_enabled and anonaddy_database_hostname == mariadb_identifier else []) }} @@ -554,6 +554,9 @@ anonaddy_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_prox anonaddy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" anonaddy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" +anonaddy_container_rspamd_labels_traefik_enabled: "{{ anonaddy_rspamd_enabled and mash_playbook_traefik_labels_enabled }}" +anonaddy_container_rspamd_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +anonaddy_container_rspamd_labels_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" ######################################################################## # # diff --git a/setup.yml b/setup.yml index 2786272a..13928d27 100644 --- a/setup.yml +++ b/setup.yml @@ -55,6 +55,8 @@ - role: galaxy/com.devture.ansible.role.traefik - role: galaxy/adguard_home + + - role: galaxy/anonaddy - role: galaxy/appsmith From aae044ed1dd5d041b50b1542fc272c1e081bcc25 Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Mon, 8 May 2023 10:47:09 +0200 Subject: [PATCH 3/6] fixed group id --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index 0d970f5a..bfb2ddf0 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -529,7 +529,7 @@ anonaddy_identifier: "{{ mash_playbook_service_identifier_prefix }}anonaddy" anonaddy_base_path: "{{ mash_playbook_base_path }}/{{ mash_playbook_service_base_directory_name_prefix }}anonaddy" anonaddy_uid: "{{ mash_playbook_uid }}" -anonaddy_gid: "{{ mash_playbook_uid }}" +anonaddy_gid: "{{ mash_playbook_gid }}" anonaddy_database_hostname: "{{ mariadb_identifier if mariadb_enabled else '' }}" anonaddy_database_port: "{{ '3306' if mariadb_enabled else '' }}" From 5218d6ca4af5300da883cdeebe68f78e23cb0628 Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Thu, 18 May 2023 19:22:19 +0200 Subject: [PATCH 4/6] fixed networking of anonaddy --- group_vars/mash_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/mash_servers b/group_vars/mash_servers index bfb2ddf0..32f723ad 100644 --- a/group_vars/mash_servers +++ b/group_vars/mash_servers @@ -542,7 +542,7 @@ anonaddy_systemd_required_services_list_auto: | ([mariadb_identifier ~ '.service'] if mariadb_enabled and anonaddy_database_hostname == mariadb_identifier else []) }} -anonaddy_container_additional_networks: | +anonaddy_container_additional_networks_auto: | {{ ([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else []) + From db32c0840d7c77f0fd5ebb6f4e29d4a7739c4a7f Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Tue, 30 May 2023 18:44:58 +0200 Subject: [PATCH 5/6] Added docs and right version to requirments --- docs/services/anonaddy.md | 330 +++++++++++++++++++++++++++++++++++++ docs/supported-services.md | 1 + requirements.yml | 2 +- 3 files changed, 332 insertions(+), 1 deletion(-) create mode 100644 docs/services/anonaddy.md diff --git a/docs/services/anonaddy.md b/docs/services/anonaddy.md new file mode 100644 index 00000000..4d2df63b --- /dev/null +++ b/docs/services/anonaddy.md @@ -0,0 +1,330 @@ +# AnonAddy + +[AnonAddy](https://anonaddy.com/) is an open-source Anonymous Email Forwarding. MASH can install AnonAddy with the [`nielscil/ansible-role-anonaddy`](https://github.com/nielscil/ansible-role-anonaddy) ansible role. + + +## Dependencies + +This service requires the following other services: + +- a [MariaDB](mariadb.md) database +- a [Redis](redis.md) data-store, installation details [below](#redis) +- a [Traefik](traefik.md) reverse-proxy server + +This service requires the following ports: +- Port 25 for SMTP communication + +## DNS Configuration + +This service requires extra DNS records. The following setup is an example where: + +- AnonAddy website is reachable from: `https://anonaddy.example.com` +- RSPAMD is reachable from: `https://anonaddy-rspamd.example.com` +- AnonAddy maildomain is: `localpart@anonaddy.example.com` + +| Description | Type | Host | Priority | Weight | Target | +|--------------------------- |-------|-------------------------------------------|----------|--------|----------------------------------| +| AnonAddy site | CNAME | `anonaddy.example.com` | - | - | `mash.example.com` | +| RSPAMD (optional) | CNAME | `anonaddy-rspamd.example.com` | - | - | `mash.example.com` | +| Mail | MX | `anonaddy.example.com` | 10 | 0 | `mash.example.com` | +| DKIM (optional) | TXT | `default._domainkey.anonaddy.example.com` | - | - | Get from `install-anonaddy-dkim` | +| DMARC (optional) | TXT | `_dmarc.anonaddy.example.com` | - | - | `v=DMARC1; p=quarantine;` | +| SPF (optional) | TXT | `anonaddy.example.com` | - | - | `v=spf1 ip4: -all` | + +## Configuration + +To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: + +```yaml +######################################################################## +# # +# AnonAddy # +# # +######################################################################## + +anonaddy_enabled: true + +anonaddy_hostname: anonaddy.example.com + +# Put a strong secret below, generated with `#base64:$(openssl rand -base64 32)` or in another way +anonaddy_key: '' +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +anonaddy_secret: '' + +anonaddy_domain: anonaddy.example.com + +# Redis configuration, as described below + +# DKIM configuration (optional), as as described below + +# GPG configuration (optional), as as described below + +######################################################################## +# # +# /AnonAddy # +# # +######################################################################## +``` + +### Redis + +As described on the [Redis](redis.md) documentation page, if you're hosting additional services which require Redis on the same server, you'd better go for installing a separate Redis instance for each service. See [Creating a Redis instance dedicated to AnonAddy](#creating-a-redis-instance-dedicated-to-anonaddy). + +If you're only running AnonAddy on this server and don't need to use Redis for anything else, you can [use a single Redis instance](#using-the-shared-redis-instance-for-anonaddy). + +#### Using the shared Redis instance for AnonAddy + +To install a single (non-dedicated) Redis instance (`mash-redis`) and hook AnonAddy to it, add the following **additional** configuration: + +```yaml +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## + + +######################################################################## +# # +# AnonAddy # +# # +######################################################################## + +# Base configuration as shown above + +# Point AnonAddy to the shared Redis instance +anonaddy_redis_host: "{{ redis_identifier }}" + +# Make sure the AnonAddy service (mash-anonaddy.service) starts after the shared Redis service (mash-redis.service) +anonaddy_systemd_required_services_list_custom: + - "{{ redis_identifier }}.service" + +# Make sure the AnonAddy container is connected to the container network of the shared Redis service (mash-redis) +anonaddy_container_additional_networks_custom: + - "{{ redis_identifier }}" + +######################################################################## +# # +# /AnonAddy # +# # +######################################################################## +``` + +This will create a `mash-redis` Redis instance on this host. + +This is only recommended if you won't be installing other services which require Redis. Alternatively, go for [Creating a Redis instance dedicated to AnonAddy](#creating-a-redis-instance-dedicated-to-anonaddy). + + +#### Creating a Redis instance dedicated to AnonAddy + +The following instructions are based on the [Running multiple instances of the same service on the same host](../running-multiple-instances.md) documentation. + +Adjust your `inventory/hosts` file as described in [Re-do your inventory to add supplementary hosts](../running-multiple-instances.md#re-do-your-inventory-to-add-supplementary-hosts), adding a new supplementary host (e.g. if `anonaddy.example.com` is your main one, create `anonaddy.example.com-deps`). + +Then, create a new `vars.yml` file for the + +`inventory/host_vars/anonaddy.example.com-deps/vars.yml`: + +```yaml +--- + +######################################################################## +# # +# Playbook # +# # +######################################################################## + +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +# Various other secrets will be derived from this secret automatically. +mash_playbook_generic_secret_key: '' + +# Override service names and directory path prefixes +mash_playbook_service_identifier_prefix: 'mash-anonaddy-' +mash_playbook_service_base_directory_name_prefix: 'anonaddy-' + +######################################################################## +# # +# /Playbook # +# # +######################################################################## + + +######################################################################## +# # +# redis # +# # +######################################################################## + +redis_enabled: true + +######################################################################## +# # +# /redis # +# # +######################################################################## +``` + +This will create a `mash-anonaddy-redis` instance on this host with its data in `/mash/anonaddy-redis`. + +Then, adjust your main inventory host's variables file (`inventory/host_vars/anonaddy.example.com/vars.yml`) like this: + +```yaml +######################################################################## +# # +# AnonAddy # +# # +######################################################################## + +# Base configuration as shown above + +# Point AnonAddy to its dedicated Redis instance +anonaddy_redis_host: mash-anonaddy-redis + +# Make sure the AnonAddy service (mash-anonaddy.service) starts after its dedicated Redis service (mash-anonaddy-redis.service) +anonaddy_systemd_required_services_list_custom: + - "mash-anonaddy-redis.service" + +# Make sure the AnonAddy container is connected to the container network of its dedicated Redis service (mash-anonaddy-redis) +anonaddy_container_additional_networks_custom: + - "mash-anonaddy-redis" + +######################################################################## +# # +# /AnonAddy # +# # +######################################################################## +``` + +### DKIM and RSPAMD (optional) + +If you want to use RSPAMD or want AnonAddy to have a lower spam-score, you should enable DKIM. The role can generate a DKIM key, see [install dkim](#install-dkim-optional), which then can be placed in the main inventory configuration like this: + +```yaml +######################################################################## +# # +# AnonAddy # +# # +######################################################################## + +# Base configuration as shown above + +# RSPAMD +anonaddy_rspamd_enabled: true +# Put a strong secret below, generated with `pwgen -s 64 1` or in another way +anonaddy_rspamd_password: '' +# hostname should be unique and not part of main anonaddy domain +anonaddy_rspamd_hostname: anonaddy-rspamd.example.com + +# Get the path from install-anonaddy-dkim +anonaddy_dkim_signing_key_path: '/data/dkim/anonaddy.example.com.private' + +######################################################################## +# # +# /AnonAddy # +# # +######################################################################## +``` + +### GPG (optional) + +If you want AnonAddy to have the possibility to encrypt the emails between you/your AnonAddy users and AnonAddy, you should enable GPG. The role can import a GPG key, see [install GPG](#install-gpg-optional). Before importing, you should add the following configuration: + +```yaml +######################################################################## +# # +# AnonAddy # +# # +######################################################################## + +# Base configuration as shown above + +# the GPG private key generated following the install instructions +anonaddy_gpg_signing_key: '' +anonaddy_gpg_signing_key_fingerprint: '' + +######################################################################## +# # +# /AnonAddy # +# # +######################################################################## +``` + +## Installation + +If you've decided to install a dedicated Redis instance for AnonAddy, make sure to first do [installation](../installing.md) for the supplementary inventory host (e.g. `anonaddy.example.com-deps`), before running installation for the main one (e.g. `anonaddy.example.com`). + +### Install DKIM (optional) + +If you've decided to use DKIM, run the tag `install-anonaddy-dkim` after you installed the whole application using `install-all`. Paste the printed DKIM public key in the DKIM DNS record and add the printed value for `anonaddy_dkim_signing_key_path` to your variables as seen in [configure dkim](#dkim-and-rspamd-optional). + + +### Install GPG (optional) + +If you've decided to use GPG, then you should first generate a GPG keypair (on your local system) for the AnonAddy mail address. You should not set a passphase. + +``` +gpg --full-gen-key + +Example: + +Please select what kind of key you want: + (1) RSA and RSA (default) + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (14) Existing key from card +Your selection? 1 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) 4096 +Requested keysize is 4096 bits +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years +Key is valid for? (0) 0 +Key does not expire at all +Is this correct? (y/N) y + +GnuPG needs to construct a user ID to identify your key. + +Real name: AnonAddy +Email address: anonaddy@anonaddy.example.com +Comment: + +... + +public and secret key created and signed. + +pub rsa4096 2023-05-30 [SC] + C3950C727B3846FFB7005FEE3926F5A3BCC2CFF0 +uid AnonAddy +sub rsa4096 2023-05-30 [E] +``` + +Find the public key fingerprint (can be found in the output by `pub`). In this example it is `C3950C727B3846FFB7005FEE3926F5A3BCC2CFF0` and should be placed in the `anonaddy_gpg_signing_key_fingerprint` variable as seen in [configure gpg](#gpg-optional). + +Export the previously generated private key. The provided key should be installed in the `anonaddy_gpg_signing_key` variable as seen in [configure gpg](#gpg-optional). + +``` +gpg --armor --export-secret-key anonaddy@anonaddy.example.com +``` + +## Usage + +After installation, you can create an user using by providing the `anonaddy_user_username` and `anonaddy_user_mail` variables to the tag `create-anonaddy-user` +For example: +``` +just run-tags create-anonaddy-user -e "anonaddy_user_username=test" -e "anonaddy_user_mail=test@test.com" +``` +Use the username and printed userid to login at your AnonAddy domain. + diff --git a/docs/supported-services.md b/docs/supported-services.md index 877179a4..a3003f21 100644 --- a/docs/supported-services.md +++ b/docs/supported-services.md @@ -4,6 +4,7 @@ | ------------------------------ | ------------------------------------- | ------------- | | [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/auxiliary.md) | | [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) | +| [AnonAddy](https://github.com/anonaddy/anonaddy) | An open-source Anonymous Email Forwarding | [Link](services/anonaddy.md) | | [Appsmith](https://www.appsmith.com/) | Platform for building and deploying custom internal tools and applications without writing code | [Link](services/appsmith.md) | | [authentik](https://goauthentik.io/) | An open-source Identity Provider focused on flexibility and versatility. | [Link](services/authentik.md) | | [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) | diff --git a/requirements.yml b/requirements.yml index 09565f8e..80e9d966 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v0.107.26-1 name: adguard_home - src: git+https://github.com/nielscil/ansible-role-anonaddy.git - version: main + version: 0.14.1-r0 name: anonaddy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-appsmith.git version: v1.9.17-0 From a98ac1ca3620456d452ba86101d04d1a1f794194 Mon Sep 17 00:00:00 2001 From: Niels Bouma <9073152+nielscil@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:06:17 +0100 Subject: [PATCH 6/6] update docs + requirements --- docs/services/anonaddy.md | 27 +++++++++++++++------------ requirements.yml | 2 +- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/docs/services/anonaddy.md b/docs/services/anonaddy.md index 4d2df63b..46d9cb43 100644 --- a/docs/services/anonaddy.md +++ b/docs/services/anonaddy.md @@ -1,6 +1,6 @@ # AnonAddy -[AnonAddy](https://anonaddy.com/) is an open-source Anonymous Email Forwarding. MASH can install AnonAddy with the [`nielscil/ansible-role-anonaddy`](https://github.com/nielscil/ansible-role-anonaddy) ansible role. +[AnonAddy](https://anonaddy.com/) is an open-source Anonymous Email Forwarding. ## Dependencies @@ -22,14 +22,14 @@ This service requires extra DNS records. The following setup is an example where - RSPAMD is reachable from: `https://anonaddy-rspamd.example.com` - AnonAddy maildomain is: `localpart@anonaddy.example.com` -| Description | Type | Host | Priority | Weight | Target | -|--------------------------- |-------|-------------------------------------------|----------|--------|----------------------------------| -| AnonAddy site | CNAME | `anonaddy.example.com` | - | - | `mash.example.com` | -| RSPAMD (optional) | CNAME | `anonaddy-rspamd.example.com` | - | - | `mash.example.com` | -| Mail | MX | `anonaddy.example.com` | 10 | 0 | `mash.example.com` | -| DKIM (optional) | TXT | `default._domainkey.anonaddy.example.com` | - | - | Get from `install-anonaddy-dkim` | -| DMARC (optional) | TXT | `_dmarc.anonaddy.example.com` | - | - | `v=DMARC1; p=quarantine;` | -| SPF (optional) | TXT | `anonaddy.example.com` | - | - | `v=spf1 ip4: -all` | +| Description | Type | Host | Priority | Weight | Target | +|--------------------------- |-------|-------------------------------------------|----------|--------|-----------------------------------| +| AnonAddy site | CNAME | `anonaddy.example.com` | - | - | `mash.example.com` | +| RSPAMD (optional) | CNAME | `anonaddy-rspamd.example.com` | - | - | `mash.example.com` | +| Mail | MX | `anonaddy.example.com` | 10 | 0 | `mash.example.com` | +| DKIM (optional) | TXT | `default._domainkey.anonaddy.example.com` | - | - | Get from `generate-anonaddy-dkim` | +| DMARC (optional) | TXT | `_dmarc.anonaddy.example.com` | - | - | `v=DMARC1; p=quarantine;` | +| SPF (optional) | TXT | `anonaddy.example.com` | - | - | `v=spf1 ip4: -all` | ## Configuration @@ -223,8 +223,11 @@ anonaddy_rspamd_password: '' # hostname should be unique and not part of main anonaddy domain anonaddy_rspamd_hostname: anonaddy-rspamd.example.com -# Get the path from install-anonaddy-dkim -anonaddy_dkim_signing_key_path: '/data/dkim/anonaddy.example.com.private' +# Get the key from generate-anonaddy-dkim +anonaddy_dkim_signing_key: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- ######################################################################## # # @@ -263,7 +266,7 @@ If you've decided to install a dedicated Redis instance for AnonAddy, make sure ### Install DKIM (optional) -If you've decided to use DKIM, run the tag `install-anonaddy-dkim` after you installed the whole application using `install-all`. Paste the printed DKIM public key in the DKIM DNS record and add the printed value for `anonaddy_dkim_signing_key_path` to your variables as seen in [configure dkim](#dkim-and-rspamd-optional). +If you've decided to use DKIM, run the tag `generate-anonaddy-dkim` with **only** the inventory host where anonaddy is being installed. This can be done before installation, but make sure your host variables are already defined. After generating, paste the printed DKIM public key in the DKIM DNS record and add the printed value for `anonaddy_dkim_signing_key` to your variables as seen in [configure dkim](#dkim-and-rspamd-optional). ### Install GPG (optional) diff --git a/requirements.yml b/requirements.yml index 1670ed1e..0709b91b 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v0.107.40-0 name: adguard_home - src: git+https://github.com/nielscil/ansible-role-anonaddy.git - version: 0.14.1-r0 + version: 0.14.1-r1 name: anonaddy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-appsmith.git version: v1.9.41-0