Optimized nginx CSP (prop. leads to problems due to too high restrictions for some roles) and implemented health check for mailer

group_vars/all/00_general.yml

@@ -22,48 +22,6 @@ primary_domain_tld:     "localhost"                                     # Top Le
 primary_domain_sld:     "cymais"                                        # Second Level Domain of the server
 primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
 
-# Helper Variables
-
-# Helper Variables for administrator
-_users_administrator_username:  "{{ users.administrator.username | default('administrator') }}"
-_users_administrator_email:     "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}"
-
-# Helper Variables for bounce
-_users_bounce_username:        "{{ users.bounce.username | default('bounce') }}"
-_users_bounce_email:           "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}"
-
-# Helper Variables for no-reply
-_users_no_reply_username:       "{{ users['no-reply'].username | default('no-reply') }}"
-_users_no_reply_email:          "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
-
-# Administrator
-default_users:
-  administrator:
-    username:           "{{_users_administrator_username}}"     # Username of the administrator
-    email:              "{{_users_administrator_email}}"        # Email of the administrator
-    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
-    uid:                1001                                    # Posix User ID
-    gid:                1001                                    # Posix Group ID
-    is_admin:           true                                    # Define as admin user
-
-  bounce:
-    username:           "{{ _users_bounce_username }}"          # Bounce-handler account username
-    email:              "{{ _users_bounce_email }}"             # Email address for handling bounces
-    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
-    uid:                1002                                    # Posix User ID for bounce
-    gid:                1002                                    # Posix Group ID for bounce
-
-  no-reply:
-    username:           "{{ _users_no_reply_username }}"        # No-reply account username
-    email:              "{{ _users_no_reply_email }}"           # Email address for outgoing no-reply mails
-    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
-    uid:                1003                                    # Posix User ID for no-reply
-    gid:                1003                                    # Posix Group ID for no-reply
-
-
-# Test Email
-test_email:             "test@{{primary_domain}}"
-
 # Server Tact Variables 
 
 ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance

group_vars/all/07_calendar.yml

@@ -6,6 +6,7 @@ on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"
 on_calendar_health_docker_container:          "*-*-* {{ hours_server_awake }}:00:00"  # Check once per hour if the docker containers are healthy
 on_calendar_health_docker_volumes:            "*-*-* {{ hours_server_awake }}:15:00"  # Check once per hour if the docker volumes are healthy
 on_calendar_health_nginx:                     "*-*-* {{ hours_server_awake }}:45:00"  # Check once per hour if all webservices are available
+on_calendar_health_msmtp:                     "*-*-* 00:00:00"                        # Check once per day SMTP Server
 
 ## Schedule for Cleanup Tasks
 on_calendar_cleanup_backups:                  "*-*-* 00,06,12,18:30:00"               # Cleanup backups every 6 hours, MUST be called before disc space cleanup

group_vars/all/10_users.yml

@@ -0,0 +1,53 @@
+# Helper Variables
+
+# Helper Variables for administrator
+_users_administrator_username:  "{{ users.administrator.username | default('administrator') }}"
+_users_administrator_email:     "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}"
+
+# Helper Variables for bounce
+_users_bounce_username:        "{{ users.bounce.username | default('bounce') }}"
+_users_bounce_email:           "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}"
+
+# Helper Variables for no-reply
+_users_no_reply_username:       "{{ users['no-reply'].username | default('no-reply') }}"
+_users_no_reply_email:          "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
+
+# Helper Variables for blackhole
+_users_blackhole_username:       "{{ users.blackhole.username | default('no-reply') }}"
+_users_blackhole_email:          "{{ users.blackhole.email | default(_users_blackhole_username ~ '@' ~ primary_domain) }}"
+
+# Administrator
+default_users:
+
+  # Credentials will be used as administration credentials for all applications and the system
+  administrator:
+    username:           "{{_users_administrator_username}}"     # Username of the administrator
+    email:              "{{_users_administrator_email}}"        # Email of the administrator
+    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
+    uid:                1001                                    # Posix User ID
+    gid:                1001                                    # Posix Group ID
+    is_admin:           true                                    # Define as admin user
+
+  # Account for Newsletter bouncing
+  bounce:
+    username:           "{{ _users_bounce_username }}"          # Bounce-handler account username
+    email:              "{{ _users_bounce_email }}"             # Email address for handling bounces
+    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
+    uid:                1002                                    # Posix User ID for bounce
+    gid:                1002                                    # Posix Group ID for bounce
+
+  # User to send System Emails from
+  no-reply:
+    username:           "{{ _users_no_reply_username }}"        # No-reply account username
+    email:              "{{ _users_no_reply_email }}"           # Email address for outgoing no-reply mails
+    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
+    uid:                1003                                    # Posix User ID for no-reply
+    gid:                1003                                    # Posix Group ID for no-reply
+
+  # Emails etc, what you send to this user will be forgetten
+  blackhole:
+    username:           "{{ _users_blackhole_username }}"       # Blackhole account username
+    email:              "{{ _users_blackhole_email }}"          # Email address to which emails can be send which well be forgetten
+    password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
+    uid:                1004                                    # Posix User ID for bounce
+    gid:                1004                                    # Posix Group ID for bounce