Add exim config for firehose and storyboard

In order to get puppet out of the business of mucking with exim and fighting ansible, finish moving the config to ansible. This introduces a storyboard group that we can use to apply the exim config across both servers. It also splits the base playbook so that we can avoid running exim on the backup servers. And we set purge_apt_sources the same as was set in puppet. We should probably remove it though, since none of us have any clue why it's here. Change-Id: I43ee891a9c1beead7f97808208829b01a0a7ced6
2018-08-13 14:40:19 -05:00
parent 4cca3f8d2a
commit 0d1f235fce
6 changed files with 58 additions and 2 deletions
--- a/playbooks/group_vars/storyboard.yaml
+++ b/playbooks/group_vars/storyboard.yaml
@@ -0,0 +1,34 @@
+exim_routers:
+  - storyboard_verp_router: |
+      driver = dnslookup
+      # we only consider messages sent in through loopback
+      condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
+                          {eq{$sender_host_address}{::1}}}{yes}{no}}
+      # we do not do this for traffic going to the local machine
+      domains = '!+local_domains'
+      ignore_target_hosts = <; \
+            0.0.0.0; \
+            64.94.110.11; \
+            127.0.0.0/8; \
+            ::1/128; \
+            fe80::/10; \
+            fec0::/10; \
+            ff00::/8
+      # only the un-VERPed bounce addresses are handled
+      senders = "*-bounces@*"
+      transport = storyboard_verp_smtp
+  - storyboard: |
+      # Send bounces to /dev/null until storyboard supports them.
+      driver = redirect
+      local_parts = storyboard
+      local_part_suffix_optional = true
+      local_part_suffix = -bounces : -bounces+*
+      data = :blackhole:
+exim_transports:
+  - storyboard_verp_smtp: |
+      driver = smtp
+      return_path = \
+        ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
+      max_rcpt = 1
+      headers_remove = Errors-To
+      headers_add = Errors-To: ${return_path}