Enable mail VPN tunnel, add proxy server private IP to trusted dovecot hosts

.gitignore

@@ -1,4 +1,5 @@
 **/*.enc
+newkey_out
 hosts
 prox-server-firewall-setup.yml
 prox-server-setup.yml

proxy_resources/etc/wireguard/wg0.conf

@@ -8,9 +8,9 @@ PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING
 ListenPort = {{ proxy_server_vpn_port }}
 
 # Mail Service
-#[Peer]
-#PublicKey = {{ mail_service_pubkey }}
-#AllowedIPs = 10.0.0.2/32
+[Peer]
+PublicKey = {{ mail_service_pubkey }}
+AllowedIPs = 10.0.0.2/32
 
 # Git Service
 [Peer]

services/service_mail/data/config/user-patches.sh

@@ -20,7 +20,7 @@ echo 'patching /etc/dovecot/conf.d/10-master.conf'
 cp -f /tmp/docker-mailserver/dovecot-masteroverride.conf /etc/dovecot/conf.d/10-master.conf
 
 echo 'patching /etc/dovecot/dovecot.conf'
-echo -e 'haproxy_trusted_networks = {{ proxy_server_ip }}\nhaproxy_timeout = 3s' >> /etc/dovecot/dovecot.conf
+echo -e 'haproxy_trusted_networks = {{ proxy_server_ip }} 10.0.0.1\nhaproxy_timeout = 3s' >> /etc/dovecot/dovecot.conf
 
 #echo 'patching /etc/postfix/master.cf'
 #cp -f /tmp/docker-mailserver/postfix-masteroverride.cf /etc/postfix/master.cf

services/service_mail/deploy-service.yml

@@ -44,7 +44,7 @@
         group: service_mail
       loop:
         - docker-compose.yml 
-        - certbot-docker-compose-initrenew.yml 
+          #        - certbot-docker-compose-initrenew.yml 
         - myconfig.org
 
     - name: Copy SSL certificates