From 0c7b84faf05e510dfc38f8f69b8a107d1ada8c80 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Mon, 5 Jul 2021 19:01:01 -0400
Subject: start building a new mail server

---
 bin/helpers/launch-mail2                   | 34 ++++++++++++++++++++++++++++++
 bin/launch                                 | 18 ++++++++--------
 manifests/mail2.pp                         | 13 ++++++++++++
 modules/mail2/files/mirrorlist             |  5 +++++
 modules/mail2/manifests/backups.pp         |  5 +++++
 modules/mail2/manifests/monitoring.pp      |  3 +++
 modules/mail2/manifests/operatingsystem.pp |  5 +++++
 modules/mail2/manifests/persistent.pp      | 27 ++++++++++++++++++++++++
 8 files changed, 101 insertions(+), 9 deletions(-)
 create mode 100644 bin/helpers/launch-mail2
 create mode 100644 manifests/mail2.pp
 create mode 100644 modules/mail2/files/mirrorlist
 create mode 100644 modules/mail2/manifests/backups.pp
 create mode 100644 modules/mail2/manifests/monitoring.pp
 create mode 100644 modules/mail2/manifests/operatingsystem.pp
 create mode 100644 modules/mail2/manifests/persistent.pp

diff --git a/bin/helpers/launch-mail2 b/bin/helpers/launch-mail2
new file mode 100644
index 0000000..38176d7
--- /dev/null
+++ b/bin/helpers/launch-mail2
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -eu
+set -o pipefail
+
+# shellcheck source=functions.sh
+. "$(dirname "$0")/functions.sh"
+
+create_droplet mail2.tozt.net s-1vcpu-1gb 0812b69f-dde4-11eb-9b7e-0a58ac1465ad
+
+echo "Creating DNS entry for $ip..."
+record_id=$(
+    doctl \
+        -t "$(cat /mnt/digitalocean)" \
+        compute domain records list \
+        tozt.net \
+        --format Name,Type,ID \
+        --no-header |
+        grep '^smtp2 \+A ' |
+        awk '{print $3}'
+)
+doctl \
+    -t "$(cat /mnt/digitalocean)" \
+    compute domain records update \
+    tozt.net \
+    --record-id "$record_id" \
+    --record-type A \
+    --record-name smtp2 \
+    --record-data "$ip" \
+    --record-ttl 600
+echo "Done creating DNS entry"
+
+provision_droplet mail2
+
+echo "Done"
diff --git a/bin/launch b/bin/launch
index 5ae25a4..2ae4738 100755
--- a/bin/launch
+++ b/bin/launch
@@ -6,13 +6,13 @@ script_path="$(realpath "$(dirname "$0")")"
 secrets_bin="${script_path}/secrets"
 
 case "$1" in
-    base|tozt|algo|mail|partofme)
-        "$secrets_bin" open
-        trap '"$secrets_bin" close' EXIT
-        "$(dirname "$0")/helpers/launch-$1"
-        ;;
-    *)
-        echo "unknown host $1" >&2
-        exit 1
-        ;;
+base | tozt | algo | mail | mail2 | partofme)
+    "$secrets_bin" open
+    trap '"$secrets_bin" close' EXIT
+    "$(dirname "$0")/helpers/launch-$1"
+    ;;
+*)
+    echo "unknown host $1" >&2
+    exit 1
+    ;;
 esac
diff --git a/manifests/mail2.pp b/manifests/mail2.pp
new file mode 100644
index 0000000..a4e1129
--- /dev/null
+++ b/manifests/mail2.pp
@@ -0,0 +1,13 @@
+node 'mail2', 'mail2.localdomain' {
+  $persistent_data = '/media/persistent'
+  include mail2::persistent
+  Class['mail2::persistent'] -> Class['base']
+
+  include base
+
+  include mail2::operatingsystem
+  Class['mail2::operatingsystem'] -> Package<| provider == "pacman" |>
+
+  include mail2::backups
+  include mail2::monitoring
+}
diff --git a/modules/mail2/files/mirrorlist b/modules/mail2/files/mirrorlist
new file mode 100644
index 0000000..d1c515d
--- /dev/null
+++ b/modules/mail2/files/mirrorlist
@@ -0,0 +1,5 @@
+Server = https://arch.mirror.constant.com/$repo/os/$arch
+Server = https://mirrors.sorengard.com/archlinux/$repo/os/$arch
+Server = https://mirror.stephen304.com/archlinux/$repo/os/$arch
+Server = https://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch
+Server = https://mirrors.rit.edu/archlinux/$repo/os/$arch
diff --git a/modules/mail2/manifests/backups.pp b/modules/mail2/manifests/backups.pp
new file mode 100644
index 0000000..5efe064
--- /dev/null
+++ b/modules/mail2/manifests/backups.pp
@@ -0,0 +1,5 @@
+class mail2::backups {
+  class { 'borgmatic':
+    extra_paths => ['/media/persistent'];
+  }
+}
diff --git a/modules/mail2/manifests/monitoring.pp b/modules/mail2/manifests/monitoring.pp
new file mode 100644
index 0000000..c7c9a32
--- /dev/null
+++ b/modules/mail2/manifests/monitoring.pp
@@ -0,0 +1,3 @@
+class mail2::monitoring {
+  include tick::client::base_plugins
+}
diff --git a/modules/mail2/manifests/operatingsystem.pp b/modules/mail2/manifests/operatingsystem.pp
new file mode 100644
index 0000000..3dad94f
--- /dev/null
+++ b/modules/mail2/manifests/operatingsystem.pp
@@ -0,0 +1,5 @@
+class mail2::operatingsystem {
+  file { '/etc/pacman.d/mirrorlist':
+    source => 'puppet:///modules/mail2/mirrorlist';
+  }
+}
diff --git a/modules/mail2/manifests/persistent.pp b/modules/mail2/manifests/persistent.pp
new file mode 100644
index 0000000..6f5f3e7
--- /dev/null
+++ b/modules/mail2/manifests/persistent.pp
@@ -0,0 +1,27 @@
+class mail2::persistent {
+  file {
+    "/media":
+      ensure => directory;
+    "/media/persistent":
+      ensure => directory,
+      require => File["/media"];
+  }
+
+  $fstab_line = "/dev/disk/by-id/scsi-0DO_Volume_mail2-persistent /media/persistent ext4 rw,relatime 0 2"
+  exec { "populate fstab":
+    provider => shell,
+    command => "echo '${fstab_line}' >> /etc/fstab",
+    unless => "/usr/bin/grep -qF '${fstab_line}' /etc/fstab",
+    require => File["/media/persistent"];
+  }
+
+  exec { "mount /media/persistent":
+    provider => shell,
+    command => "/usr/bin/mount /media/persistent",
+    unless => "grep ' /media/persistent ' /proc/mounts",
+    require => [
+      File["/media/persistent"],
+      Exec["populate fstab"],
+    ];
+  }
+}
-- 
cgit v1.2.3-54-g00ecf