From b3674afb685d392a67f6e8e0646588a57b5bf6f6 Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <mail@hinrikus-wolf.de>
Date: Mon, 19 Feb 2018 16:58:39 +0100
Subject: [PATCH] postfix: make sure memcached is listen on tinc iterface

---
 postfix/handlers/main.yml           |  3 ++
 postfix/tasks/main.yml              |  8 +++++
 postfix/templates/memcached.conf.j2 | 47 +++++++++++++++++++++++++++++
 3 files changed, 58 insertions(+)
 create mode 100644 postfix/templates/memcached.conf.j2

diff --git a/postfix/handlers/main.yml b/postfix/handlers/main.yml
index e2fa640..0c29612 100644
--- a/postfix/handlers/main.yml
+++ b/postfix/handlers/main.yml
@@ -3,6 +3,9 @@
 - name: restart postfix
   service: name=postfix state=restarted
 
+- name: restart memcached
+  service: name=memcached state=restarted
+
 - name: postmap system
   command: postalias cdb:/etc/aliases
 
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index b50ddd8..84b5888 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -34,6 +34,14 @@
   tags:
     - postfix
     - mail
+
+- name: ensure memcached config is present
+  template: src=templates/memcached.conf dest=/etc/memcached.conf
+  notify:
+    - restart memcached
+  tags:
+    - postfix
+    - mail
     
 - name: ensure system alias database is present
   template: src=templates/aliases.j2 dest=/etc/aliases
diff --git a/postfix/templates/memcached.conf.j2 b/postfix/templates/memcached.conf.j2
new file mode 100644
index 0000000..c1d6ac1
--- /dev/null
+++ b/postfix/templates/memcached.conf.j2
@@ -0,0 +1,47 @@
+# memcached default config file
+# 2003 - Jay Bonci <jaybonci@debian.org>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution.
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /var/log/memcached.log
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+-m 64
+
+# Default connection port is 11211
+-p 11211
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u memcache
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+-l {{ tinc_vpnip }}
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+# -M
+
+# Maximize core file limit
+# -r
-- 
GitLab