From b9adfc923e13c75354cdc0c2e1bc219a348a24d8 Mon Sep 17 00:00:00 2001
From: Brian Lee <blee@satstack.cloud>
Date: Mon, 21 Aug 2023 09:20:49 -0700
Subject: [PATCH] Flesh out readme and ensure services are started.

---
 README.md          |  7 +++++++
 docs/DEPLOYMENT.md | 30 ++++++++++++------------------
 tasks/dovecot.yml  |  8 +++++++-
 tasks/opendkim.yml |  7 +++++++
 tasks/postfix.yml  |  6 +++---
 5 files changed, 36 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index ff755a4..64bdf02 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,13 @@ See the provided [example](docs/examples/backup.sh) script. Keep in mind that wh
 ansible-playbook -e 'force_dovecot_passwd_file_maildir_ids=yes' playbooks/mail.yml
 ```
 
+## Troubleshooting
+
+```shell
+systemctl status opendkim dovecot postfix
+journalctl -fu postfix@-
+journalctl -fu dovecot
+```
 ## Misc
 
 There are some interesting mta implementations that may replace or compliment parts of this stack in the future:
diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index 6f1ab21..4581092 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -11,10 +11,10 @@
     ```
     The `A` and `MX` records are required, while the `TXT` records are optional but recommended.
 
-2. Set a password for the "main" virtual inbox:
+2. Configure credentials for the "hello" virtual inbox on the server. Use your favorite password manager to generate a passphrase and then run this to configure it:
 
     ```shell
-    echo main:$(doveadm pw -s BLF-CRYPT) >> files/$TARGET/imap.passwd
+    sudo echo hello:$(doveadm pw -s BLF-CRYPT):$(id -u maildir):$(id -g maildir) >> /etc/dovecot/imap.passwd
     ```
 
     Also, if you use `doas` rather than `sudo`, you need to permit your ansible_user to become opendkim in your `/etc/doas.conf`:
@@ -23,26 +23,20 @@
     permit nopass blee as opendkim
     ```
 
-3. Copy a vars/targets file, update the values, and run this playbook
+3. configure some virtual aliases in /etc/postfix/virtual and run: `postmap virtual` (See `man 5 postconf` for details)
 
-    Troubleshooting: Sanity check opendkim (may need restart, although I think I fixed that):
+4. Configure your playbook's variables and run this playbook.
+
+*   (should be fixed) Troubleshooting: Sanity check opendkim, the unix socket should exist and be writable
     ```shell
     ls -AlF /var/spool/postfix/opendkim/opendkim.sock
     ```
 
-4. look at the maildir uid/gid in main.cf and use those in the imap.passwd file (switching to the dovecot role will fix that later)
+Validate your dns records: [mxtoolbox.com](https://mxtoolbox.com/)
 
-5. configure some virtual aliases in /etc/postfix/virtual and run:
+## Optional: sending authenticated mail
 
-    ```shell
-    postmap virtual vmailbox
-    ```
-
-    See `man 5 postconf` for details.
-
-6. Sanity check: https://mxtoolbox.com/
-
-7. (optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
+* Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
 
     Here's an example line in dnscontrol:
 
@@ -51,13 +45,13 @@
     ```
 
     * See [print-rdata.py](examples/print-rdata.py) for a (kind of bad) example of how to automatically parse mail.txt
-    * See [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns) 
+    * You can codify your records in a git repo using a tool like [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns) 
 
-    If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
+* If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
 
     ```Javascript
     TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1')
     ```
 
-    After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/). 
+After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/). I can score 10/10 by sending an email with an html mime type (just copypasta something from chatgpt).
 
diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml
index f45c242..d56fe87 100644
--- a/tasks/dovecot.yml
+++ b/tasks/dovecot.yml
@@ -39,4 +39,10 @@
     regexp: '(.*):(\d+):(\d+)$'
     replace: '\1:{{ maildir_uid }}:{{ maildir_gid }}'
   when: force_dovecot_passwd_file_maildir_ids
-  notify: restart dovecot
\ No newline at end of file
+  notify: restart dovecot
+
+- name: Ensure dovecot service is started and enabled.
+  ansible.builtin.service:
+    name: dovecot
+    state: started
+    enabled: yes
diff --git a/tasks/opendkim.yml b/tasks/opendkim.yml
index 345b8e0..7bd54d0 100644
--- a/tasks/opendkim.yml
+++ b/tasks/opendkim.yml
@@ -46,4 +46,11 @@
     name: opendkim
     state: restarted
   when: not opendkim_socket.stat.exists
+
+- name: Ensure opendkim service is started and enabled.
+  ansible.builtin.service:
+    name: opendkim
+    state: started
+    enabled: yes
+
     
\ No newline at end of file
diff --git a/tasks/postfix.yml b/tasks/postfix.yml
index bd73158..44c654d 100644
--- a/tasks/postfix.yml
+++ b/tasks/postfix.yml
@@ -79,11 +79,11 @@
     path: "{{ postfix_smtpd_tls_dh1024_param_file }}"
     size: 2048
 
-- name: Temporarily stop postfix
+- name: Ensure postfix service is started
   ansible.builtin.service:
     name: postfix
-    state: stopped
-    enabled: false
+    state: started
+    enabled: yes
 
 - name: Set up helper script to create new email aliases
   ansible.builtin.template: