mailserver eebug metadata

bundles/mailserver/metadata.py

@@ -4,6 +4,7 @@ database_password = repo.vault.password_for(f'{node.name} db mailserver')
 
 defaults = {
     'mailserver': {
+        'debug': False,
         'maildir': '/var/vmail',
         'database': {
             'host': '127.0.0.1', # dont use localhost

bundles/postfix/files/main.cf

@@ -37,6 +37,11 @@ smtpd_tls_auth_only = yes
 smtpd_tls_cert_file = /var/lib/dehydrated/certs/${hostname}/fullchain.pem
 smtpd_tls_key_file = /var/lib/dehydrated/certs/${hostname}/privkey.pem
 smtp_tls_security_level = may
+% if debug:
+smtpd_tls_loglevel = 3
+% endif
+smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
 
 smtpd_restriction_classes = mua_sender_restrictions, mua_client_restrictions, mua_helo_restrictions
 mua_client_restrictions = permit_sasl_authenticated, reject

bundles/postfix/items.py

@@ -17,6 +17,7 @@ files = {
         'content_type': 'mako',
         'context': {
             'hostname': node.metadata.get('mailserver/hostname'),
+            'debug': node.metadata.get('mailserver/debug')
         },
         **file_options,
     },