chore: remove SMTP relay, clean up tools role after Outline/n8n migration to main

- Remove smtp-relay (postfix) container — Outline now on main, uses Resend directly - Remove UFW port 1025 rule (SMTP relay no longer needed) - Remove postfix-relay from image pull list - Clean up tools role: remove Outline/n8n/env.j2, simplify tasks/main.yml - tools docker-compose now empty (pending monitoring migration) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-27 03:10:56 +07:00 · 2026-03-27 03:10:56 +07:00 · 36be9fb33d
commit 36be9fb33d
parent 489791403c
6 changed files with 10 additions and 242 deletions
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@ -25,20 +25,24 @@
    - "{{ promtail_image }}"
    - "{{ crowdsec_image }}"
    - "{{ uptime_kuma_image }}"
-    - "tecnativa/postfix-relay"
+    - "{{ outline_image }}"
    - "{{ outline_db_image }}"
    - "{{ outline_redis_image }}"
    - "{{ n8n_image }}"
  register: pull_result
  changed_when: "'Status: Downloaded newer image' in pull_result.stdout"
  retries: 5
  delay: 30
  until: pull_result.rc == 0
- name: Allow SMTP relay port from tools server
+- name: Remove legacy SMTP relay UFW rule (port 1025)
  community.general.ufw:
    rule: allow
    port: "1025"
    proto: tcp
    src: "{{ ip_tools }}"
-    comment: "SMTP relay for tools-server Outline"
+    delete: true
  failed_when: false
 - name: Deploy Docker Compose stack
  community.docker.docker_compose_v2:
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@ -580,30 +580,6 @@ services:
      timeout: 5s
      retries: 3
  # ── SMTP Relay ─────────────────────────────────────────────────────────────
  # Forwards mail from tools-server (85.193.83.9) to Resend SMTP.
  # tools-server has outbound SMTP blocked by the VPS provider.
  # Listens on 85.193.83.9:1025 (UFW allows only from ip_tools).
  smtp-relay:
    image: tecnativa/postfix-relay
    container_name: smtp-relay
    restart: unless-stopped
    ports:
      - "{{ ip_tools }}:1025:25"
    networks:
      - proxy
    environment:
      - MAILNAME={{ domain_base }}
      - MAIL_RELAY_HOST=smtp.resend.com
      - MAIL_RELAY_PORT=587
      - MAIL_RELAY_USER=resend
      - MAIL_RELAY_PASS={{ resend_api_key }}
      - MAIL_RELAY_MYHOSTNAME=mail.{{ domain_base }}
    logging:
      driver: json-file
      options:
        max-size: "5m"
        max-file: "2"
  # ── Outline wiki ────────────────────────────────────────────────────────────
  outline:
--- a/roles/tools/defaults/main.yml
+++ b/roles/tools/defaults/main.yml
@ -1,7 +1,2 @@
 ---
 tools_root: /opt/tools
 outline_image: "outlinewiki/outline:0.80.2"
 outline_db_image: "postgres:15-alpine"
 outline_redis_image: "redis:7-alpine"
 n8n_image: "n8nio/n8n:1.89.2"              # https://hub.docker.com/r/n8nio/n8n/tags
 outline_mcp_image: "git.{{ domain_base }}/jack/outline-mcp:latest"
--- a/roles/tools/tasks/main.yml
+++ b/roles/tools/tasks/main.yml
@ -7,7 +7,6 @@
    group: "{{ deploy_group }}"
    mode: "0750"
 # ── Deploy configs and start stack ────────────────────────────────────────────
 - name: Deploy docker-compose.yml
  ansible.builtin.template:
    src: docker-compose.yml.j2
@ -16,27 +15,8 @@
    group: "{{ deploy_group }}"
    mode: "0640"
 - name: Deploy .env
  ansible.builtin.template:
    src: env.j2
    dest: "{{ tools_root }}/.env"
    owner: "{{ deploy_user }}"
    group: "{{ deploy_group }}"
    mode: "0600"
 - name: Pull images
  community.docker.docker_image:
    name: "{{ item }}"
    source: pull
  loop:
    - "{{ outline_image }}"
    - "{{ outline_db_image }}"
    - "{{ outline_redis_image }}"
    - "{{ n8n_image }}"
 - name: Start tools stack
  community.docker.docker_compose_v2:
    project_src: "{{ tools_root }}"
    state: present
    pull: missing
    remove_orphans: true
--- a/roles/tools/templates/docker-compose.yml.j2
+++ b/roles/tools/templates/docker-compose.yml.j2
@ -1,150 +1,10 @@
 # Tools stack — generated by Ansible
 # Do not edit manually; re-run ansible-playbook playbooks/tools.yml
 # All app services (Outline, n8n) have been migrated to main server.
 # Monitoring stack (Grafana, Prometheus, Loki, Alertmanager) will be added here.
 networks:
  # front — non-internal: needed for Docker port binding to work (expose ports to host)
  # Docker does not create DNAT rules for containers only on internal networks
  front:
    driver: bridge
  outline-internal:
    driver: bridge
    internal: true
  n8n-internal:
    driver: bridge
    internal: true
-volumes:
+services: {}
  outline_db_data:
  outline_redis_data:
  n8n_data:
 services:
  # ── Outline wiki ────────────────────────────────────────────────────────────
  outline:
    image: {{ outline_image }}
    container_name: outline
    restart: unless-stopped
    env_file: .env
    networks:
      - outline-internal
      - front    # needed for host port binding
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:3000:3000"
    depends_on:
      outline-db:
        condition: service_healthy
      outline-redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/_health"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  outline-db:
    image: {{ outline_db_image }}
    container_name: outline-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: outline
      POSTGRES_USER: outline
      POSTGRES_PASSWORD: ${OUTLINE_DB_PASSWORD}
    networks:
      - outline-internal
    volumes:
      - outline_db_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U outline"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  outline-redis:
    image: {{ outline_redis_image }}
    container_name: outline-redis
    restart: unless-stopped
    networks:
      - outline-internal
    volumes:
      - outline_redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  # ── Outline MCP server ───────────────────────────────────────────────────────
  # MCP server exposing Outline wiki to Claude/AI clients (port 8765, internal only)
  outline-mcp:
    image: {{ outline_mcp_image }}
    container_name: outline-mcp
    restart: unless-stopped
    networks:
      - front    # needed for host port binding
    ports:
      - "127.0.0.1:8765:8765"
    environment:
      - OUTLINE_URL=https://{{ domain_wiki }}
      - OUTLINE_API_KEY={{ outline_mcp_api_key }}
      - PORT=8765
      - HOST=0.0.0.0
      - LOG_LEVEL=INFO
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
  # ── n8n workflow automation ──────────────────────────────────────────────────
  n8n:
    image: {{ n8n_image }}
    container_name: n8n
    restart: unless-stopped
    networks:
      - n8n-internal
      - front    # needed for host port binding
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:5678:5678"
    volumes:
      - n8n_data:/home/node/.n8n
    environment:
      - N8N_HOST={{ domain_n8n }}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://{{ domain_n8n }}/
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
      - N8N_USER_MANAGEMENT_JWT_SECRET=${N8N_JWT_SECRET}
      - GENERIC_TIMEZONE=Europe/Moscow
      - TZ=Europe/Moscow
      - N8N_METRICS=false
      - N8N_LOG_LEVEL=warn
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=336
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5678/healthz"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@ -1,47 +0,0 @@
 # Outline env — generated by Ansible
 NODE_ENV=production
 SECRET_KEY={{ outline_secret_key }}
 UTILS_SECRET={{ outline_utils_secret }}
 # Database
 DATABASE_URL=postgres://outline:{{ outline_db_password }}@outline-db:5432/outline
 PGSSLMODE=disable
 # Redis
 REDIS_URL=redis://outline-redis:6379
 # App URL
 URL=https://{{ domain_wiki }}
 PORT=3000
 # S3 file storage (Timeweb Object Storage)
 AWS_ACCESS_KEY_ID={{ s3_access_key }}
 AWS_SECRET_ACCESS_KEY={{ s3_secret_key }}
 AWS_REGION=ru-1
 AWS_S3_UPLOAD_BUCKET_NAME=visual-outline
 AWS_S3_UPLOAD_BUCKET_URL=https://s3.timeweb.cloud
 AWS_S3_FORCE_PATH_STYLE=true
 AWS_S3_ACL=private
 FILE_STORAGE=s3
 # Auth
 AUTH_PROVIDERS=email
 # SMTP via relay on main server (tools-server has outbound SMTP blocked)
 SMTP_HOST={{ ip_main }}
 SMTP_PORT=1025
 SMTP_FROM_EMAIL=noreply@{{ domain_base }}
 SMTP_FROM_NAME=Visual Wiki
 SMTP_SECURE=false
 # Outline DB password (used in docker-compose)
 OUTLINE_DB_PASSWORD={{ outline_db_password }}
 # Optional
 DEFAULT_LANGUAGE=en_US
 RATE_LIMITER_ENABLED=true
 ENABLE_UPDATES=false
 # n8n secrets
 N8N_ENCRYPTION_KEY={{ n8n_encryption_key }}
 N8N_JWT_SECRET={{ n8n_jwt_secret }}