diff --git a/tasks/main.yml b/tasks/main.yml index 1ed303c..f77b3fe 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,6 +14,11 @@ update_cache: yes notify: Restart postfix +- name: Include tasks for mail server + include_tasks: server.yml + when: + - postfix_mydestination is defined + - name: Deploy templates template: src: etc/postfix/{{ item }}.j2 @@ -26,67 +31,12 @@ - master.cf notify: Restart postfix -- name: Include tasks for postgrey - include_tasks: postgrey.yml - when: - - postfix_mydestination is defined - -- name: Include tasks for OpenDKM - include_tasks: opendkim.yml - when: - - postfix_mydestination is defined - -- name: Include tasks for OpenDMARC - include_tasks: opendmarc.yml - when: - - postfix_mydestination is defined - -- name: Include dovecot role - include_role: - name: dovecot - when: - - postfix_mydestination is defined - -- name: Install Certificat - include_role: - name: certbot - vars: - certbot_certname: "{{ postfix_myhostname }}" - when: - - postfix_mydestination is defined - register: certificat_changed - -- name: Restart postfix after certificat installation - service: - name: postfix - status: restarted - when: - - certificat_changed is changed - -- name: Open Firewalld - firewalld: - service: smtp - permanent: true - state: enabled - immediate: true - when: - - postfix_mydestination is defined - -- name: Open Firewalld - firewalld: - service: smtp-submission - permanent: true - state: enabled - immediate: true - when: - - postfix_mydestination is defined - - name: Enable postfix at boot time service: name: postfix enabled: yes state: started - when: - - postfix_mydestination is defined +# when: +# - postfix_mydestination is defined diff --git a/tasks/server.yml b/tasks/server.yml new file mode 100644 index 0000000..a421cc5 --- /dev/null +++ b/tasks/server.yml @@ -0,0 +1,55 @@ +--- +#- name: Install Certificat +# include_role: +# name: certbot +# vars: +# certbot_certname: "{{ postfix_myhostname }}" +# when: +# - postfix_mydestination is defined +# register: certificat_changed + +- name: Include tasks for postgrey + include_tasks: postgrey.yml + when: + - postfix_mydestination is defined + +- name: Include tasks for OpenDKM + include_tasks: opendkim.yml + when: + - postfix_mydestination is defined + +- name: Include tasks for OpenDMARC + include_tasks: opendmarc.yml + when: + - postfix_mydestination is defined + +- name: Include dovecot role + include_role: + name: dovecot + when: + - postfix_mydestination is defined + +#- name: Restart postfix after certificat installation +# service: +# name: postfix +# status: restarted +# when: +# - certificat_changed is changed + +- name: Open Firewalld + firewalld: + service: smtp + permanent: true + state: enabled + immediate: true + when: + - postfix_mydestination is defined + +- name: Open Firewalld + firewalld: + service: smtp-submission + permanent: true + state: enabled + immediate: true + when: + - postfix_mydestination is defined diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2 index e28a0f5..b7816e7 100644 --- a/templates/etc/postfix/main.cf.j2 +++ b/templates/etc/postfix/main.cf.j2 @@ -808,9 +808,9 @@ tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EE #tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA smtpd_tls_security_level = may -smtpd_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem -smtpd_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem -smtpd_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem +smtpd_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key +smtpd_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt +smtpd_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt smtpd_tls_loglevel = 1 smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache @@ -824,9 +824,9 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtpd_tls_eecdh_grade=ultra smtp_tls_security_level = may -smtp_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem -smtp_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem -smtp_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem +smtp_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key +smtp_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt +smtp_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt smtp_tls_loglevel = 1 smtp_tls_session_cache_timeout = 3600s smtp_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache