adrien/ansible-role-postfix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update certificate path for lego
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-01-04 01:32:01 +01:00
parent 2aaaf30ea8
commit 5e69465772
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
3 changed files with 68 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

64
tasks/main.yml
View file

@ -14,6 +14,11 @@
update_cache: yes update_cache: yes
notify: Restart postfix notify: Restart postfix
- name: Include tasks for mail server
include_tasks: server.yml
when:
- postfix_mydestination is defined
- name: Deploy templates - name: Deploy templates
template: template:
src: etc/postfix/{{ item }}.j2 src: etc/postfix/{{ item }}.j2
@ -26,67 +31,12 @@
- master.cf - master.cf
notify: Restart postfix notify: Restart postfix
- name: Include tasks for postgrey
include_tasks: postgrey.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDKM
include_tasks: opendkim.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDMARC
include_tasks: opendmarc.yml
when:
- postfix_mydestination is defined
- name: Include dovecot role
include_role:
name: dovecot
when:
- postfix_mydestination is defined
- name: Install Certificat
include_role:
name: certbot
vars:
certbot_certname: "{{ postfix_myhostname }}"
when:
- postfix_mydestination is defined
register: certificat_changed
- name: Restart postfix after certificat installation
service:
name: postfix
status: restarted
when:
- certificat_changed is changed
- name: Open Firewalld
firewalld:
service: smtp
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined
- name: Open Firewalld
firewalld:
service: smtp-submission
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined
- name: Enable postfix at boot time - name: Enable postfix at boot time
service: service:
name: postfix name: postfix
enabled: yes enabled: yes
state: started state: started
when: # when:
- postfix_mydestination is defined # - postfix_mydestination is defined

55
tasks/server.yml Normal file
View file

@ -0,0 +1,55 @@
---
#- name: Install Certificat
# include_role:
# name: certbot
# vars:
# certbot_certname: "{{ postfix_myhostname }}"
# when:
# - postfix_mydestination is defined
# register: certificat_changed
- name: Include tasks for postgrey
include_tasks: postgrey.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDKM
include_tasks: opendkim.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDMARC
include_tasks: opendmarc.yml
when:
- postfix_mydestination is defined
- name: Include dovecot role
include_role:
name: dovecot
when:
- postfix_mydestination is defined
#- name: Restart postfix after certificat installation
# service:
# name: postfix
# status: restarted
# when:
# - certificat_changed is changed
- name: Open Firewalld
firewalld:
service: smtp
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined
- name: Open Firewalld
firewalld:
service: smtp-submission
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined

12
templates/etc/postfix/main.cf.j2
View file

@ -808,9 +808,9 @@ tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EE
#tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA #tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem smtpd_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key
smtpd_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem smtpd_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt
smtpd_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem smtpd_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
@ -824,9 +824,9 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtpd_tls_eecdh_grade=ultra #smtpd_tls_eecdh_grade=ultra
smtp_tls_security_level = may smtp_tls_security_level = may
smtp_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem smtp_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key
smtp_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem smtp_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt
smtp_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem smtp_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt
smtp_tls_loglevel = 1 smtp_tls_loglevel = 1
smtp_tls_session_cache_timeout = 3600s smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache smtp_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache