Update certificate path for lego

2021-01-04 01:32:01 +01:00 · 2021-01-04 01:32:01 +01:00 · 5e69465772
commit 5e69465772
parent 2aaaf30ea8
3 changed files with 68 additions and 63 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -14,6 +14,11 @@
    update_cache: yes
  notify: Restart postfix

+- name: Include tasks for mail server
+  include_tasks: server.yml
+  when:
+    - postfix_mydestination is defined
+
 - name: Deploy templates
  template:
    src: etc/postfix/{{ item }}.j2
@ -26,67 +31,12 @@
    - master.cf
  notify: Restart postfix

- name: Include tasks for postgrey
-  include_tasks: postgrey.yml
-  when:
-    - postfix_mydestination is defined
-
- name: Include tasks for OpenDKM
-  include_tasks: opendkim.yml
-  when:
-    - postfix_mydestination is defined
-
- name: Include tasks for OpenDMARC
-  include_tasks: opendmarc.yml
-  when:
-    - postfix_mydestination is defined
-
- name: Include dovecot role
-  include_role:
-    name: dovecot
-  when:
-    - postfix_mydestination is defined
-
- name: Install Certificat
-  include_role:
-    name: certbot
-  vars:
-    certbot_certname: "{{ postfix_myhostname }}"
-  when:
-    - postfix_mydestination is defined
-  register: certificat_changed
-
- name: Restart postfix after certificat installation
-  service:
-    name: postfix
-    status: restarted
-  when:
-    - certificat_changed is changed
-
- name: Open Firewalld
-  firewalld:
-    service: smtp
-    permanent: true
-    state: enabled
-    immediate: true
-  when:
-    - postfix_mydestination is defined
-
- name: Open Firewalld
-  firewalld:
-    service: smtp-submission
-    permanent: true
-    state: enabled
-    immediate: true
-  when:
-    - postfix_mydestination is defined
-
 - name: Enable postfix at boot time
  service:
    name: postfix
    enabled: yes
    state: started
-  when:
-    - postfix_mydestination is defined
+#  when:
+#    - postfix_mydestination is defined


--- a/tasks/server.yml
+++ b/tasks/server.yml
@ -0,0 +1,55 @@
+---
+#- name: Install Certificat
+#  include_role:
+#    name: certbot
+#  vars:
+#    certbot_certname: "{{ postfix_myhostname }}"
+#  when:
+#    - postfix_mydestination is defined
+#  register: certificat_changed
+
+- name: Include tasks for postgrey
+  include_tasks: postgrey.yml
+  when:
+    - postfix_mydestination is defined
+
+- name: Include tasks for OpenDKM
+  include_tasks: opendkim.yml
+  when:
+    - postfix_mydestination is defined
+
+- name: Include tasks for OpenDMARC
+  include_tasks: opendmarc.yml
+  when:
+    - postfix_mydestination is defined
+
+- name: Include dovecot role
+  include_role:
+    name: dovecot
+  when:
+    - postfix_mydestination is defined
+
+#- name: Restart postfix after certificat installation
+#  service:
+#    name: postfix
+#    status: restarted
+#  when:
+#    - certificat_changed is changed
+
+- name: Open Firewalld
+  firewalld:
+    service: smtp
+    permanent: true
+    state: enabled
+    immediate: true
+  when:
+    - postfix_mydestination is defined
+
+- name: Open Firewalld
+  firewalld:
+    service: smtp-submission
+    permanent: true
+    state: enabled
+    immediate: true
+  when:
+    - postfix_mydestination is defined
--- a/templates/etc/postfix/main.cf.j2
+++ b/templates/etc/postfix/main.cf.j2
@ -808,9 +808,9 @@ tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EE
 #tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

 smtpd_tls_security_level = may
-smtpd_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem
-smtpd_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem
-smtpd_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem
+smtpd_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key
+smtpd_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt
+smtpd_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt
 smtpd_tls_loglevel = 1
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
@ -824,9 +824,9 @@ smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 #smtpd_tls_eecdh_grade=ultra

 smtp_tls_security_level = may
-smtp_tls_key_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/privkey.pem
-smtp_tls_cert_file = /etc/letsencrypt/live/{{ postfix_myhostname }}/cert.pem
-smtp_tls_CAfile = /etc/letsencrypt/live/{{ postfix_myhostname }}/chain.pem
+smtp_tls_key_file = /etc/lego/certificates/{{ postfix_myhostname }}.key
+smtp_tls_cert_file = /etc/lego/certificates/{{ postfix_myhostname }}.crt
+smtp_tls_CAfile = /etc/lego/certificates/{{ postfix_myhostname }}.issuer.crt
 smtp_tls_loglevel = 1
 smtp_tls_session_cache_timeout = 3600s
 smtp_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache