adrien/ansible-role-postfix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Externalize role

Browse source
This commit is contained in:
Adrien Reslinger 2018-10-08 19:35:21 +02:00
commit 6dd27f2df4
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
18 changed files with 1740 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

74
tasks/main.yml Normal file
View file

@ -0,0 +1,74 @@
---
- name: Include vars for {{ ansible_os_family }}
include_vars: "{{ ansible_os_family }}.yml"
- name: Include vars for {{ ansible_os_family }} for Mail Server
include_vars: "{{ ansible_os_family }}_server.yml"
when:
- postfix_mydestination is defined
- name: install packages
package: name="{{ postfix_packages }}" state=latest update_cache=yes
notify: Restart postfix
- name: Deploy templates
template: src=etc/postfix/{{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- main.cf
- master.cf
notify: Restart postfix
- name: Include tasks for postgrey
include_tasks: postgrey.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDKM
include_tasks: opendkim.yml
when:
- postfix_mydestination is defined
- name: Include tasks for OpenDMARC
include_tasks: opendmarc.yml
when:
- postfix_mydestination is defined
- name: Include dovecot role
include_role:
name: dovecot
when:
- postfix_mydestination is defined
- name: Install Certificat
include_role:
name: certbot
vars:
certbot_certname: "{{ postfix_myhostname }}"
when:
- postfix_mydestination is defined
notify: Restart postfix
- name: Open Firewalld
firewalld:
service: smtp
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined
- name: Open Firewalld
firewalld:
service: smtp-submission
permanent: true
state: enabled
immediate: true
when:
- postfix_mydestination is defined
- name: Enable postfix at boot time
service: name=postfix enabled=yes state=started
when:
- postfix_mydestination is defined

31
tasks/opendkim.yml Normal file
View file

@ -0,0 +1,31 @@
---
# Need EPEL repo
- name: Make {{ postfix_mydomain }} keys directory
file: path=/etc/opendkim/keys/{{ postfix_mydomain }} state=directory owner=opendkim group=opendkim mode=0750
- name: Install template config file
template: src=etc/{{ item }}.j2 dest=/etc/{{ item }} owner=opendkim group=opendkim mode=0640
with_items:
- opendkim.conf
- opendkim/SigningTable
- opendkim/KeyTable
- opendkim/TrustedHosts
notify: Restart OpenDKIM
# Generate keys if theire doesn't exists
# opendkim-genkey -D /etc/opendkim/keys/{{ postfix_mydomain }}/ -d {{ postfix_mydomain }} -s default
- name: Copy specifics files
copy: src=etc/opendkim/keys/{{ postfix_mydomain }}/{{ item }} dest=/etc/opendkim/keys/{{ postfix_mydomain }}/{{ item }} owner=opendkim group=opendkim mode=0600
with_items:
- default.private
- default.txt
notify: Restart OpenDKIM
# Add /etc/opendkim/keys/{{ postfix_mydomain }}/default.txt in DNS zone
- name: Enable OpenDKIM on boot
service: name=opendkim state=started enabled=yes

22
tasks/opendmarc.yml Normal file
View file

@ -0,0 +1,22 @@
---
# Need EPEL repo
- name: Install template config file
template: src=etc/opendmarc.conf.j2 dest=/etc/opendmarc.conf owner=root group=root mode=0644
- name: Install update public_suffix_list file for opendmarc
get_url:
url: https://publicsuffix.org/list/public_suffix_list.dat
dest: /etc/opendmarc/public_suffix_list.dat
group: opendmarc
owner: opendmarc
mode: 0644
- name: Install updater script
copy: src=etc/cron.weekly/opendmarc dest=/etc/cron.weekly/opendmarc owner=root group=root mode=0755
notify: Restart OpenDMARC
- name: Enable OpenDMARC on boot
service: name=opendmarc state=started enabled=yes

5
tasks/postgrey.yml Normal file
View file

@ -0,0 +1,5 @@
- name: Install script to update postgrey whitelist
copy: src=usr/local/sbin/update_postgrey_whitelist.sh dest=/usr/local/sbin/update_postgrey_whitelist.sh owner=root group=root mode=0755
- name: Enable postgrey at boot time
service: name=postgrey enabled=yes state=started