ansible-role-postfix/tasks/configure.yml

---
- name: Create mailname file
  copy:
    dest: /etc/mailname
    content: "{{ inventory_hostname }}"
    backup: true
    mode: '0644'
  notify: Restart postfix

- name: Template file authmysqlrc
  template:
    src: templates/authmysqlrc.j2
    dest: /etc/courier/authmysqlrc
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-body_checks.cf
  template:
    src: templates/mysql-body_checks.cf.j2
    dest: /etc/postfix/mysql-body_checks.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_domains.cf
  template:
    src: templates/mysql-virtual_domains.cf.j2
    dest: /etc/postfix/mysql-virtual_domains.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_email2email.cf
  template:
    src: templates/mysql-virtual_email2email.cf.j2
    dest: /etc/postfix/mysql-virtual_email2email.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_forwardings.cf
  template:
    src: templates/mysql-virtual_forwardings.cf.j2
    dest: /etc/postfix/mysql-virtual_forwardings.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_mailbox_limit_maps.cf
  template:
    src: templates/mysql-virtual_mailbox_limit_maps.cf.j2
    dest: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_mailboxes.cf
  template:
    src: templates/mysql-virtual_mailboxes.cf.j2
    dest: /etc/postfix/mysql-virtual_mailboxes.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file mysql-virtual_transports.cf
  template:
    src: templates/mysql-virtual_transports.cf.j2
    dest: /etc/postfix/mysql-virtual_transports.cf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file smtp
  template:
    src: templates/smtp.j2
    dest: /etc/pam.d/smtp
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Template file smtpd.conf
  template:
    src: templates/smtpd.conf.j2
    dest: /etc/postfix/sasl/smtpd.conf
    owner: root
    group: postfix
    mode: '0550'
    backup: true
  notify: Restart postfix

- name: Generate DH param certificate
  shell:
    cmd: /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 2048 && /bin/chmod 600 /etc/ssl/private/dhparams.pem
    creates: /etc/ssl/private/dhparams.pem
  notify: Restart postfix

- name: Ensure SASL Authdaemond folder exists
  file:
    path: /var/spool/postfix/var/run/saslauthd
    state: directory
    owner: root
    group: sasl
    mode: '0770'

- name: Ensure Postfix spool folders exists
  file:
    path: /var/spool/postfix/var
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Ensure Postfix spool folders exists
  file:
    path: /var/spool/postfix/var/run/courier
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Ensure SASL authentication daemon starts
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^START='
    line: 'START=yes'
    backup: true
    create: true

- name: Ensure SASL authentication daemon spool directory match postfix
  lineinfile:
    path: /etc/default/saslauthd
    regexp: '^OPTIONS='
    line: 'OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"'
    backup: true
    create: true

- name: Ensure CRON job to update clients exists
  cron:
    name: "Update SMTPD trusted clients"
    job: '/etc/postfix/scripts/update_clients.sh'
    user: root
    minute: '20'

- name: Ensure cron to check if authdaemond is stuck exists
  cron:
    name: check authdaemond stuck
    job: /etc/postfix/scripts/authdaemond_check_stuck.sh
    minute: '*/5'
    state: absent

- name: Resolve host names
  set_fact:
    mail_own_networks: "{{ mail_own_networks + [ lookup('community.general.dig', item + '.', '@' + dns_resolver) ] }}"
  loop: "{{ mail_own_networks_hosts }}"

- name: Remove duplicates
  set_fact:
    mail_own_networks: "{{ mail_own_networks | unique | select | list }}"

- name: Ensure allow clients file exists
  file:
    state: touch
    path: /etc/postfix/allowed_clients
    owner: root
    group: postfix
    mode: 0640
###################
#                 #
# This at the end #
#                 #
###################
- name: Configure postfix main.cf
  template:
    src: templates/main.cf.j2
    dest: /etc/postfix/main.cf
    owner: root
    group: root
    mode: '0644'
    backup: true
  notify: Restart postfix

- name: Configure postfix master.cf
  template:
    src: templates/master.cf.j2
    dest: /etc/postfix/master.cf
    owner: root
    group: root
    mode: '0644'
    backup: true
  notify: Restart postfix

- name: Ensure postifx service is started and enabled
  service:
    name: postfix
    enabled: true
    state: started
Initial commit with previous code 2022-10-11 09:19:06 +02:00			`---`
			`- name: Create mailname file`
			`copy:`
			`dest: /etc/mailname`
			`content: "{{ inventory_hostname }}"`
			`backup: true`
			`mode: '0644'`
			`notify: Restart postfix`

			`- name: Template file authmysqlrc`
			`template:`
			`src: templates/authmysqlrc.j2`
			`dest: /etc/courier/authmysqlrc`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-body_checks.cf`
			`template:`
			`src: templates/mysql-body_checks.cf.j2`
			`dest: /etc/postfix/mysql-body_checks.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_domains.cf`
			`template:`
			`src: templates/mysql-virtual_domains.cf.j2`
			`dest: /etc/postfix/mysql-virtual_domains.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_email2email.cf`
			`template:`
			`src: templates/mysql-virtual_email2email.cf.j2`
			`dest: /etc/postfix/mysql-virtual_email2email.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_forwardings.cf`
			`template:`
			`src: templates/mysql-virtual_forwardings.cf.j2`
			`dest: /etc/postfix/mysql-virtual_forwardings.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_mailbox_limit_maps.cf`
			`template:`
			`src: templates/mysql-virtual_mailbox_limit_maps.cf.j2`
			`dest: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_mailboxes.cf`
			`template:`
			`src: templates/mysql-virtual_mailboxes.cf.j2`
			`dest: /etc/postfix/mysql-virtual_mailboxes.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file mysql-virtual_transports.cf`
			`template:`
			`src: templates/mysql-virtual_transports.cf.j2`
			`dest: /etc/postfix/mysql-virtual_transports.cf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file smtp`
			`template:`
			`src: templates/smtp.j2`
			`dest: /etc/pam.d/smtp`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Template file smtpd.conf`
			`template:`
			`src: templates/smtpd.conf.j2`
			`dest: /etc/postfix/sasl/smtpd.conf`
			`owner: root`
			`group: postfix`
			`mode: '0550'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Generate DH param certificate`
			`shell:`
			`cmd: /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 2048 && /bin/chmod 600 /etc/ssl/private/dhparams.pem`
			`creates: /etc/ssl/private/dhparams.pem`
			`notify: Restart postfix`

			`- name: Ensure SASL Authdaemond folder exists`
			`file:`
			`path: /var/spool/postfix/var/run/saslauthd`
			`state: directory`
			`owner: root`
			`group: sasl`
			`mode: '0770'`

			`- name: Ensure Postfix spool folders exists`
			`file:`
			`path: /var/spool/postfix/var`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '0755'`

			`- name: Ensure Postfix spool folders exists`
			`file:`
			`path: /var/spool/postfix/var/run/courier`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '0755'`

			`- name: Ensure SASL authentication daemon starts`
			`lineinfile:`
			`path: /etc/default/saslauthd`
			`regexp: '^START='`
			`line: 'START=yes'`
			`backup: true`
			`create: true`

			`- name: Ensure SASL authentication daemon spool directory match postfix`
			`lineinfile:`
			`path: /etc/default/saslauthd`
			`regexp: '^OPTIONS='`
			`line: 'OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"'`
			`backup: true`
			`create: true`

			`- name: Ensure CRON job to update clients exists`
			`cron:`
			`name: "Update SMTPD trusted clients"`
			`job: '/etc/postfix/scripts/update_clients.sh'`
			`user: root`
			`minute: '20'`

			`- name: Ensure cron to check if authdaemond is stuck exists`
			`cron:`
			`name: check authdaemond stuck`
			`job: /etc/postfix/scripts/authdaemond_check_stuck.sh`
			`minute: '*/5'`
			`state: absent`

			`- name: Resolve host names`
			`set_fact:`
			`mail_own_networks: "{{ mail_own_networks + [ lookup('community.general.dig', item + '.', '@' + dns_resolver) ] }}"`
			`loop: "{{ mail_own_networks_hosts }}"`

			`- name: Remove duplicates`
			`set_fact:`
			`mail_own_networks: "{{ mail_own_networks \| unique \| select \| list }}"`
configure permissions and default to version 3.6 2022-10-13 14:59:26 +02:00
			`- name: Ensure allow clients file exists`
			`file:`
			`state: touch`
			`path: /etc/postfix/allowed_clients`
			`owner: root`
			`group: postfix`
			`mode: 0640`
Initial commit with previous code 2022-10-11 09:19:06 +02:00			`###################`
			`# #`
			`# This at the end #`
			`# #`
			`###################`
			`- name: Configure postfix main.cf`
			`template:`
			`src: templates/main.cf.j2`
			`dest: /etc/postfix/main.cf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Configure postfix master.cf`
			`template:`
			`src: templates/master.cf.j2`
			`dest: /etc/postfix/master.cf`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: true`
			`notify: Restart postfix`

			`- name: Ensure postifx service is started and enabled`
			`service:`
			`name: postfix`
			`enabled: true`
			`state: started`