adelgado/ansible-role-postfix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-postfix/tasks/configure.yml

265 lines
6.3 KiB
YAML
Raw Blame History

---
- name: Create mailname file
copy:
dest: /etc/mailname
content: "{{ inventory_hostname }}"
backup: true
mode: '0644'
notify: Restart postfix
# - name: Template file authmysqlrc
# template:
# src: templates/authmysqlrc.j2
# dest: /etc/courier/authmysqlrc
# owner: root
# group: postfix
# mode: '0550'
# backup: true
# notify: Restart postfix
- name: Template file mysql-body_checks.cf
template:
src: templates/mysql-body_checks.cf.j2
dest: /etc/postfix/mysql-body_checks.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_domains.cf
template:
src: templates/mysql-virtual_domains.cf.j2
dest: /etc/postfix/mysql-virtual_domains.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_email2email.cf
template:
src: templates/mysql-virtual_email2email.cf.j2
dest: /etc/postfix/mysql-virtual_email2email.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_forwardings.cf
template:
src: templates/mysql-virtual_forwardings.cf.j2
dest: /etc/postfix/mysql-virtual_forwardings.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_mailbox_limit_maps.cf
template:
src: templates/mysql-virtual_mailbox_limit_maps.cf.j2
dest: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_mailboxes.cf
template:
src: templates/mysql-virtual_mailboxes.cf.j2
dest: /etc/postfix/mysql-virtual_mailboxes.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file mysql-virtual_transports.cf
template:
src: templates/mysql-virtual_transports.cf.j2
dest: /etc/postfix/mysql-virtual_transports.cf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file smtp
template:
src: templates/smtp.j2
dest: /etc/pam.d/smtp
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Template file smtpd.conf
template:
src: templates/smtpd.conf.j2
dest: /etc/postfix/sasl/smtpd.conf
owner: root
group: postfix
mode: '0550'
backup: true
notify: Restart postfix
- name: Generate DH param certificate
shell:
cmd: /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 2048 && /bin/chmod 600 /etc/ssl/private/dhparams.pem
creates: /etc/ssl/private/dhparams.pem
notify: Restart postfix
- name: Ensure SASL Authdaemond folder exists
file:
path: /var/spool/postfix/var/run/saslauthd
state: directory
owner: root
group: sasl
mode: '0770'
- name: Ensure Postfix spool folders exists
file:
path: /var/spool/postfix/var
state: directory
owner: root
group: root
mode: '0755'
- name: Ensure Postfix spool folders exists
file:
path: /var/spool/postfix/var/run/courier
state: directory
owner: root
group: root
mode: '0755'
- name: Ensure SASL authentication daemon starts
lineinfile:
path: /etc/default/saslauthd
regexp: '^START='
line: 'START=yes'
backup: true
create: true
- name: Ensure SASL authentication daemon spool directory match postfix
lineinfile:
path: /etc/default/saslauthd
regexp: '^OPTIONS='
line: 'OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"'
backup: true
create: true
- name: Ensure SASL authentication daemon use IMAP mechanism
lineinfile:
path: /etc/default/saslauthd
regexp: '^MECHANISMS='
line: 'MECHANISMS="rimap"'
backup: true
create: true
- name: Ensure SASL authentication daemon configure IMAP mechanism
lineinfile:
path: /etc/default/saslauthd
regexp: '^MECH_OPTIONS='
line: 'MECH_OPTIONS="127.0.0.1"'
backup: true
create: true
- name: Ensure SASL authentication daemon is enabled and started
service:
name: saslauthd
state: started
enabled: true
# - name: Ensure CRON job to update clients exists
# cron:
# name: "Update SMTPD trusted clients"
# job: '/etc/postfix/scripts/update_clients.sh'
# user: root
# minute: '20'
# hour: '*/2'
- name: Ensure cron to check if authdaemond is stuck exists
cron:
name: check authdaemond stuck
job: /etc/postfix/scripts/authdaemond_check_stuck.sh
minute: '*/15'
state: absent
- name: Resolve host names
set_fact:
mail_own_networks: "{{ mail_own_networks + [ lookup('community.general.dig', item + '.', '@' + dns_resolver) ] }}"
loop: "{{ mail_own_networks_hosts }}"
- name: Remove duplicates
set_fact:
mail_own_networks: "{{ mail_own_networks | unique | select | list }}"
- name: Ensure allow clients file exists
file:
state: touch
path: /etc/postfix/allowed_clients
owner: root
group: postfix
mode: 0644
- name: Create local aliases
ansible.builtin.lineinfile:
path: /etc/aliases
line: "{{ item.user }}: {{ item.alias }}"
regexp: "^{{ item.user }}: "
loop: "{{ local_aliases }}"
notify: Refresh aliases
- name: Ensure postfix belongs to sasl group
user:
name: postfix
append: true
groups:
- sasl
###################
# #
# This at the end #
# #
###################
- name: Configure postfix main.cf
template:
src: templates/main.cf.j2
dest: /etc/postfix/main.cf
owner: root
group: root
mode: '0644'
backup: true
notify: Restart postfix
- name: Configure postfix master.cf
template:
src: templates/master.cf.j2
dest: /etc/postfix/master.cf
owner: root
group: root
mode: '0644'
backup: true
notify: Restart postfix
- name: Ensure postifx service is started and enabled
service:
name: postfix
enabled: true
state: started
- name: Ensure blacklist is present
lineinfile:
path: /etc/postfix/blacklist
line: "{{ item }} REJECT Blacklisted"
regexp: "^{{ item }} "
backup: true
create: true
loop: "{{ postfix_blacklist }}"
- name: Postmap blacklist
shell: /usr/sbin/postmap /etc/postfix/blacklist
Reference in a new issue View git blame Copy permalink