main.yml 3.19 KB
Newer Older
Florian Pritz's avatar
Florian Pritz committed
1
2
3
---

- name: install postfix
4
  pacman: name=postfix,postfix-pcre state=present
Florian Pritz's avatar
Florian Pritz committed
5

6
- name: install template configs
7
  template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
8
9
10
11
  with_items:
    - main.cf
    - master.cf
    - transport
12
    - transport.pcre
13
    - aliases
14
    - users.pcre
15
  notify:
16
    - restart postfix
17
    - postmap additional files
18
    - update aliases db
Florian Pritz's avatar
Florian Pritz committed
19

20
- name: install additional files
21
  copy: src={{ item }} dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
22
23
24
  with_items:
    - access_client
    - access_sender
25
    - access_sender-post-filter
26
    - access_helo
27
    - access_recipient
28
29
30
    - body_checks
    - header_checks
    - relocated
31
    - domains
32
    - msa_header_checks
33
34
  notify:
    - postmap additional files
35

Florian Pritz's avatar
Florian Pritz committed
36
37
- name: create dhparam 2048
  command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
Florian Pritz's avatar
Florian Pritz committed
38
  notify:
Florian Pritz's avatar
Florian Pritz committed
39
40
    - reload postfix

41
42
43
44
45
46
47
- name: create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ mail_domain }}"]
  when: postfix_smtpd_public

48
49
50
51
- name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

52
- name: install bouncehandler config
53
  template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
54
55
56
57
58
59
60
  when: postfix_server

- name: install packages for bounce handler
  pacman: name=perl-mediawiki-api,perl-config-simple state=present
  when: postfix_server

- name: install bouncehandler script
61
  copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
62
63
64
  when: postfix_server

- name: make bouncehandler user
65
  user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
66

Florian Pritz's avatar
Florian Pritz committed
67
- name: start and enable postfix
Florian Pritz's avatar
Florian Pritz committed
68
  service: name=postfix enabled=yes state=started
Florian Pritz's avatar
Florian Pritz committed
69
70

- name: remove old files
71
  file: path={{ item }} state=absent
Florian Pritz's avatar
Florian Pritz committed
72
73
74
  with_items:
    - compat_maps
    - compat_maps.db
75

76
- name: install extra packages for relaying via smarthost
77
  when: postfix_relayhost | length > 0
78
79
80
81
82
  package:
    name: cyrus-sasl
    state: present

- name: install relay_passwords file
83
  when: postfix_relayhost | length > 0
84
85
86
87
88
89
90
91
92
  template:
    src: relay_passwords.j2
    dest: /etc/postfix/relay_passwords
    mode: 0640
    owner: root
    group: postfix
  notify:
    - postmap relay_passwords

93
94
- name: create user account on mail to relay with
  delegate_to: mail.archlinux.org
95
  when: postfix_relayhost | length > 0
96
  user:
97
98
    name: "{{ inventory_hostname_short }}"
    comment: "SMTP Relay Account for {{ inventory_hostname }}"
99
    group: nobody
100
    password: "{{ postfix_relay_password | password_hash('sha512') }}"
101
    shell: /sbin/nologin
102
    update_password: always
Kristian Klausen's avatar
Kristian Klausen committed
103
104
    home: /home/"{{ inventory_hostname }}"  # Set home directory so shadow.service does not fail
    create_home: true
105

106
- name: open firewall holes
107
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
108
109
110
  with_items:
    - smtp
    - smtp-submission
111
    - smtps
112
  when: postfix_smtpd_public and configure_firewall
113
114
  tags:
    - firewall