main.yml 3.26 KB
Newer Older
Florian Pritz's avatar
Florian Pritz committed
1
2
3
4
5
---

- name: install postfix
  pacman: name=postfix state=present

6
- name: install template configs
7
  template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
Florian Pritz's avatar
Florian Pritz committed
8
  notify:
Florian Pritz's avatar
Florian Pritz committed
9
    - reload postfix
10
11
12
13
  with_items:
    - main.cf
    - master.cf
    - transport
14
    - transport.pcre
15
    - aliases
16
    - relay_transport_map
17
    - users.pcre
Florian Pritz's avatar
Florian Pritz committed
18

19
- name: install additional files
20
  copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
21
22
23
  with_items:
    - access_client
    - access_sender
24
    - access_sender-post-filter
25
    - access_helo
26
    - access_recipient
27
28
29
    - body_checks
    - header_checks
    - relocated
30
31
    - domains
    - mailman_compat
32

33
34
35
- name: update aliases db
  command: postalias /etc/postfix/aliases

36
37
38
39
40
- name: postmap additional files
  command: postmap /etc/postfix/{{item}}
  with_items:
    - access_client
    - access_sender
41
    - access_sender-post-filter
42
    - access_helo
43
    - access_recipient
44
45
    - transport
    - relocated
46
    - relay_transport_map
47
48
    - domains
    - mailman_compat
49

Florian Pritz's avatar
Florian Pritz committed
50
51
- name: create dhparam 2048
  command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
Florian Pritz's avatar
Florian Pritz committed
52
  notify:
Florian Pritz's avatar
Florian Pritz committed
53
54
55
56
    - reload postfix

- name: create dhparam 512
  command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
Florian Pritz's avatar
Florian Pritz committed
57
  notify:
Florian Pritz's avatar
Florian Pritz committed
58
59
    - reload postfix

60
61
62
63
- name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
- name: install bouncehandler config
  template: src=wiki-bouncehandler.conf.j2 dest={{postfix_wiki_bounce_config}} owner={{postfix_wiki_bounce_user}} group=root mode=0600
  when: postfix_server

- name: install packages for bounce handler
  pacman: name=perl-mediawiki-api,perl-config-simple state=present
  when: postfix_server

- name: install bouncehandler script
  copy: src=bouncehandler.pl dest={{postfix_wiki_bounce_mail_handler}} owner=root group=root mode=0755
  when: postfix_server

- name: make bouncehandler user
  user: name={{postfix_wiki_bounce_user}} shell=/bin/false skeleton=/var/empty state={{"present" if postfix_server else "absent"}}

Florian Pritz's avatar
Florian Pritz committed
79
- name: start and enable postfix
Florian Pritz's avatar
Florian Pritz committed
80
  service: name=postfix enabled=yes state=started
Florian Pritz's avatar
Florian Pritz committed
81
82
83
84
85
86

- name: remove old files
  file: path={{item}} state=absent
  with_items:
    - compat_maps
    - compat_maps.db
87

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
- name: install extra packages for relaying via smarthost
  when: postfix_relayhost != ""
  package:
    name: cyrus-sasl
    state: present

- name: install relay_passwords file
  when: postfix_relayhost != ""
  template:
    src: relay_passwords.j2
    dest: /etc/postfix/relay_passwords
    mode: 0640
    owner: root
    group: postfix
  notify:
    - postmap relay_passwords

- name: create user account on orion to relay with
  delegate_to: orion.archlinux.org
  when: postfix_relayhost != ""
  user:
    name: "{{inventory_hostname_short}}"
    comment: "SMTP Relay Account for {{inventory_hostname}}"
    group: nobody
    password: ""
    shell: /sbin/nologin
    update_password: on_create
    create_home: no

117
- name: open firewall holes
118
  firewalld: service={{item}} permanent=true state=enabled immediate=yes
119
120
121
  with_items:
    - smtp
    - smtp-submission
Florian Pritz's avatar
Florian Pritz committed
122
  when: postfix_smtpd_public and configure_firewall
123
124
  tags:
    - firewall