main.yml 1.85 KB
Newer Older
Florian Pritz's avatar
Florian Pritz committed
1
2
3
4
5
---

- name: install postfix
  pacman: name=postfix state=present

6
- name: install template configs
7
  template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
Florian Pritz's avatar
Florian Pritz committed
8
  notify:
Florian Pritz's avatar
Florian Pritz committed
9
    - reload postfix
10
11
12
13
14
  with_items:
    - main.cf
    - master.cf
    - transport
    - aliases
15
    - relay_transport_map
16
    - users.pcre
Florian Pritz's avatar
Florian Pritz committed
17

18
- name: install additional files
19
  copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
20
21
22
  with_items:
    - access_client
    - access_sender
23
    - access_sender-post-filter
24
    - access_helo
25
    - access_recipient
26
27
28
    - body_checks
    - header_checks
    - relocated
29
30
    - domains
    - mailman_compat
31

32
33
34
- name: update aliases db
  command: postalias /etc/postfix/aliases

35
36
37
38
39
- name: postmap additional files
  command: postmap /etc/postfix/{{item}}
  with_items:
    - access_client
    - access_sender
40
    - access_sender-post-filter
41
    - access_helo
42
    - access_recipient
43
44
    - transport
    - relocated
45
    - relay_transport_map
46
47
    - domains
    - mailman_compat
48

Florian Pritz's avatar
Florian Pritz committed
49
50
- name: create dhparam 2048
  command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
Florian Pritz's avatar
Florian Pritz committed
51
  notify:
Florian Pritz's avatar
Florian Pritz committed
52
53
54
55
    - reload postfix

- name: create dhparam 512
  command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
Florian Pritz's avatar
Florian Pritz committed
56
  notify:
Florian Pritz's avatar
Florian Pritz committed
57
58
    - reload postfix

59
60
61
62
- name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

Florian Pritz's avatar
Florian Pritz committed
63
- name: start and enable postfix
Florian Pritz's avatar
Florian Pritz committed
64
  service: name=postfix enabled=yes state=started
Florian Pritz's avatar
Florian Pritz committed
65
66
67
68
69
70

- name: remove old files
  file: path={{item}} state=absent
  with_items:
    - compat_maps
    - compat_maps.db
71
72
73
74
75
76

- name: open firewall holes
  firewalld: service={{item}} permanent=true state=enabled
  with_items:
    - smtp
    - smtp-submission
Florian Pritz's avatar
Florian Pritz committed
77
  when: postfix_smtpd_public and configure_firewall