main.yml

---

- name: install postfix
  pacman: name=postfix state=present

- name: install template configs
  template: src={{item}}.j2 dest=/etc/postfix/{{item}} owner=root group=root mode=0644
  notify:
    - reload postfix
  with_items:
    - main.cf
    - master.cf
    - transport
    - aliases
    - relay_transport_map
    - users.pcre

- name: install additional files
  copy: src={{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=0644
  with_items:
    - access_client
    - access_sender
    - access_sender-post-filter
    - access_helo
    - access_recipient
    - body_checks
    - header_checks
    - relocated
    - domains
    - mailman_compat

- name: update aliases db
  command: postalias /etc/postfix/aliases

- name: postmap additional files
  command: postmap /etc/postfix/{{item}}
  with_items:
    - access_client
    - access_sender
    - access_sender-post-filter
    - access_helo
    - access_recipient
    - transport
    - relocated
    - relay_transport_map
    - domains
    - mailman_compat

- name: create dhparam 2048
  command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
  notify:
    - reload postfix

- name: create dhparam 512
  command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
  notify:
    - reload postfix

- name: install postfix cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
  when: postfix_smtpd_public

- name: start and enable postfix
  service: name=postfix enabled=yes state=started

- name: remove old files
  file: path={{item}} state=absent
  with_items:
    - compat_maps
    - compat_maps.db

- name: open firewall holes
  firewalld: service={{item}} permanent=true state=enabled
  with_items:
    - smtp
    - smtp-submission
  when: postfix_smtpd_public and configure_firewall