mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
89d84e03ab
As it turns out the value for this filters "rounds" parameter strongly differs depending on the installed python crypto backend, since python-crypt uses 5000 rounds while python-passlib uses 656000 rounds set a default parameter according to ansible documentation. As really high values for "rounds" lead to some login timeouts it makes sense for us to use a fixed value for this parameter. In this case 5000 have been chosen as this value reflects the defaults from python-crypt aswell as /etc/login.defs in the shadow package. Link: https://github.com/ansible/ansible/pull/77963/files Related-to: https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/250 Signed-off-by: Christian Heusel <christian@heusel.eu>
26 lines
940 B
YAML
26 lines
940 B
YAML
- name: Install postfix
|
|
pacman: name=postfix state=present
|
|
|
|
- name: Install template configs
|
|
template: src={{ item.file }}.j2 dest=/etc/postfix/{{ item.file }} owner=root group={{ item.group }} mode={{ item.mode }}
|
|
with_items:
|
|
- {file: main.cf, group: root, mode: 644}
|
|
- {file: relay_passwords, group: postfix, mode: 640}
|
|
notify:
|
|
- Reload postfix
|
|
|
|
- name: Create user account on mail to relay with
|
|
delegate_to: mail.archlinux.org
|
|
ansible.builtin.user:
|
|
name: "{{ inventory_hostname_short }}"
|
|
comment: "SMTP Relay Account for {{ inventory_hostname }}"
|
|
group: nobody
|
|
password: "{{ postfix_relay_password | password_hash('sha512', rounds=5000) }}"
|
|
shell: /sbin/nologin
|
|
update_password: always
|
|
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
|
|
create_home: true
|
|
|
|
- name: Start and enable postfix
|
|
service: name=postfix enabled=yes state=started
|