mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mysql_dashboard
infrastructure/roles/postfix/tasks/main.yml
Giancarlo Razzolini aff335e85b
roles/postfix: Remove the tasks related to apollo from the postfix role 
Apollo had special firewall rules, removed them from the role.
2020-12-29 07:33:48 -03:00

116 lines
3.2 KiB
YAML
Raw Permalink Blame History

---
- name: install postfix
pacman: name=postfix state=present
- name: install template configs
template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- main.cf
- master.cf
- transport
- transport.pcre
- aliases
- users.pcre
notify:
- restart postfix
- postmap additional files
- update aliases db
- name: install additional files
copy: src={{ item }} dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- access_client
- access_sender
- access_sender-post-filter
- access_helo
- access_recipient
- body_checks
- header_checks
- relocated
- domains
- mailman_compat
- msa_header_checks
notify:
- postmap additional files
- name: create dhparam 2048
command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
notify:
- reload postfix
- name: create dhparam 512
command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
notify:
- reload postfix
- name: install postfix cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
when: postfix_smtpd_public
- name: install bouncehandler config
template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
when: postfix_server
- name: install packages for bounce handler
pacman: name=perl-mediawiki-api,perl-config-simple state=present
when: postfix_server
- name: install bouncehandler script
copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
when: postfix_server
- name: make bouncehandler user
user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
- name: start and enable postfix
service: name=postfix enabled=yes state=started
- name: remove old files
file: path={{ item }} state=absent
with_items:
- compat_maps
- compat_maps.db
- name: install extra packages for relaying via smarthost
when: postfix_relayhost | length > 0
package:
name: cyrus-sasl
state: present
- name: install relay_passwords file
when: postfix_relayhost | length > 0
template:
src: relay_passwords.j2
dest: /etc/postfix/relay_passwords
mode: 0640
owner: root
group: postfix
notify:
- postmap relay_passwords
- name: create user account on mail to relay with
delegate_to: mail.archlinux.org
when: postfix_relayhost | length > 0
user:
name: "{{ inventory_hostname_short }}"
comment: "SMTP Relay Account for {{ inventory_hostname }}"
group: nobody
password: "{{ postfix_relay_password | password_hash('sha512') }}"
shell: /sbin/nologin
update_password: always
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
create_home: yes
- name: open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
- smtps
when: postfix_smtpd_public and configure_firewall
tags:
- firewall
View Git Blame Copy Permalink