mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 10:36:03 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
114 lines
3.2 KiB
YAML
114 lines
3.2 KiB
YAML
---
|
|
|
|
- name: install postfix
|
|
pacman: name=postfix state=present
|
|
|
|
- name: install template configs
|
|
template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- main.cf
|
|
- master.cf
|
|
- transport
|
|
- transport.pcre
|
|
- aliases
|
|
- users.pcre
|
|
notify:
|
|
- restart postfix
|
|
- postmap additional files
|
|
- update aliases db
|
|
|
|
- name: install additional files
|
|
copy: src={{ item }} dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- access_client
|
|
- access_sender
|
|
- access_sender-post-filter
|
|
- access_helo
|
|
- access_recipient
|
|
- body_checks
|
|
- header_checks
|
|
- relocated
|
|
- domains
|
|
- mailman_compat
|
|
- msa_header_checks
|
|
notify:
|
|
- postmap additional files
|
|
|
|
- name: create dhparam 2048
|
|
command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
|
|
notify:
|
|
- reload postfix
|
|
|
|
- name: create dhparam 512
|
|
command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
|
|
notify:
|
|
- reload postfix
|
|
|
|
- name: install postfix cert renewal hook
|
|
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
|
|
when: postfix_smtpd_public
|
|
|
|
- name: install bouncehandler config
|
|
template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
|
|
when: postfix_server
|
|
|
|
- name: install packages for bounce handler
|
|
pacman: name=perl-mediawiki-api,perl-config-simple state=present
|
|
when: postfix_server
|
|
|
|
- name: install bouncehandler script
|
|
copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
|
|
when: postfix_server
|
|
|
|
- name: make bouncehandler user
|
|
user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
|
|
|
|
- name: start and enable postfix
|
|
service: name=postfix enabled=yes state=started
|
|
|
|
- name: remove old files
|
|
file: path={{ item }} state=absent
|
|
with_items:
|
|
- compat_maps
|
|
- compat_maps.db
|
|
|
|
- name: install extra packages for relaying via smarthost
|
|
when: postfix_relayhost | length > 0
|
|
package:
|
|
name: cyrus-sasl
|
|
state: present
|
|
|
|
- name: install relay_passwords file
|
|
when: postfix_relayhost | length > 0
|
|
template:
|
|
src: relay_passwords.j2
|
|
dest: /etc/postfix/relay_passwords
|
|
mode: 0640
|
|
owner: root
|
|
group: postfix
|
|
notify:
|
|
- postmap relay_passwords
|
|
|
|
- name: create user account on mail to relay with
|
|
delegate_to: mail.archlinux.org
|
|
when: postfix_relayhost | length > 0
|
|
user:
|
|
name: "{{ inventory_hostname_short }}"
|
|
comment: "SMTP Relay Account for {{ inventory_hostname }}"
|
|
group: nobody
|
|
password: "{{ postfix_relay_password | password_hash('sha512') }}"
|
|
shell: /sbin/nologin
|
|
update_password: always
|
|
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
|
|
create_home: true
|
|
|
|
- name: open firewall holes
|
|
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
|
with_items:
|
|
- smtp
|
|
- smtp-submission
|
|
- smtps
|
|
when: postfix_smtpd_public and configure_firewall
|
|
tags:
|
|
- firewall
|