mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-05 10:36:03 +02:00
Code Issues
infrastructure/roles/postfix/tasks/main.yml
Kristian Klausen 4112bdf9fd Make ansible-lint happy 
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
2021-02-14 14:22:05 +01:00

114 lines
3.2 KiB
YAML
Raw Blame History

---
- name: install postfix
pacman: name=postfix state=present
- name: install template configs
template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- main.cf
- master.cf
- transport
- transport.pcre
- aliases
- users.pcre
notify:
- restart postfix
- postmap additional files
- update aliases db
- name: install additional files
copy: src={{ item }} dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
with_items:
- access_client
- access_sender
- access_sender-post-filter
- access_helo
- access_recipient
- body_checks
- header_checks
- relocated
- domains
- mailman_compat
- msa_header_checks
notify:
- postmap additional files
- name: create dhparam 2048
command: openssl dhparam -out /etc/postfix/dh2048.pem 2048 creates=/etc/postfix/dh2048.pem
notify:
- reload postfix
- name: create dhparam 512
command: openssl dhparam -out /etc/postfix/dh_512.pem 512 creates=/etc/postfix/dh_512.pem
notify:
- reload postfix
- name: install postfix cert renewal hook
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postfix owner=root group=root mode=0755
when: postfix_smtpd_public
- name: install bouncehandler config
template: src=wiki-bouncehandler.conf.j2 dest={{ postfix_wiki_bounce_config }} owner={{ postfix_wiki_bounce_user }} group=root mode=0600
when: postfix_server
- name: install packages for bounce handler
pacman: name=perl-mediawiki-api,perl-config-simple state=present
when: postfix_server
- name: install bouncehandler script
copy: src=bouncehandler.pl dest={{ postfix_wiki_bounce_mail_handler }} owner=root group=root mode=0755
when: postfix_server
- name: make bouncehandler user
user: name={{ postfix_wiki_bounce_user }} shell=/bin/false skeleton=/var/empty state={{ "present" if postfix_server else "absent" }}
- name: start and enable postfix
service: name=postfix enabled=yes state=started
- name: remove old files
file: path={{ item }} state=absent
with_items:
- compat_maps
- compat_maps.db
- name: install extra packages for relaying via smarthost
when: postfix_relayhost | length > 0
package:
name: cyrus-sasl
state: present
- name: install relay_passwords file
when: postfix_relayhost | length > 0
template:
src: relay_passwords.j2
dest: /etc/postfix/relay_passwords
mode: 0640
owner: root
group: postfix
notify:
- postmap relay_passwords
- name: create user account on mail to relay with
delegate_to: mail.archlinux.org
when: postfix_relayhost | length > 0
user:
name: "{{ inventory_hostname_short }}"
comment: "SMTP Relay Account for {{ inventory_hostname }}"
group: nobody
password: "{{ postfix_relay_password | password_hash('sha512') }}"
shell: /sbin/nologin
update_password: always
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
create_home: true
- name: open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
- smtps
when: postfix_smtpd_public and configure_firewall
tags:
- firewall
View Git Blame Copy Permalink