diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-04 18:46:14 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
commit | 91883b0b5498e38e2626b0c9792fd2a23a967d9e (patch) | |
tree | 5dc141a7ae0d976442a0e792622a7492e7e35782 /roles/mail | |
parent | c45e57681e15cc53193810569a966467e6781ddc (diff) | |
download | ansible-dfly-vps-91883b0b5498e38e2626b0c9792fd2a23a967d9e.tar.bz2 |
add mail role: preliminary, setup DKIM keys
Diffstat (limited to 'roles/mail')
-rw-r--r-- | roles/mail/tasks/dkim-genkey.yml | 25 | ||||
-rw-r--r-- | roles/mail/tasks/main.yml | 48 |
2 files changed, 73 insertions, 0 deletions
diff --git a/roles/mail/tasks/dkim-genkey.yml b/roles/mail/tasks/dkim-genkey.yml new file mode 100644 index 0000000..467a5b9 --- /dev/null +++ b/roles/mail/tasks/dkim-genkey.yml @@ -0,0 +1,25 @@ +--- +- set_fact: + domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem" + +- name: (local) dkim - check domain private key existence + become: false + stat: + path: "{{ domain_keyfile }}" + delegate_to: localhost + register: stat_result + +- name: (local) dkim - generate domain private key + become: false + command: > + openssl genrsa + -out "{{ domain_keyfile }}" "{{ mail.dkim.bits }}" + delegate_to: localhost + when: not stat_result.stat.exists + +- name: dkim - copy domain private key + copy: + src: "{{ domain_keyfile }}" + dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }} + group: mailnull + mode: 0440 diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml new file mode 100644 index 0000000..019a2e0 --- /dev/null +++ b/roles/mail/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: install packages + pkgng: + name: "{{ item }}" + state: present + with_items: + - postfix + - dovecot + - opendkim + +- name: dkim - create directory + file: + path: /usr/local/etc/mail/dkim + state: directory + +- name: dkim - generate domain keys + include_tasks: dkim-genkey.yml domain={{ item }} + with_items: "{{ mail.domains }}" + +- name: postfix - set as mailer/MTA + file: + path: /etc/mail/mailer.conf + src: /etc/mail/mailer.conf.postfix + state: link + force: true + +- name: postfix - enable postfix and disable sendmail + blockinfile: + path: /etc/rc.conf + marker: "# {mark} ANSIBLE MANAGED - postfix" + block: | + postfix_enable="YES" + # Completely disable sendmail(8) in favor of Postfix + sendmail_enable="NO" + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" + sendmail_msp_queue_enable="NO" + +- name: postfix - disable sendmail periodic tasks + blockinfile: + path: /etc/periodic.conf + marker: "# {mark} ANSIBLE MANAGED - postfix" + block: | + # Disable sendmail(8) tasks in favor of Postfix + daily_clean_hoststat_enable="NO" + daily_status_mail_rejects_enable="NO" + daily_status_include_submit_mailq="NO" + daily_submit_queuerun="NO" |