aboutsummaryrefslogtreecommitdiffstats
path: root/roles/mail
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-04 18:46:14 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:08 +0800
commit91883b0b5498e38e2626b0c9792fd2a23a967d9e (patch)
tree5dc141a7ae0d976442a0e792622a7492e7e35782 /roles/mail
parentc45e57681e15cc53193810569a966467e6781ddc (diff)
downloadansible-dfly-vps-91883b0b5498e38e2626b0c9792fd2a23a967d9e.tar.bz2
add mail role: preliminary, setup DKIM keys
Diffstat (limited to 'roles/mail')
-rw-r--r--roles/mail/tasks/dkim-genkey.yml25
-rw-r--r--roles/mail/tasks/main.yml48
2 files changed, 73 insertions, 0 deletions
diff --git a/roles/mail/tasks/dkim-genkey.yml b/roles/mail/tasks/dkim-genkey.yml
new file mode 100644
index 0000000..467a5b9
--- /dev/null
+++ b/roles/mail/tasks/dkim-genkey.yml
@@ -0,0 +1,25 @@
+---
+- set_fact:
+ domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem"
+
+- name: (local) dkim - check domain private key existence
+ become: false
+ stat:
+ path: "{{ domain_keyfile }}"
+ delegate_to: localhost
+ register: stat_result
+
+- name: (local) dkim - generate domain private key
+ become: false
+ command: >
+ openssl genrsa
+ -out "{{ domain_keyfile }}" "{{ mail.dkim.bits }}"
+ delegate_to: localhost
+ when: not stat_result.stat.exists
+
+- name: dkim - copy domain private key
+ copy:
+ src: "{{ domain_keyfile }}"
+ dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
+ group: mailnull
+ mode: 0440
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
new file mode 100644
index 0000000..019a2e0
--- /dev/null
+++ b/roles/mail/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+- name: install packages
+ pkgng:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - postfix
+ - dovecot
+ - opendkim
+
+- name: dkim - create directory
+ file:
+ path: /usr/local/etc/mail/dkim
+ state: directory
+
+- name: dkim - generate domain keys
+ include_tasks: dkim-genkey.yml domain={{ item }}
+ with_items: "{{ mail.domains }}"
+
+- name: postfix - set as mailer/MTA
+ file:
+ path: /etc/mail/mailer.conf
+ src: /etc/mail/mailer.conf.postfix
+ state: link
+ force: true
+
+- name: postfix - enable postfix and disable sendmail
+ blockinfile:
+ path: /etc/rc.conf
+ marker: "# {mark} ANSIBLE MANAGED - postfix"
+ block: |
+ postfix_enable="YES"
+ # Completely disable sendmail(8) in favor of Postfix
+ sendmail_enable="NO"
+ sendmail_submit_enable="NO"
+ sendmail_outbound_enable="NO"
+ sendmail_msp_queue_enable="NO"
+
+- name: postfix - disable sendmail periodic tasks
+ blockinfile:
+ path: /etc/periodic.conf
+ marker: "# {mark} ANSIBLE MANAGED - postfix"
+ block: |
+ # Disable sendmail(8) tasks in favor of Postfix
+ daily_clean_hoststat_enable="NO"
+ daily_status_mail_rejects_enable="NO"
+ daily_status_include_submit_mailq="NO"
+ daily_submit_queuerun="NO"