3 files changed, 74 insertions, 0 deletions

diff --git a/deploy.yml b/deploy.yml
index 5c5b917..e9cc9f9 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -9,6 +9,7 @@
     - security
     - dns
     - web
+    - mail
     - shadowsocks
 
 # vim: set ft=yaml sw=2: #
diff --git a/roles/mail/tasks/dkim-genkey.yml b/roles/mail/tasks/dkim-genkey.yml
new file mode 100644
index 0000000..467a5b9
--- /dev/null
+++ b/roles/mail/tasks/dkim-genkey.yml
@@ -0,0 +1,25 @@
+---
+- set_fact:
+    domain_keyfile: "{{ playbook_dir }}/private/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem"
+
+- name: (local) dkim - check domain private key existence
+  become: false
+  stat:
+    path: "{{ domain_keyfile }}"
+  delegate_to: localhost
+  register: stat_result
+
+- name: (local) dkim - generate domain private key
+  become: false
+  command: >
+    openssl genrsa 
+    -out "{{ domain_keyfile }}" "{{ mail.dkim.bits }}"
+  delegate_to: localhost
+  when: not stat_result.stat.exists
+
+- name: dkim - copy domain private key
+  copy:
+    src: "{{ domain_keyfile }}"
+    dest: /usr/local/etc/mail/dkim/{{ domain_keyfile | basename }}
+    group: mailnull
+    mode: 0440
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
new file mode 100644
index 0000000..019a2e0
--- /dev/null
+++ b/roles/mail/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+- name: install packages
+  pkgng:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - postfix
+    - dovecot
+    - opendkim
+
+- name: dkim - create directory
+  file:
+    path: /usr/local/etc/mail/dkim
+    state: directory
+
+- name: dkim - generate domain keys
+  include_tasks: dkim-genkey.yml domain={{ item }}
+  with_items: "{{ mail.domains }}"
+
+- name: postfix - set as mailer/MTA
+  file:
+    path: /etc/mail/mailer.conf
+    src: /etc/mail/mailer.conf.postfix
+    state: link
+    force: true
+
+- name: postfix - enable postfix and disable sendmail
+  blockinfile:
+    path: /etc/rc.conf
+    marker: "# {mark} ANSIBLE MANAGED - postfix"
+    block: |
+      postfix_enable="YES"
+      # Completely disable sendmail(8) in favor of Postfix
+      sendmail_enable="NO"
+      sendmail_submit_enable="NO"
+      sendmail_outbound_enable="NO"
+      sendmail_msp_queue_enable="NO"
+
+- name: postfix - disable sendmail periodic tasks
+  blockinfile:
+    path: /etc/periodic.conf
+    marker: "# {mark} ANSIBLE MANAGED - postfix"
+    block: |
+      # Disable sendmail(8) tasks in favor of Postfix
+      daily_clean_hoststat_enable="NO"
+      daily_status_mail_rejects_enable="NO"
+      daily_status_include_submit_mailq="NO"
+      daily_submit_queuerun="NO"