--- - name: install packages pkgng: name: "{{ item }}" state: present with_items: - opendkim - postfix - dovecot - dovecot-pigeonhole - name: group - check vmail group command: pw groupshow {{ mail.vuser.name }} register: pw_cmd ignore_errors: true changed_when: false tags: vmail - name: group - create vmail group command: pw groupadd {{ mail.vuser.name }} -g {{ mail.vuser.id }} when: pw_cmd.rc != 0 tags: vmail - name: user - check vmail user command: pw usershow {{ mail.vuser.name }} register: pw_cmd ignore_errors: true changed_when: false tags: vmail - name: user - create vmail user command: > pw useradd {{ mail.vuser.name }} -u {{ mail.vuser.id }} -g {{ mail.vuser.name }} -m -M 0700 -d {{ mail.vuser.home }} -s /sbin/nologin -c "Virtual Mail User" when: pw_cmd.rc != 0 tags: vmail # # OpenDKIM # - name: opendkim - create directory file: path: /usr/local/etc/mail/dkim state: directory tags: opendkim - name: opendkim - generate domain keys include_tasks: dkim-genkey.yml domain={{ item }} with_items: "{{ mail.domains }}" tags: opendkim - name: opendkim - generate tables template: src: "{{ item }}" dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\.j2', '') }} with_items: - dkim/KeyTable.j2 - dkim/SigningTable.j2 notify: reload-opendkim tags: opendkim - name: opendkim - generate config file template: src: opendkim.conf.j2 dest: /usr/local/etc/mail/opendkim.conf notify: reload-opendkim tags: opendkim - name: opendkim - enable and start command: rcenable milter-opendkim # # Dovecot # - name: dovecot - copy sieve filters copy: src: sieve/ # trailing '/' -> directory contents dest: /usr/local/etc/dovecot/sieve/ tags: dovecot - name: dovecot - compile sieve filters command: > find /usr/local/etc/dovecot/sieve/ -name '*.sieve' -exec sievec '{}' ';' tags: dovecot - name: dovecot - include passdb vars file include_vars: "{{ playbook_dir }}/private/dovecot/passdb.yml" tags: dovecot - name: dovecot - generate passwd template: src: dovecot/passwd.j2 dest: /usr/local/etc/dovecot/passwd group: dovecot mode: 0440 tags: dovecot - name: dovecot - generate config file template: src: dovecot/dovecot.conf.j2 dest: /usr/local/etc/dovecot/dovecot.conf notify: reload-dovecot tags: dovecot - name: dovecot - enable and start command: rcenable dovecot # # Postfix # # NOTE: Postfix depends on Dovecot (e.g., SASL), so setup Dovecot first. # - name: aliases - forward root mails lineinfile: path: /etc/mail/aliases line: "root: root@{{ mail.domains[0] }}" insertafter: '#?\s*root:' notify: update-aliases - name: postfix - set as mailer/MTA file: path: /etc/mail/mailer.conf src: /etc/mail/mailer.conf.postfix state: link force: true - name: postfix - disable sendmail periodic tasks blockinfile: path: /etc/periodic.conf marker: "# {mark} ANSIBLE MANAGED - postfix" block: | # Disable sendmail(8) tasks in favor of Postfix daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO" - name: postfix - enable postfix and disable sendmail blockinfile: path: /etc/rc.conf marker: "# {mark} ANSIBLE MANAGED - postfix" block: | postfix_enable="YES" # Completely disable sendmail(8) in favor of Postfix sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" - name: postfix - copy config files copy: src: "{{ item }}" dest: /usr/local/etc/postfix/{{ item | basename }} with_fileglob: - "postfix/*" notify: reload-postfix tags: postfix - name: postfix - generate config files template: src: "{{ item }}" dest: /usr/local/etc/postfix/{{ item | basename | regex_replace('\.j2', '') }} with_fileglob: - "../templates/postfix/*.j2" notify: reload-postfix tags: postfix - name: postfix - update lookup tables command: postmap /usr/local/etc/postfix/{{ item }} with_items: - virtual-aliases - virtual-users notify: reload-postfix tags: postfix - name: postfix - start service command: rcstart postfix