--- - name: install packages pkgng: name: "{{ item }}" state: present with_items: - opendkim - postfix - dovecot - dovecot-pigeonhole - name: group - check vmail group command: pw groupshow {{ mail.user.name }} register: pw_cmd ignore_errors: true changed_when: false tags: vmail - name: group - create vmail group command: pw groupadd {{ mail.user.name }} -g {{ mail.user.id }} when: pw_cmd.rc != 0 tags: vmail - name: user - check vmail user command: pw usershow {{ mail.user.name }} register: pw_cmd ignore_errors: true changed_when: false tags: vmail - name: user - create vmail user command: > pw useradd {{ mail.user.name }} -u {{ mail.user.id }} -g {{ mail.user.name }} -m -M 0700 -d {{ mail.user.home }} -s /sbin/nologin -c "Virtual Mail User" when: pw_cmd.rc != 0 tags: vmail # # OpenDKIM # - name: opendkim - create directory file: path: /usr/local/etc/mail/dkim state: directory tags: opendkim - name: opendkim - generate domain keys include_tasks: dkim-genkey.yml domain={{ item }} with_items: "{{ mail.domains }}" tags: opendkim - name: opendkim - generate tables template: src: "{{ item }}" dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\.j2', '') }} with_items: - dkim/KeyTable.j2 - dkim/SigningTable.j2 notify: reload-opendkim tags: opendkim - name: opendkim - generate config file template: src: opendkim.conf.j2 dest: /usr/local/etc/mail/opendkim.conf notify: reload-opendkim tags: opendkim - name: opendkim - enable and start command: rcenable milter-opendkim # # Dovecot # - name: dovecot - copy sieve filters copy: src: sieve/ # trailing '/' -> directory contents dest: /usr/local/etc/dovecot/sieve/ tags: dovecot - name: dovecot - compile sieve filters command: > find /usr/local/etc/dovecot/sieve/ -name '*.sieve' -exec sievec '{}' ';' tags: dovecot - name: dovecot - copy passwd copy: src: "{{ playbook_dir }}/private/dovecot/passwd" dest: /usr/local/etc/dovecot/passwd group: dovecot mode: 0440 tags: dovecot - name: opendkim - generate config file template: src: dovecot.conf.j2 dest: /usr/local/etc/dovecot/dovecot.conf notify: reload-dovecot tags: dovecot - name: dovecot - enable and start command: rcenable dovecot - name: aliases - forward root mails lineinfile: path: /etc/mail/aliases line: "root: root@{{ mail.domains[0] }}" insertafter: '#?\s*root:' notify: update-aliases - name: postfix - set as mailer/MTA file: path: /etc/mail/mailer.conf src: /etc/mail/mailer.conf.postfix state: link force: true - name: postfix - enable postfix and disable sendmail blockinfile: path: /etc/rc.conf marker: "# {mark} ANSIBLE MANAGED - postfix" block: | postfix_enable="YES" # Completely disable sendmail(8) in favor of Postfix sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" - name: postfix - disable sendmail periodic tasks blockinfile: path: /etc/periodic.conf marker: "# {mark} ANSIBLE MANAGED - postfix" block: | # Disable sendmail(8) tasks in favor of Postfix daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"