roles/mail/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

---
- name: install packages
  pkgng:
    name:
      - opendkim
      - postfix
      - dovecot
      - dovecot-pigeonhole
    state: present

- name: group - check vmail group
  command: pw groupshow {{ mail.vuser.name }}
  register: pw_cmd
  ignore_errors: true
  changed_when: false
  tags: vmail

- name: group - create vmail group
  command: pw groupadd {{ mail.vuser.name }} -g {{ mail.vuser.id }}
  when: pw_cmd.rc != 0
  tags: vmail

- name: user - check vmail user
  command: pw usershow {{ mail.vuser.name }}
  register: pw_cmd
  ignore_errors: true
  changed_when: false
  tags: vmail

- name: user - create vmail user
  command: >
    pw useradd {{ mail.vuser.name }}
    -u {{ mail.vuser.id }} -g {{ mail.vuser.name }}
    -m -M 0700 -d {{ mail.vuser.home }}
    -s /sbin/nologin
    -c "Virtual Mail User"
  when: pw_cmd.rc != 0
  tags: vmail


#
# OpenDKIM
#

- name: opendkim - create directory
  file:
    path: /usr/local/etc/mail/dkim
    state: directory
  tags: opendkim

- block:
  - name: opendkim - generate domain keys
    include_tasks: dkim-genkey.yml
    vars:
      domain: "{{ item }}"
    with_items: "{{ mail.domains }}"
  tags: opendkim

- name: opendkim - generate tables
  template:
    src: "{{ item }}"
    dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\.j2', '') }}
  with_items:
    - dkim/KeyTable.j2
    - dkim/SigningTable.j2
  notify: reload-opendkim
  tags: opendkim

- name: opendkim - generate config file
  template:
    src: opendkim.conf.j2
    dest: /usr/local/etc/mail/opendkim.conf
  notify: reload-opendkim
  tags: opendkim

- name: opendkim - enable and start
  command: rcenable milter-opendkim


#
# Dovecot
#

- name: dovecot - copy sieve filters
  copy:
    src: sieve/  # trailing '/' -> directory contents
    dest: /usr/local/etc/dovecot/sieve/
    owner: "{{ mail.vuser.name }}"
    group: "{{ mail.vuser.name }}"
  tags: dovecot

- name: dovecot - generate passdb and userdb
  template:
    src: dovecot/{{ item }}.j2
    dest: /usr/local/etc/dovecot/{{ item }}
    group: dovecot
    mode: 0440
  with_items:
    - passdb
    - userdb
  tags: dovecot

- name: dovecot - generate config file
  template:
    src: dovecot/dovecot.conf.j2
    dest: /usr/local/etc/dovecot/dovecot.conf
  notify: reload-dovecot
  tags: dovecot

- name: dovecot - enable and start
  command: rcenable dovecot


#
# Postfix
#
# NOTE: Postfix depends on Dovecot (e.g., SASL), so setup Dovecot first.
#

- name: aliases - forward root mails
  lineinfile:
    path: /etc/mail/aliases
    line: "root: root@{{ mail.domains[0] }}"
    insertafter: '#?\s*root:'
  notify: update-aliases

- name: postfix - set as mailer/MTA
  file:
    path: /etc/mail/mailer.conf
    src: /etc/mail/mailer.conf.postfix
    state: link
    force: true

- name: postfix - copy config files
  copy:
    src: "{{ item }}"
    dest: /usr/local/etc/postfix/{{ item | basename }}
  with_fileglob:
    - "postfix/*"
  notify: reload-postfix
  tags: postfix

- name: postfix - generate config files
  template:
    src: "{{ item }}"
    dest: /usr/local/etc/postfix/{{ item | basename | regex_replace('\.j2', '') }}
  with_fileglob:
    - "../templates/postfix/*.j2"
  notify: reload-postfix
  tags: postfix

- name: postfix - update lookup tables
  command: postmap /usr/local/etc/postfix/{{ item }}
  with_items:
    - virtual-aliases
    - virtual-users
  notify: reload-postfix
  tags: postfix

- name: postfix - enable postfix and disable sendmail
  blockinfile:
    path: /etc/rc.conf
    marker: "# {mark} ANSIBLE MANAGED - postfix"
    block: |
      postfix_enable="YES"
      # Completely disable sendmail(8) in favor of Postfix
      sendmail_enable="NO"
      sendmail_submit_enable="NO"
      sendmail_outbound_enable="NO"
      sendmail_msp_queue_enable="NO"

- name: postfix - start service
  command: rcstart postfix

- name: postfix - disable sendmail periodic tasks
  blockinfile:
    path: /etc/periodic.conf
    marker: "# {mark} ANSIBLE MANAGED - postfix"
    block: |
      # Disable sendmail(8) tasks in favor of Postfix
      daily_clean_hoststat_enable="NO"
      daily_status_mail_rejects_enable="NO"
      daily_status_include_submit_mailq="NO"
      daily_submit_queuerun="NO"

- name: acme - add mail services to deploy
  blockinfile:
    path: "{{ web.acme_home }}/deploy.local.sh"
    marker: "# {mark} ANSIBLE MANAGED - mail"
    block: |
      service dovecot reload
      service postfix reload
  tags: acme