blob: f6fd08503efd50d6bcca03d1a6c81c5a2f6fab8d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
---
- name: install packages
pkgng:
name:
- opendkim
- postfix
- dovecot
- dovecot-pigeonhole
state: present
- name: group - check vmail group
command: pw groupshow {{ mail.vuser.name }}
register: pw_cmd
ignore_errors: true
changed_when: false
tags: vmail
- name: group - create vmail group
command: pw groupadd {{ mail.vuser.name }} -g {{ mail.vuser.id }}
when: pw_cmd.rc != 0
tags: vmail
- name: user - check vmail user
command: pw usershow {{ mail.vuser.name }}
register: pw_cmd
ignore_errors: true
changed_when: false
tags: vmail
- name: user - create vmail user
command: >
pw useradd {{ mail.vuser.name }}
-u {{ mail.vuser.id }} -g {{ mail.vuser.name }}
-m -M 0700 -d {{ mail.vuser.home }}
-s /sbin/nologin
-c "Virtual Mail User"
when: pw_cmd.rc != 0
tags: vmail
#
# OpenDKIM
#
- name: opendkim - create directory
file:
path: /usr/local/etc/mail/dkim
state: directory
tags: opendkim
- block:
- name: opendkim - generate domain keys
include_tasks: dkim-genkey.yml
vars:
domain: "{{ item }}"
with_items: "{{ mail.domains }}"
tags: opendkim
- name: opendkim - generate tables
template:
src: "{{ item }}"
dest: /usr/local/etc/mail/dkim/{{ item | basename | regex_replace('\.j2', '') }}
with_items:
- dkim/KeyTable.j2
- dkim/SigningTable.j2
notify: reload-opendkim
tags: opendkim
- name: opendkim - generate config file
template:
src: opendkim.conf.j2
dest: /usr/local/etc/mail/opendkim.conf
notify: reload-opendkim
tags: opendkim
- name: opendkim - enable and start
command: rcenable milter-opendkim
#
# Dovecot
#
- name: dovecot - copy sieve filters
copy:
src: sieve/ # trailing '/' -> directory contents
dest: /usr/local/etc/dovecot/sieve/
owner: "{{ mail.vuser.name }}"
group: "{{ mail.vuser.name }}"
tags: dovecot
- name: dovecot - generate passdb and userdb
template:
src: dovecot/{{ item }}.j2
dest: /usr/local/etc/dovecot/{{ item }}
group: dovecot
mode: 0440
with_items:
- passdb
- userdb
tags: dovecot
- name: dovecot - generate config file
template:
src: dovecot/dovecot.conf.j2
dest: /usr/local/etc/dovecot/dovecot.conf
notify: reload-dovecot
tags: dovecot
- name: dovecot - enable and start
command: rcenable dovecot
#
# Postfix
#
# NOTE: Postfix depends on Dovecot (e.g., SASL), so setup Dovecot first.
#
- name: aliases - forward root mails
lineinfile:
path: /etc/mail/aliases
line: "root: root@{{ mail.domains[0] }}"
insertafter: '#?\s*root:'
notify: update-aliases
- name: postfix - set as mailer/MTA
file:
path: /etc/mail/mailer.conf
src: /etc/mail/mailer.conf.postfix
state: link
force: true
- name: postfix - copy config files
copy:
src: "{{ item }}"
dest: /usr/local/etc/postfix/{{ item | basename }}
with_fileglob:
- "postfix/*"
notify: reload-postfix
tags: postfix
- name: postfix - generate config files
template:
src: "{{ item }}"
dest: /usr/local/etc/postfix/{{ item | basename | regex_replace('\.j2', '') }}
with_fileglob:
- "../templates/postfix/*.j2"
notify: reload-postfix
tags: postfix
- name: postfix - update lookup tables
command: postmap /usr/local/etc/postfix/{{ item }}
with_items:
- virtual-aliases
- virtual-users
notify: reload-postfix
tags: postfix
- name: postfix - enable postfix and disable sendmail
blockinfile:
path: /etc/rc.conf
marker: "# {mark} ANSIBLE MANAGED - postfix"
block: |
postfix_enable="YES"
# Completely disable sendmail(8) in favor of Postfix
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
- name: postfix - start service
command: rcstart postfix
- name: postfix - disable sendmail periodic tasks
blockinfile:
path: /etc/periodic.conf
marker: "# {mark} ANSIBLE MANAGED - postfix"
block: |
# Disable sendmail(8) tasks in favor of Postfix
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
- name: acme - add mail services to deploy
blockinfile:
path: "{{ web.acme_home }}/deploy.local.sh"
marker: "# {mark} ANSIBLE MANAGED - mail"
block: |
service dovecot reload
service postfix reload
tags: acme
|