diff options
Diffstat (limited to 'roles/postfix/tasks/main.yml')
| -rw-r--r-- | roles/postfix/tasks/main.yml | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..9fd4d61 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,75 @@ +--- +- yum: name={{ item }} state=installed + with_items: + - postfix + +- set_fact: use_sasl=True + when: sasl_user is defined and sasl_pass is defined + +- set_fact: use_tls=True + when: use_sasl == True + +- set_fact: use_local=True + when: local_users is defined + +- service: name=postfix state=started enabled=yes + +- template: dest=/etc/postfix/main.cf src=main.cf + notify: restart postfix + +- copy: dest=/etc/aliases src=aliases + notify: rebuild aliases + +- template: dest=/etc/postfix/aliases.{{ item }} src=aliases.{{ item }} + notify: update postfix aliases + with_items: + - users + - local + +- shell: lokkit -s {{ item }} + with_items: + - smtp + when: ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') + +- firewalld: service={{ item }} permanent=true state=enabled + with_items: + - smtp + when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7' + +- shell: create={{ postfix_cert }} openssl req -x509 -newkey rsa:2048 -keyout {{ postfix_key }} -out {{ postfix_cert }} -days 3650 -nodes -subj '/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./OU=OSAS/CN={{ ansible_domain }}/emailAddress=postmaster@{{ ansible_domain }}' + when: use_tls +# TODO enforce proper permission on cert + selinux + +- group: name=mail + register: mail_group + +- user: name=nobody + register: nobody_user + when: use_local + +- file: state=directory path=/var/mail/discourse{{ item }} owner={{ nobody_user.uid }} group={{ mail_group.gid }} + with_items: + - / + - /cur + - /tmp + - /new + when: use_local + +- template: src={{ item }} dest=/etc/postfix/{{ item }} + notify: update postfix maps + with_items: + - local_recipient + when: use_local + + +- copy: src=smtpd.sasl.conf dest=/etc/sasl2/smtpd.conf + when: use_sasl +# TODO check if needed + notify: restart saslauthd + +- shell: echo {{ sasl_pass }} | saslpasswd2 -a smtpd -u {{ ansible_domain }} -c {{ sasl_user }} -p + when: use_sasl + +- file: path=/etc/sasldb2 owner=root group=mail mode=0640 + when: use_sasl + |