Postfix MX/MSA instances: put certs in the the instance's $config_directory.

author: Guilhem Moulin <guilhem@fripost.org> 2016-07-10 05:05:46 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2016-07-10 05:05:46 +0200
commit: d6ff0c078e6d70e50c888e016a8a8b9b0d8d7782 (patch)
tree: 03dc91145b2ccf5db868ca397e3029365fdbc50a /roles/MX/tasks
parent: 37464e75e1863a89d757077400543dea7b9317ac (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 1d08734..5f19d9f 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -59,51 +59,59 @@
   template: src=etc/postfix/virtual/transport.j2
             dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport
             owner=root group=root
             mode=0644
 
 - name: Compile the Postfix transport maps
   # trivial-rewrite(8) is a long-running process, so it's safer to reload
   postmap: instance={{ postfix_instance[inst].name }}
            src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb
            owner=root group=root
            mode=0644
   notify:
     - Reload Postfix
 
 - name: Copy reserved-alias.pl
   copy: src=usr/local/bin/reserved-alias.pl
         dest=/usr/local/bin/reserved-alias.pl
         owner=root group=root
         mode=0755
 
+- name: Create directory /etc/postfix/ssl
+  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl
+        state=directory
+        owner=root group=root
+        mode=0755
+  tags:
+    - genkey
+
 - meta: flush_handlers
 
 - name: Start Postfix
   service: name=postfix state=started
 
 - name: Fetch Postfix's X.509 certificate
   # Ensure we don't fetch private data
   become: False
   # `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
   fetch_cmd: cmd="openssl x509 -noout -pubkey"
-             stdin=/etc/postfix/ssl/mx.fripost.org.pem
+             stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/mx.fripost.org.pem
              dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pub
   tags:
     - genkey
 
 
 - name: Install 'postfix_mailqueue_' Munin wildcard plugin
   file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
         dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }}
         owner=root group=root
         state=link force=yes
   tags:
     - munin
     - munin-node
   notify:
     - Restart munin-node
 
 - name: Install 'postfix_stats_' Munin wildcard plugin
   file: src=/usr/local/share/munin/plugins/postfix_stats_
         dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }}
         owner=root group=root
author	Guilhem Moulin <guilhem@fripost.org>	2016-07-10 05:05:46 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2016-07-10 05:05:46 +0200
commit	d6ff0c078e6d70e50c888e016a8a8b9b0d8d7782 (patch)
tree	03dc91145b2ccf5db868ca397e3029365fdbc50a /roles/MX/tasks
parent	37464e75e1863a89d757077400543dea7b9317ac (diff)