summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-07-10 05:13:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-07-10 05:14:29 +0200
commitbf960a066466d7719ada8fe7bc3dec99d237b88a (patch)
tree5a66a7bbdc5dcf30efdfc50215e86d05cf112e46 /roles/common/tasks
parentd6ff0c078e6d70e50c888e016a8a8b9b0d8d7782 (diff)
Route all internal SMTP traffic through IPsec.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/mail.yml50
1 files changed, 1 insertions, 49 deletions
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index 092334f..6f690e6 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -36,37 +36,6 @@
notify:
- Reload Postfix
-- name: Create directory /etc/postfix/ssl
- file: path=/etc/postfix/ssl
- state=directory
- owner=root group=root
- mode=0755
- tags:
- - genkey
-
-- name: Generate a private key and a X.509 certificate for Postfix
- command: genkeypair.sh x509
- --pubkey=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
- --privkey=/etc/postfix/ssl/{{ ansible_fqdn }}.key
- --ou=Postfix --cn={{ ansible_fqdn }}
- -t rsa -b 4096 -h sha512
- register: r3
- changed_when: r3.rc == 0
- failed_when: r3.rc > 1
- notify:
- - Restart Postfix
- tags:
- - genkey
-
-- name: Fetch Postfix's X.509 certificate
- # Ensure we don't fetch private data
- become: False
- fetch_cmd: cmd="openssl x509"
- stdin=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
- dest=certs/postfix/{{ ansible_fqdn }}.pem
- tags:
- - genkey
-
- name: Add a 'root' alias
lineinfile: dest=/etc/aliases create=yes
regexp="^root{{':'}} "
@@ -81,25 +50,8 @@
- name: Delete /etc/aliases.db
file: path=/etc/aliases.db state=absent
-- name: Copy the Postfix TLS policy map
- template: src=etc/postfix/tls_policy.j2
- dest=/etc/postfix/tls_policy
- owner=root group=root
- mode=0644
- when: "'out' not in group_names or 'MX' in group_names"
- tags:
- - tls_policy
-
-- name: Compile the Postfix TLS policy map
- postmap: cmd=postmap src=/etc/postfix/tls_policy db=cdb
- owner=root group=root
- mode=0644
- when: "'out' not in group_names or 'MX' in group_names"
- tags:
- - tls_policy
-
- name: Start Postfix
service: name=postfix state=started
- when: not (r1.changed or r2.changed or r3.changed)
+ when: not (r1.changed or r2.changed)
- meta: flush_handlers