diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 05:13:33 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 05:14:29 +0200 |
| commit | bf960a066466d7719ada8fe7bc3dec99d237b88a (patch) | |
| tree | 5a66a7bbdc5dcf30efdfc50215e86d05cf112e46 /roles/common/tasks | |
| parent | d6ff0c078e6d70e50c888e016a8a8b9b0d8d7782 (diff) | |
Route all internal SMTP traffic through IPsec.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/mail.yml | 50 |
1 files changed, 1 insertions, 49 deletions
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml index 092334f..6f690e6 100644 --- a/roles/common/tasks/mail.yml +++ b/roles/common/tasks/mail.yml @@ -36,37 +36,6 @@ notify: - Reload Postfix -- name: Create directory /etc/postfix/ssl - file: path=/etc/postfix/ssl - state=directory - owner=root group=root - mode=0755 - tags: - - genkey - -- name: Generate a private key and a X.509 certificate for Postfix - command: genkeypair.sh x509 - --pubkey=/etc/postfix/ssl/{{ ansible_fqdn }}.pem - --privkey=/etc/postfix/ssl/{{ ansible_fqdn }}.key - --ou=Postfix --cn={{ ansible_fqdn }} - -t rsa -b 4096 -h sha512 - register: r3 - changed_when: r3.rc == 0 - failed_when: r3.rc > 1 - notify: - - Restart Postfix - tags: - - genkey - -- name: Fetch Postfix's X.509 certificate - # Ensure we don't fetch private data - become: False - fetch_cmd: cmd="openssl x509" - stdin=/etc/postfix/ssl/{{ ansible_fqdn }}.pem - dest=certs/postfix/{{ ansible_fqdn }}.pem - tags: - - genkey - - name: Add a 'root' alias lineinfile: dest=/etc/aliases create=yes regexp="^root{{':'}} " @@ -81,25 +50,8 @@ - name: Delete /etc/aliases.db file: path=/etc/aliases.db state=absent -- name: Copy the Postfix TLS policy map - template: src=etc/postfix/tls_policy.j2 - dest=/etc/postfix/tls_policy - owner=root group=root - mode=0644 - when: "'out' not in group_names or 'MX' in group_names" - tags: - - tls_policy - -- name: Compile the Postfix TLS policy map - postmap: cmd=postmap src=/etc/postfix/tls_policy db=cdb - owner=root group=root - mode=0644 - when: "'out' not in group_names or 'MX' in group_names" - tags: - - tls_policy - - name: Start Postfix service: name=postfix state=started - when: not (r1.changed or r2.changed or r3.changed) + when: not (r1.changed or r2.changed) - meta: flush_handlers |