Route SMTP traffic from the webmail through IPsec.

3 files changed, 9 insertions, 47 deletions

diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml
deleted file mode 100644
index 78eee38..0000000
--- a/roles/webmail/tasks/mail.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-- name: Create /etc/stunnel/certs
-  file: path=/etc/stunnel/certs
-        state=directory
-        owner=root group=root
-        mode=0755
-
-- name: Copy the SMTP outgoing proxy's X.509 certificate
-  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
-            dest=/etc/stunnel/certs/smtp.pem
-            owner=root group=root
-            mode=0644
-  register: r1
-  notify:
-    - Restart stunnel@smtp
-
-- name: Configure stunnel
-  template: src=etc/stunnel/smtp.conf.j2
-            dest=/etc/stunnel/smtp.conf
-            owner=root group=root
-            mode=0644
-  register: r2
-  notify:
-    - Restart stunnel@smtp
-
-- name: Enable stunnel@smtp
-  service: name=stunnel4@smtp enabled=yes
-
-- name: Start stunnel@smtp
-  service: name=stunnel4@smtp state=started
-  when: not (r1.changed or r2.changed)
-
-- meta: flush_handlers
diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml
index 9c40a34..cd9f0c7 100644
--- a/roles/webmail/tasks/main.yml
+++ b/roles/webmail/tasks/main.yml
@@ -1,15 +1,9 @@
-- include: mail.yml
-  when: "'out' not in group_names"
-  tags:
-    - postfix
-    - mail
-    - stunnel
 - include: ldap.yml
   when: "'LDAP-provider' not in group_names"
   tags:
     - ldap
     - stunnel
 - include: roundcube.yml
   tags:
     - roundcube
     - webmail
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 41ef907..d1fb8a2 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -32,50 +32,50 @@
   copy: src=usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png
         dest=/usr/share/roundcube/skins/{{ item }}/images/fripost_logo.png
         owner=root group=root
         mode=0644
   with_items:
     - classic
     - larry
 
 - name: Configure Roundcube
   lineinfile: dest=/etc/roundcube/config.inc.php
               regexp='^\\s*\\$config\\[\'{{ item.var }}\'\\]\\s*='
               line='$config[\'{{ item.var }}\'] = {{ item.value }};'
               owner=root group=www-data
               mode=0640
   with_items:
     # Logging/Debugging
     - { var: smtp_log,               value: "false" }
     # IMAP
     #   WARNING: After hostname change update of mail_host column in users
     #   table is required to match old user data records with the new host.
-    - { var: default_host,           value: "'{{ ipsec[imapsvr.inventory_hostname_short] }}'" }
-    - { var: default_port,           value: "143"                                             }
-    - { var: imap_auth_type,         value: "'PLAIN'"                                         }
-    - { var: imap_cache,             value: "null"                                            }
-    - { var: imap_timeout,           value: "180"                                             }
-    - { var: imap_force_ns,          value: "true"                                            }
-    - { var: messages_cache,         value: "false"                                           }
+    - { var: default_host,           value: "'{{ imapsvr_addr | ipaddr }}'" }
+    - { var: default_port,           value: "143"                           }
+    - { var: imap_auth_type,         value: "'PLAIN'"                       }
+    - { var: imap_cache,             value: "null"                          }
+    - { var: imap_timeout,           value: "180"                           }
+    - { var: imap_force_ns,          value: "true"                          }
+    - { var: messages_cache,         value: "false"                         }
     # SMTP
-    - { var: smtp_server,            value: "'localhost'" }
-    - { var: smtp_port,              value: "2525"        }
+    - { var: smtp_server,            value: "'{{ postfix_instance.out.addr | ipaddr }}'" }
+    - { var: smtp_port,              value:  "{{ postfix_instance.out.port          }}"  }
     # System
     - { var: force_https,            value: "true"                       }
     - { var: login_autocomplete,     value: "2"                          }
     - { var: skin_logo,              value: "'/images/fripost_logo.png'" }
     - { var: username_domain,        value: "'fripost.org'"              }
     - { var: product_name,           value: "'Fripost Webmail'"          }
     # Plugins
     - { var: plugins,                value: "array('archive','additional_message_headers','managesieve','password')" }
     # Spell Checking
     - { var: enable_spellcheck,      value: "'true'"                                    }
     - { var: spellcheck_engine,      value: "'enchant'"                                 }
     - { var: spellcheck_languages,   value: "array('da','de','en','es','fr','no','sv')" }
     # User Interface
     - { var: skin,                   value: "'larry'"                        }
     - { var: language,               value: "'sv_SE'"                        }
     - { var: create_default_folders, value: "true"                           }
     - { var: support_url,            value: "'https://fripost.org/kontakt/'" }
     # User Preferences
     - { var: htmleditor,             value: "3"     }
     - { var: skip_deleted,           value: "true"  }