diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-07-09 23:46:21 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-07-10 01:07:39 +0200 |
| commit | b441dd4a7c3ce72008968d324a12e5c342d164a3 (patch) | |
| tree | 8375a25dfb8a91d3d16cf426851cd1049bb508b3 /roles/webmail/tasks | |
| parent | 418b3303f17776e64341f990d13e98ce6f662bf5 (diff) | |
Route SMTP traffic from the webmail through IPsec.
Diffstat (limited to 'roles/webmail/tasks')
| -rw-r--r-- | roles/webmail/tasks/mail.yml | 32 | ||||
| -rw-r--r-- | roles/webmail/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/webmail/tasks/roundcube.yml | 18 |
3 files changed, 9 insertions, 47 deletions
diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml deleted file mode 100644 index 78eee38..0000000 --- a/roles/webmail/tasks/mail.yml +++ /dev/null @@ -1,32 +0,0 @@ -- name: Create /etc/stunnel/certs - file: path=/etc/stunnel/certs - state=directory - owner=root group=root - mode=0755 - -- name: Copy the SMTP outgoing proxy's X.509 certificate - assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no - dest=/etc/stunnel/certs/smtp.pem - owner=root group=root - mode=0644 - register: r1 - notify: - - Restart stunnel@smtp - -- name: Configure stunnel - template: src=etc/stunnel/smtp.conf.j2 - dest=/etc/stunnel/smtp.conf - owner=root group=root - mode=0644 - register: r2 - notify: - - Restart stunnel@smtp - -- name: Enable stunnel@smtp - service: name=stunnel4@smtp enabled=yes - -- name: Start stunnel@smtp - service: name=stunnel4@smtp state=started - when: not (r1.changed or r2.changed) - -- meta: flush_handlers diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml index 9c40a34..cd9f0c7 100644 --- a/roles/webmail/tasks/main.yml +++ b/roles/webmail/tasks/main.yml @@ -1,9 +1,3 @@ -- include: mail.yml - when: "'out' not in group_names" - tags: - - postfix - - mail - - stunnel - include: ldap.yml when: "'LDAP-provider' not in group_names" tags: diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index 41ef907..d1fb8a2 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -49,16 +49,16 @@ # IMAP # WARNING: After hostname change update of mail_host column in users # table is required to match old user data records with the new host. - - { var: default_host, value: "'{{ ipsec[imapsvr.inventory_hostname_short] }}'" } - - { var: default_port, value: "143" } - - { var: imap_auth_type, value: "'PLAIN'" } - - { var: imap_cache, value: "null" } - - { var: imap_timeout, value: "180" } - - { var: imap_force_ns, value: "true" } - - { var: messages_cache, value: "false" } + - { var: default_host, value: "'{{ imapsvr_addr | ipaddr }}'" } + - { var: default_port, value: "143" } + - { var: imap_auth_type, value: "'PLAIN'" } + - { var: imap_cache, value: "null" } + - { var: imap_timeout, value: "180" } + - { var: imap_force_ns, value: "true" } + - { var: messages_cache, value: "false" } # SMTP - - { var: smtp_server, value: "'localhost'" } - - { var: smtp_port, value: "2525" } + - { var: smtp_server, value: "'{{ postfix_instance.out.addr | ipaddr }}'" } + - { var: smtp_port, value: "{{ postfix_instance.out.port }}" } # System - { var: force_https, value: "true" } - { var: login_autocomplete, value: "2" } |