diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-10-28 18:45:54 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-10-28 18:45:54 +0100 |
| commit | c0a01be908b259918865f4dd4c816f61cf6119ae (patch) | |
| tree | af647b9407bffd3fdda4e7350c4b76377752f78d /roles | |
| parent | db3f3df89acc33740af35b4860b23aebce6aff62 (diff) | |
Internal Postfix config: Generate RSA 4096 keys by default.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/common/tasks/mail.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml index 1873928..c8e2495 100644 --- a/roles/common/tasks/mail.yml +++ b/roles/common/tasks/mail.yml @@ -40,41 +40,41 @@ template: src=etc/postfix/main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644 notify: - Reload Postfix - name: Create directory /etc/postfix/ssl file: path=/etc/postfix/ssl state=directory owner=root group=root mode=0755 tags: - genkey - name: Generate a private key and a X.509 certificate for Postfix command: genkeypair.sh x509 --pubkey=/etc/postfix/ssl/{{ ansible_fqdn }}.pem --privkey=/etc/postfix/ssl/{{ ansible_fqdn }}.key --ou=Postfix --cn={{ ansible_fqdn }} - -t ecdsa -b secp384r1 -h sha512 + -t rsa -b 4096 -h sha512 register: r4 changed_when: r4.rc == 0 failed_when: r4.rc > 1 notify: - Restart Postfix tags: - genkey - name: Fetch Postfix's X.509 certificate # Ensure we don't fetch private data sudo: False fetch: src=/etc/postfix/ssl/{{ ansible_fqdn }}.pem dest=certs/postfix/ fail_on_missing=yes flat=yes tags: - genkey - name: Add a 'root' alias lineinfile: dest=/etc/aliases create=yes |