1 files changed, 28 insertions, 79 deletions

diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index 1873928..139386f 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -1,114 +1,63 @@
 - name: Install Postfix
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     # That one is nicer than GNU mailutils' mailx(1)
-    - heirloom-mailx
+    - s-nail
     - postfix
-    - postfix-cdb
+    - postfix-lmdb
 
 - name: Create Postfix instances
   postmulti: instance={{ postfix_instance[item].name }}
              group={{ postfix_instance[item].group | default('') }}
   register: r1
-  with_items: postfix_instance.keys() | intersect(group_names) | list
+  with_items: "{{ postfix_instance.keys() | intersect(group_names) | list }}"
   notify:
     - Restart Postfix
 
-- name: Link the dynamic maps & master.cf of each children to the master's
-  # main.cf is specialized to each dedicated role, though
-  file: src=../postfix/{{ item.1 }}
-        dest=/etc/postfix-{{ postfix_instance[item.0].name }}/{{ item.1 }}
+- name: Link the dynamic maps of each children to the master's
+  # main.cf and master.cf are specialized to each dedicated role, though
+  file: src=../postfix/dynamicmaps.cf
+        dest=/etc/postfix-{{ postfix_instance[item].name }}/dynamicmaps.cf
         owner=root group=root
         state=link force=yes
   register: r2
-  with_nested:
-    - postfix_instance.keys() | intersect(group_names) | list
-    - [ 'dynamicmaps.cf', 'master.cf' ]
-  notify:
-    - Restart Postfix
-
-- name: Configure Postfix (1)
-  copy: src=etc/postfix/master.cf
-        dest=/etc/postfix/master.cf
-        owner=root group=root
-        mode=0644
-  register: r3
+  with_items: "{{ postfix_instance.keys() | intersect(group_names) | list }}"
   notify:
     - Restart Postfix
 
-- name: Configure Postfix (2)
-  template: src=etc/postfix/main.cf.j2
-            dest=/etc/postfix/main.cf
+- name: Configure Postfix
+  template: src=etc/postfix/{{ item }}.j2
+            dest=/etc/postfix/{{ item }}
             owner=root group=root
             mode=0644
+  with_items:
+    - main.cf
+    - master.cf
   notify:
     - Reload Postfix
 
-- name: Create directory /etc/postfix/ssl
-  file: path=/etc/postfix/ssl
-        state=directory
-        owner=root group=root
-        mode=0755
-  tags:
-    - genkey
-
-- name: Generate a private key and a X.509 certificate for Postfix
-  command: genkeypair.sh x509
-                         --pubkey=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
-                         --privkey=/etc/postfix/ssl/{{ ansible_fqdn }}.key
-                         --ou=Postfix --cn={{ ansible_fqdn }}
-                         -t ecdsa -b secp384r1 -h sha512
-  register: r4
-  changed_when: r4.rc == 0
-  failed_when: r4.rc > 1
-  notify:
-    - Restart Postfix
-  tags:
-    - genkey
-
-- name: Fetch Postfix's X.509 certificate
-  # Ensure we don't fetch private data
-  sudo: False
-  fetch: src=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
-         dest=certs/postfix/
-         fail_on_missing=yes
-         flat=yes
-  tags:
-    - genkey
-
-- name: Add a 'root' alias
+- name: Add some common aliases
   lineinfile: dest=/etc/aliases create=yes
-              regexp="^root:"" "
-              line="root:"" root@fripost.org"
+              regexp='^{{ item.src }}{{':'}} '
+              line='{{ item.src }}{{':'}} {{ item.dst }}'
+  with_items:
+    - { src: mailer-daemon, dst: 'postmaster'       }
+    - { src: postmaster,    dst: 'root'             }
+    - { src: nobody,        dst: 'root'             }
+    - { src: root,          dst: 'root@fripost.org' }
 
 - name: Compile the static local Postfix database
-  postmap: cmd=postalias src=/etc/aliases db=cdb
+  postmap: cmd=postalias src=/etc/aliases db=lmdb
            owner=root group=root
            mode=0644
 
-# We're using CDB
+# We're using LMDB
 - name: Delete /etc/aliases.db
   file: path=/etc/aliases.db state=absent
 
-- name: Copy the Postfix TLS policy map
-  template: src=etc/postfix/tls_policy.j2
-            dest=/etc/postfix/tls_policy
-            owner=root group=root
-            mode=0644
-  when: "'out' not in group_names or 'MX' in group_names"
-  tags:
-    - tls_policy
-
-- name: Compile the Postfix TLS policy map
-  postmap: cmd=postmap src=/etc/postfix/tls_policy db=cdb
-           owner=root group=root
-           mode=0644
-  when: "'out' not in group_names or 'MX' in group_names"
-  tags:
-    - tls_policy
-
 - name: Start Postfix
   service: name=postfix state=started
-  when: not (r1.changed or r2.changed or r3.changed or r4.changed)
+  when: not (r1.changed or r2.changed)
 
 - meta: flush_handlers