summaryrefslogtreecommitdiffstats
path: root/roles/out/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/out/tasks/main.yml')
-rw-r--r--roles/out/tasks/main.yml24
1 files changed, 23 insertions, 1 deletions
diff --git a/roles/out/tasks/main.yml b/roles/out/tasks/main.yml
index 4bf4363..8bd8bbb 100644
--- a/roles/out/tasks/main.yml
+++ b/roles/out/tasks/main.yml
@@ -10,8 +10,30 @@
notify:
- Restart Postfix
+- name: Build the Postfix relay clientcerts map
+ sudo: False
+ # smtpd_tls_fingerprint_digest MUST be sha256!
+ local_action: shell openssl x509 -in certs/postfix/{{ item }}.pem -noout -fingerprint -sha256 | sed -nr 's/^.*=(.*)/\1 {{ item }}/p'
+ with_items: groups.all | difference([inventory_hostname]) | sort
+ register: relay_clientcerts
+ changed_when: False
+
+- name: Copy the Postfix relay clientcerts map
+ template: src=etc/postfix/relay_clientcerts.j2
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
+ owner=root group=root
+ mode=0644
+
+- name: Compile the Postfix relay clientcerts map
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart Postfix
+
- name: Start Postfix
service: name=postfix state=started
- when: not r.changed
+ when: not (r1.changed or r2.changed)
- meta: flush_handlers
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 23:00:35 +0000