summaryrefslogtreecommitdiffstats
path: root/roles/MSA/tasks/main.yml
blob: 65d1daee6e72c2668457d34d451ec35460d00cfe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
- name: Install Postfix
  apt: pkg={{ packages }}
  vars:
    packages:
    - postfix
    - postfix-pcre

- name: Copy Postfix sender login socketmap
  copy: src=usr/local/bin/postfix-sender-login.pl
        dest=/usr/local/bin/postfix-sender-login.pl
        owner=root group=staff
        mode=0755

- name: Copy Postfix sender login socketmap systemd unit files
  copy: src=etc/systemd/system/{{ item }}
        dest=/etc/systemd/system/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    - postfix-sender-login.service
    - postfix-sender-login.socket
  notify:
    - systemctl daemon-reload

- meta: flush_handlers

- name: Enable Postfix sender login socketmap
  service: name=postfix-sender-login.socket state=started enabled=yes

- name: Configure Postfix
  template: src=etc/postfix/{{ item }}.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
            owner=root group=root
            mode=0644
  with_items:
    - main.cf
    - master.cf
  notify:
    - Reload Postfix

- name: Copy the Regex to anonymize senders
  # no need to reload upon change, as cleanup(8) is short-running
  copy: src=etc/postfix/anonymize_sender.pcre
        dest=/etc/postfix-{{ postfix_instance[inst].name }}/anonymize_sender.pcre
        owner=root group=root
        mode=0644

- name: Copy the check_sender_access map
  copy: src=etc/postfix/check_sender_access
        dest=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access
        owner=root group=root
        mode=0644

- name: Compile the check_sender_access map
  # no need to reload upon change, as cleanup(8) is short-running
  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/check_sender_access db=lmdb
           owner=root group=root
           mode=0644
  notify:
    - Reload Postfix

- name: Create directory /etc/postfix/ssl
  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl
        state=directory
        owner=root group=root
        mode=0755
  tags:
    - genkey

- meta: flush_handlers

- name: Start Postfix
  service: name=postfix state=started

- name: Fetch Postfix's X.509 certificate
  # Ensure we don't fetch private data
  become: False
  # `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
  fetch_cmd: cmd="openssl x509 -noout -pubkey"
             stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/smtp.fripost.org.pem
             dest=certs/public/smtp.fripost.org.pub
  tags:
    - genkey


- name: Install 'postfix_mailqueue_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
        dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node

- name: Install 'postfix_stats_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_stats_
        dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  with_items:
    - smtpd
    - qmgr
    - smtp
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node

- name: Install 'postfix_sasl_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_sasl_
        dest=/etc/munin/plugins/postfix_sasl_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node