summaryrefslogtreecommitdiffstats
path: root/roles/MX/tasks/main.yml
blob: 507a4f284491ea1130813d6482cc0db1355d7eec (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
- name: Install Postfix
  apt: pkg={{ packages }}
  vars:
    packages:
    - postfix
    - postfix-pcre
    - postfix-ldap
    - postfix-lmdb
    # The following is for reserved-alias.pl
    - libnet-ldap-perl
    - libauthen-sasl-perl

- name: Configure Postfix
  template: src=etc/postfix/{{ item }}.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
            owner=root group=root
            mode=0644
  with_items:
    - main.cf
    - master.cf
    - access-list.cidr
  notify:
    - Reload Postfix

- name: Create directory /etc/postfix-.../virtual
  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
        state=directory
        owner=root group=root
        mode=0755

# trivial-rewrite(8) runs in a chroot.  We create an empty
# /usr/lib/sasl2 to avoid "No such file or directory" warnings.
# Cf. also #738989.
- name: Create directory /usr/lib/sasl2
  file: path=/var/spool/postfix-{{ postfix_instance[inst].name }}/{{ item }}
        state=directory
        owner=root group=root
        mode=0755
  with_items:
    - /usr/lib/sasl2
    - /usr/lib/{{ ansible_architecture }}-linux-gnu/sasl2
  notify:
    - Reload Postfix

- name: Copy lookup tables (1)
  copy: src=etc/postfix/virtual/{{ item }}
        dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    - domains.cf
    # no need to reload upon change, as cleanup(8) is short-running
    - reserved_alias.pcre
    - alias.cf
    - mailbox.cf
    - list.cf
    - alias_domains.cf
    - catchall.cf

- name: Copy lookup tables (2)
  template: src=etc/postfix/virtual/transport.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport
            owner=root group=root
            mode=0644

- name: Copy recipient access(5) map
  copy: src=etc/postfix/reject-unknown-client-hostname.cf
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/reject-unknown-client-hostname.cf
            owner=root group=root
            mode=0644
  notify:
    - Reload Postfix

- name: Compile the Postfix transport maps
  # trivial-rewrite(8) is a long-running process, so it's safer to reload
  postmap: instance={{ postfix_instance[inst].name }}
           src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=lmdb
           owner=root group=root
           mode=0644
  notify:
    - Reload Postfix

- name: Copy reserved-alias.pl
  copy: src=usr/local/bin/reserved-alias.pl
        dest=/usr/local/bin/reserved-alias.pl
        owner=root group=staff
        mode=0755

- name: Create directory /etc/postfix/ssl
  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/ssl
        state=directory
        owner=root group=root
        mode=0755
  tags:
    - genkey

- meta: flush_handlers

- name: Start Postfix
  service: name=postfix state=started

- name: Fetch Postfix's X.509 certificate
  # Ensure we don't fetch private data
  become: False
  # `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
  fetch_cmd: cmd="openssl x509 -noout -pubkey"
             stdin=/etc/postfix-{{ postfix_instance[inst].name }}/ssl/mx.fripost.org.pem
             dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pub
  tags:
    - genkey


- name: Install 'postfix_mailqueue_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
        dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node

- name: Install 'postfix_stats_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_stats_
        dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  with_items:
    - postscreen
    - smtpd
    - qmgr
    - smtp
    - pipe
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node