summaryrefslogtreecommitdiffstats
path: root/roles/MX/tasks/main.yml
blob: f95945c01b9fc91e2d56ea27277c8fba9047c28d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
- name: Install Postfix
  apt: pkg={{ item }}
  with_items:
    - postfix
    - postfix-pcre
    - postfix-ldap
    - postfix-cdb
    # The following is for reserved-alias.pl
    - libnet-ldap-perl
    - libauthen-sasl-perl

- name: Configure Postfix
  template: src=etc/postfix/main.cf.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
            owner=root group=root
            mode=0644
  notify:
    - Reload Postfix

- name: Create directory /etc/postfix-.../virtual
  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
        state=directory
        owner=root group=root
        mode=0755

# trivial-rewrite(8) runs in a chroot.  We create an empty
# /usr/lib/sasl2 to avoid "No such file or directory" warnings.
# Cf. also #738989.
- name: Create directory /usr/lib/sasl2
  file: path=/var/spool/postfix-{{ postfix_instance[inst].name }}/{{ item }}
        state=directory
        owner=root group=root
        mode=0755
  with_items:
    - /usr/lib/sasl2
    - /usr/lib/{{ ansible_architecture }}-linux-gnu/sasl2
  notify:
    - Reload Postfix

- name: Copy lookup tables (1)
  copy: src=etc/postfix/virtual/{{ item }}
        dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    - domains.cf
    # no need to reload upon change, as cleanup(8) is short-running
    - reserved_alias.pcre
    - alias.cf
    - mailbox.cf
    - list.cf
    - alias_domains.cf
    - catchall.cf

- name: Copy lookup tables (2)
  template: src=etc/postfix/virtual/transport.j2
            dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport
            owner=root group=root
            mode=0644

- name: Compile the Postfix transport maps
  # trivial-rewrite(8) is a long-running process, so it's safer to reload
  postmap: instance={{ postfix_instance[inst].name }}
           src=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/transport db=cdb
           owner=root group=root
           mode=0644
  notify:
    - Reload Postfix

- name: Copy reserved-alias.pl
  copy: src=usr/local/bin/reserved-alias.pl
        dest=/usr/local/bin/reserved-alias.pl
        owner=root group=root
        mode=0755

- meta: flush_handlers

- name: Start Postfix
  service: name=postfix state=started

- name: Fetch Postfix's X.509 certificate
  # Ensure we don't fetch private data
  become: False
  # `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
  fetch_cmd: cmd="openssl x509 -noout -pubkey"
             stdin=/etc/postfix/ssl/mx.fripost.org.pem
             dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pem
  tags:
    - genkey


- name: Install 'postfix_mailqueue_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
        dest=/etc/munin/plugins/postfix_mailqueue_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node

- name: Install 'postfix_stats_' Munin wildcard plugin
  file: src=/usr/local/share/munin/plugins/postfix_stats_
        dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix-{{ postfix_instance[inst].name }}
        owner=root group=root
        state=link force=yes
  with_items:
    - postscreen
    - smtpd
    - qmgr
    - smtp
    - pipe
  tags:
    - munin
    - munin-node
  notify:
    - Restart munin-node