177 lines
3.5 KiB
YAML
177 lines
3.5 KiB
YAML
---
|
|
# vim: set et sw=2 ts=2 sts=2:
|
|
|
|
- name: install gnutls, postfix & dovecot
|
|
apt:
|
|
name:
|
|
# TLS
|
|
- gnutls-bin
|
|
|
|
# ansible
|
|
- python-pip
|
|
- python-openssl
|
|
|
|
#- libpam-ldapd
|
|
|
|
# postfix
|
|
- postfix
|
|
- postfix-pcre
|
|
- postfix-cdb
|
|
- postfix-lmdb
|
|
|
|
# milter
|
|
- opendkim
|
|
- opendkim-tools
|
|
- opendmarc
|
|
- postfix-policyd-spf-python
|
|
# for rewriting sender (tries to fix forwarding+SPF-problem)
|
|
- postsrsd
|
|
|
|
# imap
|
|
- dovecot-core
|
|
- dovecot-imapd
|
|
- dovecot-managesieved
|
|
- dovecot-ldap
|
|
- dovecot-gssapi
|
|
- dovecot-lmtpd
|
|
|
|
- name: 'directory-structures (/etc/postfix-&/etc/dovecot&...)'
|
|
file:
|
|
dest: "{{item}}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
state: directory
|
|
with_items:
|
|
- /etc/postfix
|
|
- /etc/dovecot
|
|
- /etc/dovecot/conf.d
|
|
- /etc/dkimkeys
|
|
- /etc/systemd/system/dovecot.service.d
|
|
|
|
- name: Groups
|
|
group:
|
|
name: "{{item}}"
|
|
system: yes
|
|
with_items:
|
|
- vmail
|
|
- milter
|
|
|
|
- name: vmail-user for Mailboxes
|
|
user:
|
|
name: vmail
|
|
uid: '{{postfix_vmail_uid}}'
|
|
comment: Mailboxes
|
|
group: vmail
|
|
shell: /bin/false
|
|
createhome: no
|
|
home: /var/mail/vmail
|
|
move_home: no
|
|
skeleton: no
|
|
system: yes
|
|
|
|
- name: add milter-group-members
|
|
user:
|
|
name: "{{item}}"
|
|
append: yes
|
|
groups: milter
|
|
with_items:
|
|
- opendkim
|
|
- opendmarc
|
|
- postfix
|
|
|
|
- name: '/var/mail'
|
|
file:
|
|
dest: /var/mail
|
|
group: vmail
|
|
owner: vmail
|
|
state: directory
|
|
mode: 03700
|
|
- name: '/var/mail domains'
|
|
file:
|
|
dest: '/var/mail/{{item}}'
|
|
group: vmail
|
|
owner: vmail
|
|
state: directory
|
|
mode: 03700
|
|
with_items: '{{mail_domains}}'
|
|
|
|
- name: /etc/mailname
|
|
copy:
|
|
dest: /etc/mailname
|
|
content: "{{mail_server_fqdn}}"
|
|
|
|
- file:
|
|
dest: /var/spool/postfix/milter
|
|
owner: postfix
|
|
group: milter
|
|
mode: 0570
|
|
state: directory
|
|
|
|
- name: 'opendkim: config'
|
|
lineinfile:
|
|
path: /etc/opendkim.conf
|
|
regexp: '^{{item.key}}[ \t]'
|
|
insertafter: '^#{{item.key}}[ \t]'
|
|
line: '{{item.key}} {{item.value}}'
|
|
with_dict:
|
|
Domain: '{{mail_server_fqdn}}'
|
|
KeyFile: '/etc/dkimkeys/{{mail_dkim_selector}}.key'
|
|
Socket: local:/var/spool/postfix/milter/opendkim
|
|
Selector: '{{mail_dkim_selector}}'
|
|
|
|
- name: 'DKIM-key'
|
|
shell: |
|
|
set -e
|
|
f={{item|quote}}
|
|
ulimit 0400
|
|
opendkim-genkey --bits 2048 --domain {{mail_server_fqdn|quote}} --restrict --selector "$f"
|
|
chown opendkim:root "$f.private" "$f.txt"
|
|
mv "$f.private" "$f.key"
|
|
mv "$f.txt" "$f.zone"
|
|
args:
|
|
chdir: /etc/dkimkeys
|
|
creates: "{{item}}.key"
|
|
with_items:
|
|
- "{{mail_dkim_selector}}"
|
|
|
|
- name: 'opendmarc: config'
|
|
lineinfile:
|
|
path: /etc/opendmarc.conf
|
|
regexp: '^{{item.key}}[ \t]'
|
|
insertafter: '^#{{item.key}}[ \t]'
|
|
line: '{{item.key}} {{item.value}}'
|
|
with_dict:
|
|
Socket: local:/var/spool/postfix/milter/opendmarc
|
|
|
|
- name: copy systemd-services
|
|
copy:
|
|
src: "{{item}}"
|
|
dest: /etc/systemd/system
|
|
owner: root
|
|
group: root
|
|
mode: 0444
|
|
with_fileglob: "systemd/system/*"
|
|
- name: copy service-configs
|
|
copy:
|
|
src: "{{item}}"
|
|
dest: /etc/default
|
|
owner: root
|
|
group: root
|
|
mode: 0444
|
|
with_fileglob: "systemd/default/*"
|
|
|
|
- include_tasks: postfix.yml
|
|
- include_tasks: dovecot.yml
|
|
- include_tasks: tls.yml
|
|
|
|
- name: enabled services
|
|
systemd:
|
|
name: '{{item}}'
|
|
daemon-reload: true
|
|
enabled: true
|
|
with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
|
|
|
|
- name: reload/restart services
|
|
shell: 'systemctl reload-or-restart {{item|quote}}'
|
|
with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
|