ansible-role-mail/tasks/main.yml

191 lines
3.8 KiB
YAML

---
# vim: set et sw=2 ts=2 sts=2:
- name: install gnutls, postfix & dovecot
apt:
name:
# X509
- gnutls-bin
# ansible
- python3-pip
- python3-openssl
- python3-psycopg2
#- libpam-ldapd
# postfix
- postfix
- postfix-pcre
- postfix-cdb
- postfix-lmdb
# milter
- opendkim
- opendkim-tools
- opendmarc
- postfix-policyd-spf-python
# for rewriting sender (tries to fix forwarding+SPF-problem)
- postsrsd
# imap
- dovecot-core
- dovecot-imapd
- dovecot-managesieved
- dovecot-ldap
- dovecot-gssapi
- dovecot-lmtpd
# ruby - scripts
- ruby
- ruby-gem
- name: 'directory-structures (/etc/postfix-&/etc/dovecot&...)'
file:
dest: "{{item}}"
owner: root
group: root
mode: 0755
state: directory
with_items:
- /etc/postfix
- /etc/dovecot
- /etc/dovecot/conf.d
- /etc/dkimkeys
- /etc/systemd/system/dovecot.service.d
- name: Groups
group:
name: "{{item}}"
system: yes
with_items:
- vmail
- milter
- name: vmail-user for Mailboxes
user:
name: vmail
uid: '{{postfix_vmail_uid}}'
comment: Mailboxes
group: vmail
shell: /bin/false
createhome: no
home: /var/mail/vmail
move_home: no
skeleton: no
system: yes
- name: add milter-group-members
user:
name: "{{item}}"
append: yes
groups: milter
with_items:
- opendkim
- opendmarc
- postfix
- name: '/var/mail'
file:
dest: /var/mail
group: vmail
owner: vmail
state: directory
mode: 03700
- name: '/var/mail domains'
file:
dest: '/var/mail/{{item}}'
group: vmail
owner: vmail
state: directory
mode: 03700
with_items: '{{mail_domains}}'
- name: /etc/mailname
copy:
dest: /etc/mailname
content: "{{mail_server_fqdn}}"
- file:
dest: /var/spool/postfix/milter
owner: postfix
group: milter
mode: 0570
state: directory
- name: 'opendkim: config'
lineinfile:
path: /etc/opendkim.conf
regexp: '^{{item.key}}[ \t]'
insertafter: '^#{{item.key}}[ \t]'
line: '{{item.key}} {{item.value}}'
with_dict:
Domain: '{{mail_server_fqdn}}'
KeyFile: '/etc/dkimkeys/{{mail_dkim_selector}}.key'
Socket: local:/var/spool/postfix/milter/opendkim
Selector: '{{mail_dkim_selector}}'
- name: 'DKIM-key'
shell: |
set -e
f={{item|quote}}
ulimit 0400
opendkim-genkey --bits 2048 --domain {{mail_server_fqdn|quote}} --restrict --selector "$f"
chown opendkim:root "$f.private" "$f.txt"
mv "$f.private" "$f.key"
mv "$f.txt" "$f.zone"
args:
chdir: /etc/dkimkeys
creates: "{{item}}.key"
with_items:
- "{{mail_dkim_selector}}"
- name: 'opendmarc: config'
lineinfile:
path: /etc/opendmarc.conf
regexp: '^{{item.key}}[ \t]'
insertafter: '^#{{item.key}}[ \t]'
line: '{{item.key}} {{item.value}}'
with_dict:
Socket: local:/var/spool/postfix/milter/opendmarc
- name: 'postscreen access via SPF entries generator'
copy:
src: postscreen_access_spf_generator.rb
dest: /usr/local/bin
owner: root
group: root
mode: 0755
- name: copy systemd-services
copy:
src: "{{item}}"
dest: /etc/systemd/system
owner: root
group: root
mode: 0444
with_fileglob: "systemd/system/*"
- name: copy service-configs
copy:
src: "{{item}}"
dest: /etc/default
owner: root
group: root
mode: 0444
with_fileglob: "systemd/default/*"
- include_tasks: postfix.yml
- include_tasks: dovecot.yml
- include_tasks: tls.yml
- name: enabled services
systemd:
name: '{{item}}'
daemon-reload: true
enabled: true
with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]
- name: reload/restart services
shell: 'systemctl reload-or-restart {{item|quote}}'
with_items: [dovecot, postfix, opendkim, opendmarc, postsrsd]