Luciano Giacchetta
d61a4ddcef
All checks were successful
Molecule Tests / molecule-tests (pull_request) Successful in 7m18s
218 lines
6.2 KiB
YAML
218 lines
6.2 KiB
YAML
---
|
|
- name: "POSTFIX | Install postfix package"
|
|
ansible.builtin.apt:
|
|
name:
|
|
- postfix
|
|
- postfix-pcre # Often useful for advanced matching
|
|
- libsasl2-modules # Required for SASL authentication
|
|
state: present
|
|
update_cache: true
|
|
tags:
|
|
- postfix_install
|
|
|
|
- name: "POSTFIX | Configure /etc/mailname"
|
|
ansible.builtin.copy:
|
|
content: "{{ postfix_mail_domain }}\n"
|
|
dest: /etc/mailname
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
tags:
|
|
- postfix_config
|
|
|
|
- name: "POSTFIX | Configure main.cf"
|
|
ansible.builtin.template:
|
|
src: main.cf.j2
|
|
dest: /etc/postfix/main.cf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
validate: 'postfix check -c %s' # Validates the template before deploying
|
|
notify: Restart Postfix # Triggers the handler to restart the service
|
|
tags:
|
|
- postfix_config
|
|
|
|
- name: "POSTFIX | Configure smarthost credentials (if defined)"
|
|
when: postfix_relayhost_user is defined and postfix_relayhost_password is defined
|
|
block:
|
|
- name: "POSTFIX | Template the SASL password file"
|
|
ansible.builtin.template:
|
|
src: sasl_passwd.j2
|
|
dest: /etc/postfix/sasl_passwd
|
|
owner: root
|
|
group: root
|
|
mode: '0600' # Secure permissions for file with credentials
|
|
no_log: true # Prevents credentials from being displayed in Ansible logs
|
|
notify: Restart Postfix
|
|
|
|
- name: "POSTFIX | Create hash map for SASL password file"
|
|
ansible.builtin.command:
|
|
cmd: postmap hash:/etc/postfix/sasl_passwd
|
|
changed_when: true # The postmap command always updates the .db file
|
|
notify: Restart Postfix
|
|
tags:
|
|
- postfix_config
|
|
- postfix_smarthost
|
|
|
|
- name: "POSTFIX | Configure virtual mailbox maps"
|
|
when: dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
|
|
ansible.builtin.template:
|
|
src: virtual_mailbox_maps.j2
|
|
dest: /etc/postfix/virtual_mailbox_maps
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: virtual_mailbox_maps_template
|
|
notify: Restart Postfix
|
|
tags:
|
|
- postfix_config
|
|
- dovecot_config
|
|
|
|
- name: "POSTFIX | Create hash map for virtual mailbox maps"
|
|
when:
|
|
- dovecot_enabled | default(false) and dovecot_postfix_lmtp_enable | default(false)
|
|
- virtual_mailbox_maps_template.changed
|
|
ansible.builtin.command:
|
|
cmd: postmap hash:/etc/postfix/virtual_mailbox_maps
|
|
changed_when: true
|
|
notify: Restart Postfix
|
|
tags:
|
|
- postfix_config
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Install Dovecot packages"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.apt:
|
|
name: "{{ ['dovecot-core', 'dovecot-imapd', 'dovecot-pop3d', 'openssl'] + (['dovecot-lmtpd'] if dovecot_postfix_lmtp_enable | default(false) else []) }}"
|
|
state: present
|
|
tags:
|
|
- dovecot_install
|
|
|
|
- name: "DOVECOT | Install pwgen"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.apt:
|
|
name: pwgen
|
|
state: present
|
|
tags:
|
|
- dovecot_install
|
|
|
|
- name: "DOVECOT | Generate Dovecot token"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.shell:
|
|
cmd: "pwgen -s 16 1 > /etc/dovecot/dovecot_token"
|
|
creates: /etc/dovecot/dovecot_token
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Read Dovecot token"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.slurp:
|
|
src: /etc/dovecot/dovecot_token
|
|
register: dovecot_token_file
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Create vmail group"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.group:
|
|
name: vmail
|
|
gid: 5000
|
|
state: present
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Create vmail user"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.user:
|
|
name: vmail
|
|
uid: 5000
|
|
group: vmail
|
|
home: /var/vmail
|
|
create_home: true
|
|
system: true
|
|
shell: /usr/sbin/nologin
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Ensure vmail directory permissions"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.file:
|
|
path: /var/vmail
|
|
state: directory
|
|
owner: vmail
|
|
group: vmail
|
|
mode: '0700'
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Generate user password hashes"
|
|
when: dovecot_enabled | default(false) and dovecot_users | length > 0
|
|
ansible.builtin.command:
|
|
cmd: "openssl passwd -6 -salt {{ dovecot_token_value | quote }} {{ (dovecot_token_value + item.pass) | quote }}"
|
|
loop: "{{ dovecot_users }}"
|
|
register: dovecot_user_hashes
|
|
changed_when: false
|
|
vars:
|
|
dovecot_token_value: "{{ dovecot_token_file['content'] | b64decode | trim }}"
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Create users password file"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.template:
|
|
src: dovecot-users.j2
|
|
dest: /etc/dovecot/users
|
|
owner: root
|
|
group: dovecot
|
|
mode: '0640'
|
|
vars:
|
|
dovecot_token_value: "{{ dovecot_token_file['content'] | b64decode | trim }}"
|
|
notify: Restart Dovecot
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Detect Dovecot version"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.shell:
|
|
cmd: "dovecot --version | awk '{print $1}' | cut -d'(' -f1"
|
|
register: dovecot_version_raw
|
|
changed_when: false
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Set Dovecot major version fact"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.set_fact:
|
|
dovecot_major_version: "{{ dovecot_version_raw.stdout.split('.')[0] | int }}.{{ dovecot_version_raw.stdout.split('.')[1] | int }}"
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Configure dovecot.conf"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.template:
|
|
src: dovecot.conf.j2
|
|
dest: /etc/dovecot/dovecot.conf
|
|
owner: root
|
|
group: dovecot
|
|
mode: '0644'
|
|
notify: Restart Dovecot
|
|
tags:
|
|
- dovecot_config
|
|
|
|
- name: "DOVECOT | Configure conf.d files"
|
|
when: dovecot_enabled | default(false)
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "/etc/dovecot/conf.d/{{ item.dest }}"
|
|
owner: root
|
|
group: dovecot
|
|
mode: '0644'
|
|
loop:
|
|
- { src: '10-auth.conf.j2', dest: '10-auth.conf' }
|
|
- { src: 'auth-dovecot-users.conf.ext.j2', dest: 'auth-dovecot-users.conf.ext' }
|
|
- { src: '10-master.conf.j2', dest: '10-master.conf' }
|
|
- { src: '10-ssl.conf.j2', dest: '10-ssl.conf' }
|
|
- { src: '10-mail.conf.j2', dest: '10-mail.conf' }
|
|
notify: Restart Dovecot
|
|
tags:
|
|
- dovecot_config |