Files @ 3722152897ec
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/tasks/main.yml - annotation

branko
MAR-218: Disable Ansible lints for prefixed role variable names:

- At this point in time, it does not make much sense to introduce
prefixing and breaking every single role invocation.
- Might be worth revisting down the line, although it would require
understanding a bit more clearly if prefixing has any kind of
special logic handling or it's pure guidelines.
7ab6518de03b
7ab6518de03b
7ab6518de03b
23200e1ae9a8
23200e1ae9a8
13982172ed2e
61e6cfb81789
01f4b619cfa6
01f4b619cfa6
01f4b619cfa6
13982172ed2e
01f4b619cfa6
61e6cfb81789
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
13982172ed2e
7ab6518de03b
1b05bae8e440
f774e938a4ed
f774e938a4ed
f774e938a4ed
f774e938a4ed
f774e938a4ed
f774e938a4ed
1b05bae8e440
af834be42e8e
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
ed73868fa196
bf96a77e88ab
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
bf96a77e88ab
bf96a77e88ab
bf96a77e88ab
7ab6518de03b
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
7ab6518de03b
922cda0a1834
7ab6518de03b
7ab6518de03b
c9b8c60fbd5e
aa7b596ef595
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
aa7b596ef595
a561d73e3242
441a70c073b9
a3d247bb2e09
a3d247bb2e09
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
a3d247bb2e09
a3d247bb2e09
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
441a70c073b9
13fd27e4004c
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
23200e1ae9a8
13fd27e4004c
13fd27e4004c
13fd27e4004c
c9b8c60fbd5e
23200e1ae9a8
23200e1ae9a8
13982172ed2e
7387caca37f3
7387caca37f3
3802c52995e5
fcf5abdd3ad5
7387caca37f3
7387caca37f3
---

- name: Install Postfix
  apt:
    name: postfix
    state: present

- name: Install procmail
  apt:
    name: procmail
    state: present

- name: Purge Exim configuration
  apt:
    name: "exim4*"
    state: absent
    purge: true

- name: Deploy the SMTP relay TLS truststore
  copy:
    content: "{{ smtp_relay_truststore }}"
    dest: "/etc/ssl/certs/smtp_relay_truststore.pem"
    owner: root
    group: root
    mode: 0644

- name: Generate the SMTP server Diffie-Hellman parameter
  openssl_dhparam:
    owner: root
    group: root
    mode: 0640
    path: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.dh.pem"
    size: 2048
  notify:
    - Restart Postfix

- name: Configure visible mail name of the system
  copy:
    content: "{{ inventory_hostname }}"
    dest: "/etc/mailname"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  template:
    src: "main.cf.j2"
    dest: "/etc/postfix/main.cf"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Enable and start postfix service
  service:
    name: postfix
    state: started
    enabled: true

- name: Retrieve IPv4 addresses of SMTP relay host
  shell: "getent ahostsv4 '{{ smtp_relay_host }}' | awk '{ print $1 }' | sort -u"  # noqa risky-shell-pipe
  # [risky-shell-pipe] Shells that use pipes should set the pipefail option
  #   The getent ahostsv4 command has non-zero exit code if the
  #   supplies name cannot be resolved. However, that is a valid
  #   use-case for extracting this information. It effectively means
  #   that no IPv4 firewall rules will be deployed for allowing
  #   incoming connections from the SMTP relay host.
  changed_when: false
  register: smtp_relay_host_ipv4

- name: Retrieve IPv6 addresses of SMTP relay host
  shell: "getent ahostsv6 '{{ smtp_relay_host }}' | awk '{ print $1 }' | grep -v '^::ffff:' | sort -u"  # noqa risky-shell-pipe
  # [risky-shell-pipe] Shells that use pipes should set the pipefail option
  #   The getent ahostsv6 command has non-zero exit code if the
  #   supplies name cannot be resolved. However, that is a valid
  #   use-case for extracting this information. It effectively means
  #   that no IPv6 firewall rules will be deployed for allowing
  #   incoming connections from the SMTP relay host.
  changed_when: false
  register: smtp_relay_host_ipv6

- name: Normalise the SMTP relay host IPv4 addresses variable
  set_fact:
    smtp_relay_host_ipv4: "{{ smtp_relay_host_ipv4.stdout_lines | reject('equalto', '') | list }}"
  when: "smtp_relay_host | length != 0"

- name: Normalise the SMTP relay host IPv6 addresses variable
  set_fact:
    smtp_relay_host_ipv6: "{{ smtp_relay_host_ipv6.stdout_lines | reject('equalto', '') | list }}"
  when: "smtp_relay_host | length != 0"

- name: Deploy firewall configuration for mail forwader
  template:
    src: "ferm_mail.conf.j2"
    dest: "/etc/ferm/conf.d/20-mail.conf"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart ferm

- name: Install SWAKS
  apt:
    name: swaks
    state: present

- name: Explicitly run all handlers
  include_tasks: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers