Files
@ 500658358454
Branch filter:
Location: majic-ansible-roles/roles/mail_server/tasks/main.yml - annotation
500658358454
4.6 KiB
text/x-yaml
MAR-44: Added backup server implementation. Updated testsite to include deployment of dedicated backup server. Documented the backup server implementation (except for usage instructions).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | 82951ff4f9f9 82951ff4f9f9 07956dae35fc 07956dae35fc 07956dae35fc 0ad9410c243a b453b7fcb189 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 284ed92d40bb 284ed92d40bb 284ed92d40bb 284ed92d40bb 284ed92d40bb 284ed92d40bb 96e9f230a669 96e9f230a669 96e9f230a669 0ad9410c243a 0ad9410c243a 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 0ad9410c243a 0ad9410c243a 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 0ad9410c243a 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 82951ff4f9f9 82951ff4f9f9 82951ff4f9f9 12abf97ac229 12abf97ac229 12abf97ac229 2f0d3abc3c49 2f0d3abc3c49 2f0d3abc3c49 12abf97ac229 12abf97ac229 12abf97ac229 12abf97ac229 07956dae35fc 12abf97ac229 12abf97ac229 12abf97ac229 07956dae35fc 07956dae35fc 07956dae35fc 07956dae35fc 12abf97ac229 12abf97ac229 107417b217e0 76ed37089b33 07956dae35fc 07956dae35fc 107417b217e0 f7579be2c24b f7579be2c24b f7579be2c24b f7579be2c24b f7579be2c24b f7579be2c24b 107417b217e0 107417b217e0 f7579be2c24b 107417b217e0 d9dae92d436c 107417b217e0 107417b217e0 ce1b1a242584 ce1b1a242584 e838bcb94a9e ce1b1a242584 ce1b1a242584 e838bcb94a9e 1b50bc1cc817 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 1b50bc1cc817 107417b217e0 107417b217e0 107417b217e0 12abf97ac229 a6633bcc83d1 12abf97ac229 12abf97ac229 12abf97ac229 12abf97ac229 12abf97ac229 a6633bcc83d1 12abf97ac229 107417b217e0 107417b217e0 107417b217e0 107417b217e0 107417b217e0 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 | ---
- name: Install rsync
apt: name="rsync" state=installed
- name: Install Dovecot packages
apt: name="{{ item }}" state=installed
with_items:
- dovecot-imapd
- dovecot-ldap
- dovecot-sieve
- dovecot-managesieved
- name: Install Postfix packages
apt: name="{{ item }}" state=installed
with_items:
- postfix
- postfix-ldap
notify:
- Purge Exim configuration
- name: Allow Postfix user to traverse the directory with TLS private keys
user: name=postfix append=yes groups=ssl-cert
- name: Allow Dovecot user to traverse the directory with TLS private keys
user: name=dovecot append=yes groups=ssl-cert
- name: Deploy SMTP TLS private key
copy: dest="/etc/ssl/private/{{ smtp_tls_key | basename }}" src="{{ smtp_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart Postfix
- name: Deploy SMTP TLS certificate
copy: dest="/etc/ssl/certs/{{ smtp_tls_certificate | basename }}" src="{{ smtp_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart Postfix
- name: Deploy IMAP TLS private key
copy: dest="/etc/ssl/private/{{ imap_tls_key | basename }}" src="{{ imap_tls_key }}"
mode=640 owner=root group=root
notify:
- Restart Dovecot
- name: Deploy IMAP TLS certificate
copy: dest="/etc/ssl/certs/{{ imap_tls_certificate | basename }}" src="{{ imap_tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart Dovecot
- name: Install SWAKS
apt: name="swaks" state=installed
- name: Install milter packages
apt: name=clamav-milter state=installed
- name: Configure ClamAV Milter
copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"
mode=644 owner=root group=root
notify:
- Restart ClamAV Milter
- name: Set-up privileges for directories within Postfix chroot
file: dest="{{ item }}" mode=755 state=directory owner=root group=root
with_items:
- /var/spool/postfix/var
- /var/spool/postfix/var/run
- name: Set-up privileges for directories within Postfix chroot
file: dest="{{ item }}" mode=755 state=directory owner=clamav group=clamav
with_items:
- /var/spool/postfix/var/run/clamav
- name: Copy the LDAP TLS truststore into Postfix chroot
command: rsync -Lpci "{{ mail_ldap_tls_truststore }}" "/var/spool/postfix/{{ mail_ldap_tls_truststore}}"
register: rsync_result
changed_when: "rsync_result.stdout != ''"
- name: Deploy Postfix configurations files for LDAP look-ups
template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=640
with_items:
- ldap-virtual-alias-maps
- ldap-virtual-mailbox-domains
- ldap-virtual-mailbox-maps
notify:
- Restart Postfix
- name: Deploy Postfix main configuration
template: src="main.cf.j2" dest="/etc/postfix/main.cf"
notify:
- Restart Postfix
- name: Create mail owner group
group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present
- name: Create mail owner user
user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
home="/var/{{ mail_user }}" state=present
- name: Disable Dovecot system authentication
lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent
notify:
- Restart Dovecot
- name: Deploy Dovecot configuration file with overrides
template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=644
notify:
- Restart Dovecot
- name: Deploy Dovecot configuration file for LDAP look-ups
template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=600
notify:
- Restart Dovecot
- name: Configure Postfix for Dovecot delivery
lineinfile: dest=/etc/postfix/master.cf state=present
regexp="dovecot"
line="dovecot unix - n n - - pipe flags=DRhu user={{ mail_user }}:{{ mail_user }} argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}"
notify:
- Restart Postfix
- name: Enable ClamAV service
service: name="{{ item }}" enabled=yes state=started
with_items:
- clamav-daemon
- clamav-freshclam
- name: Enable ClamAV milter service.
service: name=clamav-milter enabled=yes state=started
- name: Enable Postfix service
service: name=postfix enabled=yes state=started
- name: Enable Dovecot service
service: name=dovecot enabled=yes state=started
- name: Deploy firewall configuration for mail server
copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=640
notify:
- Restart ferm
|