majic-ansible-roles Files · roles/mail

Files @ 701044d4cbba

Branch filter:

Location: majic-ansible-roles/roles/mail_server/tasks/main.yml - annotation

701044d4cbba 6.3 KiB text/x-yaml Show Source Show as Raw Download as Raw

branko

MAR-31: Added scaffolding for testing xmpp_server role:

- Fixed wrong default for xmpp_domains parameter (should be a list).
- Added Molecule configuration file with LDAP server, client, and two XMPP
server instances.
- Added test playbook that sets-up all servers.
- Fixed mode syntax issues (use lead zero).
- Added data required for testing.
- Added dummy file with tests.

82951ff4f9f9
82951ff4f9f9
07956dae35fc
07956dae35fc
07956dae35fc
0ad9410c243a
b453b7fcb189
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
0ad9410c243a
61e6cfb81789
61e6cfb81789
61e6cfb81789
0ad9410c243a
284ed92d40bb
284ed92d40bb
284ed92d40bb
284ed92d40bb
284ed92d40bb
284ed92d40bb
96e9f230a669
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
0ad9410c243a
0ad9410c243a
96e9f230a669
96e9f230a669
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
0ad9410c243a
0ad9410c243a
96e9f230a669
96e9f230a669
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
96e9f230a669
0ad9410c243a
96e9f230a669
96e9f230a669
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
96e9f230a669
96e9f230a669
96e9f230a669
aa2802e42d9d
aa2802e42d9d
64823e04bd4b
aa2802e42d9d
aa2802e42d9d
aa2802e42d9d
aa2802e42d9d
82951ff4f9f9
82951ff4f9f9
82951ff4f9f9
12abf97ac229
12abf97ac229
12abf97ac229
2f0d3abc3c49
2f0d3abc3c49
64823e04bd4b
12abf97ac229
12abf97ac229
12abf97ac229
12abf97ac229
64823e04bd4b
12abf97ac229
12abf97ac229
12abf97ac229
07956dae35fc
07956dae35fc
64823e04bd4b
07956dae35fc
12abf97ac229
12abf97ac229
1b05bae8e440
1b05bae8e440
64823e04bd4b
1b05bae8e440
1b05bae8e440
1b05bae8e440
64823e04bd4b
0004ec73b902
0004ec73b902
107417b217e0
bf96a77e88ab
bf96a77e88ab
bf96a77e88ab
bf96a77e88ab
bf96a77e88ab
bf96a77e88ab
f7579be2c24b
64823e04bd4b
f7579be2c24b
f7579be2c24b
f7579be2c24b
f7579be2c24b
107417b217e0
107417b217e0
f7579be2c24b
107417b217e0
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
277c561f3f52
107417b217e0
107417b217e0
ce1b1a242584
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
3bd270c9e860
ce1b1a242584
e838bcb94a9e
ce1b1a242584
ce1b1a242584
e838bcb94a9e
1b50bc1cc817
107417b217e0
107417b217e0
107417b217e0
107417b217e0
107417b217e0
107417b217e0
107417b217e0
64823e04bd4b
107417b217e0
107417b217e0
107417b217e0
107417b217e0
64823e04bd4b
107417b217e0
107417b217e0
107417b217e0
a9e97d3e2306
f344ed6181a9
64823e04bd4b
107417b217e0
107417b217e0
107417b217e0
a561d73e3242
a561d73e3242
a561d73e3242
a561d73e3242
12abf97ac229
12abf97ac229
12abf97ac229
a561d73e3242
a561d73e3242
a561d73e3242
12abf97ac229
5a15eda01800
5a15eda01800
5a15eda01800
97be416e882e
97be416e882e
97be416e882e
5a15eda01800
97be416e882e
97be416e882e
97be416e882e
97be416e882e
97be416e882e
97be416e882e
922cda0a1834
97be416e882e
5a15eda01800
5a15eda01800
a561d73e3242
a561d73e3242
a561d73e3242
a561d73e3242
12abf97ac229
107417b217e0
a561d73e3242
107417b217e0
107417b217e0
a561d73e3242
eb9a1b525c77
eb9a1b525c77
64823e04bd4b
eb9a1b525c77
f05039c7d383
7387caca37f3
7387caca37f3
7387caca37f3
7387caca37f3
7387caca37f3
7387caca37f3

---

- name: Install rsync
  apt: name="rsync" state=installed

- name: Install Dovecot packages
  apt: name="{{ item }}" state=installed
  with_items:
    - dovecot-imapd
    - dovecot-ldap
    - dovecot-sieve
    - dovecot-managesieved

- name: Install Postfix packages
  apt: name="{{ item }}" state=installed
  with_items:
    - postfix
    - postfix-ldap

- name: Purge Exim configuration
  apt: name="exim4*" state=absent purge=yes

- name: Allow Postfix user to traverse the directory with TLS private keys
  user: name=postfix append=yes groups=ssl-cert

- name: Allow Dovecot user to traverse the directory with TLS private keys
  user: name=dovecot append=yes groups=ssl-cert

- name: Deploy SMTP TLS private key
  copy:
    dest: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.key"
    content: "{{ smtp_tls_key }}"
    mode: 0640
    owner: root
    group: root
  notify:
    - Restart Postfix

- name: Deploy SMTP TLS certificate
  copy:
    dest: "/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem"
    content: "{{ smtp_tls_certificate }}"
    mode: 0644
    owner: root
    group: root
  notify:
    - Restart Postfix

- name: Deploy IMAP TLS private key
  copy:
    dest: "/etc/ssl/private/{{ ansible_fqdn }}_imap.key"
    content: "{{ imap_tls_key }}"
    mode: 0640
    owner: root
    group: root
  notify:
    - Restart Dovecot

- name: Deploy IMAP TLS certificate
  copy:
    dest: "/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem"
    content: "{{ imap_tls_certificate }}"
    mode: 0644
    owner: root
    group: root
  notify:
    - Restart Dovecot

- name: Deploy configuration files for checking certificate validity via cron
  copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf"
        owner=root group=root mode=0644
  with_items:
    - smtp
    - imap

- name: Install SWAKS
  apt: name="swaks" state=installed

- name: Install milter packages
  apt: name=clamav-milter state=installed

- name: Configure ClamAV Milter
  copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"
        mode=0644 owner=root group=root
  notify:
    - Restart ClamAV Milter

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=0755 state=directory owner=root group=root
  with_items:
    - /var/spool/postfix/var
    - /var/spool/postfix/var/run

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=0755 state=directory owner=clamav group=clamav
  with_items:
    - /var/spool/postfix/var/run/clamav

- name: Deploy the LDAP TLS truststore in default location
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=0644

- name: Deploy the LDAP TLS truststore in Postfix chroot
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=0644
  notify:
    - Restart Postfix

- name: Configure visible mail name of the system
  copy: content="{{ inventory_hostname }}\n" dest="/etc/mailname"
        owner=root group=root mode=0644
  notify:
    - Restart Postfix

- name: Deploy Postfix configurations files for LDAP look-ups
  template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=0640
  with_items:
    - ldap-virtual-alias-maps
    - ldap-virtual-mailbox-domains
    - ldap-virtual-mailbox-maps
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  template:
    src: "main.cf.j2"
    dest: "/etc/postfix/main.cf"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Create mail owner group
  group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present

- name: Create mail owner user
  user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
        home="/var/{{ mail_user }}" state=present

- name: Disable Dovecot system authentication
  lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file with overrides
  template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=0644
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file for LDAP look-ups
  template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=0600
  notify:
    - Restart Dovecot

- name: Deploy Postifx master process configuration
  template: src="master.cf.j2" dest="/etc/postfix/master.cf"
            owner=root group=root mode=0644
  notify:
    - Restart Postfix

- name: Enable services on boot (workaround for systemctl broken handling of SysV)
  command: "rcconf -on {{ item }}"
  register: result
  changed_when: result.stderr == ""
  with_items:
    - clamav-daemon
    - clamav-freshclam
    - clamav-milter
    - postfix
    - dovecot

- name: Enable ClamAV database update service (freshclam)
  service: name=clamav-freshclam state=started

- name: Check availability of ClamAV database files
  stat: path="{{ item }}"
  register: clamav_db_files
  with_items:
    - /var/lib/clamav/bytecode.cld
    - /var/lib/clamav/daily.cld
    - /var/lib/clamav/main.cld

- name: Wait for ClamAV database to be available (up to 10 minutes)
  wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600
  with_items: "{{ clamav_db_files.results }}"
  when: not item.stat.exists

- name: Enable ClamAV daemon and milter services
  service: name="{{ item }}" state=started
  with_items:
    - clamav-daemon
    - clamav-milter

- name: Enable Postfix service
  service: name=postfix state=started

- name: Enable Dovecot service
  service: name=dovecot state=started

- name: Deploy firewall configuration for mail server
  copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=0640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers