|
@@ -70,6 +70,38 @@
|
|
|
state: started
|
|
|
enabled: true
|
|
|
|
|
|
- name: Retrieve IPv4 addresses of SMTP relay host
|
|
|
shell: "getent ahostsv4 '{{ smtp_relay_host }}' | awk '{ print $1 }' | sort -u" # noqa 306
|
|
|
# [306] Shells that use pipes should set the pipefail option
|
|
|
# The getent ahostsv4 command has non-zero exit code if the
|
|
|
# supplies name cannot be resolved. However, that is a valid
|
|
|
# use-case for extracting this information. It effectively means
|
|
|
# that no IPv4 firewall rules will be deployed for allowing
|
|
|
# incoming connections from the SMTP relay host.
|
|
|
changed_when: false
|
|
|
register: smtp_relay_host_ipv4
|
|
|
|
|
|
- name: Retrieve IPv6 addresses of SMTP relay host
|
|
|
shell: "getent ahostsv6 '{{ smtp_relay_host }}' | awk '{ print $1 }' | grep -v '^::ffff:' | sort -u" # noqa 306
|
|
|
# [306] Shells that use pipes should set the pipefail option
|
|
|
# The getent ahostsv6 command has non-zero exit code if the
|
|
|
# supplies name cannot be resolved. However, that is a valid
|
|
|
# use-case for extracting this information. It effectively means
|
|
|
# that no IPv6 firewall rules will be deployed for allowing
|
|
|
# incoming connections from the SMTP relay host.
|
|
|
changed_when: false
|
|
|
register: smtp_relay_host_ipv6
|
|
|
|
|
|
- name: Normalise the SMTP relay host IPv4 addresses variable
|
|
|
set_fact:
|
|
|
smtp_relay_host_ipv4: "{{ smtp_relay_host_ipv4.stdout_lines | reject('equalto', '') | list }}"
|
|
|
when: "smtp_relay_host | length != 0"
|
|
|
|
|
|
- name: Normalise the SMTP relay host IPv6 addresses variable
|
|
|
set_fact:
|
|
|
smtp_relay_host_ipv6: "{{ smtp_relay_host_ipv6.stdout_lines | reject('equalto', '') | list }}"
|
|
|
when: "smtp_relay_host | length != 0"
|
|
|
|
|
|
- name: Deploy firewall configuration for mail forwader
|
|
|
template:
|
|
|
src: "ferm_mail.conf.j2"
|