diff --git a/roles/mail_server/tasks/main.yml b/roles/mail_server/tasks/main.yml index 4024e27bc0efe4ff088893d6b5731906293ddc28..486ff223d636232437b3d613253bf0ffd679ca87 100644 --- a/roles/mail_server/tasks/main.yml +++ b/roles/mail_server/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Install rsync - apt: + ansible.builtin.apt: name: rsync state: present - name: Install Dovecot packages - apt: + ansible.builtin.apt: name: - dovecot-imapd - dovecot-ldap @@ -15,32 +15,32 @@ state: present - name: Install Postfix packages - apt: + ansible.builtin.apt: name: - postfix - postfix-ldap state: present - name: Purge Exim configuration - apt: + ansible.builtin.apt: name: "exim4*" state: absent purge: true - name: Allow Postfix user to traverse the directory with TLS private keys - user: + ansible.builtin.user: name: postfix append: true groups: ssl-cert - name: Allow Dovecot user to traverse the directory with TLS private keys - user: + ansible.builtin.user: name: dovecot append: true groups: ssl-cert - name: Deploy SMTP TLS private key - copy: + ansible.builtin.copy: dest: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.key" content: "{{ smtp_tls_key }}" mode: "0640" @@ -50,7 +50,7 @@ - Restart Postfix - name: Deploy SMTP TLS certificate - copy: + ansible.builtin.copy: dest: "/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem" content: "{{ smtp_tls_certificate }}" mode: "0644" @@ -60,7 +60,7 @@ - Restart Postfix - name: Generate the SMTP server Diffie-Hellman parameter - openssl_dhparam: + community.crypto.openssl_dhparam: owner: root group: root mode: "0640" @@ -70,7 +70,7 @@ - Restart Postfix - name: Deploy IMAP TLS private key - copy: + ansible.builtin.copy: dest: "/etc/ssl/private/{{ ansible_fqdn }}_imap.key" content: "{{ imap_tls_key }}" mode: "0640" @@ -80,7 +80,7 @@ - Restart Dovecot - name: Deploy IMAP TLS certificate - copy: + ansible.builtin.copy: dest: "/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem" content: "{{ imap_tls_certificate }}" mode: "0644" @@ -90,7 +90,7 @@ - Restart Dovecot - name: Generate the IMAP server Diffie-Hellman parameter - openssl_dhparam: + community.crypto.openssl_dhparam: owner: root group: root mode: "0640" @@ -100,7 +100,7 @@ - Restart Dovecot - name: Deploy configuration files for checking certificate validity via cron - copy: + ansible.builtin.copy: content: "/etc/ssl/certs/{{ ansible_fqdn }}_{{ item }}.pem" dest: "/etc/check_certificate/{{ ansible_fqdn }}_{{ item }}.conf" owner: root @@ -111,17 +111,17 @@ - imap - name: Install SWAKS - apt: + ansible.builtin.apt: name: swaks state: present - name: Install milter packages - apt: + ansible.builtin.apt: name: clamav-milter state: present - name: Configure ClamAV Milter - copy: + ansible.builtin.copy: dest: "/etc/clamav/clamav-milter.conf" src: "clamav-milter.conf" mode: "0644" @@ -131,7 +131,7 @@ - Restart ClamAV Milter - name: Set-up privileges for directories within Postfix chroot - file: + ansible.builtin.file: dest: "{{ item }}" mode: "0755" state: directory @@ -142,7 +142,7 @@ - /var/spool/postfix/var/run - name: Set-up privileges for directories within Postfix chroot - file: + ansible.builtin.file: dest: "{{ item }}" state: directory owner: clamav @@ -152,7 +152,7 @@ - /var/spool/postfix/var/run/clamav - name: Deploy the LDAP TLS truststore in default location - copy: + ansible.builtin.copy: content: "{{ mail_ldap_tls_truststore }}" dest: "/etc/ssl/certs/mail_ldap_tls_truststore.pem" owner: root @@ -160,7 +160,7 @@ mode: "0644" - name: Deploy the LDAP TLS truststore in Postfix chroot - copy: + ansible.builtin.copy: content: "{{ mail_ldap_tls_truststore }}" dest: "/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem" owner: root @@ -170,7 +170,7 @@ - Restart Postfix - name: Configure visible mail name of the system - copy: + ansible.builtin.copy: content: "{{ inventory_hostname }}" dest: "/etc/mailname" owner: root @@ -180,7 +180,7 @@ - Restart Postfix - name: Deploy Postfix configurations files for LDAP look-ups - template: + ansible.builtin.template: src: "{{ item }}.cf.j2" dest: "/etc/postfix/{{ item }}.cf" owner: root @@ -194,7 +194,7 @@ - Restart Postfix - name: Deploy Postfix main configuration - template: + ansible.builtin.template: src: "main.cf.j2" dest: "/etc/postfix/main.cf" owner: root @@ -204,7 +204,7 @@ - Restart Postfix - name: Set-up local mail aliases - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/aliases" line: "{{ item.key }}: {{ item.value }}" regexp: "^{{ item.key }}" @@ -214,13 +214,13 @@ - Rebuild mail aliases - name: Create mail owner group - group: + ansible.builtin.group: name: "{{ mail_user }}" gid: "{{ mail_user_gid | default(omit) }}" state: present - name: Create mail owner user - user: + ansible.builtin.user: name: "{{ mail_user }}" uid: "{{ mail_user_uid | default(omit) }}" group: "{{ mail_user }}" @@ -228,7 +228,7 @@ state: present - name: Disable Dovecot system authentication - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/dovecot/conf.d/10-auth.conf" line: "!include auth-system.conf.ext" state: absent @@ -236,7 +236,7 @@ - Restart Dovecot - name: Deploy Dovecot configuration file with overrides - template: + ansible.builtin.template: src: "99-local.conf.j2" dest: "/etc/dovecot/conf.d/99-local.conf" owner: root @@ -246,7 +246,7 @@ - Restart Dovecot - name: Deploy Dovecot configuration file for LDAP look-ups - template: + ansible.builtin.template: src: "dovecot-ldap.conf.ext.j2" dest: "/etc/dovecot/dovecot-ldap.conf.ext" owner: root @@ -256,7 +256,7 @@ - Restart Dovecot - name: Deploy Postifx master process configuration - template: + ansible.builtin.template: src: "master.cf.j2" dest: "/etc/postfix/master.cf" owner: root @@ -266,13 +266,13 @@ - Restart Postfix - name: Enable and start ClamAV database update service (freshclam) - service: + ansible.builtin.service: name: clamav-freshclam state: started enabled: true - name: Check availability of ClamAV database files - stat: + ansible.builtin.stat: path: "{{ item }}" with_items: - /var/lib/clamav/bytecode.cld @@ -283,12 +283,12 @@ - name: Wait for ClamAV database to be available (up to 10 minutes) when: not item.stat.exists with_items: "{{ clamav_db_files.results }}" - wait_for: + ansible.builtin.wait_for: path: "{{ item.item | replace('.cld', '.cvd') }}" timeout: 600 - name: Enable and start ClamAV daemon and milter services - service: + ansible.builtin.service: name: "{{ item }}" state: started enabled: true @@ -298,24 +298,24 @@ # It may take ClamAV a while to read all the necessary database files etc. - name: Wait for ClamAV to become available (up to 5 minutes) - wait_for: + ansible.builtin.wait_for: path: "/var/run/clamav/clamd.ctl" timeout: 300 - name: Enable and start Postfix service - service: + ansible.builtin.service: name: postfix state: started enabled: true - name: Enable and start Dovecot service - service: + ansible.builtin.service: name: dovecot state: started enabled: true - name: Deploy firewall configuration for mail server - copy: + ansible.builtin.copy: src: "ferm_mail.conf" dest: "/etc/ferm/conf.d/20-mail.conf" owner: root @@ -325,7 +325,7 @@ - Restart ferm - name: Explicitly run all handlers - include_tasks: ../handlers/main.yml + ansible.builtin.include_tasks: ../handlers/main.yml when: "run_handlers | default(False) | bool()" tags: - handlers