Files @ 770551dc8c6f
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/tasks/main.yml

770551dc8c6f 1.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-148: Improve the SSH connectivity tests in backup_server role to be more reliable:

- Introduce a session-level fixture for setting permissions for client
SSH private keys (fixes errors related to SSH requesting tighter
permissions).
- Add assertions for the tests that verify the backup clients cannot
connect to the regular SSH server in case the SSH private keys do
not have correct permissions (just in case).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---

- name: Install Postfix
  apt:
    name: postfix
    state: present

- name: Install procmail
  apt:
    name: procmail
    state: present

- name: Purge Exim configuration
  apt:
    name: "exim4*"
    state: absent
    purge: true

- name: Deploy the SMTP relay TLS truststore
  copy:
    content: "{{ smtp_relay_truststore }}"
    dest: "/etc/ssl/certs/smtp_relay_truststore.pem"
    owner: root
    group: root
    mode: 0644

- name: Configure visible mail name of the system
  copy:
    content: "{{ inventory_hostname }}"
    dest: "/etc/mailname"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  template:
    src: "main.cf.j2"
    dest: "/etc/postfix/main.cf"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Enable Postfix service on boot (workaround for systemctl broken handling of SysV)
  command: "rcconf -on postfix"
  register: result
  changed_when: not result.stderr

- name: Enable postfix service
  service:
    name: postfix
    state: started

- name: Deploy firewall configuration for mail forwader
  template:
    src: "ferm_mail.conf.j2"
    dest: "/etc/ferm/conf.d/20-mail.conf"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart ferm

- name: Install SWAKS
  apt:
    name: swaks
    state: present

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.