Files @ 7977a2033d9a
Branch filter:

Location: majic-ansible-roles/roles/mail_server/tasks/main.yml

7977a2033d9a 5.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
Noticket: Fixed ldap_permissions module - if no olcAccess rules are defined, assume empty list (otherwise we get key lookup exception).
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
---

- name: Install rsync
  apt: name="rsync" state=installed

- name: Install Dovecot packages
  apt: name="{{ item }}" state=installed
  with_items:
    - dovecot-imapd
    - dovecot-ldap
    - dovecot-sieve
    - dovecot-managesieved

- name: Install Postfix packages
  apt: name="{{ item }}" state=installed
  with_items:
    - postfix
    - postfix-ldap

- name: Purge Exim configuration
  apt: name="exim4*" state=absent purge=yes

- name: Allow Postfix user to traverse the directory with TLS private keys
  user: name=postfix append=yes groups=ssl-cert

- name: Allow Dovecot user to traverse the directory with TLS private keys
  user: name=dovecot append=yes groups=ssl-cert

- name: Deploy SMTP TLS private key
  copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_smtp.key" content="{{ smtp_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart Postfix

- name: Deploy SMTP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_smtp.pem" content="{{ smtp_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Postfix

- name: Deploy IMAP TLS private key
  copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_imap.key" content="{{ imap_tls_key }}"
        mode=640 owner=root group=root
  notify:
    - Restart Dovecot

- name: Deploy IMAP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_imap.pem" content="{{ imap_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Dovecot

- name: Install SWAKS
  apt: name="swaks" state=installed

- name: Install milter packages
  apt: name=clamav-milter state=installed

- name: Configure ClamAV Milter
  copy: dest="/etc/clamav/clamav-milter.conf" src="clamav-milter.conf"
        mode=644 owner=root group=root
  notify:
    - Restart ClamAV Milter

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=755 state=directory owner=root group=root
  with_items:
    - /var/spool/postfix/var
    - /var/spool/postfix/var/run

- name: Set-up privileges for directories within Postfix chroot
  file: dest="{{ item }}" mode=755 state=directory owner=clamav group=clamav
  with_items:
    - /var/spool/postfix/var/run/clamav

- name: Deploy the LDAP TLS truststore in default location
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=644

- name: Deploy the LDAP TLS truststore in Postfix chroot
  copy: content="{{ mail_ldap_tls_truststore }}" dest="/var/spool/postfix/etc/ssl/certs/mail_ldap_tls_truststore.pem"
        owner=root group=root mode=644

- name: Deploy Postfix configurations files for LDAP look-ups
  template: src="{{ item }}.cf.j2" dest="/etc/postfix/{{ item }}.cf" owner=root group=postfix mode=640
  with_items:
    - ldap-virtual-alias-maps
    - ldap-virtual-mailbox-domains
    - ldap-virtual-mailbox-maps
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  template: src="main.cf.j2" dest="/etc/postfix/main.cf"
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Create mail owner group
  group: name="{{ mail_user }}" gid="{{ mail_user_gid | default(omit) }}" state=present

- name: Create mail owner user
  user: name="{{ mail_user }}" uid="{{ mail_user_uid | default(omit) }}" group="{{ mail_user }}"
        home="/var/{{ mail_user }}" state=present

- name: Disable Dovecot system authentication
  lineinfile: dest="/etc/dovecot/conf.d/10-auth.conf" line="!include auth-system.conf.ext" state=absent
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file with overrides
  template: src="99-local.conf.j2" dest="/etc/dovecot/conf.d/99-local.conf" owner=root group=root mode=644
  notify:
    - Restart Dovecot

- name: Deploy Dovecot configuration file for LDAP look-ups
  template: src="dovecot-ldap.conf.ext.j2" dest="/etc/dovecot/dovecot-ldap.conf.ext" owner=root group=root mode=600
  notify:
    - Restart Dovecot

- name: Deploy Postifx master process configuration
  copy: src="master.cf" dest="/etc/postfix/master.cf"
        owner=root group=root mode=644
  notify:
    - Restart Postfix

- name: Enable services on boot (workaround for systemctl broken handling of SysV)
  command: "rcconf -on {{ item }}"
  register: result
  changed_when: result.stderr == ""
  with_items:
    - clamav-daemon
    - clamav-freshclam
    - clamav-milter
    - postfix
    - dovecot

- name: Enable ClamAV database update service (freshclam)
  service: name=clamav-freshclam state=started

- name: Check availability of ClamAV database files
  stat: path="{{ item }}"
  register: clamav_db_files
  with_items:
    - /var/lib/clamav/bytecode.cld
    - /var/lib/clamav/daily.cld
    - /var/lib/clamav/main.cld

- name: Wait for ClamAV database to be available (up to 10 minutes)
  wait_for: path="{{ item.item | replace('.cld', '.cvd') }}" timeout=600
  with_items: "{{ clamav_db_files.results }}"
  when: not item.stat.exists

- name: Enable ClamAV daemon and milter services
  service: name="{{ item }}" state=started
  with_items:
    - clamav-daemon
    - clamav-milter

- name: Enable Postfix service
  service: name=postfix state=started

- name: Enable Dovecot service
  service: name=dovecot state=started

- name: Deploy firewall configuration for mail server
  copy: src="ferm_mail.conf" dest="/etc/ferm/conf.d/20-mail.conf" owner=root group=root mode=640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.