Files @ c10934519e18
Branch filter:

Location: majic-ansible-roles/roles/mail_forwarder/tasks/main.yml

c10934519e18 3.7 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-218: Switch to using fully-qualified collection names for all tasks:

- Ensures there is no ambiguity when invoking a module.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---

- name: Install Postfix
  ansible.builtin.apt:
    name: postfix
    state: present

- name: Install procmail
  ansible.builtin.apt:
    name: procmail
    state: present

- name: Purge Exim configuration
  ansible.builtin.apt:
    name: "exim4*"
    state: absent
    purge: true

- name: Deploy the SMTP relay TLS truststore
  ansible.builtin.copy:
    content: "{{ smtp_relay_truststore }}"
    dest: "/etc/ssl/certs/smtp_relay_truststore.pem"
    owner: root
    group: root
    mode: "0644"

- name: Generate the SMTP server Diffie-Hellman parameter
  community.crypto.openssl_dhparam:
    owner: root
    group: root
    mode: "0640"
    path: "/etc/ssl/private/{{ ansible_fqdn }}_smtp.dh.pem"
    size: 2048
  notify:
    - Restart Postfix

- name: Configure visible mail name of the system
  ansible.builtin.copy:
    content: "{{ inventory_hostname }}"
    dest: "/etc/mailname"
    owner: root
    group: root
    mode: "0644"
  notify:
    - Restart Postfix

- name: Deploy Postfix main configuration
  ansible.builtin.template:
    src: "main.cf.j2"
    dest: "/etc/postfix/main.cf"
    owner: root
    group: root
    mode: "0644"
  notify:
    - Restart Postfix

- name: Set-up local mail aliases
  ansible.builtin.lineinfile:
    dest: "/etc/aliases"
    line: "{{ item.key }}: {{ item.value }}"
    regexp: "^{{ item.key }}"
    state: present
  with_dict: "{{ local_mail_aliases }}"
  notify:
    - Rebuild mail aliases

- name: Enable and start postfix service
  ansible.builtin.service:
    name: postfix
    state: started
    enabled: true

- name: Retrieve IPv4 addresses of SMTP relay host
  ansible.builtin.shell: "getent ahostsv4 '{{ smtp_relay_host }}' | awk '{ print $1 }' | sort -u"  # noqa risky-shell-pipe
  # [risky-shell-pipe] Shells that use pipes should set the pipefail option
  #   The getent ahostsv4 command has non-zero exit code if the
  #   supplies name cannot be resolved. However, that is a valid
  #   use-case for extracting this information. It effectively means
  #   that no IPv4 firewall rules will be deployed for allowing
  #   incoming connections from the SMTP relay host.
  changed_when: false
  register: smtp_relay_host_ipv4

- name: Retrieve IPv6 addresses of SMTP relay host
  ansible.builtin.shell: "getent ahostsv6 '{{ smtp_relay_host }}' | awk '{ print $1 }' | grep -v '^::ffff:' | sort -u"  # noqa risky-shell-pipe
  # [risky-shell-pipe] Shells that use pipes should set the pipefail option
  #   The getent ahostsv6 command has non-zero exit code if the
  #   supplies name cannot be resolved. However, that is a valid
  #   use-case for extracting this information. It effectively means
  #   that no IPv6 firewall rules will be deployed for allowing
  #   incoming connections from the SMTP relay host.
  changed_when: false
  register: smtp_relay_host_ipv6

- name: Normalise the SMTP relay host IPv4 addresses variable
  ansible.builtin.set_fact:
    smtp_relay_host_ipv4: "{{ smtp_relay_host_ipv4.stdout_lines | reject('equalto', '') | list }}"
  when: "smtp_relay_host | length != 0"

- name: Normalise the SMTP relay host IPv6 addresses variable
  ansible.builtin.set_fact:
    smtp_relay_host_ipv6: "{{ smtp_relay_host_ipv6.stdout_lines | reject('equalto', '') | list }}"
  when: "smtp_relay_host | length != 0"

- name: Deploy firewall configuration for mail forwader
  ansible.builtin.template:
    src: "ferm_mail.conf.j2"
    dest: "/etc/ferm/conf.d/20-mail.conf"
    owner: root
    group: root
    mode: "0640"
  notify:
    - Restart ferm

- name: Install SWAKS
  ansible.builtin.apt:
    name: swaks
    state: present

- name: Explicitly run all handlers
  ansible.builtin.include_tasks: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.