From ae42cedb2c6f132f3dc83731761bacca54dab92b Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 6 Apr 2016 22:58:54 +0200 Subject: [PATCH] Cleanup mail role. --- roles/mail/files/{ => default}/spamassassin | 0 .../policyd-spf.conf | 0 roles/mail/handlers/main.yml | 2 - roles/mail/tasks/main.yml | 54 ++++++++++--------- 4 files changed, 28 insertions(+), 28 deletions(-) rename roles/mail/files/{ => default}/spamassassin (100%) rename roles/mail/files/{ => postfix-policyd-spf-python}/policyd-spf.conf (100%) diff --git a/roles/mail/files/spamassassin b/roles/mail/files/default/spamassassin similarity index 100% rename from roles/mail/files/spamassassin rename to roles/mail/files/default/spamassassin diff --git a/roles/mail/files/policyd-spf.conf b/roles/mail/files/postfix-policyd-spf-python/policyd-spf.conf similarity index 100% rename from roles/mail/files/policyd-spf.conf rename to roles/mail/files/postfix-policyd-spf-python/policyd-spf.conf diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml index 91660cf..a477169 100644 --- a/roles/mail/handlers/main.yml +++ b/roles/mail/handlers/main.yml @@ -19,8 +19,6 @@ command: postmap /etc/{{ item }} with_items: - postfix/helo_access - - postfix/ldap-aliases.cf - - postfix/ldap-virtual-maps.cf - postfix/recipient_access - postfix/transport - postfix/virtual-alias diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 5c256ff..87b0f1b 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -46,6 +46,14 @@ - dovecot/local.conf notify: Restart dovecot +- name: Ensure dovecot certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt + notify: Restart dovecot + +- name: Ensure correct dovecot certificate permissions + file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=root mode=0400 + notify: Restart dovecot + - name: Configure mailman template: src={{ item }}.j2 dest=/etc/{{ item }} with_items: @@ -60,10 +68,18 @@ file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link notify: Restart nginx +- name: Ensure mailman certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt + notify: Restart nginx + +- name: Ensure correct mailman certificate permissions + file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400 + notify: Restart nginx + - name: Configure policyd - copy: src={{ item }} dest=/etc/postfix-policyd-spf-python/{{ item }} + copy: src={{ item }} dest=/etc/{{ item }} with_items: - - policyd-spf.conf + - postfix-policyd-spf-python/policyd-spf.conf - name: Create postfix ssl directory file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix @@ -89,7 +105,7 @@ - name: Ensure postfix chroot has an LDAP CA directory file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory -- name: Ensure postfix chroot has the LDAP CA available +- name: Ensure postfix chroot has the LDAP CA file copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt - name: Ensure postfix certificates are available @@ -100,28 +116,6 @@ file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=root mode=0400 notify: Restart postfix -- name: Ensure dovecot certificates are available - command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt - notify: Restart dovecot - -- name: Ensure correct dovecot certificate permissions - file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=root mode=0400 - notify: Restart dovecot - -- name: Configure certificate manager - template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf - -- name: Ensure mailman certificates are available - command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt - notify: Restart nginx - -- name: Ensure correct mailman certificate permissions - file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400 - notify: Restart nginx - -- name: Configure certificate manager for mailman - template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf - - name: Create razor directory structure command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor become: yes @@ -145,7 +139,15 @@ cron: name=sa-update minute="0" hour="*/6" job="/usr/bin/sa-update -v --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org" - name: Enable spamd cron-job - copy: src=spamassassin dest=/etc/default/spamassassin + copy: src={{ item }} dest=/etc/{{ item }} + with_items: + - default/spamassassin + +- name: Configure certificate manager + template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf + +- name: Configure certificate manager for mailman + template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf - name: Start amavis service: name=amavis state=started enabled=yes