1
0
forked from infra/ansible
infra/roles/mail/tasks/main.yml

170 lines
5.5 KiB
YAML
Raw Normal View History

---
- name: Install packages
apt: name={{ item }} state=present
with_items:
2016-02-01 20:52:34 +01:00
- amavisd-new
- bsd-mailx
- dovecot-core
2016-02-01 20:52:34 +01:00
- dovecot-imapd
- dovecot-ldap
- dovecot-managesieved
- dovecot-sieve
2016-02-29 21:29:44 +01:00
- fcgiwrap
2016-02-25 08:01:03 +01:00
- mailman
- postfix
- postfix-ldap
- postfix-policyd-spf-python
- postgrey
- pyzor
- razor
- spamassassin
- name: Create vmail group
group: name=vmail gid=500 state=present
- name: Create vmail user
user: name=vmail group=vmail uid=500 createhome=yes home=/var/vmail shell=/bin/false state=present
- name: Configure amavis
template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items:
2016-04-06 19:32:14 +02:00
- amavis/conf.d/15-content_filter_mode
- amavis/conf.d/50-user
notify: Restart amavis
- name: Create dovecot ssl directory
file: path=/etc/dovecot/ssl state=directory mode=0750 owner=dovecot group=dovecot
- name: Create dovecot log directory
2016-02-23 14:56:18 +01:00
file: path=/var/log/dovecot state=directory mode=0750 owner=vmail group=vmail
- name: Configure dovecot
template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items:
- dovecot/dovecot-ldap.conf.ext
- dovecot/local.conf
notify: Restart dovecot
2016-04-06 22:58:54 +02:00
- name: Ensure dovecot certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt
notify: Restart dovecot
- name: Ensure correct dovecot certificate permissions
file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=dovecot mode=0400
2016-04-06 22:58:54 +02:00
notify: Restart dovecot
2016-02-29 21:05:21 +01:00
- name: Configure mailman
template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items:
- mailman/mm_cfg.py
notify: Restart postfix
2016-02-29 21:05:21 +01:00
2016-02-29 21:29:44 +01:00
- name: Configure mailman vhost
2016-02-29 21:55:12 +01:00
template: src=nginx/vhost.j2 dest=/etc/nginx/sites-available/mailman
2016-02-29 21:29:44 +01:00
notify: Restart nginx
- name: Enable mailman vhost
file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link
notify: Restart nginx
2016-04-06 22:58:54 +02:00
- name: Ensure mailman certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt
notify: Restart nginx
- name: Ensure correct mailman certificate permissions
file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400
notify: Restart nginx
- name: Configure policyd
2016-04-06 22:58:54 +02:00
copy: src={{ item }} dest=/etc/{{ item }}
with_items:
2016-04-06 22:58:54 +02:00
- postfix-policyd-spf-python/policyd-spf.conf
- name: Create postfix ssl directory
file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix
- name: Configure postfix
template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items:
- postfix/main.cf
- postfix/master.cf
notify: Restart postfix
- name: Configure postfix maps
template: src={{ item }}.j2 dest=/etc/{{ item }}
2016-02-01 20:52:34 +01:00
with_items:
- postfix/helo_access
- postfix/ldap-aliases.cf
- postfix/ldap-virtual-maps.cf
- postfix/recipient_access
2016-02-29 20:50:14 +01:00
- postfix/transport
- postfix/virtual-alias
notify: Run postmap
- name: Ensure postfix chroot has an LDAP CA directory
file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory
2016-04-06 22:58:54 +02:00
- name: Ensure postfix chroot has the LDAP CA file
copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt
2016-04-01 08:10:00 +02:00
- name: Ensure postfix certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt
notify: Restart postfix
- name: Ensure correct postfix certificate permissions
file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=postfix mode=0400
2016-04-01 08:10:00 +02:00
notify: Restart postfix
- name: Create razor directory structure
command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor
become: yes
become_user: amavis
- name: Register razor
command: razor-admin -register chdir=/var/lib/amavis creates=/var/lib/amavis/.razor/identity
become: yes
become_user: amavis
2016-04-06 19:04:45 +02:00
2016-04-06 19:30:16 +02:00
- name: Download GPG key for Sought ruleset
2016-04-06 23:47:14 +02:00
get_url: url=http://yerp.org/rules/GPG.KEY dest=/etc/spamassassin/sought.key
2016-04-06 19:30:16 +02:00
- name: Import GPG key for Sought ruleset
2016-04-06 23:47:14 +02:00
become: yes
2016-04-06 19:30:16 +02:00
become_user: debian-spamd
2016-04-06 23:47:14 +02:00
shell: sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys --import /etc/spamassassin/sought.key && touch sought.imported chdir=/var/lib/spamassassin creates=sought.imported
2016-04-06 19:30:16 +02:00
- name: Enable sa-update cron-job
2016-04-06 23:47:14 +02:00
cron: name=sa-update minute="0" hour="*/6" job="/usr/bin/sa-update -v --gpghomedir /var/lib/spamassassin/sa-update-keys --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org"
2016-04-06 19:30:16 +02:00
- name: Enable spamd cron-job
2016-04-06 22:58:54 +02:00
copy: src={{ item }} dest=/etc/{{ item }}
with_items:
- default/spamassassin
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acme/domains.d/{{ mail_server }}_mail.conf
2016-04-06 22:58:54 +02:00
- name: Configure certificate manager for mailman
template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf
2016-02-01 20:52:34 +01:00
- name: Start amavis
service: name=amavis state=started enabled=yes
tags: mail
- name: Start dovecot
service: name=dovecot state=started enabled=yes
2016-02-01 20:52:34 +01:00
tags: mail
2016-02-29 21:29:44 +01:00
- name: Start fcgiwrap
service: name=fcgiwrap state=started enabled=yes
tags: mail
- name: Start postfix
service: name=postfix state=started enabled=yes
2016-02-01 20:52:34 +01:00
tags: mail
- name: Start postgrey
service: name=postgrey state=started enabled=yes
tags: mail