forked from infra/ansible
208 lines
6.3 KiB
YAML
208 lines
6.3 KiB
YAML
---
|
|
|
|
- name: add rspamd apt key
|
|
apt_key: url="https://rspamd.com/apt-stable/gpg.key"
|
|
|
|
- name: add rspamd repository
|
|
apt_repository: repo="deb http://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
|
|
|
|
- name: Install packages
|
|
apt: name={{ item }}
|
|
loop:
|
|
- bsd-mailx
|
|
- dovecot-core
|
|
- dovecot-imapd
|
|
- dovecot-lmtpd
|
|
- dovecot-ldap
|
|
- dovecot-managesieved
|
|
- dovecot-sieve
|
|
- fcgiwrap
|
|
- mailman
|
|
- mailman3-full
|
|
- python-psycopg2
|
|
- python3-psycopg2
|
|
- postgresql
|
|
- postfix
|
|
- redis-server
|
|
- redis-tools
|
|
- rspamd
|
|
- postsrsd
|
|
|
|
- name: Create vmail group
|
|
group: name=vmail gid=500 state=present
|
|
|
|
- name: Create vmail user
|
|
user: name=vmail group=vmail uid=500 createhome=yes home=/var/vmail shell=/bin/false state=present
|
|
|
|
- name: Create dovecot ssl directory
|
|
file: path=/etc/dovecot/ssl state=directory mode=0750 owner=dovecot group=dovecot
|
|
|
|
- name: Create dovecot log directory
|
|
file: path=/var/log/dovecot state=directory mode=0750 owner=vmail group=vmail
|
|
|
|
- name: Create vmail sieve directory
|
|
file: path=/var/vmail/.sieve state=directory mode=0750 owner=vmail group=vmail
|
|
|
|
- name: Create vmail sieve-bin directory
|
|
file: path=/var/vmail/.sieve/bin state=directory mode=0750 owner=vmail group=vmail
|
|
|
|
- name: Configure redis
|
|
copy: src=redis.conf dest=/etc/redis/redis.conf
|
|
notify: Restart redis
|
|
|
|
- name: Copy static rspamd config
|
|
copy: src={{ item }} dest=/etc/rspamd/local.d/
|
|
notify: Restart rspamd
|
|
with_fileglob: "rspamd/local.d/*"
|
|
|
|
- name: Render rspamd config templates
|
|
template: src=rspamd/local.d/{{ item }}.j2 dest=/etc/rspamd/local.d/{{ item }}
|
|
notify: Restart rspamd
|
|
loop:
|
|
- options.inc
|
|
- settings.conf
|
|
- arc.conf
|
|
- dkim_signing.conf
|
|
|
|
- name: Copy spam learn/unlearn sieve and shell scripts
|
|
copy: src=dovecot/{{ item }} dest=/var/vmail/.sieve/{{ item }}
|
|
loop:
|
|
- bin/learn-spam.sh
|
|
- bin/learn-ham.sh
|
|
- move-spam.sieve
|
|
- report-spam.sieve
|
|
- report-ham.sieve
|
|
|
|
- name: Configure dovecot
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- dovecot/dovecot-ldap.conf.ext
|
|
- dovecot/dovecot-ldap.conf.lmtp
|
|
- dovecot/local.conf
|
|
notify: Restart dovecot
|
|
|
|
- name: Compile sieve scripts
|
|
shell: sievec /var/vmail/.sieve/{{ item|basename }}
|
|
loop:
|
|
- move-spam.sieve
|
|
- report-spam.sieve
|
|
- report-ham.sieve
|
|
|
|
- name: Ensure learn scripts are executable
|
|
file: mode=0750 path=/var/vmail/.sieve/bin/{{ item }}
|
|
loop:
|
|
- learn-spam.sh
|
|
- learn-ham.sh
|
|
|
|
- name: Configure logrotate for dovecot
|
|
copy: src=logrotate.d/dovecot dest=/etc/logrotate.d/dovecot
|
|
|
|
- name: Ensure dovecot certificates are available
|
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt
|
|
notify: Restart dovecot
|
|
|
|
- name: Ensure correct dovecot certificate permissions
|
|
file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=dovecot mode=0400
|
|
notify: Restart dovecot
|
|
|
|
- name: Configure mailman
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- mailman/mm_cfg.py
|
|
notify: Restart postfix
|
|
|
|
- name: Configure mailman vhost
|
|
template: src=nginx/vhost.j2 dest=/etc/nginx/sites-available/mailman
|
|
notify: Restart nginx
|
|
|
|
- name: Enable mailman vhost
|
|
file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link
|
|
notify: Restart nginx
|
|
|
|
- name: Ensure mailman certificates are available
|
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt
|
|
notify: Restart nginx
|
|
|
|
- name: Ensure correct mailman certificate permissions
|
|
file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400
|
|
notify: Restart nginx
|
|
|
|
- name: Configure PostgreSQL database
|
|
postgresql_db: name={{ mailman3_dbname }}
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure PostgreSQL user
|
|
postgresql_user: db={{ mailman3_dbname }} name={{ mailman3_dbuser }} password={{ mailman3_dbpass }} priv=ALL state=present
|
|
become: true
|
|
become_user: postgres
|
|
|
|
- name: Configure mailman3
|
|
template: src=mailman/mailman.cfg.j2 dest=/etc/mailman3/mailman.cfg
|
|
notify: Restart mailman3
|
|
|
|
- name: Create postfix ssl directory
|
|
file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix
|
|
|
|
- name: Configure postfix
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- postfix/main.cf
|
|
- postfix/master.cf
|
|
notify: Restart postfix
|
|
|
|
- name: Configure postsrsd
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- default/postsrsd
|
|
- postsrsd.secret
|
|
notify: Restart postsrsd
|
|
|
|
- name: Configure postfix maps
|
|
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
|
loop:
|
|
- postfix/helo_access
|
|
- postfix/transport
|
|
- postfix/virtual-alias
|
|
notify: Run postmap
|
|
|
|
- name: Ensure postfix chroot has an up2date ca-certificates.crt file
|
|
copy: remote_src=yes src=/etc/ssl/certs/ca-certificates.crt dest=/var/spool/postfix/etc/ssl/certs/ca-certificates.crt
|
|
|
|
- name: Ensure postfix certificates are available
|
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/postfix/ssl/{{ mail_server }}.key -out /etc/postfix/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/postfix/ssl/{{ mail_server }}.crt
|
|
notify: Restart postfix
|
|
|
|
- name: Ensure correct postfix certificate permissions
|
|
file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=postfix mode=0400
|
|
notify: Restart postfix
|
|
|
|
- name: Configure certificate manager
|
|
template: src=certs.j2 dest=/etc/acertmgr/{{ mail_server }}_mail.conf
|
|
notify: Run acertmgr
|
|
|
|
- name: Configure certificate manager for mailman
|
|
template: src=mailman/certs.j2 dest=/etc/acertmgr/{{ mailman_domain }}_mailman.conf
|
|
notify: Run acertmgr
|
|
|
|
- name: Start dovecot
|
|
service: name=dovecot state=started enabled=yes
|
|
|
|
- name: Start fcgiwrap
|
|
service: name=fcgiwrap state=started enabled=yes
|
|
|
|
- name: Start postfix
|
|
service: name=postfix state=started enabled=yes
|
|
|
|
- name: Start postsrsd
|
|
service: name=postfix state=started enabled=yes
|
|
|
|
- name: Start redis
|
|
service: name=redis-server state=started enabled=yes
|
|
|
|
- name: Start rspamd
|
|
service: name=rspamd state=started enabled=yes
|
|
|
|
- name: Start mailman3
|
|
service: name=mailman3 state=started enabled=yes
|