tom/ansible
1
0
Fork 0
forked from infra/ansible
Code Issues Pull Requests Projects Releases Wiki Activity

Cleanup mail role.

Browse Source
This commit is contained in:
Markus 2016-04-06 22:58:54 +02:00
parent 2319827c79
commit ae42cedb2c
4 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
roles/mail/files/spamassassin → roles/mail/files/default/spamassassin
View File

0
roles/mail/files/policyd-spf.conf → roles/mail/files/postfix-policyd-spf-python/policyd-spf.conf
View File

2
roles/mail/handlers/main.yml
View File

@ -19,8 +19,6 @@
command: postmap /etc/{{ item }} command: postmap /etc/{{ item }}
with_items: with_items:
- postfix/helo_access - postfix/helo_access
- postfix/ldap-aliases.cf
- postfix/ldap-virtual-maps.cf
- postfix/recipient_access - postfix/recipient_access
- postfix/transport - postfix/transport
- postfix/virtual-alias - postfix/virtual-alias

54
roles/mail/tasks/main.yml
View File

@ -46,6 +46,14 @@
- dovecot/local.conf - dovecot/local.conf
notify: Restart dovecot notify: Restart dovecot
- name: Ensure dovecot certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt
notify: Restart dovecot
- name: Ensure correct dovecot certificate permissions
file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=root mode=0400
notify: Restart dovecot
- name: Configure mailman - name: Configure mailman
template: src={{ item }}.j2 dest=/etc/{{ item }} template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items: with_items:
@ -60,10 +68,18 @@
file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link file: src=/etc/nginx/sites-available/mailman dest=/etc/nginx/sites-enabled/mailman state=link
notify: Restart nginx notify: Restart nginx
- name: Ensure mailman certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt
notify: Restart nginx
- name: Ensure correct mailman certificate permissions
file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400
notify: Restart nginx
- name: Configure policyd - name: Configure policyd
copy: src={{ item }} dest=/etc/postfix-policyd-spf-python/{{ item }} copy: src={{ item }} dest=/etc/{{ item }}
with_items: with_items:
- policyd-spf.conf - postfix-policyd-spf-python/policyd-spf.conf
- name: Create postfix ssl directory - name: Create postfix ssl directory
file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix
@ -89,7 +105,7 @@
- name: Ensure postfix chroot has an LDAP CA directory - name: Ensure postfix chroot has an LDAP CA directory
file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory file: path=/var/spool/postfix/etc/ldap/ssl/ state=directory
- name: Ensure postfix chroot has the LDAP CA available - name: Ensure postfix chroot has the LDAP CA file
copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt copy: remote_src=yes src=/etc/ldap/ssl/BKCA.crt dest=/var/spool/postfix/etc/ldap/ssl/BKCA.crt
- name: Ensure postfix certificates are available - name: Ensure postfix certificates are available
@ -100,28 +116,6 @@
file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=root mode=0400 file: path=/etc/postfix/ssl/{{ mail_server }}.key owner=root mode=0400
notify: Restart postfix notify: Restart postfix
- name: Ensure dovecot certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/dovecot/ssl/{{ mail_server }}.key -out /etc/dovecot/ssl/{{ mail_server }}.crt -days 730 -subj "/CN={{ mail_server }}" creates=/etc/dovecot/ssl/{{ mail_server }}.crt
notify: Restart dovecot
- name: Ensure correct dovecot certificate permissions
file: path=/etc/dovecot/ssl/{{ mail_server }}.key owner=root mode=0400
notify: Restart dovecot
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf
- name: Ensure mailman certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ mailman_domain }}.key -out /etc/nginx/ssl/{{ mailman_domain }}.crt -days 730 -subj "/CN={{ mailman_domain }}" creates=/etc/nginx/ssl/{{ mailman_domain }}.crt
notify: Restart nginx
- name: Ensure correct mailman certificate permissions
file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400
notify: Restart nginx
- name: Configure certificate manager for mailman
template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf
- name: Create razor directory structure - name: Create razor directory structure
command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor command: razor-admin -create chdir=/var/lib/amavis creates=/var/lib/amavis/.razor
become: yes become: yes
@ -145,7 +139,15 @@
cron: name=sa-update minute="0" hour="*/6" job="/usr/bin/sa-update -v --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org" cron: name=sa-update minute="0" hour="*/6" job="/usr/bin/sa-update -v --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org"
- name: Enable spamd cron-job - name: Enable spamd cron-job
copy: src=spamassassin dest=/etc/default/spamassassin copy: src={{ item }} dest=/etc/{{ item }}
with_items:
- default/spamassassin
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acme/domains.d/{{ ansible_fqdn }}_mail.conf
- name: Configure certificate manager for mailman
template: src=mailman/certs.j2 dest=/etc/acme/domains.d/{{ mailman_domain }}_mailman.conf
- name: Start amavis - name: Start amavis
service: name=amavis state=started enabled=yes service: name=amavis state=started enabled=yes