Compare commits
2 commits
f6ccbbf5eb
...
9b131e6cac
Author | SHA1 | Date | |
---|---|---|---|
9b131e6cac | |||
6c41934194 |
3 changed files with 40 additions and 32 deletions
|
@ -1,20 +1,20 @@
|
|||
---
|
||||
- name: Reload s6-rc
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: s6-rc
|
||||
state: reloaded
|
||||
|
||||
- name: Restart Postfix
|
||||
command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix
|
||||
ansible.builtin.command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix
|
||||
|
||||
- name: Restart Postfix log
|
||||
command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix-log
|
||||
ansible.builtin.command: s6-svc -wU -T 5000 -ru {{ s6_scan_dir }}/postfix-log
|
||||
|
||||
- name: Reload Postfix
|
||||
command: s6-svc -h {{ s6_scan_dir }}/postfix
|
||||
ansible.builtin.command: s6-svc -h {{ s6_scan_dir }}/postfix
|
||||
|
||||
- name: Rebuild Postfix maps
|
||||
command: 'postmap {{ item.type }}:{{ item.name }}'
|
||||
ansible.builtin.command: 'postmap {{ item.type }}:{{ item.name }}'
|
||||
args:
|
||||
chdir: /usr/local/etc/postfix
|
||||
when: item.type in postfix_rebuild_types
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
---
|
||||
- name: Install Postfix
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name: postfix
|
||||
state: present
|
||||
notify:
|
||||
- Restart Postfix
|
||||
|
||||
- name: Create /usr/local/etc/mail
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/etc/mail
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0755
|
||||
mode: '0755'
|
||||
|
||||
- name: Install Postfix mailer.conf
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
dest: /usr/local/etc/mail/mailer.conf
|
||||
src: /usr/local/share/postfix/mailer.conf.postfix
|
||||
remote_src: yes
|
||||
remote_src: true
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0644
|
||||
mode: '0644'
|
||||
|
||||
- name: Disable sendmail
|
||||
sysrc:
|
||||
|
@ -29,22 +29,22 @@
|
|||
value: NONE
|
||||
|
||||
- name: Make sure sendmail is stopped
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: sendmail
|
||||
state: stopped
|
||||
|
||||
- name: Disable sendmail periodic tasks
|
||||
lineinfile:
|
||||
- ansible.core.name: Disable sendmail periodic tasks
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/periodic.conf
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0444
|
||||
mode: '0444'
|
||||
regexp: '^{{ item }}='
|
||||
line: '{{ item }}="NO"'
|
||||
with_items: '{{ sendmail_periodic }}'
|
||||
|
||||
- name: Add /var/log/postfix to fstab
|
||||
mount:
|
||||
ansible.builtin.mount:
|
||||
path: /var/log/postfix
|
||||
src: tmpfs
|
||||
fstype: tmpfs
|
||||
|
@ -52,19 +52,19 @@
|
|||
state: mounted
|
||||
|
||||
- name: Create Postfix service directories
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '{{ s6_etc_dir }}/service/{{ item }}'
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0755
|
||||
mode: '0755'
|
||||
with_items: '{{ postfix_service_dirs }}'
|
||||
|
||||
- name: Generate Postfix service scripts
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
dest: '{{ s6_etc_dir }}/service/{{ item }}'
|
||||
src: '{{ item }}.j2'
|
||||
mode: 0555
|
||||
mode: '0555'
|
||||
owner: root
|
||||
group: wheel
|
||||
with_items: '{{ postfix_service_scripts }}'
|
||||
|
@ -73,24 +73,24 @@
|
|||
- Restart Postfix
|
||||
|
||||
- name: Generate Postfix service configuration
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
|
||||
content: '{{ item.content }}'
|
||||
mode: 0444
|
||||
mode: '0444'
|
||||
owner: root
|
||||
group: wheel
|
||||
loop_control:
|
||||
label: '{{ item.name }} = {{ item.content }}'
|
||||
label: '{{ item.name }} = {{ item.content }}'
|
||||
notify:
|
||||
- Reload s6-rc
|
||||
- Restart Postfix
|
||||
with_items: '{{ postfix_service_config }}'
|
||||
|
||||
- name: Generate Postfix maps
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
dest: '/usr/local/etc/postfix/{{ item.name }}'
|
||||
src: '{{ item.name }}.j2'
|
||||
mode: 0444
|
||||
mode: '0444'
|
||||
owner: root
|
||||
group: wheel
|
||||
with_items: '{{ postfix_maps }}'
|
||||
|
@ -99,7 +99,7 @@
|
|||
- Reload Postfix
|
||||
|
||||
- name: Configure Postfix
|
||||
postconf:
|
||||
ansible.corepostconf:
|
||||
name: '{{ item.name }}'
|
||||
value: '{{ item.value | default(omit) }}'
|
||||
state: '{{ item.state | default(omit) }}'
|
||||
|
@ -108,7 +108,7 @@
|
|||
- Reload Postfix
|
||||
|
||||
- name: Configure Postfix services
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /usr/local/etc/postfix/master.cf
|
||||
regexp: '^{{ item.name }} +{{ item.type }}'
|
||||
value: '{{ item.value }}'
|
||||
|
@ -126,15 +126,15 @@
|
|||
- Restart Postfix
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Start Postfix
|
||||
command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change postfix
|
||||
ansible.builtin.command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 change postfix
|
||||
register: change
|
||||
changed_when: change.stdout | length > 0
|
||||
|
||||
- name: Enable Postfix
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: '{{ s6_etc_dir }}/service/enabled/contents'
|
||||
regexp: "^postfix$"
|
||||
line: "postfix"
|
||||
|
@ -142,4 +142,4 @@
|
|||
- Reload s6-rc
|
||||
|
||||
- name: Flush handlers (again)
|
||||
meta: flush_handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
|
|
@ -353,6 +353,14 @@ postfix_config:
|
|||
value: 'aNULL'
|
||||
state: present
|
||||
|
||||
- name: smtpd_tls_mandatory_protocols
|
||||
value: 'TLSv1.2 TLSv1.3'
|
||||
state: present
|
||||
|
||||
- name: smtpd_tls_protocols
|
||||
value: 'TLSv1.2 TLSv1.3'
|
||||
state: present
|
||||
|
||||
- name: smtpd_tls_received_header
|
||||
value: 'yes'
|
||||
state: present
|
||||
|
@ -370,7 +378,7 @@ postfix_config:
|
|||
state: present
|
||||
|
||||
- name: tls_high_cipherlist
|
||||
value: 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
|
||||
value: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
|
||||
state: present
|
||||
|
||||
- name: tls_ssl_options
|
||||
|
|
Loading…
Reference in a new issue