[defaults]
inventory = hosts
stdout_callback = debug
+hash_behaviour = merge
[diff]
always = True
--- /dev/null
+- name: install journalwatch dependencies
+ apt: name=python3-systemd state=latest
+- name: install journalwatch
+ git:
+ dest: /root/journalwatch
+ repo: 'https://github.com/The-Compiler/journalwatch.git'
+ version: b62f223bc36eabc193cfcf0d309d284da4f66463
+- name: create journalwatch config dir
+ file: path=/root/.config/journalwatch state=directory
+- name: install journalwatch config files
+ template:
+ src: templates/{{item}}
+ dest: /root/.config/journalwatch/{{item}}
+ loop:
+ - config
+ - patterns
+- name: delete old journalwatch crontab entry
+ file: path=/etc/cron.d/journalwatch state=absent
+- name: create journalwatch crontab entry
+ cron:
+ name: "journalwatch"
+ minute: "*/10"
+ job: "/root/journalwatch/journalwatch.py mail"
-- name: install journalwatch dependencies
- apt: name=python3-systemd state=latest
-- name: install journalwatch
- git:
- dest: /root/journalwatch
- repo: 'https://github.com/The-Compiler/journalwatch.git'
- version: b62f223bc36eabc193cfcf0d309d284da4f66463
-- name: create journalwatch config dir
- file: path=/root/.config/journalwatch state=directory
-- name: install journalwatch config files
- template:
- src: templates/{{item}}
- dest: /root/.config/journalwatch/{{item}}
- with_items:
- - config
- - patterns
-- name: delete old journalwatch crontab entry
- file: path=/etc/cron.d/journalwatch state=absent
-- name: create journalwatch crontab entry
- cron:
- name: "journalwatch"
- minute: "*/10"
- job: "/root/journalwatch/journalwatch.py mail"
+- import_tasks: journalwatch.yml
+ tags: journalwatch
--- /dev/null
+postfix:
+ paths:
+ dh2048: /etc/ssl/dh2048.pem
--- /dev/null
+- name: opendkim
+ service: name=opendkim state=restarted enabled=yes
+- name: postfix
+ service: name=postfix state=restarted enabled=yes
-- name: install postfix
- apt: name=postfix,bsd-mailx state=latest
-- name: install postfix-mysql
- apt: name=postfix-mysql state=latest
- when: postfix.vmail_mysql_password is defined
-- name: install postfix config
- register: postfix_config
- template:
- dest: /etc/postfix/{{ item }}
- src: templates/{{ item }}
- with_items:
- - main.cf
- - master.cf
-- name: install postfix mysql config
- register: postfix_mysql
- template:
- dest: /etc/postfix/{{ item }}
- src: templates/{{ item }}
- mode: u=rw,g=r,o=
- group: postfix
- with_items:
- - mysql_vmail_aliases.cf
- - mysql_vmail_senders.cf
- - mysql_vmail_users.cf
- when: postfix.vmail_mysql_password is defined
-- name: create empty maps
- copy:
- dest: /etc/postfix/{{ item }}
- content: ""
- force: no
- with_items:
- - virtual_alias_map
- - transport_map
- when: postfix.virtual_mailbox_domains is defined
-- name: reload postfix
- service: name=postfix state=restarted enabled=yes
- when: postfix_config.changed or postfix_mysql.changed
-- name: delete old local-mail cronjob
- file: path=/etc/cron.daily/local-mail state=absent
-- name: install check-for-local-mail cronjob
- copy:
- dest: /etc/cron.daily/check-for-local-mail
- src: files/check-for-local-mail
- mode: u=rwx,g=rx,o=rx
+# base
+- name: create dh2048 file
+ command: openssl dhparam -out {{ postfix.paths.dh2048 }} 2048
+ args:
+ creates: "{{ postfix.paths.dh2048 }}"
+# daemons
+- import_tasks: opendkim.yml
+ tags: opendkim
+ when: postfix.opendkim is defined
+- import_tasks: postfix.yml
+ tags: postfix
--- /dev/null
+- name: install opendkim
+ apt: name=opendkim,opendkim-tools state=latest
+- name: enable opendkim
+ service: name=opendkim enabled=yes
+# env
+- name: install opendkim env
+ register: opendkim_env
+ template:
+ dest: /etc/default/opendkim
+ src: templates/opendkim.env
+- name: regenerate opendkim service
+ shell: /lib/opendkim/opendkim.service.generate && systemctl daemon-reload
+ when: opendkim_env.changed
+ notify: opendkim
+# tables
+- name: generate opendkim keys
+ shell: mkdir /etc/opendkim/{{ item }}/ && opendkim-genkey --bits=2048 -s mail -d {{ item }} -D /etc/opendkim/{{ item }}/
+ args:
+ creates: /etc/opendkim/{{ item }}/mail.private
+ warn: False
+ loop: "{{ postfix.opendkim.private_keys }}"
+- name: generate opendkim tables
+ template:
+ dest: /etc/opendkim/{{ item }}
+ src: templates/{{ item }}
+ loop:
+ - KeyTable
+ - SigningTable
+ notify: opendkim
+# config
+- name: install opendkim config
+ template:
+ dest: /etc/opendkim.conf
+ src: templates/opendkim.conf
+ notify: opendkim
--- /dev/null
+- name: install postfix
+ apt: name=postfix,bsd-mailx state=latest
+- name: install postfix-mysql
+ apt: name=postfix-mysql state=latest
+ when: postfix.vmail_mysql_password is defined
+- name: enable postfix
+ service: name=postfix enabled=yes
+# config
+- name: install postfix config
+ template:
+ dest: /etc/postfix/{{ item }}
+ src: templates/{{ item }}
+ loop:
+ - main.cf
+ - master.cf
+ notify: postfix
+- name: install postfix mysql config
+ template:
+ dest: /etc/postfix/{{ item }}
+ src: templates/{{ item }}
+ mode: u=rw,g=r,o=
+ group: postfix
+ loop:
+ - mysql_vmail_aliases.cf
+ - mysql_vmail_senders.cf
+ - mysql_vmail_users.cf
+ notify: postfix
+ when: postfix.vmail_mysql_password is defined
+- name: create empty maps
+ copy:
+ dest: /etc/postfix/{{ item }}
+ content: ""
+ force: no
+ loop:
+ - virtual_alias_map
+ - transport_map
+ when: postfix.virtual_mailbox_domains is defined
+# cronjob
+- name: delete old local-mail cronjob
+ file: path=/etc/cron.daily/local-mail state=absent
+- name: install check-for-local-mail cronjob
+ copy:
+ dest: /etc/cron.daily/check-for-local-mail
+ src: files/check-for-local-mail
+ mode: u=rwx,g=rx,o=rx
--- /dev/null
+{% for item in postfix.opendkim.private_keys %}
+{{ item }} {{ item }}:mail:/etc/opendkim/{{ item }}/mail.private
+{% endfor %}
--- /dev/null
+{% for item in postfix.opendkim.signing_table.items() %}
+{{ item[0] }} {{ item[1] }}
+{% endfor %}
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
-smtpd_tls_dh1024_param_file = /etc/ssl/dh2048.pem
+smtpd_tls_dh1024_param_file = {{ postfix.paths.dh2048 }}
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_ciphers = low
smtpd_tls_mandatory_ciphers = high
mailman_destination_recipient_limit = 1
{% endif %}
-{% if postfix.opendkim | default(False) %}
+{% if postfix.opendkim is defined %}
# DKIM & Milter
milter_default_action = accept
+# Path must match opendkim.env
smtpd_milters = unix:opendkim/sock
non_smtpd_milters = $smtpd_milters
{% endif %}
--- /dev/null
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog yes
+
+# Access control
+UMask 007
+UserID opendkim
+
+# domains and keys are in table files
+KeyTable /etc/opendkim/KeyTable
+SigningTable /etc/opendkim/SigningTable
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization simple
+#Mode sv
+#SubDomains no
+#ADSPAction continue
+
+# use both Sender and From to check for which domain to sign
+SenderHeaders Sender,From
+
+# Always oversign From (sign using actual From and a null From) to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier. From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders From
--- /dev/null
+# Command-line options specified here will override the contents of
+# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
+#DAEMON_OPTS=""
+
+RUNDIR=/var/spool/postfix/opendkim
+
+# Path must match main.cf
+SOCKET=local:$RUNDIR/sock
+
+USER=opendkim
+GROUP=opendkim
+PIDFILE=$RUNDIR/$NAME.pid
+EXTRAAFTER=
projects / ansible.git / commitdiff