Change: smarthost-client role, backups for holywood2

4 files changed, 80 insertions, 0 deletions

diff --git a/ansible/roles/smarthost-client/handlers/main.yml b/ansible/roles/smarthost-client/handlers/main.yml
new file mode 100644
index 0000000..6cdc4d4
--- /dev/null
+++ b/ansible/roles/smarthost-client/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: restart postfix
+  service: name=postfix state=restarted
diff --git a/ansible/roles/smarthost-client/tasks/main.yml b/ansible/roles/smarthost-client/tasks/main.yml
new file mode 100644
index 0000000..899f736
--- /dev/null
+++ b/ansible/roles/smarthost-client/tasks/main.yml
@@ -0,0 +1,31 @@
+# A mail client needs to send mail. I prefer to send via a local MTA,
+# which routes things out via a smarthost.
+
+- name: install postfix
+  apt: name=postfix
+
+- name: configure postfix
+  template:
+    src: main.cf
+    dest: /etc/postfix/main.cf
+  notify: restart postfix
+
+- name: set mailname
+  copy:
+    content: "{{ mailname }}\n"
+    dest: /etc/mailname
+    owner: root
+    group: root
+    mode: 0644
+
+# Set up the smarthost relay credentials.
+
+- name: set smarthost relay credentials
+  template:
+    src: sasl_passwd
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+
+- name: postmap relay credentials
+  shell: |
+    postmap /etc/postfix/sasl_passwd
diff --git a/ansible/roles/smarthost-client/templates/main.cf b/ansible/roles/smarthost-client/templates/main.cf
new file mode 100644
index 0000000..2c026ad
--- /dev/null
+++ b/ansible/roles/smarthost-client/templates/main.cf
@@ -0,0 +1,46 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+myhostname = {{ mailname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = {{ mailname }}, {{ hostname }}, localhost.localdomain, localhost
+relayhost = {{ relayhost }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = 127.0.0.1
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_use_tls = yes
+smtp_tls_note_starttls_offer = yes
diff --git a/ansible/roles/smarthost-client/templates/sasl_passwd b/ansible/roles/smarthost-client/templates/sasl_passwd
new file mode 100644
index 0000000..da722f6
--- /dev/null
+++ b/ansible/roles/smarthost-client/templates/sasl_passwd
@@ -0,0 +1 @@
+{{ smarthost }} {{ smarthost_user }}:{{ smarthost_password }}