diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-07-09 09:57:29 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-07-09 09:57:29 +0300 |
commit | c7912e21bbf298d6d8095ef802aab4482c97bf07 (patch) | |
tree | 1fa684b93edfa78d71ad27fbb1fd16cb2cfa586a /ansible/roles/smarthost-client | |
parent | 3971955a5e132e67d5476085eb7a32d45fece8bb (diff) | |
download | ansibleness-c7912e21bbf298d6d8095ef802aab4482c97bf07.tar.gz |
Change: smarthost-client role, backups for holywood2
Diffstat (limited to 'ansible/roles/smarthost-client')
-rw-r--r-- | ansible/roles/smarthost-client/handlers/main.yml | 2 | ||||
-rw-r--r-- | ansible/roles/smarthost-client/tasks/main.yml | 31 | ||||
-rw-r--r-- | ansible/roles/smarthost-client/templates/main.cf | 46 | ||||
-rw-r--r-- | ansible/roles/smarthost-client/templates/sasl_passwd | 1 |
4 files changed, 80 insertions, 0 deletions
diff --git a/ansible/roles/smarthost-client/handlers/main.yml b/ansible/roles/smarthost-client/handlers/main.yml new file mode 100644 index 0000000..6cdc4d4 --- /dev/null +++ b/ansible/roles/smarthost-client/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart postfix + service: name=postfix state=restarted diff --git a/ansible/roles/smarthost-client/tasks/main.yml b/ansible/roles/smarthost-client/tasks/main.yml new file mode 100644 index 0000000..899f736 --- /dev/null +++ b/ansible/roles/smarthost-client/tasks/main.yml @@ -0,0 +1,31 @@ +# A mail client needs to send mail. I prefer to send via a local MTA, +# which routes things out via a smarthost. + +- name: install postfix + apt: name=postfix + +- name: configure postfix + template: + src: main.cf + dest: /etc/postfix/main.cf + notify: restart postfix + +- name: set mailname + copy: + content: "{{ mailname }}\n" + dest: /etc/mailname + owner: root + group: root + mode: 0644 + +# Set up the smarthost relay credentials. + +- name: set smarthost relay credentials + template: + src: sasl_passwd + dest: /etc/postfix/sasl_passwd + mode: 0600 + +- name: postmap relay credentials + shell: | + postmap /etc/postfix/sasl_passwd diff --git a/ansible/roles/smarthost-client/templates/main.cf b/ansible/roles/smarthost-client/templates/main.cf new file mode 100644 index 0000000..2c026ad --- /dev/null +++ b/ansible/roles/smarthost-client/templates/main.cf @@ -0,0 +1,46 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myhostname = {{ mailname }} +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +myorigin = /etc/mailname +mydestination = {{ mailname }}, {{ hostname }}, localhost.localdomain, localhost +relayhost = {{ relayhost }} +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_command = procmail -a "$EXTENSION" +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = 127.0.0.1 +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +smtp_sasl_security_options = noanonymous +smtp_use_tls = yes +smtp_tls_note_starttls_offer = yes diff --git a/ansible/roles/smarthost-client/templates/sasl_passwd b/ansible/roles/smarthost-client/templates/sasl_passwd new file mode 100644 index 0000000..da722f6 --- /dev/null +++ b/ansible/roles/smarthost-client/templates/sasl_passwd @@ -0,0 +1 @@ +{{ smarthost }} {{ smarthost_user }}:{{ smarthost_password }} |