From 26456e2373945c8f961ab3060b68032d7e36e28c Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 4 Mar 2019 12:51:13 +0100
Subject: [PATCH] First postfix tests

---
 postfix.yml                                   | 17 +++++++++++
 roles/postfix-mailhost/handlers/main.yml      |  6 ++++
 roles/postfix-mailhost/tasks/main.yml         | 11 +++++++
 .../templates/postfix/main.cf.j2              | 29 ++++++++++++++++++
 roles/postfix-non-mailhost/handlers/main.yml  |  6 ++++
 roles/postfix-non-mailhost/tasks/main.yml     | 11 +++++++
 .../templates/postfix/main.cf.j2              | 30 +++++++++++++++++++
 7 files changed, 110 insertions(+)
 create mode 100644 postfix.yml
 create mode 100644 roles/postfix-mailhost/handlers/main.yml
 create mode 100644 roles/postfix-mailhost/tasks/main.yml
 create mode 100644 roles/postfix-mailhost/templates/postfix/main.cf.j2
 create mode 100644 roles/postfix-non-mailhost/handlers/main.yml
 create mode 100644 roles/postfix-non-mailhost/tasks/main.yml
 create mode 100644 roles/postfix-non-mailhost/templates/postfix/main.cf.j2

diff --git a/postfix.yml b/postfix.yml
new file mode 100644
index 0000000..6e6af8e
--- /dev/null
+++ b/postfix.yml
@@ -0,0 +1,17 @@
+---
+# All ovh servers should send mail throught proxy
+- hosts: ovh:!proxy.adm.auro.re
+  vars:
+    local_network: 10.128.0.0/16
+    relayhost: proxy.adm.auro.re
+    myorigin: auro.re
+  roles:
+    - postfix-non-mailhost
+
+# Proxy should send emails
+- hosts: proxy.adm.auro.re
+  vars:
+    local_network: 10.128.0.0/16
+    myorigin: auro.re
+  roles:
+    - postfix-mailhost
diff --git a/roles/postfix-mailhost/handlers/main.yml b/roles/postfix-mailhost/handlers/main.yml
new file mode 100644
index 0000000..9759909
--- /dev/null
+++ b/roles/postfix-mailhost/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+# Restart postfix when conf changes
+- name: Restart postfix service
+  service:
+    name: postfix
+    state: restarted
diff --git a/roles/postfix-mailhost/tasks/main.yml b/roles/postfix-mailhost/tasks/main.yml
new file mode 100644
index 0000000..c47d0b5
--- /dev/null
+++ b/roles/postfix-mailhost/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Install postfix
+  apt:
+    name: postfix
+    update_cache: true
+
+- name: Configure postfix
+  template:
+    src: postfix/main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: Restart postfix service
diff --git a/roles/postfix-mailhost/templates/postfix/main.cf.j2 b/roles/postfix-mailhost/templates/postfix/main.cf.j2
new file mode 100644
index 0000000..bbfa750
--- /dev/null
+++ b/roles/postfix-mailhost/templates/postfix/main.cf.j2
@@ -0,0 +1,29 @@
+# {{ ansible_managed }}
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+# Template based on /usr/share/postfix/main.cf.debian
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+# Send mail as user@{{ myorigin }}
+myorigin = {{ myorigin }}
+
+mydestination = $myhostname localhost.{{ myorigin }} localhost {{ myorigin }}
+
+# Specify the trusted networks
+mynetworks = 127.0.0.0/8 {{ local_network }}
+
+# This host does not relay mail from untrusted networks
+relay_domains =
diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml
new file mode 100644
index 0000000..9759909
--- /dev/null
+++ b/roles/postfix-non-mailhost/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+# Restart postfix when conf changes
+- name: Restart postfix service
+  service:
+    name: postfix
+    state: restarted
diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix-non-mailhost/tasks/main.yml
new file mode 100644
index 0000000..c47d0b5
--- /dev/null
+++ b/roles/postfix-non-mailhost/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Install postfix
+  apt:
+    name: postfix
+    update_cache: true
+
+- name: Configure postfix
+  template:
+    src: postfix/main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: Restart postfix service
diff --git a/roles/postfix-non-mailhost/templates/postfix/main.cf.j2 b/roles/postfix-non-mailhost/templates/postfix/main.cf.j2
new file mode 100644
index 0000000..b69ae91
--- /dev/null
+++ b/roles/postfix-non-mailhost/templates/postfix/main.cf.j2
@@ -0,0 +1,30 @@
+# {{ ansible_managed }}
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+# Template based on /usr/share/postfix/main.cf.debian
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+# Send mail as user@{{ myorigin }}
+myorigin = {{ myorigin }}
+
+# Specify the trusted networks
+mynetworks = 127.0.0.0/8 {{ local_network }}
+
+# This host does not relay mail from untrusted networks
+relay_domains =
+
+# This is needed if no direct Internet access is available
+relayhost = {{ relayhost }}