From e151c1c3fdcca2dd316caa4878ec7049dd644496 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 01:52:28 +0100 Subject: [PATCH 1/9] add postfix non mailhost playbook --- deploy_postfix_non_mailhost.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deploy_postfix_non_mailhost.yml diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml new file mode 100644 index 0000000..207e37d --- /dev/null +++ b/deploy_postfix_non_mailhost.yml @@ -0,0 +1,9 @@ +--- +# Deploy a correclty configured postfix on non mailhost servers +- hosts: all,!unifi + vars: + local_network: 10.128.0.0/16 + relay_host: proxy.adm.auro.re + myorigin: auro.re + roles: + - postfix-non-mailhost From a9b03aed82f5e9623d2708fa45b79c5c1f1df505 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:02:15 +0100 Subject: [PATCH 2/9] Add postfix non mailhost handlers --- roles/postfix-non-mailhost/handlers/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 roles/postfix-non-mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml new file mode 100644 index 0000000..9538e6d --- /dev/null +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart postfix + service: + name: postfix + state: restarted + +- name: Reload postfix + service: + name: postfix + state: reloaded From f08b11445dafde6f8a22bd099c5f7a417baf6668 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:15:52 +0100 Subject: [PATCH 3/9] Add postfix non mailhost task --- roles/postfix-non-mailhost/tasks/main.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 roles/postfix-non-mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix-non-mailhost/tasks/main.yml new file mode 100644 index 0000000..12a3805 --- /dev/null +++ b/roles/postfix-non-mailhost/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Install postfix + apt: + name: postfix + update_cache: true + register: result + retries: 3 + until: result is succeeded + +- name: Configure postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: restart postfix From 1ca75ccfb0c53fa91038852b01acb0cb4cc4efa0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:22:41 +0100 Subject: [PATCH 4/9] Add postfix non mailhost conf --- .../postfix-non-mailhost/templates/main.cf.j2 | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 roles/postfix-non-mailhost/templates/main.cf.j2 diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 new file mode 100644 index 0000000..57d106e --- /dev/null +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a commented, more complete version +# Template based on /usr/share/postfix/main.cf.debian + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ ansible_fqdn }} +myorigin = {{ ansible_fqdn }} + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# This is needed if no direct Internet access is available +relayhost = {{ relay_host }} From ab3659adc231deab0c3bd83b14080ec109a924bd Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:32:46 +0100 Subject: [PATCH 5/9] Also config hostname just in case --- roles/postfix-non-mailhost/templates/main.cf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 index 57d106e..b99d905 100644 --- a/roles/postfix-non-mailhost/templates/main.cf.j2 +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -18,7 +18,8 @@ readme_directory = no compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} -myorigin = {{ ansible_fqdn }} +myhostname = {{ ansible_fqdn }} +myorigin = $myhostname # default configuration # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From 69d732e612d95b1dcf710925c119174e92f0c489 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:08 +0100 Subject: [PATCH 6/9] Fix case --- roles/postfix-non-mailhost/handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml index 9538e6d..bc28f6e 100644 --- a/roles/postfix-non-mailhost/handlers/main.yml +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -1,10 +1,10 @@ --- -- name: Restart postfix +- name: restart postfix service: name: postfix state: restarted -- name: Reload postfix +- name: reload postfix service: name: postfix state: reloaded From 456e025ca4dda57c48e43c09cedab9f57df99e55 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:31 +0100 Subject: [PATCH 7/9] use ansible facts instead of hardcoded vars --- deploy_postfix_non_mailhost.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 207e37d..0407d0f 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -4,6 +4,5 @@ vars: local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re - myorigin: auro.re roles: - postfix-non-mailhost From 3925e321880800b2132859a3efcc5b9aa1eba1c9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:45:13 +0100 Subject: [PATCH 8/9] Repect ansible-lint [106] for role names --- deploy_postfix_non_mailhost.yml | 2 +- .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/main.cf.j2 | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/handlers/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/tasks/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/templates/main.cf.j2 (100%) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 0407d0f..e335928 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -5,4 +5,4 @@ local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re roles: - - postfix-non-mailhost + - postfix_non_mailhost diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix_non_mailhost/handlers/main.yml similarity index 100% rename from roles/postfix-non-mailhost/handlers/main.yml rename to roles/postfix_non_mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml similarity index 100% rename from roles/postfix-non-mailhost/tasks/main.yml rename to roles/postfix_non_mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 similarity index 100% rename from roles/postfix-non-mailhost/templates/main.cf.j2 rename to roles/postfix_non_mailhost/templates/main.cf.j2 From 3fceeff74fbb49a05dd45ab3a5b6c9d6ed6267d7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:47:04 +0100 Subject: [PATCH 9/9] Fix ansible lint for rule [208] always specify mode and owner for template --- roles/postfix_non_mailhost/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/postfix_non_mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml index 12a3805..42f3482 100644 --- a/roles/postfix_non_mailhost/tasks/main.yml +++ b/roles/postfix_non_mailhost/tasks/main.yml @@ -11,4 +11,7 @@ template: src: main.cf.j2 dest: /etc/postfix/main.cf + mode: 0644 + owner: root + group: root notify: restart postfix