aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/all.yml4
-rw-r--r--ansible/ansible.cfg5
-rw-r--r--ansible/group_vars/via_knot.yml2
-rw-r--r--ansible/host_vars/knot/lxc_containers.yml (renamed from ansible/host_vars/knot.yml)0
-rw-r--r--ansible/host_vars/knot/postfix-secret.yml14
-rw-r--r--ansible/host_vars/knot/postfix.yml2
-rw-r--r--ansible/roles/postfix/defaults/main.yml1
-rw-r--r--ansible/roles/postfix/handlers/main.yml11
-rw-r--r--ansible/roles/postfix/tasks/main.yml47
9 files changed, 82 insertions, 4 deletions
diff --git a/ansible/all.yml b/ansible/all.yml
new file mode 100644
index 0000000..dc524d5
--- /dev/null
+++ b/ansible/all.yml
@@ -0,0 +1,4 @@
+- hosts:
+ - knot
+ roles:
+ - postfix
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 2b06a16..4c70c17 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,6 +1,7 @@
[defaults]
become_method = sudo
-inventory = ./inventory
connection_plugins = ./connection_plugins
-vault_password_file = vault-password
+inventory = ./inventory
nocows = True
+stdout_callback = debug
+vault_password_file = vault-password
diff --git a/ansible/group_vars/via_knot.yml b/ansible/group_vars/via_knot.yml
deleted file mode 100644
index efd19c1..0000000
--- a/ansible/group_vars/via_knot.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-#ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q trygvis.io"'
-#ansible_ssh_common_args: 'ansible_host=mw.trygvis.io'
diff --git a/ansible/host_vars/knot.yml b/ansible/host_vars/knot/lxc_containers.yml
index 7bd3a35..7bd3a35 100644
--- a/ansible/host_vars/knot.yml
+++ b/ansible/host_vars/knot/lxc_containers.yml
diff --git a/ansible/host_vars/knot/postfix-secret.yml b/ansible/host_vars/knot/postfix-secret.yml
new file mode 100644
index 0000000..5135eb7
--- /dev/null
+++ b/ansible/host_vars/knot/postfix-secret.yml
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+32353266323737353463653565613435313535326236613165323538386535616162653231386432
+3338613366616465343161626362333031376633643531310a663933373233363864643765656331
+36633163363365366134623666363330393734343135373261366534623362626539623264663131
+3435643533616434380a656237663161316530316431316364646239646334343136323030363135
+31353965613337363966653233663438666364613564303035323431616233343566646239316462
+66353864656133393366396537303939383435623937663037373030383137323266386237323266
+32336630313335616234306664323364376563326238643465623635356132636430353031613131
+65363761653664383361383931653635376434366639616263313966373938333564633661666337
+62343863336337313965323234316238643238663933393031366537326638663937356563303839
+30623962313831373062336136383737633935376463353232376133613931366664663861346436
+63336162303964393334363365353635633030396136386539363031666131646433633566373061
+35646166653136363936326464396537303035343666383165376638373338356234633132396139
+3364
diff --git a/ansible/host_vars/knot/postfix.yml b/ansible/host_vars/knot/postfix.yml
new file mode 100644
index 0000000..2b83efe
--- /dev/null
+++ b/ansible/host_vars/knot/postfix.yml
@@ -0,0 +1,2 @@
+postfix__relayhost: email-smtp.eu-west-1.amazonaws.com
+postfix__is_satellite: no
diff --git a/ansible/roles/postfix/defaults/main.yml b/ansible/roles/postfix/defaults/main.yml
new file mode 100644
index 0000000..72e4e25
--- /dev/null
+++ b/ansible/roles/postfix/defaults/main.yml
@@ -0,0 +1 @@
+postfix__is_satellite: yes
diff --git a/ansible/roles/postfix/handlers/main.yml b/ansible/roles/postfix/handlers/main.yml
new file mode 100644
index 0000000..95324ef
--- /dev/null
+++ b/ansible/roles/postfix/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: reload postfix
+ service: name=postfix state=reloaded
+ become: yes
+
+- name: postmap /etc/postfix/sasl_passwd
+ become: yes
+ shell: postmap /etc/postfix/sasl_passwd
+
+- name: postalias /etc/aliases
+ become: yes
+ shell: postalias /etc/aliases
diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml
new file mode 100644
index 0000000..31ff3a2
--- /dev/null
+++ b/ansible/roles/postfix/tasks/main.yml
@@ -0,0 +1,47 @@
+- tags: postfix-config
+ become: yes
+ block:
+ - name: "Configure postfix: main.cf"
+ notify: reload postfix
+ with_items:
+ - key: "smtp_sasl_auth_enable"
+ value: "yes"
+ - key: "smtp_sasl_password_maps"
+ value: "hash:/etc/postfix/sasl_passwd"
+ - key: "smtp_sasl_security_options"
+ value: "noanonymous"
+ - key: "smtp_tls_security_level"
+ value: "{{ 'encrypt' if postfix__is_satellite else 'may' }}"
+ lineinfile:
+ dest: /etc/postfix/main.cf
+ line: "{{ item.key }} = {{ item.value }}"
+ regexp: "^{{ item.key }} ="
+ - name: "Configure postfix: main.cf (relayhost)"
+ when: postfix__relayhost is defined
+ notify: reload postfix
+ with_items:
+ - key: "relayhost"
+ value: "{{ postfix__relayhost }}"
+ lineinfile:
+ dest: /etc/postfix/main.cf
+ line: "{{ item.key }} = {{ item.value }}"
+ regexp: "^{{ item.key }} ="
+
+- tags: postfix-config
+ when: postfix__sasl_password is defined
+ become: yes
+ block:
+ - name: Create /etc/postfix/sasl_passwd
+ copy:
+ dest: /etc/postfix/sasl_passwd
+ content: ""
+ force: no
+ mode: 0600
+
+ - name: "Configure postfix: sasl_passwd"
+ notify: postmap /etc/postfix/sasl_passwd
+ with_items: "{{ postfix__sasl_password }}"
+ lineinfile:
+ dest: /etc/postfix/sasl_passwd
+ line: "{{ item.host }} {{ item.username }}:{{ item.password }}"
+ regexp: "^{{ item.host|regex_escape() }}"