diff options
-rw-r--r-- | ansible/all.yml | 4 | ||||
-rw-r--r-- | ansible/ansible.cfg | 5 | ||||
-rw-r--r-- | ansible/group_vars/via_knot.yml | 2 | ||||
-rw-r--r-- | ansible/host_vars/knot/lxc_containers.yml (renamed from ansible/host_vars/knot.yml) | 0 | ||||
-rw-r--r-- | ansible/host_vars/knot/postfix-secret.yml | 14 | ||||
-rw-r--r-- | ansible/host_vars/knot/postfix.yml | 2 | ||||
-rw-r--r-- | ansible/roles/postfix/defaults/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/postfix/handlers/main.yml | 11 | ||||
-rw-r--r-- | ansible/roles/postfix/tasks/main.yml | 47 |
9 files changed, 82 insertions, 4 deletions
diff --git a/ansible/all.yml b/ansible/all.yml new file mode 100644 index 0000000..dc524d5 --- /dev/null +++ b/ansible/all.yml @@ -0,0 +1,4 @@ +- hosts: + - knot + roles: + - postfix diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 2b06a16..4c70c17 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,6 +1,7 @@ [defaults] become_method = sudo -inventory = ./inventory connection_plugins = ./connection_plugins -vault_password_file = vault-password +inventory = ./inventory nocows = True +stdout_callback = debug +vault_password_file = vault-password diff --git a/ansible/group_vars/via_knot.yml b/ansible/group_vars/via_knot.yml deleted file mode 100644 index efd19c1..0000000 --- a/ansible/group_vars/via_knot.yml +++ /dev/null @@ -1,2 +0,0 @@ -#ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q trygvis.io"' -#ansible_ssh_common_args: 'ansible_host=mw.trygvis.io' diff --git a/ansible/host_vars/knot.yml b/ansible/host_vars/knot/lxc_containers.yml index 7bd3a35..7bd3a35 100644 --- a/ansible/host_vars/knot.yml +++ b/ansible/host_vars/knot/lxc_containers.yml diff --git a/ansible/host_vars/knot/postfix-secret.yml b/ansible/host_vars/knot/postfix-secret.yml new file mode 100644 index 0000000..5135eb7 --- /dev/null +++ b/ansible/host_vars/knot/postfix-secret.yml @@ -0,0 +1,14 @@ +$ANSIBLE_VAULT;1.1;AES256 +32353266323737353463653565613435313535326236613165323538386535616162653231386432 +3338613366616465343161626362333031376633643531310a663933373233363864643765656331 +36633163363365366134623666363330393734343135373261366534623362626539623264663131 +3435643533616434380a656237663161316530316431316364646239646334343136323030363135 +31353965613337363966653233663438666364613564303035323431616233343566646239316462 +66353864656133393366396537303939383435623937663037373030383137323266386237323266 +32336630313335616234306664323364376563326238643465623635356132636430353031613131 +65363761653664383361383931653635376434366639616263313966373938333564633661666337 +62343863336337313965323234316238643238663933393031366537326638663937356563303839 +30623962313831373062336136383737633935376463353232376133613931366664663861346436 +63336162303964393334363365353635633030396136386539363031666131646433633566373061 +35646166653136363936326464396537303035343666383165376638373338356234633132396139 +3364 diff --git a/ansible/host_vars/knot/postfix.yml b/ansible/host_vars/knot/postfix.yml new file mode 100644 index 0000000..2b83efe --- /dev/null +++ b/ansible/host_vars/knot/postfix.yml @@ -0,0 +1,2 @@ +postfix__relayhost: email-smtp.eu-west-1.amazonaws.com +postfix__is_satellite: no diff --git a/ansible/roles/postfix/defaults/main.yml b/ansible/roles/postfix/defaults/main.yml new file mode 100644 index 0000000..72e4e25 --- /dev/null +++ b/ansible/roles/postfix/defaults/main.yml @@ -0,0 +1 @@ +postfix__is_satellite: yes diff --git a/ansible/roles/postfix/handlers/main.yml b/ansible/roles/postfix/handlers/main.yml new file mode 100644 index 0000000..95324ef --- /dev/null +++ b/ansible/roles/postfix/handlers/main.yml @@ -0,0 +1,11 @@ +- name: reload postfix + service: name=postfix state=reloaded + become: yes + +- name: postmap /etc/postfix/sasl_passwd + become: yes + shell: postmap /etc/postfix/sasl_passwd + +- name: postalias /etc/aliases + become: yes + shell: postalias /etc/aliases diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..31ff3a2 --- /dev/null +++ b/ansible/roles/postfix/tasks/main.yml @@ -0,0 +1,47 @@ +- tags: postfix-config + become: yes + block: + - name: "Configure postfix: main.cf" + notify: reload postfix + with_items: + - key: "smtp_sasl_auth_enable" + value: "yes" + - key: "smtp_sasl_password_maps" + value: "hash:/etc/postfix/sasl_passwd" + - key: "smtp_sasl_security_options" + value: "noanonymous" + - key: "smtp_tls_security_level" + value: "{{ 'encrypt' if postfix__is_satellite else 'may' }}" + lineinfile: + dest: /etc/postfix/main.cf + line: "{{ item.key }} = {{ item.value }}" + regexp: "^{{ item.key }} =" + - name: "Configure postfix: main.cf (relayhost)" + when: postfix__relayhost is defined + notify: reload postfix + with_items: + - key: "relayhost" + value: "{{ postfix__relayhost }}" + lineinfile: + dest: /etc/postfix/main.cf + line: "{{ item.key }} = {{ item.value }}" + regexp: "^{{ item.key }} =" + +- tags: postfix-config + when: postfix__sasl_password is defined + become: yes + block: + - name: Create /etc/postfix/sasl_passwd + copy: + dest: /etc/postfix/sasl_passwd + content: "" + force: no + mode: 0600 + + - name: "Configure postfix: sasl_passwd" + notify: postmap /etc/postfix/sasl_passwd + with_items: "{{ postfix__sasl_password }}" + lineinfile: + dest: /etc/postfix/sasl_passwd + line: "{{ item.host }} {{ item.username }}:{{ item.password }}" + regexp: "^{{ item.host|regex_escape() }}" |