95 lines
2.4 KiB
YAML
95 lines
2.4 KiB
YAML
---
|
|
- name: Ensure required packages are up to date
|
|
ansible.builtin.apt:
|
|
name:
|
|
- postfix
|
|
- libsasl2-modules
|
|
- sasl2-bin
|
|
state: latest
|
|
become: true
|
|
become_method: sudo
|
|
|
|
- name: Ensure configuration files are up to date
|
|
ansible.builtin.copy:
|
|
src: "{{ item.file }}"
|
|
dest: "{{ item.path }}/{{ item.file }}"
|
|
with_items:
|
|
- file: master.cf
|
|
path: /etc/postfix
|
|
- file: smtpd.conf
|
|
path: /etc/postfix/sasl
|
|
- file: saslauthd-postfix
|
|
path: /etc/default
|
|
- file: aliases
|
|
path: /etc
|
|
notify: restart_postfix
|
|
become: true
|
|
become_method: sudo
|
|
|
|
- name: Ensure configuration templates are up to date
|
|
ansible.builtin.template:
|
|
src: "{{ item.file }}.j2"
|
|
dest: "{{ item.path }}/{{ item.file }}"
|
|
with_items:
|
|
- file: main.cf
|
|
path: /etc/postfix
|
|
- file: sasl_passwd
|
|
path: /etc/postfix
|
|
- file: mailname
|
|
path: /etc
|
|
notify:
|
|
- remap_aliases
|
|
- remap_sasl_passwd
|
|
- restart_postfix
|
|
become: true
|
|
become_method: sudo
|
|
|
|
- name: Ensure postfix user is in sasl group
|
|
ansible.builtin.user:
|
|
name: postfix
|
|
groups: sasl
|
|
append: true
|
|
create_home: false
|
|
become: true
|
|
become_method: sudo
|
|
|
|
- name: Check if fail2ban is installed
|
|
ansible.builtin.stat:
|
|
path: /etc/fail2ban/jail.d/defaults-debian.conf
|
|
register: fail2ban_check
|
|
|
|
- name: Add postfix & sasl2 to fail2ban if fail2ban installed
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/fail2ban/jail.d/defaults-debian.conf
|
|
block: |
|
|
[postfix]
|
|
enabled = true
|
|
|
|
[postfix-sasl]
|
|
enabled = true
|
|
when: fail2ban_check.stat.exists is defined and fail2ban_check.stat.exists
|
|
notify: restart_fail2ban
|
|
become: true
|
|
become_method: sudo
|
|
|
|
# - You can list users on the server by running: sudo sasldblistusers2
|
|
# - saslpasswd2 won't create duplicate users so we can safely run this
|
|
# as many times as we want with the same user list.
|
|
- name: Ensure local smtp users are configured (will always change)
|
|
ansible.builtin.shell:
|
|
executable: /bin/bash
|
|
cmd: ' echo {{ item.password }} | saslpasswd2 -p -c -u {{ local_smtp_relay_hostname }} -a smtpauth {{ item.username }}'
|
|
with_items: "{{ smtp_users }}"
|
|
become: true
|
|
become_method: sudo
|
|
|
|
- name: Ensure services are started & enabled
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
with_items:
|
|
- postfix
|
|
- saslauthd
|
|
become: true
|
|
become_method: sudo |