Add postfix and mail aliases configuration

group_vars/all/all.yml

@@ -23,5 +23,8 @@ main_domain: wirebrass.fr
 # Certbot admin Email address
 certbot_admin_email: contact@wirebrass.fr
 
+# Admin email (for system notification)
+system_admin_email: nemo@wirebrass.fr
+
 # Munin server SSH pubkey
 public_key_munin_user_host: "{{ vault_public_key_munin_user_host }}"

playbook_general_deploy.yml

@@ -3,7 +3,7 @@
   roles:
 #    - auto_reboot
 #    - auto_upgrade
-    - sysctl_customizations
+#    - sysctl_customizations
 #    - client_ntp
 #    - client_resolvers
 #    - client_tools
@@ -11,3 +11,4 @@
 #    - client_iptables
 #    - munin-node
 #    - munin-async
+    - postfix

roles/munin-node/README.md

@@ -73,7 +73,7 @@ None.
 
     - hosts: servers
       roles:
-        - { role: geerlingguy.munin-node }
+        - { role: munin-node }
 
 ## License
 

roles/postfix/.gitignore

@@ -0,0 +1,2 @@
+*.retry
+tests/test.sh

roles/postfix/.travis.yml

@@ -0,0 +1,18 @@
+---
+services: docker
+
+env:
+  - distro: centos7
+  - distro: ubuntu1604
+  - distro: debian9
+
+script:
+  # Download test shim.
+  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
+  - chmod +x ${PWD}/tests/test.sh
+
+  # Run tests.
+  - ${PWD}/tests/test.sh
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

roles/postfix/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

roles/postfix/README.md

@@ -0,0 +1,50 @@
+# Ansible Role: Postfix
+
+[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postfix.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postfix)
+
+Installs postfix on RedHat/CentOS, Gentoo or Debian/Ubuntu.
+
+## Requirements
+
+If you're using this as an SMTP relay server, you will need to do that on your own, and open TCP port 25 in your server firewall.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    postfix_config_file: /etc/postfix/main.cf
+    aliases_config_file: /etc/aliases
+
+The path to the Postfix `main.cf` and aliases configuration file.
+
+    postfix_service_state: started
+    postfix_service_enabled: yes
+
+The state in which the Postfix service should be after this role runs, and whether to enable the service on startup.
+
+    postfix_inet_interfaces: localhost
+    postfix_inet_protocols: all
+
+Options for values `inet_interfaces` and `inet_protocols` in the `main.cf` file.
+
+    alias_email: "{{ system_admin_email }}"
+
+The email address of admin user (to receive system notification).
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+    - hosts: all
+      roles:
+        - postfix
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

roles/postfix/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+postfix_config_file: /etc/postfix/main.cf
+aliases_config_file: /etc/aliases
+
+postfix_service_state: started
+postfix_service_enabled: yes
+
+postfix_inet_interfaces: localhost
+postfix_inet_protocols: all
+
+alias_email: "{{ system_admin_email }}"

roles/postfix/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart postfix
+  service: name=postfix state=restarted
+
+- name: update aliases
+  command: postalias {{ aliases_config_file }}

roles/postfix/meta/.galaxy_install_info

@@ -0,0 +1 @@
+{install_date: 'Sun Jul 12 12:53:58 2020', version: 2.0.0}

roles/postfix/meta/main.yml

@@ -0,0 +1,23 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: geerlingguy
+  description: Postfix for RedHat/CentOS or Debian/Ubuntu.
+  company: "Midwestern Mac, LLC"
+  license: "license (BSD, MIT)"
+  min_ansible_version: 1.8
+  platforms:
+    - name: EL
+      versions:
+      - all
+    - name: Debian
+      versions:
+      - all
+    - name: Ubuntu
+      versions:
+      - all
+  galaxy_tags:
+    - networking
+    - system
+    - mail

roles/postfix/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Ensure postfix is installed.
+  package:
+    name: postfix
+    state: present
+
+- name: Update mail aliases.
+  lineinfile:
+    dest: "{{ aliases_config_file }}"
+    line: "root: {{ alias_email }}"
+    regexp: "^root:"
+  notify: update aliases
+
+- name: Update Postfix configuration.
+  lineinfile:
+    dest: "{{ postfix_config_file }}"
+    line: "{{ item.name }} = {{ item.value }}"
+    regexp: "^{{ item.name }} ="
+  with_items:
+    - name: inet_interfaces
+      value: "{{ postfix_inet_interfaces }}"
+    - name: inet_protocols
+      value: "{{ postfix_inet_protocols }}"
+  notify: restart postfix
+
+- name: Ensure postfix is started and enabled at boot.
+  service:
+    name: postfix
+    enabled: "{{ postfix_service_enabled }}"
+  notify: restart postfix

roles/postfix/tests/README.md

@@ -0,0 +1,11 @@
+# Ansible Role tests
+
+To run the test playbook(s) in this directory:
+
+  1. Install and start Docker.
+  1. Download the test shim (see .travis.yml file for the URL) into `tests/test.sh`:
+    - `wget -O tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/`
+  1. Make the test shim executable: `chmod +x tests/test.sh`.
+  1. Run (from the role root directory) `distro=[distro] playbook=[playbook] ./tests/test.sh`
+
+If you don't want the container to be automatically deleted after the test playbook is run, add the following environment variables: `cleanup=false container_id=$(date +%s)`

roles/postfix/tests/test.yml

@@ -0,0 +1,15 @@
+---
+- hosts: all
+
+  pre_tasks:
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+
+    - name: Override postfix_inet_protocols (RHEL).
+      set_fact:
+        postfix_inet_protocols: ipv4
+      when: ansible_os_family == 'RedHat'
+
+  roles:
+    - role_under_test

roles/postfix/vars/Debian.yml

@@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/aliases

roles/postfix/vars/Gentoo.yml

@@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/mail/aliases

roles/postfix/vars/RedHat.yml

@@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/aliases