Mail server playbook and role (not finished)

2020-08-02 18:18:01 +02:00 · 2020-08-02 18:18:01 +02:00 · 24a36c1353
parent 3392556d48
commit 24a36c1353
17 changed files with 247 additions and 0 deletions
--- a/playbook_mail_deploy.yml
+++ b/playbook_mail_deploy.yml
@ -0,0 +1,4 @@
+---
+- hosts: mail_server
+  roles:
+    - mail_server
--- a/roles/mail_server/.gitignore
+++ b/roles/mail_server/.gitignore
@ -0,0 +1,2 @@
+*.retry
+tests/test.sh
--- a/roles/mail_server/.travis.yml
+++ b/roles/mail_server/.travis.yml
@ -0,0 +1,18 @@
+---
+services: docker
+
+env:
+  - distro: centos7
+  - distro: ubuntu1604
+  - distro: debian9
+
+script:
+  # Download test shim.
+  - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
+  - chmod +x ${PWD}/tests/test.sh
+
+  # Run tests.
+  - ${PWD}/tests/test.sh
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
--- a/roles/mail_server/LICENSE
+++ b/roles/mail_server/LICENSE
@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/roles/mail_server/README.md
+++ b/roles/mail_server/README.md
@ -0,0 +1,45 @@
+# Ansible Role: Mail Server
+
+Installs postfix on RedHat/CentOS, Gentoo or Debian/Ubuntu.
+
+## Requirements
+
+If you're using this as an SMTP relay server, you will need to do that on your own, and open TCP port 25 in your server firewall.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    postfix_config_file: /etc/postfix/main.cf
+    aliases_config_file: /etc/aliases
+
+The path to the Postfix `main.cf` and aliases configuration file.
+
+    postfix_service_state: started
+    postfix_service_enabled: yes
+
+The state in which the Postfix service should be after this role runs, and whether to enable the service on startup.
+
+    postfix_inet_interfaces: localhost
+    postfix_inet_protocols: all
+
+Options for values `inet_interfaces` and `inet_protocols` in the `main.cf` file.
+
+    alias_email: "{{ system_admin_email }}"
+
+The email address of admin user (to receive system notification).
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+    - hosts: all
+      roles:
+        - postfix
+
+## License
+
+MIT / BSD
+
--- a/roles/mail_server/defaults/main.yml
+++ b/roles/mail_server/defaults/main.yml
@ -0,0 +1,15 @@
+---
+postfix_config_file: /etc/postfix/main.cf
+aliases_config_file: /etc/aliases
+
+postfix_service_state: started
+postfix_service_enabled: yes
+
+postfix_inet_interfaces: localhost
+postfix_inet_protocols: all
+
+alias_email: "{{ system_admin_email }}"
+
+dkim_mail_key: ""
+dkim_mail_txt: ""
+dkim_mail_domain: ""
--- a/roles/mail_server/handlers/main.yml
+++ b/roles/mail_server/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: restart postfix
+  service: name=postfix state=restarted
+
+- name: update aliases
+  command: postalias {{ aliases_config_file }}
--- a/roles/mail_server/meta/.galaxy_install_info
+++ b/roles/mail_server/meta/.galaxy_install_info
@ -0,0 +1 @@
+{install_date: 'Sun Jul 12 12:53:58 2020', version: 2.0.0}
--- a/roles/mail_server/meta/main.yml
+++ b/roles/mail_server/meta/main.yml
@ -0,0 +1,23 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: nemo
+  description: Mail server for RedHat/CentOS or Debian/Ubuntu.
+  company: "Wirebrass"
+  license: "license (BSD, MIT)"
+  min_ansible_version: 1.8
+  platforms:
+    - name: EL
+      versions:
+      - all
+    - name: Debian
+      versions:
+      - all
+    - name: Ubuntu
+      versions:
+      - all
+  galaxy_tags:
+    - networking
+    - system
+    - mail
--- a/roles/mail_server/tasks/alias.yml
+++ b/roles/mail_server/tasks/alias.yml
@ -0,0 +1,9 @@
+---
+- name: Update mail aliases.
+  lineinfile:
+    dest: "{{ aliases_config_file }}"
+    line: "root: {{ alias_email }}"
+    regexp: "^root:"
+  when: alias_email != "root"
+  notify: update aliases
+
--- a/roles/mail_server/tasks/dkim.yml
+++ b/roles/mail_server/tasks/dkim.yml
@ -0,0 +1,17 @@
+---
+- name: DKIM key deployed.
+  copy:
+    dest: "/etc/dkimkeys/{{ dkim_mail_domain }}.mail.key"
+    content: "{{ dkim_mail_key }}\n"
+    owner: _rspamd
+    group: root
+    mode: 0400
+
+- name: DKIM txt file with DNS record deployed.
+  copy:
+    dest: "/etc/dkimkeys/{{ dkim_mail_domain }}.mail.txt"
+    content: "{{ dkim_mail_txt }}\n"
+    owner: root
+    group: root
+    mode: 0600
+
--- a/roles/mail_server/tasks/main.yml
+++ b/roles/mail_server/tasks/main.yml
@ -0,0 +1,9 @@
+---
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- import_tasks: package.yml
+- import_tasks: dkim.yml
+- import_tasks: alias.yml
+- import_tasks: postfix.yml
+
--- a/roles/mail_server/tasks/package.yml
+++ b/roles/mail_server/tasks/package.yml
@ -0,0 +1,51 @@
+---
+- name: Ensure postfix is installed.
+  package:
+    name: postfix
+    state: present
+
+- name: Ensure dovecot-core is installed.
+  package:
+    name: dovecot-core
+    state: present
+
+- name: Ensure dovecot-antispam is installed.
+  package:
+    name: dovecot-antispam
+    state: present
+
+- name: Ensure dovecot-imapd is installed.
+  package:
+    name: dovecot-imapd
+    state: present
+
+- name: Ensure dovecot-sieve is installed.
+  package:
+    name: dovecot-sieve
+    state: present
+
+- name: Ensure fail2ban is installed.
+  package:
+    name: fail2ban
+    state: present
+
+- name: Ensure mailutils is installed.
+  package:
+    name: mailutils
+    state: present
+
+- name: Ensure rspamd is installed.
+  package:
+    name: rspamd
+    state: present
+
+- name: Ensure opendkim is installed.
+  package:
+    name: opendkim
+    state: present
+
+- name: Ensure opendkim-tools is installed.
+  package:
+    name: opendkim-tools
+    state: present
+
--- a/roles/mail_server/tasks/postfix.yml
+++ b/roles/mail_server/tasks/postfix.yml
@ -0,0 +1,21 @@
+---
+- name: Update Postfix configuration.
+  lineinfile:
+    dest: "{{ postfix_config_file }}"
+    line: "{{ item.name }} = {{ item.value }}"
+    regexp: "^{{ item.name }} ="
+  with_items:
+    - name: inet_interfaces
+      value: "{{ postfix_inet_interfaces }}"
+    - name: inet_protocols
+      value: "{{ postfix_inet_protocols }}"
+    - name: myhostname
+      value: "{{ inventory_hostname }}"
+  notify: restart postfix
+
+- name: Ensure postfix is started and enabled at boot.
+  service:
+    name: postfix
+    enabled: "{{ postfix_service_enabled }}"
+  notify: restart postfix
+
--- a/roles/mail_server/vars/Debian.yml
+++ b/roles/mail_server/vars/Debian.yml
@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/aliases
--- a/roles/mail_server/vars/Gentoo.yml
+++ b/roles/mail_server/vars/Gentoo.yml
@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/mail/aliases
--- a/roles/mail_server/vars/RedHat.yml
+++ b/roles/mail_server/vars/RedHat.yml
@ -0,0 +1,2 @@
+---
+aliases_config_file: /etc/aliases
				`@ -0,0 +1 @@`
				`{install_date: 'Sun Jul 12 12:53:58 2020', version: 2.0.0}`