Mail server playbook and role (not finished)
This commit is contained in:
parent
3392556d48
commit
24a36c1353
4
playbook_mail_deploy.yml
Normal file
4
playbook_mail_deploy.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
- hosts: mail_server
|
||||||
|
roles:
|
||||||
|
- mail_server
|
2
roles/mail_server/.gitignore
vendored
Normal file
2
roles/mail_server/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
*.retry
|
||||||
|
tests/test.sh
|
18
roles/mail_server/.travis.yml
Normal file
18
roles/mail_server/.travis.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
services: docker
|
||||||
|
|
||||||
|
env:
|
||||||
|
- distro: centos7
|
||||||
|
- distro: ubuntu1604
|
||||||
|
- distro: debian9
|
||||||
|
|
||||||
|
script:
|
||||||
|
# Download test shim.
|
||||||
|
- wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
|
||||||
|
- chmod +x ${PWD}/tests/test.sh
|
||||||
|
|
||||||
|
# Run tests.
|
||||||
|
- ${PWD}/tests/test.sh
|
||||||
|
|
||||||
|
notifications:
|
||||||
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
20
roles/mail_server/LICENSE
Normal file
20
roles/mail_server/LICENSE
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2017 Jeff Geerling
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||||
|
subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
45
roles/mail_server/README.md
Normal file
45
roles/mail_server/README.md
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# Ansible Role: Mail Server
|
||||||
|
|
||||||
|
Installs postfix on RedHat/CentOS, Gentoo or Debian/Ubuntu.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
If you're using this as an SMTP relay server, you will need to do that on your own, and open TCP port 25 in your server firewall.
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
|
postfix_config_file: /etc/postfix/main.cf
|
||||||
|
aliases_config_file: /etc/aliases
|
||||||
|
|
||||||
|
The path to the Postfix `main.cf` and aliases configuration file.
|
||||||
|
|
||||||
|
postfix_service_state: started
|
||||||
|
postfix_service_enabled: yes
|
||||||
|
|
||||||
|
The state in which the Postfix service should be after this role runs, and whether to enable the service on startup.
|
||||||
|
|
||||||
|
postfix_inet_interfaces: localhost
|
||||||
|
postfix_inet_protocols: all
|
||||||
|
|
||||||
|
Options for values `inet_interfaces` and `inet_protocols` in the `main.cf` file.
|
||||||
|
|
||||||
|
alias_email: "{{ system_admin_email }}"
|
||||||
|
|
||||||
|
The email address of admin user (to receive system notification).
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- postfix
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT / BSD
|
||||||
|
|
15
roles/mail_server/defaults/main.yml
Normal file
15
roles/mail_server/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
postfix_config_file: /etc/postfix/main.cf
|
||||||
|
aliases_config_file: /etc/aliases
|
||||||
|
|
||||||
|
postfix_service_state: started
|
||||||
|
postfix_service_enabled: yes
|
||||||
|
|
||||||
|
postfix_inet_interfaces: localhost
|
||||||
|
postfix_inet_protocols: all
|
||||||
|
|
||||||
|
alias_email: "{{ system_admin_email }}"
|
||||||
|
|
||||||
|
dkim_mail_key: ""
|
||||||
|
dkim_mail_txt: ""
|
||||||
|
dkim_mail_domain: ""
|
6
roles/mail_server/handlers/main.yml
Normal file
6
roles/mail_server/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: restart postfix
|
||||||
|
service: name=postfix state=restarted
|
||||||
|
|
||||||
|
- name: update aliases
|
||||||
|
command: postalias {{ aliases_config_file }}
|
1
roles/mail_server/meta/.galaxy_install_info
Normal file
1
roles/mail_server/meta/.galaxy_install_info
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{install_date: 'Sun Jul 12 12:53:58 2020', version: 2.0.0}
|
23
roles/mail_server/meta/main.yml
Normal file
23
roles/mail_server/meta/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
dependencies: []
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
author: nemo
|
||||||
|
description: Mail server for RedHat/CentOS or Debian/Ubuntu.
|
||||||
|
company: "Wirebrass"
|
||||||
|
license: "license (BSD, MIT)"
|
||||||
|
min_ansible_version: 1.8
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
galaxy_tags:
|
||||||
|
- networking
|
||||||
|
- system
|
||||||
|
- mail
|
9
roles/mail_server/tasks/alias.yml
Normal file
9
roles/mail_server/tasks/alias.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Update mail aliases.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ aliases_config_file }}"
|
||||||
|
line: "root: {{ alias_email }}"
|
||||||
|
regexp: "^root:"
|
||||||
|
when: alias_email != "root"
|
||||||
|
notify: update aliases
|
||||||
|
|
17
roles/mail_server/tasks/dkim.yml
Normal file
17
roles/mail_server/tasks/dkim.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: DKIM key deployed.
|
||||||
|
copy:
|
||||||
|
dest: "/etc/dkimkeys/{{ dkim_mail_domain }}.mail.key"
|
||||||
|
content: "{{ dkim_mail_key }}\n"
|
||||||
|
owner: _rspamd
|
||||||
|
group: root
|
||||||
|
mode: 0400
|
||||||
|
|
||||||
|
- name: DKIM txt file with DNS record deployed.
|
||||||
|
copy:
|
||||||
|
dest: "/etc/dkimkeys/{{ dkim_mail_domain }}.mail.txt"
|
||||||
|
content: "{{ dkim_mail_txt }}\n"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
|
9
roles/mail_server/tasks/main.yml
Normal file
9
roles/mail_server/tasks/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Include OS-specific variables.
|
||||||
|
include_vars: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
|
- import_tasks: package.yml
|
||||||
|
- import_tasks: dkim.yml
|
||||||
|
- import_tasks: alias.yml
|
||||||
|
- import_tasks: postfix.yml
|
||||||
|
|
51
roles/mail_server/tasks/package.yml
Normal file
51
roles/mail_server/tasks/package.yml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
---
|
||||||
|
- name: Ensure postfix is installed.
|
||||||
|
package:
|
||||||
|
name: postfix
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure dovecot-core is installed.
|
||||||
|
package:
|
||||||
|
name: dovecot-core
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure dovecot-antispam is installed.
|
||||||
|
package:
|
||||||
|
name: dovecot-antispam
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure dovecot-imapd is installed.
|
||||||
|
package:
|
||||||
|
name: dovecot-imapd
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure dovecot-sieve is installed.
|
||||||
|
package:
|
||||||
|
name: dovecot-sieve
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure fail2ban is installed.
|
||||||
|
package:
|
||||||
|
name: fail2ban
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure mailutils is installed.
|
||||||
|
package:
|
||||||
|
name: mailutils
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure rspamd is installed.
|
||||||
|
package:
|
||||||
|
name: rspamd
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure opendkim is installed.
|
||||||
|
package:
|
||||||
|
name: opendkim
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure opendkim-tools is installed.
|
||||||
|
package:
|
||||||
|
name: opendkim-tools
|
||||||
|
state: present
|
||||||
|
|
21
roles/mail_server/tasks/postfix.yml
Normal file
21
roles/mail_server/tasks/postfix.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Update Postfix configuration.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ postfix_config_file }}"
|
||||||
|
line: "{{ item.name }} = {{ item.value }}"
|
||||||
|
regexp: "^{{ item.name }} ="
|
||||||
|
with_items:
|
||||||
|
- name: inet_interfaces
|
||||||
|
value: "{{ postfix_inet_interfaces }}"
|
||||||
|
- name: inet_protocols
|
||||||
|
value: "{{ postfix_inet_protocols }}"
|
||||||
|
- name: myhostname
|
||||||
|
value: "{{ inventory_hostname }}"
|
||||||
|
notify: restart postfix
|
||||||
|
|
||||||
|
- name: Ensure postfix is started and enabled at boot.
|
||||||
|
service:
|
||||||
|
name: postfix
|
||||||
|
enabled: "{{ postfix_service_enabled }}"
|
||||||
|
notify: restart postfix
|
||||||
|
|
2
roles/mail_server/vars/Debian.yml
Normal file
2
roles/mail_server/vars/Debian.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
aliases_config_file: /etc/aliases
|
2
roles/mail_server/vars/Gentoo.yml
Normal file
2
roles/mail_server/vars/Gentoo.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
aliases_config_file: /etc/mail/aliases
|
2
roles/mail_server/vars/RedHat.yml
Normal file
2
roles/mail_server/vars/RedHat.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
aliases_config_file: /etc/aliases
|
Loading…
Reference in a new issue