[roles/server/mail/postfix] setup postfix mail server

[root/pub/somesible.git] / roles / server / mail / postfix / tasks / main.yml

#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
---
- name: install postfix
  apt:
    pkg:
    - postfix
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


# letsencrypt may not be needed.
- name: add postfix user to groups mail,sasl,ssl-cert,letsencrypt,opendkim,opendmarc
  user:
    name: "postfix"
    groups: "mail,sasl,ssl-cert,opendkim,opendmarc,pyspf-milter"
    append: yes
    createhome: no
    state: present


- name: copy main.cf
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/main.cf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/main.cf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/main.cf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/main.cf"
    - "default/main.cf"
  notify: restart postfix.service


- name: copy master.cf
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/master.cf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/master.cf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/master.cf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/master.cf"
    - "default/master.cf"
  notify: restart postfix.service


- name: copy saslauthd smtpd.conf
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/sasl/smtpd.conf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sasl.smtpd.conf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sasl.smtpd.conf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sasl.smtpd.conf"
    - "default/sasl.smtpd.conf"
  notify: restart postfix.service


- name: copy header_checks_in.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/header_checks_in.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/header_checks_in.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/header_checks_in.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/header_checks_in.regexp"
    - "default/header_checks_in.regexp"
  notify: reload postfix.service


- name: copy header_checks_out.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/header_checks_out.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/header_checks_out.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/header_checks_out.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/header_checks_out.regexp"
    - "default/header_checks_out.regexp"
  notify: reload postfix.service


- name: copy rcpt_recipient.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/rcpt_recipient.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/rcpt_recipient.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/rcpt_recipient.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/rcpt_recipient.regexp"
    - "default/rcpt_recipient.regexp"
  notify: reload postfix.service


- name: copy rcpt_sender.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/rcpt_sender.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/rcpt_sender.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/rcpt_sender.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/rcpt_sender.regexp"
    - "default/rcpt_sender.regexp"
  notify: reload postfix.service


- name: copy rel_recipient.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/rel_recipient.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/rel_recipient.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/rel_recipient.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/rel_recipient.regexp"
    - "default/rel_recipient.regexp"
  notify: reload postfix.service


- name: copy rel_sender.regexp
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/rel_sender.regexp"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/rel_sender.regexp"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/rel_sender.regexp"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/rel_sender.regexp"
    - "default/rel_sender.regexp"
  notify: reload postfix.service


- name: copy transport.map
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/transport.map"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/transport.map"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/transport.map"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/transport.map"
    - "default/transport.map"
  notify: rehash postfix maps


- name: copy virtual.map
  copy:
    src: "{{item}}"
    dest: "/etc/postfix/virtual.map"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/virtual.map"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/virtual.map"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/virtual.map"
    - "default/virtual.map"
  notify: rehash postfix maps


- name: copy postfix@.service to /etc/systemd/system/
  copy:
    src: "{{item}}"
    dest: "/etc/systemd/system/postfix@.service"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/postfix@.service"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/postfix@.service"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/postfix@.service"
    - "default/postfix@.service"


- name: copy fail2ban.jail.d.postfix.conf to /etc/fail2ban/jail.d/
  copy:
    src: "{{item}}"
    dest: "/etc/fail2ban/jail.d/postfix.conf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/fail2ban.jail.d.postfix.conf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/fail2ban.jail.d.postfix.conf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/fail2ban.jail.d.postfix.conf"
    - "default/fail2ban.jail.d.postfix.conf"
  notify: reload fail2ban.service


- name: enable and start postfix.service
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: postfix.service