From 1286821007a8368327d9dd7508c6003ef2b59cdf Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Mon, 5 Aug 2024 19:34:51 +0200
Subject: [PATCH] [roles/server/mail/milter-spf] setup spf milter

---
 .../files/default/pyspf-milter.conf           | 25 +++++++++
 .../files/default/pyspf-milter.service        | 23 +++++++++
 .../server/mail/milter-spf/handlers/main.yml  | 13 +++++
 roles/server/mail/milter-spf/tasks/main.yml   | 51 +++++++++++++++++++
 4 files changed, 112 insertions(+)
 create mode 100644 roles/server/mail/milter-spf/files/default/pyspf-milter.conf
 create mode 100644 roles/server/mail/milter-spf/files/default/pyspf-milter.service
 create mode 100644 roles/server/mail/milter-spf/handlers/main.yml
 create mode 100644 roles/server/mail/milter-spf/tasks/main.yml

diff --git a/roles/server/mail/milter-spf/files/default/pyspf-milter.conf b/roles/server/mail/milter-spf/files/default/pyspf-milter.conf
new file mode 100644
index 0000000..2494947
--- /dev/null
+++ b/roles/server/mail/milter-spf/files/default/pyspf-milter.conf
@@ -0,0 +1,25 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+
+# never reject mail, just add header.
+TestOnly = 1
+No_Mail = True
+HELO_reject = False
+Mail_From_reject = False
+PermError_reject = False
+TempError_Defer = True
+
+Authserv_Id = mail.somenet.org
+Header_Type = AR
+Hide_Receiver = Yes
+
+debugLevel = 1
+Socket = local:/run/pyspf-milter/pyspf-milter.sock
+PidFile = /run/pyspf-milter/pyspf-milter.pid
+UserID = pyspf-milter
+InternalHosts = 127.0.0.1
diff --git a/roles/server/mail/milter-spf/files/default/pyspf-milter.service b/roles/server/mail/milter-spf/files/default/pyspf-milter.service
new file mode 100644
index 0000000..70104f6
--- /dev/null
+++ b/roles/server/mail/milter-spf/files/default/pyspf-milter.service
@@ -0,0 +1,23 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+
+
+[Unit]
+Description=pySPF Milter
+Documentation=man:pyspf-milter(8) man:pyspf-milter.conf(5)
+After=network.target
+
+[Service]
+Type=simple
+PIDFile=/run/pyspf-milter/pyspf-milter.pid
+ExecStart=/usr/bin/pyspf-milter /etc/pyspf-milter/pyspf-milter.conf
+Slice=system-postfix.slice
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/server/mail/milter-spf/handlers/main.yml b/roles/server/mail/milter-spf/handlers/main.yml
new file mode 100644
index 0000000..a22c0dd
--- /dev/null
+++ b/roles/server/mail/milter-spf/handlers/main.yml
@@ -0,0 +1,13 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+---
+- name: restart pyspf-milter.service
+  systemd:
+    name: pyspf-milter.service
+    daemon_reload: yes
+    state: restarted
+  ignore_errors: yes
diff --git a/roles/server/mail/milter-spf/tasks/main.yml b/roles/server/mail/milter-spf/tasks/main.yml
new file mode 100644
index 0000000..bbaee39
--- /dev/null
+++ b/roles/server/mail/milter-spf/tasks/main.yml
@@ -0,0 +1,51 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2024 by someone <someone@somenet.org>
+#
+---
+- name: install pyspf-milter
+  apt:
+    pkg:
+    - pyspf-milter
+    state: present
+    policy_rc_d: 101
+  tags: "online"
+  ignore_errors: "{{ignore_online_errors | bool}}"
+
+
+- name: copy pyspf-milter.conf
+  copy:
+    src: "{{item}}"
+    dest: "/etc/pyspf-milter/pyspf-milter.conf"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/pyspf-milter.conf"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/pyspf-milter.conf"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/pyspf-milter.conf"
+    - "default/pyspf-milter.conf"
+  notify: restart pyspf-milter.service
+
+
+- name: copy pyspf-milter.service to /etc/systemd/system/
+  copy:
+    src: "{{item}}"
+    dest: "/etc/systemd/system/pyspf-milter.service"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/pyspf-milter.service"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/pyspf-milter.service"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/pyspf-milter.service"
+    - "default/pyspf-milter.service"
+  notify: restart pyspf-milter.service
+
+
+- name: enable and start pyspf-milter.service
+  include_role: name="base/systemd/enable-and-start"
+  vars:
+    service_name: pyspf-milter.service
-- 
2.43.0