Remove send_only_mailserver role, since its not needed anymore

playbooks/roles/send_only_mail_server/README.md

@@ -1,35 +0,0 @@
-# Role `send_only_mail_server`
-
-Makes sure a send-only mail server is deployed using OpenSMTPD and Rspamd for DKIM signing.
-
-Make sure to manually set a DMARC record and MX record for the mail domains.
-
-## Supported Distributions
-
-The following distributions are supported:
-
-- Debian 11
-
-## Required Arguments
-
-For the required arguments look at the [`argument_specs.yaml`](./meta/argument_specs.yml)
-
-Also make sure to set the following for the `cert` role dependency:
-
-- `cert__acme_account_email`
-
-## Updates
-
-This role doesn't handle updates.
-However it uses the system package manager for installing all the packages, so when you're making sure the system packages are up-to-date, you're handling updates for the packages installed by this role as well.
-
-## `hosts`
-
-The `hosts` for this role need to be the machines on which you want to deploy a mail server.
-
-## Links & Resources
-
-- <https://www.opensmtpd.org/>
-- <https://www.opensmtpd.org/manual.html>
-- <https://www.rspamd.com/>
-- <https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/>

playbooks/roles/send_only_mail_server/files/etc_rspamd_settings.conf

@@ -1,7 +0,0 @@
-dkim_signing {
-    id = "dkim_signing";
-    apply {
-        symbols_enabled = ["DKIM_SIGNED"];
-        flags = ["skip_process"]; # Disable expensive MIME processing
-    }
-}

playbooks/roles/send_only_mail_server/handlers/main.yaml

@@ -1,11 +0,0 @@
-- name: Restart `opensmtpd.service`
-  ansible.builtin.systemd:
-    name: opensmtpd.service
-    state: restarted
-  become: true
-
-- name: Restart `rspamd.service`
-  ansible.builtin.systemd:
-    name: rspamd.service
-    state: restarted
-  become: true

playbooks/roles/send_only_mail_server/meta/argument_specs.yaml

@@ -1,31 +0,0 @@
-argument_specs:
-  main:
-    options:
-      send_only_mail_server__mail_server_fqdn:
-        description: The FQDN of the mail server host itself.
-        type: str
-        required: true
-      send_only_mail_server__mail_server_fqdn_zone:
-        description: >
-          The DNS zone on the BIND 9 server for records for the mail server host
-          FQDN.
-        type: str
-        required: true
-      send_only_mail_server__mail_domains:
-        description: The domains the mail server should send mails for.
-        type: list
-        elements: dict
-        required: true
-        options:
-          name:
-            description: The domain name.
-            type: str
-            required: true
-          zone:
-            description: The DNS zone on the BIND 9 server.
-            type: str
-            required: true
-      send_only_mail_server__bind_9_host:
-        description: The machine running BIND 9 to deploy DNS records via.
-        type: str
-        required: true

playbooks/roles/send_only_mail_server/meta/main.yaml

@@ -1,7 +0,0 @@
-dependencies: # noqa meta-no-info
-  - role: distribution_check
-    vars:
-      distribution_check__distribution_support_spec:
-        - name: Debian
-          major_versions:
-            - "11"

playbooks/roles/send_only_mail_server/tasks/ensure_dkim_keypair.yaml

@@ -1,55 +0,0 @@
-- name: make sure DKIM private key exists
-  community.crypto.openssl_privatekey:
-    path: "/etc/mail-dkim/{{ item.name }}.key"
-    size: 1024
-    type: RSA
-    owner: "root"
-    group: "_rspamd"
-    mode: "0640"
-  become: true
-  notify: Restart `rspamd.service`
-
-- name: make sure DKIM public key exists
-  community.crypto.openssl_publickey:
-    path: "/etc/mail-dkim/{{ item.name }}.pub"
-    privatekey_path: "/etc/mail-dkim/{{ item.name }}.key"
-    return_content: true
-  become: true
-  notify: Restart `rspamd.service`
-  register: send_only_mail_server__dkim_public_key
-
-- name: deploy DKIM public key DNS entry  # noqa: no-handler
-  delegate_to: "{{ send_only_mail_server__bind_9_host }}"
-  when: send_only_mail_server__dkim_public_key.changed
-  block:
-    - name: Add file containing nsupdate commands for removing DKIM public key TXT records
-      ansible.builtin.template:
-        src: nsupdate_delete_dkim_public_key_txt_records.j2
-        dest: /root/nsupdate_delete_dkim_public_key_txt_records
-        owner: root
-        group: root
-        mode: "0600"
-
-    - name: Remove DNS records from BIND 9 server via nsupdate  # noqa: no-changed-when
-      ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_delete_dkim_public_key_txt_records
-
-    - name: Add file containing nsupdate commands for adding DKIM public key TXT record
-      ansible.builtin.template:
-        src: nsupdate_add_dkim_public_key_txt_record.j2
-        dest: /root/nsupdate_add_dkim_public_key_txt_record
-        owner: root
-        group: root
-        mode: "0600"
-
-    - name: Add DNS record to BIND 9 server via nsupdate  # noqa: no-changed-when
-      ansible.builtin.command: /usr/bin/nsupdate -l /root/nsupdate_add_dkim_public_key_txt_record
-  always:
-    - name: Remove file containing nsupdate commands for removing DKIM public key TXT records again
-      ansible.builtin.file:
-        path: /root/nsupdate_delete_dkim_public_key_txt_records
-        state: absent
-
-    - name: Remove file containing nsupdate commands for adding DKIM public key TXT record again
-      ansible.builtin.file:
-        path: /root/nsupdate_add_dkim_public_key_txt_record
-        state: absent

playbooks/roles/send_only_mail_server/tasks/main.yaml

@@ -1,65 +0,0 @@
-- name: make sure packages are installed
-  ansible.builtin.apt:
-    name:
-      - opensmtpd
-      - rspamd
-      - opensmtpd-filter-rspamd
-  become: true
-
-- name: make sure certificates exist
-  ansible.builtin.include_role:
-    name: cert
-  vars:
-    cert__domains:
-      - "{{ send_only_mail_server__mail_server_fqdn }}"
-    cert__owner: root
-    cert__group: opensmtpd
-    cert__bind_9_zone: "{{ send_only_mail_server__mail_server_fqdn_zone }}"
-    cert__bind_9_host: "{{ send_only_mail_server__bind_9_host }}"
-    cert__privkey_pem_permissions: "0640"
-    cert__fullchain_pem_permissions: "0640"
-    cert__chain_pem_permissions: "0640"
-    cert__cert_pem_permissions: "0640"
-
-- name: make sure the OpenSMTPD config is deployed
-  ansible.builtin.template:
-    src: etc_smtpd.conf.j2
-    dest: /etc/smtpd.conf
-    owner: root
-    group: root
-    mode: "0600"
-  become: true
-  notify: Restart `opensmtpd.service`
-
-- name: make sure `/etc/mail-dkim` directory exists
-  ansible.builtin.file:
-    path: /etc/mail-dkim
-    state: directory
-    owner: root
-    group: root
-    mode: "755"
-  become: true
-
-- name: make sure DKIM keypairs for all domains exist
-  loop: "{{ send_only_mail_server__mail_domains }}"
-  ansible.builtin.include_tasks: ensure_dkim_keypair.yaml
-
-- name: make sure the Rspamd `dkim_signing.conf` is deployed
-  ansible.builtin.template:
-    src: etc_rspamd_dkim_signing.conf.j2
-    dest: /etc/rspamd/local.d/dkim_signing.conf
-    owner: root
-    group: root
-    mode: "0644"
-  become: true
-  notify: Restart `rspamd.service`
-
-- name: make sure the Rspamd `settings.conf` is deployed
-  ansible.builtin.copy:
-    src: etc_rspamd_settings.conf
-    dest: /etc/rspamd/local.d/settings.conf
-    owner: root
-    group: root
-    mode: "0644"
-  become: true
-  notify: Restart `rspamd.service`

playbooks/roles/send_only_mail_server/templates/etc_rspamd_dkim_signing.conf.j2

@@ -1,12 +0,0 @@
-allow_username_mismatch = true;
-
-use_esld = false;
-
-domain {
-{% for mail_domain in send_only_mail_server__mail_domains %}
-    {{ mail_domain.name }} {
-        path = "/etc/mail-dkim/{{ mail_domain.name }}.key";
-        selector = "key";
-    }
-{% endfor %}
-}

playbooks/roles/send_only_mail_server/templates/etc_smtpd.conf.j2

@@ -1,15 +0,0 @@
-# Managed by Ansible.
-# This configuration enables sending emails using this server, but to not receiving any.
-
-pki {{ send_only_mail_server__mail_server_fqdn }} cert "/etc/ansible_certs/certs/{{ send_only_mail_server__mail_server_fqdn }}/fullchain.pem"
-pki {{ send_only_mail_server__mail_server_fqdn }} key "/etc/ansible_certs/certs/{{ send_only_mail_server__mail_server_fqdn }}/privkey.pem"
-
-filter "rspamd-dkim-signing" proc-exec "filter-rspamd -settings-id dkim_signing"
-
-listen on lo
-listen on eth0 smtps pki {{ send_only_mail_server__mail_server_fqdn }} auth filter "rspamd-dkim-signing"
-listen on eth0 tls-require pki {{ send_only_mail_server__mail_server_fqdn }} auth filter "rspamd-dkim-signing"
-
-action "outbound" relay helo {{ send_only_mail_server__mail_server_fqdn }}
-
-match from any auth for any action "outbound"

playbooks/roles/send_only_mail_server/templates/nsupdate_add_dkim_public_key_txt_record.j2

@@ -1,4 +0,0 @@
-debug
-zone {{ item.zone }}
-update add key._domainkey.{{ item.name }} 60 TXT v=DKIM1;k=rsa;p={{ send_only_mail_server__dkim_public_key.publickey | replace('\n', '') | replace('-----BEGIN PUBLIC KEY-----', '') | replace('-----END PUBLIC KEY-----', '') }}
-send

playbooks/roles/send_only_mail_server/templates/nsupdate_delete_dkim_public_key_txt_records.j2

@@ -1,4 +0,0 @@
-debug
-zone {{ item.zone }}
-update delete key._domainkey.{{ item.name }} TXT
-send