- name: make sure packages are installed ansible.builtin.apt: name: - opensmtpd - rspamd - opensmtpd-filter-rspamd become: true - name: make sure certificates exist ansible.builtin.include_role: name: cert vars: cert__domains: - "{{ send_only_mail_server__mail_server_fqdn }}" cert__owner: root cert__group: opensmtpd cert__bind_9_zone: "{{ send_only_mail_server__mail_server_fqdn_zone }}" cert__bind_9_host: "{{ send_only_mail_server__bind_9_host }}" cert__privkey_pem_permissions: "0640" cert__fullchain_pem_permissions: "0640" cert__chain_pem_permissions: "0640" cert__cert_pem_permissions: "0640" - name: make sure the OpenSMTPD config is deployed ansible.builtin.template: src: etc_smtpd.conf.j2 dest: /etc/smtpd.conf owner: root group: root mode: "0600" become: true notify: Restart `opensmtpd.service` - name: make sure `/etc/mail-dkim` directory exists ansible.builtin.file: path: /etc/mail-dkim state: directory owner: root group: root mode: "755" become: true - name: make sure DKIM keypairs for all domains exist loop: "{{ send_only_mail_server__mail_domains }}" ansible.builtin.include_tasks: ensure_dkim_keypair.yaml - name: make sure the Rspamd `dkim_signing.conf` is deployed ansible.builtin.template: src: etc_rspamd_dkim_signing.conf.j2 dest: /etc/rspamd/local.d/dkim_signing.conf owner: root group: root mode: "0600" become: true notify: Restart `rspamd.service` - name: make sure the Rspamd `settings.conf` is deployed ansible.builtin.copy: src: etc_rspamd_settings.conf dest: /etc/rspamd/local.d/settings.conf owner: root group: root mode: "0600" become: true notify: Restart `rspamd.service`