ansible-infra/playbooks/roles/send_only_mail_server/tasks/main.yaml

65 lines
1.8 KiB
YAML

- name: make sure packages are installed
ansible.builtin.apt:
name:
- opensmtpd
- rspamd
- opensmtpd-filter-rspamd
become: true
- name: make sure certificates exist
ansible.builtin.include_role:
name: cert
vars:
cert__domains:
- "{{ send_only_mail_server__mail_server_fqdn }}"
cert__owner: root
cert__group: opensmtpd
cert__bind_9_zone: "{{ send_only_mail_server__mail_server_fqdn_zone }}"
cert__bind_9_host: "{{ send_only_mail_server__bind_9_host }}"
cert__privkey_pem_permissions: "0640"
cert__fullchain_pem_permissions: "0640"
cert__chain_pem_permissions: "0640"
cert__cert_pem_permissions: "0640"
- name: make sure the OpenSMTPD config is deployed
ansible.builtin.template:
src: etc_smtpd.conf.j2
dest: /etc/smtpd.conf
owner: root
group: root
mode: "0600"
become: true
notify: Restart `opensmtpd.service`
- name: make sure `/etc/mail-dkim` directory exists
ansible.builtin.file:
path: /etc/mail-dkim
state: directory
owner: root
group: root
mode: "755"
become: true
- name: make sure DKIM keypairs for all domains exist
loop: "{{ send_only_mail_server__mail_domains }}"
ansible.builtin.include_tasks: ensure_dkim_keypair.yaml
- name: make sure the Rspamd `dkim_signing.conf` is deployed
ansible.builtin.template:
src: etc_rspamd_dkim_signing.conf.j2
dest: /etc/rspamd/local.d/dkim_signing.conf
owner: root
group: root
mode: "0644"
become: true
notify: Restart `rspamd.service`
- name: make sure the Rspamd `settings.conf` is deployed
ansible.builtin.copy:
src: etc_rspamd_settings.conf
dest: /etc/rspamd/local.d/settings.conf
owner: root
group: root
mode: "0644"
become: true
notify: Restart `rspamd.service`