forked from CCCHH/ansible-infra
65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
- name: make sure packages are installed
|
|
ansible.builtin.apt:
|
|
name:
|
|
- opensmtpd
|
|
- rspamd
|
|
- opensmtpd-filter-rspamd
|
|
become: true
|
|
|
|
- name: make sure certificates exist
|
|
ansible.builtin.include_role:
|
|
name: cert
|
|
vars:
|
|
cert__domains:
|
|
- "{{ send_only_mail_server__mail_server_fqdn }}"
|
|
cert__owner: root
|
|
cert__group: opensmtpd
|
|
cert__bind_9_zone: "{{ send_only_mail_server__mail_server_fqdn_zone }}"
|
|
cert__bind_9_host: "{{ send_only_mail_server__bind_9_host }}"
|
|
cert__privkey_pem_permissions: "0640"
|
|
cert__fullchain_pem_permissions: "0640"
|
|
cert__chain_pem_permissions: "0640"
|
|
cert__cert_pem_permissions: "0640"
|
|
|
|
- name: make sure the OpenSMTPD config is deployed
|
|
ansible.builtin.template:
|
|
src: etc_smtpd.conf.j2
|
|
dest: /etc/smtpd.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
become: true
|
|
notify: Restart `opensmtpd.service`
|
|
|
|
- name: make sure `/etc/mail-dkim` directory exists
|
|
ansible.builtin.file:
|
|
path: /etc/mail-dkim
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "755"
|
|
become: true
|
|
|
|
- name: make sure DKIM keypairs for all domains exist
|
|
loop: "{{ send_only_mail_server__mail_domains }}"
|
|
ansible.builtin.include_tasks: ensure_dkim_keypair.yaml
|
|
|
|
- name: make sure the Rspamd `dkim_signing.conf` is deployed
|
|
ansible.builtin.template:
|
|
src: etc_rspamd_dkim_signing.conf.j2
|
|
dest: /etc/rspamd/local.d/dkim_signing.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: Restart `rspamd.service`
|
|
|
|
- name: make sure the Rspamd `settings.conf` is deployed
|
|
ansible.builtin.copy:
|
|
src: etc_rspamd_settings.conf
|
|
dest: /etc/rspamd/local.d/settings.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: Restart `rspamd.service`
|