forked from mauro/ansible-role-postfix
WIP: conversion a docker
This commit is contained in:
Mauro Torrez
@@ -2,7 +2,7 @@
|
||||
- name: Template LDAP lookup tables
|
||||
template:
|
||||
src: ldap_table.cf.j2
|
||||
dest: /etc/postfix/{{ domain }}_ldap_{{ item }}.cf"
|
||||
dest: "{{ postfix_mountpoint }}/{{ domain }}_ldap_{{ item }}.cf"
|
||||
when:
|
||||
- postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'ldap'
|
||||
loop:
|
||||
@@ -14,7 +14,7 @@
|
||||
- name: Template SQLite lookup tables
|
||||
template:
|
||||
src: sqlite_table.cf.j2
|
||||
dest: /etc/postfix/{{ domain }}_sqlite_{{ item }}.cf
|
||||
dest: "{{ postfix_mountpoint }}/{{ domain }}_sqlite_{{ item }}.cf"
|
||||
when:
|
||||
- postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'sqlite'
|
||||
loop:
|
||||
@@ -29,7 +29,9 @@
|
||||
{% if item is string %}{{ item }} /nomailbox/{{ item }}
|
||||
{% else %}{{ item.user }} {{ item.mailbox }}
|
||||
{% endif %}{% endfor %}
|
||||
dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_users') }}"
|
||||
dest: "{{ postfix_mail_domains[domain].user_lookup.file |
|
||||
default('/etc/postfix/'+domain+'_users') |
|
||||
replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
|
||||
marker: "# {mark} ANSIBLE-MANAGED USERS"
|
||||
create: yes
|
||||
when:
|
||||
@@ -42,7 +44,9 @@
|
||||
{% for key in postfix_mail_domains[domain]['aliases']|default([]) -%}
|
||||
{{ key.alias }} {{ key.dest }}
|
||||
{% endfor %}
|
||||
dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_aliases') }}"
|
||||
dest: "{{ postfix_mail_domains[domain].user_lookup.file |
|
||||
default('/etc/postfix/'+domain+'_aliases') |
|
||||
replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
|
||||
marker: "# {mark} ANSIBLE-MANAGED ALIASES"
|
||||
create: yes
|
||||
when:
|
||||
@@ -55,5 +59,7 @@
|
||||
{% for address in postfix_mail_domains[domain].noreply_aliases|default(['noreply']) %}
|
||||
{{ address }}@domain _dev_null
|
||||
{% endfor %}
|
||||
dest: "{{ postfix_mail_domains[domain].noreply_file|default('/etc/postfix/'+domain+'_noreply') }}"
|
||||
dest: "{{ postfix_mail_domains[domain].noreply_file |
|
||||
default('/etc/postfix/'+domain+'_noreply') |
|
||||
replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
|
||||
notify: postmap no reply aliases
|
||||
|
||||
171
tasks/main.yml
171
tasks/main.yml
@@ -1,97 +1,49 @@
|
||||
---
|
||||
# - name: "Load default config for domains"
|
||||
# set_fact:
|
||||
# dc: "{{ dc|default({})|combine( { item: {
|
||||
# 'user_lookup': {
|
||||
# 'provider': 'file',
|
||||
# 'file': vmail_home +'/'+item+'_users',
|
||||
# 'domain': item,
|
||||
# 'server_host': postfix_ldap_server,
|
||||
# 'server_port': postfix_ldap_port,
|
||||
# 'version': postfix_ldap_version,
|
||||
# 'scope': postfix_ldap_scope,
|
||||
# 'bind': postfix_ldap_bind,
|
||||
# 'bind_dn': postfix_ldap_bind_dn,
|
||||
# 'bind_pw': postfix_ldap_bind_pw,
|
||||
# 'start_tls': postfix_ldap_start_tls,
|
||||
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
|
||||
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
|
||||
# 'search_base':
|
||||
# 'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
|
||||
# 'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))',
|
||||
# 'result_attribute': 'uid',
|
||||
# 'result_format': vmail_home+'/mail/'+item+'/%s/',
|
||||
# 'dbpath': vmail_home+'/'+item+'_users.sqlite',
|
||||
# 'query': postfix_sqlite_user_query
|
||||
# },
|
||||
# 'users': [],
|
||||
# 'alias_lookup': {
|
||||
# 'provider': 'file',
|
||||
# 'file': vmail_home +'/'+item+'_aliases',
|
||||
# 'domain': item,
|
||||
# 'server_host': postfix_ldap_server,
|
||||
# 'server_port': postfix_ldap_port,
|
||||
# 'version': postfix_ldap_version,
|
||||
# 'scope': postfix_ldap_scope,
|
||||
# 'bind': postfix_ldap_bind,
|
||||
# 'bind_dn': postfix_ldap_bind_dn,
|
||||
# 'bind_pw': postfix_ldap_bind_pw,
|
||||
# 'start_tls': postfix_ldap_start_tls,
|
||||
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
|
||||
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
|
||||
# 'search_base':
|
||||
# 'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
|
||||
# 'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))',
|
||||
# 'result_attribute': 'rfc822MailMember',
|
||||
# 'result_format': '%s',
|
||||
# 'dbpath': vmail_home+'/'+item+'_aliases.sqlite',
|
||||
# 'query': postfix_sqlite_alias_query
|
||||
# },
|
||||
# 'aliases': [],
|
||||
# 'use_group_as_alias': postfix_ldap_use_group_alias,
|
||||
# 'group_lookup': {
|
||||
# 'provider': 'ldap',
|
||||
# 'domain': item,
|
||||
# 'server_host': postfix_ldap_server,
|
||||
# 'server_port': postfix_ldap_port,
|
||||
# 'version': postfix_ldap_version,
|
||||
# 'scope': postfix_ldap_scope,
|
||||
# 'bind': postfix_ldap_bind,
|
||||
# 'bind_dn': postfix_ldap_bind_dn,
|
||||
# 'bind_pw': postfix_ldap_bind_pw,
|
||||
# 'start_tls': postfix_ldap_start_tls,
|
||||
# 'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
|
||||
# 'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
|
||||
# 'search_base':
|
||||
# 'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
|
||||
# 'query_filter': '(&(objectClass=posixGroup)(cn=%u))',
|
||||
# 'result_attribute': 'memberUid',
|
||||
# 'result_format': '%s@{{d}}',
|
||||
# },
|
||||
# 'noreply_aliases': [ 'noreply' ],
|
||||
# 'noreply_file': vmail_home +'/'+item+'_noreply',
|
||||
# } }, recursive=True) }}"
|
||||
# with_items: "{{ postfix_mail_domains }}"
|
||||
- name: Directorio de build postfix
|
||||
file:
|
||||
path: /root/.postfix-docker-image
|
||||
state: directory
|
||||
tags: skip_me
|
||||
|
||||
# - name: "Override config for domains"
|
||||
# set_fact:
|
||||
# dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}'
|
||||
|
||||
- name: Instalar Postfix
|
||||
apt:
|
||||
name:
|
||||
- postfix
|
||||
- postfix-pcre
|
||||
- postfix-ldap
|
||||
- postfix-sqlite
|
||||
state: present
|
||||
notify: restart postfix
|
||||
|
||||
- name: Servicio delivery+auth mediante Dovecot
|
||||
- name: Copiar archivos de build
|
||||
copy:
|
||||
src: 11-postfix.conf
|
||||
dest: /etc/dovecot/conf.d/11-postfix.conf
|
||||
notify: restart dovecot
|
||||
src: "{{ item }}"
|
||||
dest: /root/.postfix-docker-image
|
||||
loop:
|
||||
- Dockerfile
|
||||
tags: skip_me
|
||||
|
||||
- name: Crear imagen {{ postfix_image }}
|
||||
docker_image:
|
||||
state: present
|
||||
name: "{{ postfix_image }}"
|
||||
path: /root/.postfix-docker-image
|
||||
tags: skip_me
|
||||
|
||||
- name: Activar container postfix
|
||||
docker_container:
|
||||
name: "{{ postfix_container }}"
|
||||
state: started
|
||||
restart_policy: unless-stopped
|
||||
image: "{{ postfix_image }}"
|
||||
volumes:
|
||||
- "{{ postfix_volume }}:/etc/postfix/"
|
||||
networks:
|
||||
- name: "{{ docker_network_name }}"
|
||||
ports: "{{ postfix_publish_ports }}"
|
||||
env:
|
||||
register: container
|
||||
|
||||
- name: Leer info de volumen {{ postfix_volume }}
|
||||
docker_volume_info:
|
||||
name: "{{ postfix_volume }}"
|
||||
register: res
|
||||
|
||||
- name: Exportar informacion de volumen
|
||||
set_fact:
|
||||
postfix_container: "{{ lookup('vars','postfix_container') }}"
|
||||
postfix_volume: "{{ lookup('vars','postfix_volume') }}"
|
||||
postfix_mountpoint: "{{ res.volume.Mountpoint }}"
|
||||
|
||||
- name: Configurar lookup tables
|
||||
include_tasks: lookup_tables.yml
|
||||
@@ -99,32 +51,25 @@
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
|
||||
- name: Alias local para usuario no-reply
|
||||
blockinfile:
|
||||
block: |
|
||||
_dev_null: /dev/null
|
||||
marker: "# {mark} ANSIBLE-MANAGED ALIASES"
|
||||
path: /etc/aliases
|
||||
notify: newaliases
|
||||
|
||||
- name: Directorio de reglas para access lists
|
||||
file:
|
||||
name: "{{ postfix_rules_dir }}"
|
||||
name: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template client access list
|
||||
blockinfile:
|
||||
path: "{{ postfix_rules_dir }}/client_access_list"
|
||||
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
|
||||
create: yes
|
||||
block: |
|
||||
# Edit host variable `postfix_client_access_list` to change these values
|
||||
{% for entry in postfix_client_access_list -%}
|
||||
{{ entry.regex }} {{ entry.action }}
|
||||
{% endfor %}
|
||||
notify: postmap access lists
|
||||
|
||||
- name: Template helo access list
|
||||
blockinfile:
|
||||
path: "{{ postfix_rules_dir }}/helo_access_list"
|
||||
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
|
||||
create: yes
|
||||
block: |
|
||||
# Edit host variable `postfix_helo_access_list` to change these values
|
||||
@@ -135,7 +80,7 @@
|
||||
|
||||
- name: Template recipient access list
|
||||
blockinfile:
|
||||
path: "{{ postfix_rules_dir }}/recipient_access_list"
|
||||
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
|
||||
create: yes
|
||||
block: |
|
||||
# Edit host variable `postfix_recipient_access_list` to change these values
|
||||
@@ -146,7 +91,7 @@
|
||||
|
||||
- name: Template sender access list
|
||||
blockinfile:
|
||||
path: "{{ postfix_rules_dir }}/sender_access_list"
|
||||
path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
|
||||
create: yes
|
||||
block: |
|
||||
# Edit host variable `postfix_sender_access_list` to change these values
|
||||
@@ -193,12 +138,14 @@
|
||||
{% elif p == "file" %}
|
||||
hash:/etc/postfix/{{ d }}_users
|
||||
{% endif %}{{ '' if loop.last else ',' }}{% endfor %},
|
||||
virtual_transport:
|
||||
lmtp:unix:private/dovecot-lmtp
|
||||
# FIXME usar container dovecot
|
||||
# virtual_transport:
|
||||
# lmtp:unix:private/dovecot-lmtp
|
||||
virtual_mailbox_domains:
|
||||
"{{ postfix_mail_domains }}"
|
||||
smtpd_sasl_path: private/auth
|
||||
smtpd_sasl_type: dovecot
|
||||
# FIXME usar container dovecot
|
||||
# smtpd_sasl_path: private/auth
|
||||
# smtpd_sasl_type: dovecot
|
||||
smtpd_sasl_auth_enable:
|
||||
"{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
|
||||
smtpd_tls_cert_file:
|
||||
@@ -231,7 +178,7 @@
|
||||
"{{ 'yes' if postfix_biff else 'no' }}"
|
||||
notify: reload postfix
|
||||
|
||||
- name: "Enable submission service"
|
||||
- name: Enable submission service
|
||||
postconf:
|
||||
service: submission
|
||||
type: inet
|
||||
@@ -246,15 +193,15 @@
|
||||
smtpd_tls_security_level: encrypt
|
||||
syslog_name: postfix/submission
|
||||
notify: reload postfix
|
||||
when: "postfix_submission_enable == True"
|
||||
when: postfix_submission_enable == True
|
||||
|
||||
- name: "Disable submission service"
|
||||
- name: Disable submission service
|
||||
postconf:
|
||||
service: submission
|
||||
type: inet
|
||||
state: absent
|
||||
notify: reload postfix
|
||||
when: "postfix_submission_enable == False"
|
||||
when: postfix_submission_enable == False
|
||||
|
||||
- name: "Enable postscreen"
|
||||
include_tasks: postscreen.yml
|
||||
|
||||
Reference in New Issue
Block a user