WIP: conversion a docker

defaults/main.yml

@@ -1,6 +1,23 @@
 ---
-# directorio con reglas
-postfix_rules_dir: /etc/postfix/rules
+# nombre imagen
+postfix_image: my_postfix
+
+# nombre container
+postfix_container: postfix
+
+# volumen con la configuracion de /etc/postfix
+postfix_volume: postfix
+
+# nombre de la red docker, seteado por rol docker
+docker_network_name: dockernet
+
+# puertos públicos
+postfix_publish_ports:
+  - 25
+  - 587
+
+# directorio con reglas, relativo al volumen
+postfix_rules_dir: rules
 
 # accepted email domains
 postfix_mail_domains: "{{ mail_domains | default(['example.com']) }}"

files/11-postfix.conf

@@ -5,6 +5,12 @@ service lmtp {
     group = postfix
     user = postfix
   }
+
+service lmtp {
+  inet_listener lmtp {
+    address = 192.168.0.24 127.0.0.1 ::1
+    port = 24
+  }
 }
 
 # Authentication service for Postfix

files/Dockerfile

@@ -0,0 +1,16 @@
+FROM debian:buster-slim
+LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
+ARG DEBIAN_FRONTEND=noninteractive
+ENV LC_ALL C
+RUN echo "_dev_null: /dev/null" > /etc/aliases \
+  && apt-get update && apt-get install -y --no-install-recommends \
+	postfix \
+	postfix-pcre \
+	postfix-ldap \
+	postfix-sqlite \
+	libsasl2-modules \
+	ssl-cert \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
+VOLUME /etc/postfix
+CMD postfix start-fg

handlers/main.yml

@@ -1,32 +1,36 @@
 ---
 - name: restart postfix
-  service: name=postfix state=restarted
+  docker_container:
+    name: "{{ postfix_container}}"
+    state: started
+    restart: yes
 
 - name: reload postfix
-  service: name=postfix state=restarted
+  command: docker exec {{ postfix_container }} postfix reload
 
 - name: newaliases
-  command: newaliases
+  command: docker exec {{ postfix_container }} newaliases
 
 - name: postmap hash aliases
-  command: "postmap hash:{{ dc[item]['alias_lookup']['file'] }}"
+  command: "docker exec {{ postfix_container }} postmap hash:{{ postfix_mail_domains[item].alias_lookup.file }}"
   when:
-    - "dc[item]['alias_lookup']['provider'] == 'file'"
-  with_items: "{{ postfix_mail_domains|belist }}"
+    - postfix_mail_domains[item].alias_lookup.provider|default(postfix_lookup_provider) == 'file'
+  loop: "{{ postfix_mail_domains.keys()|list }}"
 
 - name: postmap hash users
-  command: "postmap hash:{{ dc[item]['user_lookup']['file'] }}"
+  command: "docker exec {{ postfix_container }} postmap hash:{{ postfix_mail_domains[item].user_lookup.file }}"
   when:
-    - "dc[item]['user_lookup']['provider'] == 'file'"
-  with_items: "{{ postfix_mail_domains|belist }}"
+    - postfix_mail_domains[item].user_lookup.provider|default(postfix_lookup_provider) == 'file'
+  loop: "{{ postfix_mail_domains.keys()|list }}"
 
 - name: postmap no reply aliases
-  command: "postmap hash:{{ dc[item]['noreply_file'] }}"
-  with_items: "{{ postfix_mail_domains|belist }}"
+  command: "docker exec {{ postfix_container }} postmap hash:{{ postfix_mail_domains[item].noreply_file }}"
+  loop: "{{ postfix_mail_domains.keys()|list }}"
 
 - name: postmap access lists
-  command: postmap {{item}}
-  with_items:
-    - "{{ postfix_rules_dir }}/helo_access_list"
-    - "{{ postfix_rules_dir }}/recipient_access_list"
-    - "{{ postfix_rules_dir }}/sender_access_list"
+  command: docker exec {{ postfix_container }} postmap {{ item }}
+  loop:
+    - "/etc/postfix/{{ postfix_rules_dir }}/client_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/helo_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/recipient_access_list"
+    - "/etc/postfix/{{ postfix_rules_dir }}/sender_access_list"

tasks/lookup_tables.yml

@@ -2,7 +2,7 @@
 - name: Template LDAP lookup tables
   template:
     src: ldap_table.cf.j2
-    dest: /etc/postfix/{{ domain }}_ldap_{{ item }}.cf"
+    dest: "{{ postfix_mountpoint }}/{{ domain }}_ldap_{{ item }}.cf"
   when:
     - postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'ldap'
   loop:
@@ -14,7 +14,7 @@
 - name: Template SQLite lookup tables
   template:
     src: sqlite_table.cf.j2
-    dest: /etc/postfix/{{ domain }}_sqlite_{{ item }}.cf
+    dest: "{{ postfix_mountpoint }}/{{ domain }}_sqlite_{{ item }}.cf"
   when:
     - postfix_mail_domains[domain][item+'_lookup'].provider|default(postfix_lookup_provider) == 'sqlite'
   loop:
@@ -29,7 +29,9 @@
       {% if item is string %}{{ item }} /nomailbox/{{ item }}
       {% else %}{{ item.user }} {{ item.mailbox }}
       {% endif %}{% endfor %}
-    dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_users') }}"
+    dest: "{{ postfix_mail_domains[domain].user_lookup.file |
+              default('/etc/postfix/'+domain+'_users') |
+              replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
     marker: "# {mark} ANSIBLE-MANAGED USERS"
     create: yes
   when:
@@ -42,7 +44,9 @@
       {% for key in postfix_mail_domains[domain]['aliases']|default([]) -%}
       {{ key.alias }} {{ key.dest }}
       {% endfor %}
-    dest: "{{ postfix_mail_domains[domain].user_lookup.file|default('/etc/postfix/'+domain+'_aliases') }}"
+    dest: "{{ postfix_mail_domains[domain].user_lookup.file |
+              default('/etc/postfix/'+domain+'_aliases') |
+              replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
     marker: "# {mark} ANSIBLE-MANAGED ALIASES"
     create: yes
   when:
@@ -55,5 +59,7 @@
       {% for address in postfix_mail_domains[domain].noreply_aliases|default(['noreply']) %}
       {{ address }}@domain  _dev_null
       {% endfor %}
-    dest: "{{ postfix_mail_domains[domain].noreply_file|default('/etc/postfix/'+domain+'_noreply') }}"
+    dest: "{{ postfix_mail_domains[domain].noreply_file |
+              default('/etc/postfix/'+domain+'_noreply') |
+              replace_regexp('^/etc/postfix',postfix_mountpoint) }}"
   notify: postmap no reply aliases

tasks/main.yml

@@ -1,97 +1,49 @@
 ---
-# - name: "Load default config for domains"
-#   set_fact:
-#     dc: "{{ dc|default({})|combine( { item: {
-#       'user_lookup': {
-#         'provider': 'file',
-#         'file': vmail_home +'/'+item+'_users',
-#         'domain': item,
-#         'server_host': postfix_ldap_server,
-#         'server_port': postfix_ldap_port,
-#         'version': postfix_ldap_version,
-#         'scope': postfix_ldap_scope,
-#         'bind': postfix_ldap_bind,
-#         'bind_dn': postfix_ldap_bind_dn,
-#         'bind_pw': postfix_ldap_bind_pw,
-#         'start_tls': postfix_ldap_start_tls,
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
-#         'search_base':
-#           'ou=People,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
-#         'query_filter': '(&(objectClass=inetOrgPerson)(uid=%u))',
-#         'result_attribute': 'uid',
-#         'result_format': vmail_home+'/mail/'+item+'/%s/',
-#         'dbpath': vmail_home+'/'+item+'_users.sqlite',
-#         'query': postfix_sqlite_user_query
-#       },
-#       'users': [],
-#       'alias_lookup': {
-#         'provider': 'file',
-#         'file': vmail_home +'/'+item+'_aliases',
-#         'domain': item,
-#         'server_host': postfix_ldap_server,
-#         'server_port': postfix_ldap_port,
-#         'version': postfix_ldap_version,
-#         'scope': postfix_ldap_scope,
-#         'bind': postfix_ldap_bind,
-#         'bind_dn': postfix_ldap_bind_dn,
-#         'bind_pw': postfix_ldap_bind_pw,
-#         'start_tls': postfix_ldap_start_tls,
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
-#         'search_base':
-#           'ou=Alias,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
-#         'query_filter': '(&(objectClass=nisMailAlias)(cn=%u))',
-#         'result_attribute': 'rfc822MailMember',
-#         'result_format': '%s',
-#         'dbpath': vmail_home+'/'+item+'_aliases.sqlite',
-#         'query': postfix_sqlite_alias_query
-#       },
-#       'aliases': [],
-#       'use_group_as_alias': postfix_ldap_use_group_alias,
-#       'group_lookup': {
-#         'provider': 'ldap',
-#         'domain': item,
-#         'server_host': postfix_ldap_server,
-#         'server_port': postfix_ldap_port,
-#         'version': postfix_ldap_version,
-#         'scope': postfix_ldap_scope,
-#         'bind': postfix_ldap_bind,
-#         'bind_dn': postfix_ldap_bind_dn,
-#         'bind_pw': postfix_ldap_bind_pw,
-#         'start_tls': postfix_ldap_start_tls,
-#         'tls_ca_cert_file': postfix_ldap_tls_ca_cert_file,
-#         'tls_ca_cert_dir': postfix_ldap_tls_ca_cert_dir,
-#         'search_base':
-#           'ou=Group,'+item.split('.')|map('regex_replace','^','dc=')|join(','),
-#         'query_filter': '(&(objectClass=posixGroup)(cn=%u))',
-#         'result_attribute': 'memberUid',
-#         'result_format': '%s@{{d}}',
-#       },
-#       'noreply_aliases': [ 'noreply' ],
-#       'noreply_file': vmail_home +'/'+item+'_noreply',
-#       } }, recursive=True) }}"
-#   with_items: "{{ postfix_mail_domains }}"
+- name: Directorio de build postfix
+  file:
+    path: /root/.postfix-docker-image
+    state: directory
+  tags: skip_me
 
-# - name: "Override config for domains"
-#   set_fact:
-#     dc: '{{ dc | combine(postfix_domain_config, recursive=True) }}'
-
-- name: Instalar Postfix
-  apt:
-    name:
-      - postfix
-      - postfix-pcre
-      - postfix-ldap
-      - postfix-sqlite
-    state: present
-  notify: restart postfix
-
-- name: Servicio delivery+auth mediante Dovecot
+- name: Copiar archivos de build
   copy:
-    src: 11-postfix.conf
-    dest: /etc/dovecot/conf.d/11-postfix.conf
-  notify: restart dovecot
+    src: "{{ item }}"
+    dest: /root/.postfix-docker-image
+  loop:
+    - Dockerfile
+  tags: skip_me
+
+- name: Crear imagen {{ postfix_image }}
+  docker_image:
+    state: present
+    name: "{{ postfix_image }}"
+    path: /root/.postfix-docker-image
+  tags: skip_me
+
+- name: Activar container postfix
+  docker_container:
+    name: "{{ postfix_container }}"
+    state: started
+    restart_policy: unless-stopped
+    image: "{{ postfix_image }}"
+    volumes:
+      - "{{ postfix_volume }}:/etc/postfix/"
+    networks:
+      - name: "{{ docker_network_name }}"
+    ports: "{{ postfix_publish_ports }}"
+    env:
+  register: container
+
+- name: Leer info de volumen {{ postfix_volume }}
+  docker_volume_info:
+    name: "{{ postfix_volume }}"
+  register: res
+
+- name: Exportar informacion de volumen
+  set_fact:
+    postfix_container: "{{ lookup('vars','postfix_container') }}"
+    postfix_volume: "{{ lookup('vars','postfix_volume') }}"
+    postfix_mountpoint: "{{ res.volume.Mountpoint }}"
 
 - name: Configurar lookup tables
   include_tasks: lookup_tables.yml
@@ -99,32 +51,25 @@
   loop_control:
     loop_var: domain
 
-- name: Alias local para usuario no-reply
-  blockinfile:
-    block: |
-      _dev_null: /dev/null
-    marker: "# {mark} ANSIBLE-MANAGED ALIASES"
-    path: /etc/aliases
-  notify: newaliases
-
 - name: Directorio de reglas para access lists
   file:
-    name: "{{ postfix_rules_dir }}"
+    name: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}"
     state: directory
 
 - name: Template client access list
   blockinfile:
-    path: "{{ postfix_rules_dir }}/client_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/client_access_list"
     create: yes
     block: |
       # Edit host variable `postfix_client_access_list` to change these values
       {% for entry in postfix_client_access_list -%}
       {{ entry.regex }} {{ entry.action }}
       {% endfor %}
+  notify: postmap access lists
 
 - name: Template helo access list
   blockinfile:
-    path: "{{ postfix_rules_dir }}/helo_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/helo_access_list"
     create: yes
     block: |
       # Edit host variable `postfix_helo_access_list` to change these values
@@ -135,7 +80,7 @@
 
 - name: Template recipient access list
   blockinfile:
-    path: "{{ postfix_rules_dir }}/recipient_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/recipient_access_list"
     create: yes
     block: |
       # Edit host variable `postfix_recipient_access_list` to change these values
@@ -146,7 +91,7 @@
 
 - name: Template sender access list
   blockinfile:
-    path: "{{ postfix_rules_dir }}/sender_access_list"
+    path: "{{ postfix_mountpoint }}/{{ postfix_rules_dir }}/sender_access_list"
     create: yes
     block: |
       # Edit host variable `postfix_sender_access_list` to change these values
@@ -193,12 +138,14 @@
         {% elif p == "file" %}
         hash:/etc/postfix/{{ d }}_users
         {% endif %}{{ '' if loop.last else ',' }}{% endfor %},
-      virtual_transport:
-        lmtp:unix:private/dovecot-lmtp
+      # FIXME usar container dovecot
+      # virtual_transport:
+      #   lmtp:unix:private/dovecot-lmtp
       virtual_mailbox_domains:
         "{{ postfix_mail_domains }}"
-      smtpd_sasl_path: private/auth
-      smtpd_sasl_type: dovecot
+      # FIXME usar container dovecot
+      # smtpd_sasl_path: private/auth
+      # smtpd_sasl_type: dovecot
       smtpd_sasl_auth_enable:
         "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
       smtpd_tls_cert_file:
@@ -231,7 +178,7 @@
         "{{ 'yes' if postfix_biff else 'no' }}"
   notify: reload postfix
 
-- name: "Enable submission service"
+- name: Enable submission service
   postconf:
     service: submission
     type: inet
@@ -246,15 +193,15 @@
       smtpd_tls_security_level: encrypt
       syslog_name: postfix/submission
   notify: reload postfix
-  when: "postfix_submission_enable == True"
+  when: postfix_submission_enable == True
 
-- name: "Disable submission service"
+- name: Disable submission service
   postconf:
     service: submission
     type: inet
     state: absent
   notify: reload postfix
-  when: "postfix_submission_enable == False"
+  when: postfix_submission_enable == False
 
 - name: "Enable postscreen"
   include_tasks: postscreen.yml