ssl cert

defaults/main.yml

@@ -8,6 +8,9 @@ postfix_container: postfix
 # volumen con la configuracion de /etc/postfix
 postfix_volume: postfix
 
+# volumen con la configuracion ssl
+postfix_volume_ssl: postfix_ssl
+
 # nombre de la red docker, seteado por rol docker
 docker_network_name: dockernet
 
@@ -77,10 +80,6 @@ postfix_submission_enable: yes
 
 # TLS -------------------------------------------------------------------------
 
-# TLS certificate/private key to use
-postfix_tls_certificate: "{{ tls_certificate | default('') }}"
-postfix_tls_private_key: "{{ tls_certificate_key | default('') }}"
-
 # level of encryption to use for sending mail to the Internet
 # only change this if you know what the implications are, see
 # http://www.postfix.org/postconf.5.html#smtp_tls_security_level

files/Dockerfile

@@ -11,6 +11,10 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
 	libsasl2-modules \
 	ssl-cert \
 	&& rm -rf /var/lib/apt/lists/* \
-	&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
+	&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \
-VOLUME /etc/postfix
+	&& mkdir -p /ssl && chmod 700 /ssl \
+  && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
+  && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
+
+VOLUME /etc/postfix /ssl
 CMD postfix start-fg

tasks/main.yml

@@ -28,6 +28,7 @@
     image: "{{ postfix_image }}"
     volumes:
       - "{{ postfix_volume }}:/etc/postfix/"
+      - "{{ postfix_volume_ssl }}:/ssl/"
     networks:
       - name: "{{ docker_network_name }}"
     ports: "{{ postfix_publish_ports }}"
@@ -39,11 +40,18 @@
     name: "{{ postfix_volume }}"
   register: res
 
+- name: Leer info de volumen {{ postfix_volume_ssl }}
+  docker_volume_info:
+    name: "{{ postfix_volume_ssl }}"
+  register: ssl
+
 - name: Exportar informacion de volumen
   set_fact:
     postfix_container: "{{ lookup('vars','postfix_container') }}"
     postfix_volume: "{{ lookup('vars','postfix_volume') }}"
     postfix_mountpoint: "{{ res.volume.Mountpoint }}"
+    postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
+    postfix_mountpoint_ssl: "{{ ssl.volume.Mountpoint }}"
 
 - name: Configurar lookup tables
   include_tasks: lookup_tables.yml
@@ -145,10 +153,8 @@
       smtpd_sasl_type: dovecot
       smtpd_sasl_auth_enable:
         "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
-      smtpd_tls_cert_file:
+      smtpd_tls_cert_file: /ssl/cert.pem
-        "{{ postfix_tls_certificate }}"
+      smtpd_tls_key_file: /ssl/key.pem
-      smtpd_tls_key_file:
-        "{{ postfix_tls_private_key }}"
       smtp_tls_security_level:
         "{{postfix_incoming_tls_security}}"
       smtpd_tls_security_level: