ssl cert

2019-09-08 15:33:56 -03:00 · 2019-09-08 15:33:56 -03:00 · e937775811
commit e937775811
parent dc81aaefec
3 changed files with 19 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -8,6 +8,9 @@ postfix_container: postfix
 # volumen con la configuracion de /etc/postfix
 postfix_volume: postfix

+# volumen con la configuracion ssl
+postfix_volume_ssl: postfix_ssl
+
 # nombre de la red docker, seteado por rol docker
 docker_network_name: dockernet

@ -77,10 +80,6 @@ postfix_submission_enable: yes

 # TLS -------------------------------------------------------------------------

-# TLS certificate/private key to use
-postfix_tls_certificate: "{{ tls_certificate | default('') }}"
-postfix_tls_private_key: "{{ tls_certificate_key | default('') }}"
-
 # level of encryption to use for sending mail to the Internet
 # only change this if you know what the implications are, see
 # http://www.postfix.org/postconf.5.html#smtp_tls_security_level
--- a/files/Dockerfile
+++ b/files/Dockerfile
@ -11,6 +11,10 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
 	libsasl2-modules \
 	ssl-cert \
 	&& rm -rf /var/lib/apt/lists/* \
-	&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf
-VOLUME /etc/postfix
+	&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \
+	&& mkdir -p /ssl && chmod 700 /ssl \
+  && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
+  && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
+
+VOLUME /etc/postfix /ssl
 CMD postfix start-fg
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -28,6 +28,7 @@
    image: "{{ postfix_image }}"
    volumes:
      - "{{ postfix_volume }}:/etc/postfix/"
+      - "{{ postfix_volume_ssl }}:/ssl/"
    networks:
      - name: "{{ docker_network_name }}"
    ports: "{{ postfix_publish_ports }}"
@ -39,11 +40,18 @@
    name: "{{ postfix_volume }}"
  register: res

+- name: Leer info de volumen {{ postfix_volume_ssl }}
+  docker_volume_info:
+    name: "{{ postfix_volume_ssl }}"
+  register: ssl
+
 - name: Exportar informacion de volumen
  set_fact:
    postfix_container: "{{ lookup('vars','postfix_container') }}"
    postfix_volume: "{{ lookup('vars','postfix_volume') }}"
    postfix_mountpoint: "{{ res.volume.Mountpoint }}"
+    postfix_volume_ssl: "{{ lookup('vars','postfix_volume_ssl') }}"
+    postfix_mountpoint_ssl: "{{ ssl.volume.Mountpoint }}"

 - name: Configurar lookup tables
  include_tasks: lookup_tables.yml
@ -145,10 +153,8 @@
      smtpd_sasl_type: dovecot
      smtpd_sasl_auth_enable:
        "{{ 'yes' if postfix_enable_smtpd_auth else 'no' }}"
-      smtpd_tls_cert_file:
-        "{{ postfix_tls_certificate }}"
-      smtpd_tls_key_file:
-        "{{ postfix_tls_private_key }}"
+      smtpd_tls_cert_file: /ssl/cert.pem
+      smtpd_tls_key_file: /ssl/key.pem
      smtp_tls_security_level:
        "{{postfix_incoming_tls_security}}"
      smtpd_tls_security_level: