diff --git a/defaults/main.yml b/defaults/main.yml index 324df24..2f04377 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,18 +1,18 @@ --- dovecot_protocols: -- 'lmtp' -- 'imap' + - 'lmtp' + - 'imap' dovecot_mail_privileged_group: 'mail' dovecot_disable_plaintext_auth: 'yes' dovecot_auth_mechanisms: -- 'plain' -- 'login' + - 'plain' + - 'login' dovecot_force_imaps: True dovecot_force_pop3s: True dovecot_ssl: 'required' dovecot_listen: -- '*' -- '::' + - '*' + - '::' postfix_dovecot_mysql_password_scheme: 'SHA512-CRYPT' postfix_dovecot_mysql_host: '127.0.0.1' postfix_dovecot_mysql_db_name: 'servermail' @@ -25,50 +25,50 @@ postfix_mysql_users_query: 'SELECT 1 FROM virtual_users WHERE email=''%s'';' postfix_inet_protocols: 'all' postfix_submission_smtpd_client_restrictions: -- 'permit_sasl_authenticated' -- 'reject' + - 'permit_sasl_authenticated' + - 'reject' postfix_smtpd_tls_auth_only: 'yes' postfix_smtpd_recipient_restrictions: -- 'permit_sasl_authenticated' -- 'permit_mynetworks' -- 'check_policy_service unix:private/policyd-spf' -- 'check_policy_service inet:127.0.0.1:10023' -- 'check_client_access hash:/etc/postfix/rbl_override' -- 'reject_unauth_destination' -- 'reject_unknown_reverse_client_hostname' -- 'permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]' -- 'permit_dnswl_client swl.spamhaus.org' -- 'reject_rhsbl_helo dbl.spamhaus.org' -- 'reject_rhsbl_reverse_client dbl.spamhaus.org' -- 'reject_rhsbl_sender dbl.spamhaus.org' -- 'reject_rbl_client zen.spamhaus.org' + - 'permit_sasl_authenticated' + - 'permit_mynetworks' + - 'check_policy_service unix:private/policyd-spf' + - 'check_policy_service inet:127.0.0.1:10023' + - 'check_client_access hash:/etc/postfix/rbl_override' + - 'reject_unauth_destination' + - 'reject_unknown_reverse_client_hostname' + - 'permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3]' + - 'permit_dnswl_client swl.spamhaus.org' + - 'reject_rhsbl_helo dbl.spamhaus.org' + - 'reject_rhsbl_reverse_client dbl.spamhaus.org' + - 'reject_rhsbl_sender dbl.spamhaus.org' + - 'reject_rbl_client zen.spamhaus.org' postfix_smtpd_relay_restrictions: -- 'permit_mynetworks' -- 'permit_sasl_authenticated' -- 'defer_unauth_destination' + - 'permit_mynetworks' + - 'permit_sasl_authenticated' + - 'defer_unauth_destination' postfix_mynetworks: -- '127.0.0.0/8' -- '[::ffff:127.0.0.0]/104' -- '[::1]/128' + - '127.0.0.0/8' + - '[::ffff:127.0.0.0]/104' + - '[::1]/128' postfix_mydestination: -- 'localhost' -- "{{ ansible_fqdn }}" + - 'localhost' + - "{{ ansible_fqdn }}" postfix_smtp_tls_security_level: dane postfix_smtp_dns_support_level: true #dnssec postfix_smtpd_client_message_rate_limit: 100 postfix_smtpd_helo_restrictions: -- 'permit_mynetworks' -- 'permit_sasl_authenticated' -- 'check_helo_access hash:/etc/postfix/helo_access' -- 'reject_invalid_helo_hostname' -- 'reject_non_fqdn_helo_hostname' -- 'reject_unknown_helo_hostname' + - 'permit_mynetworks' + - 'permit_sasl_authenticated' + - 'check_helo_access hash:/etc/postfix/helo_access' + - 'reject_invalid_helo_hostname' + - 'reject_non_fqdn_helo_hostname' + - 'reject_unknown_helo_hostname' postfix_smtpd_sender_restrictions: -- 'permit_mynetworks' -- 'permit_sasl_authenticated' -- 'reject_unknown_sender_domain' -- 'reject_unknown_reverse_client_hostname' -- 'reject_unknown_client_hostname' + - 'permit_mynetworks' + - 'permit_sasl_authenticated' + - 'reject_unknown_sender_domain' + - 'reject_unknown_reverse_client_hostname' + - 'reject_unknown_client_hostname' vmail_virtual_domains: - id: 1 @@ -90,4 +90,4 @@ vmail_virtual_aliases: - id: 1 domain_id: 1 source: 'alias@example.com' - destination: 'email1@example.com' \ No newline at end of file + destination: 'email1@example.com' diff --git a/handlers/main.yml b/handlers/main.yml index 33d17f4..724b293 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,15 +1,15 @@ --- -- name: restart dovecot +- name: Restart dovecot service: name: dovecot state: restarted -- name: restart postfix +- name: Restart postfix service: name: postfix state: restarted -- name: restart postgrey +- name: Restart postgrey service: name: postgrey state: restarted diff --git a/meta/main.yml b/meta/main.yml index b3554c3..31410d8 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,20 +1,20 @@ galaxy_info: - author: Matt Prahl + author: Matt Prahl + Vitexus description: automates the installation and configuration of Postfix and Dovecot with SQL authentication license: MIT min_ansible_version: 2.0 + role_name: postfix_dovecot + namespace: vitexus platforms: - - name: Ubuntu - versions: - - trusty - - xenial - - name: EL - versions: - - 7 - - 8 + - name: Ubuntu + versions: + - focal + - jammy + - name: EL + versions: + - 7 + - 8 galaxy_tags: - dovecot - postfix - - mysql - dependencies: [] diff --git a/tasks/add_example_users.yml b/tasks/add_example_users.yml index a7c7883..2ea7d2f 100644 --- a/tasks/add_example_users.yml +++ b/tasks/add_example_users.yml @@ -17,4 +17,4 @@ loop: - virtual_domains - virtual_users - - virtual_aliases \ No newline at end of file + - virtual_aliases diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 5bca10c..f589313 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -1,30 +1,30 @@ --- - name: DOVECOT | install packages - package: + ansible.builtin.package: name: "{{ pkg_dovecot }}" state: present - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | ensure Dovecot is started and runs at startup - service: + ansible.builtin.service: name: dovecot state: started enabled: yes - name: DOVECOT | create vmail group - group: + ansible.builtin.group: name: vmail gid: 5000 - name: DOVECOT | create vmail user - user: + ansible.builtin.user: name: vmail group: vmail uid: 5000 home: /var/mail - name: DOVECOT | set secure permissions and ownership on /etc/dovecot - file: + ansible.builtin.file: path: /etc/dovecot state: directory owner: vmail @@ -32,80 +32,80 @@ mode: o-rwx - name: DOVECOT | create /var/mail/vhosts - file: + ansible.builtin.file: path: /var/mail/vhosts state: directory owner: vmail group: vmail - name: DOVECOT | configure (dovecot.conf) - template: + ansible.builtin.template: src: etc/dovecot/dovecot.conf.j2 dest: /etc/dovecot/dovecot.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (10-mail.conf) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/10-mail.conf.j2 dest: /etc/dovecot/conf.d/10-mail.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (15-mailboxes.conf) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/15-mailboxes.conf.j2 dest: /etc/dovecot/conf.d/15-mailboxes.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (10-auth.conf) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/10-auth.conf.j2 dest: /etc/dovecot/conf.d/10-auth.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (dovecot-sql.conf.ext) - template: + ansible.builtin.template: src: etc/dovecot/dovecot-sql.conf.ext.j2 dest: /etc/dovecot/dovecot-sql.conf.ext owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (10-master.conf) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/10-master.conf.j2 dest: /etc/dovecot/conf.d/10-master.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (10-ssl.conf) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/10-ssl.conf.j2 dest: /etc/dovecot/conf.d/10-ssl.conf owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot - name: DOVECOT | configure (auth-sql.conf.ext) - template: + ansible.builtin.template: src: etc/dovecot/conf.d/auth-sql.conf.ext.j2 dest: /etc/dovecot/conf.d/auth-sql.conf.ext owner: vmail group: dovecot mode: 0440 - notify: restart dovecot + notify: Restart dovecot diff --git a/tasks/main.yml b/tasks/main.yml index 8b240eb..045da79 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,20 +1,33 @@ --- # This is separate so that Ansible marks this step as changed instead of the # next one when the packages are present -- name: START | Update apt cache (Debian/Ubuntu) - apt: - update_cache: yes +- name: 'START | Update apt cache (Debian/Ubuntu)' + ansible.builtin.apt: + update_cache: true when: - ansible_os_family == 'Debian' -- name: START | Include vars specific to each OS family - include_vars: "vars/{{ ansible_os_family }}.yml" +- name: 'START | Include vars specific to each OS family' + ansible.builtin.include_vars: "vars/{{ ansible_os_family }}.yml" -- include: dovecot.yml -- include: postfix.yml -- include: sql.yml -- include: postgrey.yml -- include_tasks: add_example_users.yml +- name: 'Include Dovecot tasks' + ansible.builtin.include_tasks: + file: "dovecot.yml" + +- name: 'Include Postfix tasks' + ansible.builtin.include_tasks: + file: "postfix.yml" + +- name: 'Include SQL tasks' + ansible.builtin.include_tasks: + file: "sql.yml" + +- name: 'Include Postgrey tasks' + ansible.builtin.include_tasks: + file: "postgrey.yml" + +- name: 'Include example users tasks' + ansible.builtin.include_tasks: + file: "add_example_users.yml" when: - - dovecot_add_example_users is defined - - dovecot_add_example_users|bool == true \ No newline at end of file + - dovecot_add_example_users is defined and dovecot_add_example_users|bool diff --git a/tasks/postfix.yml b/tasks/postfix.yml index b6b51b3..180837e 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -1,95 +1,93 @@ --- - name: POSTFIX | install packages - package: + ansible.builtin.package: name: "{{ pkg_postfix }}" state: present - notify: restart postfix + notify: Restart postfix - name: POSTFIX | ensure Postfix is started and runs at startup - service: + ansible.builtin.service: name: postfix state: started enabled: yes - name: POSTFIX | configure (main.cf) - template: + ansible.builtin.template: src: etc/postfix/main.cf.j2 dest: /etc/postfix/main.cf owner: root group: root mode: 0644 - notify: restart postfix + notify: Restart postfix - name: POSTFIX | configure (master.cf) - template: + ansible.builtin.template: src: etc/postfix/master.cf.j2 dest: /etc/postfix/master.cf owner: root group: root mode: 0644 - notify: restart postfix + notify: Restart postfix - name: POSTFIX | configure (mysql-virtual-alias-maps.cf) - template: + ansible.builtin.template: src: etc/postfix/mysql-virtual-alias-maps.cf.j2 dest: /etc/postfix/mysql-virtual-alias-maps.cf owner: root group: root mode: 0640 - notify: restart postfix + notify: Restart postfix - name: POSTFIX | configure (mysql-virtual-mailbox-domains.cf) - template: + ansible.builtin.template: src: etc/postfix/mysql-virtual-mailbox-domains.cf.j2 dest: /etc/postfix/mysql-virtual-mailbox-domains.cf owner: root group: root mode: 0640 - notify: restart postfix + notify: Restart postfix - name: POSTFIX | configure (mysql-virtual-mailbox-maps.cf) - template: + ansible.builtin.template: src: etc/postfix/mysql-virtual-mailbox-maps.cf.j2 dest: /etc/postfix/mysql-virtual-mailbox-maps.cf owner: root group: root mode: 0640 - notify: restart postfix + notify: Restart postfix - name: POSTFIX | configure (helo_access) - copy: + ansible.builtin.copy: src: postfix_helo_access dest: /etc/postfix/helo_access - name: POSTFIX | postmap /etc/postfix/helo_access (generate /etc/postfix/helo_access.db) - command: postmap /etc/postfix/helo_access - notify: restart postfix + ansible.builtin.command: postmap /etc/postfix/helo_access + notify: Restart postfix - name: POSTFIX | Create A Whitelist rbl (/etc/postfix/rbl_override) - copy: + ansible.builtin.copy: src: postgrey-rbl_override dest: /etc/postfix/rbl_override - name: POSTFIX | postmap /etc/postfix/rbl_override (generate /etc/postfix/rbl_override.db) - command: postmap /etc/postfix/rbl_override - notify: restart postfix - - + ansible.builtin.command: postmap /etc/postfix/rbl_override + notify: Restart postfix - name: POSTFIX | set the default domain name to be used (/etc/mailname) - copy: + ansible.builtin.copy: content: "{{ postfix_default_domain + '\n' }}" dest: /etc/mailname owner: root group: root mode: 0644 - notify: restart postfix + notify: Restart postfix when: postfix_default_domain is defined - name: POSTFIX | On Red Hat servers, copy /etc/services to chroot block: - name: POSTFIX - copy: + ansible.builtin.copy: src: /etc/services dest: /var/spool/postfix/etc/services remote_src: yes diff --git a/tasks/postgrey.yml b/tasks/postgrey.yml index d713604..d967f46 100644 --- a/tasks/postgrey.yml +++ b/tasks/postgrey.yml @@ -1,12 +1,12 @@ --- - name: POSTGREY | install packages - package: + ansible.builtin.package: name: postgrey state: present - notify: restart postfix + notify: Restart postfix - name: POSTGREY | fix (/etc/default/postgrey) - copy: + ansible.builtin.copy: src: postgrey-default dest: /etc/default/postgrey - notify: restart postgrey + notify: Restart postgrey diff --git a/tasks/sql.yml b/tasks/sql.yml index 2713cd8..34d627a 100644 --- a/tasks/sql.yml +++ b/tasks/sql.yml @@ -1,13 +1,13 @@ --- - name: SQL | Copy database schema.sql file - copy: + ansible.builtin.copy: src: schema.sql dest: /tmp -- name: import database schema.sql - mysql_db: +- name: Import database schema.sql + community.mysql.mysql_db: name: "{{ postfix_dovecot_mysql_db_name }}" login_user: "{{ postfix_dovecot_mysql_user }}" login_password: "{{ postfix_dovecot_mysql_password }}" state: import target: /tmp/schema.sql - notify: restart postfix + notify: Restart postfix