feat(role): Initial commit
This commit is contained in:
2
tasks/main.yml
Normal file
2
tasks/main.yml
Normal file
@@ -0,0 +1,2 @@
|
||||
# SPDX-License-Identifier: MIT
|
||||
- import_tasks: postfix-setup.yml
|
||||
78
tasks/postfix-setup.yml
Normal file
78
tasks/postfix-setup.yml
Normal file
@@ -0,0 +1,78 @@
|
||||
# SPDX-License-Identifier: MIT
|
||||
- name: 'If OS is a Linux flavor install Postfix'
|
||||
when: ansible_facts['system'] | lower == 'linux'
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- 'postfix'
|
||||
- 'postfix-pcre'
|
||||
state: 'present'
|
||||
|
||||
- name: 'Ensure Postfix lookup table files exist with correct perms'
|
||||
loop_control:
|
||||
loop_var: 'somta_postfix_postconf_lookup_table'
|
||||
label: 'Copy lookup table file ''/etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}'' and set perms'
|
||||
loop:
|
||||
- { mode: '0600', file: 'sasl_passwd' }
|
||||
- { mode: '0644', file: 'sender_canonical_maps' }
|
||||
- { mode: '0644', file: 'smtp_header_checks' }
|
||||
ansible.builtin.template:
|
||||
src: 'etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}.j2'
|
||||
dest: '/etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}'
|
||||
mode: '{{ somta_postfix_postconf_lookup_table.mode }}'
|
||||
notify:
|
||||
- 'Ensure that a Mail Transfer Agent is running with newest config'
|
||||
|
||||
- name: 'Add e-mail alias for user ''root'''
|
||||
ansible.builtin.lineinfile:
|
||||
path: '/etc/aliases'
|
||||
insertafter: 'EOF'
|
||||
regexp: '^root:.*'
|
||||
line: 'root: {{ somta__e_mail_default_recipient_addr_spec }}'
|
||||
notify:
|
||||
- 'Ensure that a Mail Transfer Agent is running with newest config'
|
||||
|
||||
# Add our own config block to the end of Postfix' main.cf file. In
|
||||
# 'ansible.builtin.blockinfile' we use the default 'marker' param '#
|
||||
# {mark} ANSIBLE MANAGED BLOCK'. We 'insertafter: EOF' so we know for a
|
||||
# fact that our config block is the bottommost thing in main.cf. The
|
||||
# next task 'ansible.builtin.replace' uses the marker string as an
|
||||
# anchor to comment out any duplicate parameters /before/ the marker.
|
||||
- name: 'Configure Postfix main.cf to SMTP-deliver e-mails to an upstream mail gateway'
|
||||
ansible.builtin.blockinfile:
|
||||
block: "{{ lookup('ansible.builtin.template', 'etc/postfix/main.cf.blockinfile.j2') }}"
|
||||
path: '/etc/postfix/main.cf'
|
||||
create: true
|
||||
insertafter: 'EOF'
|
||||
prepend_newline: true
|
||||
notify:
|
||||
- 'Ensure that a Mail Transfer Agent is running with newest config'
|
||||
|
||||
- name: 'In Postfix main.cf comment out params managed by this playbook; Postfix doesn''t like dupes'
|
||||
loop_control:
|
||||
label: 'Comment out unmanaged occurrences of param ''{{ item | regex_replace(''^(#\s?)?(?P<param>[^=\s]+)([^\r\n\f]*)'', ''\g<param>'') }}'''
|
||||
# Look up file content from our main.cf config template file. Split the
|
||||
# result by line delimiters into a list that contains each line as a
|
||||
# list item via Python string splitlines() method. Now that we have a
|
||||
# list apply the Jinja2 'select' filter to it. For each list item filter
|
||||
# it by using the Jinja2 built-in test 'search' against it to search for
|
||||
# an occurrence of the equals sign '=' in that list item. When a config
|
||||
# line (i.e. a list item) does not contain an equals sign we reject it
|
||||
# thus pruning it from the list. We lastly generate a new list from our
|
||||
# result, one that only contains lines where an equals sign appears.
|
||||
loop: '{{ lookup(''ansible.builtin.template'', ''etc/postfix/main.cf.blockinfile.j2'').splitlines() | select(''search'', ''='') | list }}'
|
||||
ansible.builtin.replace:
|
||||
path: '/etc/postfix/main.cf'
|
||||
before: '.*?# BEGIN ANSIBLE MANAGED BLOCK'
|
||||
# regex_replace each {{ item }}. Instead of one complete line from
|
||||
# the main.cf template file we only want the name of each parameter;
|
||||
# that's whatever appears in front of the first equals sign ('=') in
|
||||
# that line minus any comment markers ('#') we may have put in our
|
||||
# our main.cf template. Store the param name in a named capture
|
||||
# group (?P<param>...) - with a capital letter P because this
|
||||
# behavior is a Python-specific regex extension
|
||||
# (https://stackoverflow.com/a/10060065) - and lastly reuse
|
||||
# '\g<param>' as our 'regexp:' string.
|
||||
regexp: '^(#\s?)?({{ item | regex_replace(''^(#\s?)?(?P<param>[^=\s]+)([^\r\n\f]*)'', ''\g<param>'') }})'
|
||||
replace: '# \2'
|
||||
notify:
|
||||
- 'Ensure that a Mail Transfer Agent is running with newest config'
|
||||
Reference in New Issue
Block a user