feat(role): Initial commit

templates/etc/postfix/main.cf.blockinfile.j2

@@ -0,0 +1,29 @@
+# SPDX-License-Identifier: MIT
+# Per 'man 5 postconfig': When the same parameter is defined multiple
+# times, only the last instance is remembered.
+#
+# While that's true we still do not want to duplicate params that
+# originally exist in main.cf. If we did and inevitably set our params
+# to different values than the default main.cf params Postfix tools such
+# as mailq/sendmail, postqueue etc. would warn us that we're duplicating
+# and reconfiguring params multiple times. Tools would begin reporting
+# 'warning: main.cf, line <n>: overriding earlier entry'. This is a
+# useful feature for when some config /actually/ goes wrong so we don't
+# want to contaminate troubleshooting by forcing this behavior with our
+# Ansible-managed config.
+#
+# For each of the params below we've gone ahead and commented out the
+# same param where it appeared before this Ansible-managed config block.
+# That way we're avoiding param duplicates.
+myhostname = {{ ansible_fqdn }}
+mydestination = $myhostname, localhost.$mydomain, localhost
+inet_interfaces = loopback-only
+relayhost = [{{ somta__e_mail_default_sender_submission_server_fqdn }}]:{{ somta__e_mail_default_sender_submission_server_port }}
+sender_canonical_classes = envelope_sender, header_sender
+sender_canonical_maps = pcre:/etc/postfix/sender_canonical_maps
+smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_tls_security_options = noanonymous
+smtp_tls_security_level = encrypt
+# debug_peer_list = example.com, mail.example.net, 1.2.3.4

templates/etc/postfix/sasl_passwd.j2

@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: MIT
+[{{ somta__e_mail_default_sender_submission_server_fqdn }}]:{{ somta__e_mail_default_sender_submission_server_port }} {{ somta__e_mail_default_sender_credentials_username }}:{{ somta__e_mail_default_sender_credentials_password_smtp_auth_login }}

templates/etc/postfix/sender_canonical_maps.j2

@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: MIT
+/.+/ {{ somta__e_mail_default_sender_addr_spec }}

templates/etc/postfix/smtp_header_checks.j2

@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: MIT
+# In our 'From:' header reuse any mail display name then append our
+# official sender e-mail address.
+/^From:[[:space:]]*(.+?)([[:space:]]*<)/ REPLACE From: "${1}" <{{ somta__e_mail_default_sender_addr_spec }}>
+
+# Hide the sender's IP and user agent in the Received header
+# https://wiki.archlinux.org/title/Postfix
+/^Received:.*/           IGNORE
+/^User-Agent:.*/         IGNORE