role-common-send_only_mta/tasks/postfix-setup.yml

# SPDX-License-Identifier: MIT
- name: 'If OS is a Linux flavor install Postfix'
  when: ansible_facts['system'] | lower == 'linux'
  ansible.builtin.package:
    name:
      - 'postfix'
      - 'postfix-pcre'
    state: 'present'

- name: 'Ensure Postfix lookup table files exist with correct perms'
  loop_control:
    loop_var: 'somta_postfix_postconf_lookup_table'
    label: 'Copy lookup table file ''/etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}'' and set perms'
  loop:
    - { mode: '0600', file: 'sasl_passwd' }
    - { mode: '0644', file: 'sender_canonical_maps' }
    - { mode: '0644', file: 'smtp_header_checks' }
  ansible.builtin.template:
    src: 'etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}.j2'
    dest: '/etc/postfix/{{ somta_postfix_postconf_lookup_table.file }}'
    mode: '{{ somta_postfix_postconf_lookup_table.mode }}'
  notify:
    - 'Ensure that a Mail Transfer Agent is running with newest config'

- name: 'Add e-mail alias for user ''root'''
  ansible.builtin.lineinfile:
    path: '/etc/aliases'
    insertafter: 'EOF'
    regexp: '^root:.*'
    line: 'root: {{ somta__e_mail_default_recipient_addr_spec }}'
  notify:
    - 'Ensure that a Mail Transfer Agent is running with newest config'

# Add our own config block to the end of Postfix' main.cf file. In
# 'ansible.builtin.blockinfile' we use the default 'marker' param '#
# {mark} ANSIBLE MANAGED BLOCK'. We 'insertafter: EOF' so we know for a
# fact that our config block is the bottommost thing in main.cf. The
# next task 'ansible.builtin.replace' uses the marker string as an
# anchor to comment out any duplicate parameters /before/ the marker.
- name: 'Configure Postfix main.cf to SMTP-deliver e-mails to an upstream mail gateway'
  ansible.builtin.blockinfile:
    block: "{{ lookup('ansible.builtin.template', 'etc/postfix/main.cf.blockinfile.j2') }}"
    path: '/etc/postfix/main.cf'
    create: true
    insertafter: 'EOF'
    prepend_newline: true
  notify:
    - 'Ensure that a Mail Transfer Agent is running with newest config'

- name: 'In Postfix main.cf comment out params managed by this playbook; Postfix doesn''t like dupes'
  loop_control:
    label: 'Comment out unmanaged occurrences of param ''{{ item | regex_replace(''^(#\s?)?(?P<param>[^=\s]+)([^\r\n\f]*)'', ''\g<param>'') }}'''
# Look up file content from our main.cf config template file. Split the
# result by line delimiters into a list that contains each line as a
# list item via Python string splitlines() method. Now that we have a
# list apply the Jinja2 'select' filter to it. For each list item filter
# it by using the Jinja2 built-in test 'search' against it to search for
# an occurrence of the equals sign '=' in that list item. When a config
# line (i.e. a list item) does not contain an equals sign we reject it
# thus pruning it from the list. We lastly generate a new list from our
# result, one that only contains lines where an equals sign appears.
  loop: '{{ lookup(''ansible.builtin.template'', ''etc/postfix/main.cf.blockinfile.j2'').splitlines() | select(''search'', ''='') | list }}'
  ansible.builtin.replace:
    path: '/etc/postfix/main.cf'
    before: '.*?# BEGIN ANSIBLE MANAGED BLOCK'
    # regex_replace each {{ item }}. Instead of one complete line from
    # the main.cf template file we only want the name of each parameter;
    # that's whatever appears in front of the first equals sign ('=') in
    # that line minus any comment markers ('#') we may have put in our
    # our main.cf template. Store the param name in a named capture
    # group (?P<param>...) - with a capital letter P because this
    # behavior is a Python-specific regex extension
    # (https://stackoverflow.com/a/10060065) - and lastly reuse
    # '\g<param>' as our 'regexp:' string.
    regexp: '^(#\s?)?({{ item | regex_replace(''^(#\s?)?(?P<param>[^=\s]+)([^\r\n\f]*)'', ''\g<param>'') }})'
    replace: '# \2'
  notify:
    - 'Ensure that a Mail Transfer Agent is running with newest config'