Initial commit

2022-03-15 02:56:50 +01:00 · 2022-03-15 02:56:50 +01:00 · f2b39b5f88
commit f2b39b5f88
9 changed files with 149 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,27 @@
+# Ansible Postfix role
+This role is an easy way of configuring outgoing mail for local users. It's
+intended to be used by local users only, for example, to receive mail from
+cronjobs. 
+
+An aliases file is set up along with Postfix, where all email is forwarded to
+the current Ansible user. Those emails are then forwarded to an external email
+address. If you need to set up a more complex aliases file, you'll need to edit
+the file manually.
+
+## Example usage in a playbook
+
+```
+- hosts: vm1.home.lan
+  become: yes
+  vars:
+    mail_hostname: vm1.home.lan
+    canonical_name: vm1.home.example.com
+    external_email_address: jackbenny@example.com
+    relay_host: email-smtp.eu-west-1.amazonaws.com
+    relay_port: 465
+    relay_user: xxx
+    relay_password: yyy
+    
+  roles:
+    - jackbenny.postfix
+```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,8 @@
+mail_hostname: vm.home.lan
+canonical_name: vm.home.example.tld
+vm_user: "{{ ansible_user }}"
+relay_host: email-smtp.eu-west-1.amazonaws.com
+relay_port: 465
+relay_user: 
+relay_password: 
+external_email_address: 
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,17 @@
+- name: Activate and restart Postfix
+  service:
+    name: postfix
+    enabled: yes
+    state: restarted
+
+- name: Generate SASL
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd
+
+- name: Generate aliases
+  command:
+    cmd: /usr/sbin/postalias /etc/aliases
+
+- name: Generate sender_canonical
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sender_canonical
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - role: update_cache
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,51 @@
+- name: Check that a username and password is supplied
+  assert:
+    that:
+      - (relay_user is defined) and (relay_user is not none)
+      - (relay_password is defined) and 
+          (relay_password is not none)
+    fail_msg: "'relay_user' and 'relay_password' must be set"
+    success_msg: "username and password for relay is set"
+
+- name: Check that we have supplied a recipient address
+  assert:
+    that:
+      - (external_email_address is defined) and 
+          (external_email_address is not none)
+    fail_msg: "'external_email_address' must be set. Local 
+      mail will be forwarded to this address"
+    success_msg: "Recipient address is set"
+
+- name: Install Postfix and s-nail
+  package:
+    state: present
+    name: "{{ item }}"
+  with_items:
+    - postfix
+    - s-nail
+  notify: Activate and restart Postfix
+
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: Activate and restart Postfix
+
+- name: Copy Postfix authentication
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+  notify: Generate SASL
+
+- name: Copy alisases
+  template:
+    src: aliases.j2
+    dest: /etc/aliases
+  notify: Generate aliases
+
+- name: Copy sender_canonical
+  template:
+    src: sender_canonical.j2
+    dest: /etc/postfix/sender_canonical
+  notify: Generate sender_canonical
--- a/templates/aliases.j2
+++ b/templates/aliases.j2
@ -0,0 +1,13 @@
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: {{ vm_user }}
+{{ vm_user }}: {{ external_email_address }}
--- a/templates/main.cf.j2
+++ b/templates/main.cf.j2
@ -0,0 +1,28 @@
+biff = no
+append_dot_mydomain = no
+compatibility_level = 2
+myhostname = {{ mail_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = {{ mail_hostname }}
+mydestination = $myhostname, {{ mail_hostname }}, localhost
+relayhost = [{{ relay_host }}]:{{ relay_port }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = localhost
+inet_protocols = all
+
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
+
+# Setup sender canonical mapping
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
--- a/templates/sasl_passwd.j2
+++ b/templates/sasl_passwd.j2
@ -0,0 +1 @@
+[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}
--- a/templates/sender_canonical.j2
+++ b/templates/sender_canonical.j2
@ -0,0 +1,2 @@
+root    root@{{ canonical_name }}
+{{ vm_user }}    {{ vm_user }}@{{ canonical_name }}
				`@ -0,0 +1 @@`
				`[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}`