initial upload

2025-10-10 11:07:34 +00:00
commit 6224cd01c6
161 changed files with 8964 additions and 0 deletions
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -0,0 +1,151 @@
+---
+
+- name: Install postfix
+  apt:
+    pkg:
+      - postfix
+      - postfix-pcre
+    state: present
+  tags: packages
+
+- name: Install postfix configs
+  template:
+    dest: "/etc/postfix/{{ item }}"
+    src: "etc_postfix_{{ item }}.j2"
+    mode: 0644
+    owner: root
+    group: root
+  with_items:
+    - main.cf
+    - master.cf
+    - header_checks
+  notify: Restart postfix
+  tags: configs
+
+- name: Install postfix maps
+  template:
+    dest: "/etc/postfix/{{ item }}"
+    src: "etc_postfix_{{ item }}.j2"
+    mode: 0640
+    owner: root
+    group: postfix
+  with_items:
+    - sasl_passwd.map
+    - transport.map
+#    - virtual.map
+  notify: Rebuild postfix map files
+  tags: configs
+
+- name: Install empty postfix maps
+  copy:
+    dest: "/etc/postfix/{{ item }}"
+    content: ""
+    force: no
+    mode: 0644
+    owner: root
+    group: root
+  with_items:
+    - virtual.map
+  notify: Rebuild postfix map files
+  tags: configs
+
+- name: Install postfix-policyd-spf
+  apt:
+    pkg:
+      - postfix-policyd-spf-python
+    state: present
+  tags: packages
+
+- name: Ensure postfix is running
+  service:
+    name: postfix
+    state: started
+    enabled: yes
+  tags: configs
+
+- name: Install the postfix firewall config
+  template:
+    dest: /etc/firewall/rules-v4.d/40_postfix.sh
+    src: etc_firewall_rules-v4.d_40_postfix.sh.j2
+    mode: 0644
+    owner: root
+    group: root
+  when: postfix_firewall
+  notify: Restart firewall
+  tags:
+    - configs
+    - firewall
+
+# =====================================================================
+
+- name: Install opendkim
+  apt:
+    pkg:
+      - opendkim
+      - opendkim-tools
+    state: present
+  when: postfix_opendkim
+  tags: packages
+
+- name: Ensure postfix is a member of opendkim
+  user:
+    name: postfix
+    groups: opendkim
+    append: yes
+  when: postfix_opendkim
+  notify: Restart postfix
+  tags: configs
+
+- name: Ensure /etc/opendkim dir exists
+  file:
+    path: /etc/opendkim
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+  when: postfix_opendkim
+  tags: configs
+
+- name: Ensure /etc/opendkim/keys dir exists
+  file:
+    path: /etc/opendkim/keys
+    state: directory
+    mode: 0750
+    owner: root
+    group: opendkim
+  when: postfix_opendkim
+  tags: configs
+
+- name: Install opendkim configs
+  template:
+    dest: "/{{ item }}"
+    src: "{{ item | replace('/', '_') }}.j2"
+    mode: 0644
+    owner: root
+    group: root
+  with_items:
+    - etc/opendkim.conf
+    - etc/opendkim/key.table
+    - etc/opendkim/signing.table
+    - etc/opendkim/trusted.hosts
+  when: postfix_opendkim
+  notify: Restart opendkim
+  tags: configs
+
+- name: Ensure /var/spool/postfix/opendkim dir exists
+  file:
+    path: /var/spool/postfix/opendkim
+    state: directory
+    mode: 0755
+    owner: opendkim
+    group: postfix
+  when: postfix_opendkim
+  tags: configs
+
+- name: Ensure opendkim is running
+  service:
+    name: postfix
+    state: started
+    enabled: yes
+  when: postfix_opendkim
+  tags: configs