ansible/roles/postfix/tasks/main.yml

---

- name: Install postfix
  apt:
    pkg:
      - postfix
      - postfix-pcre
    state: present
  tags: packages

- name: Install postfix configs
  template:
    dest: "/etc/postfix/{{ item }}"
    src: "etc_postfix_{{ item }}.j2"
    mode: 0644
    owner: root
    group: root
  with_items:
    - main.cf
    - master.cf
    - header_checks
  notify: Restart postfix
  tags: configs

- name: Install postfix maps
  template:
    dest: "/etc/postfix/{{ item }}"
    src: "etc_postfix_{{ item }}.j2"
    mode: 0640
    owner: root
    group: postfix
  with_items:
    - sasl_passwd.map
    - transport.map
#    - virtual.map
  notify: Rebuild postfix map files
  tags: configs

- name: Install empty postfix maps
  copy:
    dest: "/etc/postfix/{{ item }}"
    content: ""
    force: no
    mode: 0644
    owner: root
    group: root
  with_items:
    - virtual.map
  notify: Rebuild postfix map files
  tags: configs

- name: Install postfix-policyd-spf
  apt:
    pkg:
      - postfix-policyd-spf-python
    state: present
  tags: packages

- name: Ensure postfix is running
  service:
    name: postfix
    state: started
    enabled: yes
  tags: configs

- name: Install the postfix firewall config
  template:
    dest: /etc/firewall/rules-v4.d/40_postfix.sh
    src: etc_firewall_rules-v4.d_40_postfix.sh.j2
    mode: 0644
    owner: root
    group: root
  when: postfix_firewall
  notify: Restart firewall
  tags:
    - configs
    - firewall

# =====================================================================

- name: Install opendkim
  apt:
    pkg:
      - opendkim
      - opendkim-tools
    state: present
  when: postfix_opendkim
  tags: packages

- name: Ensure postfix is a member of opendkim
  user:
    name: postfix
    groups: opendkim
    append: yes
  when: postfix_opendkim
  notify: Restart postfix
  tags: configs

- name: Ensure /etc/opendkim dir exists
  file:
    path: /etc/opendkim
    state: directory
    mode: 0755
    owner: root
    group: root
  when: postfix_opendkim
  tags: configs

- name: Ensure /etc/opendkim/keys dir exists
  file:
    path: /etc/opendkim/keys
    state: directory
    mode: 0750
    owner: root
    group: opendkim
  when: postfix_opendkim
  tags: configs

- name: Install opendkim configs
  template:
    dest: "/{{ item }}"
    src: "{{ item | replace('/', '_') }}.j2"
    mode: 0644
    owner: root
    group: root
  with_items:
    - etc/opendkim.conf
    - etc/opendkim/key.table
    - etc/opendkim/signing.table
    - etc/opendkim/trusted.hosts
  when: postfix_opendkim
  notify: Restart opendkim
  tags: configs

- name: Ensure /var/spool/postfix/opendkim dir exists
  file:
    path: /var/spool/postfix/opendkim
    state: directory
    mode: 0755
    owner: opendkim
    group: postfix
  when: postfix_opendkim
  tags: configs

- name: Ensure opendkim is running
  service:
    name: postfix
    state: started
    enabled: yes
  when: postfix_opendkim
  tags: configs