refactor common role

2020-11-28 20:47:30 +01:00
parent 67b8c5f230
commit 2b8f69fc41
45 changed files with 756 additions and 110 deletions
--- a/roles/common/templates/msmtp/aliases.j2
+++ b/roles/common/templates/msmtp/aliases.j2
@@ -1 +0,0 @@
-default: {{ smtp_default_contact }}
--- a/roles/common/templates/msmtp/msmtprc.j2
+++ b/roles/common/templates/msmtp/msmtprc.j2
@@ -1,19 +0,0 @@
-defaults
-auth on
-tls on
-tls_trust_file /etc/ssl/certs/ca-certificates.crt
-logfile /var/log/msmtp.log
-
-{% for account in smtp_accounts %}
-account {{ account.name }}
-host {{ account.host }}
-port 587
-from {{ account.from }}
-user {{ account.user | default(account.from) }}
-password {{ account.password }}
-
-{% endfor %}
-
-account default : {{ smtp_default_account }}
- 
-aliases /etc/aliases
--- a/roles/common/templates/opensmtpd/smtpd-secret.j2
+++ b/roles/common/templates/opensmtpd/smtpd-secret.j2
@@ -0,0 +1,3 @@
+{% for account in smtp_accounts %}
+{{ account.name }} {{ account.username | default(account.from) }}:{{ account.password }}
+{% endfor %}
--- a/roles/common/templates/opensmtpd/smtpd.conf.j2
+++ b/roles/common/templates/opensmtpd/smtpd.conf.j2
@@ -0,0 +1,11 @@
+listen on localhost
+
+table aliases file:/etc/aliases
+table secrets file:/etc/smtpd-secret
+
+action "local" mbox alias <aliases>
+{% for account in smtp_accounts %}
+action "{{ account.name }}_relay" relay host "smtps://{{ account.name }}@{{ account.host }}" auth <secrets> mail-from "{{ account.from }}"
+{% endfor %}
+match for local action "local"
+match for any action "{{ smtp_default_account }}_relay"
--- a/roles/common/templates/postfix/aliases.j2
+++ b/roles/common/templates/postfix/aliases.j2
@@ -0,0 +1,2 @@
+root: {{ smtp_default_recipient }}
+postmaster: {{ smtp_default_recipient }}
--- a/roles/common/templates/postfix/main.cf.j2
+++ b/roles/common/templates/postfix/main.cf.j2
@@ -0,0 +1,40 @@
+{{ ansible_managed | comment }}
+
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+biff = no
+recipient_delimiter = +
+readme_directory = no
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# rewrite sender address
+sender_canonical_maps = hash:{{ postfix_senders_map_path }}
+
+alias_maps = hash:{{ smtp_aliases_path }}
+alias_database = hash:{{ smtp_aliases_path }}
+
+myhostname = {{ ansible_hostname }}
+myorigin = $myhostname
+mydestination = $myhostname, localhost.localdomain, localhost
+mynetworks_style = host
+
+inet_interfaces = all
+inet_protocols = all
+
+relayhost = [{{ smtp_accounts[smtp_default_account].host }}]
+relay_domains =
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+# disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+# where to find sasl_passwd
+smtp_sasl_password_maps = hash:{{ postfix_sasl_secrets_path }}
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+# where to find CA certificates
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
--- a/roles/common/templates/postfix/sasl_secrets.j2
+++ b/roles/common/templates/postfix/sasl_secrets.j2
@@ -0,0 +1,3 @@
+{% for account in smtp_accounts.values() %}
+[{{ account.host }}] {{ account.username }}:{{ account.password }}
+{% endfor %}
--- a/roles/common/templates/postfix/senders.j2
+++ b/roles/common/templates/postfix/senders.j2
@@ -0,0 +1,3 @@
+{% if smtp_accounts[smtp_default_account].from is defined %}
+@{{ ansible_hostname }} {{ smtp_accounts[smtp_default_account].from }}
+{% endif %}