From 53beeec0667686f6fef9cdf6eb5d159eea34c46b Mon Sep 17 00:00:00 2001
From: Ludovic Cartier <ludovic.cartier@alterway.fr>
Date: Fri, 6 Dec 2024 11:04:10 +0100
Subject: [PATCH] first commit

---
 handlers/main.yml         |  9 ++++++
 meta/main.yml             |  9 ++++++
 tasks/configure.yml       | 47 +++++++++++++++++++++++++++++
 tasks/install.yml         |  7 +++++
 tasks/main.yml            |  9 ++++++
 tasks/requirements.yml    |  4 +++
 templates/aliases.j2      | 15 ++++++++++
 templates/mailname.j2     |  1 +
 templates/main.cf.j2      | 63 +++++++++++++++++++++++++++++++++++++++
 templates/sasl_passwd.j2  |  5 ++++
 templates/sender_relay.j2 |  5 ++++
 11 files changed, 174 insertions(+)
 create mode 100644 handlers/main.yml
 create mode 100644 meta/main.yml
 create mode 100644 tasks/configure.yml
 create mode 100644 tasks/install.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/requirements.yml
 create mode 100644 templates/aliases.j2
 create mode 100644 templates/mailname.j2
 create mode 100644 templates/main.cf.j2
 create mode 100644 templates/sasl_passwd.j2
 create mode 100644 templates/sender_relay.j2

diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..b76ef3e
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: newaliases
+  command: newaliases
+
+- name: reload postfix
+  service: name=postfix state=reloaded
+
+- name: restart postfix
+  service: name=postfix state=restarted
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..9a6a804
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,9 @@
+---
+galaxy_info:
+  author: Ludovic Cartier
+  description: simple ansible role for deploying postfix
+  company: brainsys
+  license: MIT
+  min_ansible_version: 2.8
+  issue_tracker_url: https://git.brainsys.io/ansible-roles/postfix/issues
+  github_branch: main
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..67bb030
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,47 @@
+- name: postfix | copy configuration
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+
+- name: postfix | create /etc/aliases
+  template:
+    src: aliases.j2
+    dest: /etc/aliases
+    owner: root
+    group: root
+    mode: 0644
+  notify: newaliases
+
+- name: postfix | create /etc/mailname
+  template:
+    src: mailname.j2
+    dest: /etc/mailname
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+
+- name: postfix | sender relay
+  template:
+    src: sender_relay.j2
+    dest: /etc/postfix/sender_relay
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+  when: postfix_sender_relay is defined
+
+- name: postfix | sasl password
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix
+  when: postfix_sasl_password is defined
+
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..7b599d7
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,7 @@
+- name: postfix | install packages
+  apt:
+    name:
+      - postfix
+    state: present
+  tags: ['postfix']
+
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..3c1370a
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: requirements
+  include_tasks: requirements.yml
+
+- name: install
+  include_tasks: install.yml
+
+- name: configure
+  include_tasks: configure.yml
diff --git a/tasks/requirements.yml b/tasks/requirements.yml
new file mode 100644
index 0000000..4a87b58
--- /dev/null
+++ b/tasks/requirements.yml
@@ -0,0 +1,4 @@
+- name: update APT Cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
diff --git a/templates/aliases.j2 b/templates/aliases.j2
new file mode 100644
index 0000000..425f8b2
--- /dev/null
+++ b/templates/aliases.j2
@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+# /etc/aliases
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: {{ postfix_catchall | default('admin@brainsys.io') }}
diff --git a/templates/mailname.j2 b/templates/mailname.j2
new file mode 100644
index 0000000..875859f
--- /dev/null
+++ b/templates/mailname.j2
@@ -0,0 +1 @@
+{% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
diff --git a/templates/main.cf.j2 b/templates/main.cf.j2
new file mode 100644
index 0000000..a2a8460
--- /dev/null
+++ b/templates/main.cf.j2
@@ -0,0 +1,63 @@
+# {{ ansible_managed }}
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = $myhostname, localhost.$mydomain, localhost, {% if postfix_hostname is defined %}{{ postfix_hostname }}{% else %}{{ ansible_hostname }}{% endif %}
+
+mynetworks = {{ postfix_networks | default('127.0.0.0/8') }}
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = {{ postfix_interfaces | default('all') }}
+inet_protocols = {{ postfix_protocols | default('all') }}
+#masquerade_domains = XXX
+message_size_limit = 10000000
+home_mailbox = /
+mailbox_size_limit = 0
+#mailbox_command = /usr/bin/procmail -f- -a $USER
+
+compatibility_level=2
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+
+{% if postfix_sender_relay is defined %}
+sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+smtp_sasl_auth_enable = yes
+smtp_tls_security_level = may
+smtp_tls_ciphers = medium
+smtp_tls_loglevel = 0
+smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1
+smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL
+smtp_sender_dependent_authentication = yes
+{% endif %}
diff --git a/templates/sasl_passwd.j2 b/templates/sasl_passwd.j2
new file mode 100644
index 0000000..ce390d1
--- /dev/null
+++ b/templates/sasl_passwd.j2
@@ -0,0 +1,5 @@
+{% if postfix_sasl_passwd is defined %}
+{% for passwd in postfix_sasl_passwd %}
+{{ passwd }}
+{% endfor %}
+{% endif %}
diff --git a/templates/sender_relay.j2 b/templates/sender_relay.j2
new file mode 100644
index 0000000..8be67ea
--- /dev/null
+++ b/templates/sender_relay.j2
@@ -0,0 +1,5 @@
+{% if postfix_sender_relay is defined %}
+{% for relay in postfix_sender_relay %}
+{{ relay }}
+{% endfor %}
+{% endif %}