From babccb4991d2bb20f3b850eb43207727edc1a340 Mon Sep 17 00:00:00 2001
From: Ryan Cavicchioni <ryan@cavi.cc>
Date: Sun, 27 Oct 2019 18:35:12 -0500
Subject: [PATCH] Add postfix role

---
 roles/postfix/defaults/main.yaml       | 31 +++++++++++++++++++++
 roles/postfix/handlers/main.yaml       | 13 +++++++++
 roles/postfix/tasks/main.yaml          | 38 ++++++++++++++++++++++++++
 roles/postfix/templates/main.cf.j2     | 30 ++++++++++++++++++++
 roles/postfix/templates/sasl_passwd.j2 |  5 ++++
 roles/postfix/vars/Ubuntu.yaml         |  3 ++
 6 files changed, 120 insertions(+)
 create mode 100644 roles/postfix/defaults/main.yaml
 create mode 100644 roles/postfix/handlers/main.yaml
 create mode 100644 roles/postfix/tasks/main.yaml
 create mode 100644 roles/postfix/templates/main.cf.j2
 create mode 100644 roles/postfix/templates/sasl_passwd.j2
 create mode 100644 roles/postfix/vars/Ubuntu.yaml

diff --git a/roles/postfix/defaults/main.yaml b/roles/postfix/defaults/main.yaml
new file mode 100644
index 0000000..040e880
--- /dev/null
+++ b/roles/postfix/defaults/main.yaml
@@ -0,0 +1,31 @@
+---
+postfix_package_name: postfix
+postfix_package_state: present
+
+postfix_service_name: postfix.service
+postfix_service_state: started
+postfix_service_enabled: true
+
+postfix_etc_path: /etc/postfix
+
+postfix_sasl_passwd_map_path: "{{ postfix_etc_path }}/sasl_passwd"
+postfix_sasl_passwd_map: {}
+
+postfix_compatibility_level: 2
+postfix_alias_maps: hash:/etc/aliases
+postfix_alias_database: hash:/etc/aliases
+postfix_myhostname: "{{ ansible_fqdn }}"
+postfix_inet_interfaces: loopback-only
+postfix_smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
+postfix_smtp_sasl_auth_enable: 'yes'
+postfix_smtp_tls_security_level: may
+postfix_smtp_sasl_tls_security_options: noanonymous
+postfix_smtp_tls_loglevel: 1
+postfix_smtp_sasl_password_maps:
+  - "hash:{{ postfix_sasl_passwd_map_path }}"
+postfix_smtp_tls_mandatory_protocols:
+  - "!SSLv2"
+  - "!SSLv3"
+postfix_smtp_tls_protocols:
+  - "!SSLv2"
+  - "!SSLv3"
diff --git a/roles/postfix/handlers/main.yaml b/roles/postfix/handlers/main.yaml
new file mode 100644
index 0000000..5bc195b
--- /dev/null
+++ b/roles/postfix/handlers/main.yaml
@@ -0,0 +1,13 @@
+---
+- name: "postmap sasl_passwd"
+  command: "postmap hash:{{ postfix_sasl_passwd_map_path }}"
+
+- name: reload postfix
+  service:
+    name: "{{ postfix_service_name }}"
+    state: reloaded
+
+- name: restart postfix
+  service:
+    name: "{{ postfix_service_name }}"
+    state: restarted
diff --git a/roles/postfix/tasks/main.yaml b/roles/postfix/tasks/main.yaml
new file mode 100644
index 0000000..71ed8e9
--- /dev/null
+++ b/roles/postfix/tasks/main.yaml
@@ -0,0 +1,38 @@
+---
+- name: gather OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+
+- name: configure postfix
+  template:
+    src: main.cf.j2
+    dest: "{{ postfix_etc_path }}/main.cf"
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload postfix
+
+- name: install postfix
+  package:
+    name: "{{ postfix_package_name }}"
+    state: "{{ postfix_package_state }}"
+
+- name: sasl_passwd map
+  template:
+    src: sasl_passwd.j2
+    dest: "{{ postfix_sasl_passwd_map_path }}"
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - postmap sasl_passwd
+    - reload postfix
+
+- name: manage postfix service
+  service:
+    name: "{{ postfix_service_name }}"
+    state: "{{ postfix_service_state }}"
+    enabled: "{{ postfix_service_enabled }}"
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
new file mode 100644
index 0000000..978d05e
--- /dev/null
+++ b/roles/postfix/templates/main.cf.j2
@@ -0,0 +1,30 @@
+{% macro postconf_param(param) %}
+{% set term = 'postfix_' + param | lower %}
+{% set var = lookup('vars', term, default='') %}
+{% if var is defined and var %}
+{%- if var is string or var is number %}
+{{ param }} = {{ var }}
+{%- elif var is sequence %}
+{{ param }} = {{ var | join(', ') }}
+{%- endif %}
+{% endif %}
+{% endmacro %}
+# {{ ansible_managed }}
+
+{{ postconf_param('compatibility_level') }}
+{{ postconf_param('smtp_tls_session_cache_database') }}
+{{ postconf_param('alias_maps') }}
+{{ postconf_param('alias_database') }}
+{{ postconf_param('myhostname') }}
+{{ postconf_param('inet_interfaces') }}
+{{ postconf_param('smtp_sasl_auth_enable') }}
+{{ postconf_param('smtp_tls_security_level') }}
+{{ postconf_param('smtp_sasl_tls_security_options') }}
+{{ postconf_param('relayhost') }}
+{{ postconf_param('smtp_tls_loglevel') }}
+{{ postconf_param('smtp_tls_security_level') }}
+{{ postconf_param('smtp_tls_CApath') }}
+{{ postconf_param('smtp_tls_CAfile') }}
+{{ postconf_param('smtp_sasl_password_maps') }}
+{{ postconf_param('smtp_tls_mandatory_protocols') }}
+{{ postconf_param('smtp_tls_protocols') }}
diff --git a/roles/postfix/templates/sasl_passwd.j2 b/roles/postfix/templates/sasl_passwd.j2
new file mode 100644
index 0000000..ea35230
--- /dev/null
+++ b/roles/postfix/templates/sasl_passwd.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for k, v in postfix_sasl_passwd_map.items() | default({}) %}
+{{ k }} {{ v }}
+{% endfor %}
diff --git a/roles/postfix/vars/Ubuntu.yaml b/roles/postfix/vars/Ubuntu.yaml
new file mode 100644
index 0000000..c6382bb
--- /dev/null
+++ b/roles/postfix/vars/Ubuntu.yaml
@@ -0,0 +1,3 @@
+---
+postfix_smtp_tls_capath: /etc/ssl/certs
+postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt