Add postfix role

roles/postfix/defaults/main.yaml

@@ -0,0 +1,31 @@
+---
+postfix_package_name: postfix
+postfix_package_state: present
+
+postfix_service_name: postfix.service
+postfix_service_state: started
+postfix_service_enabled: true
+
+postfix_etc_path: /etc/postfix
+
+postfix_sasl_passwd_map_path: "{{ postfix_etc_path }}/sasl_passwd"
+postfix_sasl_passwd_map: {}
+
+postfix_compatibility_level: 2
+postfix_alias_maps: hash:/etc/aliases
+postfix_alias_database: hash:/etc/aliases
+postfix_myhostname: "{{ ansible_fqdn }}"
+postfix_inet_interfaces: loopback-only
+postfix_smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
+postfix_smtp_sasl_auth_enable: 'yes'
+postfix_smtp_tls_security_level: may
+postfix_smtp_sasl_tls_security_options: noanonymous
+postfix_smtp_tls_loglevel: 1
+postfix_smtp_sasl_password_maps:
+  - "hash:{{ postfix_sasl_passwd_map_path }}"
+postfix_smtp_tls_mandatory_protocols:
+  - "!SSLv2"
+  - "!SSLv3"
+postfix_smtp_tls_protocols:
+  - "!SSLv2"
+  - "!SSLv3"

roles/postfix/handlers/main.yaml

@@ -0,0 +1,13 @@
+---
+- name: "postmap sasl_passwd"
+  command: "postmap hash:{{ postfix_sasl_passwd_map_path }}"
+
+- name: reload postfix
+  service:
+    name: "{{ postfix_service_name }}"
+    state: reloaded
+
+- name: restart postfix
+  service:
+    name: "{{ postfix_service_name }}"
+    state: restarted

roles/postfix/tasks/main.yaml

@@ -0,0 +1,38 @@
+---
+- name: gather OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+
+- name: configure postfix
+  template:
+    src: main.cf.j2
+    dest: "{{ postfix_etc_path }}/main.cf"
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload postfix
+
+- name: install postfix
+  package:
+    name: "{{ postfix_package_name }}"
+    state: "{{ postfix_package_state }}"
+
+- name: sasl_passwd map
+  template:
+    src: sasl_passwd.j2
+    dest: "{{ postfix_sasl_passwd_map_path }}"
+    owner: root
+    group: root
+    mode: 0600
+  notify:
+    - postmap sasl_passwd
+    - reload postfix
+
+- name: manage postfix service
+  service:
+    name: "{{ postfix_service_name }}"
+    state: "{{ postfix_service_state }}"
+    enabled: "{{ postfix_service_enabled }}"

roles/postfix/templates/main.cf.j2

@@ -0,0 +1,30 @@
+{% macro postconf_param(param) %}
+{% set term = 'postfix_' + param | lower %}
+{% set var = lookup('vars', term, default='') %}
+{% if var is defined and var %}
+{%- if var is string or var is number %}
+{{ param }} = {{ var }}
+{%- elif var is sequence %}
+{{ param }} = {{ var | join(', ') }}
+{%- endif %}
+{% endif %}
+{% endmacro %}
+# {{ ansible_managed }}
+
+{{ postconf_param('compatibility_level') }}
+{{ postconf_param('smtp_tls_session_cache_database') }}
+{{ postconf_param('alias_maps') }}
+{{ postconf_param('alias_database') }}
+{{ postconf_param('myhostname') }}
+{{ postconf_param('inet_interfaces') }}
+{{ postconf_param('smtp_sasl_auth_enable') }}
+{{ postconf_param('smtp_tls_security_level') }}
+{{ postconf_param('smtp_sasl_tls_security_options') }}
+{{ postconf_param('relayhost') }}
+{{ postconf_param('smtp_tls_loglevel') }}
+{{ postconf_param('smtp_tls_security_level') }}
+{{ postconf_param('smtp_tls_CApath') }}
+{{ postconf_param('smtp_tls_CAfile') }}
+{{ postconf_param('smtp_sasl_password_maps') }}
+{{ postconf_param('smtp_tls_mandatory_protocols') }}
+{{ postconf_param('smtp_tls_protocols') }}

roles/postfix/templates/sasl_passwd.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for k, v in postfix_sasl_passwd_map.items() | default({}) %}
+{{ k }} {{ v }}
+{% endfor %}

roles/postfix/vars/Ubuntu.yaml

@@ -0,0 +1,3 @@
+---
+postfix_smtp_tls_capath: /etc/ssl/certs
+postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt