From f0ba2a2635b8567d4d5fe1efcbd7811919007c14 Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Sun, 30 Jan 2022 10:53:31 +0100
Subject: [PATCH] Mouve our exim4 things to exim4 role.

---
 README.md                                    |  2 +-
 group_vars/all/vars                          |  3 +-
 requirements.yml                             |  2 -
 roles/common/meta/main.yml                   |  2 +-
 roles/common/tasks/main.yml                  | 48 --------------------
 roles/discourse/tasks/main.yml               | 12 -----
 roles/exim4/defaults/main.yml                |  3 ++
 roles/exim4/tasks/configure.yml              | 44 ++++++++++++++++++
 roles/exim4/templates/update-exim4.conf.conf |  4 +-
 9 files changed, 53 insertions(+), 67 deletions(-)

diff --git a/README.md b/README.md
index c3dd2f8..0540369 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ En partant de là, on peut utiliser les commandes suivantes:
 Après avoir cloné ce repo, installé Ansible dans un venv, installez
 les roles nécessaires via :
 
-- ansible-galaxy install julienpalard.nginx tschifftner.exim4_sendonly
+- ansible-galaxy install julienpalard.nginx
 
 Puis pour jouer les *playbooks* :
 
diff --git a/group_vars/all/vars b/group_vars/all/vars
index be41d2b..7f65fb9 100644
--- a/group_vars/all/vars
+++ b/group_vars/all/vars
@@ -1,5 +1,6 @@
 ---
-
+exim4_local_interfaces: '127.0.0.1;172.17.0.1'
+exim4_relay_nets: '172.16.0.0/12'
 gandi_api_key: "{{ vault_gandi_api_key }}"
 letsencrypt_email: julien@python.org
 admin_email: julien@python.org
diff --git a/requirements.yml b/requirements.yml
index 457e2ff..af6b8b9 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -2,5 +2,3 @@
 roles:
   - src: julienpalard.nginx
     version: master
-  - src: tschifftner.exim4_sendonly
-    version: master
diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml
index c344b60..67228b8 100644
--- a/roles/common/meta/main.yml
+++ b/roles/common/meta/main.yml
@@ -1,4 +1,4 @@
 ---
 
 dependencies:
-  - role: tschifftner.exim4_sendonly
+  - role: exim4
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 9569c44..e123b5b 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -14,54 +14,6 @@
       group: root
       mode: 0644
 
-  - name: Choose a DKIM selector
-    set_fact:
-      dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
-
-  - name: Create /etc/exim4/dkim/ directory
-    file:
-      path: /etc/exim4/dkim/
-      state: directory
-      mode: 0750
-      owner: Debian-exim
-      group: Debian-exim
-
-  - name: Generate a private key for DKIM
-    command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
-    args:
-      creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
-
-  - name: Allow exim to read the DKIM private key
-    file:
-      path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
-      owner: root
-      group: Debian-exim
-      mode: 0640
-
-  - name: Derive the public key for DKIM
-    command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
-    args:
-      chdir: /etc/exim4/dkim/
-      creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
-
-  - name: Configure exim to use our DKIM key
-    copy:
-      dest: /etc/exim4/conf.d/main/00_local_macros
-      content: |
-        DKIM_CANON = relaxed
-        DKIM_SELECTOR = {{ dkim_selector }}
-        DKIM_DOMAIN = {{ inventory_hostname }}
-        DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
-      owner: root
-      group: root
-      mode: 0644
-    notify: reload exim4
-    register: config_exim
-
-  - name: Reconfigure exim4
-    command: update-exim4.conf
-    when: config_exim is changed
-
   - package: name=nftables state=present
 
   - name: Copy nftables rules
diff --git a/roles/discourse/tasks/main.yml b/roles/discourse/tasks/main.yml
index 6ff9b82..9f5b76c 100644
--- a/roles/discourse/tasks/main.yml
+++ b/roles/discourse/tasks/main.yml
@@ -41,15 +41,3 @@
   template:
     src: app.yml
     dest: /var/discourse/containers/app.yml
-
-- name: Allow docker to send emails via exim
-  lineinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    regexp: ^dc_local_interfaces=
-    line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
-
-- name: Allow docker to send emails via exim
-  lineinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    regexp: ^dc_relay_nets=
-    line: "dc_relay_nets='172.16.0.0/12'"
diff --git a/roles/exim4/defaults/main.yml b/roles/exim4/defaults/main.yml
index cf75b8a..61a8d77 100644
--- a/roles/exim4/defaults/main.yml
+++ b/roles/exim4/defaults/main.yml
@@ -16,3 +16,6 @@ exim4_sendonly_email_aliases: []
 exim4_sendonly_apt_packages:
   - exim4-daemon-light
   - mailutils
+
+exim4_local_interfaces: '127.0.0.1'
+exim4_relay_nets: ''
diff --git a/roles/exim4/tasks/configure.yml b/roles/exim4/tasks/configure.yml
index 21d529e..449645e 100644
--- a/roles/exim4/tasks/configure.yml
+++ b/roles/exim4/tasks/configure.yml
@@ -40,3 +40,47 @@
     src: 'exim4.conf.localmacros'
     dest: '/etc/exim4/exim4.conf.localmacros'
   when: exim4_sendonly_enable_tls
+
+- name: Create /etc/exim4/dkim/ directory
+  file:
+    path: /etc/exim4/dkim/
+    state: directory
+    mode: 0750
+    owner: Debian-exim
+    group: Debian-exim
+
+- name: Choose a DKIM selector
+  set_fact:
+    dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
+
+- name: Generate a private key for DKIM
+  command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
+  args:
+    creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
+
+- name: Allow exim to read the DKIM private key
+  file:
+    path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
+    owner: root
+    group: Debian-exim
+    mode: 0640
+
+- name: Derive the public key for DKIM
+  command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
+  args:
+    chdir: /etc/exim4/dkim/
+    creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
+
+- name: Configure exim to use our DKIM key
+  copy:
+    dest: /etc/exim4/conf.d/main/00_local_macros
+    content: |
+      DKIM_CANON = relaxed
+      DKIM_SELECTOR = {{ dkim_selector }}
+      DKIM_DOMAIN = {{ inventory_hostname }}
+      DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload exim4
+  register: config_exim
diff --git a/roles/exim4/templates/update-exim4.conf.conf b/roles/exim4/templates/update-exim4.conf.conf
index 0c29d5e..24e0246 100644
--- a/roles/exim4/templates/update-exim4.conf.conf
+++ b/roles/exim4/templates/update-exim4.conf.conf
@@ -17,11 +17,11 @@
 # This is a Debian specific file
 dc_eximconfig_configtype="{{ 'internet' if exim4_sendonly_smarthost == '' else 'satellite' }}"
 dc_other_hostnames='{{ ansible_hostname }}; localhost.localdomain; localhost'
-dc_local_interfaces='127.0.0.1'
+dc_local_interfaces='{{ exim4_local_interfaces }}'
 dc_readhost=''
 dc_relay_domains=''
 dc_minimaldns='false'
-dc_relay_nets=''
+dc_relay_nets='{{ exim4_relay_nets }}'
 dc_smarthost='{{ exim4_sendonly_smarthost }}'
 CFILEMODE='644'
 dc_use_split_config='true'