Mouve our exim4 things to exim4 role.
This commit is contained in:
parent
ebc25d7bbd
commit
f0ba2a2635
|
@ -11,7 +11,7 @@ En partant de là, on peut utiliser les commandes suivantes:
|
||||||
Après avoir cloné ce repo, installé Ansible dans un venv, installez
|
Après avoir cloné ce repo, installé Ansible dans un venv, installez
|
||||||
les roles nécessaires via :
|
les roles nécessaires via :
|
||||||
|
|
||||||
- ansible-galaxy install julienpalard.nginx tschifftner.exim4_sendonly
|
- ansible-galaxy install julienpalard.nginx
|
||||||
|
|
||||||
Puis pour jouer les *playbooks* :
|
Puis pour jouer les *playbooks* :
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
|
exim4_local_interfaces: '127.0.0.1;172.17.0.1'
|
||||||
|
exim4_relay_nets: '172.16.0.0/12'
|
||||||
gandi_api_key: "{{ vault_gandi_api_key }}"
|
gandi_api_key: "{{ vault_gandi_api_key }}"
|
||||||
letsencrypt_email: julien@python.org
|
letsencrypt_email: julien@python.org
|
||||||
admin_email: julien@python.org
|
admin_email: julien@python.org
|
||||||
|
|
|
@ -2,5 +2,3 @@
|
||||||
roles:
|
roles:
|
||||||
- src: julienpalard.nginx
|
- src: julienpalard.nginx
|
||||||
version: master
|
version: master
|
||||||
- src: tschifftner.exim4_sendonly
|
|
||||||
version: master
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: tschifftner.exim4_sendonly
|
- role: exim4
|
||||||
|
|
|
@ -14,54 +14,6 @@
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: Choose a DKIM selector
|
|
||||||
set_fact:
|
|
||||||
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
|
||||||
|
|
||||||
- name: Create /etc/exim4/dkim/ directory
|
|
||||||
file:
|
|
||||||
path: /etc/exim4/dkim/
|
|
||||||
state: directory
|
|
||||||
mode: 0750
|
|
||||||
owner: Debian-exim
|
|
||||||
group: Debian-exim
|
|
||||||
|
|
||||||
- name: Generate a private key for DKIM
|
|
||||||
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
|
||||||
args:
|
|
||||||
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
|
||||||
|
|
||||||
- name: Allow exim to read the DKIM private key
|
|
||||||
file:
|
|
||||||
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
|
||||||
owner: root
|
|
||||||
group: Debian-exim
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: Derive the public key for DKIM
|
|
||||||
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
|
||||||
args:
|
|
||||||
chdir: /etc/exim4/dkim/
|
|
||||||
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
|
||||||
|
|
||||||
- name: Configure exim to use our DKIM key
|
|
||||||
copy:
|
|
||||||
dest: /etc/exim4/conf.d/main/00_local_macros
|
|
||||||
content: |
|
|
||||||
DKIM_CANON = relaxed
|
|
||||||
DKIM_SELECTOR = {{ dkim_selector }}
|
|
||||||
DKIM_DOMAIN = {{ inventory_hostname }}
|
|
||||||
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
notify: reload exim4
|
|
||||||
register: config_exim
|
|
||||||
|
|
||||||
- name: Reconfigure exim4
|
|
||||||
command: update-exim4.conf
|
|
||||||
when: config_exim is changed
|
|
||||||
|
|
||||||
- package: name=nftables state=present
|
- package: name=nftables state=present
|
||||||
|
|
||||||
- name: Copy nftables rules
|
- name: Copy nftables rules
|
||||||
|
|
|
@ -41,15 +41,3 @@
|
||||||
template:
|
template:
|
||||||
src: app.yml
|
src: app.yml
|
||||||
dest: /var/discourse/containers/app.yml
|
dest: /var/discourse/containers/app.yml
|
||||||
|
|
||||||
- name: Allow docker to send emails via exim
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/exim4/update-exim4.conf.conf
|
|
||||||
regexp: ^dc_local_interfaces=
|
|
||||||
line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
|
|
||||||
|
|
||||||
- name: Allow docker to send emails via exim
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/exim4/update-exim4.conf.conf
|
|
||||||
regexp: ^dc_relay_nets=
|
|
||||||
line: "dc_relay_nets='172.16.0.0/12'"
|
|
||||||
|
|
|
@ -16,3 +16,6 @@ exim4_sendonly_email_aliases: []
|
||||||
exim4_sendonly_apt_packages:
|
exim4_sendonly_apt_packages:
|
||||||
- exim4-daemon-light
|
- exim4-daemon-light
|
||||||
- mailutils
|
- mailutils
|
||||||
|
|
||||||
|
exim4_local_interfaces: '127.0.0.1'
|
||||||
|
exim4_relay_nets: ''
|
||||||
|
|
|
@ -40,3 +40,47 @@
|
||||||
src: 'exim4.conf.localmacros'
|
src: 'exim4.conf.localmacros'
|
||||||
dest: '/etc/exim4/exim4.conf.localmacros'
|
dest: '/etc/exim4/exim4.conf.localmacros'
|
||||||
when: exim4_sendonly_enable_tls
|
when: exim4_sendonly_enable_tls
|
||||||
|
|
||||||
|
- name: Create /etc/exim4/dkim/ directory
|
||||||
|
file:
|
||||||
|
path: /etc/exim4/dkim/
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: Debian-exim
|
||||||
|
group: Debian-exim
|
||||||
|
|
||||||
|
- name: Choose a DKIM selector
|
||||||
|
set_fact:
|
||||||
|
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
||||||
|
|
||||||
|
- name: Generate a private key for DKIM
|
||||||
|
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
||||||
|
args:
|
||||||
|
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
|
||||||
|
- name: Allow exim to read the DKIM private key
|
||||||
|
file:
|
||||||
|
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
owner: root
|
||||||
|
group: Debian-exim
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
|
- name: Derive the public key for DKIM
|
||||||
|
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
||||||
|
args:
|
||||||
|
chdir: /etc/exim4/dkim/
|
||||||
|
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
||||||
|
|
||||||
|
- name: Configure exim to use our DKIM key
|
||||||
|
copy:
|
||||||
|
dest: /etc/exim4/conf.d/main/00_local_macros
|
||||||
|
content: |
|
||||||
|
DKIM_CANON = relaxed
|
||||||
|
DKIM_SELECTOR = {{ dkim_selector }}
|
||||||
|
DKIM_DOMAIN = {{ inventory_hostname }}
|
||||||
|
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: reload exim4
|
||||||
|
register: config_exim
|
||||||
|
|
|
@ -17,11 +17,11 @@
|
||||||
# This is a Debian specific file
|
# This is a Debian specific file
|
||||||
dc_eximconfig_configtype="{{ 'internet' if exim4_sendonly_smarthost == '' else 'satellite' }}"
|
dc_eximconfig_configtype="{{ 'internet' if exim4_sendonly_smarthost == '' else 'satellite' }}"
|
||||||
dc_other_hostnames='{{ ansible_hostname }}; localhost.localdomain; localhost'
|
dc_other_hostnames='{{ ansible_hostname }}; localhost.localdomain; localhost'
|
||||||
dc_local_interfaces='127.0.0.1'
|
dc_local_interfaces='{{ exim4_local_interfaces }}'
|
||||||
dc_readhost=''
|
dc_readhost=''
|
||||||
dc_relay_domains=''
|
dc_relay_domains=''
|
||||||
dc_minimaldns='false'
|
dc_minimaldns='false'
|
||||||
dc_relay_nets=''
|
dc_relay_nets='{{ exim4_relay_nets }}'
|
||||||
dc_smarthost='{{ exim4_sendonly_smarthost }}'
|
dc_smarthost='{{ exim4_sendonly_smarthost }}'
|
||||||
CFILEMODE='644'
|
CFILEMODE='644'
|
||||||
dc_use_split_config='true'
|
dc_use_split_config='true'
|
||||||
|
|
Loading…
Reference in New Issue