Mouve our exim4 things to exim4 role.

2022-01-30 10:53:31 +01:00 · 2022-01-30 10:53:31 +01:00 · f0ba2a2635
parent ebc25d7bbd
commit f0ba2a2635
9 changed files with 53 additions and 67 deletions
--- a/README.md
+++ b/README.md
@ -11,7 +11,7 @@ En partant de là, on peut utiliser les commandes suivantes:
 Après avoir cloné ce repo, installé Ansible dans un venv, installez
 les roles nécessaires via :

- ansible-galaxy install julienpalard.nginx tschifftner.exim4_sendonly
+- ansible-galaxy install julienpalard.nginx

 Puis pour jouer les *playbooks* :

--- a/group_vars/all/vars
+++ b/group_vars/all/vars
@ -1,5 +1,6 @@
 ---
-
+exim4_local_interfaces: '127.0.0.1;172.17.0.1'
+exim4_relay_nets: '172.16.0.0/12'
 gandi_api_key: "{{ vault_gandi_api_key }}"
 letsencrypt_email: julien@python.org
 admin_email: julien@python.org
--- a/requirements.yml
+++ b/requirements.yml
@ -2,5 +2,3 @@
 roles:
  - src: julienpalard.nginx
    version: master
-  - src: tschifftner.exim4_sendonly
-    version: master
--- a/roles/common/meta/main.yml
+++ b/roles/common/meta/main.yml
@ -1,4 +1,4 @@
 ---

 dependencies:
-  - role: tschifftner.exim4_sendonly
+  - role: exim4
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -14,54 +14,6 @@
      group: root
      mode: 0644

-  - name: Choose a DKIM selector
-    set_fact:
-      dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
-
-  - name: Create /etc/exim4/dkim/ directory
-    file:
-      path: /etc/exim4/dkim/
-      state: directory
-      mode: 0750
-      owner: Debian-exim
-      group: Debian-exim
-
-  - name: Generate a private key for DKIM
-    command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
-    args:
-      creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
-
-  - name: Allow exim to read the DKIM private key
-    file:
-      path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
-      owner: root
-      group: Debian-exim
-      mode: 0640
-
-  - name: Derive the public key for DKIM
-    command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
-    args:
-      chdir: /etc/exim4/dkim/
-      creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
-
-  - name: Configure exim to use our DKIM key
-    copy:
-      dest: /etc/exim4/conf.d/main/00_local_macros
-      content: |
-        DKIM_CANON = relaxed
-        DKIM_SELECTOR = {{ dkim_selector }}
-        DKIM_DOMAIN = {{ inventory_hostname }}
-        DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
-      owner: root
-      group: root
-      mode: 0644
-    notify: reload exim4
-    register: config_exim
-
-  - name: Reconfigure exim4
-    command: update-exim4.conf
-    when: config_exim is changed
-
  - package: name=nftables state=present

  - name: Copy nftables rules
--- a/roles/discourse/tasks/main.yml
+++ b/roles/discourse/tasks/main.yml
@ -41,15 +41,3 @@
  template:
    src: app.yml
    dest: /var/discourse/containers/app.yml
-
- name: Allow docker to send emails via exim
-  lineinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    regexp: ^dc_local_interfaces=
-    line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
-
- name: Allow docker to send emails via exim
-  lineinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    regexp: ^dc_relay_nets=
-    line: "dc_relay_nets='172.16.0.0/12'"
--- a/roles/exim4/defaults/main.yml
+++ b/roles/exim4/defaults/main.yml
@ -16,3 +16,6 @@ exim4_sendonly_email_aliases: []
 exim4_sendonly_apt_packages:
  - exim4-daemon-light
  - mailutils
+
+exim4_local_interfaces: '127.0.0.1'
+exim4_relay_nets: ''
--- a/roles/exim4/tasks/configure.yml
+++ b/roles/exim4/tasks/configure.yml
@ -40,3 +40,47 @@
    src: 'exim4.conf.localmacros'
    dest: '/etc/exim4/exim4.conf.localmacros'
  when: exim4_sendonly_enable_tls
+
+- name: Create /etc/exim4/dkim/ directory
+  file:
+    path: /etc/exim4/dkim/
+    state: directory
+    mode: 0750
+    owner: Debian-exim
+    group: Debian-exim
+
+- name: Choose a DKIM selector
+  set_fact:
+    dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
+
+- name: Generate a private key for DKIM
+  command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
+  args:
+    creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
+
+- name: Allow exim to read the DKIM private key
+  file:
+    path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
+    owner: root
+    group: Debian-exim
+    mode: 0640
+
+- name: Derive the public key for DKIM
+  command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
+  args:
+    chdir: /etc/exim4/dkim/
+    creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
+
+- name: Configure exim to use our DKIM key
+  copy:
+    dest: /etc/exim4/conf.d/main/00_local_macros
+    content: |
+      DKIM_CANON = relaxed
+      DKIM_SELECTOR = {{ dkim_selector }}
+      DKIM_DOMAIN = {{ inventory_hostname }}
+      DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload exim4
+  register: config_exim
--- a/roles/exim4/templates/update-exim4.conf.conf
+++ b/roles/exim4/templates/update-exim4.conf.conf
@ -17,11 +17,11 @@
 # This is a Debian specific file
 dc_eximconfig_configtype="{{ 'internet' if exim4_sendonly_smarthost == '' else 'satellite' }}"
 dc_other_hostnames='{{ ansible_hostname }}; localhost.localdomain; localhost'
-dc_local_interfaces='127.0.0.1'
+dc_local_interfaces='{{ exim4_local_interfaces }}'
 dc_readhost=''
 dc_relay_domains=''
 dc_minimaldns='false'
-dc_relay_nets=''
+dc_relay_nets='{{ exim4_relay_nets }}'
 dc_smarthost='{{ exim4_sendonly_smarthost }}'
 CFILEMODE='644'
 dc_use_split_config='true'