From b37c42d8c66df77eccacdcb7788eeedcba6e0440 Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Thu, 7 Mar 2024 18:22:31 +0100
Subject: [PATCH] Exim to smarthost to galae.

---
 base.yml                     | 37 -----------------
 group_vars/all/vault.yml     | 29 +++++++------
 inventory.yml                |  3 ++
 roles/exim/handlers/main.yml |  6 +++
 roles/exim/tasks/main.yml    | 79 ++++++++++++++++++++++++++++++++++++
 5 files changed, 104 insertions(+), 50 deletions(-)
 create mode 100644 roles/exim/handlers/main.yml
 create mode 100644 roles/exim/tasks/main.yml

diff --git a/base.yml b/base.yml
index b6bc7b3..540b549 100644
--- a/base.yml
+++ b/base.yml
@@ -82,43 +82,6 @@
       notify: restart sshd
       tags: ssh
 
-    - name: msmtp config
-      copy:
-        dest: /etc/msmtprc
-        content: |
-          defaults
-          auth           on
-          tls            on
-          tls_starttls   off
-          tls_trust_file /etc/ssl/certs/ca-certificates.crt
-          logfile        /var/log/msmtp
-
-          account        galae
-          auth           plain
-          host           mail.galae.net
-          port           465
-          from           {{ vault_smtp_username }}
-          user           {{ vault_smtp_username }}
-          password       {{ vault_smtp_password }}
-
-          account default : galae
-
-    - name: Install msmtp
-      apt:
-        name: [msmtp, msmtp-mta, bsd-mailx]
-
-    - name: Ensure root crontab sends email from me
-      community.general.cronvar:
-        user: root
-        name: MAILFROM
-        value: "{{ vault_smtp_username }}"
-
-    - name: Ensure my crontab sends email from me
-      community.general.cronvar:
-        user: mdk
-        name: MAILFROM
-        value: "{{ vault_smtp_username }}"
-
     - name: Ensure root crontab sends email to me
       community.general.cronvar:
         user: root
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index ae7da15..343ab08 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,14 +1,17 @@
 $ANSIBLE_VAULT;1.1;AES256
-65373439643337356162343830646336623863646137656265386537386663363332383833653531
-3533623932363765306539363834326133373563363231370a616639616331383930663032326432
-30326535303866363130636330396465343966643065666564616665343933653061663939643265
-6561353837323236660a663966626237633164383164346165336161616662323466333334326639
-30303064303733613562363666613238393138666639346133323635623665336338663766356566
-35633637366566393962336265343063366439363439313531396430393331376637656433306561
-37333531333739643165386665343332343363636230663662656538376537633131613862353462
-39373235333535643866646461383235346464636135333833306134313632633263626235396534
-65303335373536356530373937373737333230333433613630613337616562383338613038366133
-31613534646663653032623366643530353738356435316633643533353031383436343230353765
-34633131333634613535636235363166376636316530393430343330346163646463383162393362
-66633735356536616138613562396334616233323037663534313966353633353838646137363166
-6562
+38396564386463643965633165623963303837663765353832636434646430303233626131333462
+3438346362303630336132313962353632643935626636610a386366663232353762623931316665
+37653833323566356133376232653562376461336637303933393233336432636633323531633866
+6665343132313338630a656233626432323865343065666637626230346437393531393534633134
+39303231366263646337303264346231613234373263633134636336616165613435333863353531
+30303838383133646535383765326532623832303466353837316636316339613034613330656330
+35633363663937373433323235623433396536643732643033353666383762336165666461336633
+30326433316663663363313862353332363932313834653863666662353732303332366239663537
+65303736633538323932353862313463623733336164346162346231653731343836613536326631
+34633461303362626366393463366364653264346138393064363261383331613364343563623861
+34616533653534626134376337366635636166313234346533613764376332666662373439336232
+35346139346633306235636165323163376132313135323033633666383165616631623735643434
+36316465646465383064626261666136313039353361393732353633313837326562623035313436
+65313561343963636366643064343237393766363236636265343435666230393638323631326262
+35393264646538343737326363393037306231306530643836356565626261356264373365616664
+63363565366532313239
diff --git a/inventory.yml b/inventory.yml
index f317125..af48ead 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -1,5 +1,8 @@
 [mdk]
 www.mdk.fr ansible_host=51.15.187.166 online_server=sd-131717
 
+[laptops]
+zhakar.local ansible_host=127.0.0.1
+
 [silence]
 silence.local ansible_host=192.168.1.210
diff --git a/roles/exim/handlers/main.yml b/roles/exim/handlers/main.yml
new file mode 100644
index 0000000..130dd99
--- /dev/null
+++ b/roles/exim/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart exim4
+  service:
+    name: 'exim4'
+    state: restarted
+    enabled: yes
diff --git a/roles/exim/tasks/main.yml b/roles/exim/tasks/main.yml
new file mode 100644
index 0000000..cdd6412
--- /dev/null
+++ b/roles/exim/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+
+- name: Install exim4 packages
+  apt:
+    name: exim4-daemon-light
+    state: present
+    cache_valid_time: 86400
+
+- name: Exim macros
+  copy:
+    dest: /etc/exim4/conf.d/main/000_mdk_macros
+    owner: root
+    group: root
+    mode: 0644
+    content: |
+      REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = *
+      REMOTE_SMTP_SMARTHOST_PROTOCOL = smtps
+      # MAIN_LOG_SELECTOR = +all
+  notify: restart exim4
+
+- name: Exim wild rewrite
+  copy:
+    dest: /etc/exim4/conf.d/rewrite/99_mdk_rewrite
+    owner: root
+    group: root
+    mode: 0644
+    content: |
+      *@+local_domains "${lookup{${local_part}}wildlsearch{/etc/email-addresses}\
+                         {$value}fail}" Ffrs
+      *@ETC_MAILNAME "${lookup{${local_part}}wildlsearch{/etc/email-addresses}\
+                         {$value}fail}" Ffrs
+  notify: restart exim4
+
+- name: Exim email addresses
+  copy:
+    dest: /etc/email-addresses
+    owner: root
+    group: root
+    mode: 0644
+    content: |
+      *: {{ smtp_username }}
+  notify: restart exim4
+
+- name: Exim smarthost password
+  copy:
+    dest: /etc/exim4/passwd.client
+    owner: root
+    group: Debian-exim
+    mode: 0640
+    content: |
+      {{ smtp_host }}:{{ smtp_username }}:{{ smtp_password }}
+  notify: restart exim4
+
+- name: Exim smarthost config
+  copy:
+    dest: /etc/exim4/update-exim4.conf.conf
+    owner: root
+    group: root
+    mode: 0644
+    content: |
+      dc_eximconfig_configtype='smarthost'
+      dc_other_hostnames='{{ inventory_hostname_short }}'
+      dc_local_interfaces='127.0.0.1 ; ::1'
+      dc_readhost=''
+      dc_relay_domains=''
+      dc_minimaldns='false'
+      dc_relay_nets=''
+      dc_smarthost='{{ smtp_host }}::{{ smtp_port }}'
+      CFILEMODE='644'
+      dc_use_split_config='true'
+      dc_hide_mailname=''
+      dc_mailname_in_oh='true'
+      dc_localdelivery='maildir_home'
+  register: update_exim4_conf_conf
+
+- name: Exim generate config
+  when: update_exim4_conf_conf is changed
+  command: update-exim4.conf
+  notify: restart exim4