forked from AFPy/infra
Mouve our exim4 things to exim4 role.
This commit is contained in:
parent
ebc25d7bbd
commit
f0ba2a2635
|
@ -11,7 +11,7 @@ En partant de là, on peut utiliser les commandes suivantes:
|
|||
Après avoir cloné ce repo, installé Ansible dans un venv, installez
|
||||
les roles nécessaires via :
|
||||
|
||||
- ansible-galaxy install julienpalard.nginx tschifftner.exim4_sendonly
|
||||
- ansible-galaxy install julienpalard.nginx
|
||||
|
||||
Puis pour jouer les *playbooks* :
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
exim4_local_interfaces: '127.0.0.1;172.17.0.1'
|
||||
exim4_relay_nets: '172.16.0.0/12'
|
||||
gandi_api_key: "{{ vault_gandi_api_key }}"
|
||||
letsencrypt_email: julien@python.org
|
||||
admin_email: julien@python.org
|
||||
|
|
|
@ -2,5 +2,3 @@
|
|||
roles:
|
||||
- src: julienpalard.nginx
|
||||
version: master
|
||||
- src: tschifftner.exim4_sendonly
|
||||
version: master
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- role: tschifftner.exim4_sendonly
|
||||
- role: exim4
|
||||
|
|
|
@ -14,54 +14,6 @@
|
|||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Choose a DKIM selector
|
||||
set_fact:
|
||||
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
||||
|
||||
- name: Create /etc/exim4/dkim/ directory
|
||||
file:
|
||||
path: /etc/exim4/dkim/
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: Debian-exim
|
||||
group: Debian-exim
|
||||
|
||||
- name: Generate a private key for DKIM
|
||||
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
||||
args:
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
|
||||
- name: Allow exim to read the DKIM private key
|
||||
file:
|
||||
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: Debian-exim
|
||||
mode: 0640
|
||||
|
||||
- name: Derive the public key for DKIM
|
||||
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
||||
args:
|
||||
chdir: /etc/exim4/dkim/
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
||||
|
||||
- name: Configure exim to use our DKIM key
|
||||
copy:
|
||||
dest: /etc/exim4/conf.d/main/00_local_macros
|
||||
content: |
|
||||
DKIM_CANON = relaxed
|
||||
DKIM_SELECTOR = {{ dkim_selector }}
|
||||
DKIM_DOMAIN = {{ inventory_hostname }}
|
||||
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload exim4
|
||||
register: config_exim
|
||||
|
||||
- name: Reconfigure exim4
|
||||
command: update-exim4.conf
|
||||
when: config_exim is changed
|
||||
|
||||
- package: name=nftables state=present
|
||||
|
||||
- name: Copy nftables rules
|
||||
|
|
|
@ -41,15 +41,3 @@
|
|||
template:
|
||||
src: app.yml
|
||||
dest: /var/discourse/containers/app.yml
|
||||
|
||||
- name: Allow docker to send emails via exim
|
||||
lineinfile:
|
||||
path: /etc/exim4/update-exim4.conf.conf
|
||||
regexp: ^dc_local_interfaces=
|
||||
line: "dc_local_interfaces='127.0.0.1;172.17.0.1'"
|
||||
|
||||
- name: Allow docker to send emails via exim
|
||||
lineinfile:
|
||||
path: /etc/exim4/update-exim4.conf.conf
|
||||
regexp: ^dc_relay_nets=
|
||||
line: "dc_relay_nets='172.16.0.0/12'"
|
||||
|
|
|
@ -16,3 +16,6 @@ exim4_sendonly_email_aliases: []
|
|||
exim4_sendonly_apt_packages:
|
||||
- exim4-daemon-light
|
||||
- mailutils
|
||||
|
||||
exim4_local_interfaces: '127.0.0.1'
|
||||
exim4_relay_nets: ''
|
||||
|
|
|
@ -40,3 +40,47 @@
|
|||
src: 'exim4.conf.localmacros'
|
||||
dest: '/etc/exim4/exim4.conf.localmacros'
|
||||
when: exim4_sendonly_enable_tls
|
||||
|
||||
- name: Create /etc/exim4/dkim/ directory
|
||||
file:
|
||||
path: /etc/exim4/dkim/
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: Debian-exim
|
||||
group: Debian-exim
|
||||
|
||||
- name: Choose a DKIM selector
|
||||
set_fact:
|
||||
dkim_selector: "{{ inventory_hostname | replace('.', '-') }}"
|
||||
|
||||
- name: Generate a private key for DKIM
|
||||
command: openssl genrsa -out /etc/exim4/dkim/{{ dkim_selector }}-private.key 1024
|
||||
args:
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
|
||||
- name: Allow exim to read the DKIM private key
|
||||
file:
|
||||
path: /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: Debian-exim
|
||||
mode: 0640
|
||||
|
||||
- name: Derive the public key for DKIM
|
||||
command: openssl rsa -in {{ dkim_selector }}-private.key -out {{ dkim_selector }}.pem -pubout -outform PEM
|
||||
args:
|
||||
chdir: /etc/exim4/dkim/
|
||||
creates: /etc/exim4/dkim/{{ dkim_selector }}.pem
|
||||
|
||||
- name: Configure exim to use our DKIM key
|
||||
copy:
|
||||
dest: /etc/exim4/conf.d/main/00_local_macros
|
||||
content: |
|
||||
DKIM_CANON = relaxed
|
||||
DKIM_SELECTOR = {{ dkim_selector }}
|
||||
DKIM_DOMAIN = {{ inventory_hostname }}
|
||||
DKIM_PRIVATE_KEY = /etc/exim4/dkim/{{ dkim_selector }}-private.key
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: reload exim4
|
||||
register: config_exim
|
||||
|
|
|
@ -17,11 +17,11 @@
|
|||
# This is a Debian specific file
|
||||
dc_eximconfig_configtype="{{ 'internet' if exim4_sendonly_smarthost == '' else 'satellite' }}"
|
||||
dc_other_hostnames='{{ ansible_hostname }}; localhost.localdomain; localhost'
|
||||
dc_local_interfaces='127.0.0.1'
|
||||
dc_local_interfaces='{{ exim4_local_interfaces }}'
|
||||
dc_readhost=''
|
||||
dc_relay_domains=''
|
||||
dc_minimaldns='false'
|
||||
dc_relay_nets=''
|
||||
dc_relay_nets='{{ exim4_relay_nets }}'
|
||||
dc_smarthost='{{ exim4_sendonly_smarthost }}'
|
||||
CFILEMODE='644'
|
||||
dc_use_split_config='true'
|
||||
|
|
Loading…
Reference in New Issue
Block a user