Commit a59c8371 authored by David Kempe's avatar David Kempe
Browse files

Initial commit

parents
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
Icon?
ehthumbs.db
Thumbs.db
# IDE files #
#################
/.settings
/.buildpath
/.project
/nbproject
*.komodoproject
*.kpf
/.idea
# Vagrant files #
.virtualbox/
.vagrant/
vagrant_ansible_inventory_*
ansible.cfg
# Other files #
###############
!empty
---
sudo: required
dist: trusty
language: python
python: "2.7"
env:
- ANSIBLE_VERSION=latest
- ANSIBLE_VERSION=2.5.1
- ANSIBLE_VERSION=2.5.0
- ANSIBLE_VERSION=2.4.4.0
- ANSIBLE_VERSION=2.4.3.0
- ANSIBLE_VERSION=2.4.2.0
- ANSIBLE_VERSION=2.4.1.0
- ANSIBLE_VERSION=2.4.0.0
- ANSIBLE_VERSION=2.3.3.0
- ANSIBLE_VERSION=2.3.2.0
- ANSIBLE_VERSION=2.3.1.0
- ANSIBLE_VERSION=2.3.0.0
- ANSIBLE_VERSION=2.2.3.0
- ANSIBLE_VERSION=2.2.2.0
- ANSIBLE_VERSION=2.2.1.0
- ANSIBLE_VERSION=2.2.0.0
- ANSIBLE_VERSION=2.1.6
- ANSIBLE_VERSION=2.1.5
- ANSIBLE_VERSION=2.1.4
- ANSIBLE_VERSION=2.1.3
- ANSIBLE_VERSION=2.1.2
- ANSIBLE_VERSION=2.1.1.0
- ANSIBLE_VERSION=2.1.0.0
- ANSIBLE_VERSION=2.0.2.0
- ANSIBLE_VERSION=2.0.1.0
- ANSIBLE_VERSION=2.0.0.2
- ANSIBLE_VERSION=2.0.0.1
- ANSIBLE_VERSION=2.0.0.0
branches:
only:
- master
before_install:
- sudo apt-get update -qq
# Remove postfix
- sudo apt-get remove --purge --yes postfix
install:
# Install Ansible.
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
script:
# Check the role/playbook's syntax.
- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
# Run the role/playbook with ansible-playbook.
- ansible-playbook -i tests/inventory tests/test.yml -vvvv
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/test.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
- if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml || true; fi
notifications:
email: false
hipchat:
rooms:
secure: E9GE0YbNAi2h0IqmkxDS7SE4WI8yGnQc97djppJ147sOZHbifup5ELLJcMNJFKKLG60fCEgKLc/QgukcofeKHv+xPH0vaI4B7x98l5x19D6TPIYOgpmlzUPMtA2R5VfNa3aql+IynHhFxI0GxwhIaiyRaMjt+yzcgKYOvzw++8E=
webhooks: https://galaxy.ansible.com/api/v1/notifications/
FROM ubuntu:16.04
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
# python
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
apt-get clean
RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python -
RUN rm -rf $HOME/.cache
# ansible
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
apt-get clean
RUN pip install ansible==2.3.2.0
RUN rm -rf $HOME/.cache
# provision
COPY . /etc/ansible/roles/ansible-role
WORKDIR /etc/ansible/roles/ansible-role
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local
Copyright (c) Oefenweb.nl <https://github.com/Oefenweb>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
## postfix
[![Build Status](https://travis-ci.org/Oefenweb/ansible-postfix.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-postfix) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-postfix-blue.svg)](https://galaxy.ansible.com/tersmitten/postfix)
Set up a postfix server in Debian-like systems.
#### Requirements
None
#### Variables
* `postfix_install` [default: `[postfix, mailutils, libsasl2-2, sasl2-bin, libsasl2-modules]`]: Packages to install
* `postfix_hostname` [default: `{{ ansible_fqdn }}`]: Host name, used for `myhostname` and in `mydestination`
* `postfix_mailname` [default: `{{ ansible_fqdn }}`]: Mail name (in `/etc/mailname`), used for `myorigin`
* `postfix_aliases` [default: `[]`]: Aliases to ensure present in `/etc/aliases`
* `postfix_virtual_aliases` [default: `[]`]: Virtual aliases to ensure present in `/etc/postfix/virtual`
* `postfix_sender_canonical_maps` [default: `[]`]: Sender address rewriting in `/etc/postfix/sender_canonical_maps` ([see](http://www.postfix.org/postconf.5.html#sender_canonical_maps))
* `postfix_generic:` [default: `[]`]: Generic table address mapping in `/etc/postfix/generic`
([see](http://www.postfix.org/generic.5.html))
* `postfix_mydestination` [default: `["{{ postfix_hostname }}", 'localdomain', 'localhost', 'localhost.localdomain']`]: Specifies what domains this machine will deliver locally, instead of forwarding to another machine
* `postfix_mynetworks` [default: `['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']`]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"
* `postfix_inet_interfaces` [default: `all`]: Network interfaces to bind ([see](http://www.postfix.org/postconf.5.html#inet_interfaces))
* `postfix_inet_protocols` [default: `all`]: The Internet protocols Postfix will attempt to use when making or accepting connections ([see](http://www.postfix.org/postconf.5.html#inet_protocols))
* `postfix_sasl_auth_enable` [default: `true`]: Enable SASL authentication in the SMTP client
* `postfix_relayhost` [default: `false` (no relay host)]: Hostname to relay all email to
* `postfix_relayhost_port` [default: 587]: Relay port (on `postfix_relayhost`, if set)
* `postfix_sasl_security_options` [default: `noanonymous`]: SMTP client SASL security options
* `postfix_relaytls` [default: `false`]: Use TLS when sending with a relay host
* `postfix_smtp_tls_cafile` [optional]: A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates (e.g. `/etc/ssl/certs/ca-certificates.crt`)
* `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username
* `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**
* `postfix_smtpd_banner` [default: `$myhostname ESMTP $mail_name (Ubuntu)`]: Greeting banner **You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.**
* `postfix_disable_vrfy_command` [default: `false`]: Disable the `SMTP VRFY` command. This stops some techniques used to harvest email addresses
## Dependencies
* `debconf`
* `debconf-utils`
#### Example
A simple example that doesn't use SASL relaying:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_aliases:
- user: root
alias: you@yourdomain.org
```
A simple example with virtual aliases for mail forwarding that doesn't use SASL relaying:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_mydestination:
- "{{ postfix_hostname }}"
- '$mydomain'
- localdomain
- localhost
- localhost.localdomain
postfix_virtual_aliases:
- virtual: webmaster@yourdomain.com
alias: personal_email@gmail.com
- virtual: billandbob@yourdomain.com
alias: bill@gmail.com, bob@gmail.com
```
A simple example that rewrites the sender address:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_sender_canonical_maps:
- sender: root
rewrite: postmaster@example.com
```
Provide the relay host name if you want to enable relaying:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_aliases:
- user: root
alias: you@yourdomain.org
postfix_relayhost: mail.yourdomain.org
```
For AWS SES support:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_aliases:
- user: root
alias: sesverified@yourdomain.org
postfix_relayhost: email-smtp.us-east-1.amazonaws.com
postfix_relaytls: true
# AWS IAM SES credentials (not access key):
postfix_sasl_user: AKIXXXXXXXXXXXXXXXXX
postfix_sasl_password: ASDFXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
For MailHog support:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_aliases:
- user: root
alias: you@yourdomain.org
postfix_relayhost: "{{ ansible_lo['ipv4']['address'] }}"
postfix_relayhost_port: 1025
postfix_sasl_auth_enable: false
```
For Gmail support:
```yaml
---
- hosts: all
roles:
- postfix
vars:
postfix_aliases:
- user: root
alias: you@yourdomain.org
postfix_relayhost: smtp.gmail.com
postfix_relaytls: true
postfix_smtp_tls_cafile: /etc/ssl/certs/ca-certificates.crt
postfix_sasl_user: 'foo'
postfix_sasl_password: 'bar'
```
If you configure your Google account for extra security to use the 2-step verification, then
postfix won't send out emails anymore and you might notice error messages in the /var/log/mail.log file
To fix this issue, you need to visit the ([Authorizing applications & sites](http://www.google.com/accounts/IssuedAuthSubTokens?hide_authsub=1)) page under your Google Account settings. On this page page enter the name of the application to be authorized (Postfix) and click on Generate button. Set the ```postfix_sasl_password``` variable with the password generated by this page.
#### License
MIT
#### Author Information
Mischa ter Smitten
#### Feedback, bug-reports, requests, ...
Are [welcome](https://github.com/Oefenweb/ansible-postfix/issues)!
# -*- mode: ruby -*-
# vi: set ft=ruby ts=2 sw=2 tw=0 et :
role = File.basename(File.expand_path(File.dirname(__FILE__)))
boxes = [
{
:name => "ubuntu-1204",
:box => "bento/ubuntu-12.04",
:ip => '10.0.0.11',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1404",
:box => "bento/ubuntu-14.04",
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1604",
:box => "bento/ubuntu-16.04",
:ip => '10.0.0.13',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-7",
:box => "bento/debian-7",
:ip => '10.0.0.14',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-8",
:box => "bento/debian-8",
:ip => '10.0.0.15',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-9",
:box => "bento/debian-9",
:ip => '10.0.0.16',
:cpu => "50",
:ram => "256"
},
]
Vagrant.configure("2") do |config|
boxes.each do |box|
config.vm.define box[:name] do |vms|
vms.vm.box = box[:box]
vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
vms.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
v.customize ["modifyvm", :id, "--memory", box[:ram]]
end
vms.vm.network :private_network, ip: box[:ip]
vms.vm.provision :ansible do |ansible|
ansible.playbook = "tests/vagrant.yml"
ansible.verbose = "vv"
end
end
end
end
# defaults file for postfix
---
postfix_install:
- postfix
- mailutils
- libsasl2-2
- sasl2-bin
- libsasl2-modules
postfix_hostname: "{{ ansible_fqdn }}"
postfix_mailname: "{{ ansible_fqdn }}"
postfix_aliases: []
postfix_virtual_aliases: []
postfix_sender_canonical_maps: []
postfix_generic: []
postfix_relayhost: false
postfix_relayhost_port: ""
postfix_relaytls: false
postfix_sasl_auth_enable: ""
postfix_sasl_user: "postmaster@{{ ansible_domain }}"
postfix_sasl_password: 'k8+haga4@#pR'
postfix_sasl_security_options: ""
postfix_inet_interfaces: all
postfix_inet_protocols: all
postfix_mydestination:
- "{{ postfix_hostname }}"
- localdomain
- localhost
- localhost.localdomain
postfix_mynetworks:
- 127.0.0.0/8
- '[::ffff:127.0.0.0]/104'
- '[::1]/128'
postfix_smtpd_banner: '$myhostname ESMTP $mail_name (Ubuntu)'
postfix_disable_vrfy_command: false
postfix_message_size_limit: 10240000
# handlers file for postfix
---
- name: restart postfix
command: /bin/true
notify:
- remove pid
- restart service
- name: remove pid
file:
path: "~postfix/pid/master.pid"
state: absent
when: is_docker_guest
- name: restart service
service:
name: postfix
state: restarted
when: service_default_state | default('started') == 'started'
- name: new aliases
command: newaliases
- name: new virtual aliases
command: postmap /etc/postfix/virtual
- name: postmap sasl_passwd
command: postmap hash:/etc/postfix/sasl_passwd
- name: postmap sender_canonical_maps
command: postmap hash:/etc/postfix/sender_canonical_maps
- name: postmap generic
command: postmap hash:/etc/postfix/generic
- name: postmap transport
command: postmap /etc/postfix/transport
{install_date: 'Thu May 10 03:02:15 2018', version: v2.3.6}
# meta file for postfix
---
galaxy_info:
author: Mischa ter Smitten
company: Oefenweb.nl B.V.
description: Set up a postfix server in Debian-like systems
license: MIT
min_ansible_version: 2.0.0.0
platforms:
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- name: Debian
versions:
- wheezy
- jessie
- stretch
galaxy_tags:
- system
- web
dependencies: []
# tasks file for postfix
---
- name: facts | set
set_fact:
is_docker_guest: "{{ ansible_virtualization_role | default('host') == 'guest' and ansible_virtualization_type | default('none') == 'docker' }}"
tags:
- configuration
- postfix
- postfix-facts
- name: configure debconf
debconf:
name: "{{ item.name }}"
question: "{{ item.question }}"
value: "{{ item.value }}"
vtype: "{{ item.vtype }}"
with_items: "{{ postfix_debconf_selections }}"
tags:
- configuration
- postfix
- postfix-install
- name: install package
apt:
name: "{{ item }}"
state: "{{ apt_install_state | default('latest') }}"
update_cache: true
cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
with_items: "{{ postfix_install }}"
tags:
- configuration
- postfix
- postfix-install
- name: configure mailname
template:
src: etc/mailname.j2
dest: /etc/mailname
owner: root
group: root
mode: 0644
notify: restart postfix
tags:
- configuration
- postfix
- postfix-mailname
- name: update configuration file
template:
src: etc/postfix/main.cf.j2
dest: /etc/postfix/main.cf
owner: root
group: root
mode: 0644
notify: restart postfix
tags:
- configuration
- postfix
- postfix-configuration
- name: update transport maps
template:
src: etc/postfix/transport.j2
dest: /etc/postfix/transport
owner: root
group: root
mode: 0644
notify: postmap transport
tags:
- configuration
- name: configure sasl username/password
template:
src: etc/postfix/sasl_passwd.j2
dest: /etc/postfix/sasl_passwd
owner: root
group: root
mode: 0600
when: postfix_relayhost != false
no_log: true
notify:
- postmap sasl_passwd
- restart postfix
tags:
- configuration
- postfix
- postfix-sasl-passwd
- name: configure aliases
lineinfile:
dest: /etc/aliases
regexp: '^{{ item.user }}:.*'
line: '{{ item.user }}: {{ item.alias }}'
owner: root
group: root
mode: 0644
create: true
state: present
with_items: "{{ postfix_aliases }}"
notify:
- new aliases
- restart postfix
tags:
- configuration
- postfix
- postfix-aliases
- name: configure virtual aliases
lineinfile:
dest: /etc/postfix/virtual
regexp: '^{{ item.virtual }}.*'
line: '{{ item.virtual }} {{ item.alias }}'
owner: root
group: root
mode: 0644
create: true
state: present
with_items: "{{ postfix_virtual_aliases }}"
notify:
- new virtual aliases
- restart postfix
tags:
- configuration
- postfix
- postfix-virtual-aliases
- name: configure sender canonical maps
lineinfile:
dest: /etc/postfix/sender_canonical_maps
regexp: '^{{ item.sender }}.*'
line: '{{ item.sender }} {{ item.rewrite }}'
owner: root
group: root
mode: 0644
create: true
state: present
with_items: "{{ postfix_sender_canonical_maps }}"
notify:
- postmap sender_canonical_maps
- restart postfix
- name: configure generic table
lineinfile:
dest: /etc/postfix/generic
regexp: '^{{ item.pattern }}.*'
line: '{{ item.pattern }} {{ item.result }}'
owner: root
group: root
mode: 0644
create: true
state: present
with_items: "{{ postfix_generic }}"
notify: