diff --git a/inventory/group_vars/all b/inventory/group_vars/all index d4f9ba7..fc11c01 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -19,6 +19,8 @@ bgp_ipv6_transfer_net: fd37:b4dc:4b1e::/64 http_domain_internal: ffmwu.org http_domain_external: freifunk-mwu.de +mail_domain: freifunk-mwu.de + meshes: - id: mz site_number: 37 diff --git a/playbooks/gateways.yml b/playbooks/gateways.yml index fcefd39..bcf224f 100755 --- a/playbooks/gateways.yml +++ b/playbooks/gateways.yml @@ -33,3 +33,4 @@ - service-bind-slave - service-respondd - service-vnstat + - service-nullmailer diff --git a/roles/service-nullmailer/README.md b/roles/service-nullmailer/README.md new file mode 100644 index 0000000..59ebfa6 --- /dev/null +++ b/roles/service-nullmailer/README.md @@ -0,0 +1,15 @@ +# Ansible role service-nullmailer + +Diese Ansible role installiert postfix und konfiguriert diesen als null client. + +- schreibt /etc/mailname +- schreibt /etc/postfix/main.cf +- setzt root alias in /etc/aliases + +## Benötigte Variablen + +- Variable `inventory_hostname` +- Variable `mail_domain` (Gruppen-Variable) +- Liste `nullmailer_packages` (Rollen-Variable) +- Variable `nullmailer_relayhost`(Rollen-Variable) +- Variable `admin_mail_address` (Rollen-Variable) diff --git a/roles/service-nullmailer/handlers/main.yml b/roles/service-nullmailer/handlers/main.yml new file mode 100644 index 0000000..b221d8f --- /dev/null +++ b/roles/service-nullmailer/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: reload systemd unit postfix + systemd: + name: postfix + state: reloaded + +- name: restart systemd unit postfix + systemd: + name: postfix + state: restarted + +- name: run postalias + command: postalias /etc/aliases + changed_when: False diff --git a/roles/service-nullmailer/tasks/main.yml b/roles/service-nullmailer/tasks/main.yml new file mode 100644 index 0000000..b43b502 --- /dev/null +++ b/roles/service-nullmailer/tasks/main.yml @@ -0,0 +1,32 @@ +--- +- name: install postfix packages + package: + name: "{{ item }}" + state: present + with_items: "{{ nullmailer_packages }}" + +- name: write /etc/mailname + template: + src: mailname.j2 + dest: /etc/mailname + mode: 0644 + owner: root + group: root + notify: reload systemd unit postfix + +- name: configure mail aliases + lineinfile: + path: /etc/aliases + state: present + regexp: '^root:' + line: "root: {{ admin_mail_address }}" + notify: run postalias + +- name: write /etc/postfix/main.cf + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + mode: 0644 + owner: root + group: root + notify: reload systemd unit postfix diff --git a/roles/service-nullmailer/templates/mailname.j2 b/roles/service-nullmailer/templates/mailname.j2 new file mode 100644 index 0000000..46f839c --- /dev/null +++ b/roles/service-nullmailer/templates/mailname.j2 @@ -0,0 +1 @@ +{{ mail_domain }} diff --git a/roles/service-nullmailer/templates/main.cf.j2 b/roles/service-nullmailer/templates/main.cf.j2 new file mode 100644 index 0000000..beed284 --- /dev/null +++ b/roles/service-nullmailer/templates/main.cf.j2 @@ -0,0 +1,48 @@ +# +# {{ ansible_managed }} +# +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = /usr/share/doc/postfix + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# TLS parameters +smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls = yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache +smtp_tls_security_level = encrypt + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myhostname = {{ inventory_hostname }} +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = +relayhost = {{ nullmailer_relayhost }} +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = loopback-only +inet_protocols = all +html_directory = /usr/share/doc/postfix/html diff --git a/roles/service-nullmailer/vars/main.yml b/roles/service-nullmailer/vars/main.yml new file mode 100644 index 0000000..2563887 --- /dev/null +++ b/roles/service-nullmailer/vars/main.yml @@ -0,0 +1,8 @@ +--- +nullmailer_packages: + - postfix + - postfix-doc + - mailutils + +nullmailer_relayhost: "[fd37:b4dc:4b1e::a25:101]" +admin_mail_address: "admin@lists.freifunk-mwu.de"