diff options
| author | Roman Ilin <me@romanilin.is> | 2026-06-15 12:59:09 +0300 |
|---|---|---|
| committer | Roman Ilin <me@romanilin.is> | 2026-06-15 22:04:41 +0300 |
| commit | 5e4bf1268c266e63d0e92e845ad910a2103b86ff (patch) | |
| tree | 532c01a9658a05048ef1ba76d4f30fca84005643 /roles/mail/tasks/main.yaml | |
| download | infrastructure-5e4bf1268c266e63d0e92e845ad910a2103b86ff.tar.gz | |
Diffstat (limited to 'roles/mail/tasks/main.yaml')
| -rw-r--r-- | roles/mail/tasks/main.yaml | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml new file mode 100644 index 0000000..66b4215 --- /dev/null +++ b/roles/mail/tasks/main.yaml @@ -0,0 +1,61 @@ +- name: Install Mail Packages + ansible.builtin.dnf: + name: + - postfix + - dovecot + - opendkim + - opendkim-tools + state: present + +- name: Ensure OpenDKIM keys directory exists + ansible.builtin.file: + path: "/etc/opendkim/keys/{{ vault_public_domain }}" + state: directory + owner: opendkim + group: opendkim + mode: "0750" + +- name: Generate DKIM Key + ansible.builtin.command: + cmd: "opendkim-genkey -a ed25519 -s default -d {{ vault_public_domain }} -D /etc/opendkim/keys/{{ vault_public_domain }}/" + creates: "/etc/opendkim/keys/{{ vault_public_domain }}/default.private" + notify: Fix DKIM permissions + +- name: Configure OpenDKIM mappings + ansible.builtin.copy: + dest: "{{ item.path }}" + content: "{{ item.content }}" + mode: "0644" + loop: + - { path: /etc/opendkim/KeyTable, content: "default._domainkey.{{ vault_public_domain }} {{ vault_public_domain }}:default:/etc/opendkim/keys/{{ vault_public_domain }}/default.private\n" } + - { path: /etc/opendkim/SigningTable, content: "*@{{ vault_public_domain }} default._domainkey.{{ vault_public_domain }}\n" } + - { path: /etc/opendkim/TrustedHosts, content: "127.0.0.1\nlocalhost\n10.0.0.0/24\n" } + notify: Restart Mail Services + +- name: Deploy Configurations + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "0644" + loop: + - { src: postfix_main.cf.j2, dest: /etc/postfix/main.cf } + - { src: postfix_master.cf.j2, dest: /etc/postfix/master.cf } + - { src: dovecot.conf.j2, dest: /etc/dovecot/dovecot.conf } + - { src: opendkim.conf.j2, dest: /etc/opendkim.conf } + notify: Restart Mail Services + +- name: Add Mail User + ansible.builtin.user: + name: me + shell: /sbin/nologin + password: "{{ vault_mail_user_password | password_hash('sha512') }}" + +- name: Ensure Services are Enabled and Running + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: yes + loop: + - postfix + - dovecot + - opendkim |