mta-sts.yml 1.99 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
---

- name: ensure we got the MTA-STS resolver software installed
  apt:
    state: "{{ 'present' if postfix_enable_mta_sts else 'absent' }}"
    name: postfix-mta-sts-resolver

- name: ensure the MTA-STS resolver can put its socket somewhere reachable (tmpfiles)
  copy:
    src: mta-sts-tmpfiles.conf
    dest: /etc/tmpfiles.d/mta-sts.conf
    owner: root
    group: root
    mode: '0644'
  when: postfix_enable_mta_sts
  notify:
    - create tmpfiles
    - restart mta-sts resolver

- name: ensure the MTA-STS resolver can put its socket somewhere reachable (overrideable)
  file:
    state: directory
    path: /etc/systemd/system/postfix-mta-sts-resolver.service.d/
    owner: root
    group: root
    mode: '0755'
  when: postfix_enable_mta_sts
  notify:
    - reload systemd service files
    - restart mta-sts resolver

- name: ensure the MTA-STS resolver can put its socket somewhere reachable (service)
  copy:
    src: mta-sts-override.conf
    dest: /etc/systemd/system/postfix-mta-sts-resolver.service.d/rw-paths.conf
    owner: root
    group: root
    mode: '0644'
  when: postfix_enable_mta_sts
  notify:
    - reload systemd service files
    - restart mta-sts resolver

- name: ensure MTA-STS resolver overrides are deconfigured when disabled
  file:
    path: "{{ item }}"
    state: absent
  with_items:
    - /etc/systemd/system/postfix-mta-sts-resolver.service.d/rw-paths.conf
    - /etc/systemd/system/postfix-mta-sts-resolver.service.d/
    - /etc/tmpfiles.d/mta-sts.conf
  when: not postfix_enable_mta_sts
  notify:
    - reload systemd service files

- name: ensure the MTA-STS resolver is configured
  copy:
    src: mta-sts-daemon.yml
    dest: /etc/mta-sts-daemon.yml
    owner: root
    group: root
    mode: '0644'
  when: postfix_enable_mta_sts
  notify:
    - restart mta-sts resolver

- name: ensure the MTA-STS resolver is up and running
  service:
    name: postfix-mta-sts-resolver
    enabled: "{{ postfix_enable_mta_sts|string }}"
    state: "{{ 'started' if postfix_enable_mta_sts else 'stopped' }}"