--- - name: ensure we got the MTA-STS resolver software installed apt: state: "{{ 'present' if postfix_enable_mta_sts else 'absent' }}" name: postfix-mta-sts-resolver # yamllint disable-line rule:line-length - name: ensure the MTA-STS resolver can put its socket somewhere reachable (tmpfiles) copy: src: mta-sts-tmpfiles.conf dest: /etc/tmpfiles.d/mta-sts.conf owner: root group: root mode: '0644' when: postfix_enable_mta_sts notify: - create tmpfiles - restart mta-sts resolver # yamllint disable-line rule:line-length - name: ensure the MTA-STS resolver can put its socket somewhere reachable (overrideable) file: state: directory path: /etc/systemd/system/postfix-mta-sts-resolver.service.d/ owner: root group: root mode: '0755' when: postfix_enable_mta_sts notify: - reload systemd service files - restart mta-sts resolver # yamllint disable-line rule:line-length - name: ensure the MTA-STS resolver can put its socket somewhere reachable (service) copy: src: mta-sts-override.conf dest: /etc/systemd/system/postfix-mta-sts-resolver.service.d/rw-paths.conf owner: root group: root mode: '0644' when: postfix_enable_mta_sts notify: - reload systemd service files - restart mta-sts resolver - name: ensure MTA-STS resolver overrides are deconfigured when disabled file: path: "{{ item }}" state: absent with_items: - /etc/systemd/system/postfix-mta-sts-resolver.service.d/rw-paths.conf - /etc/systemd/system/postfix-mta-sts-resolver.service.d/ - /etc/tmpfiles.d/mta-sts.conf when: not postfix_enable_mta_sts notify: - reload systemd service files - name: ensure the MTA-STS resolver is configured copy: src: mta-sts-daemon.yml dest: /etc/mta-sts-daemon.yml owner: root group: root mode: '0644' when: postfix_enable_mta_sts notify: - restart mta-sts resolver - name: ensure the MTA-STS resolver is up and running service: name: postfix-mta-sts-resolver enabled: "{{ postfix_enable_mta_sts|string }}" state: "{{ 'started' if postfix_enable_mta_sts else 'stopped' }}"