Add opensmtpd-relay role

193713fd · Thomas Schneider · 2d64d3b9 · 193713fd · 193713fd · 193713fd
Commit 193713fd authored 2 years ago by Thomas Schneider
--- a/opensmtpd-relay/defaults/main.yml
+++ b/opensmtpd-relay/defaults/main.yml
+---
+opensmtpd_system_user_max: 999
+mailname: example.org
+opensmtpd_relayhost: mail.example.org
+adminaddr: admin@{{ mailname }}
--- a/opensmtpd-relay/handlers/main.yml
+++ b/opensmtpd-relay/handlers/main.yml
+---
+- name: Restart OpenSMTPD
+  systemd:
+    name: opensmtpd.service
+    state: restarted
--- a/opensmtpd-relay/tasks/main.yml
+++ b/opensmtpd-relay/tasks/main.yml
+---
+- name: Install OpenSMTPD and required tools
+  package:
+    name:
+      - opensmtpd
+      - moreutils  # sponge, for update-opensmtpd-system-user
+    state: present
+- name: Remove esmtp
+  package:
+    name: esmtp
+    state: absent
+- name: Configure mailname
+  copy:
+    content: "{{ mailname }}\n"
+    dest: /etc/{{ "opensmtpd/" if is_rhel }}mailname
+    owner: root
+    group: root
+    mode: "0644"
+  notify:
+    - Restart OpenSMTPD
+- name: Configure smtpd.conf
+  template:
+    src: smtpd.conf.j2
+    dest: /etc/{{ "opensmtpd/" if is_rhel }}smtpd.conf
+    owner: root
+    group: root
+    mode: "0644"
+    validate: /usr/sbin/smtpd -f %s -n
+  notify:
+    - Restart OpenSMTPD
+- name: Install update-opensmtpd-system-user script
+  template:
+    src: update-opensmtpd-system-user.j2
+    dest: /usr/local/sbin/update-opensmtpd-system-user
+    owner: root
+    group: root
+    mode: "0754"
+- name: Configure system-user table cronjob
+  cron:
+    name: opensmtpd-system-user
+    cron_file: opensmtpd-system-user
+    user: root
+    minute: "*/5"
+    job: /usr/local/sbin/update-opensmtpd-system-user
+- name: Enable and start OpenSMTPD
+  systemd:
+    name: opensmtpd.service
+    state: started
+    enabled: true
--- a/opensmtpd-relay/templates/smtpd.conf.j2
+++ b/opensmtpd-relay/templates/smtpd.conf.j2
+table systemusers file:/etc/opensmtpd/systemusers
+filter "local-system-user" phase rcpt-to match rcpt-to <systemusers> rewrite "<{{ adminaddr }}>"
+listen on localhost filter "local-system-user"
+listen on socket filter "local-system-user"
+action "relay" relay host "{{ opensmtpd_relayhost }}" helo "{{ ansible_fqdn }}"
+match from local for any action "relay"
--- a/opensmtpd-relay/templates/update-opensmtpd-system-user.j2
+++ b/opensmtpd-relay/templates/update-opensmtpd-system-user.j2
+#!/usr/bin/env bash
+set -e
+set -o pipefail
+getent passwd | awk -F: \
+	'$3 <= {{ opensmtpd_system_user_max }} { print $1 "@{{ mailname }}" }' \
+	| sponge /etc/{{ "opensmtpd/" if is_rhel }}systemusers