diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cc1f8ec..c22a6afa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -97,6 +97,9 @@ The **patch** part changes is incremented if multiple releases happen the same m * dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »). * dovecot: fix missing default mails * webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice) +* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode) +* nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode +* postfix: remove dependency on evolinux_fqdn var * roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL) ### Removed diff --git a/dovecot/defaults/main.yml b/dovecot/defaults/main.yml index 7959befc..77bbfa05 100644 --- a/dovecot/defaults/main.yml +++ b/dovecot/defaults/main.yml @@ -2,6 +2,5 @@ general_alert_email: "root@localhost" log2mail_alert_email: Null - dovecot_vmail_uid: 5000 dovecot_vmail_gid: 5000 diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 7811ae89..97f5540e 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -159,12 +159,10 @@ evolinux_root_disable_ssh: False # postfix evolinux_postfix_include: True - -evolinux_postfix_packages: True +evolinux_mail_aliases_include: True evolinux_postfix_users_alias_root: True evolinux_postfix_mailer_alias_root: True evolinux_postfix_root_alias: True -evolinux_postfix_purge_exim: True # logs diff --git a/evolinux-base/files/cert.sh b/evolinux-base/files/cert.sh index 2782ec15..f43a9dad 100644 --- a/evolinux-base/files/cert.sh +++ b/evolinux-base/files/cert.sh @@ -34,3 +34,4 @@ else usage exit 1 fi + diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/mail_aliases.yml similarity index 52% rename from evolinux-base/tasks/postfix.yml rename to evolinux-base/tasks/mail_aliases.yml index d9dba3e2..4007d415 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/mail_aliases.yml @@ -1,36 +1,5 @@ --- -- name: Postfix packages are installed - ansible.builtin.apt: - name: - - postfix - - mailgraph - state: present - tags: - - packages - - postfix - when: evolinux_postfix_packages | bool - -- name: configure postfix myhostname - ansible.builtin.lineinfile: - dest: /etc/postfix/main.cf - state: present - line: "myhostname = {{ evolinux_fqdn }}" - regexp: '^myhostname' - notify: reload postfix - tags: - - postfix - -- name: configure postfix mynetworks - ansible.builtin.lineinfile: - dest: /etc/postfix/main.cf - state: present - line: "mydestination = {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} localhost.localdomain localhost localhost.$mydomain" - regexp: '^mydestination' - notify: reload postfix - tags: - - postfix - - name: fetch users list ansible.builtin.shell: cmd: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root" @@ -81,18 +50,3 @@ - ansible.builtin.meta: flush_handlers -- name: exim4 is absent - ansible.builtin.apt: - name: - - exim4 - - exim4-base - - exim4-config - - exim4-daemon-light - purge: yes - state: absent - tags: - - packages - - postfix - when: evolinux_postfix_purge_exim | bool - -- ansible.builtin.meta: flush_handlers diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml index b8f64844..d27b69eb 100644 --- a/evolinux-base/tasks/main.yml +++ b/evolinux-base/tasks/main.yml @@ -81,9 +81,16 @@ ansible.builtin.import_tasks: root.yml when: evolinux_root_include | bool -- name: Postfix - ansible.builtin.import_tasks: postfix.yml +- name: Postfix role + ansible.builtin.include_role: + name: evolix/postfix when: evolinux_postfix_include | bool + tags: + - postfix + +- name: Configure /etc/aliases + ansible.builtin.import_tasks: mail_aliases.yml + when: evolinux_mail_aliases_include | bool - name: Logs management ansible.builtin.import_tasks: logs.yml @@ -132,6 +139,14 @@ name: evolix/check_free_space when: evolinux_check_free_space_include | bool +# postfix role must be after nagios-nrpe role +- name: Postfix role + ansible.builtin.include_role: + name: evolix/postfix + when: evolinux_postfix_include | bool + tags: + - postfix + - name: Autosysadmin ansible.builtin.include_role: name: 'evolix/autosysadmin' diff --git a/postfix/defaults/main.yml b/postfix/defaults/main.yml index 55ab72cd..4632d79b 100644 --- a/postfix/defaults/main.yml +++ b/postfix/defaults/main.yml @@ -1,5 +1,7 @@ --- -postfix_hostname: "{{ ansible_fqdn }}" +postfix_hostname: "{{ evolinux_hostname }}.{{ evolinux_domain }}" postfix_force_main_cf: False postfix_packmail: False -postfix_slow_transport_include: "{{ postfix_packmail }}" +postfix_slow_transport_include: False +postfix_purge_exim: True + diff --git a/postfix/tasks/common.yml b/postfix/tasks/common.yml index 29e6dd07..b2a09398 100644 --- a/postfix/tasks/common.yml +++ b/postfix/tasks/common.yml @@ -1,11 +1,32 @@ ---- -- name: check if main.cf is default +- name: Postfix packages are installed + ansible.builtin.apt: + name: + - postfix + - mailgraph + state: present + tags: + - postfix + +- name: exim4 is absent + ansible.builtin.apt: + name: + - exim4 + - exim4-base + - exim4-config + - exim4-daemon-light + purge: yes + state: absent + tags: + - postfix + when: postfix_purge_exim | bool + +- name: compute main.cf SHA1 checksum ansible.builtin.shell: - cmd: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -' + cmd: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | sha1sum | cut -d " " -f1' changed_when: False check_mode: no - register: default_main_cf + register: main_cf_checksum tags: - postfix diff --git a/postfix/tasks/minimal.yml b/postfix/tasks/minimal.yml index 36327b3e..b7bd29d0 100644 --- a/postfix/tasks/minimal.yml +++ b/postfix/tasks/minimal.yml @@ -1,10 +1,8 @@ --- -- name: ensure packages are installed - ansible.builtin.apt: - name: postfix - state: present - tags: - - postfix + +- name: display checksums of known main.cf files + debug: + var: main_cf_known_checksums - name: create minimal main.cf ansible.builtin.template: @@ -15,6 +13,6 @@ mode: "0644" force: true notify: restart postfix - when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout) + when: (postfix_force_main_cf | bool) or (main_cf_checksum.stdout in main_cf_known_checksums) tags: - postfix diff --git a/postfix/tasks/packmail-spam.yml b/postfix/tasks/packmail-spam.yml index 114be769..f90f8cae 100644 --- a/postfix/tasks/packmail-spam.yml +++ b/postfix/tasks/packmail-spam.yml @@ -1,8 +1,6 @@ --- -- name: "mount /usr in rw" - ansible.builtin.command: - cmd: 'mount -o remount,rw /usr' - changed_when: False +- ansible.builtin.include_role: + name: evolix/remount-usr tags: postfix - name: copy spam.sh script diff --git a/postfix/tasks/packmail.yml b/postfix/tasks/packmail.yml index 6562e0d3..692024fa 100644 --- a/postfix/tasks/packmail.yml +++ b/postfix/tasks/packmail.yml @@ -1,11 +1,9 @@ --- -- name: ensure packages are installed +- name: Complementary packmail packages are installed ansible.builtin.apt: name: - - postfix - postfix-ldap - postfix-policyd-spf-python - - mailgraph state: present tags: - postfix @@ -24,6 +22,10 @@ enabled: yes state: started +- name: display checksums of known main.cf files + debug: + var: main_cf_known_checksums + - name: create packmail main.cf ansible.builtin.template: src: packmail_main.cf.j2 @@ -33,7 +35,7 @@ mode: "0644" force: true notify: restart postfix - when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout) + when: (postfix_force_main_cf | bool) or (main_cf_checksum.stdout in main_cf_known_checksums) tags: - postfix diff --git a/postfix/templates/packmail_main.cf.j2 b/postfix/templates/packmail_main.cf.j2 index 65c95866..4bcbb2dd 100644 --- a/postfix/templates/packmail_main.cf.j2 +++ b/postfix/templates/packmail_main.cf.j2 @@ -66,7 +66,7 @@ smtpd_banner = $myhostname ESMTP mail server # Indique le nom d'hote pleinement qualifie ou se trouve postfix [OBLIGATOIRE] #par defaut, = [retour de la commande Unix hostname] -myhostname = {{ ansible_fqdn }} +myhostname = {{ postfix_hostname }} # Variable indiquant le domaine dans lequel se trouve la machine #par defaut, = [partie domain de la variable $myhostname] diff --git a/postfix/vars/main.yml b/postfix/vars/main.yml index e8a773c9..8d612f2e 100644 --- a/postfix/vars/main.yml +++ b/postfix/vars/main.yml @@ -1,5 +1,9 @@ --- -## MD5 hash of default main.cf filter, obtained with this command : -# grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum - -postfix_maincf_md5_jessie: "5450c05d65878e99dad696c7c722e511" -postfix_maincf_md5_stretch: "30022953f1f61f002bfb72e163ecb27e" +# Output of default main.cf: +# grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | sha1sum | cut -d " " -f1 +main_cf_known_checksums: + - 72bd6999f053ea89b359e233cf252616ee6e2fbb # bookworm + - efd078215285ad520addee5b11af869717627b95 # bullseye + - c7d1e008120565927b213be1bf646fddfa949dc6 # buster + - 8b4de47321a9c003bf414a683c0d056b4469b325 # stretch + - f72feb50754830a7d8ae46f28e86d758881bcfc3 # jessie