blob: d461d30f0ca44027677bb75dae2e1afc3af6ba49 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
- name: setup
hosts: mail_server
become: yes
tasks:
- name: set system hostname
hostname:
name: "{{ mail_domain }}"
- name: install packages
package:
name:
- ufw
- gnupg
- certbot
state: latest
- name: allow http for certificate challenges
ufw:
rule: allow
port: '80'
proto: tcp
- name: allow smtp
ufw:
rule: allow
port: '25'
proto: tcp
- name: allow smtps
become: yes
ufw:
rule: allow
port: '465'
proto: tcp
- name: allow imaps
ufw:
rule: allow
port: '993'
proto: tcp
- name: get certificate
command:
cmd: "certbot certonly --standalone -d {{ mail_domain }} -m {{ cert_email }} --non-interactive --agree-tos --no-eff-email"
- name: configure services
hosts: mail_server
become: yes
roles:
- postfix
- dovecot
- opendkim
- opendmarc
- postgrey
- spamassassin
- policyd_spf
- name: get dns recordV
hosts: mail_server
become: yes
tasks:
- name: get dns entries
shell: |
pubkey="$(tr -d '\n' </etc/dkimkeys/{{ dkim_selector }}.txt | sed "s/^.*p=/p=/;s/\" ) ;.*$//" | tr -d "\"[:space:]")"
dkimdns="{{ dkim_selector }}._domainkey IN TXT \"v=DKIM1; k=rsa; $pubkey\""
dmarcdns="_dmarc IN TXT \"v=DMARC1; p=reject; rua=mailto:dmarc@{{ domain }}; fo=1\""
spfdns="@ IN TXT \"v=spf1 a:{{ mail_domain }} -all\""
echo "DNS Entries
DKIM: $dkimdns
DMARC: $dmarcdns
SPF: $spfdns" > $HOME/dns_records
register: dns_result
- name: inform where to get records
debug:
msg: "You can now find the DNS records you need to set at /home/root/dns_records"
|
