Compare commits
12 commits
Author | SHA1 | Date | |
---|---|---|---|
ce7d8e2340 | |||
9167b1e0d5 | |||
4379438163 | |||
e0ed5a9445 | |||
cc4aa85544 | |||
190d8ea64b | |||
e930a7c4f1 | |||
795b2a0b97 | |||
7ad695f01d | |||
bf42814c6e | |||
0098bbc6a1 | |||
a7a5cb3126 |
20 changed files with 270 additions and 161 deletions
18
.forgejo/workflows/molecule.yml
Normal file
18
.forgejo/workflows/molecule.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
on: [push]
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: ansible-lint .
|
||||||
|
- run: yamllint .
|
||||||
|
molecule:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: code.waks.be/nishiki/molecule:docker
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
- run: molecule test
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,2 +1,2 @@
|
||||||
.kitchen/*
|
.kitchen/*
|
||||||
|
*.pyc
|
||||||
|
|
10
.gitlab-ci.yml
Normal file
10
.gitlab-ci.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
image: nishiki/molecule:docker
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- molecule --version
|
||||||
|
|
||||||
|
molecule:
|
||||||
|
stage: test
|
||||||
|
script:
|
||||||
|
- molecule test
|
27
.kitchen.yml
27
.kitchen.yml
|
@ -1,27 +0,0 @@
|
||||||
---
|
|
||||||
driver:
|
|
||||||
name: docker_cli
|
|
||||||
|
|
||||||
transport:
|
|
||||||
name: docker_cli
|
|
||||||
|
|
||||||
provisioner:
|
|
||||||
name: ansible_playbook
|
|
||||||
hosts: localhost
|
|
||||||
require_ansible_repo: false
|
|
||||||
require_ansible_omnibus: false
|
|
||||||
require_chef_for_busser: true
|
|
||||||
ansible_verbose: false
|
|
||||||
ansible_inventory: ./test/integration/inventory
|
|
||||||
|
|
||||||
platforms:
|
|
||||||
- name: debian-9
|
|
||||||
driver_config:
|
|
||||||
image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.7' %>"
|
|
||||||
command: /bin/systemd
|
|
||||||
volume:
|
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
||||||
security_opt: seccomp=unconfined
|
|
||||||
|
|
||||||
suites:
|
|
||||||
- name: default
|
|
38
.rubocop.yml
38
.rubocop.yml
|
@ -1,38 +0,0 @@
|
||||||
---
|
|
||||||
AllCops:
|
|
||||||
Exclude:
|
|
||||||
- db/**/*
|
|
||||||
- config/**/*
|
|
||||||
- Vagrantfile
|
|
||||||
TargetRubyVersion: 2.4
|
|
||||||
|
|
||||||
Naming/AccessorMethodName:
|
|
||||||
Enabled: false
|
|
||||||
|
|
||||||
Lint/RescueWithoutErrorClass:
|
|
||||||
Enabled: false
|
|
||||||
|
|
||||||
Metrics/LineLength:
|
|
||||||
Max: 120
|
|
||||||
Metrics/CyclomaticComplexity:
|
|
||||||
Enabled: false
|
|
||||||
Metrics/PerceivedComplexity:
|
|
||||||
Enabled: false
|
|
||||||
Metrics/MethodLength:
|
|
||||||
Enabled: false
|
|
||||||
Metrics/BlockLength:
|
|
||||||
Enabled: false
|
|
||||||
Metrics/ClassLength:
|
|
||||||
Enabled: false
|
|
||||||
Metrics/AbcSize:
|
|
||||||
Enabled: false
|
|
||||||
|
|
||||||
Style/NumericLiteralPrefix:
|
|
||||||
Enabled: false
|
|
||||||
Style/FrozenStringLiteralComment:
|
|
||||||
Enabled: false
|
|
||||||
Style/CommandLiteral:
|
|
||||||
Enabled: true
|
|
||||||
EnforcedStyle: percent_x
|
|
||||||
Style/Documentation:
|
|
||||||
Enabled: false
|
|
29
CHANGELOG.md
29
CHANGELOG.md
|
@ -5,5 +5,32 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
## [v1.0.0] - 2019-03-07
|
### Changed
|
||||||
|
|
||||||
|
- test: use personal docker registry
|
||||||
|
|
||||||
|
## v2.0.0 - 2021-08-20
|
||||||
|
|
||||||
|
### Breaked
|
||||||
|
|
||||||
|
- use new variable postfix_config
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- test: add suport debian 10 and 11
|
||||||
|
- feat: add bsd-mailx package
|
||||||
|
- feat: add transport map
|
||||||
|
- feat: add aliases
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- chore: use FQCN for module name
|
||||||
|
- test: replace kitchen to molecule
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
- test: remove support debian 9
|
||||||
|
|
||||||
|
## v1.0.0 - 2019-03-07
|
||||||
|
|
||||||
- first version
|
- first version
|
||||||
|
|
71
README.md
71
README.md
|
@ -1,20 +1,53 @@
|
||||||
# Ansible role: Postfix MTA
|
# Ansible role: Postfix MTA
|
||||||
[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-postfix_mta/releases)
|
|
||||||
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-postfix_mta/src/branch/master/LICENSE)
|
[![Version](https://img.shields.io/badge/latest_version-2.0.0-green.svg)](https://code.waks.be/nishiki/ansible-role-postfix_mta/releases)
|
||||||
|
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://code.waks.be/nishiki/ansible-role-postfix_mta/src/branch/main/LICENSE)
|
||||||
|
[![Build](https://code.waks.be/nishiki/ansible-role-postfix_mta/actions/workflows/molecule.yml/badge.svg?branch=main)](https://code.waks.be/nishiki/ansible-role-postfix_mta/actions?workflow=molecule.yml)
|
||||||
|
|
||||||
Install and configure an simple mta with postfix
|
Install and configure an simple mta with postfix
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* Ansible >= 2.7
|
- Ansible >= 2.9
|
||||||
* Debian Stretch
|
- Debian
|
||||||
|
- Bullseye
|
||||||
|
- Bookworm
|
||||||
|
|
||||||
## Role variables
|
## Role variables
|
||||||
|
|
||||||
|
- `postfix_config` - hash with config
|
||||||
|
|
||||||
* `postfix_hostname` - the server hostname (default: `ansible_fqdn`)
|
```
|
||||||
* `postfix_origin` - the domain to send mail (default: `$myhostname`)
|
smtpd_banner: $myhostname ESMTP $mail_name (Debian/GNU)
|
||||||
* `postfix_protocols` - protocols to listen (default: `all`)
|
biff: 'no'
|
||||||
|
append_dot_mydomain: 'no'
|
||||||
|
readme_directory: 'no'
|
||||||
|
compatibility_level: 2
|
||||||
|
myhostname: '{{ ansible_fqdn }}'
|
||||||
|
myorigin: $myhostname
|
||||||
|
mydestination: $myhostname, localhost
|
||||||
|
default_transport: smtp
|
||||||
|
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
||||||
|
mailbox_size_limit: '0'
|
||||||
|
recipient_delimiter: '+'
|
||||||
|
inet_interfaces: localhost
|
||||||
|
inet_protocols: all
|
||||||
|
```
|
||||||
|
|
||||||
|
- `postfix_transports` - hash with the transport configuration
|
||||||
|
|
||||||
|
```
|
||||||
|
google.com: smtp:127.0.0.1
|
||||||
|
```
|
||||||
|
|
||||||
|
- `postfix_aliases` - hash with the aliases
|
||||||
|
|
||||||
|
```
|
||||||
|
root:
|
||||||
|
- abuse
|
||||||
|
- admin
|
||||||
|
admin: root@local.loc
|
||||||
|
```
|
||||||
|
|
||||||
## How to use
|
## How to use
|
||||||
|
|
||||||
|
@ -25,25 +58,21 @@ Install and configure an simple mta with postfix
|
||||||
```
|
```
|
||||||
|
|
||||||
## Development
|
## Development
|
||||||
### Test syntax with yamllint
|
|
||||||
|
|
||||||
* install `python` and `python-pip`
|
### Test with molecule and docker
|
||||||
* install yamllint `pip install yamllint`
|
|
||||||
* run `yamllint .`
|
|
||||||
|
|
||||||
### Test syntax with ansible-lint
|
- install [docker](https://docs.docker.com/engine/installation/)
|
||||||
|
- install `python3` and `python3-pip`
|
||||||
* install `python` and `python-pip`
|
- install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint`
|
||||||
* install yamllint `pip install ansible-lint`
|
- run `molecule test`
|
||||||
* run `ansible-lint .`
|
|
||||||
|
|
||||||
### Tests with docker
|
### Tests with docker
|
||||||
|
|
||||||
* install [docker](https://docs.docker.com/engine/installation/)
|
- install [docker](https://docs.docker.com/engine/installation/)
|
||||||
* install ruby
|
- install ruby
|
||||||
* install bundler `gem install bundler`
|
- install bundler `gem install bundler`
|
||||||
* install dependencies `bundle install`
|
- install dependencies `bundle install`
|
||||||
* run the tests `kitchen test`
|
- run the tests `kitchen test`
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,22 @@
|
||||||
---
|
---
|
||||||
postfix_hostname: '{{ ansible_fqdn }}'
|
postfix_hostname: "{{ ansible_fqdn }}"
|
||||||
postfix_origin: '$myhostname'
|
postfix_origin: "$myhostname"
|
||||||
postfix_protocols: all
|
postfix_config: {}
|
||||||
|
postfix_default_config:
|
||||||
|
smtpd_banner: $myhostname ESMTP $mail_name (Debian/GNU)
|
||||||
|
biff: "no"
|
||||||
|
append_dot_mydomain: "no"
|
||||||
|
readme_directory: "no"
|
||||||
|
compatibility_level: 2
|
||||||
|
myhostname: "{{ ansible_fqdn }}"
|
||||||
|
myorigin: $myhostname
|
||||||
|
mydestination: $myhostname, localhost
|
||||||
|
default_transport: smtp
|
||||||
|
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
||||||
|
mailbox_size_limit: "0"
|
||||||
|
recipient_delimiter: "+"
|
||||||
|
inet_interfaces: localhost
|
||||||
|
inet_protocols: all
|
||||||
|
postfix_full_config: "{{ postfix_default_config | combine(postfix_config) }}"
|
||||||
|
postfix_transports: {}
|
||||||
|
postfix_aliases: {}
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
---
|
---
|
||||||
- name: reload postfix
|
- name: Reload postfix
|
||||||
systemd:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: Map transport # noqa no-changed-when
|
||||||
|
ansible.builtin.command: postmap /etc/postfix/transport
|
||||||
|
|
||||||
|
- name: Map aliases # noqa no-changed-when
|
||||||
|
ansible.builtin.command: postalias /etc/postfix/aliases
|
||||||
|
|
|
@ -1,16 +1,18 @@
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
role_name: postfix-mta
|
role_name: postfix_mta
|
||||||
|
namespace: nishiki
|
||||||
author: Adrien Waksberg
|
author: Adrien Waksberg
|
||||||
company: Adrien Waksberg
|
company: Adrien Waksberg
|
||||||
description: Install and configure a simple mta with postfix
|
description: Install and configure a simple mta with postfix
|
||||||
license: Apache2
|
license: Apache2
|
||||||
min_ansible_version: 2.7
|
min_ansible_version: "2.9"
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- stretch
|
- bullseye
|
||||||
|
- bookworm
|
||||||
|
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
22
molecule/default/converge.yml
Normal file
22
molecule/default/converge.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
roles:
|
||||||
|
- ansible-role-postfix_mta
|
||||||
|
vars:
|
||||||
|
postfix_config:
|
||||||
|
inet_protocols: ipv4
|
||||||
|
transport_maps: hash:/etc/postfix/transport
|
||||||
|
aliases_maps: hash:/etc/postfix/aliases
|
||||||
|
postfix_transports:
|
||||||
|
google.com: smtp:127.0.0.1
|
||||||
|
postfix_aliases:
|
||||||
|
root:
|
||||||
|
- admin
|
||||||
|
- abuse
|
||||||
|
admin: admin@localhost.loc
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: update apt cache
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
28
molecule/default/molecule.yml
Normal file
28
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: debian12
|
||||||
|
image: code.waks.be/nishiki/molecule:debian12
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
|
command: /bin/systemd
|
||||||
|
capabilities:
|
||||||
|
- SYS_ADMIN
|
||||||
|
- name: debian11
|
||||||
|
image: code.waks.be/nishiki/molecule:debian11
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
cgroupns_mode: host
|
||||||
|
command: /bin/systemd
|
||||||
|
capabilities:
|
||||||
|
- SYS_ADMIN
|
||||||
|
lint: |
|
||||||
|
set -e
|
||||||
|
yamllint .
|
||||||
|
ansible-lint .
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
42
molecule/default/tests/test_default.py
Normal file
42
molecule/default/tests/test_default.py
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
def test_packages(host):
|
||||||
|
for package_name in ['postfix', 'bsd-mailx']:
|
||||||
|
package = host.package(package_name)
|
||||||
|
assert package.is_installed
|
||||||
|
|
||||||
|
def test_config_file(host):
|
||||||
|
path = host.file('/etc/postfix/main.cf')
|
||||||
|
assert path.exists
|
||||||
|
assert path.is_file
|
||||||
|
assert path.user == 'root'
|
||||||
|
assert path.group == 'root'
|
||||||
|
assert path.mode == 0o644
|
||||||
|
assert path.contains('inet_protocols = ipv4')
|
||||||
|
|
||||||
|
def test_transport_file(host):
|
||||||
|
path = host.file('/etc/postfix/transport')
|
||||||
|
assert path.exists
|
||||||
|
assert path.is_file
|
||||||
|
assert path.user == 'root'
|
||||||
|
assert path.group == 'root'
|
||||||
|
assert path.mode == 0o644
|
||||||
|
assert path.contains('google.com smtp:127.0.0.1')
|
||||||
|
|
||||||
|
def test_aliases_file(host):
|
||||||
|
path = host.file('/etc/postfix/aliases')
|
||||||
|
assert path.exists
|
||||||
|
assert path.is_file
|
||||||
|
assert path.user == 'root'
|
||||||
|
assert path.group == 'root'
|
||||||
|
assert path.mode == 0o644
|
||||||
|
assert path.contains('root: admin,abuse')
|
||||||
|
|
||||||
|
def test_service(host):
|
||||||
|
service = host.service('postfix')
|
||||||
|
assert service.is_running
|
||||||
|
assert service.is_enabled
|
||||||
|
|
||||||
|
def test_socket(host):
|
||||||
|
socket = host.socket('tcp://127.0.0.1:25')
|
||||||
|
assert socket.is_listening
|
|
@ -1,22 +1,31 @@
|
||||||
---
|
---
|
||||||
- name: install package
|
- name: Install packages
|
||||||
apt:
|
ansible.builtin.package:
|
||||||
name: postfix
|
name:
|
||||||
|
- postfix
|
||||||
|
- bsd-mailx
|
||||||
tags: postfix
|
tags: postfix
|
||||||
|
|
||||||
- name: copy file configuration
|
- name: Copy file configuration
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: main.cf.j2
|
src: '{{ item }}.j2'
|
||||||
dest: /etc/postfix/main.cf
|
dest: '/etc/postfix/{{ item }}'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: reload postfix
|
loop:
|
||||||
|
- main.cf
|
||||||
|
- aliases
|
||||||
|
- transport
|
||||||
|
notify:
|
||||||
|
- Reload postfix
|
||||||
|
- Map aliases
|
||||||
|
- Map transport
|
||||||
tags: postfix
|
tags: postfix
|
||||||
|
|
||||||
- name: enable and start service
|
- name: Enable and start service
|
||||||
systemd:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
tags: postfix
|
tags: postfix
|
||||||
|
|
9
templates/aliases.j2
Normal file
9
templates/aliases.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for alias, redirect in postfix_aliases.items() %}
|
||||||
|
{% if redirect is string %}
|
||||||
|
{{ alias }}: {{ redirect }}
|
||||||
|
{% else %}
|
||||||
|
{{ alias }}: {{ redirect|join(',') }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
|
@ -1,16 +1,5 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
|
{% for option, value in postfix_full_config.items() %}
|
||||||
biff = no
|
{{ option }} = {{ value }}
|
||||||
append_dot_mydomain = no
|
{% endfor %}
|
||||||
readme_directory = no
|
|
||||||
compatibility_level = 2
|
|
||||||
myhostname = {{ postfix_hostname }}
|
|
||||||
myorigin = {{ postfix_origin }}
|
|
||||||
mydestination = $myhostname, localhost
|
|
||||||
default_transport = smtp
|
|
||||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
|
||||||
mailbox_size_limit = 0
|
|
||||||
recipient_delimiter = +
|
|
||||||
inet_interfaces = localhost
|
|
||||||
inet_protocols = {{ postfix_protocols }}
|
|
||||||
|
|
5
templates/transport.j2
Normal file
5
templates/transport.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for domain, transport in postfix_transports.items() %}
|
||||||
|
{{ domain }} {{ transport }}
|
||||||
|
{% endfor %}
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: default
|
|
||||||
connection: local
|
|
||||||
vars:
|
|
||||||
postfix_protocols: ipv4
|
|
||||||
|
|
||||||
roles:
|
|
||||||
- ansible-role-postfix-mta
|
|
|
@ -1,30 +0,0 @@
|
||||||
require 'serverspec'
|
|
||||||
|
|
||||||
set :backend, :exec
|
|
||||||
|
|
||||||
puts
|
|
||||||
puts '================================'
|
|
||||||
puts %x(ansible --version)
|
|
||||||
puts '================================'
|
|
||||||
|
|
||||||
describe package('postfix') do
|
|
||||||
it { should be_installed }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe file('/etc/postfix/main.cf') do
|
|
||||||
it { should be_file }
|
|
||||||
it { should be_mode 644 }
|
|
||||||
it { should be_owned_by 'root' }
|
|
||||||
it { should be_grouped_into 'root' }
|
|
||||||
it { should contain 'protocols = ipv4' }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe service('postfix') do
|
|
||||||
it { should be_enabled }
|
|
||||||
it { should be_running }
|
|
||||||
it { should be_running.under('systemd') }
|
|
||||||
end
|
|
||||||
|
|
||||||
describe port(25) do
|
|
||||||
it { should be_listening }
|
|
||||||
end
|
|
|
@ -1,2 +0,0 @@
|
||||||
[default]
|
|
||||||
localhost
|
|
Loading…
Reference in a new issue