translate config files into jinja2 templates

17 files changed, 130 insertions, 25 deletions

diff --git a/host_vars/192.168.0.25 b/host_vars/192.168.0.25
index addd52a..bdda2bf 100644
--- a/host_vars/192.168.0.25
+++ b/host_vars/192.168.0.25
@@ -4,4 +4,5 @@ nickname: Casper01
 bprate: '80 KB'
 bpburst: '100 KB'
 is_gardian: true
+is_mtamaster: true
 
diff --git a/host_vars/192.168.0.26 b/host_vars/192.168.0.26
new file mode 100644
index 0000000..bdda2bf
--- /dev/null
+++ b/host_vars/192.168.0.26
@@ -0,0 +1,8 @@
+is_dnsmaster: true
+is_ntpmaster: true
+nickname: Casper01
+bprate: '80 KB'
+bpburst: '100 KB'
+is_gardian: true
+is_mtamaster: true
+
diff --git a/host_vars/d72vewh3wa4lwpaj.onion b/host_vars/d72vewh3wa4lwpaj.onion
index addd52a..bdda2bf 100644
--- a/host_vars/d72vewh3wa4lwpaj.onion
+++ b/host_vars/d72vewh3wa4lwpaj.onion
@@ -4,4 +4,5 @@ nickname: Casper01
 bprate: '80 KB'
 bpburst: '100 KB'
 is_gardian: true
+is_mtamaster: true
 
diff --git a/host_vars/lancaster.casperlefantom.net b/host_vars/lancaster.casperlefantom.net
index addd52a..bdda2bf 100644
--- a/host_vars/lancaster.casperlefantom.net
+++ b/host_vars/lancaster.casperlefantom.net
@@ -4,4 +4,5 @@ nickname: Casper01
 bprate: '80 KB'
 bpburst: '100 KB'
 is_gardian: true
+is_mtamaster: true
 
diff --git a/host_vars/lancaster.home.casperlefantom.net b/host_vars/lancaster.home.casperlefantom.net
index addd52a..bdda2bf 100644
--- a/host_vars/lancaster.home.casperlefantom.net
+++ b/host_vars/lancaster.home.casperlefantom.net
@@ -4,4 +4,5 @@ nickname: Casper01
 bprate: '80 KB'
 bpburst: '100 KB'
 is_gardian: true
+is_mtamaster: true
 
diff --git a/mtaserver.yml b/mtaserver.yml
new file mode 100644
index 0000000..44faaa0
--- /dev/null
+++ b/mtaserver.yml
@@ -0,0 +1,4 @@
+- hosts: all
+  remote_user: root
+  roles:
+    - mtaserver
diff --git a/roles/mtaserver/files/mydestination_table b/roles/mtaserver/files/mydestination_table
deleted file mode 100644
index 96eb933..0000000
--- a/roles/mtaserver/files/mydestination_table
+++ /dev/null
@@ -1,7 +0,0 @@
-casperlefantom.net OK
-mail.casperlefantom.net OK
-smtp.casperlefantom.net OK
-lancaster.casperlefantom.net OK
-jaysfoodventure.com OK
-mail.jaysfoodventure.com OK
-smtp.jaysfoodventure.com OK
diff --git a/roles/mtaserver/files/network_table b/roles/mtaserver/files/network_table
deleted file mode 100644
index eb30ef1..0000000
--- a/roles/mtaserver/files/network_table
+++ /dev/null
@@ -1,5 +0,0 @@
-127.0.0.0/8 OK
-192.168.0.25 OK
-192.168.122.124 OK
-::1 OK
-2a01:e35:2f76:7750::4 OK
diff --git a/roles/mtaserver/files/relay_recipients b/roles/mtaserver/files/relay_recipients
deleted file mode 100644
index e26c74d..0000000
--- a/roles/mtaserver/files/relay_recipients
+++ /dev/null
@@ -1,10 +0,0 @@
-*@ns1.casperlefantom.net OK
-*@www.casperlefantom.net OK
-*@bt1.casperlefantom.net OK
-*@ntp1.casperlefantom.net OK
-*@dl.casperlefantom.net OK
-*@mirror.casperlefantom.net OK
-*@jabber.casperlefantom.net OK
-*@conference.casperlefantom.net OK
-*@search.casperlefantom.net OK
-*@ssl.casperlefantom.net OK
diff --git a/roles/mtaserver/handlers/main.yml b/roles/mtaserver/handlers/main.yml
index 5663f90..621da3c 100644
--- a/roles/mtaserver/handlers/main.yml
+++ b/roles/mtaserver/handlers/main.yml
@@ -6,3 +6,9 @@
 
 - name: aliasmap
   command: /usr/bin/newaliases
+  notify: reload postfix
+
+- name: postmap
+  command: /usr/sbin/postmap {{ maplist }}
+  notify: reload postfix
+
diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml
index c8c0935..8fa179b 100644
--- a/roles/mtaserver/tasks/config.yml
+++ b/roles/mtaserver/tasks/config.yml
@@ -1,6 +1,49 @@
+- name: Configuration du démon
+  template: src=main.cf.j2 dest=/etc/postfix/main.cf
+            owner=root
+            group=root
+            mode=644
+  notify: restart postfix
 
+- name: Configuration du master
+  copy: src=master.cf dest=/etc/postfix/master.cf
+        owner=root
+        group=root
+        mode=644
+  when: is_mtamaster is defined
+  notify: restart postfix
 
+- name: Installation des tables dynamiques
+  template: src={{ item[0] }} dest=/etc/postfix/{{ item[1] }}
+            owner=root
+            group=root
+            mode=644
+  notify: postmap
+  with_items:
+    - [ 'mydestination_table.j2', 'mydestination_table' ]
+    - [ 'network_table.j2', 'network_table' ]
+    - [ 'relay_recipients.j2', 'relay_recipients' ]
+
+- name: Installation des tables statiques
+  copy: src=virtual dest=/etc/postfix/virtual
+        owner=root
+        group=root
+        mode=644
+  when: is_mtamaster is defined
+  notify: postmap
+
+- name: Configuration de l'alias root
+  lineinfile:
+    path: /etc/aliases
+    line: 'root: casper@casperlefantom.net'
+  notify: aliasmap
 
+- name: Configuration de l'alias matthieu
+  lineinfile:
+    path: /etc/aliases
+    line: 'matthieu: casper'
+  when: is_mtamaster is defined
+  notify: aliasmap
 
 - name: Ouverture du port SMTP
   firewalld: service=smtp permanent={{ item }} state=enabled
diff --git a/roles/mtaserver/tasks/pkgs.yml b/roles/mtaserver/tasks/pkgs.yml
index 71fe7ce..36bf54c 100644
--- a/roles/mtaserver/tasks/pkgs.yml
+++ b/roles/mtaserver/tasks/pkgs.yml
@@ -1,7 +1,8 @@
-- name: Installation de postfix
+- name: Installation des paquets
   yum: name=postfix state=present
   when: ansible_pkg_mgr == "yum"
 
-- name: Installation de postfix
+- name: Installation des paquets
   dnf: name=postfix state=present
   when: ansible_pkg_mgr == "dnf"
+
diff --git a/roles/mtaserver/files/main.cf b/roles/mtaserver/templates/main.cf.j2
index 0dd6ecd..daeeb7f 100644
--- a/roles/mtaserver/files/main.cf
+++ b/roles/mtaserver/templates/main.cf.j2
@@ -93,7 +93,11 @@ mail_owner = postfix
 #
 #myhostname = host.domain.tld
 #myhostname = virtual.domain.tld
+{% if is_mtamaster is defined %}
 myhostname = mail.casperlefantom.net
+{% else %}
+myhostname = {{ ansible_hostname }}.casperlefantom.net
+{% endif %}
 
 # The mydomain parameter specifies the local internet domain name.
 # The default is to use $myhostname minus the first component.
@@ -135,7 +139,11 @@ myorigin = $mydomain
 #inet_interfaces = all
 #inet_interfaces = $myhostname
 #inet_interfaces = $myhostname, localhost
+{% if is_mtamaster is defined %}
 inet_interfaces = all
+{% else %}
+inet_interfaces = localhost
+{% endif %}
 
 # Enable IPv4, and IPv6 if supported
 inet_protocols = all
@@ -339,7 +347,11 @@ mynetworks = hash:/etc/postfix/network_table
 #relayhost = [mailserver.isp.tld]
 #relayhost = uucphost
 #relayhost = [an.ip.add.ress]
+{% if is_mtamaster is defined %}
 relayhost = [smtp.free.fr]
+{% else %}
+relayhost = [mail.casperlefantom.net]
+{% endif %}
 smtp_tls_security_level = may
 smtp_tls_ciphers = high
 smtp_tls_loglevel = 2
@@ -709,7 +721,7 @@ sample_directory = /usr/share/doc/postfix/samples
 #
 readme_directory = /usr/share/doc/postfix/README_FILES
 
-
+{% if is_mtamaster is defined %}
 smtpd_tls_auth_only = yes
 smtpd_tls_key_file = /etc/pki/tls/private/casperlefantom.1.key
 smtpd_tls_cert_file = /etc/pki/tls/certs/casperlefantom.1.crt
@@ -723,9 +735,11 @@ smtpd_relay_restrictions =
 	permit_mynetworks,
 	permit_sasl_authenticated,
 	reject_unauth_destination
+{% endif %}
 
 smtpd_tls_loglevel = 2
 
+{% if is_mtamaster is defined %}
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
@@ -733,6 +747,7 @@ smtpd_sasl_path = private/auth
 virtual_alias_maps = hash:/etc/postfix/virtual
 mailbox_size_limit = 5368709120
 message_size_limit = 5368709120
+{% endif %}
 
 meta_directory = /etc/postfix
 shlib_directory = /usr/lib64/postfix
diff --git a/roles/mtaserver/templates/mydestination_table.j2 b/roles/mtaserver/templates/mydestination_table.j2
new file mode 100644
index 0000000..a86f076
--- /dev/null
+++ b/roles/mtaserver/templates/mydestination_table.j2
@@ -0,0 +1,6 @@
+{% if is_mtamaster is defined %}
+{% for item in mydest %}
+{{ item }} OK
+{% endfor %}
+{% endif %}
+
diff --git a/roles/mtaserver/templates/network_table.j2 b/roles/mtaserver/templates/network_table.j2
new file mode 100644
index 0000000..57a8467
--- /dev/null
+++ b/roles/mtaserver/templates/network_table.j2
@@ -0,0 +1,10 @@
+{{ ansible_lo.ipv4.address }} OK
+{{ ansible_lo.ipv6.address }} OK
+{% for item in addresses %}
+{{ item }} OK
+{% endfor %}
+{% if is_mtamaster is defined %}
+{{ ansible_default_ipv4.address }} OK
+{{ ansible_default_ipv6.address }} OK
+{% endif %}
+
diff --git a/roles/mtaserver/templates/relay_recipients.j2 b/roles/mtaserver/templates/relay_recipients.j2
new file mode 100644
index 0000000..4781f98
--- /dev/null
+++ b/roles/mtaserver/templates/relay_recipients.j2
@@ -0,0 +1,6 @@
+{% if is_mtamaster is defined %}
+{% for item in relay %}
+*@{{ item }} OK
+{% endfor %}
+{% endif %}
+
diff --git a/roles/mtaserver/vars/main.yml b/roles/mtaserver/vars/main.yml
new file mode 100644
index 0000000..fcf97bb
--- /dev/null
+++ b/roles/mtaserver/vars/main.yml
@@ -0,0 +1,24 @@
+mydest:
+  - casperlefantom.net
+  - mail.casperlefantom.net
+  - smtp.casperlefantom.net
+  - lancaster.casperlefantom.net
+  - jaysfoodventure.com
+  - mail.jaysfoodventure.com
+  - smtp.jaysfoodventure.com
+
+addresses:
+  - 192.168.122.124
+
+relay:
+  - ns1.casperlefantom.net
+  - www.casperlefantom.net
+  - bt1.casperlefantom.net
+  - ntp1.casperlefantom.net
+  - dl.casperlefantom.net
+  - mirror.casperlefantom.net
+  - jabber.casperlefantom.net
+  - conference.casperlefantom.net
+  - search.casperlefantom.net
+  - ssl.casperlefantom.net
+