From 808a97a1ac4a3dbd3b45fc1a7167a05a4001e350 Mon Sep 17 00:00:00 2001
From: Matthieu Saulnier <fantom@fedoraproject.org>
Date: Sun, 16 Dec 2018 21:05:33 +0100
Subject: Use host variables in mta config file template

---
 .gitignore                                       |  3 ++-
 host_vars/192.168.0.25                           |  4 ++++
 host_vars/d72vewh3wa4lwpaj.onion                 |  4 ++++
 host_vars/manchester.casperlefantom.net          |  4 ++++
 host_vars/manchester.home.casperlefantom.net     |  4 ++++
 roles/mtaserver/tasks/config.yml                 |  8 +++----
 roles/mtaserver/tasks/fw.yml                     |  4 ++--
 roles/mtaserver/tasks/main.yml                   |  3 +++
 roles/mtaserver/templates/main.cf.j2             | 28 ++++++++++--------------
 roles/mtaserver/templates/mydestination_table.j2 |  6 +++--
 roles/mtaserver/templates/network_table.j2       |  2 +-
 roles/mtaserver/templates/relay_recipients.j2    |  2 +-
 roles/mtaserver/vars/main.yml                    | 12 ++--------
 13 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/.gitignore b/.gitignore
index 00f76d7..6c8c0d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,10 +3,11 @@ roles/dnsserver/vars/keys.yml
 roles/torrelay/vars/email.yml
 roles/torrelay/vars/keys.yml
 roles/torrelay/files/rendezvous
+roles/mtaserver/vars/users.yml
 roles/mtaserver/files/virtual
 roles/mtaserver/files/credentials
 roles/reverseproxy/vars/email.yml
 roles/clients/files/credentials
-roles/proxy/files/certs
 roles/proxy/vars/email.yml
+roles/proxy/files/certs
 .jabbersecrets
diff --git a/host_vars/192.168.0.25 b/host_vars/192.168.0.25
index 999e994..6420bc9 100644
--- a/host_vars/192.168.0.25
+++ b/host_vars/192.168.0.25
@@ -1,4 +1,8 @@
 is_mtamaster: true
+# mtaserver
+mtadomain:
+  - casperlefantom.net
+  - jaysfoodventure.com
 # dnsserver
 dnsslavelist:
   - 51.15.179.153
diff --git a/host_vars/d72vewh3wa4lwpaj.onion b/host_vars/d72vewh3wa4lwpaj.onion
index 999e994..6420bc9 100644
--- a/host_vars/d72vewh3wa4lwpaj.onion
+++ b/host_vars/d72vewh3wa4lwpaj.onion
@@ -1,4 +1,8 @@
 is_mtamaster: true
+# mtaserver
+mtadomain:
+  - casperlefantom.net
+  - jaysfoodventure.com
 # dnsserver
 dnsslavelist:
   - 51.15.179.153
diff --git a/host_vars/manchester.casperlefantom.net b/host_vars/manchester.casperlefantom.net
index 999e994..6420bc9 100644
--- a/host_vars/manchester.casperlefantom.net
+++ b/host_vars/manchester.casperlefantom.net
@@ -1,4 +1,8 @@
 is_mtamaster: true
+# mtaserver
+mtadomain:
+  - casperlefantom.net
+  - jaysfoodventure.com
 # dnsserver
 dnsslavelist:
   - 51.15.179.153
diff --git a/host_vars/manchester.home.casperlefantom.net b/host_vars/manchester.home.casperlefantom.net
index 999e994..6420bc9 100644
--- a/host_vars/manchester.home.casperlefantom.net
+++ b/host_vars/manchester.home.casperlefantom.net
@@ -1,4 +1,8 @@
 is_mtamaster: true
+# mtaserver
+mtadomain:
+  - casperlefantom.net
+  - jaysfoodventure.com
 # dnsserver
 dnsslavelist:
   - 51.15.179.153
diff --git a/roles/mtaserver/tasks/config.yml b/roles/mtaserver/tasks/config.yml
index 84572bc..e51131c 100644
--- a/roles/mtaserver/tasks/config.yml
+++ b/roles/mtaserver/tasks/config.yml
@@ -14,7 +14,7 @@
     owner: root
     group: root
     mode: 0644
-  when: is_mtamaster is defined
+  when: mtadomain is defined
   notify: restart postfix
 
 - name: Installation des tables dynamiques
@@ -37,7 +37,7 @@
     owner: root
     group: root
     mode: 0644
-  when: is_mtamaster is defined
+  when: mtadomain is defined
   notify: virtualmap
 
 - name: Installation de la table credentials
@@ -59,7 +59,7 @@
   lineinfile:
     path: /etc/aliases
     line: 'matthieu: casper'
-  when: is_mtamaster is defined
+  when: mtadomain is defined
   notify: aliasmap
 
 - name: Configuration alias casper
@@ -67,7 +67,7 @@
     path: /etc/aliases
     line: 'casper: casper@casperlefantom.net'
   notify: aliasmap
-  when: is_mtamaster is not defined
+  when: mtadomain is not defined
 
 - name: Restauration des contextes SELinux des fichiers de conf
   command: /sbin/restorecon -R /etc/postfix/ /etc/aliases
diff --git a/roles/mtaserver/tasks/fw.yml b/roles/mtaserver/tasks/fw.yml
index c6e2d17..567a079 100644
--- a/roles/mtaserver/tasks/fw.yml
+++ b/roles/mtaserver/tasks/fw.yml
@@ -6,7 +6,7 @@
   with_items:
     - true
     - false
-  when: is_mtamaster is defined
+  when: mtadomain is defined
 
 - name: Ouverture du port Submission
   firewalld:
@@ -16,4 +16,4 @@
   with_items:
     - true
     - false
-  when: is_mtamaster is defined
+  when: mtadomain is defined
diff --git a/roles/mtaserver/tasks/main.yml b/roles/mtaserver/tasks/main.yml
index eb3efa7..d4cfba8 100644
--- a/roles/mtaserver/tasks/main.yml
+++ b/roles/mtaserver/tasks/main.yml
@@ -1,3 +1,6 @@
+- name: Loading hidden variables
+  include_vars: users.yml
+
 - name: Installation des paquets
   import_tasks: pkgs.yml
 
diff --git a/roles/mtaserver/templates/main.cf.j2 b/roles/mtaserver/templates/main.cf.j2
index b3ed7ba..7a3a0a2 100644
--- a/roles/mtaserver/templates/main.cf.j2
+++ b/roles/mtaserver/templates/main.cf.j2
@@ -93,15 +93,13 @@ mail_owner = postfix
 #
 #myhostname = host.domain.tld
 #myhostname = virtual.domain.tld
-{% if is_mtamaster is defined %}
-myhostname = mail.casperlefantom.net
-{% else %}
-{% if ansible_default_ipv4.network == "192.168.0.0" or ansible_default_ipv4.network == "10.42.0.0" %}
+{% if mtadomain is defined %}
+myhostname = mail.{{ mtadomain.0 }}
+{% elif ansible_default_ipv4.network == localnet %}
 myhostname = {{ ansible_hostname }}.home.casperlefantom.net
 {% else %}
 myhostname = {{ ansible_hostname }}.casperlefantom.net
 {% endif %}
-{% endif %}
 
 # The mydomain parameter specifies the local internet domain name.
 # The default is to use $myhostname minus the first component.
@@ -109,15 +107,13 @@ myhostname = {{ ansible_hostname }}.casperlefantom.net
 # parameters.
 #
 #mydomain = domain.tld
-{% if is_mtamaster is defined %}
-mydomain = casperlefantom.net
-{% else %}
-{% if ansible_default_ipv4.network == "192.168.0.0" or ansible_default_ipv4.network == "10.42.0.0" %}
+{% if mtadomain is defined %}
+mydomain = {{ mtadomain.0 }}
+{% elif ansible_default_ipv4.network == localnet %}
 mydomain = {{ ansible_hostname }}.home.casperlefantom.net
 {% else %}
 mydomain = {{ ansible_hostname }}.casperlefantom.net
 {% endif %}
-{% endif %}
 
 # SENDING MAIL
 # 
@@ -151,7 +147,7 @@ myorigin = $mydomain
 #inet_interfaces = all
 #inet_interfaces = $myhostname
 #inet_interfaces = $myhostname, localhost
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 inet_interfaces = all
 {% else %}
 inet_interfaces = localhost
@@ -359,7 +355,7 @@ mynetworks = hash:/etc/postfix/network_table
 #relayhost = [mailserver.isp.tld]
 #relayhost = uucphost
 #relayhost = [an.ip.add.ress]
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 ##relayhost = [smtp.free.fr]
 {% else %}
 relayhost = [mail.casperlefantom.net]:587
@@ -737,10 +733,10 @@ sample_directory = /usr/share/doc/postfix/samples
 #
 readme_directory = /usr/share/doc/postfix/README_FILES
 
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 smtpd_tls_auth_only = yes
-smtpd_tls_key_file = /etc/pki/tls/private/casperlefantom.1.key
-smtpd_tls_cert_file = /etc/pki/tls/certs/casperlefantom.1.crt
+smtpd_tls_key_file = /etc/pki/tls/private/casperlefantom.{{ crtversion }}.key
+smtpd_tls_cert_file = /etc/pki/tls/certs/casperlefantom.{{ crtversion }}.crt
 smtpd_tls_security_level = may
 smtpd_tls_ciphers = high
 
@@ -783,7 +779,7 @@ smtpd_relay_restrictions =
 
 smtpd_tls_loglevel = 2
 
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
diff --git a/roles/mtaserver/templates/mydestination_table.j2 b/roles/mtaserver/templates/mydestination_table.j2
index a86f076..420e781 100644
--- a/roles/mtaserver/templates/mydestination_table.j2
+++ b/roles/mtaserver/templates/mydestination_table.j2
@@ -1,6 +1,8 @@
-{% if is_mtamaster is defined %}
-{% for item in mydest %}
+{% if mtadomain is defined %}
+{% for item in mtadomain %}
 {{ item }} OK
+smtp.{{ item }} OK
+{{ ansible_hostname }}.{{ item }} OK
 {% endfor %}
 {% endif %}
 
diff --git a/roles/mtaserver/templates/network_table.j2 b/roles/mtaserver/templates/network_table.j2
index b56241f..2475c21 100644
--- a/roles/mtaserver/templates/network_table.j2
+++ b/roles/mtaserver/templates/network_table.j2
@@ -3,7 +3,7 @@
 {% for item in addresses %}
 {{ item }} OK
 {% endfor %}
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 {{ ansible_default_ipv4.address }} OK
 {{ ansible_default_ipv6.address }} OK
 {% endif %}
diff --git a/roles/mtaserver/templates/relay_recipients.j2 b/roles/mtaserver/templates/relay_recipients.j2
index 4781f98..73d152f 100644
--- a/roles/mtaserver/templates/relay_recipients.j2
+++ b/roles/mtaserver/templates/relay_recipients.j2
@@ -1,4 +1,4 @@
-{% if is_mtamaster is defined %}
+{% if mtadomain is defined %}
 {% for item in relay %}
 *@{{ item }} OK
 {% endfor %}
diff --git a/roles/mtaserver/vars/main.yml b/roles/mtaserver/vars/main.yml
index 314218c..b8c5058 100644
--- a/roles/mtaserver/vars/main.yml
+++ b/roles/mtaserver/vars/main.yml
@@ -1,12 +1,5 @@
-mydest:
-  - casperlefantom.net
-  - mail.casperlefantom.net
-  - smtp.casperlefantom.net
-  - lancaster.casperlefantom.net
-  - manchester.casperlefantom.net
-  - jaysfoodventure.com
-  - mail.jaysfoodventure.com
-  - smtp.jaysfoodventure.com
+localnet: 192.168.0.0
+crtversion: 1
 
 addresses:
   - 192.168.122.124
@@ -22,4 +15,3 @@ relay:
   - conference.casperlefantom.net
   - search.casperlefantom.net
   - ssl.casperlefantom.net
-
-- 
cgit