feat: add mta-sts role

galaxy.yml

@@ -8,7 +8,7 @@ namespace: s3lph
 name: mailserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: '0.4.1'
+version: '0.4.2'
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

roles/mtasts/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+
+mtasts_policyfile_name: /var/www/html/.well-known/mta-sts.txt
+mtasts_policyfile_owner: www-data
+mtasts_policyfile_group: www-data
+
+mode: testing
+mtasts_mxs:
+  - "{{ ansible_facts.fqdn }}"
+mtasts_maxage: 604800

roles/mtasts/tasks/config.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Create parent directory for mta-sts.txt
+  ansible.builtin.file:
+    path: "{{ mtasts_policyfile_name | dirname }}"
+    state: directory
+    owner: "{{ mtasts_policyfile_owner }}"
+    group: "{{ mtasts_policyfile_group }}"
+    mode: "0755"
+
+- name: Render mta-sts.txt
+  ansible.builtin.template:
+    src: "mta-sts.txt.j2"
+    dest: "{{ mtasts_policyfile_name }}"
+    owner: "{{ mtasts_policyfile_owner }}"
+    group: "{{ mtasts_policyfile_group }}"
+    mode: "0644"

roles/mtasts/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Render mta-sts policy files
+  ansible.builtin.import_tasks: config.yml
+  tags:
+    - "role::mtasts"
+    - "role::mtasts:config"

roles/mtasts/templates/mta-sts.txt.j2

@@ -0,0 +1,6 @@
+version: STSv1
+mode: {{ mtasts_mode }}
+{% for mx in mtasts_mxs -%}
+mx: {{ mx }}
+{% endfor -%}
+max_age: {{ mtasts_maxage }}