Make postfix-policyd-spf configurable

galaxy.yml

@@ -8,7 +8,7 @@ namespace: s3lph
 name: mailserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: '0.3.1'
+version: '0.3.2'
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

roles/postfix/defaults/main/policyd_spf.yml

@@ -0,0 +1,17 @@
+---
+
+postfix_policyd_spf_debuglevel: 1
+postfix_policyd_spf_testonly: 0
+
+postfix_policyd_spf_helo_reject: Fail
+postfix_policyd_spf_mail_from_reject: Fail
+
+postfix_policyd_spf_permerror_reject: False
+postfix_policyd_spf_temperror_reject: False
+
+postfix_policyd_spf_skip_addresses:
+  - "127.0.0.0/8"
+  - "::ffff:127.0.0.0/104"
+  - "::1"
+
+postfix_policyd_spf_void_limit: 2

roles/postfix/tasks/config.yml

@@ -17,3 +17,12 @@
     group: root
     mode: 0644
   notify: restart postfix
+
+- name: render /etc/postfix-policyd-spf-python/policyd-spf.conf
+  ansible.builtin.template:
+    src: etc/postfix-policyd-spf-python/policyd-spf.conf.j2
+    dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart postfix

roles/postfix/templates/etc/postfix-policyd-spf-python/policyd-spf.conf.j2

@@ -0,0 +1,15 @@
+{{ ansible_managed | comment }}
+#  For a fully commented sample config file see policyd-spf.conf.commented
+
+debugLevel = {{ postfix_policyd_spf_debuglevel }}1
+TestOnly = {{ postfix_policyd_spf_testonly }}0
+
+HELO_reject = {{ postfix_policyd_spf_helo_reject }}
+Mail_From_reject = {{ postfix_policyd_spf_mail_from_reject }}
+
+PermError_reject = {{ postfix_policyd_spf_permerror_reject }}
+TempError_Defer = {{ postfix_policyd_spf_temperror_reject }}
+
+skip_addresses = {{ postfix_policyd_spf_skip_addresses | join(',') }}
+
+Void_Limit = {{ postfix_policyd_spf_void_limit }}