s3lph/ansible-collection-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add argument_specs and readme to most roles

Browse source
This commit is contained in:
s3lph 2025-02-16 03:05:24 +01:00
parent 46ed48c0d1
commit c1a99b0bae
28 changed files with 1049 additions and 52 deletions

2
README.md
View file

@ -14,7 +14,7 @@
## Status of This Collection
This collection is designed to work with Debian Bullseye, but it should
This collection is designed to work with Debian >= 11, but it should
work on any Debian-based distribution.
The roles in this collection are currently mainly designed to work in

5
roles/dovecot/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.dovecot
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

6
roles/dovecot/defaults/main/userdb.yml
View file

@ -1,11 +1,5 @@
---
dovecot_userdb_basedir: /etc/dovecot/userdb
dovecot_passdb_scheme: BLF-CRYPT
dovecot_passdb_filename: /etc/dovecot/userdb/%d
dovecot_passdb_user_format: "%u"
dovecot_master_passdb_enable: false
dovecot_master_passdb: {}
dovecot_master_user_separator: ";"

2
roles/dovecot/defaults/main/virtual.yml
View file

@ -4,4 +4,4 @@ virtual_mail_uid: virtual
virtual_mail_gid: virtual
virtual_mail_home: /home/virtual
virtual_mail_user_home: /home/virtual/%d/%n
virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir
virtual_mail_location: maildir:~/Maildir

188
roles/dovecot/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,188 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Dovecot.
description:
- "Install and configure the L(Dovecot,https://www.dovecot.org/) IMAP server."
- "Execution of this role can be limited using the following tags:"
- "C(role::dovecot:virtual): Create user and group for virtual mail ownership."
- "C(role::dovecot:install): Install Dovecot from distribution packages."
- "C(role::dovecot:config): Render the Dovecot configuration file."
- "C(role::dovecot): Apply all of the above."
author: s3lph
options:
dovecot_imap_greeting:
descrption:
- The greeting message displayed to clients.
type: str
default: "Dovecot ready."
dovecot_hostname:
description:
- >-
The hostname to be used in email messages sent out by the local delivery agent (such as the Message-ID:
header) and in LMTP replies.
type: str
default: "{{ inventory_hostname }}"
dovecot_lmtp_postmaster_address:
description:
- The From address from which email rejection messages (bounces) are sent.
type: str
default: root@localhost
dovecot_imap_mail_max_userip_connections:
description:
- The maximum number of IMAP connections allowed for a user from each IP address.
type: int
default: 10
dovecot_tls_cert_filename:
description:
- The PEM-encoded X.509 SSL/TLS certificate presented for incoming imap/pop3/etc. client connections.
type: str
default: /etc/ssl/certs/ssl-cert-snakeoil.pem
dovecot_tls_key_filename:
description:
- The PEM-encoded X.509 SSL/TLS private key for ssl_cert.
type: str
default: /etc/ssl/private/ssl-cert-snakeoil.key
dovecot_tls_dh_filename:
description:
- As of Dovecot v2.3, the path to the Diffie-Hellman parameters file must be provided.
- This setting isnt needed if using only ECDSA certificates.
type: str
default: /usr/share/dovecot/dh.pem
dovecot_tls_min_version:
description:
- The minimum SSL protocol version Dovecot accepts.
- This setting is used for both incoming and outgoing SSL connections.
type: str
default: TLSv1.2
dovecot_tls_cipher_list:
description:
- The list of SSL ciphers to use for TLSv1.2 and below connections, in order of preference.
type: str
default: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305" # noqa yaml[line-length]
virtual_mail_uid:
description:
- This setting indicates the system userid used for accessing mail messages.
- If you use multiple values here, userdb can override them by returning UID or GID fields.
- You can use either numeric IDs or usernames here.
type: str
default: virtual
virtual_mail_gid:
description:
- The system group ID used for accessing mail messages.
- Can be either numeric IDs or group names.
- If you use multiple values here, userdb can override them by returning the gid field.
type: str
default: virtual
virtual_mail_home:
description:
- System home directory of the virtual mail user.
- "Note: This is NOT Dovecot's C(mail_home). See O(virtual_mail_user_home) instead."
type: str
default: /home/virtual
virtual_mail_user_home:
description:
- Home directory is a per-user directory where Dovecot can save user-specific files.
- Never configure your userdb to return the same home directory for multiple users.
- Home directory must be an absolute path.
type: str
default: /home/virtual/%d/%n
virtual_mail_location:
description:
- This setting indicates the location for users mailboxes.
- See U(upstream documentation,https://doc.dovecot.org/2.3/configuration_manual/mail_location/#mail-location-settings).
type: str
default: maildir:~/Maildir
dovecot_master_passdb_enable:
description:
- C(true) if a master passdb should be created.
- C(false) otherwise.
type: bool
default: false
dovecot_master_passdb:
description:
- Contents of the C(passwd-file) for the master passdb.
- 'Dictionary of C(username: "{SCHEME}passwordhash") pairs.'
type: dict
default: {}
dovecot_master_user_separator:
description:
- >-
The separator to use to enable master users to login by specifying the master username within the normal
username string.
type: str
default: ";"
dovecot_postfix_auth_socket_filename:
description:
- Path to the SASL auth UNIX socket to create for Postfix.
type: str
default: /var/spool/postfix/private/auth
dovecot_postfix_auth_socket_mode:
description:
- Filesystem permissions for the Postfix SASL auth UNIX socket.
type: str
default: "0600"
dovecot_postfix_auth_socket_owner:
description:
- Name of the owner of the Postfix SASL auth UNIX socket.
type: str
default: postfix
dovecot_postfix_auth_socket_group:
description:
- Name of the group of the Postfix SASL auth UNIX socket.
type: str
default: postfix
dovecot_postfix_lmtp_socket_filename:
description:
- Path to the LMTP UNIX socket for use by Postfix.
type: str
default: /var/spool/postfix/private/dovecot-lmtp
dovecot_postfix_lmtp_socket_mode:
description:
- Filesystem permissions for the Postfix LMTP UNIX socket.
type: str
default: "0600"
dovecot_postfix_lmtp_socket_owner:
description:
- Name of the owner of the Postfix LMTP UNIX socket.
type: str
default: postfix
dovecot_postfix_lmtp_socket_group:
description:
- Name of the group of the Postfix LMTP UNIX socket.
type: str
default: postfix
dovecot_enable_pigeonhole:
description:
- C(true) if the Pigeonhole Sieve plugin should be enabled.
- C(false) otherwise.
type: bool
default: false
dovecot_enable_pigeonhole_managesieve:
description:
- C(true) if the Pigeonhole ManageSieve service should be enabled.
- C(false) otherwise.
type: bool
default: false
dovecot_pigeonhole_sieve:
description:
- The location of the users main Sieve script or script storage.
- The LDA Sieve plugin uses this to find the active script for Sieve filtering at delivery.
type: str
default: "file:~/sieve;active=~/.dovecot.sieve"
dovecot_additional_config:
description:
- Wildcard option to append arbitrary options to the Dovecot configuration.
- Can be used to configure settings not covered by this role.
type: str
default: ""

5
roles/easywks/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.easywks
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

2
roles/easywks/defaults/main.yml
View file

@ -1,7 +1,5 @@
---
easywks_download: true
easywks_config: ""
easywks_service_http_enabled: true
easywks_service_lmtp_enabled: true

38
roles/easywks/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,38 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure EasyWKS.
description:
- "Install and configure L(EasyWKS,https://git.kabelsalat.ch/s3lph/easywks)."
- "Execution of this role can be limited using the following tags:"
- "C(role::easywks:install): Install EasyWKS from distribution packages or upstream repositories."
- "C(role::easywks:config): Render the EasyWKS configuration file."
- "C(role::easywks): Apply all of the above."
author: s3lph
options:
easywks_config:
description:
- The entire EasyWKS configuration file in a string.
type: str
default: ""
easywks_service_http_enabled:
description:
- "If C(true), start and enable the EasyWKS HTTP service."
- "If C(false), stop and disable the EasyWKS HTTP service."
type: bool
default: true
easywks_service_lmtp_enabled:
description:
- "If C(true), start and enable the EasyWKS LMTP service."
- "If C(false), stop and disable the EasyWKS LMTP service."
type: bool
default: true
easywks_service_dnsd_enabled:
description:
- "If C(true), start and enable the EasyWKS LMTP service."
- "If C(false), stop and disable the EasyWKS LMTP service."
type: bool
default: true

28
roles/easywks/tasks/install.yml
View file

@ -1,26 +1,10 @@
---
- name: Install easywks from system package sources
- name: Install EasyWKS repository
ansible.builtin.apt:
deb: https://git.kabelsalat.ch/s3lph/-/packages/debian/repo.s3lph.me-apt-source/0.2-2/files/3003
- name: Install EasyWKS
ansible.builtin.apt:
name: easywks
notify:
- Restart easywks-http
- Restart easywks-lmtp
- Restart easywks-dnsd
when: "not easywks_download"
- name: Get easywks package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/easywks
url: "https://gitlab.com/api/v4/projects/29907182/releases"
return_content: true
register: "register_easywks_gitlab_releases"
changed_when: false
when: "easywks_download"
- name: Install easywks from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:
url: "{{ (register_easywks_gitlab_releases.json[0].assets.links | selectattr('name', 'equalto', 'Debian Package'))[0].direct_asset_url }}"
when: "easywks_download"
update_cache: true

5
roles/getaddrinfo/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.getaddrinfo
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

5
roles/mailman/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.mailman
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

519
roles/mailman/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,519 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Mailman 3.
description:
- Install and configure the L(Mailman 3,https://docs.mailman3.org/en/latest/) mailing list manager.
- "Execution of this role can be limited using the following tags:"
- "C(role::mailman:install): Install Mailman 3 from distribution packages"
- "C(role::mailman:config): Configure Mailman 3."
- "C(role::mailman:templates): Override Mailman 3 Django templates."
- "C(role::mailman:bootstrap): Create mailman3 databases and admin users. Tagged with C(never)."
- "C(role::mailman:privacy): Create hyperkitty cleanup cronjob."
- "C(role::knot): Apply all of the above."
author: s3lph
options:
mailman_noreply_address:
description:
- >-
Local-part of an email address used in the From field whenever a message comes from some entity to which
there is no natural reply recipient.
- "Mailman will append '@' and the host name of the list involved."
- "This address must not bounce and it must not point to a Mailman process."
type: str
default: noreply
mailman_default_language:
description:
- The default language for this server.
type: str
default: en
mailman_sender_headers:
description:
- Membership tests for posting purposes.
- Headers are checked in the order given in this variable.
- The value C(From_) means to use the envelope sender.
- Field names are case insensitive.
type: list
elements: str
default: [from, from_, reply-to, sender]
mailman_email_commands_max_lines:
description:
- Mail command processor will ignore mail command lines after designated max.
type: int
default: 10
mailman_pending_request_life:
description:
- Default length of time a pending request is live before it is evicted from the pending database.
type: str
default: 3d
mailman_cache_life:
description:
- How long should files be saved before they are evicted from the cache?
type: str
default: 7d
mailman_pre_hook:
description:
- A callable to run with no arguments early in the initialization process.
type: str
default: ""
mailman_post_hook:
description:
- A callable to run with no arguments late in the initialization process.
type: str
default: ""
mailman_filtered_messages_are_preservable:
description:
- Can MIME filtered messages be preserved by list owners?
type: str
default: "no"
mailman_html_to_plain_text_command:
description:
- How should html parts be converted to text/plain when the mailing list is set to convert HTML to plaintext?
- This names a command to be called, where the substitution variable $filename is filled in by Mailman.
- The command should print the converted text to stdout.
type: str
default: "/usr/bin/lynx -dump $filename"
mailman_listname_chars:
description:
- Specify what characters are allowed in list names.
type: str
default: "-_.0-9a-z"
mailman_shell_prompt:
description:
- Customize the interpreter prompt.
type: str
default: ">>>"
mailman_shell_banner:
description:
- Banner to show on startup.
type: str
default: Welcome to the GNU Mailman shell
mailman_shell_use_ipython:
description:
- Use IPython as the shell, which must be found on the system.
- Valid values are C(no), C(yes), and C(debug).
type: str
default: "no"
mailman_shell_history_file:
description:
- Set this to allow for command line history if readline is available.
type: str
default: ""
mailman_mariadb_user:
description:
- Local part of the username for the database connection URI.
- See O(mailman_database_url).
type: str
default: mailman
mailman_mariadb_user_host:
description:
- Host part of the username.
- This is only used to bootstrap the database user. There should not be a need to change this.
type: str
default: localhost
mailman_mariadb_password:
description:
- Password for the database connection URI.
- See O(mailman_database_url).
type: str
required: true
mailman_mariadb_host:
description:
- Hostname for the database connection URI.
- See O(mailman_database_url).
type: str
default: localhost
mailman_mariadb_port:
description:
- Port for the database connection URI.
- See O(mailman_database_url).
type: int
default: 3306
mailman_mariadb_database:
description:
- Database schema name for the database connection URI.
- See O(mailman_database_url).
type: str
default: mailman
mailman_database_class:
description:
- Class name of the database driver.
- If the default is changed, O(mailman_database_url) must be provided directly.
type: str
default: mailman.database.mysql.MySQLDatabase
mailman_database_url:
description:
- Database connection URI.
- "If PyMySQL is used, it is recommended to set the following options instead:"
- O(mailman_mariadb_user)
- O(mailman_mariadb_password)
- O(mailman_mariadb_host)
- O(mailman_mariadb_port)
- O(mailman_mariadb_database)
type: str
default: "mysql+pymysql://{{ mailman_mariadb_user }}:{{ mailman_mariadb_password }}@{{ mailman_mariadb_host }}:{{ mailman_mariadb_port }}/{{ mailman_mariadb_database }}?charset=utf8mb4&use_unicode=1" # noqa yaml[line-length]
mailman_database_debug:
description:
- Enable debug logging for the database connection.
type: str
default: "no"
mailman_logging_format:
description:
- Overrides the default log format string.
type: str
default: "%(asctime)s (%(process)d) %(message)s"
mailman_logging_datefmt:
description:
- Overrides the default log date format string.
type: str
default: "%b %d %H:%M:%S %Y"
mailman_logging_propagate:
description:
- 'Boolean specifying whether to propagate log message from this logger to the root "mailman" logger.'
type: str
default: "no"
mailman_logging_level:
description:
- Overrides the default level.
- This may be any of the standard Python logging levels, case insensitive.
type: str
default: "info"
mailman_loggging_path:
description:
- Overrides the default logger path.
- "This may be a relative path name, in which case it is relative to Mailman's LOG_DIR."
type: str
default: "mailman.log"
mailman_webservice_hostname:
description:
- The hostname at which admin web service resources are exposed.
type: str
default: localhost
mailman_webservice_port:
description:
- The port at which the admin web service resources are exposed.
type: int
default: 8001
mailman_webservice_use_https:
description:
- Whether or not requests to the web service are secured through SSL.
type: str
default: "no"
mailman_webservice_show_tracebacks:
description:
- Whether or not to show tracebacks in an HTTP response for a request that raised an exception.
type: str
default: "yes"
mailman_webservice_api_version:
description:
- The API version number for the current (highest) API.
type: str
default: "3.1"
mailman_webservice_admin_user:
description:
- The administrative username.
type: str
default: restadmin
mailman_webservice_admin_pass:
description:
- The administrative password.
type: str
required: true
mailman_mta_incoming:
description:
- The class defining the interface to the incoming mail transport agent.
type: str
default: mailman.mta.postfix.LMTP
mailman_mta_outgoing:
description:
- The callable implementing delivery to the outgoing mail transport agent.
type: str
default: mailman.mta.deliver.deliver
mailman_mta_smtp_host:
description:
- SMTP host for outgoing MTA.
type: str
default: localhost
mailman_mta_smtp_port:
description:
- SMTP port for outgoing MTA.
type: int
default: 25
mailman_mta_smtp_user:
description:
- SMTP username for outgoing MTA.
type: str
default: ""
mailman_mta_smtp_pass:
description:
- SMTP password for outgoing MTA.
type: str
default: ""
mailman_mta_lmtp_host:
description:
- Hostname where the LMTP server listens for connections.
type: str
default: 127.0.0.1
mailman_mta_lmtp_port:
description:
- Port where the LMTP server listens for connections.
type: int
default: 8024
mailman_mta_configuration:
description:
- Where can we find the mail server specific configuration file?
- The path can be either a file system path or a Python import path.
type: str
default: python:mailman.config.postfix
mailman_mta_remove_dkim_headers:
description:
- If C(true), remove DKIM signatures from incoming messages.
type: bool
default: true
mailman_mta_additional_config:
description:
- Wildcard option to append arbitrary additional configuration.
- Can be used to configure settings not covered by this role.
type: str
default: ""
mailman_hyperkitty_enabled:
description:
- If C(true), enable the Hyperkitty mailing list archiver.
- If C(false), disable the Hyperkitty mailing list archiver.
type: bool
default: true
mailman_hyperkitty_localhost_base_url:
description:
- This address will be used by Mailman to forward incoming emails to HyperKitty.
type: str
default: http://localhost/hyperkitty/
mailman_hyperkitty_api_acl:
description:
- Hyperkitty will only accept API connections from these hosts.
type: list
elements: str
default: ["127.0.0.1", "::1"]
mailman_web_secret_key:
description:
- "SECURITY WARNING: keep the secret key used in production secret!"
type: str
required: true
mailman_web_admin_name:
description:
- Display name of the default mailman-web admin account.
type: str
default: Mailman Suite Admin
mailman_web_admin_email:
description:
- Email address of the default mailman-web admin account.
type: str
default: root@localhost
mailman_web_auth_socialaccounts:
description:
- List of social login provider plugins to enable.
type: list
elements: str
default: []
mailman_web_language:
description:
- Default language of mailman-web
type: str
default: en-us
mailman_web_timezone:
description:
- Default timezone of mailman-web
type: str
default: UTC
mailman_web_emailname:
description:
- Default domain for email addresses.
type: str
default: "{{ mailman_sitename }}"
mailman_web_compress_online:
description:
- On a production setup, setting COMPRESS_OFFLINE to True will bring a significant performance improvement.
type: bool
default: true
mailman_web_base_url:
description:
- Base URL for mailman-web
type: str
default: http://localhost/
mailman_web_static_url:
description:
- Path for static content of mailman-web
type: str
default: /static/
mailman_web_disable_gravatar:
description:
- If C(true), disable Gravatar integration.
- If C(false), enable Gravatar integration.
type: bool
default: true
mailman_web_disable_web_posting:
description:
- If C(true), disable posting from the Hyperkitty web interface.
- If C(false), enable web posting.
type: bool
default: true
mailman_web_database_engine:
description:
- Django database engine driver to use.
type: str
default: django.db.backends.mysql
mailman_web_database_name:
description:
- DB name or path to database file if using sqlite3.
type: str
default: 'mailman-web'
mailman_web_database_host:
description:
- Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
type: str
default: ''
mailman_web_database_port:
description:
- Set to empty string for default of the database driver.
type: str
default: ''
mailman_web_database_user:
description:
- Username for the database.
type: str
default: 'mailman-web'
mailman_web_database_password:
description:
- Password for the database.
type: str
required: true
mailman_web_database_user_host:
description:
- Host part of the username.
- This is only used to bootstrap the database user. There should not be a need to change this.
type: str
default: 'localhost'
mailman_web_database_options:
description:
- Extra parameters to use when connecting to the database.
type: dict
default:
charset: utf8mb4
init_command: "SET sql_mode='STRICT_TRANS_TABLES'"
mailman_web_rest_api_url:
description:
- Local mailman-web API endpoint
type: str
default: http://localhost:8001
mailman_web_allowed_hosts:
description:
- See U(https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts)
type: list
elements: str
default: ["{{ mailman_sitename }}"]
mailman_database_postfix_user:
description:
- Local part of the database username used by Postfix.
type: str
default: mailman-postfix
mailman_database_postfix_password:
description:
- Database password used by Postfix.
type: str
required: true
mailman_database_postfix_user_host:
description:
- Host part of the database username used by Postfix.
- This is only used to bootstrap the database user. There should not be a need to change this.
type: str
default: localhost
mailman_database_postfix_hosts:
description:
- Hostname or socket path of the database used by Postfix.
type: str
default: "unix:/run/mysqld/mysqld.sock"
mailman_mariadb_bootstrap_host:
description:
- Database hostname to connect to for initializing the schema and user accounts.
- Must be provided even if O(mailman_mariadb_bootstrap_socket) is set.
type: str
default: ''
mailman_mariadb_bootstrap_port:
description:
- Database port to connect to for initializing the schema and user accounts.
- Must be provided even if O(mailman_mariadb_bootstrap_socket) is set.
type: str
default: 0
mailman_mariadb_bootstrap_socket:
description:
- Database UNIX socket to connect to for initializing the schema and user accounts.
type: str
default: /run/mysqld/mysqld.sock
mailman_mariadb_bootstrap_login_user:
description:
- Database admin user to connect with for initializing the schema and user accounts.
type: str
default: root
mailman_mariadb_bootstrap_login_password:
description:
- Database admin password to connect with for initializing the schema and user accounts.
- Not used if UNIX socket authentication is used.
type: str
default: ''
mailman_superuser_name:
description:
- Name of the mailman-web Django superuser
type: str
default: root
mailman_superuser_email:
description:
- Email address of the mailman-web Django superuser
type: str
required: true
mailman_superuser_password:
description:
- Password of the mailman-web Django superuser
type: str
required: true
mailman_web_override_templates:
description:
- If C(true), upload some files from the Ansible controller to override mailman-web builtins.
- Setting this option to C(false) afterwards does NOT remove the overrides.
- See O(mailman_web_override_templates_path) and O(mailman_web_override_static_path).
type: bool
default: false
mailman_web_override_templates_path:
description:
- Directory on the Ansible controller from where to load overridden templates.
type: str
default: "{{ playbook_dir }}/templates/override"
mailman_web_override_static_path:
description:
- Directory on the Ansible controller from where to load overridden static files.
type: str
default: "{{ playbook_dir }}/static/override"
mailman_web_hyperkitty_cleanup_cron:
description:
- When to run the Hyperkitty cleanup job.
- See O(mailman_web_privacy_enhancements).
type: str
default: '0 * * * *'
mailman_web_privacy_enhancements:
description:
- If C(true), enable a cronjob that removes entries from the access log table of Hyperkitty.
type: bool
default: false

5
roles/mtasts/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.mtasts
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

47
roles/mtasts/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,47 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Configure a MTA-STS policy file.
description:
- Configure a L(MTA-STS,https://datatracker.ietf.org/doc/html/rfc8461) policy file.
- "Execution of this role can be limited using the following tags:"
- "C(role::mtasts:config): Create the MTA-STS policy file"
- "C(role::mtasts): Apply all of the above."
author: s3lph
options:
mtasts_policyfile_name:
description:
- Path of the MTA-STS policy file to create.
type: str
default: /var/www/html/.well-known/mta-sts.txt
mtasts_policyfile_owner:
description:
- Owner of the MTA-STS policy file.
type: str
default: www-data
mtasts_policyfile_group:
description:
- Group of the MTA-STS policy file.
type: str
default: www-data
mtasts_mode:
description:
- One of C(enforce), C(testing), or C(none)
- Indicating the expected behavior of a Sending MTA in the case of a policy validation failure.
type: str
default: testing
mtasts_mxs:
description:
- One or more patterns matching allowed MX hosts for the Policy Domain.
type: list
elements: str
default: ["{{ ansible_facts.fqdn }}"]
mtasts_maxage:
description:
- Max lifetime of the policy.
- Well-behaved clients SHOULD cache a policy for up to this value from the last policy fetch time.
type: int
default: 604800

5
roles/multischleuder/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.multischleuder
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

1
roles/multischleuder/defaults/main.yml
View file

@ -1,6 +1,5 @@
---
multischleuder_download: true
multischleuder_service_enabled: true
multischleuder_config: |

24
roles/multischleuder/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,24 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Multischleuder.
description:
- Install and configure L(Multischleuder,https://git.kabelsalat.ch/s3lph/multischleuder).
- "Execution of this role can be limited using the following tags:"
- "C(role::multischleuder:install): Install Multischleuder."
- "C(role::multischleuder:config): Render the Multischleuder configuration file."
- "C(role::multischleuder): Apply all of the above."
author: s3lph
options:
multischleuder_service_enabled:
description:
- Whether to enable the Multischleuder systemd timer.
type: bool
default: true
multischleuder_config:
description:
- The contents of the Multischleuder config file as a single string.
type: str

23
roles/multischleuder/tasks/install.yml
View file

@ -1,22 +1,11 @@
---
- name: Install multischleuder from system package sources
- name: Install multischleuder repository
ansible.builtin.apt:
deb: https://git.kabelsalat.ch/s3lph/-/packages/debian/repo.s3lph.me-apt-source/0.2-2/files/3003
- name: Install multischleuder
ansible.builtin.apt:
name: multischleuder
update_cache: true
when: "not multischleuder_download"
- name: Get multischleuder package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/multischleuder
url: "https://gitlab.com/api/v4/projects/35309982/releases"
return_content: true
register: "register_multischleuder_gitlab_releases"
changed_when: false
when: "multischleuder_download"
- name: Install multischleuder from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:
url: "{{ (register_multischleuder_gitlab_releases.json[0].assets.links | selectattr('name', 'equalto', 'Debian Package'))[0].direct_asset_url }}"
when: "multischleuder_download"

5
roles/opendkim/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.opendkim
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

2
roles/opendkim/defaults/main.yml
View file

@ -1,7 +1,5 @@
---
opendkim_testmode: false
opendkim_syslog: true
opendkim_syslog_success: true
opendkim_log_why: false

72
roles/opendkim/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,72 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure OpenDKIM.
description:
- Install and configure L(OpenDKIM,http://opendkim.org/).
- "Execution of this role can be limited using the following tags:"
- "C(role::opendkim:install): Install OpenDKIM"
- "C(role::opendkim:config): Render the OpenDKIM configuration file."
- "C(role::opendkim): Apply all of the above."
author: s3lph
options:
opendkim_syslog:
description:
- Log via calls to C(syslog(3)) any interesting activity.
type: bool
default: true
opendkim_syslog_success:
description:
- Log via calls to C(syslog(3)) additional entries indicating successful signing or verification of messages.
type: bool
default: true
opendkim_log_why:
description:
- >-
If logging is enabled, issues very detailed logging about the logic behind the filters decision to either
sign a message or verify it.
type: bool
default: false
opendkim_canonicalization:
description:
- Selects the canonicalization method(s) to be used when signing messages.
type: str
default: relaxed/relaxed
opendkim_mode:
description:
- Selects operating modes.
- The string is a concatenation of characters that indicate which mode(s) of operation are desired.
- Valid modes are C(s) (signer) and C(v) (verifier).
type: str
default: sv
opendkim_subdomains:
description:
- Sign subdomains of those listed by the Domain parameter as well as the actual domains.
type: bool
default: false
opendkim_oversign_headers:
description:
- >-
Specifies a set of header fields that should be included in all signature header lists once more than the
number of times they were actually present in the signed message.
type: str
default: From
opendkim_selector:
description:
- Defines the name of the selector to be used when signing messages.
type: str
default: mail
opendkim_socket:
description:
- Specifies the socket that should be established by the filter to receive connections from Postfix.
type: str
default: "local:/var/spool/postfix/opendkim/opendkim.sock"
opendkim_internal_hosts:
description:
- Identifies a set internal hosts whose mail should be signed rather than verified.
type: list
elements: str
default: ["127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12"]

5
roles/postfix/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.postfix
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

16
roles/postfix/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,16 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure Knot.
description:
- Install and configure the L(Knot,https://knot.readthedocs.io/en/latest/index.html) authoritative namesever.
- Zones are configured through YAML hostvars, rather than simply deploying zone files.
- "Execution of this role can be limited using the following tags:"
- "C(role::knot:install): Install knot from distribution packages or upstream repositories."
- "C(role::knot:config): Render the Knot configuration file."
- "C(role::knot:zones): Render the zone files for which Knot is authoritative."
- "C(role::knot): Apply all of the above."
author: s3lph

5
roles/postfixadmin/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.postfixadmin
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

5
roles/postsrsd/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.postsrsd
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

71
roles/postsrsd/meta/argument_specs.yml Normal file
View file

@ -0,0 +1,71 @@
---
argument_specs:
main:
version_added: "0.0.1"
short_description: Install and configure PostSRSd.
description:
- Install and configure the L(PostSRSd,https://github.com/roehling/postsrsd) rewriting daemon.
- "Execution of this role can be limited using the following tags:"
- "C(role::postsrsd:install): Install PostSRSd."
- "C(role::postsrsd:config): Render the PostSRSd configuration file."
- "C(role::postsrsd): Apply all of the above."
author: s3lph
options:
postsrsd_domain:
description:
- Set domain name for rewrite.
type: str
required: true
postsrsd_exclude_domains:
description:
- Exclude additional domains from address rewriting.
type: list
elements: str
default: []
postsrsd_separator:
description:
- Set first separator character which can be one of C(-=+).
type: str
default: '='
postsrsd_secret:
description:
- Read secrets from file.
type: str
default: /etc/postsrsd.secret
postsrsd_hashlength:
description:
- Length of hash to be used in rewritten addresses.
type: str
default: 4
postsrsd_hashmin:
description:
- Minimum length of hash to accept when validating return addresses.
type: str
default: 4
postsrsd_forward_port:
description:
- Set port for the forward SRS lookup.
type: str
default: 10001
postsrsd_reverse_port:
description:
- Set port for the reverse SRS lookup.
type: str
default: 10002
postsrsd_runas:
description:
- Switch user id after port bind.
type: str
default: postsrsd
postsrsd_listen_addr:
description:
- Bind to this address.
type: str
default: 127.0.0.1
postsrsd_chroot:
description:
- Jail daemon in chroot environment.
type: str
default: /var/lib/postsrsd

5
roles/schleuder/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.schleuder
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.

5
roles/spamassassin/README.md Normal file
View file

@ -0,0 +1,5 @@
# Role s3lph.mailserver.spamassassin
Documentation in `meta/argument_specs.yml`.
A usage example can be found in the `docs` folder of the collection.