diff --git a/README.md b/README.md
index 8328927..aad80b7 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@
## Status of This Collection
-This collection is designed to work with Debian Bullseye, but it should
+This collection is designed to work with Debian >= 11, but it should
work on any Debian-based distribution.
The roles in this collection are currently mainly designed to work in
diff --git a/roles/dovecot/README.md b/roles/dovecot/README.md
new file mode 100644
index 0000000..8b1b461
--- /dev/null
+++ b/roles/dovecot/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.dovecot
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/dovecot/defaults/main/userdb.yml b/roles/dovecot/defaults/main/userdb.yml
index 3a51e1c..d4b9fb2 100644
--- a/roles/dovecot/defaults/main/userdb.yml
+++ b/roles/dovecot/defaults/main/userdb.yml
@@ -1,11 +1,5 @@
---
-dovecot_userdb_basedir: /etc/dovecot/userdb
-
-dovecot_passdb_scheme: BLF-CRYPT
-dovecot_passdb_filename: /etc/dovecot/userdb/%d
-dovecot_passdb_user_format: "%u"
-
dovecot_master_passdb_enable: false
dovecot_master_passdb: {}
dovecot_master_user_separator: ";"
diff --git a/roles/dovecot/defaults/main/virtual.yml b/roles/dovecot/defaults/main/virtual.yml
index 2b9b2ff..b796e8f 100644
--- a/roles/dovecot/defaults/main/virtual.yml
+++ b/roles/dovecot/defaults/main/virtual.yml
@@ -4,4 +4,4 @@ virtual_mail_uid: virtual
virtual_mail_gid: virtual
virtual_mail_home: /home/virtual
virtual_mail_user_home: /home/virtual/%d/%n
-virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir
+virtual_mail_location: maildir:~/Maildir
diff --git a/roles/dovecot/meta/argument_specs.yml b/roles/dovecot/meta/argument_specs.yml
new file mode 100644
index 0000000..9eabbe2
--- /dev/null
+++ b/roles/dovecot/meta/argument_specs.yml
@@ -0,0 +1,188 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure Dovecot.
+ description:
+ - "Install and configure the L(Dovecot,https://www.dovecot.org/) IMAP server."
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::dovecot:virtual): Create user and group for virtual mail ownership."
+ - "C(role::dovecot:install): Install Dovecot from distribution packages."
+ - "C(role::dovecot:config): Render the Dovecot configuration file."
+ - "C(role::dovecot): Apply all of the above."
+ author: s3lph
+ options:
+ dovecot_imap_greeting:
+ descrption:
+ - The greeting message displayed to clients.
+ type: str
+ default: "Dovecot ready."
+ dovecot_hostname:
+ description:
+ - >-
+ The hostname to be used in email messages sent out by the local delivery agent (such as the Message-ID:
+ header) and in LMTP replies.
+ type: str
+ default: "{{ inventory_hostname }}"
+ dovecot_lmtp_postmaster_address:
+ description:
+ - The From address from which email rejection messages (bounces) are sent.
+ type: str
+ default: root@localhost
+ dovecot_imap_mail_max_userip_connections:
+ description:
+ - The maximum number of IMAP connections allowed for a user from each IP address.
+ type: int
+ default: 10
+
+ dovecot_tls_cert_filename:
+ description:
+ - The PEM-encoded X.509 SSL/TLS certificate presented for incoming imap/pop3/etc. client connections.
+ type: str
+ default: /etc/ssl/certs/ssl-cert-snakeoil.pem
+ dovecot_tls_key_filename:
+ description:
+ - The PEM-encoded X.509 SSL/TLS private key for ssl_cert.
+ type: str
+ default: /etc/ssl/private/ssl-cert-snakeoil.key
+ dovecot_tls_dh_filename:
+ description:
+ - As of Dovecot v2.3, the path to the Diffie-Hellman parameters file must be provided.
+ - This setting isn’t needed if using only ECDSA certificates.
+ type: str
+ default: /usr/share/dovecot/dh.pem
+
+ dovecot_tls_min_version:
+ description:
+ - The minimum SSL protocol version Dovecot accepts.
+ - This setting is used for both incoming and outgoing SSL connections.
+ type: str
+ default: TLSv1.2
+ dovecot_tls_cipher_list:
+ description:
+ - The list of SSL ciphers to use for TLSv1.2 and below connections, in order of preference.
+ type: str
+ default: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305" # noqa yaml[line-length]
+
+ virtual_mail_uid:
+ description:
+ - This setting indicates the system userid used for accessing mail messages.
+ - If you use multiple values here, userdb can override them by returning UID or GID fields.
+ - You can use either numeric IDs or usernames here.
+ type: str
+ default: virtual
+ virtual_mail_gid:
+ description:
+ - The system group ID used for accessing mail messages.
+ - Can be either numeric IDs or group names.
+ - If you use multiple values here, userdb can override them by returning the gid field.
+ type: str
+ default: virtual
+ virtual_mail_home:
+ description:
+ - System home directory of the virtual mail user.
+ - "Note: This is NOT Dovecot's C(mail_home). See O(virtual_mail_user_home) instead."
+ type: str
+ default: /home/virtual
+ virtual_mail_user_home:
+ description:
+ - Home directory is a per-user directory where Dovecot can save user-specific files.
+ - Never configure your userdb to return the same home directory for multiple users.
+ - Home directory must be an absolute path.
+ type: str
+ default: /home/virtual/%d/%n
+ virtual_mail_location:
+ description:
+ - This setting indicates the location for users’ mailboxes.
+ - See U(upstream documentation,https://doc.dovecot.org/2.3/configuration_manual/mail_location/#mail-location-settings).
+ type: str
+ default: maildir:~/Maildir
+
+ dovecot_master_passdb_enable:
+ description:
+ - C(true) if a master passdb should be created.
+ - C(false) otherwise.
+ type: bool
+ default: false
+ dovecot_master_passdb:
+ description:
+ - Contents of the C(passwd-file) for the master passdb.
+ - 'Dictionary of C(username: "{SCHEME}passwordhash") pairs.'
+ type: dict
+ default: {}
+ dovecot_master_user_separator:
+ description:
+ - >-
+ The separator to use to enable master users to login by specifying the master username within the normal
+ username string.
+ type: str
+ default: ";"
+
+ dovecot_postfix_auth_socket_filename:
+ description:
+ - Path to the SASL auth UNIX socket to create for Postfix.
+ type: str
+ default: /var/spool/postfix/private/auth
+ dovecot_postfix_auth_socket_mode:
+ description:
+ - Filesystem permissions for the Postfix SASL auth UNIX socket.
+ type: str
+ default: "0600"
+ dovecot_postfix_auth_socket_owner:
+ description:
+ - Name of the owner of the Postfix SASL auth UNIX socket.
+ type: str
+ default: postfix
+ dovecot_postfix_auth_socket_group:
+ description:
+ - Name of the group of the Postfix SASL auth UNIX socket.
+ type: str
+ default: postfix
+
+ dovecot_postfix_lmtp_socket_filename:
+ description:
+ - Path to the LMTP UNIX socket for use by Postfix.
+ type: str
+ default: /var/spool/postfix/private/dovecot-lmtp
+ dovecot_postfix_lmtp_socket_mode:
+ description:
+ - Filesystem permissions for the Postfix LMTP UNIX socket.
+ type: str
+ default: "0600"
+ dovecot_postfix_lmtp_socket_owner:
+ description:
+ - Name of the owner of the Postfix LMTP UNIX socket.
+ type: str
+ default: postfix
+ dovecot_postfix_lmtp_socket_group:
+ description:
+ - Name of the group of the Postfix LMTP UNIX socket.
+ type: str
+ default: postfix
+
+ dovecot_enable_pigeonhole:
+ description:
+ - C(true) if the Pigeonhole Sieve plugin should be enabled.
+ - C(false) otherwise.
+ type: bool
+ default: false
+ dovecot_enable_pigeonhole_managesieve:
+ description:
+ - C(true) if the Pigeonhole ManageSieve service should be enabled.
+ - C(false) otherwise.
+ type: bool
+ default: false
+ dovecot_pigeonhole_sieve:
+ description:
+ - The location of the user’s main Sieve script or script storage.
+ - The LDA Sieve plugin uses this to find the active script for Sieve filtering at delivery.
+ type: str
+ default: "file:~/sieve;active=~/.dovecot.sieve"
+ dovecot_additional_config:
+ description:
+ - Wildcard option to append arbitrary options to the Dovecot configuration.
+ - Can be used to configure settings not covered by this role.
+ type: str
+ default: ""
diff --git a/roles/easywks/README.md b/roles/easywks/README.md
new file mode 100644
index 0000000..7894373
--- /dev/null
+++ b/roles/easywks/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.easywks
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/easywks/defaults/main.yml b/roles/easywks/defaults/main.yml
index 3984687..044a676 100644
--- a/roles/easywks/defaults/main.yml
+++ b/roles/easywks/defaults/main.yml
@@ -1,7 +1,5 @@
---
-easywks_download: true
-
easywks_config: ""
easywks_service_http_enabled: true
easywks_service_lmtp_enabled: true
diff --git a/roles/easywks/meta/argument_specs.yml b/roles/easywks/meta/argument_specs.yml
new file mode 100644
index 0000000..033aaf6
--- /dev/null
+++ b/roles/easywks/meta/argument_specs.yml
@@ -0,0 +1,38 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure EasyWKS.
+ description:
+ - "Install and configure L(EasyWKS,https://git.kabelsalat.ch/s3lph/easywks)."
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::easywks:install): Install EasyWKS from distribution packages or upstream repositories."
+ - "C(role::easywks:config): Render the EasyWKS configuration file."
+ - "C(role::easywks): Apply all of the above."
+ author: s3lph
+ options:
+ easywks_config:
+ description:
+ - The entire EasyWKS configuration file in a string.
+ type: str
+ default: ""
+ easywks_service_http_enabled:
+ description:
+ - "If C(true), start and enable the EasyWKS HTTP service."
+ - "If C(false), stop and disable the EasyWKS HTTP service."
+ type: bool
+ default: true
+ easywks_service_lmtp_enabled:
+ description:
+ - "If C(true), start and enable the EasyWKS LMTP service."
+ - "If C(false), stop and disable the EasyWKS LMTP service."
+ type: bool
+ default: true
+ easywks_service_dnsd_enabled:
+ description:
+ - "If C(true), start and enable the EasyWKS LMTP service."
+ - "If C(false), stop and disable the EasyWKS LMTP service."
+ type: bool
+ default: true
diff --git a/roles/easywks/tasks/install.yml b/roles/easywks/tasks/install.yml
index cb96250..d15e05a 100644
--- a/roles/easywks/tasks/install.yml
+++ b/roles/easywks/tasks/install.yml
@@ -1,26 +1,10 @@
---
-- name: Install easywks from system package sources
+- name: Install EasyWKS repository
+ ansible.builtin.apt:
+ deb: https://git.kabelsalat.ch/s3lph/-/packages/debian/repo.s3lph.me-apt-source/0.2-2/files/3003
+
+- name: Install EasyWKS
ansible.builtin.apt:
name: easywks
- notify:
- - Restart easywks-http
- - Restart easywks-lmtp
- - Restart easywks-dnsd
- when: "not easywks_download"
-
-- name: Get easywks package url
- ansible.builtin.uri:
- # https://gitlab.com/s3lph/easywks
- url: "https://gitlab.com/api/v4/projects/29907182/releases"
- return_content: true
- register: "register_easywks_gitlab_releases"
- changed_when: false
- when: "easywks_download"
-
-- name: Install easywks from upstream release
- ansible.builtin.apt:
- deb: "{{ url }}"
- vars:
- url: "{{ (register_easywks_gitlab_releases.json[0].assets.links | selectattr('name', 'equalto', 'Debian Package'))[0].direct_asset_url }}"
- when: "easywks_download"
+ update_cache: true
diff --git a/roles/getaddrinfo/README.md b/roles/getaddrinfo/README.md
new file mode 100644
index 0000000..4dfcc76
--- /dev/null
+++ b/roles/getaddrinfo/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.getaddrinfo
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/mailman/README.md b/roles/mailman/README.md
new file mode 100644
index 0000000..1072485
--- /dev/null
+++ b/roles/mailman/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.mailman
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/mailman/meta/argument_specs.yml b/roles/mailman/meta/argument_specs.yml
new file mode 100644
index 0000000..8b7e7f0
--- /dev/null
+++ b/roles/mailman/meta/argument_specs.yml
@@ -0,0 +1,519 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure Mailman 3.
+ description:
+ - Install and configure the L(Mailman 3,https://docs.mailman3.org/en/latest/) mailing list manager.
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::mailman:install): Install Mailman 3 from distribution packages"
+ - "C(role::mailman:config): Configure Mailman 3."
+ - "C(role::mailman:templates): Override Mailman 3 Django templates."
+ - "C(role::mailman:bootstrap): Create mailman3 databases and admin users. Tagged with C(never)."
+ - "C(role::mailman:privacy): Create hyperkitty cleanup cronjob."
+ - "C(role::knot): Apply all of the above."
+ author: s3lph
+ options:
+ mailman_noreply_address:
+ description:
+ - >-
+ Local-part of an email address used in the From field whenever a message comes from some entity to which
+ there is no natural reply recipient.
+ - "Mailman will append '@' and the host name of the list involved."
+ - "This address must not bounce and it must not point to a Mailman process."
+ type: str
+ default: noreply
+ mailman_default_language:
+ description:
+ - The default language for this server.
+ type: str
+ default: en
+ mailman_sender_headers:
+ description:
+ - Membership tests for posting purposes.
+ - Headers are checked in the order given in this variable.
+ - The value C(From_) means to use the envelope sender.
+ - Field names are case insensitive.
+ type: list
+ elements: str
+ default: [from, from_, reply-to, sender]
+ mailman_email_commands_max_lines:
+ description:
+ - Mail command processor will ignore mail command lines after designated max.
+ type: int
+ default: 10
+ mailman_pending_request_life:
+ description:
+ - Default length of time a pending request is live before it is evicted from the pending database.
+ type: str
+ default: 3d
+ mailman_cache_life:
+ description:
+ - How long should files be saved before they are evicted from the cache?
+ type: str
+ default: 7d
+ mailman_pre_hook:
+ description:
+ - A callable to run with no arguments early in the initialization process.
+ type: str
+ default: ""
+ mailman_post_hook:
+ description:
+ - A callable to run with no arguments late in the initialization process.
+ type: str
+ default: ""
+ mailman_filtered_messages_are_preservable:
+ description:
+ - Can MIME filtered messages be preserved by list owners?
+ type: str
+ default: "no"
+ mailman_html_to_plain_text_command:
+ description:
+ - How should html parts be converted to text/plain when the mailing list is set to convert HTML to plaintext?
+ - This names a command to be called, where the substitution variable $filename is filled in by Mailman.
+ - The command should print the converted text to stdout.
+ type: str
+ default: "/usr/bin/lynx -dump $filename"
+ mailman_listname_chars:
+ description:
+ - Specify what characters are allowed in list names.
+ type: str
+ default: "-_.0-9a-z"
+
+ mailman_shell_prompt:
+ description:
+ - Customize the interpreter prompt.
+ type: str
+ default: ">>>"
+ mailman_shell_banner:
+ description:
+ - Banner to show on startup.
+ type: str
+ default: Welcome to the GNU Mailman shell
+ mailman_shell_use_ipython:
+ description:
+ - Use IPython as the shell, which must be found on the system.
+ - Valid values are C(no), C(yes), and C(debug).
+ type: str
+ default: "no"
+ mailman_shell_history_file:
+ description:
+ - Set this to allow for command line history if readline is available.
+ type: str
+ default: ""
+
+ mailman_mariadb_user:
+ description:
+ - Local part of the username for the database connection URI.
+ - See O(mailman_database_url).
+ type: str
+ default: mailman
+ mailman_mariadb_user_host:
+ description:
+ - Host part of the username.
+ - This is only used to bootstrap the database user. There should not be a need to change this.
+ type: str
+ default: localhost
+ mailman_mariadb_password:
+ description:
+ - Password for the database connection URI.
+ - See O(mailman_database_url).
+ type: str
+ required: true
+ mailman_mariadb_host:
+ description:
+ - Hostname for the database connection URI.
+ - See O(mailman_database_url).
+ type: str
+ default: localhost
+ mailman_mariadb_port:
+ description:
+ - Port for the database connection URI.
+ - See O(mailman_database_url).
+ type: int
+ default: 3306
+ mailman_mariadb_database:
+ description:
+ - Database schema name for the database connection URI.
+ - See O(mailman_database_url).
+ type: str
+ default: mailman
+
+ mailman_database_class:
+ description:
+ - Class name of the database driver.
+ - If the default is changed, O(mailman_database_url) must be provided directly.
+ type: str
+ default: mailman.database.mysql.MySQLDatabase
+ mailman_database_url:
+ description:
+ - Database connection URI.
+ - "If PyMySQL is used, it is recommended to set the following options instead:"
+ - O(mailman_mariadb_user)
+ - O(mailman_mariadb_password)
+ - O(mailman_mariadb_host)
+ - O(mailman_mariadb_port)
+ - O(mailman_mariadb_database)
+ type: str
+ default: "mysql+pymysql://{{ mailman_mariadb_user }}:{{ mailman_mariadb_password }}@{{ mailman_mariadb_host }}:{{ mailman_mariadb_port }}/{{ mailman_mariadb_database }}?charset=utf8mb4&use_unicode=1" # noqa yaml[line-length]
+ mailman_database_debug:
+ description:
+ - Enable debug logging for the database connection.
+ type: str
+ default: "no"
+
+ mailman_logging_format:
+ description:
+ - Overrides the default log format string.
+ type: str
+ default: "%(asctime)s (%(process)d) %(message)s"
+ mailman_logging_datefmt:
+ description:
+ - Overrides the default log date format string.
+ type: str
+ default: "%b %d %H:%M:%S %Y"
+ mailman_logging_propagate:
+ description:
+ - 'Boolean specifying whether to propagate log message from this logger to the root "mailman" logger.'
+ type: str
+ default: "no"
+ mailman_logging_level:
+ description:
+ - Overrides the default level.
+ - This may be any of the standard Python logging levels, case insensitive.
+ type: str
+ default: "info"
+ mailman_loggging_path:
+ description:
+ - Overrides the default logger path.
+ - "This may be a relative path name, in which case it is relative to Mailman's LOG_DIR."
+ type: str
+ default: "mailman.log"
+
+ mailman_webservice_hostname:
+ description:
+ - The hostname at which admin web service resources are exposed.
+ type: str
+ default: localhost
+ mailman_webservice_port:
+ description:
+ - The port at which the admin web service resources are exposed.
+ type: int
+ default: 8001
+ mailman_webservice_use_https:
+ description:
+ - Whether or not requests to the web service are secured through SSL.
+ type: str
+ default: "no"
+ mailman_webservice_show_tracebacks:
+ description:
+ - Whether or not to show tracebacks in an HTTP response for a request that raised an exception.
+ type: str
+ default: "yes"
+ mailman_webservice_api_version:
+ description:
+ - The API version number for the current (highest) API.
+ type: str
+ default: "3.1"
+ mailman_webservice_admin_user:
+ description:
+ - The administrative username.
+ type: str
+ default: restadmin
+ mailman_webservice_admin_pass:
+ description:
+ - The administrative password.
+ type: str
+ required: true
+
+ mailman_mta_incoming:
+ description:
+ - The class defining the interface to the incoming mail transport agent.
+ type: str
+ default: mailman.mta.postfix.LMTP
+ mailman_mta_outgoing:
+ description:
+ - The callable implementing delivery to the outgoing mail transport agent.
+ type: str
+ default: mailman.mta.deliver.deliver
+ mailman_mta_smtp_host:
+ description:
+ - SMTP host for outgoing MTA.
+ type: str
+ default: localhost
+ mailman_mta_smtp_port:
+ description:
+ - SMTP port for outgoing MTA.
+ type: int
+ default: 25
+ mailman_mta_smtp_user:
+ description:
+ - SMTP username for outgoing MTA.
+ type: str
+ default: ""
+ mailman_mta_smtp_pass:
+ description:
+ - SMTP password for outgoing MTA.
+ type: str
+ default: ""
+ mailman_mta_lmtp_host:
+ description:
+ - Hostname where the LMTP server listens for connections.
+ type: str
+ default: 127.0.0.1
+ mailman_mta_lmtp_port:
+ description:
+ - Port where the LMTP server listens for connections.
+ type: int
+ default: 8024
+ mailman_mta_configuration:
+ description:
+ - Where can we find the mail server specific configuration file?
+ - The path can be either a file system path or a Python import path.
+ type: str
+ default: python:mailman.config.postfix
+ mailman_mta_remove_dkim_headers:
+ description:
+ - If C(true), remove DKIM signatures from incoming messages.
+ type: bool
+ default: true
+ mailman_mta_additional_config:
+ description:
+ - Wildcard option to append arbitrary additional configuration.
+ - Can be used to configure settings not covered by this role.
+ type: str
+ default: ""
+
+ mailman_hyperkitty_enabled:
+ description:
+ - If C(true), enable the Hyperkitty mailing list archiver.
+ - If C(false), disable the Hyperkitty mailing list archiver.
+ type: bool
+ default: true
+ mailman_hyperkitty_localhost_base_url:
+ description:
+ - This address will be used by Mailman to forward incoming emails to HyperKitty.
+ type: str
+ default: http://localhost/hyperkitty/
+ mailman_hyperkitty_api_acl:
+ description:
+ - Hyperkitty will only accept API connections from these hosts.
+ type: list
+ elements: str
+ default: ["127.0.0.1", "::1"]
+
+
+ mailman_web_secret_key:
+ description:
+ - "SECURITY WARNING: keep the secret key used in production secret!"
+ type: str
+ required: true
+ mailman_web_admin_name:
+ description:
+ - Display name of the default mailman-web admin account.
+ type: str
+ default: Mailman Suite Admin
+ mailman_web_admin_email:
+ description:
+ - Email address of the default mailman-web admin account.
+ type: str
+ default: root@localhost
+ mailman_web_auth_socialaccounts:
+ description:
+ - List of social login provider plugins to enable.
+ type: list
+ elements: str
+ default: []
+ mailman_web_language:
+ description:
+ - Default language of mailman-web
+ type: str
+ default: en-us
+ mailman_web_timezone:
+ description:
+ - Default timezone of mailman-web
+ type: str
+ default: UTC
+ mailman_web_emailname:
+ description:
+ - Default domain for email addresses.
+ type: str
+ default: "{{ mailman_sitename }}"
+ mailman_web_compress_online:
+ description:
+ - On a production setup, setting COMPRESS_OFFLINE to True will bring a significant performance improvement.
+ type: bool
+ default: true
+ mailman_web_base_url:
+ description:
+ - Base URL for mailman-web
+ type: str
+ default: http://localhost/
+ mailman_web_static_url:
+ description:
+ - Path for static content of mailman-web
+ type: str
+ default: /static/
+ mailman_web_disable_gravatar:
+ description:
+ - If C(true), disable Gravatar integration.
+ - If C(false), enable Gravatar integration.
+ type: bool
+ default: true
+ mailman_web_disable_web_posting:
+ description:
+ - If C(true), disable posting from the Hyperkitty web interface.
+ - If C(false), enable web posting.
+ type: bool
+ default: true
+ mailman_web_database_engine:
+ description:
+ - Django database engine driver to use.
+ type: str
+ default: django.db.backends.mysql
+ mailman_web_database_name:
+ description:
+ - DB name or path to database file if using sqlite3.
+ type: str
+ default: 'mailman-web'
+ mailman_web_database_host:
+ description:
+ - Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
+ type: str
+ default: ''
+ mailman_web_database_port:
+ description:
+ - Set to empty string for default of the database driver.
+ type: str
+ default: ''
+ mailman_web_database_user:
+ description:
+ - Username for the database.
+ type: str
+ default: 'mailman-web'
+ mailman_web_database_password:
+ description:
+ - Password for the database.
+ type: str
+ required: true
+ mailman_web_database_user_host:
+ description:
+ - Host part of the username.
+ - This is only used to bootstrap the database user. There should not be a need to change this.
+ type: str
+ default: 'localhost'
+ mailman_web_database_options:
+ description:
+ - Extra parameters to use when connecting to the database.
+ type: dict
+ default:
+ charset: utf8mb4
+ init_command: "SET sql_mode='STRICT_TRANS_TABLES'"
+ mailman_web_rest_api_url:
+ description:
+ - Local mailman-web API endpoint
+ type: str
+ default: http://localhost:8001
+ mailman_web_allowed_hosts:
+ description:
+ - See U(https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts)
+ type: list
+ elements: str
+ default: ["{{ mailman_sitename }}"]
+
+ mailman_database_postfix_user:
+ description:
+ - Local part of the database username used by Postfix.
+ type: str
+ default: mailman-postfix
+ mailman_database_postfix_password:
+ description:
+ - Database password used by Postfix.
+ type: str
+ required: true
+ mailman_database_postfix_user_host:
+ description:
+ - Host part of the database username used by Postfix.
+ - This is only used to bootstrap the database user. There should not be a need to change this.
+ type: str
+ default: localhost
+ mailman_database_postfix_hosts:
+ description:
+ - Hostname or socket path of the database used by Postfix.
+ type: str
+ default: "unix:/run/mysqld/mysqld.sock"
+
+ mailman_mariadb_bootstrap_host:
+ description:
+ - Database hostname to connect to for initializing the schema and user accounts.
+ - Must be provided even if O(mailman_mariadb_bootstrap_socket) is set.
+ type: str
+ default: ''
+ mailman_mariadb_bootstrap_port:
+ description:
+ - Database port to connect to for initializing the schema and user accounts.
+ - Must be provided even if O(mailman_mariadb_bootstrap_socket) is set.
+ type: str
+ default: 0
+ mailman_mariadb_bootstrap_socket:
+ description:
+ - Database UNIX socket to connect to for initializing the schema and user accounts.
+ type: str
+ default: /run/mysqld/mysqld.sock
+ mailman_mariadb_bootstrap_login_user:
+ description:
+ - Database admin user to connect with for initializing the schema and user accounts.
+ type: str
+ default: root
+ mailman_mariadb_bootstrap_login_password:
+ description:
+ - Database admin password to connect with for initializing the schema and user accounts.
+ - Not used if UNIX socket authentication is used.
+ type: str
+ default: ''
+ mailman_superuser_name:
+ description:
+ - Name of the mailman-web Django superuser
+ type: str
+ default: root
+ mailman_superuser_email:
+ description:
+ - Email address of the mailman-web Django superuser
+ type: str
+ required: true
+ mailman_superuser_password:
+ description:
+ - Password of the mailman-web Django superuser
+ type: str
+ required: true
+
+ mailman_web_override_templates:
+ description:
+ - If C(true), upload some files from the Ansible controller to override mailman-web builtins.
+ - Setting this option to C(false) afterwards does NOT remove the overrides.
+ - See O(mailman_web_override_templates_path) and O(mailman_web_override_static_path).
+ type: bool
+ default: false
+ mailman_web_override_templates_path:
+ description:
+ - Directory on the Ansible controller from where to load overridden templates.
+ type: str
+ default: "{{ playbook_dir }}/templates/override"
+ mailman_web_override_static_path:
+ description:
+ - Directory on the Ansible controller from where to load overridden static files.
+ type: str
+ default: "{{ playbook_dir }}/static/override"
+ mailman_web_hyperkitty_cleanup_cron:
+ description:
+ - When to run the Hyperkitty cleanup job.
+ - See O(mailman_web_privacy_enhancements).
+ type: str
+ default: '0 * * * *'
+ mailman_web_privacy_enhancements:
+ description:
+ - If C(true), enable a cronjob that removes entries from the access log table of Hyperkitty.
+ type: bool
+ default: false
diff --git a/roles/mtasts/README.md b/roles/mtasts/README.md
new file mode 100644
index 0000000..a7f286e
--- /dev/null
+++ b/roles/mtasts/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.mtasts
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/mtasts/meta/argument_specs.yml b/roles/mtasts/meta/argument_specs.yml
new file mode 100644
index 0000000..6c8869c
--- /dev/null
+++ b/roles/mtasts/meta/argument_specs.yml
@@ -0,0 +1,47 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Configure a MTA-STS policy file.
+ description:
+ - Configure a L(MTA-STS,https://datatracker.ietf.org/doc/html/rfc8461) policy file.
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::mtasts:config): Create the MTA-STS policy file"
+ - "C(role::mtasts): Apply all of the above."
+ author: s3lph
+ options:
+ mtasts_policyfile_name:
+ description:
+ - Path of the MTA-STS policy file to create.
+ type: str
+ default: /var/www/html/.well-known/mta-sts.txt
+ mtasts_policyfile_owner:
+ description:
+ - Owner of the MTA-STS policy file.
+ type: str
+ default: www-data
+ mtasts_policyfile_group:
+ description:
+ - Group of the MTA-STS policy file.
+ type: str
+ default: www-data
+ mtasts_mode:
+ description:
+ - One of C(enforce), C(testing), or C(none)
+ - Indicating the expected behavior of a Sending MTA in the case of a policy validation failure.
+ type: str
+ default: testing
+ mtasts_mxs:
+ description:
+ - One or more patterns matching allowed MX hosts for the Policy Domain.
+ type: list
+ elements: str
+ default: ["{{ ansible_facts.fqdn }}"]
+ mtasts_maxage:
+ description:
+ - Max lifetime of the policy.
+ - Well-behaved clients SHOULD cache a policy for up to this value from the last policy fetch time.
+ type: int
+ default: 604800
diff --git a/roles/multischleuder/README.md b/roles/multischleuder/README.md
new file mode 100644
index 0000000..27f8a81
--- /dev/null
+++ b/roles/multischleuder/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.multischleuder
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/multischleuder/defaults/main.yml b/roles/multischleuder/defaults/main.yml
index bf3fea8..4bc504a 100644
--- a/roles/multischleuder/defaults/main.yml
+++ b/roles/multischleuder/defaults/main.yml
@@ -1,6 +1,5 @@
---
-multischleuder_download: true
multischleuder_service_enabled: true
multischleuder_config: |
diff --git a/roles/multischleuder/meta/argument_specs.yml b/roles/multischleuder/meta/argument_specs.yml
new file mode 100644
index 0000000..2154890
--- /dev/null
+++ b/roles/multischleuder/meta/argument_specs.yml
@@ -0,0 +1,24 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure Multischleuder.
+ description:
+ - Install and configure L(Multischleuder,https://git.kabelsalat.ch/s3lph/multischleuder).
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::multischleuder:install): Install Multischleuder."
+ - "C(role::multischleuder:config): Render the Multischleuder configuration file."
+ - "C(role::multischleuder): Apply all of the above."
+ author: s3lph
+ options:
+ multischleuder_service_enabled:
+ description:
+ - Whether to enable the Multischleuder systemd timer.
+ type: bool
+ default: true
+ multischleuder_config:
+ description:
+ - The contents of the Multischleuder config file as a single string.
+ type: str
diff --git a/roles/multischleuder/tasks/install.yml b/roles/multischleuder/tasks/install.yml
index f7a76fc..a2c63ea 100644
--- a/roles/multischleuder/tasks/install.yml
+++ b/roles/multischleuder/tasks/install.yml
@@ -1,22 +1,11 @@
---
-- name: Install multischleuder from system package sources
+- name: Install multischleuder repository
+ ansible.builtin.apt:
+ deb: https://git.kabelsalat.ch/s3lph/-/packages/debian/repo.s3lph.me-apt-source/0.2-2/files/3003
+
+- name: Install multischleuder
ansible.builtin.apt:
name: multischleuder
+ update_cache: true
when: "not multischleuder_download"
-
-- name: Get multischleuder package url
- ansible.builtin.uri:
- # https://gitlab.com/s3lph/multischleuder
- url: "https://gitlab.com/api/v4/projects/35309982/releases"
- return_content: true
- register: "register_multischleuder_gitlab_releases"
- changed_when: false
- when: "multischleuder_download"
-
-- name: Install multischleuder from upstream release
- ansible.builtin.apt:
- deb: "{{ url }}"
- vars:
- url: "{{ (register_multischleuder_gitlab_releases.json[0].assets.links | selectattr('name', 'equalto', 'Debian Package'))[0].direct_asset_url }}"
- when: "multischleuder_download"
diff --git a/roles/opendkim/README.md b/roles/opendkim/README.md
new file mode 100644
index 0000000..5872750
--- /dev/null
+++ b/roles/opendkim/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.opendkim
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/opendkim/defaults/main.yml b/roles/opendkim/defaults/main.yml
index bbf5dfd..2847cf2 100644
--- a/roles/opendkim/defaults/main.yml
+++ b/roles/opendkim/defaults/main.yml
@@ -1,7 +1,5 @@
---
-opendkim_testmode: false
-
opendkim_syslog: true
opendkim_syslog_success: true
opendkim_log_why: false
diff --git a/roles/opendkim/meta/argument_specs.yml b/roles/opendkim/meta/argument_specs.yml
new file mode 100644
index 0000000..07c5799
--- /dev/null
+++ b/roles/opendkim/meta/argument_specs.yml
@@ -0,0 +1,72 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure OpenDKIM.
+ description:
+ - Install and configure L(OpenDKIM,http://opendkim.org/).
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::opendkim:install): Install OpenDKIM"
+ - "C(role::opendkim:config): Render the OpenDKIM configuration file."
+ - "C(role::opendkim): Apply all of the above."
+ author: s3lph
+ options:
+ opendkim_syslog:
+ description:
+ - Log via calls to C(syslog(3)) any interesting activity.
+ type: bool
+ default: true
+ opendkim_syslog_success:
+ description:
+ - Log via calls to C(syslog(3)) additional entries indicating successful signing or verification of messages.
+ type: bool
+ default: true
+ opendkim_log_why:
+ description:
+ - >-
+ If logging is enabled, issues very detailed logging about the logic behind the filters decision to either
+ sign a message or verify it.
+ type: bool
+ default: false
+ opendkim_canonicalization:
+ description:
+ - Selects the canonicalization method(s) to be used when signing messages.
+ type: str
+ default: relaxed/relaxed
+ opendkim_mode:
+ description:
+ - Selects operating modes.
+ - The string is a concatenation of characters that indicate which mode(s) of operation are desired.
+ - Valid modes are C(s) (signer) and C(v) (verifier).
+ type: str
+ default: sv
+ opendkim_subdomains:
+ description:
+ - Sign subdomains of those listed by the Domain parameter as well as the actual domains.
+ type: bool
+ default: false
+ opendkim_oversign_headers:
+ description:
+ - >-
+ Specifies a set of header fields that should be included in all signature header lists once more than the
+ number of times they were actually present in the signed message.
+ type: str
+ default: From
+ opendkim_selector:
+ description:
+ - Defines the name of the selector to be used when signing messages.
+ type: str
+ default: mail
+ opendkim_socket:
+ description:
+ - Specifies the socket that should be established by the filter to receive connections from Postfix.
+ type: str
+ default: "local:/var/spool/postfix/opendkim/opendkim.sock"
+ opendkim_internal_hosts:
+ description:
+ - Identifies a set internal hosts whose mail should be signed rather than verified.
+ type: list
+ elements: str
+ default: ["127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12"]
diff --git a/roles/postfix/README.md b/roles/postfix/README.md
new file mode 100644
index 0000000..34216f9
--- /dev/null
+++ b/roles/postfix/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.postfix
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/postfix/meta/argument_specs.yml b/roles/postfix/meta/argument_specs.yml
new file mode 100644
index 0000000..3be5b73
--- /dev/null
+++ b/roles/postfix/meta/argument_specs.yml
@@ -0,0 +1,16 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure Knot.
+ description:
+ - Install and configure the L(Knot,https://knot.readthedocs.io/en/latest/index.html) authoritative namesever.
+ - Zones are configured through YAML hostvars, rather than simply deploying zone files.
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::knot:install): Install knot from distribution packages or upstream repositories."
+ - "C(role::knot:config): Render the Knot configuration file."
+ - "C(role::knot:zones): Render the zone files for which Knot is authoritative."
+ - "C(role::knot): Apply all of the above."
+ author: s3lph
diff --git a/roles/postfixadmin/README.md b/roles/postfixadmin/README.md
new file mode 100644
index 0000000..2a86692
--- /dev/null
+++ b/roles/postfixadmin/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.postfixadmin
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/postsrsd/README.md b/roles/postsrsd/README.md
new file mode 100644
index 0000000..3315cda
--- /dev/null
+++ b/roles/postsrsd/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.postsrsd
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/postsrsd/meta/argument_specs.yml b/roles/postsrsd/meta/argument_specs.yml
new file mode 100644
index 0000000..e105484
--- /dev/null
+++ b/roles/postsrsd/meta/argument_specs.yml
@@ -0,0 +1,71 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure PostSRSd.
+ description:
+ - Install and configure the L(PostSRSd,https://github.com/roehling/postsrsd) rewriting daemon.
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::postsrsd:install): Install PostSRSd."
+ - "C(role::postsrsd:config): Render the PostSRSd configuration file."
+ - "C(role::postsrsd): Apply all of the above."
+ author: s3lph
+ options:
+ postsrsd_domain:
+ description:
+ - Set domain name for rewrite.
+ type: str
+ required: true
+ postsrsd_exclude_domains:
+ description:
+ - Exclude additional domains from address rewriting.
+ type: list
+ elements: str
+ default: []
+ postsrsd_separator:
+ description:
+ - Set first separator character which can be one of C(-=+).
+ type: str
+ default: '='
+ postsrsd_secret:
+ description:
+ - Read secrets from file.
+ type: str
+ default: /etc/postsrsd.secret
+ postsrsd_hashlength:
+ description:
+ - Length of hash to be used in rewritten addresses.
+ type: str
+ default: 4
+ postsrsd_hashmin:
+ description:
+ - Minimum length of hash to accept when validating return addresses.
+ type: str
+ default: 4
+ postsrsd_forward_port:
+ description:
+ - Set port for the forward SRS lookup.
+ type: str
+ default: 10001
+ postsrsd_reverse_port:
+ description:
+ - Set port for the reverse SRS lookup.
+ type: str
+ default: 10002
+ postsrsd_runas:
+ description:
+ - Switch user id after port bind.
+ type: str
+ default: postsrsd
+ postsrsd_listen_addr:
+ description:
+ - Bind to this address.
+ type: str
+ default: 127.0.0.1
+ postsrsd_chroot:
+ description:
+ - Jail daemon in chroot environment.
+ type: str
+ default: /var/lib/postsrsd
diff --git a/roles/schleuder/README.md b/roles/schleuder/README.md
new file mode 100644
index 0000000..cc80f3f
--- /dev/null
+++ b/roles/schleuder/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.schleuder
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/spamassassin/README.md b/roles/spamassassin/README.md
new file mode 100644
index 0000000..eae9574
--- /dev/null
+++ b/roles/spamassassin/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.mailserver.spamassassin
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.