Merge pull request #11 from Oefenweb/sasl-password-maps

Sasl password maps
Oefenweb · May 21, 2015 · 4ab14a7 · 4ab14a7
2 parents 7029047 + c33b573
commit 4ab14a7
Show file tree

Hide file tree

Showing 10 changed files with 34 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ None
  * `postfix_relayport` [default: 587]: Relay port (on postfix_relayhost, if set)
  * `postfix_relaytls` [default: `false`]: Use TLS when sending with a relay host
  * `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username
- * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password
+ * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**
 
 ## Dependencies
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,5 @@
----
 # defaults file for postfix
+---
 postfix_install:
   - postfix
   - mailutils

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,8 +1,12 @@
----
 # handlers file for postfix
+---
 - name: restart postfix
   service:
     name: postfix
     state: restarted
+
 - name: new aliases
   command: newaliases
+
+- name: postmap sasl_passwd
+  command: postmap hash:/etc/postfix/sasl_passwd
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,5 +1,5 @@
----
 # meta file for postfix
+---
 galaxy_info:
   author: Mischa ter Smitten
   company: Oefenweb.nl B.V.
@@ -9,10 +9,13 @@ galaxy_info:
   platforms:
   - name: Ubuntu
     versions:
-    - all
+    - lucid
+    - precise
+    - trusty
   - name: Debian
     versions:
-    - all
+    - squeeze
+    - wheezy
   categories:
   - system
   - web

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,5 +1,5 @@
----
 # tasks file for postfix
+---
 - name: configure debconf
   debconf:
     name: "{{ item.name }}"
@@ -37,6 +37,19 @@
   notify: restart postfix
   tags: [configuration, postfix, postfix-configuration]
 
+- name: configure sasl username/password
+  template:
+    src: etc/postfix/sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    owner: root
+    group: root
+    mode: 0600
+  when: postfix_relayhost != false
+  notify:
+    - postmap sasl_passwd
+    - restart postfix
+  tags: [configuration, postfix, postfix-sasl-passwd]
+
 - name: configure aliases
   lineinfile:
     dest: /etc/aliases

diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2
@@ -41,7 +41,7 @@ inet_protocols = ipv4
 {% if postfix_relayhost %}
 relayhost = [{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}
 smtp_sasl_auth_enable = yes
-smtp_sasl_password_maps = static:{{ postfix_sasl_user }}:{{ postfix_sasl_password }}
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_sasl_security_options = noanonymous
 {% if postfix_relaytls %}
 smtp_use_tls = yes

diff --git a/templates/etc/postfix/sasl_passwd.j2 b/templates/etc/postfix/sasl_passwd.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+[{{ postfix_relayhost }}]:{{ postfix_relayhost_port }}	{{ postfix_sasl_user }}:{{ postfix_sasl_password }}
diff --git a/tests/test.yml b/tests/test.yml
@@ -1,5 +1,5 @@
----
 # test file for postfix
+---
 - hosts: localhost
   remote_user: root
   roles:

diff --git a/tests/vagrant.yml b/tests/vagrant.yml
@@ -1,5 +1,5 @@
----
 # test file for postfix
+---
 - hosts: all
   remote_user: vagrant
   sudo: true

diff --git a/vars/main.yml b/vars/main.yml
@@ -1,5 +1,5 @@
----
 # vars file for postfix
+---
 postfix_debconf_selections:
  - name: postfix
    question: postfix/main_mailer_type
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# {{ ansible_managed }}

		[{{ postfix_relayhost }}]:{{ postfix_relayhost_port }} {{ postfix_sasl_user }}:{{ postfix_sasl_password }}