From 6300c5bc31047add88b982efa39d552b665d0228 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Mon, 19 Feb 2024 13:37:20 +0100 Subject: [PATCH] fix: fix paths and missing options for rh9 --- templates/etc/postfix/main.cf.j2 | 48 ++++++++++++++++++++++++++++++-- vars/redhat-9.yml | 1 + vars/redhat.yml | 1 + 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/templates/etc/postfix/main.cf.j2 b/templates/etc/postfix/main.cf.j2 index 1cb1b72..f2fee24 100644 --- a/templates/etc/postfix/main.cf.j2 +++ b/templates/etc/postfix/main.cf.j2 @@ -678,15 +678,59 @@ html_directory = no # manpage_directory: The location of the Postfix on-line manual pages. # manpage_directory = /usr/share/man +{% if __postfix_doc_directory is defined %} # sample_directory: The location of the Postfix sample configuration files. # This parameter is obsolete as of Postfix 2.1. # -sample_directory = /usr/share/doc/postfix-2.10.1/samples +sample_directory = {{ __postfix_doc_directory }}/samples # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES +readme_directory = {{ __postfix_doc_directory }}/README_FILES +{% endif %} +{% if ansible_os_family | lower == "redhat" and ansible_distribution_major_version is version('7', '>') %} + +# TLS CONFIGURATION +# +# Basic Postfix TLS configuration by default with self-signed certificate +# for inbound SMTP and also opportunistic TLS for outbound SMTP. + +# The full pathname of a file with the Postfix SMTP server RSA certificate +# in PEM format. Intermediate certificates should be included in general, +# the server certificate first, then the issuing CA(s) (bottom-up order). +# +smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem + +# The full pathname of a file with the Postfix SMTP server RSA private key +# in PEM format. The private key must be accessible without a pass-phrase, +# i.e. it must not be encrypted. +# +smtpd_tls_key_file = /etc/pki/tls/private/postfix.key + +# Announce STARTTLS support to remote SMTP clients, but do not require that +# clients use TLS encryption (opportunistic TLS inbound). +# +smtpd_tls_security_level = may + +# Directory with PEM format Certification Authority certificates that the +# Postfix SMTP client uses to verify a remote SMTP server certificate. +# +smtp_tls_CApath = /etc/pki/tls/certs + +# The full pathname of a file containing CA certificates of root CAs +# trusted to sign either remote SMTP server certificates or intermediate CA +# certificates. +# +smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt + +# Use TLS if this is supported by the remote SMTP server, otherwise use +# plaintext (opportunistic TLS outbound). +# +smtp_tls_security_level = may +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix +{% endif %} # SASL AUTH # Enable SASL authentication diff --git a/vars/redhat-9.yml b/vars/redhat-9.yml index f37a9b0..29dacef 100644 --- a/vars/redhat-9.yml +++ b/vars/redhat-9.yml @@ -6,3 +6,4 @@ __postfix_relay_packages: __postfix_relay_daemon_directory: /usr/libexec/postfix __postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-bundle.crt +__postfix_doc_directory: /usr/share/doc/postfix diff --git a/vars/redhat.yml b/vars/redhat.yml index 9812601..439fdf6 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -6,3 +6,4 @@ __postfix_relay_packages: __postfix_relay_daemon_directory: /usr/libexec/postfix __postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-bundle.crt +__postfix_doc_directory: /usr/share/doc/postfix-2.10.1