fix: fix paths and missing options for rh9

templates/etc/postfix/main.cf.j2

@@ -678,15 +678,59 @@ html_directory = no
 # manpage_directory: The location of the Postfix on-line manual pages.
 #
 manpage_directory = /usr/share/man
+{% if __postfix_doc_directory is defined %}
 
 # sample_directory: The location of the Postfix sample configuration files.
 # This parameter is obsolete as of Postfix 2.1.
 #
-sample_directory = /usr/share/doc/postfix-2.10.1/samples
+sample_directory = {{ __postfix_doc_directory }}/samples
 
 # readme_directory: The location of the Postfix README files.
 #
-readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
+readme_directory = {{ __postfix_doc_directory }}/README_FILES
+{% endif %}
+{% if ansible_os_family | lower == "redhat" and ansible_distribution_major_version is version('7', '>') %}
+
+# TLS CONFIGURATION
+#
+# Basic Postfix TLS configuration by default with self-signed certificate
+# for inbound SMTP and also opportunistic TLS for outbound SMTP.
+
+# The full pathname of a file with the Postfix SMTP server RSA certificate
+# in PEM format. Intermediate certificates should be included in general,
+# the server certificate first, then the issuing CA(s) (bottom-up order).
+#
+smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
+
+# The full pathname of a file with the Postfix SMTP server RSA private key
+# in PEM format. The private key must be accessible without a pass-phrase,
+# i.e. it must not be encrypted.
+#
+smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
+
+# Announce STARTTLS support to remote SMTP clients, but do not require that
+# clients use TLS encryption (opportunistic TLS inbound).
+#
+smtpd_tls_security_level = may
+
+# Directory with PEM format Certification Authority certificates that the
+# Postfix SMTP client uses to verify a remote SMTP server certificate.
+#
+smtp_tls_CApath = /etc/pki/tls/certs
+
+# The full pathname of a file containing CA certificates of root CAs
+# trusted to sign either remote SMTP server certificates or intermediate CA
+# certificates.
+#
+smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
+
+# Use TLS if this is supported by the remote SMTP server, otherwise use
+# plaintext (opportunistic TLS outbound).
+#
+smtp_tls_security_level = may
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib64/postfix
+{% endif %}
 
 # SASL AUTH
 # Enable SASL authentication

vars/redhat-9.yml

@@ -6,3 +6,4 @@ __postfix_relay_packages:
 
 __postfix_relay_daemon_directory: /usr/libexec/postfix
 __postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-bundle.crt
+__postfix_doc_directory: /usr/share/doc/postfix

vars/redhat.yml

@@ -6,3 +6,4 @@ __postfix_relay_packages:
 
 __postfix_relay_daemon_directory: /usr/libexec/postfix
 __postfix_relay_smtp_tls_cafile: /etc/ssl/certs/ca-bundle.crt
+__postfix_doc_directory: /usr/share/doc/postfix-2.10.1