Initial commit of exim collection

Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>
2024-06-17 17:27:00 +02:00 · 2024-06-17 17:27:00 +02:00 · 8e9e00c15d
commit 8e9e00c15d
15 changed files with 317 additions and 0 deletions
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -0,0 +1,10 @@
+---
+steps:
+  - name: 'Check the repository with ansible-lint'
+    image: 'python:bookworm'
+    when:
+      - event: 'manual'
+      - event: 'push'
+    commands:
+      - 'pip -q install ansible-lint'
+      - 'ansible-lint'
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -0,0 +1,26 @@
+---
+extends: 'default'
+
+ignore:
+  - '.ansible/'
+
+rules:
+  braces:
+    max-spaces-inside: 1
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: false
+  document-start:
+    present: true
+  line-length:
+    max: 120
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
+  quoted-strings:
+    required: true
+    quote-type: 'single'
+  truthy:
+    allowed-values:
+      - 'true'
+      - 'false'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,5 @@
+# Changelog
+
+## 1.0.0
+
+* Initial Release
--- a/9
+++ b/9
@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2024 eNBeWe
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,11 @@
+# Ansible Collection - enbewe.exim
+
+Collecion for a exim mail relay.
+
+## Playbooks
+### enbewe.exim.deploy
+Deploys the role `enbewe.exim.exim` to the host group called `exim`.
+
+## Roles
+### enbewe.exim.exim
+Installs the exim mail server and configures it to relay mails to a smart host.
--- a/galaxy.yml
+++ b/galaxy.yml
@ -0,0 +1,66 @@
+---
+### REQUIRED
+# The namespace of the collection. This can be a company/brand/organization or product namespace under which all
+# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
+# underscores or numbers and cannot contain consecutive underscores
+namespace: 'enbewe'
+
+# The name of the collection. Has the same character restrictions as 'namespace'
+name: 'exim'
+
+# The version of the collection. Must be compatible with semantic versioning
+version: '1.0.0'
+
+# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
+readme: 'README.md'
+
+# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
+# @nicks:irc/im.site#channel'
+authors:
+  - 'Nis Wechselberg <enbewe+ansible@enbewe.de>'
+
+
+### OPTIONAL but strongly recommended
+# A short summary description of the collection
+description: 'Exim mail server relay'
+
+# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
+# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
+license:
+  - 'MIT'
+
+# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
+# requirements as 'namespace' and 'name'
+tags:
+  - 'linux'
+
+# Collections that this collection requires to be installed for it to be usable. The key of the dict is the
+# collection label 'namespace.name'. The value is a version range
+# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
+# range specifiers can be set and are separated by ','
+dependencies: {}
+
+# The URL of the originating SCM repository
+repository: 'https://git.enbewe.de/Coding/ansible-collection-exim'
+
+# The URL to any online docs
+# documentation: http://docs.example.com
+
+# The URL to the homepage of the collection/project
+# homepage: http://example.com
+
+# The URL to the collection issue tracker
+# issues: http://example.com/issue/tracker
+
+# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
+# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
+# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
+# and '.git' are always filtered. Mutually exclusive with 'manifest'
+# build_ignore: []
+
+# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
+# list of MANIFEST.in style
+# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
+# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
+# with 'build_ignore'
+# manifest: null
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@ -0,0 +1,52 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+requires_ansible: '>=2.18.0'
+
+# Content that Ansible needs to load from another location or that has
+# been deprecated/removed
+# plugin_routing:
+#   action:
+#     redirected_plugin_name:
+#       redirect: ns.col.new_location
+#     deprecated_plugin_name:
+#       deprecation:
+#         removal_version: "4.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#     removed_plugin_name:
+#       tombstone:
+#         removal_version: "2.0.0"
+#         warning_text: |
+#           See the porting guide on how to update your playbook to
+#           use ns.col.another_plugin instead.
+#   become:
+#   cache:
+#   callback:
+#   cliconf:
+#   connection:
+#   doc_fragments:
+#   filter:
+#   httpapi:
+#   inventory:
+#   lookup:
+#   module_utils:
+#   modules:
+#   netconf:
+#   shell:
+#   strategy:
+#   terminal:
+#   test:
+#   vars:
+
+# Python import statements that Ansible needs to load from another location
+# import_redirection:
+#   ansible_collections.ns.col.plugins.module_utils.old_location:
+#     redirect: ansible_collections.ns.col.plugins.module_utils.new_location
+
+# Groups of actions/modules that take a common set of options
+# action_groups:
+#   group_name:
+#     - module1
+#     - module2
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@ -0,0 +1,5 @@
+---
+- name: 'Deploy exim mail server to host group'
+  hosts: 'exim'
+  roles:
+    - 'enbewe.exim.exim'
--- a/roles/exim/defaults/main.yml
+++ b/roles/exim/defaults/main.yml
@ -0,0 +1,5 @@
+---
+exim_other_hostnames: '{{ inventory_hostname }}'
+exim_local_interfaces: '127.0.0.1 ; ::1'
+exim_aliases: []
+exim_mail_addresses: []
--- a/roles/exim/handlers/main.yml
+++ b/roles/exim/handlers/main.yml
@ -0,0 +1,25 @@
+---
+- name: 'Reload exim services'
+  become: true
+  ansible.builtin.service:
+    daemon-reload: true
+
+- name: 'Regenerate aliases'
+  become: true
+  ansible.builtin.command:
+    cmd: 'newaliases'
+  changed_when: true
+
+- name: 'Regenerate exim config'
+  become: true
+  ansible.builtin.command:
+    cmd: '/usr/sbin/update-exim4.conf'
+  changed_when: true
+  notify:
+    - 'Restart exim service'
+
+- name: 'Restart exim service'
+  become: true
+  ansible.builtin.service:
+    name: 'exim4.service'
+    state: 'restarted'
--- a/roles/exim/tasks/main.yml
+++ b/roles/exim/tasks/main.yml
@ -0,0 +1,48 @@
+---
+- name: 'Install required software'
+  become: true
+  ansible.builtin.apt:
+    name: 'exim4-daemon-light'
+    state: 'present'
+
+- name: 'Deploy exim config config'
+  become: true
+  ansible.builtin.template:
+    src: 'update-exim4.conf.conf.j2'
+    dest: '/etc/exim4/update-exim4.conf.conf'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+  notify:
+    - 'Regenerate exim config'
+
+- name: 'Deploy client password'
+  become: true
+  ansible.builtin.template:
+    src: 'passwd.client.j2'
+    dest: '/etc/exim4/passwd.client'
+    owner: 'root'
+    group: 'Debian-exim'
+    mode: 'u=rw,g=r,o='
+  notify:
+    - 'Regenerate exim config'
+
+- name: 'Deploy mail senders'
+  become: true
+  ansible.builtin.template:
+    src: 'email-addresses.j2'
+    dest: '/etc/email-addresses'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+
+- name: 'Deploy mail aliases'
+  become: true
+  ansible.builtin.template:
+    src: 'aliases.j2'
+    dest: '/etc/aliases'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+  notify:
+    - 'Regenerate aliases'
--- a/roles/exim/templates/aliases.j2
+++ b/roles/exim/templates/aliases.j2
@ -0,0 +1,4 @@
+# /etc/aliases
+{% for mail in exim_aliases %}
+{{ mail.user }}:{{ mail.to }}
+{% endfor %}
--- a/roles/exim/templates/email-addresses.j2
+++ b/roles/exim/templates/email-addresses.j2
@ -0,0 +1,12 @@
+# This is /etc/email-addresses. It is part of the exim package
+#
+# This file contains email addresses to use for outgoing mail. Any local
+# part not in here will be qualified by the system domain as normal.
+#
+# It should contain lines of the form:
+#
+#user: someone@isp.com
+#otheruser: someoneelse@anotherisp.com
+{% for mail in exim_mail_addresses %}
+{{ mail.user }}:{{ mail.from }}
+{% endfor %}
--- a/roles/exim/templates/passwd.client.j2
+++ b/roles/exim/templates/passwd.client.j2
@ -0,0 +1,8 @@
+# password file used when the local exim is authenticating to a remote
+# host as a client.
+#
+# see exim4_passwd_client(5) for more documentation
+#
+# Example:
+### target.mail.server.example:login:password
+{{ exim_smarthost_host }}:{{ exim_smarthost_user }}:{{ exim_smarthost_password }}
--- a/roles/exim/templates/update-exim4.conf.conf.j2
+++ b/roles/exim/templates/update-exim4.conf.conf.j2
@ -0,0 +1,31 @@
+# /etc/exim4/update-exim4.conf.conf
+#
+# Edit this file and /etc/mailname by hand and execute update-exim4.conf
+# yourself or use 'dpkg-reconfigure exim4-config'
+#
+# Please note that this is _not_ a dpkg-conffile and that automatic changes
+# to this file might happen. The code handling this will honor your local
+# changes, so this is usually fine, but will break local schemes that mess
+# around with multiple versions of the file.
+#
+# update-exim4.conf uses this file to determine variable values to generate
+# exim configuration macros for the configuration file.
+#
+# Most settings found in here do have corresponding questions in the
+# Debconf configuration, but not all of them.
+#
+# This is a Debian specific file
+
+dc_eximconfig_configtype='satellite'
+dc_other_hostnames='{{ exim_other_hostnames }}'
+dc_local_interfaces='{{ exim_local_interfaces }}'
+dc_readhost='{{ exim_readhost }}'
+dc_relay_domains=''
+dc_minimaldns='false'
+dc_relay_nets=''
+dc_smarthost='{{ exim_smarthost_host }}::{{ exim_smarthost_port }}'
+CFILEMODE='644'
+dc_use_split_config='false'
+dc_hide_mailname='true'
+dc_mailname_in_oh='true'
+dc_localdelivery='mail_spool'