Merge remote-tracking branch 'origin/master' into pr-80

Oefenweb · Dec 30, 2020 · ec26e3e · ec26e3e
2 parents 22d0101 + 3e2ca1f
commit ec26e3e
Show file tree

Hide file tree

Showing 12 changed files with 147 additions and 102 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,4 +1,5 @@
-skip_list:
+warn_list:
+  - '106'
   - '204'
   - '405'
   - '601'
diff --git a/.travis.yml b/.travis.yml
@@ -1,18 +1,39 @@
 ---
 sudo: required
-dist: trusty
+dist: xenial
 
 language: python
-python: "2.7"
+python:
+  - "2.7"
+  - "3.5"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.10.1
+  - ANSIBLE_VERSION=2.10.0
+  - ANSIBLE_VERSION=2.9.14
+  - ANSIBLE_VERSION=2.9.13
+  - ANSIBLE_VERSION=2.9.12
+  - ANSIBLE_VERSION=2.9.11
+  - ANSIBLE_VERSION=2.9.10
+  - ANSIBLE_VERSION=2.9.9
+  - ANSIBLE_VERSION=2.9.8
+  - ANSIBLE_VERSION=2.9.7
+  - ANSIBLE_VERSION=2.9.6
   - ANSIBLE_VERSION=2.9.5
   - ANSIBLE_VERSION=2.9.4
   - ANSIBLE_VERSION=2.9.3
   - ANSIBLE_VERSION=2.9.2
   - ANSIBLE_VERSION=2.9.1
   - ANSIBLE_VERSION=2.9.0
+  - ANSIBLE_VERSION=2.8.16
+  - ANSIBLE_VERSION=2.8.15
+  - ANSIBLE_VERSION=2.8.14
+  - ANSIBLE_VERSION=2.8.13
+  - ANSIBLE_VERSION=2.8.12
+  - ANSIBLE_VERSION=2.8.11
+  - ANSIBLE_VERSION=2.8.10
+  - ANSIBLE_VERSION=2.8.9
   - ANSIBLE_VERSION=2.8.8
   - ANSIBLE_VERSION=2.8.7
   - ANSIBLE_VERSION=2.8.6
@@ -22,60 +43,18 @@ env:
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
-  - ANSIBLE_VERSION=2.7.16
-  - ANSIBLE_VERSION=2.7.15
-  - ANSIBLE_VERSION=2.7.14
-  - ANSIBLE_VERSION=2.7.13
-  - ANSIBLE_VERSION=2.7.12
-  - ANSIBLE_VERSION=2.7.11
-  - ANSIBLE_VERSION=2.7.10
-  - ANSIBLE_VERSION=2.7.9
-  - ANSIBLE_VERSION=2.7.8
-  - ANSIBLE_VERSION=2.7.7
-  - ANSIBLE_VERSION=2.7.6
-  - ANSIBLE_VERSION=2.7.5
-  - ANSIBLE_VERSION=2.7.4
-  - ANSIBLE_VERSION=2.7.3
-  - ANSIBLE_VERSION=2.7.2
-  - ANSIBLE_VERSION=2.7.1
-  - ANSIBLE_VERSION=2.7.0
-  - ANSIBLE_VERSION=2.6.20
-  - ANSIBLE_VERSION=2.6.19
-  - ANSIBLE_VERSION=2.6.18
-  - ANSIBLE_VERSION=2.6.17
-  - ANSIBLE_VERSION=2.6.16
-  - ANSIBLE_VERSION=2.6.15
-  - ANSIBLE_VERSION=2.6.14
-  - ANSIBLE_VERSION=2.6.13
-  - ANSIBLE_VERSION=2.6.12
-  - ANSIBLE_VERSION=2.6.11
-  - ANSIBLE_VERSION=2.6.10
-  - ANSIBLE_VERSION=2.6.9
-  - ANSIBLE_VERSION=2.6.8
-  - ANSIBLE_VERSION=2.6.7
-  - ANSIBLE_VERSION=2.6.6
-  - ANSIBLE_VERSION=2.6.5
-  - ANSIBLE_VERSION=2.6.4
-  - ANSIBLE_VERSION=2.6.3
-  - ANSIBLE_VERSION=2.6.2
-  - ANSIBLE_VERSION=2.6.1
-  - ANSIBLE_VERSION=2.6.0
-  - ANSIBLE_VERSION=2.5.15
-  - ANSIBLE_VERSION=2.5.14
-  - ANSIBLE_VERSION=2.5.13
-  - ANSIBLE_VERSION=2.5.12
-  - ANSIBLE_VERSION=2.5.11
-  - ANSIBLE_VERSION=2.5.10
-  - ANSIBLE_VERSION=2.5.9
-  - ANSIBLE_VERSION=2.5.8
-  - ANSIBLE_VERSION=2.5.7
-  - ANSIBLE_VERSION=2.5.6
-  - ANSIBLE_VERSION=2.5.5
-  - ANSIBLE_VERSION=2.5.4
-  - ANSIBLE_VERSION=2.5.3
-  - ANSIBLE_VERSION=2.5.2
-  - ANSIBLE_VERSION=2.5.1
-  - ANSIBLE_VERSION=2.5.0
+
+jobs:
+  include:
+    - python: "3.8"
+      env: ANSIBLE_VERSION=latest ANSIBLE_LINT_VERSION=latest
+  exclude:
+    - python: "2.7"
+      env: ANSIBLE_VERSION=latest
+    - python: "2.7"
+      env: ANSIBLE_VERSION=2.10.2
+    - python: "2.7"
+      env: ANSIBLE_VERSION=2.10.1
 
 branches:
   only:
@@ -90,7 +69,14 @@ before_install:
 install:
   # Install Ansible.
   - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
-  - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
+  - >
+    if [ -n "$ANSIBLE_LINT_VERSION" ]; then
+      if [ "$ANSIBLE_LINT_VERSION" = "latest" ]; then
+        pip install ansible-lint;
+      else
+        pip install ansible-lint==$ANSIBLE_LINT_VERSION;
+      fi
+    fi
 
 script:
   # Check the role/playbook's syntax.
@@ -106,7 +92,10 @@ script:
     && (echo 'Idempotence test: pass' && exit 0)
     || (echo 'Idempotence test: fail' && exit 1)
 
-  - if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi
+  - >
+    if [ -n "$ANSIBLE_LINT_VERSION" ]; then
+      ansible-lint tests/test.yml;
+    fi
 
 notifications:
   email: false

diff --git a/Dockerfile b/Dockerfile
@@ -11,7 +11,7 @@ RUN rm -rf $HOME/.cache
 # ansible
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
   apt-get clean
-RUN pip install ansible==2.3.2.0
+RUN pip install ansible==2.9.15
 RUN rm -rf $HOME/.cache
 
 # provision

diff --git a/README.md b/README.md
@@ -15,44 +15,54 @@ None
  * `postfix_hostname` [default: `{{ ansible_fqdn }}`]: Host name, used for `myhostname` and in `mydestination`
  * `postfix_mailname` [default: `{{ ansible_fqdn }}`]: Mail name (in `/etc/mailname`), used for `myorigin`
 
+ * `postfix_compatibility_level` [optional]: With backwards compatibility turned on (the compatibility_level value is less than the Postfix built-in value), Postfix looks for settings that are left at their implicit default value, and logs a message when a backwards-compatible default setting is required (e.g. `2`, `Postfix >= 3.0`)
+
+ * `postfix_default_database_type` [default: `hash`]: The default database type for use in `newaliases`, `postalias` and `postmap` commands
  * `postfix_aliases` [default: `[]`]: Aliases to ensure present in `/etc/aliases`
  * `postfix_virtual_aliases` [default: `[]`]: Virtual aliases to ensure present in `/etc/postfix/virtual`
  * `postfix_sender_canonical_maps` [default: `[]`]: Sender address rewriting in `/etc/postfix/sender_canonical_maps` ([see](http://www.postfix.org/postconf.5.html#transport_maps))
+ * `postfix_sender_canonical_maps_database_type` [default: `"{{ postfix_default_database_type }}"`]: The database type for use in `postfix_sender_canonical_maps`
  * `postfix_recipient_canonical_maps` [default: `[]`]: Recipient address rewriting in `/etc/postfix/recipient_canonical_maps` ([see](http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps))
+ * `postfix_recipient_canonical_maps_database_type` [default: `"{{ postfix_default_database_type }}"`]: The database type for use in `postfix_recipient_canonical_maps`
  * `postfix_transport_maps` [default: `[]`]: Transport mapping based on recipient address `/etc/postfix/transport_maps` ([see](http://www.postfix.org/postconf.5.html#recipient_canonical_maps))
+ * `postfix_transport_maps_database_type` [default: `"{{ postfix_default_database_type }}"`]: The database type for use in `postfix_transport_maps`
  * `postfix_sender_dependent_relayhost_maps` [default: `[]`]: Transport mapping based on sender address `/etc/postfix/sender_dependent_relayhost_maps` ([see](http://www.postfix.org/postconf.5.html#recipient_canonical_maps))
  * `postfix_header_checks` [default: `[]`]: Lookup tables for content inspection of primary non-MIME message headers `/etc/postfix/header_checks` ([see](http://www.postfix.org/postconf.5.html#header_checks))
- * `postfix_generic:` [default: `[]`]: Generic table address mapping in `/etc/postfix/generic` ([see](http://www.postfix.org/generic.5.html))
+ * `postfix_header_checks_database_type` [default: `regexp`]: The database type for use in `header_checks`
+ * `postfix_generic` [default: `[]`]: Generic table address mapping in `/etc/postfix/generic` ([see](http://www.postfix.org/generic.5.html))
 
  * `postfix_mydestination` [default: `["{{ postfix_hostname }}", 'localdomain', 'localhost', 'localhost.localdomain']`]: Specifies what domains this machine will deliver locally, instead of forwarding to another machine
  * `postfix_mynetworks` [default: `['127.0.0.0/8', '[::ffff:127.0.0.0]/104', '[::1]/128']`]: The list of "trusted" remote SMTP clients that have more privileges than "strangers"
  * `postfix_inet_interfaces` [default: `all`]: Network interfaces to bind ([see](http://www.postfix.org/postconf.5.html#inet_interfaces))
  * `postfix_inet_protocols` [default: `all`]: The Internet protocols Postfix will attempt to use when making or accepting connections ([see](http://www.postfix.org/postconf.5.html#inet_protocols))
 
- * `postfix_relayhost` [default: `false` (no relay host)]: Hostname to relay all email to
+ * `postfix_relayhost` [default: `''` (no relay host)]: Hostname to relay all email to
  * `postfix_relayhost_mxlookup` [default: `false` (not using mx lookup)]: Lookup for MX record instead of A record for relayhost
  * `postfix_relayhost_port` [default: 587]: Relay port (on `postfix_relayhost`, if set)
  * `postfix_relaytls` [default: `false`]: Use TLS when sending with a relay host
 
+ * `postfix_smtpd_client_restrictions` [optional]: List of client restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_client_restrictions))
+ * `postfix_smtpd_helo_restrictions` [optional]: List of helo restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_helo_restrictions))
+ * `postfix_smtpd_sender_restrictions` [optional]: List of sender restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions))
+ * `postfix_smtpd_recipient_restrictions` [optional]: List of recipient restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions))
+ * `postfix_smtpd_relay_restrictions` [optional]: List of access restrictions for mail relay control ([see](http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions))
+ * `postfix_smtpd_data_restrictions` [optional]: List of data restrictions ([see](http://www.postfix.org/postconf.5.html#smtpd_data_restrictions))
+
  * `postfix_sasl_auth_enable` [default: `true`]: Enable SASL authentication in the SMTP client
  * `postfix_sasl_user` [default: `postmaster@{{ ansible_domain }}`]: SASL relay username
  * `postfix_sasl_password` [default: `k8+haga4@#pR`]: SASL relay password **Make sure to change!**
  * `postfix_sasl_security_options` [default: `noanonymous`]: SMTP client SASL security options
+ * `postfix_sasl_tls_security_option` [default: `noanonymous`]: SMTP client SASL TLS security options
  * `postfix_sasl_mechanism_filter` [default: `''`]: SMTP client SASL authentication mechanism filter ([see](http://www.postfix.org/postconf.5.html#smtp_sasl_mechanism_filter))
 
  * `postfix_smtp_tls_security_level` [default: `encrypt`]: The default SMTP TLS security level for the Postfix SMTP client ([see](http://www.postfix.org/postconf.5.html#smtp_tls_security_level))
  * `postfix_smtp_tls_note_starttls_offer` [default: `true`]: Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server ([see](http://www.postfix.org/postconf.5.html#smtp_tls_note_starttls_offer))
  * `postfix_smtp_tls_cafile` [optional]: A file containing CA certificates of root CAs trusted to sign either remote SMTP server certificates or intermediate CA certificates (e.g. `/etc/ssl/certs/ca-certificates.crt`)
 
- * `postfix_smtpd_relay_restrictions` [optional]: List of access restrictions for mail relay control ([see](http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions))
-
  * `postfix_smtpd_banner` [default: `$myhostname ESMTP $mail_name (Ubuntu)`]: Greeting banner **You MUST specify $myhostname at the start of the text. This is required by the SMTP protocol.**
  * `postfix_disable_vrfy_command` [default: `false`]: Disable the `SMTP VRFY` command. This stops some techniques used to harvest email addresses
  * `postfix_message_size_limit` [default: `10240000`]: The maximal size in bytes of a message, including envelope information
 
- * `postifx_header_checks_database_type` [default: `regexp`]: The database type for use in `header_checks`
- * `postfix_default_database_type` [default: `hash`]: The default database type for use in `newaliases`, `postalias` and `postmap` commands
-
  * `postfix_smtpd_tls_cert_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.pem`]: Path to certificate file
  * `postfix_smtpd_tls_key_file` [default: `/etc/ssl/certs/ssl-cert-snakeoil.key`]: Path to key file
 

diff --git a/Vagrantfile b/Vagrantfile
@@ -53,6 +53,13 @@ boxes = [
     :cpu => "50",
     :ram => "256"
   },
+  {
+    :name => "debian-10",
+    :box => "bento/debian-10",
+    :ip => '10.0.0.18',
+    :cpu => "50",
+    :ram => "256"
+  },
 ]
 
 Vagrant.configure("2") do |config|

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -10,16 +10,20 @@ postfix_install:
 postfix_hostname: "{{ ansible_fqdn }}"
 postfix_mailname: "{{ ansible_fqdn }}"
 
+postfix_default_database_type: hash
 postfix_aliases: []
 postfix_virtual_aliases: []
 postfix_sender_canonical_maps: []
+postfix_sender_canonical_maps_database_type: "{{ postfix_default_database_type }}"
 postfix_recipient_canonical_maps: []
+postfix_recipient_canonical_maps_database_type: "{{ postfix_default_database_type }}"
 postfix_transport_maps: []
+postfix_transport_maps_database_type: "{{ postfix_default_database_type }}"
 postfix_sender_dependent_relayhost_maps: []
 postfix_header_checks: []
 postfix_generic: []
 
-postfix_relayhost: false
+postfix_relayhost: ''
 postfix_relayhost_mxlookup: false
 postfix_relayhost_port: 587
 postfix_relaytls: false
@@ -28,6 +32,7 @@ postfix_sasl_auth_enable: true
 postfix_sasl_user: "postmaster@{{ ansible_domain }}"
 postfix_sasl_password: 'k8+haga4@#pR'
 postfix_sasl_security_options: noanonymous
+postfix_sasl_tls_security_options: noanonymous
 postfix_sasl_mechanism_filter: ''
 
 postfix_smtp_tls_security_level: encrypt
@@ -44,13 +49,11 @@ postfix_mynetworks:
   - 127.0.0.0/8
   - '[::ffff:127.0.0.0]/104'
   - '[::1]/128'
+
 postfix_smtpd_banner: '$myhostname ESMTP $mail_name (Ubuntu)'
 postfix_disable_vrfy_command: false
 postfix_message_size_limit: 10240000
 
-postifx_header_checks_database_type: regexp
-postfix_default_database_type: hash
-
 postfix_smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
 postfix_smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
 

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -2,27 +2,35 @@
 ---
 - name: new aliases
   command: newaliases
+  when: postfix_default_database_type != 'regexp'
 
 - name: new virtual aliases
   command: postmap {{ postfix_default_database_type }}:{{ postfix_virtual_aliases_file }}
+  when: postfix_default_database_type != 'regexp'
 
 - name: postmap sasl_passwd
-  command: postmap {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
+  command: postmap -p {{ postfix_default_database_type }}:{{ postfix_sasl_passwd_file }}
+  when: postfix_default_database_type != 'regexp'
 
 - name: postmap sender_canonical_maps
-  command: postmap {{ postfix_default_database_type }}:{{ postfix_sender_canonical_maps_file }}
+  command: postmap {{ postfix_sender_canonical_maps_database_type }}:{{ postfix_sender_canonical_maps_file }}
+  when: postfix_sender_canonical_maps_database_type != 'regexp'
 
 - name: postmap recipient_canonical_maps
-  command: postmap {{ postfix_default_database_type }}:{{ postfix_recipient_canonical_maps_file }}
+  command: postmap {{ postfix_recipient_canonical_maps_database_type }}:{{ postfix_recipient_canonical_maps_file }}
+  when: postfix_recipient_canonical_maps_database_type != 'regexp'
 
 - name: postmap transport_maps
-  command: postmap {{ postfix_default_database_type }}:{{ postfix_transport_maps_file }}
+  command: postmap {{ postfix_transport_maps_database_type }}:{{ postfix_transport_maps_file }}
+  when: postfix_transport_maps_database_type != 'regexp'
 
 - name: postmap sender_dependent_relayhost_maps
   command: postmap {{ postfix_default_database_type }}:{{ postfix_sender_dependent_relayhost_maps_file }}
+  when: postfix_default_database_type != 'regexp'
 
 - name: postmap generic
   command: postmap {{ postfix_default_database_type }}:{{ postfix_generic_file }}
+  when: postfix_default_database_type != 'regexp'
 
 - name: remove pid
   file:

diff --git a/meta/main.yml b/meta/main.yml
@@ -6,7 +6,7 @@ galaxy_info:
   company: Oefenweb.nl B.V.
   description: Set up a postfix server in Debian-like systems
   license: MIT
-  min_ansible_version: 2.5.0.0
+  min_ansible_version: 2.8.0
   platforms:
     - name: Ubuntu
       versions:
@@ -19,6 +19,7 @@ galaxy_info:
         - wheezy
         - jessie
         - stretch
+        - buster
   galaxy_tags:
     - system
     - web