Merge branch 'feature/enable-disable-ssmtp-mgmt' into 'master'

Permit to manage mail differently See merge request !1

Merge branch 'feature/enable-disable-ssmtp-mgmt' into 'master'
603dde1a · Rémi - Le Filament · d3211923 · 83176814 · 603dde1a · 603dde1a
Commit 603dde1a authored 3 years ago by Rémi - Le Filament
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ Other variables that are used in this role (with default values in defaults/main
 * logstash_port : port on which logstash server is listening for log collection (defaults to 5044)
 * logstash_public_ip : logstash public ip address for log collection (defaults to 127.0.0.1)
 * private_pull : whether a scheduled pulling of files via SFTP is to be performed on server (defaults to false)
+* `server_security__manage_mail`: manage e-mails with `ssmtp` (default to ̀enabled`)


 Dependencies

--- a/defaults/main.yml
+++ b/defaults/main.yml
 ---
+server_security__manage_mail: 'enabled'
 default_maintenance_email: "maintenance@example.org"
 default_smtp_server: "smtp.example.org"
 default_sshd_port: 10022

--- a/tasks/mail.yml
+++ b/tasks/mail.yml
+---
+- name: remove mail packages not necessary
+  apt:
+    name: [bsd-mailx mailutils postfix]
+    autoremove: true
+    state: absent
+  when: ansible_os_family == "Debian"
+
+- name: check that ssmtp is installed
+  package: name=ssmtp state=present
+
+- name: Check that sendmail redirects to ssmtp
+  file:
+    src: ssmtp
+    dest: /usr/sbin/sendmail
+    force: true
+    owner: root
+    group: mail
+    state: link
+
+- name: configuration file for ssmtp
+  template:
+    src: ssmtp.conf.j2
+    dest: /etc/ssmtp/ssmtp.conf
+    owner: root
+    group: mail
+    mode: '0640'
--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
-
- name: remove mail packages not necessary
-  apt:
-    name: [bsd-mailx mailutils postfix]
-    autoremove: true
-    state: absent
-  when: ansible_os_family == "Debian"
-
- name: check that ssmtp is installed
-  package: name=ssmtp state=present
+- name: import mail tasks
+  import_tasks: mail.yml
+  when: server_security__manage_mail == 'enabled'

 - name: install fail2ban, iptables-persistent and auditd
  package:
@@ -30,15 +23,6 @@
    state: present
  when: ansible_check_mode

- name: Check that sendmail redirects to ssmtp
-  file:
-    src: ssmtp
-    dest: /usr/sbin/sendmail
-    force: true
-    owner: root
-    group: mail
-    state: link
-
 - name: make fail2ban persistent
  service: name=fail2ban enabled=yes state=started

@@ -136,11 +120,3 @@
    group: root
    mode: '0640'
  notify: restart auditd
-
- name: configuration file for ssmtp
-  template:
-    src: ssmtp.conf.j2
-    dest: /etc/ssmtp/ssmtp.conf
-    owner: root
-    group: mail
-    mode: '0640'