diff --git a/README.md b/README.md index 3037de4f16f676087b3bf46f0c91a2e809a71ea7..e0a5b384c8c50ed2b0e50b62b8584ad16ffe77e4 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ Other variables that are used in this role (with default values in defaults/main * logstash_port : port on which logstash server is listening for log collection (defaults to 5044) * logstash_public_ip : logstash public ip address for log collection (defaults to 127.0.0.1) * private_pull : whether a scheduled pulling of files via SFTP is to be performed on server (defaults to false) +* `server_security__manage_mail`: manage e-mails with `ssmtp` (default to ̀€enabled`) Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index faa0c3221eb20ce18d94fcdb5ec4f455c68a3658..c416f4598dae184296d7b8967f345efe37da9939 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,5 @@ --- +server_security__manage_mail: 'enabled' default_maintenance_email: "maintenance@example.org" default_smtp_server: "smtp.example.org" default_sshd_port: 10022 diff --git a/tasks/mail.yml b/tasks/mail.yml new file mode 100644 index 0000000000000000000000000000000000000000..07b19e59c15af977bd3a5896bd8819a7730d5bbb --- /dev/null +++ b/tasks/mail.yml @@ -0,0 +1,27 @@ +--- +- name: remove mail packages not necessary + apt: + name: [bsd-mailx mailutils postfix] + autoremove: true + state: absent + when: ansible_os_family == "Debian" + +- name: check that ssmtp is installed + package: name=ssmtp state=present + +- name: Check that sendmail redirects to ssmtp + file: + src: ssmtp + dest: /usr/sbin/sendmail + force: true + owner: root + group: mail + state: link + +- name: configuration file for ssmtp + template: + src: ssmtp.conf.j2 + dest: /etc/ssmtp/ssmtp.conf + owner: root + group: mail + mode: '0640' diff --git a/tasks/main.yml b/tasks/main.yml index 33c59ca3e4ab74170261749a902fcf15ca19288b..3ae61e633932dead57eb2951bcd0b00495f012aa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,14 +1,7 @@ --- - -- name: remove mail packages not necessary - apt: - name: [bsd-mailx mailutils postfix] - autoremove: true - state: absent - when: ansible_os_family == "Debian" - -- name: check that ssmtp is installed - package: name=ssmtp state=present +- name: import mail tasks + import_tasks: mail.yml + when: server_security__manage_mail == 'enabled' - name: install fail2ban, iptables-persistent and auditd package: @@ -30,15 +23,6 @@ state: present when: ansible_check_mode -- name: Check that sendmail redirects to ssmtp - file: - src: ssmtp - dest: /usr/sbin/sendmail - force: true - owner: root - group: mail - state: link - - name: make fail2ban persistent service: name=fail2ban enabled=yes state=started @@ -136,11 +120,3 @@ group: root mode: '0640' notify: restart auditd - -- name: configuration file for ssmtp - template: - src: ssmtp.conf.j2 - dest: /etc/ssmtp/ssmtp.conf - owner: root - group: mail - mode: '0640'