From a31a5b71d010671fec89109a803763557ed5f36f Mon Sep 17 00:00:00 2001
From: nqb <nqb+git@azyx.fr>
Date: Mon, 12 Jul 2021 07:09:44 +0200
Subject: [PATCH] permit to manage mail differently

---
 defaults/main.yml |  1 +
 tasks/mail.yml    | 27 +++++++++++++++++++++++++++
 tasks/main.yml    | 30 +++---------------------------
 3 files changed, 31 insertions(+), 27 deletions(-)
 create mode 100644 tasks/mail.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index faa0c32..c416f45 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+server_security__manage_mail: 'enabled'
 default_maintenance_email: "maintenance@example.org"
 default_smtp_server: "smtp.example.org"
 default_sshd_port: 10022
diff --git a/tasks/mail.yml b/tasks/mail.yml
new file mode 100644
index 0000000..07b19e5
--- /dev/null
+++ b/tasks/mail.yml
@@ -0,0 +1,27 @@
+---
+- name: remove mail packages not necessary
+  apt:
+    name: [bsd-mailx mailutils postfix]
+    autoremove: true
+    state: absent
+  when: ansible_os_family == "Debian"
+
+- name: check that ssmtp is installed
+  package: name=ssmtp state=present
+
+- name: Check that sendmail redirects to ssmtp
+  file:
+    src: ssmtp
+    dest: /usr/sbin/sendmail
+    force: true
+    owner: root
+    group: mail
+    state: link
+
+- name: configuration file for ssmtp
+  template:
+    src: ssmtp.conf.j2
+    dest: /etc/ssmtp/ssmtp.conf
+    owner: root
+    group: mail
+    mode: '0640'
diff --git a/tasks/main.yml b/tasks/main.yml
index 33c59ca..3ae61e6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,14 +1,7 @@
 ---
-
-- name: remove mail packages not necessary
-  apt:
-    name: [bsd-mailx mailutils postfix]
-    autoremove: true
-    state: absent
-  when: ansible_os_family == "Debian"
-
-- name: check that ssmtp is installed
-  package: name=ssmtp state=present
+- name: import mail tasks
+  import_tasks: mail.yml
+  when: server_security__manage_mail == 'enabled'
 
 - name: install fail2ban, iptables-persistent and auditd
   package:
@@ -30,15 +23,6 @@
     state: present
   when: ansible_check_mode
 
-- name: Check that sendmail redirects to ssmtp
-  file:
-    src: ssmtp
-    dest: /usr/sbin/sendmail
-    force: true
-    owner: root
-    group: mail
-    state: link
-
 - name: make fail2ban persistent
   service: name=fail2ban enabled=yes state=started
 
@@ -136,11 +120,3 @@
     group: root
     mode: '0640'
   notify: restart auditd
-
-- name: configuration file for ssmtp
-  template:
-    src: ssmtp.conf.j2
-    dest: /etc/ssmtp/ssmtp.conf
-    owner: root
-    group: mail
-    mode: '0640'
-- 
GitLab