diff --git a/tasks/apt.yml b/tasks/apt.yml index 3b51b2e..d65ee34 100644 --- a/tasks/apt.yml +++ b/tasks/apt.yml @@ -3,6 +3,12 @@ apt_key: id="{{ item.id }}" url="{{ item.url }}" file="{{ item.file }}" state="{{ item.state }}" with_items: "{{ common_apt_keys }}" +- name: apt - remove /etc/apt/sources.list.d/* + file: path=/etc/apt/sources.list.d/* state=absent + +- name: apt - add /etc/apt/sources.list.d/ + file: path=/etc/apt/sources.list.d/ state=directory owner=root group=root mode=0755 + - name: apt - add repositories apt_repository: repo="{{ item }}" update_cache=yes with_items: "{{ common_apt_repositories }}" diff --git a/tasks/hostname.yml b/tasks/hostname.yml index 6f478c3..40e0238 100644 --- a/tasks/hostname.yml +++ b/tasks/hostname.yml @@ -12,7 +12,6 @@ group: root mode: 0644 backup: yes - state: file - name: /etc/hosts template: diff --git a/tasks/openssh.yml b/tasks/openssh.yml index c17492f..a52a4ff 100644 --- a/tasks/openssh.yml +++ b/tasks/openssh.yml @@ -20,3 +20,6 @@ authorized_key: user="root" key="{{ common_openssh_keys_root | join("\n") }}" exclusive=yes when: common_openssh_keys_root tags: 'ssh-keys' + +- name: openssh - truncate /etc/motd + copy: dest=/etc/motd content='' force=yes diff --git a/templates/postfix/master.cf.j2 b/templates/postfix/master.cf.j2 index 5f46329..f3ce40a 100644 --- a/templates/postfix/master.cf.j2 +++ b/templates/postfix/master.cf.j2 @@ -1,20 +1,21 @@ # {{ansible_managed}} # # Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master"). +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (yes) (never) (100) +# (yes) (yes) (no) (never) (100) # ========================================================================== -smtp inet n - - - - smtpd -#smtp inet n - - - 1 postscreen -#smtpd pass - - - - - smtpd -#dnsblog unix - - - - 0 dnsblog -#tlsproxy unix - - - - 0 tlsproxy -#submission inet n - - - - smtpd +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes @@ -22,9 +23,10 @@ smtp inet n - - - - smtpd # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - - - - smtpd +#smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes @@ -32,34 +34,35 @@ smtp inet n - - - - smtpd # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#628 inet n - - - - qmqpd -pickup unix n - - 60 1 pickup -cleanup unix n - - - 0 cleanup +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - - 1000? 1 tlsmgr -rewrite unix - - - - - trivial-rewrite -bounce unix - - - - 0 bounce -defer unix - - - - 0 bounce -trace unix - - - - 0 bounce -verify unix - - - - 1 verify -flush unix n - - 1000? 0 flush +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - - - - smtp -relay unix - - - - - smtp +smtp unix - - y - - smtp +relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - - - - showq -error unix - - - - - error -retry unix - - - - - error -discard unix - - - - - discard +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual -lmtp unix - - - - - lmtp -anvil unix - - - - 1 anvil -scache unix - - - - 1 scache +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual