From 2822944c950c8f174a0fa587b4f6cda0380b2696 Mon Sep 17 00:00:00 2001 From: Anthony Arnoux Date: Thu, 12 Jan 2023 11:57:09 +0100 Subject: [PATCH] postfix ok et template mail nagios --- roles/nagios/defaults/main.yml | 1 + roles/nagios/templates/contacts.cfg.j2 | 2 +- roles/postfix/files/sasl_passwd | 3 +- roles/postfix/tasks/main.yml | 73 +++++++++++++++++++++++--- 4 files changed, 69 insertions(+), 10 deletions(-) create mode 100644 roles/nagios/defaults/main.yml diff --git a/roles/nagios/defaults/main.yml b/roles/nagios/defaults/main.yml new file mode 100644 index 0000000..dbba2a8 --- /dev/null +++ b/roles/nagios/defaults/main.yml @@ -0,0 +1 @@ +MAIL_DEST: "anthony.arnoux@protonmail.ch" \ No newline at end of file diff --git a/roles/nagios/templates/contacts.cfg.j2 b/roles/nagios/templates/contacts.cfg.j2 index a0d7984..8324df3 100644 --- a/roles/nagios/templates/contacts.cfg.j2 +++ b/roles/nagios/templates/contacts.cfg.j2 @@ -35,7 +35,7 @@ define contact { host_notification_options d,r service_notification_commands notify-service-by-email host_notification_commands notify-host-by-email - email nagios.gsb22@gmail.com + email {{ MAIL_DEST }} } diff --git a/roles/postfix/files/sasl_passwd b/roles/postfix/files/sasl_passwd index 861c6a3..1273da3 100644 --- a/roles/postfix/files/sasl_passwd +++ b/roles/postfix/files/sasl_passwd @@ -1,2 +1 @@ -[smtp.gmail.com]:587 nagios.gsb22@gmail.com:Azerty1+ -chmod 600 /etc/postfix/sasl_passwd +[smtp.gmail.com]:587 anthony.arnoux22@gmail.com:gndtfomdkxnmcdft diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index e1c6fe8..28edf7b 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -4,6 +4,7 @@ name: - postfix - mailutils + - libsasl2-modules state: latest - name: Copie du fichier sasl_passwd @@ -12,17 +13,75 @@ src: sasl_passwd dest: /etc/postfix/sasl/ -- name: Copie du fichier main.cf - tags: main.cf - template: - src: main.cf.j2 - dest: /etc/postfix.main.cf +- name: ajout relay host gmail + tags: postfix + replace: + path: /etc/postfix/main.cf + regexp: '^relayhost =' + replace: 'relayhost = [smtp.gmail.com]:587' + notify: restart postfix -- name: Commande postmap +- name: ajout lignes conf postfix + tags: postfix + blockinfile: + path: /etc/postfix/main.cf + block: | + #TLS + smtp_use_tls = yes + #SASL + smtp_sasl_auth_enable = yes + #pas d auth anonyme + smtp_sasl_security_options = noanonymous + #chemin sasl_passwd + smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd + #chemin certificats CA + smtp_tls_CAfile = /etc/postfix/cacert.pem + notify: restart postfix + +#- name: Copie du fichier main.cf +# tags: main.cf +# template: +# src: main.cf.j2 +# dest: /etc/postfix.main.cf + + +- name: Commande postmap identifiants tags: postmap command: postmap /etc/postfix/sasl/sasl_passwd notify: restart postfix +- name: Ensure directory exists for local self-signed TLS certs. + file: + path: /etc/ssl/certs/postfix + state: directory + +- name: Generate an OpenSSL private key + community.crypto.openssl_privatekey: + path: /etc/ssl/certs/postfix/privkey.pem + +- name: Generate an OpenSSL CSR + community.crypto.openssl_csr: + path: /etc/ssl/certs/postfix/postfix.csr + privatekey_path: /etc/ssl/certs/postfix/privkey.pem + common_name: "GSB2023.LAN" + +- name: Generate a Self Signed OpenSSL certificate. + community.crypto.x509_certificate: + path: /etc/ssl/certs/postfix/fullchain.pem + privatekey_path: /etc/ssl/certs/postfix/privkey.pem + csr_path: /etc/ssl/certs/postfix/postfix.csr + provider: selfsigned + +- name: Copy certificate preserve owner and permissions to be used with postfix + copy: + remote_src: true + src: /etc/ssl/certs/postfix/fullchain.pem + dest: /etc/postfix/cacert.pem + owner: root + group: root + mode: '0644' + notify: restart postfix + - name: message d'information pour gmail tags: msg2 - debug: msg="Il faut activer les applications moins sécurisées sur le compte google" \ No newline at end of file + debug: msg="Il faut activer les applications moins sécurisées sur le compte google"