Premier commit

roles/postfix/README.md

@@ -0,0 +1,12 @@
+# PostFix
+
+On va désormais s'occuper de l'installation de PostFix qui permettra l'envoi de notifications lors de problèmes sur certains services des machines.
+
+On installe postfix et mailutils, on indique dans les différents fichiers de conf le mot de passe de l'adresse mail et l'adresse mail a qui envoyer les notifications.
+
+**ATTENTION: Il faut activer les applications moins sécurisées sur le compte gmail**
+
+Compte gmail pour les notifications:    id: nagios.gsb22@gmail.com
+                                        mdp: Azerty1+
+
+Suivre ce tuto: [Lien](https://vulgumtechus.com/Autoriser_les_applications_moins_s%C3%A9curis%C3%A9es_%C3%A0_acc%C3%A9der_%C3%A0_Gmail)

roles/postfix/files/sasl_passwd

@@ -0,0 +1 @@
+[smtp.gmail.com]:587	anthony.arnoux22@gmail.com:gndtfomdkxnmcdft

roles/postfix/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+  - name: restart postfix
+    service: 
+      name: postfix 
+      state: restarted
+      enabled: yes

roles/postfix/tasks/main.yml

@@ -0,0 +1,87 @@
+- name: Installation de postfix et de mailutils
+  tags: install postfix
+  apt:
+    name:
+      - postfix
+      - mailutils
+      - libsasl2-modules
+    state: latest
+
+- name: Copie du fichier sasl_passwd
+  tags: sasl_passwd
+  copy:
+    src: sasl_passwd
+    dest: /etc/postfix/sasl/
+
+- name: ajout relay host gmail
+  tags: postfix
+  replace:
+    path: /etc/postfix/main.cf
+    regexp: '^relayhost ='
+    replace: 'relayhost = [smtp.gmail.com]:587'
+  notify: restart postfix
+
+- name: ajout lignes conf postfix
+  tags: postfix
+  blockinfile:
+    path: /etc/postfix/main.cf
+    block: |
+      #TLS 
+      smtp_use_tls = yes
+      #SASL
+      smtp_sasl_auth_enable = yes
+      #pas d auth anonyme
+      smtp_sasl_security_options = noanonymous
+      #chemin sasl_passwd
+      smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
+      #chemin certificats CA
+      smtp_tls_CAfile = /etc/postfix/cacert.pem
+  notify: restart postfix
+
+#- name: Copie du fichier main.cf
+#  tags: main.cf
+#  template:
+#    src: main.cf.j2
+#    dest: /etc/postfix.main.cf
+
+
+- name: Commande postmap identifiants
+  tags: postmap
+  command: postmap /etc/postfix/sasl/sasl_passwd
+  notify: restart postfix
+
+- name: Ensure directory exists for local self-signed TLS certs.
+  file:
+    path: /etc/ssl/certs/postfix
+    state: directory
+
+- name: Generate an OpenSSL private key
+  community.crypto.openssl_privatekey:
+    path: /etc/ssl/certs/postfix/privkey.pem
+
+- name: Generate an OpenSSL CSR
+  community.crypto.openssl_csr:
+    path: /etc/ssl/certs/postfix/postfix.csr
+    privatekey_path: /etc/ssl/certs/postfix/privkey.pem
+    common_name: "GSB2023.LAN"
+
+- name: Generate a Self Signed OpenSSL certificate.
+  community.crypto.x509_certificate:
+    path: /etc/ssl/certs/postfix/fullchain.pem
+    privatekey_path: /etc/ssl/certs/postfix/privkey.pem
+    csr_path: /etc/ssl/certs/postfix/postfix.csr
+    provider: selfsigned
+
+- name: Copy certificate preserve owner and permissions to be used with postfix
+  copy:
+    remote_src: true
+    src: /etc/ssl/certs/postfix/fullchain.pem
+    dest: /etc/postfix/cacert.pem
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart postfix
+
+- name: message d'information pour gmail
+  tags: msg2
+  debug: msg="Il faut activer les applications moins sécurisées sur le compte google"

roles/postfix/templates/main.cf.j2

@@ -0,0 +1,10 @@
+#On active l'authentification SASL
+smtp_sasl_auth_enable=yes
+#Les méthodes pour l'authenfication anonyme
+smtp_sasl_security_options=noanonymous
+#Le chemin de sasl_passwd
+smtp_sasl_password_maps=hash:/etc/postfix/sasl/sasl_passwd
+#On active le cryptage STARTTLS
+smtp_tls_security_level=encrypt
+#Chemin des certificats CA
+smtp_tls_CAfile=/etc/ssl/certs/ca-certificate.crt