From cc7795c429a91015b24b60bd1150e98f5d5f985d Mon Sep 17 00:00:00 2001
From: Chris Coley <chris@codingallnight.com>
Date: Mon, 25 Jun 2018 00:21:01 -0700
Subject: [PATCH] Refactor the lookup tables to be more flexible

Instead of provisioning the main.cf file from a template, we now modify the
existing file. This makes it easier to support multiple operating systems and
Postfix versions.

Also, all of the variables that were being used by the main.cf template have
been replaced with a single dictionary that defines properties and the desired
value. This means that we don't have to define all the default values, and only
have to define the specific non-default values necessary.
---
 defaults/main.yml | 36 +++++++++++-------------------------
 tasks/main.yml    | 33 ++++++++++++++++++++++++---------
 2 files changed, 35 insertions(+), 34 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index d26ce0b..64a6f3e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -24,31 +24,17 @@ postfix__tables:
   sasl_passwd: {}
   transport: {}
 
+# This dictionary is used to add or modify lines in the main.cf file. Each key
+# corresponds to a parameter in main.cf, and the value is what the parameter
+# should be set to. If the parameter already exists in the file, then that line
+# will be replaced. Otherwise, a new line will be added at the end of the file.
+postfix__main_cf: {}
+# This dictionary holds the default configuration for main.cf and all of its
+# keys can overridden in the postfix__main_cf dictionary.
+postfix__main_cf_default:
+  smtp_tls_security_level: may
+  smtp_sasl_password_maps: 'hash:/etc/postfix/sasl_passwd'
+  transport_maps: 'hash:/etc/postfix/transport'
 
-
-# Default variables for the main.cf template. These are always included.
-postfix__myorigin:
-postfix__smtpd_banner: '$myhostname ESMTP $mail_name ({{ ansible_distribution }})'
-postfix__biff: no
-postfix__append_dot_mydomain: no
-postfix__generate_delayed_mail_warnings: no
-postfix__delay_warning_time: 4h
-postfix__readme_directory: no
-postfix__smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
-postfix__smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
-postfix__smtpd_use_tls: yes
-postfix__smtpd_tls_session_cache_database: 'btree:${data_directory}/smtpd_scache'
-postfix__smtp_tls_session_cache_database: 'btree:${data_directory}/smtp_scache'
-postfix__smtpd_relay_restrictions: permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-postfix__myhostname: '{{ ansible_hostname | d() }}'
-postfix__alias_maps: 'hash:/etc/aliases'
-postfix__alias_database: 'hash:/etc/aliases'
-postfix__mydestination: '$myhostname, localhost.localdomain, localhost'
-postfix__relayhost:
-postfix__mynetworks: '127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128'
-postfix__mailbox_size_limit: 0
-postfix__recipient_delimiter: '+'
-postfix__inet_interfaces: all
-postfix__inet_protocols: all
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml:
diff --git a/tasks/main.yml b/tasks/main.yml
index a339487..b74e905 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,15 +9,6 @@
     - tasks/install-postfix.{{ ansible_distribution | lower }}.yml
     - tasks/install-postfix.{{ ansible_os_family | lower }}.yml
 
-- name: Generate Postfix 'main.cf' configuration
-  template:
-    src: templates/main.cf.j2
-    dest: /etc/postfix/main.cf
-    owner: root
-    group: root
-    mode: 0644
-  notify: ['reload postfix']
-
 - name: Place the Postfix makefile
   template:
     src: templates/Makefile.j2
@@ -47,5 +38,29 @@
   vars:
     table: '{{ postfix__tables.transport }}'
   notify: ['make postfix transport.db']
+
+- name: Mark the 'main.cf' file as being managed by Ansible
+  lineinfile:
+    path: /etc/postfix/main.cf
+    insertbefore: BOF
+    state: present
+    line: "# This file is managed by Ansible, changes will be overwritten\n"
+    regexp: '^# This file is managed by Ansible'
+
+- name: Merge the main_cf dictionaries
+  set_fact:
+    __postfix__main_cf_merged: '{{ postfix__main_cf_default | combine(postfix__main_cf, recursive=True) }}'
+
+#- debug:
+#    var: __postfix__main_cf_merged
+
+- name: Configure the Postfix 'main.cf' file
+  lineinfile:
+    path: /etc/postfix/main.cf
+    line: '{{ item.key }} = {{ item.value }}'
+    regexp: '^\s*{{ item.key }}\s*='
+    state: present
+  with_dict: '{{ __postfix__main_cf_merged }}'
+  notify: ['reload postfix']
 ...
 # vi: set ts=2 sts=2 sw=2 et ft=yaml: 
-- 
GitLab