gpg-lacre/tasks/daemon.yml

---

- name: '[Lacre Daemon] - Deploy systemd config'
  template:
    src: etc/systemd/system/lacre.service.j2
    dest: /etc/systemd/system/lacre.service
    owner: root
    group: root
    mode: 0644
  register: lacre_systemd

- name: '[Lacre Daemon] - Enable systemd config'
  systemd:
    name: lacre
    enabled: yes
    daemon_reload: yes
  notify:
    restart lacre


- name: '[LACRE] - Add lacre daemon to postfix'
  blockinfile:
    dest: '/etc/postfix/master.cf'
    backup: yes
    marker: '# {mark} LACRE config block (Ansible)'
    block: |
      lacre     unix    -       -       -       -       -       smtp
        -o smtp_tls_security_level=none

      127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o smtpd_tls_security_level=none
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters      
  when: lacre_postfix_daemon == 'true'

- name: '[LACRE] - Replace content_filter setting in postfix'
  replace:
    path: '/etc/postfix/main.cf'
    regexp: 'content_filter = .*'
    replace: 'content_filter = {{ lacre_content_filter }}'
  when: lacre_set_content_filter == 'true'