It was unclear where do to the commands. Not everyone will know ansible should not be run from the server. Also, the "optional" passwordless option was not actually optional, given how this was written.
Fix mail_virtual_domains config reading in opendkim
without this change it fails on ansible(2.2.0.0) with the following message:
TASK [mailserver : Generate OpenDKIM keys] *************************************
fatal: [sovereign.host]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'unicode object' has no attribute 'name'\n\nThe error appears to have been in '/Users/nfedyashev/Projects/sovereign/roles/mailserver/tasks/opendkim.yml': line 19, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Generate OpenDKIM keys\n ^ here\n"}
Newer versions of Ansible complain when using bare variables like
`mail_virtual_users` and prefer the newer `'{{ mail_virtual_users }}'`
syntax.
Noticed the depreciation warning with Ansible version 2.1.2.0.
The directory `/decrypted/roundcube` is not writeable by the user
`www-data`. This leads to "unable to connect to the database" errors
from roundcube on new installs. This patch corrects the problem.
Use a Unix socket instead of a TCP socket as a Unix socket doesn't play nicely with postfix running
smtpd in a chroot. The author of rmilter recommends using a TCP socket per
https://github.com/vstakhov/rmilter/issues/39
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.