Add MTA-STS configuration

tasks/main.yml

@@ -28,6 +28,11 @@
   ansible.builtin.import_tasks: tls-helper.yml
   tags: tls-helper
 
+- name: MTA-STS
+  ansible.builtin.import_tasks: mta-sts.yml
+  tags: mta-sts
+  loop: "{{ postfix_domains }}"
+
 - name: Hostname
   ansible.builtin.import_tasks: hostname.yml
   tags: hostname

tasks/mta-sts.yml

@@ -0,0 +1,31 @@
+---
+- name: "MTA-STS | Copy file"
+  ansible.builtin.template:
+    src: nginx/mta-sts.txt.j2
+    dest: /var/www/html/mta-sts.txt
+    mode: "0644"
+
+- name: "MTA-STS | Get certificate"
+  ansible.builtin.lineinfile:
+    path: /etc/dehydrated/domains.txt
+    line: "mta-sts.{{ item.name }}"
+  when: "'dehydrated' in ansible_facts.packages and item.mta-sts is defined and item.mta-sts"
+  loop: "{{ postfix_domains }}"
+  notify: Get certificate
+
+- name: "MTA-STS | Copy Nginx configuration"
+  ansible.builtin.template:
+    src: nginx/nginx-mta-sts.j2
+    dest: "/etc/nginx/sites-available/mta-sts.{{ item.name }}"
+    mode: "0644"
+  when: item.mta-sts is defined and item.mta-sts
+  loop: "{{ postfix_domains }}"
+
+- name: "MTA-STS | Enable Nginx configuration"
+  ansible.builtin.file:
+    src: "/etc/nginx/sites-available/mta-sts.{{ item.name }}"
+    dest: "/etc/nginx/sites-enabled/mta-sts.{{ item.name }}"
+    state: link
+  when: item.mta-sts is defined and item.mta-sts
+  loop: "{{ postfix_domains }}"
+  notify: reload nginx