Restrict access rights for credential file

2023-06-14 17:59:44 +02:00 · 2023-06-14 17:59:44 +02:00 · fb7718ee0f
parent 732d4ccabb
commit fb7718ee0f
1 changed files with 21 additions and 20 deletions
--- a/tasks/postfix.yml
+++ b/tasks/postfix.yml
@ -32,27 +32,28 @@

 - name: "Postfix | Copy lookup tables from templates"
  ansible.builtin.template:
-    src: "postfix/conf.d/{{ item }}.j2"
-    dest: "{{ postfix_conf_dir }}/{{ item }}"
-    mode: "0644"
+    src: "postfix/conf.d/{{ item.name }}.j2"
+    dest: "{{ postfix_conf_dir }}/{{ item.name }}"
+    mode: "{{ item.mode | default(0644) }}"
  loop:
-    - bad_smtp_auth_users
-    - bogus_mx
-    - canonical
-    - client_checks
-    - destination_limit
-    - header_add
-    - header_treatment
-    - helo_checks
-    - permit_sasl_login_mismatch
-    - postscreen_access
-    - relay_by_sender
-    - relay_checks
-    - sender_canonical
-    - sender_checks
-    - smtp_sasl_auth_password
-    - transport_global_exceptions
-    - transport_relay
+    - name: bad_smtp_auth_users
+    - name: bogus_mx
+    - name: canonical
+    - name: client_checks
+    - name: destination_limit
+    - name: header_add
+    - name: header_treatment
+    - name: helo_checks
+    - name: permit_sasl_login_mismatch
+    - name: postscreen_access
+    - name: relay_by_sender
+    - name: relay_checks
+    - name: sender_canonical
+    - name: sender_checks
+    - name: smtp_sasl_auth_password
+      mode: "0600"
+    - name: transport_global_exceptions
+    - name: transport_relay
  notify: reload postfix

 - name: "Postfix | Run postmap"