make use of nginx proxy manager certificates

host_vars/mail.universe.local.yml

@@ -6,3 +6,4 @@ fetchmail: true
 mpop: true
 
 mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
+nginx_proxy_manager_cert_id: npm-1

roles/mailserver/tasks/configure_postfix.yml

@@ -50,12 +50,12 @@
     - {key: "smtpd_sasl_type", value: "dovecot"}
     - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
     - {key: "smtpd_tls_auth_only", value: "yes"}
-    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"}
+    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
     - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
     - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
     - {key: "smtpd_tls_eecdh_grade", value: "strong"}
     - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
-    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"}
+    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
     - {key: "smtpd_tls_loglevel", value: "1"}
     - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
     - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}

roles/mailserver/tasks/copy_certificates.yml

@@ -0,0 +1,3 @@
+- name: mailserver | certificates | scp from docker01
+  shell:
+    cmd: "rsync -rlptD docker01:/opt/docker/npm/letsencrypt /etc/"

roles/mailserver/tasks/main.yml

@@ -3,6 +3,8 @@
   tags: always
 
 - block:
+  - include_tasks: copy_certificates.yml
+
   - block:
     - include_tasks: install_postfix.yml
     - include_tasks: configure_postfix.yml