Ansible Role - Proxmox Mail Gateway

This role helps you install the Proxmox Mail Gateway on a Linux server.

Tested On:

• Debian 11

Installation

To install the role, you can use the following commands:

# Install the latest version
ansible-galaxy role install git+https://github.com/ansibleguy/sw_proxmox_mail_gw

# Install from Ansible Galaxy
ansible-galaxy install ansibleguy.sw_proxmox_mail_gw

# Install to a custom role path
ansible-galaxy install ansibleguy.sw_proxmox_mail_gw --roles-path ./roles

# Install required dependencies
ansible-galaxy install -r requirements.yml

Prerequisites

Check the Prerequisites for setup.

Usage

For a simple Ansible GUI option, visit my Ansible WebUI.

Config Settings

Configure as needed with this YAML:

pmg:
  fqdn: 'pmg.template.ansibleguy.net'  # your server's public DNS hostname

  manage:
    webserver: true  # use false to turn off nginx

  nginx:  # web server settings => see: https://github.com/ansibleguy/infra_nginx
    aliases: ['mail-gw.ansibleguy.net']  # additional domains for the certificate
    ssl:
      mode: 'letsencrypt'  # or selfsigned/ca
      # For 'selfsigned' or 'ca', specify cert details:
      # cert:
      #   cn: 'Proxmox Mail Gateway'
      #   org: 'AnsibleGuy'
      #   email: '[email protected]'
    letsencrypt:
      email: '[email protected]'

Minimum Example:

pmg:
  fqdn: 'pmg.template.ansibleguy.net'

Example with built-in ACME:

pmg:
  fqdn: 'pmg.template.ansibleguy.net'

  nginx:
    aliases: ['mail-gw.ansibleguy.net']
    plain_site: false  # nginx won't bind to port 80
    letsencrypt:
      email: '[email protected]'

Example if setting up PostgreSQL manually:

pmg:
  fqdn: 'pmg.template.ansibleguy.net'

  manage:
    database: false

You can use 'ansible-vault' to encrypt your passwords:

ansible-vault encrypt_string

Running the Playbook

Execute the playbook using:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml

For debugging, you can set a 'debug' variable while running:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes

Features

• Package Installation

  • Installs essential Ansible packages
  • Systemd
  • Proxmox Mail Gateway
  • PMG dependencies including PostgreSQL and Postfix

• Configuration Options

  • Default PostgreSQL installation
  • Default uses Nginx (with this role)
  • Does not include enterprise apt-repository (requires subscription)

Notes

• Warning: If you use a dedicated VM for this setup, it's better to use the ISO installation process for better support.

• Currently, this role only works with Debian-based systems.

• Most functionalities in the role can be turned on or off. For details, see the default configuration in the main defaults file.

• Caution: Not all configuration settings will be checked for correctness. Poor configurations may cause issues.

• Note: If you want to use built-in ACME certificate management with nginx, ensure 'nginx.plain_site' is set to 'false' because it needs port 80 to be free.

• Check out Proxmox's documentation.

• Warning: Docker containers are not supported.

• PMG's default web interface login uses PAM/system users, typically starting with 'root'.