s3lph/ansible-collection-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: migrate to forgejo actions, major ansible-lint refactor

Browse source
This commit is contained in:
s3lph 2025-02-15 21:29:09 +01:00
parent bd2722e9b1
commit 8ab1725145
75 changed files with 542 additions and 446 deletions

6
.ansible-lint Normal file
View file

@ -0,0 +1,6 @@
---
skip_list:
- galaxy[no-changelog]
- galaxy[version-incorrect]
- var-naming[no-role-prefix]

29
.forgejo/workflows/ansible-galaxy.yml Normal file
View file

@ -0,0 +1,29 @@
---
name: Ansible Galaxy
on: # noqa yaml[truthy]
push:
tags:
- 'v*'
jobs:
deploy:
runs-on: docker
steps:
- uses: actions/checkout@v4
- name: Set version in galaxy.yml
run: |
VERSION=${GITHUB_REF#refs/tags/v}
sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml
- name: Upload collection to Ansible Galaxy
env:
GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
run: |
apt update; apt install --yes python3-pip
pip3 install --break-system-packages ansible
ansible-galaxy collection build
ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-mailserver*tar.gz

17
.forgejo/workflows/ansible-lint.yml Normal file
View file

@ -0,0 +1,17 @@
---
name: Ansible Lint
on: [push, pull_request] # noqa yaml[truthy]
jobs:
build:
runs-on: docker
steps:
- uses: actions/checkout@v4
- run: |
apt update; apt install --yes python3-pip
pip3 install --break-system-packages ansible-lint
ansible-lint

11
.gitlab-ci.yml
View file

@ -1,11 +0,0 @@
---
image: docker.io/yokogawa/ansible-lint@sha256:2603476e7f8c111bdf4a186d84a077c156bc3d12d07cc1c632adc9949d4f0b9d
stages:
- test
lint:
stage: test
script:
- ansible-lint --force-color

13
galaxy.yml
View file

@ -8,7 +8,7 @@ namespace: s3lph
name: mailserver
# The version of the collection. Must be compatible with semantic versioning
version: '0.4.7'
version: '0.5.0'
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
@ -16,7 +16,7 @@ readme: README.md
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
# @nicks:irc/im.site#channel'
authors:
- s3lph <1375407-s3lph@users.noreply.gitlab.com>
- s3lph <s3lph@kabelsalat.ch>
### OPTIONAL but strongly recommended
@ -31,6 +31,7 @@ license:
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
# requirements as 'namespace' and 'name'
tags:
- application
- email
- mailserver
- postfix
@ -50,16 +51,16 @@ dependencies:
community.crypto: '1.5.0'
# The URL of the originating SCM repository
repository: https://gitlab.com/s3lph/ansible-collection-mailserver
repository: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to any online docs
documentation: https://gitlab.com/s3lph/ansible-collection-mailserver
documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to the homepage of the collection/project
homepage: https://gitlab.com/s3lph/ansible-collection-mailserver
homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to the collection issue tracker
issues: https://gitlab.com/s3lph/ansible-collection-mailserver/-/issues
issues: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver/issues
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This

52
meta/runtime.yml Normal file
View file

@ -0,0 +1,52 @@
---
# Collections must specify a minimum required ansible version to upload
# to galaxy
requires_ansible: '>=2.15.0'
# Content that Ansible needs to load from another location or that has
# been deprecated/removed
# plugin_routing:
# action:
# redirected_plugin_name:
# redirect: ns.col.new_location
# deprecated_plugin_name:
# deprecation:
# removal_version: "4.0.0"
# warning_text: |
# See the porting guide on how to update your playbook to
# use ns.col.another_plugin instead.
# removed_plugin_name:
# tombstone:
# removal_version: "2.0.0"
# warning_text: |
# See the porting guide on how to update your playbook to
# use ns.col.another_plugin instead.
# become:
# cache:
# callback:
# cliconf:
# connection:
# doc_fragments:
# filter:
# httpapi:
# inventory:
# lookup:
# module_utils:
# modules:
# netconf:
# shell:
# strategy:
# terminal:
# test:
# vars:
# Python import statements that Ansible needs to load from another location
# import_redirection:
# ansible_collections.ns.col.plugins.module_utils.old_location:
# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
# Groups of actions/modules that take a common set of options
# action_groups:
# group_name:
# - module1
# - module2

4
roles/dovecot/defaults/main/sieve.yml
View file

@ -1,5 +1,5 @@
---
dovecot_enable_pigeonhole: no
dovecot_enable_pigeonhole_managesieve: no
dovecot_enable_pigeonhole: false
dovecot_enable_pigeonhole_managesieve: false
dovecot_pigeonhole_sieve: "file:~/sieve;active=~/.dovecot.sieve"

2
roles/dovecot/defaults/main/userdb.yml
View file

@ -6,6 +6,6 @@ dovecot_passdb_scheme: BLF-CRYPT
dovecot_passdb_filename: /etc/dovecot/userdb/%d
dovecot_passdb_user_format: "%u"
dovecot_master_passdb_enable: no
dovecot_master_passdb_enable: false
dovecot_master_passdb: {}
dovecot_master_user_separator: ";"

2
roles/dovecot/defaults/main/virtual.yml
View file

@ -2,6 +2,6 @@
virtual_mail_uid: virtual
virtual_mail_gid: virtual
virutal_mail_home: /home/virtual
virtual_mail_home: /home/virtual
virtual_mail_user_home: /home/virtual/%d/%n
virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir

4
roles/dovecot/handlers/main.yml
View file

@ -1,11 +1,11 @@
---
- name: reload dovecot
- name: Reload dovecot
ansible.builtin.service:
name: dovecot
state: reloaded
- name: restart dovecot
- name: Restart dovecot
ansible.builtin.service:
name: dovecot
state: restarted

12
roles/dovecot/tasks/config.yml
View file

@ -1,21 +1,21 @@
---
- name: render /etc/dovecot/dovecot.conf
- name: Render /etc/dovecot/dovecot.conf
ansible.builtin.template:
src: etc/dovecot/dovecot.conf.j2
dest: /etc/dovecot/dovecot.conf
owner: root
group: dovecot
mode: 0640
notify: restart dovecot
mode: "0640"
notify: Restart dovecot
- name: render /etc/dovecot/master.passwd
- name: Render /etc/dovecot/master.passwd
ansible.builtin.template:
src: etc/dovecot/passwd-file.j2
dest: /etc/dovecot/master.passwd
owner: root
group: dovecot
mode: 0640
mode: "0640"
vars:
passwd: "{{ dovecot_master_passdb | dict2items(key_name='username', value_name='password') }}"
passdb_only: yes
passdb_only: true

12
roles/dovecot/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install dovecot packages
- name: Install dovecot packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
@ -11,15 +11,15 @@
- dovecot-sieve
- dovecot-managesieved
- name: add dovecot user to virtual mail group
- name: Add dovecot user to virtual mail group
ansible.builtin.user:
name: dovecot
groups: "{{ virtual_mail_gid }}"
append: yes
notify: restart dovecot
append: true
notify: Restart dovecot
- name: start and enable dovecot
- name: Start and enable dovecot
ansible.builtin.service:
name: dovecot
state: started
enabled: yes
enabled: true

6
roles/dovecot/tasks/main.yml
View file

@ -1,18 +1,18 @@
---
- name: create virtual user/group
- name: Create virtual user/group
ansible.builtin.import_tasks: virtual.yml
tags:
- "role::dovecot"
- "role::dovecot:virtual"
- name: install dovecot
- name: Install dovecot
ansible.builtin.import_tasks: install.yml
tags:
- "role::dovecot"
- "role::dovecot:install"
- name: configure dovecot
- name: Configure dovecot
ansible.builtin.import_tasks: config.yml
tags:
- "role::dovecot"

8
roles/dovecot/tasks/virtual.yml
View file

@ -1,16 +1,16 @@
---
- name: create virtual mail group
- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
system: yes
system: true
- name: create virtual mail user
- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
system: yes
system: true
comment: Virtual Mail User

8
roles/easywks/defaults/main.yml
View file

@ -1,8 +1,8 @@
---
easywks_download: yes
easywks_download: true
easywks_config: ""
easywks_service_http_enabled: yes
easywks_service_lmtp_enabled: yes
easywks_service_dnsd_enabled: yes
easywks_service_http_enabled: true
easywks_service_lmtp_enabled: true
easywks_service_dnsd_enabled: true

6
roles/easywks/handlers/main.yml
View file

@ -1,16 +1,16 @@
---
- name: restart easywks-http
- name: Restart easywks-http
ansible.builtin.service:
name: easywks-http
state: restarted
- name: restart easywks-lmtp
- name: Restart easywks-lmtp
ansible.builtin.service:
name: easywks-lmtp
state: restarted
- name: restart easywks-dnsd
- name: Restart easywks-dnsd
ansible.builtin.service:
name: easywks-dnsd
state: restarted

16
roles/easywks/tasks/config.yml
View file

@ -1,30 +1,30 @@
---
- name: render easywks config file
- name: Render easywks config file
ansible.builtin.template:
src: etc/easywks.yml.j2
dest: /etc/easywks.yml
owner: root
group: root
mode: 0644
mode: "0644"
notify:
- restart easywks-http
- restart easywks-lmtp
- restart easywks-dnsd
- Restart easywks-http
- Restart easywks-lmtp
- Restart easywks-dnsd
- name: start and enable easywks-http
- name: Start and enable easywks-http
ansible.builtin.service:
name: easywks-http
state: started
enabled: "{{ easywks_service_http_enabled }}"
- name: start and enable easywks-lmtp
- name: Start and enable easywks-lmtp
ansible.builtin.service:
name: easywks-lmtp
state: started
enabled: "{{ easywks_service_lmtp_enabled }}"
- name: start and enable easywks-dnsd
- name: Start and enable easywks-dnsd
ansible.builtin.service:
name: easywks-dnsd
state: started

15
roles/easywks/tasks/install.yml
View file

@ -1,23 +1,24 @@
---
- name: install easywks from system package sources
- name: Install easywks from system package sources
ansible.builtin.apt:
name: easywks
notify:
- restart easywks-http
- restart easywks-lmtp
- Restart easywks-http
- Restart easywks-lmtp
- Restart easywks-dnsd
when: "not easywks_download"
- name: get easywks package url
- name: Get easywks package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/easywks
url: "https://gitlab.com/api/v4/projects/29907182/releases"
return_content: yes
return_content: true
register: "register_easywks_gitlab_releases"
changed_when: no
changed_when: false
when: "easywks_download"
- name: install easywks from upstream release
- name: Install easywks from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:

4
roles/easywks/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: install easywks
- name: Install easywks
ansible.builtin.import_tasks: install.yml
tags:
- "role::easywks"
- "role::easywks:install"
- name: configure easywks
- name: Configure easywks
ansible.builtin.import_tasks: config.yml
tags:
- "role::easywks"

2
roles/getaddrinfo/tasks/config.yml
View file

@ -6,4 +6,4 @@
dest: /etc/gai.conf
owner: root
group: root
mode: 0644
mode: "0644"

6
roles/getaddrinfo/tasks/lookup.yml
View file

@ -4,18 +4,18 @@
ansible.builtin.uri:
url: https://rdap.arin.net/registry/entity/GOGL
register: gai_register_gogl_rdap
- name: Initialize precedence list
ansible.builtin.set_fact:
getaddrinfo_precedence: "{{ getaddrinfo_precedence | default({}) }}"
- name: Add all Google v4 nets to precedence list
ansible.builtin.debug:
msg: "{%- set _ = getaddrinfo_precedence[cidr] = 100 -%}{{- cidr -}}"
msg: "{%- set getaddrinfo_precedence = getaddrinfo_precedence + {cidr: 100} -%}{{- cidr -}}"
vars:
cidr: "{{ item.v4prefix }}/{{ item.length }}"
loop: "{{ gai_register_gogl_rdap.json.networks | selectattr('ipVersion', 'eq', 'v4') | map(attribute='cidr0_cidrs') | flatten }}"
- name: Add all Google v4 nets to precedence list
ansible.builtin.debug:
var: getaddrinfo_precedence

14
roles/mailman/defaults/main.yml
View file

@ -59,11 +59,11 @@ mailman_mta_smtp_pass: ""
mailman_mta_lmtp_host: 127.0.0.1
mailman_mta_lmtp_port: 8024
mailman_mta_configuration: python:mailman.config.postfix
mailman_mta_remove_dkim_headers: yes
mailman_mta_remove_dkim_headers: true
mailman_mta_additional_config: ""
mailman_hyperkitty_enabled: yes
mailman_hyperkitty_enabled: true
mailman_hyperkitty_localhost_base_url: http://localhost/hyperkitty/
mailman_hyperkitty_api_acl:
- "127.0.0.1"
@ -84,11 +84,11 @@ mailman_web_auth_socialaccounts: []
mailman_web_language: en-us
mailman_web_timezone: UTC
mailman_web_emailname: "{{ mailman_sitename }}"
mailman_web_compress_online: yes
mailman_web_compress_online: true
mailman_web_base_url: http://localhost/
mailman_web_static_url: /static/
mailman_web_disable_gravatar: yes
mailman_web_disable_web_posting: yes
mailman_web_disable_gravatar: true
mailman_web_disable_web_posting: true
# django.db.backends.sqlite3
# django.db.backends.mysql
# django.db.backends.postgresql_psycopg2
@ -116,8 +116,8 @@ mailman_mariadb_bootstrap_login_user: root
mailman_mariadb_bootstrap_login_password: ''
mailman_superuser_name: root
mailman_web_override_templates: no
mailman_web_override_templates: false
mailman_web_override_templates_path: "{{ playbook_dir }}/templates/override"
mailman_web_override_static_path: "{{ playbook_dir }}/static/override"
mailman_web_hyperkitty_cleanup_cron: '0 * * * *'
mailman_web_privacy_enhancements: no
mailman_web_privacy_enhancements: false

10
roles/mailman/handlers/main.yml
View file

@ -1,20 +1,20 @@
---
- name: systemctl daemon-reload
- name: Systemctl daemon-reload
ansible.builtin.systemd:
daemon_reload: yes
daemon_reload: true
- name: restart mailman3
- name: Restart mailman3
ansible.builtin.service:
name: mailman3
state: restarted
- name: restart mailman3-web
- name: Restart mailman3-web
ansible.builtin.service:
name: mailman3-web
state: restarted
- name: reload postfix
- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded

38
roles/mailman/tasks/bootstrap.yml
View file

@ -1,6 +1,6 @@
---
- name: create mariadb mailman database
- name: Create mariadb mailman database
community.mysql.mysql_db:
name: '{{ mailman_mariadb_database }}'
login_host: '{{ mailman_mariadb_bootstrap_host }}'
@ -8,9 +8,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create mariadb mailman-web database
- name: Create mariadb mailman-web database
community.mysql.mysql_db:
name: '{{ mailman_web_database_name }}'
login_host: '{{ mailman_mariadb_bootstrap_host }}'
@ -18,9 +18,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create mailman database user
- name: Create mailman database user
community.mysql.mysql_user:
name: "{{ mailman_mariadb_user }}"
host: "{{ mailman_mariadb_user_host }}"
@ -31,9 +31,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create mailman-web database user
- name: Create mailman-web database user
community.mysql.mysql_user:
name: "{{ mailman_web_database_user }}"
host: "{{ mailman_web_database_user_host }}"
@ -44,9 +44,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create mailman-postfix database user
- name: Create mailman-postfix database user
community.mysql.mysql_user:
name: "{{ mailman_database_postfix_user }}"
host: "{{ mailman_database_postfix_user_host }}"
@ -57,26 +57,26 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: apply mailman-web migrations
- name: Apply mailman-web migrations
become_user: www-data
become_method: sudo
become: true
ansible.builtin.command: /usr/share/mailman3-web/manage.py migrate
changed_when: yes
changed_when: true
- name: change django default site
- name: Change django default site
become_user: www-data
become_method: sudo
become: true
ansible.builtin.command: >-
/usr/share/mailman3-web/manage.py set_default_site
--name {{ mailman_sitename }}
--domain {{ mailman_sitename }}
changed_when: yes
changed_when: true
- name: create mailman-web superuser
- name: Create mailman-web superuser
become_user: www-data
become_method: sudo
become: true
ansible.builtin.command: /usr/share/mailman3-web/manage.py shell
args:
stdin: |
@ -86,4 +86,4 @@
'{{ mailman_superuser_email }}',
'{{ mailman_superuser_password }}'
)
changed_when: yes
changed_when: true

32
roles/mailman/tasks/config.yml
View file

@ -1,53 +1,53 @@
---
- name: render /etc/mailman3/mailman.cfg
- name: Render /etc/mailman3/mailman.cfg
ansible.builtin.template:
src: etc/mailman3/mailman.cfg.j2
dest: /etc/mailman3/mailman.cfg
owner: root
group: list
mode: 0640
notify: restart mailman3
mode: "0640"
notify: Restart mailman3
- name: render /etc/mailman3/mailman-hyperkitty.cfg
- name: Render /etc/mailman3/mailman-hyperkitty.cfg
ansible.builtin.template:
src: etc/mailman3/mailman-hyperkitty.cfg.j2
dest: /etc/mailman3/mailman-hyperkitty.cfg
owner: root
group: list
mode: 0640
notify: restart mailman3
mode: "0640"
notify: Restart mailman3
- name: render /etc/mailman3/mailman-web.py
- name: Render /etc/mailman3/mailman-web.py
ansible.builtin.template:
src: etc/mailman3/mailman-web.py.j2
dest: /etc/mailman3/mailman-web.py
owner: root
group: www-data
mode: 0640
notify: restart mailman3-web
mode: "0640"
notify: Restart mailman3-web
- name: create /etc/postfix/sql directory
- name: Create /etc/postfix/sql directory
ansible.builtin.file:
path: /etc/postfix/sql
state: directory
owner: root
group: root
mode: 0755
mode: "0755"
- name: render postfix sql config file
- name: Render postfix sql config file
ansible.builtin.template:
src: etc/postfix/sql/mailman_mysql_virtual_domains.cf.j2
dest: /etc/postfix/sql/mailman_mysql_virtual_domains.cf
owner: root
group: postfix
mode: 0640
notify: reload postfix
mode: "0640"
notify: Reload postfix
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037358
- name: disable gatenews cronjob
- name: Disable gatenews cronjob
ansible.builtin.lineinfile:
file: /etc/cron.d/mailman3
path: /etc/cron.d/mailman3
regexp: '^#(?/*/usr/bin/mailman gatenews.*)$'
line: '#\1'
when:

26
roles/mailman/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install packages
- name: Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
@ -12,47 +12,47 @@
- mariadb-client
- acl
- name: fix permissions on /var/lib/mailman3/data
- name: Fix permissions on /var/lib/mailman3/data
ansible.builtin.file:
path: /var/lib/mailman3/data
state: directory
owner: list
group: list
mode: 0755
mode: "0755"
- name: create mailman3 servive override directory
- name: Create mailman3 servive override directory
ansible.builtin.file:
path: /etc/systemd/system/mailman3.service.d
state: directory
owner: root
group: root
mode: 0755
mode: "0755"
- name: override mailman3 service dependencies
- name: Override mailman3 service dependencies
ansible.builtin.template:
src: etc/systemd/system/mailman3.service.d/override.conf.j2
dest: /etc/systemd/system/mailman3.service.d/override.conf
owner: root
group: root
mode: 0644
notify: systemctl daemon-reload
mode: "0644"
notify: Systemctl daemon-reload
when: mailman3_service_dependencies is defined
- name: remove mailman3 service dependencies override
- name: Remove mailman3 service dependencies override
ansible.builtin.file:
path: /etc/systemd/system/mailman3.service.d/override.conf
state: absent
notify: systemctl daemon-reload
notify: Systemctl daemon-reload
when: mailman3_service_dependencies is not defined
- name: systemctl daemon-reload
- name: Systemctl daemon-reload
ansible.builtin.meta: flush_handlers
- name: start and enable mailman
- name: Start and enable mailman
ansible.builtin.service:
name: "{{ item }}"
state: started
enabled: yes
enabled: true
loop:
- mailman3
- mailman3-web

10
roles/mailman/tasks/main.yml
View file

@ -1,30 +1,30 @@
---
- name: install mailman3
- name: Install mailman3
ansible.builtin.import_tasks: install.yml # todo: wtf dependencies
tags:
- "role::mailman"
- "role::mailman:install"
- name: configure mailman3
- name: Configure mailman3
ansible.builtin.import_tasks: config.yml
tags:
- "role::mailman"
- "role::mailman:config"
- name: override mailman3-web django templates
- name: Override mailman3-web django templates
ansible.builtin.import_tasks: templates.yml
tags:
- "role::mailman"
- "role::mailman:templates"
- name: create mailman3 databases and admin users
- name: Create mailman3 databases and admin users
ansible.builtin.import_tasks: bootstrap.yml
tags:
- "role::mailman:bootstrap"
- "never"
- name: create hyperkitty cleanup cronjob
- name: Create hyperkitty cleanup cronjob
ansible.builtin.import_tasks: privacy.yml
tags:
- "role::mailman:privacy"

8
roles/mailman/tasks/privacy.yml
View file

@ -1,19 +1,19 @@
---
- name: render mysql client config for cleanup cronjob
- name: Render mysql client config for cleanup cronjob
ansible.builtin.template:
src: root/.mysql.hyperkitty-cleanup.cnf.j2
dest: /root/.mysql.hyperkitty-cleanup.cnf
owner: root
group: root
mode: 0600
mode: "0600"
when: mailman_web_privacy_enhancements
- name: render privacy-enhancing hyperkitty cleanup cronjob
- name: Render privacy-enhancing hyperkitty cleanup cronjob
ansible.builtin.template:
src: etc/cron.d/hyperkitty-cleanup.j2
dest: /etc/cron.d/hyperkitty-cleanup
owner: root
group: root
mode: 0640
mode: "0640"
when: mailman_web_privacy_enhancements

40
roles/mailman/tasks/templates.yml
View file

@ -1,59 +1,59 @@
---
- name: create /var/lib/mailman3/web/templates
- name: Create /var/lib/mailman3/web/templates
ansible.builtin.file:
path: /var/lib/mailman3/web/templates
state: directory
owner: www-data
group: www-data
mode: 0755
mode: "0755"
- name: create template override directories
- name: Create template override directories
ansible.builtin.file:
path: "/var/lib/mailman3/web/templates/{{ item.path }}"
owner: www-data
group: www-data
mode: 0755
mode: "0755"
when: "item.state == 'directory'"
with_filetree: "{{ mailman_web_override_templates_path }}"
notify: restart mailman3-web
with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
notify: Restart mailman3-web
- name: render template overrides
- name: Render template overrides
ansible.builtin.copy:
src: "{{ item.root }}/{{ item.path }}"
dest: "/var/lib/mailman3/web/templates/{{ item.path }}"
owner: www-data
group: www-data
mode: 0644
mode: "0644"
when: "item.state != 'directory'"
with_filetree: "{{ mailman_web_override_templates_path }}"
notify: restart mailman3-web
with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
notify: Restart mailman3-web
- name: create /var/lib/mailman3/web/static
- name: Create /var/lib/mailman3/web/static
ansible.builtin.file:
path: /var/lib/mailman3/web/static
state: directory
owner: www-data
group: www-data
mode: 0755
mode: "0755"
- name: create static override directories
- name: Create static override directories
ansible.builtin.file:
path: "/var/lib/mailman3/web/static/{{ item.path }}"
owner: www-data
group: www-data
mode: 0755
mode: "0755"
when: "item.state == 'directory'"
with_filetree: "{{ mailman_web_override_static_path }}"
notify: restart mailman3-web
with_community.general.filetree: "{{ mailman_web_override_static_path }}"
notify: Restart mailman3-web
- name: render static overrides
- name: Render static overrides
ansible.builtin.copy:
src: "{{ item.root }}/{{ item.path }}"
dest: "/var/lib/mailman3/web/static/{{ item.path }}"
owner: www-data
group: www-data
mode: 0644
mode: "0644"
when: "item.state != 'directory'"
with_filetree: "{{ mailman_web_override_static_path }}"
notify: restart mailman3-web
with_community.general.filetree: "{{ mailman_web_override_static_path }}"
notify: Restart mailman3-web

4
roles/multischleuder/defaults/main.yml
View file

@ -1,7 +1,7 @@
---
multischleuder_download: yes
multischleuder_service_enabled: yes
multischleuder_download: true
multischleuder_service_enabled: true
multischleuder_config: |

6
roles/multischleuder/tasks/config.yml
View file

@ -1,14 +1,14 @@
---
- name: render easywks config file
- name: Render easywks config file
ansible.builtin.template:
src: etc/multischleuder/multischleuder.yml.j2
dest: /etc/multischleuder/multischleuder.yml
owner: root
group: root
mode: 0644
mode: "0644"
- name: start and enable multischleuder.timer
- name: Start and enable multischleuder.timer
ansible.builtin.service:
name: multischleuder.timer
state: started

10
roles/multischleuder/tasks/install.yml
View file

@ -1,20 +1,20 @@
---
- name: install multischleuder from system package sources
- name: Install multischleuder from system package sources
ansible.builtin.apt:
name: multischleuder
when: "not multischleuder_download"
- name: get multischleuder package url
- name: Get multischleuder package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/multischleuder
url: "https://gitlab.com/api/v4/projects/35309982/releases"
return_content: yes
return_content: true
register: "register_multischleuder_gitlab_releases"
changed_when: no
changed_when: false
when: "multischleuder_download"
- name: install multischleuder from upstream release
- name: Install multischleuder from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:

4
roles/multischleuder/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: install multischleuder
- name: Install multischleuder
ansible.builtin.import_tasks: install.yml
tags:
- "role::multischleuder"
- "role::multischleuder:install"
- name: configure multischleuder
- name: Configure multischleuder
ansible.builtin.import_tasks: config.yml
tags:
- "role::multischleuder"

10
roles/opendkim/defaults/main.yml
View file

@ -1,14 +1,14 @@
---
opendkim_testmode: no
opendkim_testmode: false
opendkim_syslog: yes
opendkim_syslog_success: yes
opendkim_log_why: no
opendkim_syslog: true
opendkim_syslog_success: true
opendkim_log_why: false
opendkim_canonicalization: relaxed/relaxed
opendkim_mode: sv
opendkim_subdomains: no
opendkim_subdomains: false
opendkim_oversign_headers: From
opendkim_selector: mail

4
roles/opendkim/handlers/main.yml
View file

@ -1,11 +1,11 @@
---
- name: restart opendkim
- name: Restart opendkim
ansible.builtin.service:
name: opendkim
state: restarted
- name: restart postfix
- name: Restart postfix
ansible.builtin.service:
name: postfix
state: restarted

26
roles/opendkim/tasks/config.yml
View file

@ -1,44 +1,44 @@
---
- name: create /etc/dkimkeys diretory
- name: Create /etc/dkimkeys diretory
ansible.builtin.file:
path: /etc/dkimkeys
state: directory
owner: opendkim
group: opendkim
mode: 0700
mode: "0700"
- name: create dkim key
- name: Create dkim key
ansible.builtin.command: >-
/usr/sbin/opendkim-genkey
--directory=/etc/dkimkeys
--selector={{ opendkim_selector }}
args:
creates: "/etc/dkimkeys/{{ opendkim_selector }}.private"
become: yes
become: true
become_user: opendkim
notify: restart opendkim
notify: Restart opendkim
- name: create postfix spool socket directory
- name: Create postfix spool socket directory
ansible.builtin.file:
path: /var/spool/postfix/opendkim
state: directory
owner: opendkim
group: postfix
mode: 0770
notify: restart opendkim
mode: "0770"
notify: Restart opendkim
- name: render /etc/opendkim.conf
- name: Render /etc/opendkim.conf
ansible.builtin.template:
src: etc/opendkim.conf.j2
dest: /etc/opendkim.conf
owner: root
group: root
mode: 0644
notify: restart opendkim
mode: "0644"
notify: Restart opendkim
- name: start and enable opendkim
- name: Start and enable opendkim
ansible.builtin.service:
name: opendkim
state: started
enabled: yes
enabled: true

8
roles/opendkim/tasks/install.yml
View file

@ -1,14 +1,14 @@
---
- name: install opendkim
- name: Install opendkim
ansible.builtin.package:
name:
- opendkim
- opendkim-tools
- name: add postfix to opendkim group
- name: Add postfix to opendkim group
ansible.builtin.user:
name: postfix
groups: opendkim
append: yes
notify: restart postfix
append: true
notify: Restart postfix

4
roles/opendkim/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: install opendkim
- name: Install opendkim
ansible.builtin.import_tasks: install.yml
tags:
- "role::opendkim"
- "role::opendkim:install"
- name: configure opendkim
- name: Configure opendkim
ansible.builtin.import_tasks: config.yml
tags:
- "role::opendkim"

18
roles/postfix/defaults/main/global.yml
View file

@ -16,15 +16,15 @@ postfix_mydestination:
postfix_additional_transport_maps: []
postfix_additional_relay_domains: []
postfix_postfixadmin_enable: no
postfix_mailman_enable: no
postfix_schleuder_enable: no
postfix_policyd_spf_enable: no
postfix_srsd_enable: no
postfix_srsd_nodefault: no
postfix_spamassassin_enable: no
postfix_easywks_pipe_transport: no
postfix_opendkim_enable: no
postfix_postfixadmin_enable: false
postfix_mailman_enable: false
postfix_schleuder_enable: false
postfix_policyd_spf_enable: false
postfix_srsd_enable: false
postfix_srsd_nodefault: false
postfix_spamassassin_enable: false
postfix_easywks_pipe_transport: false
postfix_opendkim_enable: false
postfix_srsd_forward_lookup: "tcp:localhost:10001"
postfix_srsd_reverse_lookup: "tcp:localhost:10002"

62
roles/postfix/defaults/main/master.yml
View file

@ -7,7 +7,7 @@ postfix_default_master_processes:
smtp:
name: smtp
type: inet
private: no
private: false
command: smtpd
options:
- '-o syslog_name=postfix/smtp'
@ -17,7 +17,7 @@ postfix_default_master_processes:
submission:
name: submission
type: inet
private: no
private: false
command: smtpd
options:
- '-o syslog_name=postfix/submission'
@ -32,81 +32,81 @@ postfix_default_master_processes:
pickup:
name: pickup
type: unix
private: no
chroot: no
private: false
chroot: false
wakeup: 60
maxproc: 1
cleanup:
name: cleanup
type: unix
private: no
private: false
maxproc: 0
qmgr:
name: qmgr
type: unix
private: no
chroot: no
private: false
chroot: false
wakeup: 300
maxproc: 1
tlsmgr:
name: tlsmgr
type: unix
chroot: no
chroot: false
wakeup: '1000?'
maxproc: 1
rewrite:
name: rewrite
type: unix
chroot: no
chroot: false
command: trivial-rewrite
bounce:
name: bounce
type: unix
chroot: no
chroot: false
maxproc: 0
defer:
name: defer
type: unix
chroot: no
chroot: false
maxproc: 0
command: bounce
trace:
name: trace
type: unix
chroot: no
chroot: false
maxproc: 0
command: bounce
verify:
name: verify
type: unix
chroot: no
chroot: false
maxproc: 1
flush:
name: flush
type: unix
private: no
chroot: no
private: false
chroot: false
wakeup: '1000?'
maxproc: 0
proxymap:
name: proxymap
type: unix
chroot: no
chroot: false
proxywrite:
name: proxywrite
type: unix
chroot: no
chroot: false
maxproc: 1
command: proxymap
@ -125,59 +125,59 @@ postfix_default_master_processes:
showq:
name: showq
type: unix
private: no
chroot: no
private: false
chroot: false
error:
name: error
type: unix
chroot: no
chroot: false
retry:
name: retry
type: unix
chroot: no
chroot: false
command: error
discard:
name: discard
type: unix
chroot: no
chroot: false
local:
name: local
type: unix
unpriv: no
chroot: no
unpriv: false
chroot: false
virtual:
name: virtual
type: unix
unpriv: no
chroot: no
unpriv: false
chroot: false
lmtp:
name: lmtp
type: unix
chroot: no
chroot: false
anvil:
name: anvil
type: unix
chroot: no
chroot: false
maxproc: 1
scache:
name: scache
type: unix
chroot: no
chroot: false
maxproc: 1
postlog:
name: postlog
type: unix-dgram
private: no
chroot: no
private: false
chroot: false
maxproc: 1
command: postlogd

4
roles/postfix/defaults/main/policyd_spf.yml
View file

@ -6,8 +6,8 @@ postfix_policyd_spf_testonly: 0
postfix_policyd_spf_helo_reject: Fail
postfix_policyd_spf_mail_from_reject: Fail
postfix_policyd_spf_permerror_reject: False
postfix_policyd_spf_temperror_reject: False
postfix_policyd_spf_permerror_reject: "False"
postfix_policyd_spf_temperror_reject: "False"
postfix_policyd_spf_skip_addresses:
- "127.0.0.0/8"

2
roles/postfix/defaults/main/restrictions.yml
View file

@ -48,6 +48,6 @@ postfix_body_checks: []
postfix_smtpd_sender_login_maps: []
postfix_always_add_missing_headers: no
postfix_always_add_missing_headers: false
postfix_local_header_rewrite_clients:
- permit_inet_interfaces

4
roles/postfix/defaults/main/virtual.yml
View file

@ -1,9 +1,9 @@
---
postfix_enable_virtual_mail: yes
postfix_enable_virtual_mail: true
virtual_mail_uid: virtual
virtual_mail_gid: virtual
virutal_mail_home: /home/virtual
virtual_mail_home: /home/virtual
virtual_minimum_uid: 100

9
roles/postfix/handlers/main.yml
View file

@ -1,19 +1,20 @@
---
- name: restart postfix
- name: Restart postfix
ansible.builtin.service:
name: postfix
state: restarted
- name: reload postfix
- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded
- name: restart postfix-mta-sts-resolver
- name: Restart postfix-mta-sts-resolver
ansible.builtin.service:
name: postfix-mta-sts-resolver
state: restarted
- name: postalias /etc/aliases
- name: Postalias /etc/aliases
ansible.builtin.command: postalias /etc/aliases
changed_when: true

16
roles/postfix/tasks/config.yml
View file

@ -6,8 +6,8 @@
dest: /etc/postfix/main.cf
owner: root
group: root
mode: 0644
notify: restart postfix
mode: "0644"
notify: Restart postfix
- name: Render /etc/postfix/master.cf
ansible.builtin.template:
@ -15,8 +15,8 @@
dest: /etc/postfix/master.cf
owner: root
group: root
mode: 0644
notify: restart postfix
mode: "0644"
notify: Restart postfix
- name: Render /etc/postfix-policyd-spf-python/policyd-spf.conf
ansible.builtin.template:
@ -24,8 +24,8 @@
dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
owner: root
group: root
mode: 0644
notify: restart postfix
mode: "0644"
notify: Restart postfix
- name: Render /etc/mta-sts-daemon.yml
ansible.builtin.template:
@ -33,8 +33,8 @@
dest: /etc/mta-sts-daemon.yml
owner: root
group: root
mode: 0644
notify: restart postfix-mta-sts-resolver
mode: "0644"
notify: Restart postfix-mta-sts-resolver
- name: Start and enable postfix-mta-sts-resolver
ansible.builtin.service:

2
roles/postfix/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install packages
- name: Install packages
ansible.builtin.apt:
name:
- postfix

8
roles/postfix/tasks/main.yml
View file

@ -1,6 +1,6 @@
---
- name: create postfix virtual users/group
- name: Create postfix virtual users/group
ansible.builtin.import_tasks: setup.yml
tags:
- "role::postfix"
@ -8,19 +8,19 @@
- "role::postfix:config"
- "role::postfix:tables"
- name: install postfix
- name: Install postfix
ansible.builtin.import_tasks: install.yml
tags:
- "role::postfix"
- "role::postfix:install"
- name: configure postfix
- name: Configure postfix
ansible.builtin.import_tasks: config.yml
tags:
- "role::postfix"
- "role::postfix:config"
- name: render postfix lookup tables
- name: Render postfix lookup tables
ansible.builtin.import_tasks: tables.yml
tags:
- "role::postfix"

10
roles/postfix/tasks/setup.yml
View file

@ -1,25 +1,25 @@
---
- name: create virtual mail group
- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
system: yes
system: true
register: postfix_register_vmail_group
when: postfix_enable_virtual_mail
- name: create virtual mail user
- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
system: yes
system: true
comment: Virtual Mail User
register: postfix_register_vmail_user
when: postfix_enable_virtual_mail
- name: set vmail uid and gid facts
- name: Set vmail uid and gid facts
ansible.builtin.set_fact:
virtual_mail_numeric_uid: "{{ postfix_register_vmail_user.uid }}"
virtual_mail_numeric_gid: "{{ postfix_register_vmail_group.gid }}"

14
roles/postfix/tasks/tables.yml
View file

@ -1,26 +1,26 @@
---
- name: render /etc/aliases
- name: Render /etc/aliases
ansible.builtin.template:
src: etc/aliases.j2
dest: /etc/aliases
owner: root
group: root
mode: 0644
notify: postalias /etc/aliases
mode: "0644"
notify: Postalias /etc/aliases
- name: render additional hash lookup tables
- name: Render additional hash lookup tables
ansible.builtin.template:
src: etc/postfix/table.j2
dest: "/etc/postfix/{{ item.key }}"
owner: root
group: root
mode: 0644
mode: "0644"
register: postfix_register_additional_lookup_tables
loop: "{{ postfix_additional_tables | dict2items }}"
- name: postmap additional lookup tables
- name: Postmap additional lookup tables
ansible.builtin.command: >-
postmap /etc/postfix/{{ item.item.key }}
changed_when: yes
changed_when: true
loop: "{{ postfix_register_additional_lookup_tables.results }}"

40
roles/postfixadmin/defaults/main.yml
View file

@ -24,8 +24,8 @@ postfixadmin_password_validation:
'/([a-zA-Z].*){3}/': 'password_no_characters 3'
'/([0-9].*){2}/': 'password_no_digits 2'
postfixadmin_generate_password: no
postfixadmin_show_password: no
postfixadmin_generate_password: false
postfixadmin_show_password: false
postfixadmin_page_size: 25
postfixadmin_default_aliases:
@ -34,33 +34,33 @@ postfixadmin_default_aliases:
postmaster: 'postmaster@{{ ansible_domain }}'
webmaster: 'webmaster@{{ ansible_domain }}'
postfixadmin_domain_path: yes
postfixadmin_domain_in_mailbox: no
postfixadmin_domain_path: true
postfixadmin_domain_in_mailbox: false
postfixadmin_aliases: 10
postfixadmin_mailboxes: 10
postfixadmin_maxquota: 10
postfixadmin_domain_quota_default: 2048
postfixadmin_quota: no
postfixadmin_domain_quota: yes
postfixadmin_quota: false
postfixadmin_domain_quota: true
postfixadmin_transport: no
postfixadmin_transport: false
postfixadmin_transport_options:
- lmtp:unix:private/dovecot-lmtp
postfixadmin_alias_domain: yes
postfixadmin_backup: no
postfixadmin_sendmail: yes
postfixadmin_sendmail_all_admins: no
postfixadmin_fetchmail: yes
postfixadmin_forgotten_user_password_reset: yes
postfixadmin_forgotten_admin_password_reset: no
postfixadmin_password_expiration: no
postfixadmin_show_header_text: no
postfixadmin_alias_domain: true
postfixadmin_backup: false
postfixadmin_sendmail: true
postfixadmin_sendmail_all_admins: false
postfixadmin_fetchmail: true
postfixadmin_forgotten_user_password_reset: true
postfixadmin_forgotten_admin_password_reset: false
postfixadmin_password_expiration: false
postfixadmin_show_header_text: false
postfixadmin_header_text: ':: Postfix Admin ::'
postfixadmin_show_footer_text: yes
postfixadmin_show_footer_text: true
postfixadmin_footer_text: 'Return to change-this-to-your.domain.tld'
postfixadmin_footer_link: 'http://change-this-to-your.domain.tld'
postfixadmin_emailcheck_resolve_domain: yes
postfixadmin_emailcheck_resolve_domain: true
postfixadmin_welcome_text: |
Hi,
@ -85,10 +85,10 @@ postfixadmin_database_postfix_hosts: 'unix:/run/mysqld/mysqld.sock'
postfixadmin_database_dovecot_user: postfix
postfixadmin_database_dovecot_hosts: '/run/mysqld/mysqld.sock'
# This permits disabled users to still read their mail, but will not allow them to send mail.
postfixadmin_permit_inactive_user_nosmtp: no
postfixadmin_permit_inactive_user_nosmtp: false
# allow login as <user> in addition to <user>@<domain>
# Only set this when when you're only serving a single domain or can otherwise avoid conflicts
postfixadmin_permit_localpart_login: no
postfixadmin_permit_localpart_login: false
postfixadmin_additional_config: ''

4
roles/postfixadmin/handlers/main.yml
View file

@ -1,11 +1,11 @@
---
- name: reload postfix
- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded
- name: reload dovecot
- name: Reload dovecot
ansible.builtin.service:
name: dovecot
state: reloaded

18
roles/postfixadmin/tasks/bootstrap.yml
View file

@ -1,6 +1,6 @@
---
- name: create mariadb database
- name: Create mariadb database
community.mysql.mysql_db:
name: '{{ postfixadmin_database_name }}'
login_host: '{{ postfixadmin_database_host }}'
@ -8,9 +8,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create postfixadmin database user
- name: Create postfixadmin database user
community.mysql.mysql_user:
name: "{{ postfixadmin_database_user }}"
host: "{{ postfixadmin_database_user_host }}"
@ -21,9 +21,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: create postfix database user
- name: Create postfix database user
community.mysql.mysql_user:
name: "{{ postfixadmin_database_postfix_user }}"
host: "{{ postfixadmin_database_postfix_user_host }}"
@ -34,9 +34,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
check_implicit_admin: yes
check_implicit_admin: true
- name: request setup.php to create database and admin user
- name: Request setup.php to create database and admin user
ansible.builtin.uri:
url: '{{ postfixadmin_bootstrap_base_url }}/setup.php'
method: POST
@ -48,7 +48,7 @@
password: '{{ postfixadmin_bootstrap_admin_password }}'
password2: '{{ postfixadmin_bootstrap_admin_password }}'
submit: 'createadmin'
return_content: yes
return_content: true
register: postfixadmin_register_boostrap_create_admin
changed_when: yes
changed_when: true
failed_when: '"Admin addition failed" in postfixadmin_register_boostrap_create_admin.content or postfixadmin_register_boostrap_create_admin.status != 200'

8
roles/postfixadmin/tasks/config.yml
View file

@ -1,17 +1,17 @@
---
- name: create config.local.php
- name: Create config.local.php
ansible.builtin.template:
src: config.local.php.j2
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
owner: root
group: www-data
mode: 0640
mode: "0640"
- name: call setup.php to run database migrations
- name: Call setup.php to run database migrations
ansible.builtin.uri:
url: "{{ postfixadmin_bootstrap_base_url }}/setup.php"
return_content: yes
return_content: true
register: postfixadmin_register_setup_upgrade
changed_when:
- "'Database is up to date' not in postfixadmin_register_setup_upgrade.content"

6
roles/postfixadmin/tasks/dovecot.yml
View file

@ -1,10 +1,10 @@
---
- name: render /etc/dovecot/dovecot-sql.conf
- name: Render /etc/dovecot/dovecot-sql.conf
ansible.builtin.template:
src: etc/dovecot/dovecot-sql.conf.j2
dest: /etc/dovecot/dovecot-sql.conf
owner: root
group: root
mode: 0640
notify: reload dovecot
mode: "0640"
notify: Reload dovecot

28
roles/postfixadmin/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install php dependencies
- name: Install php dependencies
ansible.builtin.apt:
name:
- php-imap
@ -8,55 +8,55 @@
- php-mbstring
- python3-pymysql # required by ansible
- name: create postfixadmin installation directory
- name: Create postfixadmin installation directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
state: directory
owner: root
group: www-data
mode: 0755
mode: "0755"
- name: download and unpack postfixadmin release
- name: Download and unpack postfixadmin release
ansible.builtin.unarchive:
remote_src: yes
remote_src: true
src: "https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-{{ postfixadmin_version }}.tar.gz"
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
creates: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
extra_opts: ["--strip-components=1"]
owner: root
group: www-data
mode: 0755
mode: "0755"
- name: create templates_c directory
- name: Create templates_c directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/templates_c"
state: directory
owner: root
group: www-data
mode: 0775
mode: "0775"
- name: create config.local.php
- name: Create config.local.php
ansible.builtin.template:
src: config.local.php.j2
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
owner: root
group: www-data
mode: 0640
mode: "0640"
- name: change config.inc.php permissions
- name: Change config.inc.php permissions
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
owner: root
group: www-data
mode: 0640
mode: "0640"
- name: symlink postfixadmin-cli to /usr/local/bin
- name: Symlink postfixadmin-cli to /usr/local/bin
ansible.builtin.file:
path: "/usr/local/bin/postfixadmin-cli"
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/scripts/postfixadmin-cli"
state: link
- name: symlink to new installation directory
- name: Symlink to new installation directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin"
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"

12
roles/postfixadmin/tasks/main.yml
View file

@ -1,36 +1,36 @@
---
- name: create virtual user/group
- name: Create virtual user/group
ansible.builtin.import_tasks: setup.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:dovecot"
- name: install postfixadmin
- name: Install postfixadmin
ansible.builtin.import_tasks: install.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:install"
- name: configure postfixadmin
- name: Configure postfixadmin
ansible.builtin.import_tasks: config.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:config"
- name: create postfixadmin database and admin users
- name: Create postfixadmin database and admin users
ansible.builtin.import_tasks: bootstrap.yml
tags:
- "role::postfixadmin:bootstrap"
- "never"
- name: hook postfix up to postfixadmin
- name: Hook postfix up to postfixadmin
ansible.builtin.import_tasks: postfix.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:postfix"
- name: hook dovecot up to postfixadmin
- name: Hook dovecot up to postfixadmin
ansible.builtin.import_tasks: dovecot.yml
tags:
- "role::postfixadmin"

10
roles/postfixadmin/tasks/postfix.yml
View file

@ -1,20 +1,20 @@
---
- name: create /etc/postfix/sql directory
- name: Create /etc/postfix/sql directory
ansible.builtin.file:
path: /etc/postfix/sql
state: directory
owner: root
group: root
mode: 0755
mode: "0755"
- name: render postfix sql config files
- name: Render postfix sql config files
ansible.builtin.template:
src: etc/postfix/sql/{{ item }}.cf.j2
dest: /etc/postfix/sql/{{ item }}.cf
owner: root
group: postfix
mode: 0640
mode: "0640"
loop:
- mysql_relay_domains
- mysql_transport_maps
@ -25,4 +25,4 @@
- mysql_virtual_domains_maps
- mysql_virtual_mailbox_limit_maps
- mysql_virtual_mailbox_maps
notify: reload postfix
notify: Reload postfix

10
roles/postfixadmin/tasks/setup.yml
View file

@ -1,23 +1,23 @@
---
- name: create virtual mail group
- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
system: yes
system: true
register: postfixadmin_register_vmail_group
- name: create virtual mail user
- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
system: yes
system: true
comment: Virtual Mail User
register: postfixadmin_register_vmail_user
- name: set vmail uid and gid facts
- name: Set vmail uid and gid facts
ansible.builtin.set_fact:
virtual_mail_numeric_uid: "{{ postfixadmin_register_vmail_user.uid }}"
virtual_mail_numeric_gid: "{{ postfixadmin_register_vmail_group.gid }}"

2
roles/postsrsd/handlers/main.yml
View file

@ -1,6 +1,6 @@
---
- name: restart postsrsd
- name: Restart postsrsd
ansible.builtin.service:
name: postsrsd
state: restarted

6
roles/postsrsd/tasks/config.yml
View file

@ -1,10 +1,10 @@
---
- name: render /etc/default/postsrsd
- name: Render /etc/default/postsrsd
ansible.builtin.template:
src: etc/default/postsrsd.j2
dest: /etc/default/postsrsd
owner: root
group: root
mode: 0644
notify: restart postsrsd
mode: "0644"
notify: Restart postsrsd

6
roles/postsrsd/tasks/install.yml
View file

@ -1,12 +1,12 @@
---
- name: install postsrsd
- name: Install postsrsd
ansible.builtin.apt:
name: postsrsd
state: present
- name: start and enable postsrsd
- name: Start and enable postsrsd
ansible.builtin.service:
name: postsrsd
state: started
enabled: yes
enabled: true

4
roles/postsrsd/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: install postsrsd
- name: Install postsrsd
ansible.builtin.import_tasks: install.yml
tags:
- "role::postsrsd"
- "role::postsrsd:install"
- name: configure postsrsd
- name: Configure postsrsd
ansible.builtin.import_tasks: config.yml
tags:
- "role::postsrsd"

4
roles/schleuder/defaults/main.yml
View file

@ -50,7 +50,7 @@ schleuder_defaults_subject_prefix_in: ""
schleuder_defaults_subject_prefix_out: ""
schleuder_defaults_bounces_drop_all: false
schleuder_defaults_bounces_drop_on_headers:
x-spam-flag: yes
x-spam-flag: true
schleuder_defaults_bounces_notify_admins: true
schleuder_defaults_include_list_headers: true
schleuder_defaults_include_openpgpg_header: true
@ -62,7 +62,7 @@ schleuder_defaults_language: en
schleuder_defaults_forward_all_incoming_to_admins: false
# This is the last commit before schleuder 3.5 was required
schleuder_web_install: no
schleuder_web_install: false
schleuder_web_commitish: main
schleuder_web_hostname: schleuder.example.org
schleuder_web_mailfrom: noreply@schleuder.example.org

8
roles/schleuder/handlers/main.yml
View file

@ -1,15 +1,15 @@
---
- name: systemctl daemon-reload
- name: Systemctl daemon-reload
ansible.builtin.systemd:
daemon_reload: yes
daemon_reload: true
- name: systemctl restart schleuder-web
- name: Systemctl restart schleuder-web
ansible.builtin.service:
name: schleuder-web
state: restarted
- name: systemctl restart schleuder-api-daemon
- name: Systemctl restart schleuder-api-daemon
ansible.builtin.service:
name: schleuder-api-daemon
state: restarted

10
roles/schleuder/tasks/cli_apitokens.yml
View file

@ -1,24 +1,24 @@
---
- name: get schleuder api tls fingerprint
- name: Get schleuder api tls fingerprint
community.crypto.x509_certificate_info:
path: /etc/schleuder/schleuder-certificate.pem
register: schleuder_register_apicert_info
- name: create the ~/.schleuder-cli/ directory
- name: Create the ~/.schleuder-cli/ directory
ansible.builtin.file:
path: "{{ item.value.home }}/.schleuder-cli"
state: directory
owner: "{{ item.key }}"
mode: 0700
mode: "0700"
loop: "{{ schleuder_cli_users | dict2items }}"
- name: render ~/.schleuder-cli/schleuder-cli.yml
- name: Render ~/.schleuder-cli/schleuder-cli.yml
ansible.builtin.template:
src: root/.schleuder-cli/schleuder-cli.yml.j2
dest: "{{ item.value.home }}/.schleuder-cli/schleuder-cli.yml"
owner: "{{ item.key }}"
mode: 0600
mode: "0600"
vars:
fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
token: "{{ item.value.token }}"

12
roles/schleuder/tasks/config.yml
View file

@ -1,19 +1,19 @@
---
- name: render /etc/schleuder/schleuder.yml
- name: Render /etc/schleuder/schleuder.yml
ansible.builtin.template:
src: etc/schleuder/schleuder.yml.j2
dest: /etc/schleuder/schleuder.yml
owner: root
group: schleuder
mode: 0640
notify: systemctl restart schleuder-api-daemon
mode: "0640"
notify: Systemctl restart schleuder-api-daemon
- name: render /etc/schleuder/list-defaults.yml
- name: Render /etc/schleuder/list-defaults.yml
ansible.builtin.template:
src: etc/schleuder/list-defaults.yml.j2
dest: /etc/schleuder/list-defaults.yml
owner: root
group: schleuder
mode: 0640
notify: systemctl restart schleuder-api-daemon
mode: "0640"
notify: Systemctl restart schleuder-api-daemon

2
roles/schleuder/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install schleuder packages
- name: Install schleuder packages
ansible.builtin.apt:
name:
- schleuder

18
roles/schleuder/tasks/install_schleuder.yml
View file

@ -1,6 +1,6 @@
---
- name: install schleuder-web dependencies
- name: Install schleuder dependencies
ansible.builtin.apt:
name:
- ruby
@ -10,30 +10,30 @@
- libssl-dev
- acl # only needed so ansible can become_user=schleuder
- name: create schleuder group
- name: Create schleuder group
ansible.builtin.group:
name: schleuder
system: yes
system: true
- name: create schleuder user
- name: Create schleuder user
ansible.builtin.user:
name: schleuder
group: schleuder
home: /var/lib/schleuder
system: yes
system: true
shell: /usr/sbin/nologin
- name: gather service facts
- name: Gather service facts
ansible.builtin.service_facts:
- name: stop schleuder service
- name: Stop schleuder service
ansible.builtin.service:
name: schleuder
state: stopped
when: "'schleuder.service' in ansible_facts.services"
- name: install schleuder gem
become: yes
- name: Install schleuder gem
become: true
become_user: schleuder
ansible.builtin.command:
cmd: gem install schleuder

64
roles/schleuder/tasks/install_web.yml
View file

@ -1,6 +1,6 @@
---
- name: install schleuder-web dependencies
- name: Install schleuder-web dependencies
ansible.builtin.apt:
name:
- bundler
@ -10,99 +10,99 @@
- git
- acl # only needed so ansible can become_user=schleuder-web
- name: create schleuder-web user
- name: Create schleuder-web user
ansible.builtin.user:
name: schleuder-web
group: nogroup
home: /var/lib/schleuder-web
system: yes
system: true
shell: /usr/sbin/nologin
- name: gather service facts
- name: Gather service facts
ansible.builtin.service_facts:
- name: stop schleuder-web service
- name: Stop schleuder-web service
ansible.builtin.service:
name: schleuder-web
state: stopped
when: "'schleuder-web.service' in ansible_facts.services"
- name: clone schleuder-web git repo
become: yes
- name: Clone schleuder-web git repo
become: true
become_user: schleuder-web
ansible.builtin.command:
# git module would reset working directory
cmd: git clone https://0xacab.org/schleuder/schleuder-web /var/lib/schleuder-web/schleuder-web # noqa command-instead-of-module
creates: /var/lib/schleuder-web/schleuder-web
- name: fetch schleuder-web upstream
become: yes
- name: Fetch schleuder-web upstream
become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: git fetch origin # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
changed_when: true
- name: checkout requested schleuder-web version
become: yes
- name: Checkout requested schleuder-web version
become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: git checkout "{{ schleuder_web_commitish }}" # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
changed_when: true
- name: render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
- name: Render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
owner: schleuder-web
group: root
mode: 0600
notify: systemctl restart schleuder-web
mode: "0600"
notify: Systemctl restart schleuder-web
- name: render /var/lib/schleuder-web/schleuder-web/config/database.yml
- name: Render /var/lib/schleuder-web/schleuder-web/config/database.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
owner: schleuder-web
group: nogroup
mode: 0644
mode: "0644"
- name: get schleuder api tls fingerprint
- name: Get schleuder api tls fingerprint
community.crypto.x509_certificate_info:
path: /etc/schleuder/schleuder-certificate.pem
register: schleuder_register_apicert_info
- name: render /etc/default/schleuder-web
- name: Render /etc/default/schleuder-web
ansible.builtin.template:
src: etc/default/schleuder-web.j2
dest: /etc/default/schleuder-web
owner: root
group: root
mode: 0600
mode: "0600"
vars:
tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
notify: systemctl restart schleuder-web
notify: Systemctl restart schleuder-web
- name: render systemd service unit
- name: Render systemd service unit
ansible.builtin.template:
src: etc/systemd/system/schleuder-web.service.j2
dest: /etc/systemd/system/schleuder-web.service
owner: root
group: root
mode: 0644
notify: systemctl daemon-reload
mode: "0644"
notify: Systemctl daemon-reload
- name: run bundle install ... this may take a few minutes
become: yes
- name: Run bundle install ... this may take a few minutes
become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
chdir: /var/lib/schleuder-web/schleuder-web
changed_when: yes
changed_when: true
- name: run bundle db setup
become: yes
- name: Run bundle db setup
become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle exec rake db:setup
@ -111,10 +111,10 @@
environment:
RAILS_ENV: production
- name: flush systemd daemon-reload
- name: Flush systemd daemon-reload
ansible.builtin.meta: flush_handlers
- name: start and enable schleuder-web
- name: Start and enable schleuder-web
ansible.builtin.service:
name: schleuder-web
state: started

8
roles/schleuder/tasks/main.yml
View file

@ -1,25 +1,25 @@
---
- name: install schleuder
- name: Install schleuder
ansible.builtin.import_tasks: install.yml
tags:
- "role::schleuder"
- "role::schleuder:install"
- name: configure schleuder
- name: Configure schleuder
ansible.builtin.import_tasks: config.yml
tags:
- "role::schleuder"
- "role::schleuder:config"
- name: install and configure schleuder-web
- name: Install and configure schleuder-web
ansible.builtin.import_tasks: install_web.yml
when: schleuder_web_install
tags:
- "role::schleuder"
- "role::schleuder:install_web"
- name: create schleuder-api-daemon tokens for admin users
- name: Create schleuder-api-daemon tokens for admin users
ansible.builtin.import_tasks: cli_apitokens.yml
tags:
- "role::schleuder"

18
roles/spamassassin/defaults/main.yml
View file

@ -2,20 +2,20 @@
spamassassin_pidfile: /var/run/spamd.pid
spamassassin_niceness: 15
spamassassin_enable_cron: no
spamassassin_nouser_config: no
spamassassin_enable_cron: false
spamassassin_nouser_config: false
spamassassin_rewrite_header_subject: "[*****SPAM*****]"
spamassassin_report_safe: yes
spamassassin_report_safe: true
spamassassin_trusted_networks: []
spamassassin_internal_networks: []
spamassassin_lock_method: flock
spamassassin_required_score: "5.0"
spamassassin_normalize_charset: yes
spamassassin_normalize_charset: true
spamassassin_body_part_scan_size: 50000
spamassassin_rawbody_part_scan_size: 500000
spamassassin_use_bayes: yes
spamassassin_bayes_auto_learn: yes
spamassassin_use_bayes: true
spamassassin_bayes_auto_learn: true
spamassassin_bayes_path: /var/lib/spamassassin/.spamassassin/bayes
spamassassin_bayes_file_mode: "0644"
spamassassin_bayes_ignore_header:
@ -37,14 +37,14 @@ spamassassin_additional_config: ""
spamass_milter_user: spamass-milter
spamass_milter_nomodify: no
spamass_milter_postfix_socket_override: no
spamass_milter_nomodify: false
spamass_milter_postfix_socket_override: false
spamass_milter_postfix_socket_path: /var/spool/postfix/spamass/spamass.sock
spamass_milter_postfix_socket_owner: postfix
spamass_milter_postfix_socket_group: postfix
spamass_milter_postfix_socket_mode: "0600"
spamassassin_salearncron_enable: no
spamassassin_salearncron_enable: false
spamassassin_salearncron_cronexpr: '0 3 * * *'
spamassassin_salearncron_dbpath: /var/lib/spamassassin/.spamassassin/
spamassassin_salearncron_spambox: .INBOX.sa-learn-spam

6
roles/spamassassin/handlers/main.yml
View file

@ -1,16 +1,16 @@
---
- name: restart spamd
- name: Restart spamd
ansible.builtin.service:
name: spamd
state: restarted
- name: restart spamass-milter
- name: Restart spamass-milter
ansible.builtin.service:
name: spamass-milter
state: restarted
- name: reload spamd
- name: Reload spamd
ansible.builtin.service:
name: spamassassin
state: reloaded

24
roles/spamassassin/tasks/config.yml
View file

@ -1,37 +1,37 @@
---
- name: render /etc/default/spamassassin
- name: Render /etc/default/spamassassin
ansible.builtin.template:
src: etc/default/spamassassin.j2
dest: /etc/default/spamassassin
owner: root
group: root
mode: 0644
notify: restart spamd
mode: "0644"
notify: Restart spamd
- name: render /etc/default/spamass-milter
- name: Render /etc/default/spamass-milter
ansible.builtin.template:
src: etc/default/spamass-milter.j2
dest: /etc/default/spamass-milter
owner: root
group: root
mode: 0644
notify: restart spamass-milter
mode: "0644"
notify: Restart spamass-milter
- name: render /etc/default/spamd
- name: Render /etc/default/spamd
ansible.builtin.template:
src: etc/default/spamd.j2
dest: /etc/default/spamd
owner: root
group: root
mode: 0644
notify: restart spamd
mode: "0644"
notify: Restart spamd
- name: render /etc/spamassassin/local.cf
- name: Render /etc/spamassassin/local.cf
ansible.builtin.template:
src: etc/spamassassin/local.cf.j2
dest: /etc/spamassassin/local.cf
owner: root
group: root
mode: 0644
notify: restart spamd
mode: "0644"
notify: Restart spamd

18
roles/spamassassin/tasks/install.yml
View file

@ -1,6 +1,6 @@
---
- name: install spamassassin
- name: Install spamassassin
ansible.builtin.apt:
name:
- spamassassin
@ -11,30 +11,30 @@
- pyzor
- razor
- name: start and enable spamassassin spamd
- name: Start and enable spamassassin spamd
ansible.builtin.service:
name: spamd
state: started
enabled: yes
enabled: true
- name: start and enable spamass-milter spamd
- name: Start and enable spamass-milter spamd
ansible.builtin.service:
name: spamass-milter
state: started
enabled: yes
enabled: true
- name: render auto sa-learn script
- name: Render auto sa-learn script
ansible.builtin.template:
src: usr/local/bin/sa-learn.sh.j2
dest: /usr/local/bin/sa-learn.sh
owner: root
group: root
mode: 0755
mode: "0755"
- name: render auto sa-learn cronjonb
- name: Render auto sa-learn cronjonb
ansible.builtin.template:
src: etc/cron.d/sa-learn.j2
dest: /etc/cron.d/sa-learn
owner: root
group: root
mode: 0644
mode: "0644"

4
roles/spamassassin/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: install spamassassin
- name: Install spamassassin
ansible.builtin.import_tasks: install.yml
tags:
- "role::spamassassin"
- "role::spamassassin:install"
- name: configure spamassassin
- name: Configure spamassassin
ansible.builtin.import_tasks: config.yml
tags:
- "role::spamassassin"