From 8ab1725145c040d0b73068d9e9f5387464b0ff43 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Sat, 15 Feb 2025 21:29:09 +0100
Subject: [PATCH] chore: migrate to forgejo actions, major ansible-lint
refactor
---
.ansible-lint | 6 ++
.forgejo/workflows/ansible-galaxy.yml | 29 +++++++++
.forgejo/workflows/ansible-lint.yml | 17 ++++++
.gitlab-ci.yml | 11 ----
galaxy.yml | 13 ++--
meta/runtime.yml | 52 ++++++++++++++++
roles/dovecot/defaults/main/sieve.yml | 4 +-
roles/dovecot/defaults/main/userdb.yml | 2 +-
roles/dovecot/defaults/main/virtual.yml | 2 +-
roles/dovecot/handlers/main.yml | 4 +-
roles/dovecot/tasks/config.yml | 12 ++--
roles/dovecot/tasks/install.yml | 12 ++--
roles/dovecot/tasks/main.yml | 6 +-
roles/dovecot/tasks/virtual.yml | 8 +--
roles/easywks/defaults/main.yml | 8 +--
roles/easywks/handlers/main.yml | 6 +-
roles/easywks/tasks/config.yml | 16 ++---
roles/easywks/tasks/install.yml | 15 ++---
roles/easywks/tasks/main.yml | 4 +-
roles/getaddrinfo/tasks/config.yml | 2 +-
roles/getaddrinfo/tasks/lookup.yml | 6 +-
roles/mailman/defaults/main.yml | 14 ++---
roles/mailman/handlers/main.yml | 10 +--
roles/mailman/tasks/bootstrap.yml | 38 ++++++------
roles/mailman/tasks/config.yml | 32 +++++-----
roles/mailman/tasks/install.yml | 26 ++++----
roles/mailman/tasks/main.yml | 10 +--
roles/mailman/tasks/privacy.yml | 8 +--
roles/mailman/tasks/templates.yml | 40 ++++++------
roles/multischleuder/defaults/main.yml | 4 +-
roles/multischleuder/tasks/config.yml | 6 +-
roles/multischleuder/tasks/install.yml | 10 +--
roles/multischleuder/tasks/main.yml | 4 +-
roles/opendkim/defaults/main.yml | 10 +--
roles/opendkim/handlers/main.yml | 4 +-
roles/opendkim/tasks/config.yml | 26 ++++----
roles/opendkim/tasks/install.yml | 8 +--
roles/opendkim/tasks/main.yml | 4 +-
roles/postfix/defaults/main/global.yml | 18 +++---
roles/postfix/defaults/main/master.yml | 62 +++++++++----------
roles/postfix/defaults/main/policyd_spf.yml | 4 +-
roles/postfix/defaults/main/restrictions.yml | 2 +-
roles/postfix/defaults/main/virtual.yml | 4 +-
roles/postfix/handlers/main.yml | 9 +--
roles/postfix/tasks/config.yml | 16 ++---
roles/postfix/tasks/install.yml | 2 +-
roles/postfix/tasks/main.yml | 8 +--
roles/postfix/tasks/setup.yml | 10 +--
roles/postfix/tasks/tables.yml | 14 ++---
roles/postfixadmin/defaults/main.yml | 40 ++++++------
roles/postfixadmin/handlers/main.yml | 4 +-
roles/postfixadmin/tasks/bootstrap.yml | 18 +++---
roles/postfixadmin/tasks/config.yml | 8 +--
roles/postfixadmin/tasks/dovecot.yml | 6 +-
roles/postfixadmin/tasks/install.yml | 28 ++++-----
roles/postfixadmin/tasks/main.yml | 12 ++--
roles/postfixadmin/tasks/postfix.yml | 10 +--
roles/postfixadmin/tasks/setup.yml | 10 +--
roles/postsrsd/handlers/main.yml | 2 +-
roles/postsrsd/tasks/config.yml | 6 +-
roles/postsrsd/tasks/install.yml | 6 +-
roles/postsrsd/tasks/main.yml | 4 +-
roles/schleuder/defaults/main.yml | 4 +-
roles/schleuder/handlers/main.yml | 8 +--
roles/schleuder/tasks/cli_apitokens.yml | 10 +--
roles/schleuder/tasks/config.yml | 12 ++--
roles/schleuder/tasks/install.yml | 2 +-
roles/schleuder/tasks/install_schleuder.yml | 18 +++---
roles/schleuder/tasks/install_web.yml | 64 ++++++++++----------
roles/schleuder/tasks/main.yml | 8 +--
roles/spamassassin/defaults/main.yml | 18 +++---
roles/spamassassin/handlers/main.yml | 6 +-
roles/spamassassin/tasks/config.yml | 24 ++++----
roles/spamassassin/tasks/install.yml | 18 +++---
roles/spamassassin/tasks/main.yml | 4 +-
75 files changed, 542 insertions(+), 446 deletions(-)
create mode 100644 .ansible-lint
create mode 100644 .forgejo/workflows/ansible-galaxy.yml
create mode 100644 .forgejo/workflows/ansible-lint.yml
delete mode 100644 .gitlab-ci.yml
create mode 100644 meta/runtime.yml
diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..098eff3
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,6 @@
+---
+
+skip_list:
+ - galaxy[no-changelog]
+ - galaxy[version-incorrect]
+ - var-naming[no-role-prefix]
diff --git a/.forgejo/workflows/ansible-galaxy.yml b/.forgejo/workflows/ansible-galaxy.yml
new file mode 100644
index 0000000..648f8c2
--- /dev/null
+++ b/.forgejo/workflows/ansible-galaxy.yml
@@ -0,0 +1,29 @@
+---
+
+name: Ansible Galaxy
+
+on: # noqa yaml[truthy]
+ push:
+ tags:
+ - 'v*'
+
+jobs:
+ deploy:
+ runs-on: docker
+ steps:
+
+ - uses: actions/checkout@v4
+
+ - name: Set version in galaxy.yml
+ run: |
+ VERSION=${GITHUB_REF#refs/tags/v}
+ sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml
+
+ - name: Upload collection to Ansible Galaxy
+ env:
+ GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
+ run: |
+ apt update; apt install --yes python3-pip
+ pip3 install --break-system-packages ansible
+ ansible-galaxy collection build
+ ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-mailserver*tar.gz
diff --git a/.forgejo/workflows/ansible-lint.yml b/.forgejo/workflows/ansible-lint.yml
new file mode 100644
index 0000000..b42b17b
--- /dev/null
+++ b/.forgejo/workflows/ansible-lint.yml
@@ -0,0 +1,17 @@
+---
+
+name: Ansible Lint
+on: [push, pull_request] # noqa yaml[truthy]
+
+jobs:
+ build:
+ runs-on: docker
+
+ steps:
+
+ - uses: actions/checkout@v4
+
+ - run: |
+ apt update; apt install --yes python3-pip
+ pip3 install --break-system-packages ansible-lint
+ ansible-lint
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index b00156a..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-image: docker.io/yokogawa/ansible-lint@sha256:2603476e7f8c111bdf4a186d84a077c156bc3d12d07cc1c632adc9949d4f0b9d
-
-stages:
- - test
-
-lint:
- stage: test
- script:
- - ansible-lint --force-color
diff --git a/galaxy.yml b/galaxy.yml
index 960fe3a..16387de 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -8,7 +8,7 @@ namespace: s3lph
name: mailserver
# The version of the collection. Must be compatible with semantic versioning
-version: '0.4.7'
+version: '0.5.0'
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
@@ -16,7 +16,7 @@ readme: README.md
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
# @nicks:irc/im.site#channel'
authors:
- - s3lph <1375407-s3lph@users.noreply.gitlab.com>
+ - s3lph <s3lph@kabelsalat.ch>
### OPTIONAL but strongly recommended
@@ -31,6 +31,7 @@ license:
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
# requirements as 'namespace' and 'name'
tags:
+ - application
- email
- mailserver
- postfix
@@ -50,16 +51,16 @@ dependencies:
community.crypto: '1.5.0'
# The URL of the originating SCM repository
-repository: https://gitlab.com/s3lph/ansible-collection-mailserver
+repository: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to any online docs
-documentation: https://gitlab.com/s3lph/ansible-collection-mailserver
+documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to the homepage of the collection/project
-homepage: https://gitlab.com/s3lph/ansible-collection-mailserver
+homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
# The URL to the collection issue tracker
-issues: https://gitlab.com/s3lph/ansible-collection-mailserver/-/issues
+issues: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver/issues
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
diff --git a/meta/runtime.yml b/meta/runtime.yml
new file mode 100644
index 0000000..f3589f4
--- /dev/null
+++ b/meta/runtime.yml
@@ -0,0 +1,52 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+requires_ansible: '>=2.15.0'
+
+# Content that Ansible needs to load from another location or that has
+# been deprecated/removed
+# plugin_routing:
+# action:
+# redirected_plugin_name:
+# redirect: ns.col.new_location
+# deprecated_plugin_name:
+# deprecation:
+# removal_version: "4.0.0"
+# warning_text: |
+# See the porting guide on how to update your playbook to
+# use ns.col.another_plugin instead.
+# removed_plugin_name:
+# tombstone:
+# removal_version: "2.0.0"
+# warning_text: |
+# See the porting guide on how to update your playbook to
+# use ns.col.another_plugin instead.
+# become:
+# cache:
+# callback:
+# cliconf:
+# connection:
+# doc_fragments:
+# filter:
+# httpapi:
+# inventory:
+# lookup:
+# module_utils:
+# modules:
+# netconf:
+# shell:
+# strategy:
+# terminal:
+# test:
+# vars:
+
+# Python import statements that Ansible needs to load from another location
+# import_redirection:
+# ansible_collections.ns.col.plugins.module_utils.old_location:
+# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
+
+# Groups of actions/modules that take a common set of options
+# action_groups:
+# group_name:
+# - module1
+# - module2
diff --git a/roles/dovecot/defaults/main/sieve.yml b/roles/dovecot/defaults/main/sieve.yml
index 13b8e2a..a50c39e 100644
--- a/roles/dovecot/defaults/main/sieve.yml
+++ b/roles/dovecot/defaults/main/sieve.yml
@@ -1,5 +1,5 @@
---
-dovecot_enable_pigeonhole: no
-dovecot_enable_pigeonhole_managesieve: no
+dovecot_enable_pigeonhole: false
+dovecot_enable_pigeonhole_managesieve: false
dovecot_pigeonhole_sieve: "file:~/sieve;active=~/.dovecot.sieve"
diff --git a/roles/dovecot/defaults/main/userdb.yml b/roles/dovecot/defaults/main/userdb.yml
index 8dd4403..3a51e1c 100644
--- a/roles/dovecot/defaults/main/userdb.yml
+++ b/roles/dovecot/defaults/main/userdb.yml
@@ -6,6 +6,6 @@ dovecot_passdb_scheme: BLF-CRYPT
dovecot_passdb_filename: /etc/dovecot/userdb/%d
dovecot_passdb_user_format: "%u"
-dovecot_master_passdb_enable: no
+dovecot_master_passdb_enable: false
dovecot_master_passdb: {}
dovecot_master_user_separator: ";"
diff --git a/roles/dovecot/defaults/main/virtual.yml b/roles/dovecot/defaults/main/virtual.yml
index b51ce9e..2b9b2ff 100644
--- a/roles/dovecot/defaults/main/virtual.yml
+++ b/roles/dovecot/defaults/main/virtual.yml
@@ -2,6 +2,6 @@
virtual_mail_uid: virtual
virtual_mail_gid: virtual
-virutal_mail_home: /home/virtual
+virtual_mail_home: /home/virtual
virtual_mail_user_home: /home/virtual/%d/%n
virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir
diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml
index a7e4465..b00caf9 100644
--- a/roles/dovecot/handlers/main.yml
+++ b/roles/dovecot/handlers/main.yml
@@ -1,11 +1,11 @@
---
-- name: reload dovecot
+- name: Reload dovecot
ansible.builtin.service:
name: dovecot
state: reloaded
-- name: restart dovecot
+- name: Restart dovecot
ansible.builtin.service:
name: dovecot
state: restarted
diff --git a/roles/dovecot/tasks/config.yml b/roles/dovecot/tasks/config.yml
index 8549993..9622ec2 100644
--- a/roles/dovecot/tasks/config.yml
+++ b/roles/dovecot/tasks/config.yml
@@ -1,21 +1,21 @@
---
-- name: render /etc/dovecot/dovecot.conf
+- name: Render /etc/dovecot/dovecot.conf
ansible.builtin.template:
src: etc/dovecot/dovecot.conf.j2
dest: /etc/dovecot/dovecot.conf
owner: root
group: dovecot
- mode: 0640
- notify: restart dovecot
+ mode: "0640"
+ notify: Restart dovecot
-- name: render /etc/dovecot/master.passwd
+- name: Render /etc/dovecot/master.passwd
ansible.builtin.template:
src: etc/dovecot/passwd-file.j2
dest: /etc/dovecot/master.passwd
owner: root
group: dovecot
- mode: 0640
+ mode: "0640"
vars:
passwd: "{{ dovecot_master_passdb | dict2items(key_name='username', value_name='password') }}"
- passdb_only: yes
+ passdb_only: true
diff --git a/roles/dovecot/tasks/install.yml b/roles/dovecot/tasks/install.yml
index 6aba5d5..7b7d93e 100644
--- a/roles/dovecot/tasks/install.yml
+++ b/roles/dovecot/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install dovecot packages
+- name: Install dovecot packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
@@ -11,15 +11,15 @@
- dovecot-sieve
- dovecot-managesieved
-- name: add dovecot user to virtual mail group
+- name: Add dovecot user to virtual mail group
ansible.builtin.user:
name: dovecot
groups: "{{ virtual_mail_gid }}"
- append: yes
- notify: restart dovecot
+ append: true
+ notify: Restart dovecot
-- name: start and enable dovecot
+- name: Start and enable dovecot
ansible.builtin.service:
name: dovecot
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 25de52f..26f70f4 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -1,18 +1,18 @@
---
-- name: create virtual user/group
+- name: Create virtual user/group
ansible.builtin.import_tasks: virtual.yml
tags:
- "role::dovecot"
- "role::dovecot:virtual"
-- name: install dovecot
+- name: Install dovecot
ansible.builtin.import_tasks: install.yml
tags:
- "role::dovecot"
- "role::dovecot:install"
-- name: configure dovecot
+- name: Configure dovecot
ansible.builtin.import_tasks: config.yml
tags:
- "role::dovecot"
diff --git a/roles/dovecot/tasks/virtual.yml b/roles/dovecot/tasks/virtual.yml
index bda1a12..84d50b1 100644
--- a/roles/dovecot/tasks/virtual.yml
+++ b/roles/dovecot/tasks/virtual.yml
@@ -1,16 +1,16 @@
---
-- name: create virtual mail group
+- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
- system: yes
+ system: true
-- name: create virtual mail user
+- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
- system: yes
+ system: true
comment: Virtual Mail User
diff --git a/roles/easywks/defaults/main.yml b/roles/easywks/defaults/main.yml
index 3363553..3984687 100644
--- a/roles/easywks/defaults/main.yml
+++ b/roles/easywks/defaults/main.yml
@@ -1,8 +1,8 @@
---
-easywks_download: yes
+easywks_download: true
easywks_config: ""
-easywks_service_http_enabled: yes
-easywks_service_lmtp_enabled: yes
-easywks_service_dnsd_enabled: yes
+easywks_service_http_enabled: true
+easywks_service_lmtp_enabled: true
+easywks_service_dnsd_enabled: true
diff --git a/roles/easywks/handlers/main.yml b/roles/easywks/handlers/main.yml
index a6be791..fa5d0d2 100644
--- a/roles/easywks/handlers/main.yml
+++ b/roles/easywks/handlers/main.yml
@@ -1,16 +1,16 @@
---
-- name: restart easywks-http
+- name: Restart easywks-http
ansible.builtin.service:
name: easywks-http
state: restarted
-- name: restart easywks-lmtp
+- name: Restart easywks-lmtp
ansible.builtin.service:
name: easywks-lmtp
state: restarted
-- name: restart easywks-dnsd
+- name: Restart easywks-dnsd
ansible.builtin.service:
name: easywks-dnsd
state: restarted
diff --git a/roles/easywks/tasks/config.yml b/roles/easywks/tasks/config.yml
index 2add4ca..d4ed950 100644
--- a/roles/easywks/tasks/config.yml
+++ b/roles/easywks/tasks/config.yml
@@ -1,30 +1,30 @@
---
-- name: render easywks config file
+- name: Render easywks config file
ansible.builtin.template:
src: etc/easywks.yml.j2
dest: /etc/easywks.yml
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify:
- - restart easywks-http
- - restart easywks-lmtp
- - restart easywks-dnsd
+ - Restart easywks-http
+ - Restart easywks-lmtp
+ - Restart easywks-dnsd
-- name: start and enable easywks-http
+- name: Start and enable easywks-http
ansible.builtin.service:
name: easywks-http
state: started
enabled: "{{ easywks_service_http_enabled }}"
-- name: start and enable easywks-lmtp
+- name: Start and enable easywks-lmtp
ansible.builtin.service:
name: easywks-lmtp
state: started
enabled: "{{ easywks_service_lmtp_enabled }}"
-- name: start and enable easywks-dnsd
+- name: Start and enable easywks-dnsd
ansible.builtin.service:
name: easywks-dnsd
state: started
diff --git a/roles/easywks/tasks/install.yml b/roles/easywks/tasks/install.yml
index 4556a26..cb96250 100644
--- a/roles/easywks/tasks/install.yml
+++ b/roles/easywks/tasks/install.yml
@@ -1,23 +1,24 @@
---
-- name: install easywks from system package sources
+- name: Install easywks from system package sources
ansible.builtin.apt:
name: easywks
notify:
- - restart easywks-http
- - restart easywks-lmtp
+ - Restart easywks-http
+ - Restart easywks-lmtp
+ - Restart easywks-dnsd
when: "not easywks_download"
-- name: get easywks package url
+- name: Get easywks package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/easywks
url: "https://gitlab.com/api/v4/projects/29907182/releases"
- return_content: yes
+ return_content: true
register: "register_easywks_gitlab_releases"
- changed_when: no
+ changed_when: false
when: "easywks_download"
-- name: install easywks from upstream release
+- name: Install easywks from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:
diff --git a/roles/easywks/tasks/main.yml b/roles/easywks/tasks/main.yml
index a423332..c153abe 100644
--- a/roles/easywks/tasks/main.yml
+++ b/roles/easywks/tasks/main.yml
@@ -1,12 +1,12 @@
---
-- name: install easywks
+- name: Install easywks
ansible.builtin.import_tasks: install.yml
tags:
- "role::easywks"
- "role::easywks:install"
-- name: configure easywks
+- name: Configure easywks
ansible.builtin.import_tasks: config.yml
tags:
- "role::easywks"
diff --git a/roles/getaddrinfo/tasks/config.yml b/roles/getaddrinfo/tasks/config.yml
index f1ea001..c26556a 100644
--- a/roles/getaddrinfo/tasks/config.yml
+++ b/roles/getaddrinfo/tasks/config.yml
@@ -6,4 +6,4 @@
dest: /etc/gai.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
diff --git a/roles/getaddrinfo/tasks/lookup.yml b/roles/getaddrinfo/tasks/lookup.yml
index 0a893f4..1fd0d17 100644
--- a/roles/getaddrinfo/tasks/lookup.yml
+++ b/roles/getaddrinfo/tasks/lookup.yml
@@ -4,18 +4,18 @@
ansible.builtin.uri:
url: https://rdap.arin.net/registry/entity/GOGL
register: gai_register_gogl_rdap
-
+
- name: Initialize precedence list
ansible.builtin.set_fact:
getaddrinfo_precedence: "{{ getaddrinfo_precedence | default({}) }}"
- name: Add all Google v4 nets to precedence list
ansible.builtin.debug:
- msg: "{%- set _ = getaddrinfo_precedence[cidr] = 100 -%}{{- cidr -}}"
+ msg: "{%- set getaddrinfo_precedence = getaddrinfo_precedence + {cidr: 100} -%}{{- cidr -}}"
vars:
cidr: "{{ item.v4prefix }}/{{ item.length }}"
loop: "{{ gai_register_gogl_rdap.json.networks | selectattr('ipVersion', 'eq', 'v4') | map(attribute='cidr0_cidrs') | flatten }}"
-
+
- name: Add all Google v4 nets to precedence list
ansible.builtin.debug:
var: getaddrinfo_precedence
diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml
index 6787c04..d582618 100644
--- a/roles/mailman/defaults/main.yml
+++ b/roles/mailman/defaults/main.yml
@@ -59,11 +59,11 @@ mailman_mta_smtp_pass: ""
mailman_mta_lmtp_host: 127.0.0.1
mailman_mta_lmtp_port: 8024
mailman_mta_configuration: python:mailman.config.postfix
-mailman_mta_remove_dkim_headers: yes
+mailman_mta_remove_dkim_headers: true
mailman_mta_additional_config: ""
-mailman_hyperkitty_enabled: yes
+mailman_hyperkitty_enabled: true
mailman_hyperkitty_localhost_base_url: http://localhost/hyperkitty/
mailman_hyperkitty_api_acl:
- "127.0.0.1"
@@ -84,11 +84,11 @@ mailman_web_auth_socialaccounts: []
mailman_web_language: en-us
mailman_web_timezone: UTC
mailman_web_emailname: "{{ mailman_sitename }}"
-mailman_web_compress_online: yes
+mailman_web_compress_online: true
mailman_web_base_url: http://localhost/
mailman_web_static_url: /static/
-mailman_web_disable_gravatar: yes
-mailman_web_disable_web_posting: yes
+mailman_web_disable_gravatar: true
+mailman_web_disable_web_posting: true
# django.db.backends.sqlite3
# django.db.backends.mysql
# django.db.backends.postgresql_psycopg2
@@ -116,8 +116,8 @@ mailman_mariadb_bootstrap_login_user: root
mailman_mariadb_bootstrap_login_password: ''
mailman_superuser_name: root
-mailman_web_override_templates: no
+mailman_web_override_templates: false
mailman_web_override_templates_path: "{{ playbook_dir }}/templates/override"
mailman_web_override_static_path: "{{ playbook_dir }}/static/override"
mailman_web_hyperkitty_cleanup_cron: '0 * * * *'
-mailman_web_privacy_enhancements: no
+mailman_web_privacy_enhancements: false
diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml
index 61bb1fa..99d800b 100644
--- a/roles/mailman/handlers/main.yml
+++ b/roles/mailman/handlers/main.yml
@@ -1,20 +1,20 @@
---
-- name: systemctl daemon-reload
+- name: Systemctl daemon-reload
ansible.builtin.systemd:
- daemon_reload: yes
+ daemon_reload: true
-- name: restart mailman3
+- name: Restart mailman3
ansible.builtin.service:
name: mailman3
state: restarted
-- name: restart mailman3-web
+- name: Restart mailman3-web
ansible.builtin.service:
name: mailman3-web
state: restarted
-- name: reload postfix
+- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded
diff --git a/roles/mailman/tasks/bootstrap.yml b/roles/mailman/tasks/bootstrap.yml
index 192a4b8..0b3a0be 100644
--- a/roles/mailman/tasks/bootstrap.yml
+++ b/roles/mailman/tasks/bootstrap.yml
@@ -1,6 +1,6 @@
---
-- name: create mariadb mailman database
+- name: Create mariadb mailman database
community.mysql.mysql_db:
name: '{{ mailman_mariadb_database }}'
login_host: '{{ mailman_mariadb_bootstrap_host }}'
@@ -8,9 +8,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create mariadb mailman-web database
+- name: Create mariadb mailman-web database
community.mysql.mysql_db:
name: '{{ mailman_web_database_name }}'
login_host: '{{ mailman_mariadb_bootstrap_host }}'
@@ -18,9 +18,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create mailman database user
+- name: Create mailman database user
community.mysql.mysql_user:
name: "{{ mailman_mariadb_user }}"
host: "{{ mailman_mariadb_user_host }}"
@@ -31,9 +31,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create mailman-web database user
+- name: Create mailman-web database user
community.mysql.mysql_user:
name: "{{ mailman_web_database_user }}"
host: "{{ mailman_web_database_user_host }}"
@@ -44,9 +44,9 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create mailman-postfix database user
+- name: Create mailman-postfix database user
community.mysql.mysql_user:
name: "{{ mailman_database_postfix_user }}"
host: "{{ mailman_database_postfix_user_host }}"
@@ -57,26 +57,26 @@
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: apply mailman-web migrations
+- name: Apply mailman-web migrations
become_user: www-data
- become_method: sudo
+ become: true
ansible.builtin.command: /usr/share/mailman3-web/manage.py migrate
- changed_when: yes
+ changed_when: true
-- name: change django default site
+- name: Change django default site
become_user: www-data
- become_method: sudo
+ become: true
ansible.builtin.command: >-
/usr/share/mailman3-web/manage.py set_default_site
--name {{ mailman_sitename }}
--domain {{ mailman_sitename }}
- changed_when: yes
+ changed_when: true
-- name: create mailman-web superuser
+- name: Create mailman-web superuser
become_user: www-data
- become_method: sudo
+ become: true
ansible.builtin.command: /usr/share/mailman3-web/manage.py shell
args:
stdin: |
@@ -86,4 +86,4 @@
'{{ mailman_superuser_email }}',
'{{ mailman_superuser_password }}'
)
- changed_when: yes
+ changed_when: true
diff --git a/roles/mailman/tasks/config.yml b/roles/mailman/tasks/config.yml
index a56476e..1a5ba5b 100644
--- a/roles/mailman/tasks/config.yml
+++ b/roles/mailman/tasks/config.yml
@@ -1,53 +1,53 @@
---
-- name: render /etc/mailman3/mailman.cfg
+- name: Render /etc/mailman3/mailman.cfg
ansible.builtin.template:
src: etc/mailman3/mailman.cfg.j2
dest: /etc/mailman3/mailman.cfg
owner: root
group: list
- mode: 0640
- notify: restart mailman3
+ mode: "0640"
+ notify: Restart mailman3
-- name: render /etc/mailman3/mailman-hyperkitty.cfg
+- name: Render /etc/mailman3/mailman-hyperkitty.cfg
ansible.builtin.template:
src: etc/mailman3/mailman-hyperkitty.cfg.j2
dest: /etc/mailman3/mailman-hyperkitty.cfg
owner: root
group: list
- mode: 0640
- notify: restart mailman3
+ mode: "0640"
+ notify: Restart mailman3
-- name: render /etc/mailman3/mailman-web.py
+- name: Render /etc/mailman3/mailman-web.py
ansible.builtin.template:
src: etc/mailman3/mailman-web.py.j2
dest: /etc/mailman3/mailman-web.py
owner: root
group: www-data
- mode: 0640
- notify: restart mailman3-web
+ mode: "0640"
+ notify: Restart mailman3-web
-- name: create /etc/postfix/sql directory
+- name: Create /etc/postfix/sql directory
ansible.builtin.file:
path: /etc/postfix/sql
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
-- name: render postfix sql config file
+- name: Render postfix sql config file
ansible.builtin.template:
src: etc/postfix/sql/mailman_mysql_virtual_domains.cf.j2
dest: /etc/postfix/sql/mailman_mysql_virtual_domains.cf
owner: root
group: postfix
- mode: 0640
- notify: reload postfix
+ mode: "0640"
+ notify: Reload postfix
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037358
-- name: disable gatenews cronjob
+- name: Disable gatenews cronjob
ansible.builtin.lineinfile:
- file: /etc/cron.d/mailman3
+ path: /etc/cron.d/mailman3
regexp: '^#(?/*/usr/bin/mailman gatenews.*)$'
line: '#\1'
when:
diff --git a/roles/mailman/tasks/install.yml b/roles/mailman/tasks/install.yml
index dbf742f..94dddf2 100644
--- a/roles/mailman/tasks/install.yml
+++ b/roles/mailman/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: Install packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
@@ -12,47 +12,47 @@
- mariadb-client
- acl
-- name: fix permissions on /var/lib/mailman3/data
+- name: Fix permissions on /var/lib/mailman3/data
ansible.builtin.file:
path: /var/lib/mailman3/data
state: directory
owner: list
group: list
- mode: 0755
+ mode: "0755"
-- name: create mailman3 servive override directory
+- name: Create mailman3 servive override directory
ansible.builtin.file:
path: /etc/systemd/system/mailman3.service.d
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
-- name: override mailman3 service dependencies
+- name: Override mailman3 service dependencies
ansible.builtin.template:
src: etc/systemd/system/mailman3.service.d/override.conf.j2
dest: /etc/systemd/system/mailman3.service.d/override.conf
owner: root
group: root
- mode: 0644
- notify: systemctl daemon-reload
+ mode: "0644"
+ notify: Systemctl daemon-reload
when: mailman3_service_dependencies is defined
-- name: remove mailman3 service dependencies override
+- name: Remove mailman3 service dependencies override
ansible.builtin.file:
path: /etc/systemd/system/mailman3.service.d/override.conf
state: absent
- notify: systemctl daemon-reload
+ notify: Systemctl daemon-reload
when: mailman3_service_dependencies is not defined
-- name: systemctl daemon-reload
+- name: Systemctl daemon-reload
ansible.builtin.meta: flush_handlers
-- name: start and enable mailman
+- name: Start and enable mailman
ansible.builtin.service:
name: "{{ item }}"
state: started
- enabled: yes
+ enabled: true
loop:
- mailman3
- mailman3-web
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index 702636a..e4b84a3 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -1,30 +1,30 @@
---
-- name: install mailman3
+- name: Install mailman3
ansible.builtin.import_tasks: install.yml # todo: wtf dependencies
tags:
- "role::mailman"
- "role::mailman:install"
-- name: configure mailman3
+- name: Configure mailman3
ansible.builtin.import_tasks: config.yml
tags:
- "role::mailman"
- "role::mailman:config"
-- name: override mailman3-web django templates
+- name: Override mailman3-web django templates
ansible.builtin.import_tasks: templates.yml
tags:
- "role::mailman"
- "role::mailman:templates"
-- name: create mailman3 databases and admin users
+- name: Create mailman3 databases and admin users
ansible.builtin.import_tasks: bootstrap.yml
tags:
- "role::mailman:bootstrap"
- "never"
-- name: create hyperkitty cleanup cronjob
+- name: Create hyperkitty cleanup cronjob
ansible.builtin.import_tasks: privacy.yml
tags:
- "role::mailman:privacy"
diff --git a/roles/mailman/tasks/privacy.yml b/roles/mailman/tasks/privacy.yml
index f31cb12..6403baf 100644
--- a/roles/mailman/tasks/privacy.yml
+++ b/roles/mailman/tasks/privacy.yml
@@ -1,19 +1,19 @@
---
-- name: render mysql client config for cleanup cronjob
+- name: Render mysql client config for cleanup cronjob
ansible.builtin.template:
src: root/.mysql.hyperkitty-cleanup.cnf.j2
dest: /root/.mysql.hyperkitty-cleanup.cnf
owner: root
group: root
- mode: 0600
+ mode: "0600"
when: mailman_web_privacy_enhancements
-- name: render privacy-enhancing hyperkitty cleanup cronjob
+- name: Render privacy-enhancing hyperkitty cleanup cronjob
ansible.builtin.template:
src: etc/cron.d/hyperkitty-cleanup.j2
dest: /etc/cron.d/hyperkitty-cleanup
owner: root
group: root
- mode: 0640
+ mode: "0640"
when: mailman_web_privacy_enhancements
diff --git a/roles/mailman/tasks/templates.yml b/roles/mailman/tasks/templates.yml
index 0ff4ea3..a6be2f6 100644
--- a/roles/mailman/tasks/templates.yml
+++ b/roles/mailman/tasks/templates.yml
@@ -1,59 +1,59 @@
---
-- name: create /var/lib/mailman3/web/templates
+- name: Create /var/lib/mailman3/web/templates
ansible.builtin.file:
path: /var/lib/mailman3/web/templates
state: directory
owner: www-data
group: www-data
- mode: 0755
+ mode: "0755"
-- name: create template override directories
+- name: Create template override directories
ansible.builtin.file:
path: "/var/lib/mailman3/web/templates/{{ item.path }}"
owner: www-data
group: www-data
- mode: 0755
+ mode: "0755"
when: "item.state == 'directory'"
- with_filetree: "{{ mailman_web_override_templates_path }}"
- notify: restart mailman3-web
+ with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
+ notify: Restart mailman3-web
-- name: render template overrides
+- name: Render template overrides
ansible.builtin.copy:
src: "{{ item.root }}/{{ item.path }}"
dest: "/var/lib/mailman3/web/templates/{{ item.path }}"
owner: www-data
group: www-data
- mode: 0644
+ mode: "0644"
when: "item.state != 'directory'"
- with_filetree: "{{ mailman_web_override_templates_path }}"
- notify: restart mailman3-web
+ with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
+ notify: Restart mailman3-web
-- name: create /var/lib/mailman3/web/static
+- name: Create /var/lib/mailman3/web/static
ansible.builtin.file:
path: /var/lib/mailman3/web/static
state: directory
owner: www-data
group: www-data
- mode: 0755
+ mode: "0755"
-- name: create static override directories
+- name: Create static override directories
ansible.builtin.file:
path: "/var/lib/mailman3/web/static/{{ item.path }}"
owner: www-data
group: www-data
- mode: 0755
+ mode: "0755"
when: "item.state == 'directory'"
- with_filetree: "{{ mailman_web_override_static_path }}"
- notify: restart mailman3-web
+ with_community.general.filetree: "{{ mailman_web_override_static_path }}"
+ notify: Restart mailman3-web
-- name: render static overrides
+- name: Render static overrides
ansible.builtin.copy:
src: "{{ item.root }}/{{ item.path }}"
dest: "/var/lib/mailman3/web/static/{{ item.path }}"
owner: www-data
group: www-data
- mode: 0644
+ mode: "0644"
when: "item.state != 'directory'"
- with_filetree: "{{ mailman_web_override_static_path }}"
- notify: restart mailman3-web
+ with_community.general.filetree: "{{ mailman_web_override_static_path }}"
+ notify: Restart mailman3-web
diff --git a/roles/multischleuder/defaults/main.yml b/roles/multischleuder/defaults/main.yml
index 4db2017..bf3fea8 100644
--- a/roles/multischleuder/defaults/main.yml
+++ b/roles/multischleuder/defaults/main.yml
@@ -1,7 +1,7 @@
---
-multischleuder_download: yes
-multischleuder_service_enabled: yes
+multischleuder_download: true
+multischleuder_service_enabled: true
multischleuder_config: |
diff --git a/roles/multischleuder/tasks/config.yml b/roles/multischleuder/tasks/config.yml
index 46af695..ee31ddc 100644
--- a/roles/multischleuder/tasks/config.yml
+++ b/roles/multischleuder/tasks/config.yml
@@ -1,14 +1,14 @@
---
-- name: render easywks config file
+- name: Render easywks config file
ansible.builtin.template:
src: etc/multischleuder/multischleuder.yml.j2
dest: /etc/multischleuder/multischleuder.yml
owner: root
group: root
- mode: 0644
+ mode: "0644"
-- name: start and enable multischleuder.timer
+- name: Start and enable multischleuder.timer
ansible.builtin.service:
name: multischleuder.timer
state: started
diff --git a/roles/multischleuder/tasks/install.yml b/roles/multischleuder/tasks/install.yml
index 549a9cd..f7a76fc 100644
--- a/roles/multischleuder/tasks/install.yml
+++ b/roles/multischleuder/tasks/install.yml
@@ -1,20 +1,20 @@
---
-- name: install multischleuder from system package sources
+- name: Install multischleuder from system package sources
ansible.builtin.apt:
name: multischleuder
when: "not multischleuder_download"
-- name: get multischleuder package url
+- name: Get multischleuder package url
ansible.builtin.uri:
# https://gitlab.com/s3lph/multischleuder
url: "https://gitlab.com/api/v4/projects/35309982/releases"
- return_content: yes
+ return_content: true
register: "register_multischleuder_gitlab_releases"
- changed_when: no
+ changed_when: false
when: "multischleuder_download"
-- name: install multischleuder from upstream release
+- name: Install multischleuder from upstream release
ansible.builtin.apt:
deb: "{{ url }}"
vars:
diff --git a/roles/multischleuder/tasks/main.yml b/roles/multischleuder/tasks/main.yml
index 7f3347a..174a807 100644
--- a/roles/multischleuder/tasks/main.yml
+++ b/roles/multischleuder/tasks/main.yml
@@ -1,12 +1,12 @@
---
-- name: install multischleuder
+- name: Install multischleuder
ansible.builtin.import_tasks: install.yml
tags:
- "role::multischleuder"
- "role::multischleuder:install"
-- name: configure multischleuder
+- name: Configure multischleuder
ansible.builtin.import_tasks: config.yml
tags:
- "role::multischleuder"
diff --git a/roles/opendkim/defaults/main.yml b/roles/opendkim/defaults/main.yml
index eda008e..bbf5dfd 100644
--- a/roles/opendkim/defaults/main.yml
+++ b/roles/opendkim/defaults/main.yml
@@ -1,14 +1,14 @@
---
-opendkim_testmode: no
+opendkim_testmode: false
-opendkim_syslog: yes
-opendkim_syslog_success: yes
-opendkim_log_why: no
+opendkim_syslog: true
+opendkim_syslog_success: true
+opendkim_log_why: false
opendkim_canonicalization: relaxed/relaxed
opendkim_mode: sv
-opendkim_subdomains: no
+opendkim_subdomains: false
opendkim_oversign_headers: From
opendkim_selector: mail
diff --git a/roles/opendkim/handlers/main.yml b/roles/opendkim/handlers/main.yml
index e48a5fe..49d759d 100644
--- a/roles/opendkim/handlers/main.yml
+++ b/roles/opendkim/handlers/main.yml
@@ -1,11 +1,11 @@
---
-- name: restart opendkim
+- name: Restart opendkim
ansible.builtin.service:
name: opendkim
state: restarted
-- name: restart postfix
+- name: Restart postfix
ansible.builtin.service:
name: postfix
state: restarted
diff --git a/roles/opendkim/tasks/config.yml b/roles/opendkim/tasks/config.yml
index e36e071..5906a44 100644
--- a/roles/opendkim/tasks/config.yml
+++ b/roles/opendkim/tasks/config.yml
@@ -1,44 +1,44 @@
---
-- name: create /etc/dkimkeys diretory
+- name: Create /etc/dkimkeys diretory
ansible.builtin.file:
path: /etc/dkimkeys
state: directory
owner: opendkim
group: opendkim
- mode: 0700
+ mode: "0700"
-- name: create dkim key
+- name: Create dkim key
ansible.builtin.command: >-
/usr/sbin/opendkim-genkey
--directory=/etc/dkimkeys
--selector={{ opendkim_selector }}
args:
creates: "/etc/dkimkeys/{{ opendkim_selector }}.private"
- become: yes
+ become: true
become_user: opendkim
- notify: restart opendkim
+ notify: Restart opendkim
-- name: create postfix spool socket directory
+- name: Create postfix spool socket directory
ansible.builtin.file:
path: /var/spool/postfix/opendkim
state: directory
owner: opendkim
group: postfix
- mode: 0770
- notify: restart opendkim
+ mode: "0770"
+ notify: Restart opendkim
-- name: render /etc/opendkim.conf
+- name: Render /etc/opendkim.conf
ansible.builtin.template:
src: etc/opendkim.conf.j2
dest: /etc/opendkim.conf
owner: root
group: root
- mode: 0644
- notify: restart opendkim
+ mode: "0644"
+ notify: Restart opendkim
-- name: start and enable opendkim
+- name: Start and enable opendkim
ansible.builtin.service:
name: opendkim
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/opendkim/tasks/install.yml b/roles/opendkim/tasks/install.yml
index 19e6137..53787e1 100644
--- a/roles/opendkim/tasks/install.yml
+++ b/roles/opendkim/tasks/install.yml
@@ -1,14 +1,14 @@
---
-- name: install opendkim
+- name: Install opendkim
ansible.builtin.package:
name:
- opendkim
- opendkim-tools
-- name: add postfix to opendkim group
+- name: Add postfix to opendkim group
ansible.builtin.user:
name: postfix
groups: opendkim
- append: yes
- notify: restart postfix
+ append: true
+ notify: Restart postfix
diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml
index 44a5c4c..e657583 100644
--- a/roles/opendkim/tasks/main.yml
+++ b/roles/opendkim/tasks/main.yml
@@ -1,12 +1,12 @@
---
-- name: install opendkim
+- name: Install opendkim
ansible.builtin.import_tasks: install.yml
tags:
- "role::opendkim"
- "role::opendkim:install"
-- name: configure opendkim
+- name: Configure opendkim
ansible.builtin.import_tasks: config.yml
tags:
- "role::opendkim"
diff --git a/roles/postfix/defaults/main/global.yml b/roles/postfix/defaults/main/global.yml
index 0338245..f6695d3 100644
--- a/roles/postfix/defaults/main/global.yml
+++ b/roles/postfix/defaults/main/global.yml
@@ -16,15 +16,15 @@ postfix_mydestination:
postfix_additional_transport_maps: []
postfix_additional_relay_domains: []
-postfix_postfixadmin_enable: no
-postfix_mailman_enable: no
-postfix_schleuder_enable: no
-postfix_policyd_spf_enable: no
-postfix_srsd_enable: no
-postfix_srsd_nodefault: no
-postfix_spamassassin_enable: no
-postfix_easywks_pipe_transport: no
-postfix_opendkim_enable: no
+postfix_postfixadmin_enable: false
+postfix_mailman_enable: false
+postfix_schleuder_enable: false
+postfix_policyd_spf_enable: false
+postfix_srsd_enable: false
+postfix_srsd_nodefault: false
+postfix_spamassassin_enable: false
+postfix_easywks_pipe_transport: false
+postfix_opendkim_enable: false
postfix_srsd_forward_lookup: "tcp:localhost:10001"
postfix_srsd_reverse_lookup: "tcp:localhost:10002"
diff --git a/roles/postfix/defaults/main/master.yml b/roles/postfix/defaults/main/master.yml
index 02c255b..482e6bc 100644
--- a/roles/postfix/defaults/main/master.yml
+++ b/roles/postfix/defaults/main/master.yml
@@ -7,7 +7,7 @@ postfix_default_master_processes:
smtp:
name: smtp
type: inet
- private: no
+ private: false
command: smtpd
options:
- '-o syslog_name=postfix/smtp'
@@ -17,7 +17,7 @@ postfix_default_master_processes:
submission:
name: submission
type: inet
- private: no
+ private: false
command: smtpd
options:
- '-o syslog_name=postfix/submission'
@@ -32,81 +32,81 @@ postfix_default_master_processes:
pickup:
name: pickup
type: unix
- private: no
- chroot: no
+ private: false
+ chroot: false
wakeup: 60
maxproc: 1
cleanup:
name: cleanup
type: unix
- private: no
+ private: false
maxproc: 0
qmgr:
name: qmgr
type: unix
- private: no
- chroot: no
+ private: false
+ chroot: false
wakeup: 300
maxproc: 1
tlsmgr:
name: tlsmgr
type: unix
- chroot: no
+ chroot: false
wakeup: '1000?'
maxproc: 1
rewrite:
name: rewrite
type: unix
- chroot: no
+ chroot: false
command: trivial-rewrite
bounce:
name: bounce
type: unix
- chroot: no
+ chroot: false
maxproc: 0
defer:
name: defer
type: unix
- chroot: no
+ chroot: false
maxproc: 0
command: bounce
trace:
name: trace
type: unix
- chroot: no
+ chroot: false
maxproc: 0
command: bounce
verify:
name: verify
type: unix
- chroot: no
+ chroot: false
maxproc: 1
flush:
name: flush
type: unix
- private: no
- chroot: no
+ private: false
+ chroot: false
wakeup: '1000?'
maxproc: 0
proxymap:
name: proxymap
type: unix
- chroot: no
+ chroot: false
proxywrite:
name: proxywrite
type: unix
- chroot: no
+ chroot: false
maxproc: 1
command: proxymap
@@ -125,59 +125,59 @@ postfix_default_master_processes:
showq:
name: showq
type: unix
- private: no
- chroot: no
+ private: false
+ chroot: false
error:
name: error
type: unix
- chroot: no
+ chroot: false
retry:
name: retry
type: unix
- chroot: no
+ chroot: false
command: error
discard:
name: discard
type: unix
- chroot: no
+ chroot: false
local:
name: local
type: unix
- unpriv: no
- chroot: no
+ unpriv: false
+ chroot: false
virtual:
name: virtual
type: unix
- unpriv: no
- chroot: no
+ unpriv: false
+ chroot: false
lmtp:
name: lmtp
type: unix
- chroot: no
+ chroot: false
anvil:
name: anvil
type: unix
- chroot: no
+ chroot: false
maxproc: 1
scache:
name: scache
type: unix
- chroot: no
+ chroot: false
maxproc: 1
postlog:
name: postlog
type: unix-dgram
- private: no
- chroot: no
+ private: false
+ chroot: false
maxproc: 1
command: postlogd
diff --git a/roles/postfix/defaults/main/policyd_spf.yml b/roles/postfix/defaults/main/policyd_spf.yml
index 639e937..8126eaf 100644
--- a/roles/postfix/defaults/main/policyd_spf.yml
+++ b/roles/postfix/defaults/main/policyd_spf.yml
@@ -6,8 +6,8 @@ postfix_policyd_spf_testonly: 0
postfix_policyd_spf_helo_reject: Fail
postfix_policyd_spf_mail_from_reject: Fail
-postfix_policyd_spf_permerror_reject: False
-postfix_policyd_spf_temperror_reject: False
+postfix_policyd_spf_permerror_reject: "False"
+postfix_policyd_spf_temperror_reject: "False"
postfix_policyd_spf_skip_addresses:
- "127.0.0.0/8"
diff --git a/roles/postfix/defaults/main/restrictions.yml b/roles/postfix/defaults/main/restrictions.yml
index f4b350e..31f9f11 100644
--- a/roles/postfix/defaults/main/restrictions.yml
+++ b/roles/postfix/defaults/main/restrictions.yml
@@ -48,6 +48,6 @@ postfix_body_checks: []
postfix_smtpd_sender_login_maps: []
-postfix_always_add_missing_headers: no
+postfix_always_add_missing_headers: false
postfix_local_header_rewrite_clients:
- permit_inet_interfaces
diff --git a/roles/postfix/defaults/main/virtual.yml b/roles/postfix/defaults/main/virtual.yml
index 36056bb..e9837ac 100644
--- a/roles/postfix/defaults/main/virtual.yml
+++ b/roles/postfix/defaults/main/virtual.yml
@@ -1,9 +1,9 @@
---
-postfix_enable_virtual_mail: yes
+postfix_enable_virtual_mail: true
virtual_mail_uid: virtual
virtual_mail_gid: virtual
-virutal_mail_home: /home/virtual
+virtual_mail_home: /home/virtual
virtual_minimum_uid: 100
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index 17b582e..98bb3bd 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -1,19 +1,20 @@
---
-- name: restart postfix
+- name: Restart postfix
ansible.builtin.service:
name: postfix
state: restarted
-- name: reload postfix
+- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded
-- name: restart postfix-mta-sts-resolver
+- name: Restart postfix-mta-sts-resolver
ansible.builtin.service:
name: postfix-mta-sts-resolver
state: restarted
-- name: postalias /etc/aliases
+- name: Postalias /etc/aliases
ansible.builtin.command: postalias /etc/aliases
+ changed_when: true
diff --git a/roles/postfix/tasks/config.yml b/roles/postfix/tasks/config.yml
index 8abce74..4812ce2 100644
--- a/roles/postfix/tasks/config.yml
+++ b/roles/postfix/tasks/config.yml
@@ -6,8 +6,8 @@
dest: /etc/postfix/main.cf
owner: root
group: root
- mode: 0644
- notify: restart postfix
+ mode: "0644"
+ notify: Restart postfix
- name: Render /etc/postfix/master.cf
ansible.builtin.template:
@@ -15,8 +15,8 @@
dest: /etc/postfix/master.cf
owner: root
group: root
- mode: 0644
- notify: restart postfix
+ mode: "0644"
+ notify: Restart postfix
- name: Render /etc/postfix-policyd-spf-python/policyd-spf.conf
ansible.builtin.template:
@@ -24,8 +24,8 @@
dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
owner: root
group: root
- mode: 0644
- notify: restart postfix
+ mode: "0644"
+ notify: Restart postfix
- name: Render /etc/mta-sts-daemon.yml
ansible.builtin.template:
@@ -33,8 +33,8 @@
dest: /etc/mta-sts-daemon.yml
owner: root
group: root
- mode: 0644
- notify: restart postfix-mta-sts-resolver
+ mode: "0644"
+ notify: Restart postfix-mta-sts-resolver
- name: Start and enable postfix-mta-sts-resolver
ansible.builtin.service:
diff --git a/roles/postfix/tasks/install.yml b/roles/postfix/tasks/install.yml
index 0cce1da..e5f2e74 100644
--- a/roles/postfix/tasks/install.yml
+++ b/roles/postfix/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: Install packages
ansible.builtin.apt:
name:
- postfix
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 4ef2c1c..1484643 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: create postfix virtual users/group
+- name: Create postfix virtual users/group
ansible.builtin.import_tasks: setup.yml
tags:
- "role::postfix"
@@ -8,19 +8,19 @@
- "role::postfix:config"
- "role::postfix:tables"
-- name: install postfix
+- name: Install postfix
ansible.builtin.import_tasks: install.yml
tags:
- "role::postfix"
- "role::postfix:install"
-- name: configure postfix
+- name: Configure postfix
ansible.builtin.import_tasks: config.yml
tags:
- "role::postfix"
- "role::postfix:config"
-- name: render postfix lookup tables
+- name: Render postfix lookup tables
ansible.builtin.import_tasks: tables.yml
tags:
- "role::postfix"
diff --git a/roles/postfix/tasks/setup.yml b/roles/postfix/tasks/setup.yml
index ee3f26f..d040028 100644
--- a/roles/postfix/tasks/setup.yml
+++ b/roles/postfix/tasks/setup.yml
@@ -1,25 +1,25 @@
---
-- name: create virtual mail group
+- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
- system: yes
+ system: true
register: postfix_register_vmail_group
when: postfix_enable_virtual_mail
-- name: create virtual mail user
+- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
- system: yes
+ system: true
comment: Virtual Mail User
register: postfix_register_vmail_user
when: postfix_enable_virtual_mail
-- name: set vmail uid and gid facts
+- name: Set vmail uid and gid facts
ansible.builtin.set_fact:
virtual_mail_numeric_uid: "{{ postfix_register_vmail_user.uid }}"
virtual_mail_numeric_gid: "{{ postfix_register_vmail_group.gid }}"
diff --git a/roles/postfix/tasks/tables.yml b/roles/postfix/tasks/tables.yml
index e1036c3..cb70b8c 100644
--- a/roles/postfix/tasks/tables.yml
+++ b/roles/postfix/tasks/tables.yml
@@ -1,26 +1,26 @@
---
-- name: render /etc/aliases
+- name: Render /etc/aliases
ansible.builtin.template:
src: etc/aliases.j2
dest: /etc/aliases
owner: root
group: root
- mode: 0644
- notify: postalias /etc/aliases
+ mode: "0644"
+ notify: Postalias /etc/aliases
-- name: render additional hash lookup tables
+- name: Render additional hash lookup tables
ansible.builtin.template:
src: etc/postfix/table.j2
dest: "/etc/postfix/{{ item.key }}"
owner: root
group: root
- mode: 0644
+ mode: "0644"
register: postfix_register_additional_lookup_tables
loop: "{{ postfix_additional_tables | dict2items }}"
-- name: postmap additional lookup tables
+- name: Postmap additional lookup tables
ansible.builtin.command: >-
postmap /etc/postfix/{{ item.item.key }}
- changed_when: yes
+ changed_when: true
loop: "{{ postfix_register_additional_lookup_tables.results }}"
diff --git a/roles/postfixadmin/defaults/main.yml b/roles/postfixadmin/defaults/main.yml
index 307bc7b..6bb6f59 100644
--- a/roles/postfixadmin/defaults/main.yml
+++ b/roles/postfixadmin/defaults/main.yml
@@ -24,8 +24,8 @@ postfixadmin_password_validation:
'/([a-zA-Z].*){3}/': 'password_no_characters 3'
'/([0-9].*){2}/': 'password_no_digits 2'
-postfixadmin_generate_password: no
-postfixadmin_show_password: no
+postfixadmin_generate_password: false
+postfixadmin_show_password: false
postfixadmin_page_size: 25
postfixadmin_default_aliases:
@@ -34,33 +34,33 @@ postfixadmin_default_aliases:
postmaster: 'postmaster@{{ ansible_domain }}'
webmaster: 'webmaster@{{ ansible_domain }}'
-postfixadmin_domain_path: yes
-postfixadmin_domain_in_mailbox: no
+postfixadmin_domain_path: true
+postfixadmin_domain_in_mailbox: false
postfixadmin_aliases: 10
postfixadmin_mailboxes: 10
postfixadmin_maxquota: 10
postfixadmin_domain_quota_default: 2048
-postfixadmin_quota: no
-postfixadmin_domain_quota: yes
+postfixadmin_quota: false
+postfixadmin_domain_quota: true
-postfixadmin_transport: no
+postfixadmin_transport: false
postfixadmin_transport_options:
- lmtp:unix:private/dovecot-lmtp
-postfixadmin_alias_domain: yes
-postfixadmin_backup: no
-postfixadmin_sendmail: yes
-postfixadmin_sendmail_all_admins: no
-postfixadmin_fetchmail: yes
-postfixadmin_forgotten_user_password_reset: yes
-postfixadmin_forgotten_admin_password_reset: no
-postfixadmin_password_expiration: no
-postfixadmin_show_header_text: no
+postfixadmin_alias_domain: true
+postfixadmin_backup: false
+postfixadmin_sendmail: true
+postfixadmin_sendmail_all_admins: false
+postfixadmin_fetchmail: true
+postfixadmin_forgotten_user_password_reset: true
+postfixadmin_forgotten_admin_password_reset: false
+postfixadmin_password_expiration: false
+postfixadmin_show_header_text: false
postfixadmin_header_text: ':: Postfix Admin ::'
-postfixadmin_show_footer_text: yes
+postfixadmin_show_footer_text: true
postfixadmin_footer_text: 'Return to change-this-to-your.domain.tld'
postfixadmin_footer_link: 'http://change-this-to-your.domain.tld'
-postfixadmin_emailcheck_resolve_domain: yes
+postfixadmin_emailcheck_resolve_domain: true
postfixadmin_welcome_text: |
Hi,
@@ -85,10 +85,10 @@ postfixadmin_database_postfix_hosts: 'unix:/run/mysqld/mysqld.sock'
postfixadmin_database_dovecot_user: postfix
postfixadmin_database_dovecot_hosts: '/run/mysqld/mysqld.sock'
# This permits disabled users to still read their mail, but will not allow them to send mail.
-postfixadmin_permit_inactive_user_nosmtp: no
+postfixadmin_permit_inactive_user_nosmtp: false
# allow login as <user> in addition to <user>@<domain>
# Only set this when when you're only serving a single domain or can otherwise avoid conflicts
-postfixadmin_permit_localpart_login: no
+postfixadmin_permit_localpart_login: false
postfixadmin_additional_config: ''
diff --git a/roles/postfixadmin/handlers/main.yml b/roles/postfixadmin/handlers/main.yml
index 8f58c04..f481f51 100644
--- a/roles/postfixadmin/handlers/main.yml
+++ b/roles/postfixadmin/handlers/main.yml
@@ -1,11 +1,11 @@
---
-- name: reload postfix
+- name: Reload postfix
ansible.builtin.service:
name: postfix
state: reloaded
-- name: reload dovecot
+- name: Reload dovecot
ansible.builtin.service:
name: dovecot
state: reloaded
diff --git a/roles/postfixadmin/tasks/bootstrap.yml b/roles/postfixadmin/tasks/bootstrap.yml
index 3e59425..0910014 100644
--- a/roles/postfixadmin/tasks/bootstrap.yml
+++ b/roles/postfixadmin/tasks/bootstrap.yml
@@ -1,6 +1,6 @@
---
-- name: create mariadb database
+- name: Create mariadb database
community.mysql.mysql_db:
name: '{{ postfixadmin_database_name }}'
login_host: '{{ postfixadmin_database_host }}'
@@ -8,9 +8,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create postfixadmin database user
+- name: Create postfixadmin database user
community.mysql.mysql_user:
name: "{{ postfixadmin_database_user }}"
host: "{{ postfixadmin_database_user_host }}"
@@ -21,9 +21,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: create postfix database user
+- name: Create postfix database user
community.mysql.mysql_user:
name: "{{ postfixadmin_database_postfix_user }}"
host: "{{ postfixadmin_database_postfix_user_host }}"
@@ -34,9 +34,9 @@
login_unix_socket: '{{ postfixadmin_database_socket }}'
login_user: '{{ postfixadmin_bootstrap_login_user }}'
login_password: '{{ postfixadmin_bootstrap_login_password }}'
- check_implicit_admin: yes
+ check_implicit_admin: true
-- name: request setup.php to create database and admin user
+- name: Request setup.php to create database and admin user
ansible.builtin.uri:
url: '{{ postfixadmin_bootstrap_base_url }}/setup.php'
method: POST
@@ -48,7 +48,7 @@
password: '{{ postfixadmin_bootstrap_admin_password }}'
password2: '{{ postfixadmin_bootstrap_admin_password }}'
submit: 'createadmin'
- return_content: yes
+ return_content: true
register: postfixadmin_register_boostrap_create_admin
- changed_when: yes
+ changed_when: true
failed_when: '"Admin addition failed" in postfixadmin_register_boostrap_create_admin.content or postfixadmin_register_boostrap_create_admin.status != 200'
diff --git a/roles/postfixadmin/tasks/config.yml b/roles/postfixadmin/tasks/config.yml
index c87e153..477a95e 100644
--- a/roles/postfixadmin/tasks/config.yml
+++ b/roles/postfixadmin/tasks/config.yml
@@ -1,17 +1,17 @@
---
-- name: create config.local.php
+- name: Create config.local.php
ansible.builtin.template:
src: config.local.php.j2
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
owner: root
group: www-data
- mode: 0640
+ mode: "0640"
-- name: call setup.php to run database migrations
+- name: Call setup.php to run database migrations
ansible.builtin.uri:
url: "{{ postfixadmin_bootstrap_base_url }}/setup.php"
- return_content: yes
+ return_content: true
register: postfixadmin_register_setup_upgrade
changed_when:
- "'Database is up to date' not in postfixadmin_register_setup_upgrade.content"
diff --git a/roles/postfixadmin/tasks/dovecot.yml b/roles/postfixadmin/tasks/dovecot.yml
index 9c91fe0..20768e0 100644
--- a/roles/postfixadmin/tasks/dovecot.yml
+++ b/roles/postfixadmin/tasks/dovecot.yml
@@ -1,10 +1,10 @@
---
-- name: render /etc/dovecot/dovecot-sql.conf
+- name: Render /etc/dovecot/dovecot-sql.conf
ansible.builtin.template:
src: etc/dovecot/dovecot-sql.conf.j2
dest: /etc/dovecot/dovecot-sql.conf
owner: root
group: root
- mode: 0640
- notify: reload dovecot
+ mode: "0640"
+ notify: Reload dovecot
diff --git a/roles/postfixadmin/tasks/install.yml b/roles/postfixadmin/tasks/install.yml
index bf2de6d..d281a10 100644
--- a/roles/postfixadmin/tasks/install.yml
+++ b/roles/postfixadmin/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install php dependencies
+- name: Install php dependencies
ansible.builtin.apt:
name:
- php-imap
@@ -8,55 +8,55 @@
- php-mbstring
- python3-pymysql # required by ansible
-- name: create postfixadmin installation directory
+- name: Create postfixadmin installation directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
state: directory
owner: root
group: www-data
- mode: 0755
+ mode: "0755"
-- name: download and unpack postfixadmin release
+- name: Download and unpack postfixadmin release
ansible.builtin.unarchive:
- remote_src: yes
+ remote_src: true
src: "https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-{{ postfixadmin_version }}.tar.gz"
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
creates: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
extra_opts: ["--strip-components=1"]
owner: root
group: www-data
- mode: 0755
+ mode: "0755"
-- name: create templates_c directory
+- name: Create templates_c directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/templates_c"
state: directory
owner: root
group: www-data
- mode: 0775
+ mode: "0775"
-- name: create config.local.php
+- name: Create config.local.php
ansible.builtin.template:
src: config.local.php.j2
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
owner: root
group: www-data
- mode: 0640
+ mode: "0640"
-- name: change config.inc.php permissions
+- name: Change config.inc.php permissions
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
owner: root
group: www-data
- mode: 0640
+ mode: "0640"
-- name: symlink postfixadmin-cli to /usr/local/bin
+- name: Symlink postfixadmin-cli to /usr/local/bin
ansible.builtin.file:
path: "/usr/local/bin/postfixadmin-cli"
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/scripts/postfixadmin-cli"
state: link
-- name: symlink to new installation directory
+- name: Symlink to new installation directory
ansible.builtin.file:
path: "{{ postfixadmin_installation_prefix }}/postfixadmin"
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
diff --git a/roles/postfixadmin/tasks/main.yml b/roles/postfixadmin/tasks/main.yml
index a6895ec..3120b06 100644
--- a/roles/postfixadmin/tasks/main.yml
+++ b/roles/postfixadmin/tasks/main.yml
@@ -1,36 +1,36 @@
---
-- name: create virtual user/group
+- name: Create virtual user/group
ansible.builtin.import_tasks: setup.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:dovecot"
-- name: install postfixadmin
+- name: Install postfixadmin
ansible.builtin.import_tasks: install.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:install"
-- name: configure postfixadmin
+- name: Configure postfixadmin
ansible.builtin.import_tasks: config.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:config"
-- name: create postfixadmin database and admin users
+- name: Create postfixadmin database and admin users
ansible.builtin.import_tasks: bootstrap.yml
tags:
- "role::postfixadmin:bootstrap"
- "never"
-- name: hook postfix up to postfixadmin
+- name: Hook postfix up to postfixadmin
ansible.builtin.import_tasks: postfix.yml
tags:
- "role::postfixadmin"
- "role::postfixadmin:postfix"
-- name: hook dovecot up to postfixadmin
+- name: Hook dovecot up to postfixadmin
ansible.builtin.import_tasks: dovecot.yml
tags:
- "role::postfixadmin"
diff --git a/roles/postfixadmin/tasks/postfix.yml b/roles/postfixadmin/tasks/postfix.yml
index f88481d..77fe14f 100644
--- a/roles/postfixadmin/tasks/postfix.yml
+++ b/roles/postfixadmin/tasks/postfix.yml
@@ -1,20 +1,20 @@
---
-- name: create /etc/postfix/sql directory
+- name: Create /etc/postfix/sql directory
ansible.builtin.file:
path: /etc/postfix/sql
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
-- name: render postfix sql config files
+- name: Render postfix sql config files
ansible.builtin.template:
src: etc/postfix/sql/{{ item }}.cf.j2
dest: /etc/postfix/sql/{{ item }}.cf
owner: root
group: postfix
- mode: 0640
+ mode: "0640"
loop:
- mysql_relay_domains
- mysql_transport_maps
@@ -25,4 +25,4 @@
- mysql_virtual_domains_maps
- mysql_virtual_mailbox_limit_maps
- mysql_virtual_mailbox_maps
- notify: reload postfix
+ notify: Reload postfix
diff --git a/roles/postfixadmin/tasks/setup.yml b/roles/postfixadmin/tasks/setup.yml
index 5aa366c..03ab162 100644
--- a/roles/postfixadmin/tasks/setup.yml
+++ b/roles/postfixadmin/tasks/setup.yml
@@ -1,23 +1,23 @@
---
-- name: create virtual mail group
+- name: Create virtual mail group
ansible.builtin.group:
name: "{{ virtual_mail_gid }}"
- system: yes
+ system: true
register: postfixadmin_register_vmail_group
-- name: create virtual mail user
+- name: Create virtual mail user
ansible.builtin.user:
name: "{{ virtual_mail_uid }}"
group: "{{ virtual_mail_gid }}"
home: "{{ virtual_mail_home }}"
password: '!'
shell: /usr/sbin/nologin
- system: yes
+ system: true
comment: Virtual Mail User
register: postfixadmin_register_vmail_user
-- name: set vmail uid and gid facts
+- name: Set vmail uid and gid facts
ansible.builtin.set_fact:
virtual_mail_numeric_uid: "{{ postfixadmin_register_vmail_user.uid }}"
virtual_mail_numeric_gid: "{{ postfixadmin_register_vmail_group.gid }}"
diff --git a/roles/postsrsd/handlers/main.yml b/roles/postsrsd/handlers/main.yml
index 9620b2f..8a370e8 100644
--- a/roles/postsrsd/handlers/main.yml
+++ b/roles/postsrsd/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart postsrsd
+- name: Restart postsrsd
ansible.builtin.service:
name: postsrsd
state: restarted
diff --git a/roles/postsrsd/tasks/config.yml b/roles/postsrsd/tasks/config.yml
index 0d38e95..3512b87 100644
--- a/roles/postsrsd/tasks/config.yml
+++ b/roles/postsrsd/tasks/config.yml
@@ -1,10 +1,10 @@
---
-- name: render /etc/default/postsrsd
+- name: Render /etc/default/postsrsd
ansible.builtin.template:
src: etc/default/postsrsd.j2
dest: /etc/default/postsrsd
owner: root
group: root
- mode: 0644
- notify: restart postsrsd
+ mode: "0644"
+ notify: Restart postsrsd
diff --git a/roles/postsrsd/tasks/install.yml b/roles/postsrsd/tasks/install.yml
index 006a0f1..b4df389 100644
--- a/roles/postsrsd/tasks/install.yml
+++ b/roles/postsrsd/tasks/install.yml
@@ -1,12 +1,12 @@
---
-- name: install postsrsd
+- name: Install postsrsd
ansible.builtin.apt:
name: postsrsd
state: present
-- name: start and enable postsrsd
+- name: Start and enable postsrsd
ansible.builtin.service:
name: postsrsd
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/postsrsd/tasks/main.yml b/roles/postsrsd/tasks/main.yml
index 45ea642..3dd0338 100644
--- a/roles/postsrsd/tasks/main.yml
+++ b/roles/postsrsd/tasks/main.yml
@@ -1,12 +1,12 @@
---
-- name: install postsrsd
+- name: Install postsrsd
ansible.builtin.import_tasks: install.yml
tags:
- "role::postsrsd"
- "role::postsrsd:install"
-- name: configure postsrsd
+- name: Configure postsrsd
ansible.builtin.import_tasks: config.yml
tags:
- "role::postsrsd"
diff --git a/roles/schleuder/defaults/main.yml b/roles/schleuder/defaults/main.yml
index 1ba54f0..e2cdf5d 100644
--- a/roles/schleuder/defaults/main.yml
+++ b/roles/schleuder/defaults/main.yml
@@ -50,7 +50,7 @@ schleuder_defaults_subject_prefix_in: ""
schleuder_defaults_subject_prefix_out: ""
schleuder_defaults_bounces_drop_all: false
schleuder_defaults_bounces_drop_on_headers:
- x-spam-flag: yes
+ x-spam-flag: true
schleuder_defaults_bounces_notify_admins: true
schleuder_defaults_include_list_headers: true
schleuder_defaults_include_openpgpg_header: true
@@ -62,7 +62,7 @@ schleuder_defaults_language: en
schleuder_defaults_forward_all_incoming_to_admins: false
# This is the last commit before schleuder 3.5 was required
-schleuder_web_install: no
+schleuder_web_install: false
schleuder_web_commitish: main
schleuder_web_hostname: schleuder.example.org
schleuder_web_mailfrom: noreply@schleuder.example.org
diff --git a/roles/schleuder/handlers/main.yml b/roles/schleuder/handlers/main.yml
index 80e2d4e..f6b6ac9 100644
--- a/roles/schleuder/handlers/main.yml
+++ b/roles/schleuder/handlers/main.yml
@@ -1,15 +1,15 @@
---
-- name: systemctl daemon-reload
+- name: Systemctl daemon-reload
ansible.builtin.systemd:
- daemon_reload: yes
+ daemon_reload: true
-- name: systemctl restart schleuder-web
+- name: Systemctl restart schleuder-web
ansible.builtin.service:
name: schleuder-web
state: restarted
-- name: systemctl restart schleuder-api-daemon
+- name: Systemctl restart schleuder-api-daemon
ansible.builtin.service:
name: schleuder-api-daemon
state: restarted
diff --git a/roles/schleuder/tasks/cli_apitokens.yml b/roles/schleuder/tasks/cli_apitokens.yml
index 6ca3471..cadbc27 100644
--- a/roles/schleuder/tasks/cli_apitokens.yml
+++ b/roles/schleuder/tasks/cli_apitokens.yml
@@ -1,24 +1,24 @@
---
-- name: get schleuder api tls fingerprint
+- name: Get schleuder api tls fingerprint
community.crypto.x509_certificate_info:
path: /etc/schleuder/schleuder-certificate.pem
register: schleuder_register_apicert_info
-- name: create the ~/.schleuder-cli/ directory
+- name: Create the ~/.schleuder-cli/ directory
ansible.builtin.file:
path: "{{ item.value.home }}/.schleuder-cli"
state: directory
owner: "{{ item.key }}"
- mode: 0700
+ mode: "0700"
loop: "{{ schleuder_cli_users | dict2items }}"
-- name: render ~/.schleuder-cli/schleuder-cli.yml
+- name: Render ~/.schleuder-cli/schleuder-cli.yml
ansible.builtin.template:
src: root/.schleuder-cli/schleuder-cli.yml.j2
dest: "{{ item.value.home }}/.schleuder-cli/schleuder-cli.yml"
owner: "{{ item.key }}"
- mode: 0600
+ mode: "0600"
vars:
fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
token: "{{ item.value.token }}"
diff --git a/roles/schleuder/tasks/config.yml b/roles/schleuder/tasks/config.yml
index 6c8175e..088e0f2 100644
--- a/roles/schleuder/tasks/config.yml
+++ b/roles/schleuder/tasks/config.yml
@@ -1,19 +1,19 @@
---
-- name: render /etc/schleuder/schleuder.yml
+- name: Render /etc/schleuder/schleuder.yml
ansible.builtin.template:
src: etc/schleuder/schleuder.yml.j2
dest: /etc/schleuder/schleuder.yml
owner: root
group: schleuder
- mode: 0640
- notify: systemctl restart schleuder-api-daemon
+ mode: "0640"
+ notify: Systemctl restart schleuder-api-daemon
-- name: render /etc/schleuder/list-defaults.yml
+- name: Render /etc/schleuder/list-defaults.yml
ansible.builtin.template:
src: etc/schleuder/list-defaults.yml.j2
dest: /etc/schleuder/list-defaults.yml
owner: root
group: schleuder
- mode: 0640
- notify: systemctl restart schleuder-api-daemon
+ mode: "0640"
+ notify: Systemctl restart schleuder-api-daemon
diff --git a/roles/schleuder/tasks/install.yml b/roles/schleuder/tasks/install.yml
index d16b3ad..7fb2e1b 100644
--- a/roles/schleuder/tasks/install.yml
+++ b/roles/schleuder/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install schleuder packages
+- name: Install schleuder packages
ansible.builtin.apt:
name:
- schleuder
diff --git a/roles/schleuder/tasks/install_schleuder.yml b/roles/schleuder/tasks/install_schleuder.yml
index 6e6bc5c..7f280f1 100644
--- a/roles/schleuder/tasks/install_schleuder.yml
+++ b/roles/schleuder/tasks/install_schleuder.yml
@@ -1,6 +1,6 @@
---
-- name: install schleuder-web dependencies
+- name: Install schleuder dependencies
ansible.builtin.apt:
name:
- ruby
@@ -10,30 +10,30 @@
- libssl-dev
- acl # only needed so ansible can become_user=schleuder
-- name: create schleuder group
+- name: Create schleuder group
ansible.builtin.group:
name: schleuder
- system: yes
+ system: true
-- name: create schleuder user
+- name: Create schleuder user
ansible.builtin.user:
name: schleuder
group: schleuder
home: /var/lib/schleuder
- system: yes
+ system: true
shell: /usr/sbin/nologin
-- name: gather service facts
+- name: Gather service facts
ansible.builtin.service_facts:
-- name: stop schleuder service
+- name: Stop schleuder service
ansible.builtin.service:
name: schleuder
state: stopped
when: "'schleuder.service' in ansible_facts.services"
-- name: install schleuder gem
- become: yes
+- name: Install schleuder gem
+ become: true
become_user: schleuder
ansible.builtin.command:
cmd: gem install schleuder
diff --git a/roles/schleuder/tasks/install_web.yml b/roles/schleuder/tasks/install_web.yml
index de0a2c6..5bb2d50 100644
--- a/roles/schleuder/tasks/install_web.yml
+++ b/roles/schleuder/tasks/install_web.yml
@@ -1,6 +1,6 @@
---
-- name: install schleuder-web dependencies
+- name: Install schleuder-web dependencies
ansible.builtin.apt:
name:
- bundler
@@ -10,99 +10,99 @@
- git
- acl # only needed so ansible can become_user=schleuder-web
-- name: create schleuder-web user
+- name: Create schleuder-web user
ansible.builtin.user:
name: schleuder-web
group: nogroup
home: /var/lib/schleuder-web
- system: yes
+ system: true
shell: /usr/sbin/nologin
-- name: gather service facts
+- name: Gather service facts
ansible.builtin.service_facts:
-- name: stop schleuder-web service
+- name: Stop schleuder-web service
ansible.builtin.service:
name: schleuder-web
state: stopped
when: "'schleuder-web.service' in ansible_facts.services"
-- name: clone schleuder-web git repo
- become: yes
+- name: Clone schleuder-web git repo
+ become: true
become_user: schleuder-web
ansible.builtin.command:
# git module would reset working directory
cmd: git clone https://0xacab.org/schleuder/schleuder-web /var/lib/schleuder-web/schleuder-web # noqa command-instead-of-module
creates: /var/lib/schleuder-web/schleuder-web
-- name: fetch schleuder-web upstream
- become: yes
+- name: Fetch schleuder-web upstream
+ become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: git fetch origin # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
- changed_when: yes
+ changed_when: true
-- name: checkout requested schleuder-web version
- become: yes
+- name: Checkout requested schleuder-web version
+ become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: git checkout "{{ schleuder_web_commitish }}" # noqa command-instead-of-module
chdir: /var/lib/schleuder-web/schleuder-web
- changed_when: yes
+ changed_when: true
-- name: render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
+- name: Render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
owner: schleuder-web
group: root
- mode: 0600
- notify: systemctl restart schleuder-web
+ mode: "0600"
+ notify: Systemctl restart schleuder-web
-- name: render /var/lib/schleuder-web/schleuder-web/config/database.yml
+- name: Render /var/lib/schleuder-web/schleuder-web/config/database.yml
ansible.builtin.template:
src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
owner: schleuder-web
group: nogroup
- mode: 0644
+ mode: "0644"
-- name: get schleuder api tls fingerprint
+- name: Get schleuder api tls fingerprint
community.crypto.x509_certificate_info:
path: /etc/schleuder/schleuder-certificate.pem
register: schleuder_register_apicert_info
-- name: render /etc/default/schleuder-web
+- name: Render /etc/default/schleuder-web
ansible.builtin.template:
src: etc/default/schleuder-web.j2
dest: /etc/default/schleuder-web
owner: root
group: root
- mode: 0600
+ mode: "0600"
vars:
tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
- notify: systemctl restart schleuder-web
+ notify: Systemctl restart schleuder-web
-- name: render systemd service unit
+- name: Render systemd service unit
ansible.builtin.template:
src: etc/systemd/system/schleuder-web.service.j2
dest: /etc/systemd/system/schleuder-web.service
owner: root
group: root
- mode: 0644
- notify: systemctl daemon-reload
+ mode: "0644"
+ notify: Systemctl daemon-reload
-- name: run bundle install ... this may take a few minutes
- become: yes
+- name: Run bundle install ... this may take a few minutes
+ become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
chdir: /var/lib/schleuder-web/schleuder-web
- changed_when: yes
+ changed_when: true
-- name: run bundle db setup
- become: yes
+- name: Run bundle db setup
+ become: true
become_user: schleuder-web
ansible.builtin.command:
cmd: /usr/bin/bundle exec rake db:setup
@@ -111,10 +111,10 @@
environment:
RAILS_ENV: production
-- name: flush systemd daemon-reload
+- name: Flush systemd daemon-reload
ansible.builtin.meta: flush_handlers
-- name: start and enable schleuder-web
+- name: Start and enable schleuder-web
ansible.builtin.service:
name: schleuder-web
state: started
diff --git a/roles/schleuder/tasks/main.yml b/roles/schleuder/tasks/main.yml
index c10125c..7139cf7 100644
--- a/roles/schleuder/tasks/main.yml
+++ b/roles/schleuder/tasks/main.yml
@@ -1,25 +1,25 @@
---
-- name: install schleuder
+- name: Install schleuder
ansible.builtin.import_tasks: install.yml
tags:
- "role::schleuder"
- "role::schleuder:install"
-- name: configure schleuder
+- name: Configure schleuder
ansible.builtin.import_tasks: config.yml
tags:
- "role::schleuder"
- "role::schleuder:config"
-- name: install and configure schleuder-web
+- name: Install and configure schleuder-web
ansible.builtin.import_tasks: install_web.yml
when: schleuder_web_install
tags:
- "role::schleuder"
- "role::schleuder:install_web"
-- name: create schleuder-api-daemon tokens for admin users
+- name: Create schleuder-api-daemon tokens for admin users
ansible.builtin.import_tasks: cli_apitokens.yml
tags:
- "role::schleuder"
diff --git a/roles/spamassassin/defaults/main.yml b/roles/spamassassin/defaults/main.yml
index 3bfdfb2..4569896 100644
--- a/roles/spamassassin/defaults/main.yml
+++ b/roles/spamassassin/defaults/main.yml
@@ -2,20 +2,20 @@
spamassassin_pidfile: /var/run/spamd.pid
spamassassin_niceness: 15
-spamassassin_enable_cron: no
-spamassassin_nouser_config: no
+spamassassin_enable_cron: false
+spamassassin_nouser_config: false
spamassassin_rewrite_header_subject: "[*****SPAM*****]"
-spamassassin_report_safe: yes
+spamassassin_report_safe: true
spamassassin_trusted_networks: []
spamassassin_internal_networks: []
spamassassin_lock_method: flock
spamassassin_required_score: "5.0"
-spamassassin_normalize_charset: yes
+spamassassin_normalize_charset: true
spamassassin_body_part_scan_size: 50000
spamassassin_rawbody_part_scan_size: 500000
-spamassassin_use_bayes: yes
-spamassassin_bayes_auto_learn: yes
+spamassassin_use_bayes: true
+spamassassin_bayes_auto_learn: true
spamassassin_bayes_path: /var/lib/spamassassin/.spamassassin/bayes
spamassassin_bayes_file_mode: "0644"
spamassassin_bayes_ignore_header:
@@ -37,14 +37,14 @@ spamassassin_additional_config: ""
spamass_milter_user: spamass-milter
-spamass_milter_nomodify: no
-spamass_milter_postfix_socket_override: no
+spamass_milter_nomodify: false
+spamass_milter_postfix_socket_override: false
spamass_milter_postfix_socket_path: /var/spool/postfix/spamass/spamass.sock
spamass_milter_postfix_socket_owner: postfix
spamass_milter_postfix_socket_group: postfix
spamass_milter_postfix_socket_mode: "0600"
-spamassassin_salearncron_enable: no
+spamassassin_salearncron_enable: false
spamassassin_salearncron_cronexpr: '0 3 * * *'
spamassassin_salearncron_dbpath: /var/lib/spamassassin/.spamassassin/
spamassassin_salearncron_spambox: .INBOX.sa-learn-spam
diff --git a/roles/spamassassin/handlers/main.yml b/roles/spamassassin/handlers/main.yml
index 800db5b..a67ce81 100644
--- a/roles/spamassassin/handlers/main.yml
+++ b/roles/spamassassin/handlers/main.yml
@@ -1,16 +1,16 @@
---
-- name: restart spamd
+- name: Restart spamd
ansible.builtin.service:
name: spamd
state: restarted
-- name: restart spamass-milter
+- name: Restart spamass-milter
ansible.builtin.service:
name: spamass-milter
state: restarted
-- name: reload spamd
+- name: Reload spamd
ansible.builtin.service:
name: spamassassin
state: reloaded
diff --git a/roles/spamassassin/tasks/config.yml b/roles/spamassassin/tasks/config.yml
index 064255e..85c5758 100644
--- a/roles/spamassassin/tasks/config.yml
+++ b/roles/spamassassin/tasks/config.yml
@@ -1,37 +1,37 @@
---
-- name: render /etc/default/spamassassin
+- name: Render /etc/default/spamassassin
ansible.builtin.template:
src: etc/default/spamassassin.j2
dest: /etc/default/spamassassin
owner: root
group: root
- mode: 0644
- notify: restart spamd
+ mode: "0644"
+ notify: Restart spamd
-- name: render /etc/default/spamass-milter
+- name: Render /etc/default/spamass-milter
ansible.builtin.template:
src: etc/default/spamass-milter.j2
dest: /etc/default/spamass-milter
owner: root
group: root
- mode: 0644
- notify: restart spamass-milter
+ mode: "0644"
+ notify: Restart spamass-milter
-- name: render /etc/default/spamd
+- name: Render /etc/default/spamd
ansible.builtin.template:
src: etc/default/spamd.j2
dest: /etc/default/spamd
owner: root
group: root
- mode: 0644
- notify: restart spamd
+ mode: "0644"
+ notify: Restart spamd
-- name: render /etc/spamassassin/local.cf
+- name: Render /etc/spamassassin/local.cf
ansible.builtin.template:
src: etc/spamassassin/local.cf.j2
dest: /etc/spamassassin/local.cf
owner: root
group: root
- mode: 0644
- notify: restart spamd
+ mode: "0644"
+ notify: Restart spamd
diff --git a/roles/spamassassin/tasks/install.yml b/roles/spamassassin/tasks/install.yml
index 7744af5..4946150 100644
--- a/roles/spamassassin/tasks/install.yml
+++ b/roles/spamassassin/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install spamassassin
+- name: Install spamassassin
ansible.builtin.apt:
name:
- spamassassin
@@ -11,30 +11,30 @@
- pyzor
- razor
-- name: start and enable spamassassin spamd
+- name: Start and enable spamassassin spamd
ansible.builtin.service:
name: spamd
state: started
- enabled: yes
+ enabled: true
-- name: start and enable spamass-milter spamd
+- name: Start and enable spamass-milter spamd
ansible.builtin.service:
name: spamass-milter
state: started
- enabled: yes
+ enabled: true
-- name: render auto sa-learn script
+- name: Render auto sa-learn script
ansible.builtin.template:
src: usr/local/bin/sa-learn.sh.j2
dest: /usr/local/bin/sa-learn.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
-- name: render auto sa-learn cronjonb
+- name: Render auto sa-learn cronjonb
ansible.builtin.template:
src: etc/cron.d/sa-learn.j2
dest: /etc/cron.d/sa-learn
owner: root
group: root
- mode: 0644
+ mode: "0644"
diff --git a/roles/spamassassin/tasks/main.yml b/roles/spamassassin/tasks/main.yml
index fbdb1a1..dd15b2e 100644
--- a/roles/spamassassin/tasks/main.yml
+++ b/roles/spamassassin/tasks/main.yml
@@ -1,12 +1,12 @@
---
-- name: install spamassassin
+- name: Install spamassassin
ansible.builtin.import_tasks: install.yml
tags:
- "role::spamassassin"
- "role::spamassassin:install"
-- name: configure spamassassin
+- name: Configure spamassassin
ansible.builtin.import_tasks: config.yml
tags:
- "role::spamassassin"