s3lph
parent
bd2722e9b1
commit
8ab1725145
75 changed files with 542 additions and 446 deletions
.ansible-lint
.forgejo/workflows
.gitlab-ci.ymlgalaxy.ymlmeta
roles
dovecot
defaults/main
handlers
tasks
easywks
getaddrinfo/tasks
mailman
defaults
handlers
tasks
multischleuder
opendkim
postfix
defaults/main
handlers
tasks
postfixadmin
defaults
handlers
tasks
postsrsd
schleuder
defaults
handlers
tasks
spamassassin
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
skip_list:
|
||||||
|
- galaxy[no-changelog]
|
||||||
|
- galaxy[version-incorrect]
|
||||||
|
- var-naming[no-role-prefix]
|
||||||
29
.forgejo/workflows/ansible-galaxy.yml
Normal file
29
.forgejo/workflows/ansible-galaxy.yml
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
name: Ansible Galaxy
|
||||||
|
|
||||||
|
on: # noqa yaml[truthy]
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- 'v*'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: docker
|
||||||
|
steps:
|
||||||
|
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set version in galaxy.yml
|
||||||
|
run: |
|
||||||
|
VERSION=${GITHUB_REF#refs/tags/v}
|
||||||
|
sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml
|
||||||
|
|
||||||
|
- name: Upload collection to Ansible Galaxy
|
||||||
|
env:
|
||||||
|
GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
|
||||||
|
run: |
|
||||||
|
apt update; apt install --yes python3-pip
|
||||||
|
pip3 install --break-system-packages ansible
|
||||||
|
ansible-galaxy collection build
|
||||||
|
ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-mailserver*tar.gz
|
||||||
17
.forgejo/workflows/ansible-lint.yml
Normal file
17
.forgejo/workflows/ansible-lint.yml
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
name: Ansible Lint
|
||||||
|
on: [push, pull_request] # noqa yaml[truthy]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: docker
|
||||||
|
|
||||||
|
steps:
|
||||||
|
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- run: |
|
||||||
|
apt update; apt install --yes python3-pip
|
||||||
|
pip3 install --break-system-packages ansible-lint
|
||||||
|
ansible-lint
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
image: docker.io/yokogawa/ansible-lint@sha256:2603476e7f8c111bdf4a186d84a077c156bc3d12d07cc1c632adc9949d4f0b9d
|
|
||||||
|
|
||||||
stages:
|
|
||||||
- test
|
|
||||||
|
|
||||||
lint:
|
|
||||||
stage: test
|
|
||||||
script:
|
|
||||||
- ansible-lint --force-color
|
|
||||||
13
galaxy.yml
13
galaxy.yml
|
|
@ -8,7 +8,7 @@ namespace: s3lph
|
||||||
name: mailserver
|
name: mailserver
|
||||||
|
|
||||||
# The version of the collection. Must be compatible with semantic versioning
|
# The version of the collection. Must be compatible with semantic versioning
|
||||||
version: '0.4.7'
|
version: '0.5.0'
|
||||||
|
|
||||||
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
|
||||||
readme: README.md
|
readme: README.md
|
||||||
|
|
@ -16,7 +16,7 @@ readme: README.md
|
||||||
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
|
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
|
||||||
# @nicks:irc/im.site#channel'
|
# @nicks:irc/im.site#channel'
|
||||||
authors:
|
authors:
|
||||||
- s3lph <1375407-s3lph@users.noreply.gitlab.com>
|
- s3lph <s3lph@kabelsalat.ch>
|
||||||
|
|
||||||
|
|
||||||
### OPTIONAL but strongly recommended
|
### OPTIONAL but strongly recommended
|
||||||
|
|
@ -31,6 +31,7 @@ license:
|
||||||
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
|
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
|
||||||
# requirements as 'namespace' and 'name'
|
# requirements as 'namespace' and 'name'
|
||||||
tags:
|
tags:
|
||||||
|
- application
|
||||||
- email
|
- email
|
||||||
- mailserver
|
- mailserver
|
||||||
- postfix
|
- postfix
|
||||||
|
|
@ -50,16 +51,16 @@ dependencies:
|
||||||
community.crypto: '1.5.0'
|
community.crypto: '1.5.0'
|
||||||
|
|
||||||
# The URL of the originating SCM repository
|
# The URL of the originating SCM repository
|
||||||
repository: https://gitlab.com/s3lph/ansible-collection-mailserver
|
repository: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
|
||||||
|
|
||||||
# The URL to any online docs
|
# The URL to any online docs
|
||||||
documentation: https://gitlab.com/s3lph/ansible-collection-mailserver
|
documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
|
||||||
|
|
||||||
# The URL to the homepage of the collection/project
|
# The URL to the homepage of the collection/project
|
||||||
homepage: https://gitlab.com/s3lph/ansible-collection-mailserver
|
homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver
|
||||||
|
|
||||||
# The URL to the collection issue tracker
|
# The URL to the collection issue tracker
|
||||||
issues: https://gitlab.com/s3lph/ansible-collection-mailserver/-/issues
|
issues: https://git.kabelsalat.ch/s3lph/ansible-collection-mailserver/issues
|
||||||
|
|
||||||
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
|
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
|
||||||
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
|
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
|
||||||
|
|
|
||||||
52
meta/runtime.yml
Normal file
52
meta/runtime.yml
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
# Collections must specify a minimum required ansible version to upload
|
||||||
|
# to galaxy
|
||||||
|
requires_ansible: '>=2.15.0'
|
||||||
|
|
||||||
|
# Content that Ansible needs to load from another location or that has
|
||||||
|
# been deprecated/removed
|
||||||
|
# plugin_routing:
|
||||||
|
# action:
|
||||||
|
# redirected_plugin_name:
|
||||||
|
# redirect: ns.col.new_location
|
||||||
|
# deprecated_plugin_name:
|
||||||
|
# deprecation:
|
||||||
|
# removal_version: "4.0.0"
|
||||||
|
# warning_text: |
|
||||||
|
# See the porting guide on how to update your playbook to
|
||||||
|
# use ns.col.another_plugin instead.
|
||||||
|
# removed_plugin_name:
|
||||||
|
# tombstone:
|
||||||
|
# removal_version: "2.0.0"
|
||||||
|
# warning_text: |
|
||||||
|
# See the porting guide on how to update your playbook to
|
||||||
|
# use ns.col.another_plugin instead.
|
||||||
|
# become:
|
||||||
|
# cache:
|
||||||
|
# callback:
|
||||||
|
# cliconf:
|
||||||
|
# connection:
|
||||||
|
# doc_fragments:
|
||||||
|
# filter:
|
||||||
|
# httpapi:
|
||||||
|
# inventory:
|
||||||
|
# lookup:
|
||||||
|
# module_utils:
|
||||||
|
# modules:
|
||||||
|
# netconf:
|
||||||
|
# shell:
|
||||||
|
# strategy:
|
||||||
|
# terminal:
|
||||||
|
# test:
|
||||||
|
# vars:
|
||||||
|
|
||||||
|
# Python import statements that Ansible needs to load from another location
|
||||||
|
# import_redirection:
|
||||||
|
# ansible_collections.ns.col.plugins.module_utils.old_location:
|
||||||
|
# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
|
||||||
|
|
||||||
|
# Groups of actions/modules that take a common set of options
|
||||||
|
# action_groups:
|
||||||
|
# group_name:
|
||||||
|
# - module1
|
||||||
|
# - module2
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
dovecot_enable_pigeonhole: no
|
dovecot_enable_pigeonhole: false
|
||||||
dovecot_enable_pigeonhole_managesieve: no
|
dovecot_enable_pigeonhole_managesieve: false
|
||||||
dovecot_pigeonhole_sieve: "file:~/sieve;active=~/.dovecot.sieve"
|
dovecot_pigeonhole_sieve: "file:~/sieve;active=~/.dovecot.sieve"
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,6 @@ dovecot_passdb_scheme: BLF-CRYPT
|
||||||
dovecot_passdb_filename: /etc/dovecot/userdb/%d
|
dovecot_passdb_filename: /etc/dovecot/userdb/%d
|
||||||
dovecot_passdb_user_format: "%u"
|
dovecot_passdb_user_format: "%u"
|
||||||
|
|
||||||
dovecot_master_passdb_enable: no
|
dovecot_master_passdb_enable: false
|
||||||
dovecot_master_passdb: {}
|
dovecot_master_passdb: {}
|
||||||
dovecot_master_user_separator: ";"
|
dovecot_master_user_separator: ";"
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
virtual_mail_uid: virtual
|
virtual_mail_uid: virtual
|
||||||
virtual_mail_gid: virtual
|
virtual_mail_gid: virtual
|
||||||
virutal_mail_home: /home/virtual
|
virtual_mail_home: /home/virtual
|
||||||
virtual_mail_user_home: /home/virtual/%d/%n
|
virtual_mail_user_home: /home/virtual/%d/%n
|
||||||
virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir
|
virtual_mail_location: maildir:/home/virtual/%d/%n/Maildir
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: reload dovecot
|
- name: Reload dovecot
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: restart dovecot
|
- name: Restart dovecot
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,21 +1,21 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/dovecot/dovecot.conf
|
- name: Render /etc/dovecot/dovecot.conf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/dovecot/dovecot.conf.j2
|
src: etc/dovecot/dovecot.conf.j2
|
||||||
dest: /etc/dovecot/dovecot.conf
|
dest: /etc/dovecot/dovecot.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: dovecot
|
group: dovecot
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: restart dovecot
|
notify: Restart dovecot
|
||||||
|
|
||||||
- name: render /etc/dovecot/master.passwd
|
- name: Render /etc/dovecot/master.passwd
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/dovecot/passwd-file.j2
|
src: etc/dovecot/passwd-file.j2
|
||||||
dest: /etc/dovecot/master.passwd
|
dest: /etc/dovecot/master.passwd
|
||||||
owner: root
|
owner: root
|
||||||
group: dovecot
|
group: dovecot
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
vars:
|
vars:
|
||||||
passwd: "{{ dovecot_master_passdb | dict2items(key_name='username', value_name='password') }}"
|
passwd: "{{ dovecot_master_passdb | dict2items(key_name='username', value_name='password') }}"
|
||||||
passdb_only: yes
|
passdb_only: true
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install dovecot packages
|
- name: Install dovecot packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
|
|
@ -11,15 +11,15 @@
|
||||||
- dovecot-sieve
|
- dovecot-sieve
|
||||||
- dovecot-managesieved
|
- dovecot-managesieved
|
||||||
|
|
||||||
- name: add dovecot user to virtual mail group
|
- name: Add dovecot user to virtual mail group
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
groups: "{{ virtual_mail_gid }}"
|
groups: "{{ virtual_mail_gid }}"
|
||||||
append: yes
|
append: true
|
||||||
notify: restart dovecot
|
notify: Restart dovecot
|
||||||
|
|
||||||
- name: start and enable dovecot
|
- name: Start and enable dovecot
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,18 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create virtual user/group
|
- name: Create virtual user/group
|
||||||
ansible.builtin.import_tasks: virtual.yml
|
ansible.builtin.import_tasks: virtual.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::dovecot"
|
- "role::dovecot"
|
||||||
- "role::dovecot:virtual"
|
- "role::dovecot:virtual"
|
||||||
|
|
||||||
- name: install dovecot
|
- name: Install dovecot
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::dovecot"
|
- "role::dovecot"
|
||||||
- "role::dovecot:install"
|
- "role::dovecot:install"
|
||||||
|
|
||||||
- name: configure dovecot
|
- name: Configure dovecot
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::dovecot"
|
- "role::dovecot"
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create virtual mail group
|
- name: Create virtual mail group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: "{{ virtual_mail_gid }}"
|
name: "{{ virtual_mail_gid }}"
|
||||||
system: yes
|
system: true
|
||||||
|
|
||||||
- name: create virtual mail user
|
- name: Create virtual mail user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ virtual_mail_uid }}"
|
name: "{{ virtual_mail_uid }}"
|
||||||
group: "{{ virtual_mail_gid }}"
|
group: "{{ virtual_mail_gid }}"
|
||||||
home: "{{ virtual_mail_home }}"
|
home: "{{ virtual_mail_home }}"
|
||||||
password: '!'
|
password: '!'
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
system: yes
|
system: true
|
||||||
comment: Virtual Mail User
|
comment: Virtual Mail User
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
easywks_download: yes
|
easywks_download: true
|
||||||
|
|
||||||
easywks_config: ""
|
easywks_config: ""
|
||||||
easywks_service_http_enabled: yes
|
easywks_service_http_enabled: true
|
||||||
easywks_service_lmtp_enabled: yes
|
easywks_service_lmtp_enabled: true
|
||||||
easywks_service_dnsd_enabled: yes
|
easywks_service_dnsd_enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: restart easywks-http
|
- name: Restart easywks-http
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-http
|
name: easywks-http
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart easywks-lmtp
|
- name: Restart easywks-lmtp
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-lmtp
|
name: easywks-lmtp
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart easywks-dnsd
|
- name: Restart easywks-dnsd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-dnsd
|
name: easywks-dnsd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,30 +1,30 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render easywks config file
|
- name: Render easywks config file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/easywks.yml.j2
|
src: etc/easywks.yml.j2
|
||||||
dest: /etc/easywks.yml
|
dest: /etc/easywks.yml
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify:
|
notify:
|
||||||
- restart easywks-http
|
- Restart easywks-http
|
||||||
- restart easywks-lmtp
|
- Restart easywks-lmtp
|
||||||
- restart easywks-dnsd
|
- Restart easywks-dnsd
|
||||||
|
|
||||||
- name: start and enable easywks-http
|
- name: Start and enable easywks-http
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-http
|
name: easywks-http
|
||||||
state: started
|
state: started
|
||||||
enabled: "{{ easywks_service_http_enabled }}"
|
enabled: "{{ easywks_service_http_enabled }}"
|
||||||
|
|
||||||
- name: start and enable easywks-lmtp
|
- name: Start and enable easywks-lmtp
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-lmtp
|
name: easywks-lmtp
|
||||||
state: started
|
state: started
|
||||||
enabled: "{{ easywks_service_lmtp_enabled }}"
|
enabled: "{{ easywks_service_lmtp_enabled }}"
|
||||||
|
|
||||||
- name: start and enable easywks-dnsd
|
- name: Start and enable easywks-dnsd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: easywks-dnsd
|
name: easywks-dnsd
|
||||||
state: started
|
state: started
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,24 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install easywks from system package sources
|
- name: Install easywks from system package sources
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: easywks
|
name: easywks
|
||||||
notify:
|
notify:
|
||||||
- restart easywks-http
|
- Restart easywks-http
|
||||||
- restart easywks-lmtp
|
- Restart easywks-lmtp
|
||||||
|
- Restart easywks-dnsd
|
||||||
when: "not easywks_download"
|
when: "not easywks_download"
|
||||||
|
|
||||||
- name: get easywks package url
|
- name: Get easywks package url
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
# https://gitlab.com/s3lph/easywks
|
# https://gitlab.com/s3lph/easywks
|
||||||
url: "https://gitlab.com/api/v4/projects/29907182/releases"
|
url: "https://gitlab.com/api/v4/projects/29907182/releases"
|
||||||
return_content: yes
|
return_content: true
|
||||||
register: "register_easywks_gitlab_releases"
|
register: "register_easywks_gitlab_releases"
|
||||||
changed_when: no
|
changed_when: false
|
||||||
when: "easywks_download"
|
when: "easywks_download"
|
||||||
|
|
||||||
- name: install easywks from upstream release
|
- name: Install easywks from upstream release
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
deb: "{{ url }}"
|
deb: "{{ url }}"
|
||||||
vars:
|
vars:
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install easywks
|
- name: Install easywks
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::easywks"
|
- "role::easywks"
|
||||||
- "role::easywks:install"
|
- "role::easywks:install"
|
||||||
|
|
||||||
- name: configure easywks
|
- name: Configure easywks
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::easywks"
|
- "role::easywks"
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@
|
||||||
dest: /etc/gai.conf
|
dest: /etc/gai.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
|
|
|
||||||
|
|
@ -4,18 +4,18 @@
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: https://rdap.arin.net/registry/entity/GOGL
|
url: https://rdap.arin.net/registry/entity/GOGL
|
||||||
register: gai_register_gogl_rdap
|
register: gai_register_gogl_rdap
|
||||||
|
|
||||||
- name: Initialize precedence list
|
- name: Initialize precedence list
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
getaddrinfo_precedence: "{{ getaddrinfo_precedence | default({}) }}"
|
getaddrinfo_precedence: "{{ getaddrinfo_precedence | default({}) }}"
|
||||||
|
|
||||||
- name: Add all Google v4 nets to precedence list
|
- name: Add all Google v4 nets to precedence list
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "{%- set _ = getaddrinfo_precedence[cidr] = 100 -%}{{- cidr -}}"
|
msg: "{%- set getaddrinfo_precedence = getaddrinfo_precedence + {cidr: 100} -%}{{- cidr -}}"
|
||||||
vars:
|
vars:
|
||||||
cidr: "{{ item.v4prefix }}/{{ item.length }}"
|
cidr: "{{ item.v4prefix }}/{{ item.length }}"
|
||||||
loop: "{{ gai_register_gogl_rdap.json.networks | selectattr('ipVersion', 'eq', 'v4') | map(attribute='cidr0_cidrs') | flatten }}"
|
loop: "{{ gai_register_gogl_rdap.json.networks | selectattr('ipVersion', 'eq', 'v4') | map(attribute='cidr0_cidrs') | flatten }}"
|
||||||
|
|
||||||
- name: Add all Google v4 nets to precedence list
|
- name: Add all Google v4 nets to precedence list
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
var: getaddrinfo_precedence
|
var: getaddrinfo_precedence
|
||||||
|
|
|
||||||
|
|
@ -59,11 +59,11 @@ mailman_mta_smtp_pass: ""
|
||||||
mailman_mta_lmtp_host: 127.0.0.1
|
mailman_mta_lmtp_host: 127.0.0.1
|
||||||
mailman_mta_lmtp_port: 8024
|
mailman_mta_lmtp_port: 8024
|
||||||
mailman_mta_configuration: python:mailman.config.postfix
|
mailman_mta_configuration: python:mailman.config.postfix
|
||||||
mailman_mta_remove_dkim_headers: yes
|
mailman_mta_remove_dkim_headers: true
|
||||||
mailman_mta_additional_config: ""
|
mailman_mta_additional_config: ""
|
||||||
|
|
||||||
|
|
||||||
mailman_hyperkitty_enabled: yes
|
mailman_hyperkitty_enabled: true
|
||||||
mailman_hyperkitty_localhost_base_url: http://localhost/hyperkitty/
|
mailman_hyperkitty_localhost_base_url: http://localhost/hyperkitty/
|
||||||
mailman_hyperkitty_api_acl:
|
mailman_hyperkitty_api_acl:
|
||||||
- "127.0.0.1"
|
- "127.0.0.1"
|
||||||
|
|
@ -84,11 +84,11 @@ mailman_web_auth_socialaccounts: []
|
||||||
mailman_web_language: en-us
|
mailman_web_language: en-us
|
||||||
mailman_web_timezone: UTC
|
mailman_web_timezone: UTC
|
||||||
mailman_web_emailname: "{{ mailman_sitename }}"
|
mailman_web_emailname: "{{ mailman_sitename }}"
|
||||||
mailman_web_compress_online: yes
|
mailman_web_compress_online: true
|
||||||
mailman_web_base_url: http://localhost/
|
mailman_web_base_url: http://localhost/
|
||||||
mailman_web_static_url: /static/
|
mailman_web_static_url: /static/
|
||||||
mailman_web_disable_gravatar: yes
|
mailman_web_disable_gravatar: true
|
||||||
mailman_web_disable_web_posting: yes
|
mailman_web_disable_web_posting: true
|
||||||
# django.db.backends.sqlite3
|
# django.db.backends.sqlite3
|
||||||
# django.db.backends.mysql
|
# django.db.backends.mysql
|
||||||
# django.db.backends.postgresql_psycopg2
|
# django.db.backends.postgresql_psycopg2
|
||||||
|
|
@ -116,8 +116,8 @@ mailman_mariadb_bootstrap_login_user: root
|
||||||
mailman_mariadb_bootstrap_login_password: ''
|
mailman_mariadb_bootstrap_login_password: ''
|
||||||
mailman_superuser_name: root
|
mailman_superuser_name: root
|
||||||
|
|
||||||
mailman_web_override_templates: no
|
mailman_web_override_templates: false
|
||||||
mailman_web_override_templates_path: "{{ playbook_dir }}/templates/override"
|
mailman_web_override_templates_path: "{{ playbook_dir }}/templates/override"
|
||||||
mailman_web_override_static_path: "{{ playbook_dir }}/static/override"
|
mailman_web_override_static_path: "{{ playbook_dir }}/static/override"
|
||||||
mailman_web_hyperkitty_cleanup_cron: '0 * * * *'
|
mailman_web_hyperkitty_cleanup_cron: '0 * * * *'
|
||||||
mailman_web_privacy_enhancements: no
|
mailman_web_privacy_enhancements: false
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: systemctl daemon-reload
|
- name: Systemctl daemon-reload
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart mailman3
|
- name: Restart mailman3
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: mailman3
|
name: mailman3
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart mailman3-web
|
- name: Restart mailman3-web
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: mailman3-web
|
name: mailman3-web
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: reload postfix
|
- name: Reload postfix
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create mariadb mailman database
|
- name: Create mariadb mailman database
|
||||||
community.mysql.mysql_db:
|
community.mysql.mysql_db:
|
||||||
name: '{{ mailman_mariadb_database }}'
|
name: '{{ mailman_mariadb_database }}'
|
||||||
login_host: '{{ mailman_mariadb_bootstrap_host }}'
|
login_host: '{{ mailman_mariadb_bootstrap_host }}'
|
||||||
|
|
@ -8,9 +8,9 @@
|
||||||
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
||||||
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
||||||
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create mariadb mailman-web database
|
- name: Create mariadb mailman-web database
|
||||||
community.mysql.mysql_db:
|
community.mysql.mysql_db:
|
||||||
name: '{{ mailman_web_database_name }}'
|
name: '{{ mailman_web_database_name }}'
|
||||||
login_host: '{{ mailman_mariadb_bootstrap_host }}'
|
login_host: '{{ mailman_mariadb_bootstrap_host }}'
|
||||||
|
|
@ -18,9 +18,9 @@
|
||||||
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
||||||
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
||||||
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create mailman database user
|
- name: Create mailman database user
|
||||||
community.mysql.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ mailman_mariadb_user }}"
|
name: "{{ mailman_mariadb_user }}"
|
||||||
host: "{{ mailman_mariadb_user_host }}"
|
host: "{{ mailman_mariadb_user_host }}"
|
||||||
|
|
@ -31,9 +31,9 @@
|
||||||
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
||||||
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
||||||
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create mailman-web database user
|
- name: Create mailman-web database user
|
||||||
community.mysql.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ mailman_web_database_user }}"
|
name: "{{ mailman_web_database_user }}"
|
||||||
host: "{{ mailman_web_database_user_host }}"
|
host: "{{ mailman_web_database_user_host }}"
|
||||||
|
|
@ -44,9 +44,9 @@
|
||||||
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
||||||
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
||||||
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create mailman-postfix database user
|
- name: Create mailman-postfix database user
|
||||||
community.mysql.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ mailman_database_postfix_user }}"
|
name: "{{ mailman_database_postfix_user }}"
|
||||||
host: "{{ mailman_database_postfix_user_host }}"
|
host: "{{ mailman_database_postfix_user_host }}"
|
||||||
|
|
@ -57,26 +57,26 @@
|
||||||
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
login_unix_socket: '{{ mailman_mariadb_bootstrap_socket }}'
|
||||||
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
login_user: '{{ mailman_mariadb_bootstrap_login_user }}'
|
||||||
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
login_password: '{{ mailman_mariadb_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: apply mailman-web migrations
|
- name: Apply mailman-web migrations
|
||||||
become_user: www-data
|
become_user: www-data
|
||||||
become_method: sudo
|
become: true
|
||||||
ansible.builtin.command: /usr/share/mailman3-web/manage.py migrate
|
ansible.builtin.command: /usr/share/mailman3-web/manage.py migrate
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
||||||
- name: change django default site
|
- name: Change django default site
|
||||||
become_user: www-data
|
become_user: www-data
|
||||||
become_method: sudo
|
become: true
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
/usr/share/mailman3-web/manage.py set_default_site
|
/usr/share/mailman3-web/manage.py set_default_site
|
||||||
--name {{ mailman_sitename }}
|
--name {{ mailman_sitename }}
|
||||||
--domain {{ mailman_sitename }}
|
--domain {{ mailman_sitename }}
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
||||||
- name: create mailman-web superuser
|
- name: Create mailman-web superuser
|
||||||
become_user: www-data
|
become_user: www-data
|
||||||
become_method: sudo
|
become: true
|
||||||
ansible.builtin.command: /usr/share/mailman3-web/manage.py shell
|
ansible.builtin.command: /usr/share/mailman3-web/manage.py shell
|
||||||
args:
|
args:
|
||||||
stdin: |
|
stdin: |
|
||||||
|
|
@ -86,4 +86,4 @@
|
||||||
'{{ mailman_superuser_email }}',
|
'{{ mailman_superuser_email }}',
|
||||||
'{{ mailman_superuser_password }}'
|
'{{ mailman_superuser_password }}'
|
||||||
)
|
)
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
|
||||||
|
|
@ -1,53 +1,53 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/mailman3/mailman.cfg
|
- name: Render /etc/mailman3/mailman.cfg
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/mailman3/mailman.cfg.j2
|
src: etc/mailman3/mailman.cfg.j2
|
||||||
dest: /etc/mailman3/mailman.cfg
|
dest: /etc/mailman3/mailman.cfg
|
||||||
owner: root
|
owner: root
|
||||||
group: list
|
group: list
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: restart mailman3
|
notify: Restart mailman3
|
||||||
|
|
||||||
- name: render /etc/mailman3/mailman-hyperkitty.cfg
|
- name: Render /etc/mailman3/mailman-hyperkitty.cfg
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/mailman3/mailman-hyperkitty.cfg.j2
|
src: etc/mailman3/mailman-hyperkitty.cfg.j2
|
||||||
dest: /etc/mailman3/mailman-hyperkitty.cfg
|
dest: /etc/mailman3/mailman-hyperkitty.cfg
|
||||||
owner: root
|
owner: root
|
||||||
group: list
|
group: list
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: restart mailman3
|
notify: Restart mailman3
|
||||||
|
|
||||||
- name: render /etc/mailman3/mailman-web.py
|
- name: Render /etc/mailman3/mailman-web.py
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/mailman3/mailman-web.py.j2
|
src: etc/mailman3/mailman-web.py.j2
|
||||||
dest: /etc/mailman3/mailman-web.py
|
dest: /etc/mailman3/mailman-web.py
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: restart mailman3-web
|
notify: Restart mailman3-web
|
||||||
|
|
||||||
- name: create /etc/postfix/sql directory
|
- name: Create /etc/postfix/sql directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/postfix/sql
|
path: /etc/postfix/sql
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: render postfix sql config file
|
- name: Render postfix sql config file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/postfix/sql/mailman_mysql_virtual_domains.cf.j2
|
src: etc/postfix/sql/mailman_mysql_virtual_domains.cf.j2
|
||||||
dest: /etc/postfix/sql/mailman_mysql_virtual_domains.cf
|
dest: /etc/postfix/sql/mailman_mysql_virtual_domains.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: postfix
|
group: postfix
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: reload postfix
|
notify: Reload postfix
|
||||||
|
|
||||||
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037358
|
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037358
|
||||||
- name: disable gatenews cronjob
|
- name: Disable gatenews cronjob
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
file: /etc/cron.d/mailman3
|
path: /etc/cron.d/mailman3
|
||||||
regexp: '^#(?/*/usr/bin/mailman gatenews.*)$'
|
regexp: '^#(?/*/usr/bin/mailman gatenews.*)$'
|
||||||
line: '#\1'
|
line: '#\1'
|
||||||
when:
|
when:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install packages
|
- name: Install packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
|
|
@ -12,47 +12,47 @@
|
||||||
- mariadb-client
|
- mariadb-client
|
||||||
- acl
|
- acl
|
||||||
|
|
||||||
- name: fix permissions on /var/lib/mailman3/data
|
- name: Fix permissions on /var/lib/mailman3/data
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /var/lib/mailman3/data
|
path: /var/lib/mailman3/data
|
||||||
state: directory
|
state: directory
|
||||||
owner: list
|
owner: list
|
||||||
group: list
|
group: list
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: create mailman3 servive override directory
|
- name: Create mailman3 servive override directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/systemd/system/mailman3.service.d
|
path: /etc/systemd/system/mailman3.service.d
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: override mailman3 service dependencies
|
- name: Override mailman3 service dependencies
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/systemd/system/mailman3.service.d/override.conf.j2
|
src: etc/systemd/system/mailman3.service.d/override.conf.j2
|
||||||
dest: /etc/systemd/system/mailman3.service.d/override.conf
|
dest: /etc/systemd/system/mailman3.service.d/override.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: systemctl daemon-reload
|
notify: Systemctl daemon-reload
|
||||||
when: mailman3_service_dependencies is defined
|
when: mailman3_service_dependencies is defined
|
||||||
|
|
||||||
- name: remove mailman3 service dependencies override
|
- name: Remove mailman3 service dependencies override
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/systemd/system/mailman3.service.d/override.conf
|
path: /etc/systemd/system/mailman3.service.d/override.conf
|
||||||
state: absent
|
state: absent
|
||||||
notify: systemctl daemon-reload
|
notify: Systemctl daemon-reload
|
||||||
when: mailman3_service_dependencies is not defined
|
when: mailman3_service_dependencies is not defined
|
||||||
|
|
||||||
- name: systemctl daemon-reload
|
- name: Systemctl daemon-reload
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
- name: start and enable mailman
|
- name: Start and enable mailman
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
loop:
|
loop:
|
||||||
- mailman3
|
- mailman3
|
||||||
- mailman3-web
|
- mailman3-web
|
||||||
|
|
|
||||||
|
|
@ -1,30 +1,30 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install mailman3
|
- name: Install mailman3
|
||||||
ansible.builtin.import_tasks: install.yml # todo: wtf dependencies
|
ansible.builtin.import_tasks: install.yml # todo: wtf dependencies
|
||||||
tags:
|
tags:
|
||||||
- "role::mailman"
|
- "role::mailman"
|
||||||
- "role::mailman:install"
|
- "role::mailman:install"
|
||||||
|
|
||||||
- name: configure mailman3
|
- name: Configure mailman3
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::mailman"
|
- "role::mailman"
|
||||||
- "role::mailman:config"
|
- "role::mailman:config"
|
||||||
|
|
||||||
- name: override mailman3-web django templates
|
- name: Override mailman3-web django templates
|
||||||
ansible.builtin.import_tasks: templates.yml
|
ansible.builtin.import_tasks: templates.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::mailman"
|
- "role::mailman"
|
||||||
- "role::mailman:templates"
|
- "role::mailman:templates"
|
||||||
|
|
||||||
- name: create mailman3 databases and admin users
|
- name: Create mailman3 databases and admin users
|
||||||
ansible.builtin.import_tasks: bootstrap.yml
|
ansible.builtin.import_tasks: bootstrap.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::mailman:bootstrap"
|
- "role::mailman:bootstrap"
|
||||||
- "never"
|
- "never"
|
||||||
|
|
||||||
- name: create hyperkitty cleanup cronjob
|
- name: Create hyperkitty cleanup cronjob
|
||||||
ansible.builtin.import_tasks: privacy.yml
|
ansible.builtin.import_tasks: privacy.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::mailman:privacy"
|
- "role::mailman:privacy"
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,19 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render mysql client config for cleanup cronjob
|
- name: Render mysql client config for cleanup cronjob
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: root/.mysql.hyperkitty-cleanup.cnf.j2
|
src: root/.mysql.hyperkitty-cleanup.cnf.j2
|
||||||
dest: /root/.mysql.hyperkitty-cleanup.cnf
|
dest: /root/.mysql.hyperkitty-cleanup.cnf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
when: mailman_web_privacy_enhancements
|
when: mailman_web_privacy_enhancements
|
||||||
|
|
||||||
- name: render privacy-enhancing hyperkitty cleanup cronjob
|
- name: Render privacy-enhancing hyperkitty cleanup cronjob
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/cron.d/hyperkitty-cleanup.j2
|
src: etc/cron.d/hyperkitty-cleanup.j2
|
||||||
dest: /etc/cron.d/hyperkitty-cleanup
|
dest: /etc/cron.d/hyperkitty-cleanup
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
when: mailman_web_privacy_enhancements
|
when: mailman_web_privacy_enhancements
|
||||||
|
|
|
||||||
|
|
@ -1,59 +1,59 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create /var/lib/mailman3/web/templates
|
- name: Create /var/lib/mailman3/web/templates
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /var/lib/mailman3/web/templates
|
path: /var/lib/mailman3/web/templates
|
||||||
state: directory
|
state: directory
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: create template override directories
|
- name: Create template override directories
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/var/lib/mailman3/web/templates/{{ item.path }}"
|
path: "/var/lib/mailman3/web/templates/{{ item.path }}"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
when: "item.state == 'directory'"
|
when: "item.state == 'directory'"
|
||||||
with_filetree: "{{ mailman_web_override_templates_path }}"
|
with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
|
||||||
notify: restart mailman3-web
|
notify: Restart mailman3-web
|
||||||
|
|
||||||
- name: render template overrides
|
- name: Render template overrides
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.root }}/{{ item.path }}"
|
src: "{{ item.root }}/{{ item.path }}"
|
||||||
dest: "/var/lib/mailman3/web/templates/{{ item.path }}"
|
dest: "/var/lib/mailman3/web/templates/{{ item.path }}"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: "item.state != 'directory'"
|
when: "item.state != 'directory'"
|
||||||
with_filetree: "{{ mailman_web_override_templates_path }}"
|
with_community.general.filetree: "{{ mailman_web_override_templates_path }}"
|
||||||
notify: restart mailman3-web
|
notify: Restart mailman3-web
|
||||||
|
|
||||||
- name: create /var/lib/mailman3/web/static
|
- name: Create /var/lib/mailman3/web/static
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /var/lib/mailman3/web/static
|
path: /var/lib/mailman3/web/static
|
||||||
state: directory
|
state: directory
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: create static override directories
|
- name: Create static override directories
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/var/lib/mailman3/web/static/{{ item.path }}"
|
path: "/var/lib/mailman3/web/static/{{ item.path }}"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
when: "item.state == 'directory'"
|
when: "item.state == 'directory'"
|
||||||
with_filetree: "{{ mailman_web_override_static_path }}"
|
with_community.general.filetree: "{{ mailman_web_override_static_path }}"
|
||||||
notify: restart mailman3-web
|
notify: Restart mailman3-web
|
||||||
|
|
||||||
- name: render static overrides
|
- name: Render static overrides
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.root }}/{{ item.path }}"
|
src: "{{ item.root }}/{{ item.path }}"
|
||||||
dest: "/var/lib/mailman3/web/static/{{ item.path }}"
|
dest: "/var/lib/mailman3/web/static/{{ item.path }}"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
when: "item.state != 'directory'"
|
when: "item.state != 'directory'"
|
||||||
with_filetree: "{{ mailman_web_override_static_path }}"
|
with_community.general.filetree: "{{ mailman_web_override_static_path }}"
|
||||||
notify: restart mailman3-web
|
notify: Restart mailman3-web
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
multischleuder_download: yes
|
multischleuder_download: true
|
||||||
multischleuder_service_enabled: yes
|
multischleuder_service_enabled: true
|
||||||
|
|
||||||
multischleuder_config: |
|
multischleuder_config: |
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render easywks config file
|
- name: Render easywks config file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/multischleuder/multischleuder.yml.j2
|
src: etc/multischleuder/multischleuder.yml.j2
|
||||||
dest: /etc/multischleuder/multischleuder.yml
|
dest: /etc/multischleuder/multischleuder.yml
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
|
|
||||||
- name: start and enable multischleuder.timer
|
- name: Start and enable multischleuder.timer
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: multischleuder.timer
|
name: multischleuder.timer
|
||||||
state: started
|
state: started
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install multischleuder from system package sources
|
- name: Install multischleuder from system package sources
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: multischleuder
|
name: multischleuder
|
||||||
when: "not multischleuder_download"
|
when: "not multischleuder_download"
|
||||||
|
|
||||||
- name: get multischleuder package url
|
- name: Get multischleuder package url
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
# https://gitlab.com/s3lph/multischleuder
|
# https://gitlab.com/s3lph/multischleuder
|
||||||
url: "https://gitlab.com/api/v4/projects/35309982/releases"
|
url: "https://gitlab.com/api/v4/projects/35309982/releases"
|
||||||
return_content: yes
|
return_content: true
|
||||||
register: "register_multischleuder_gitlab_releases"
|
register: "register_multischleuder_gitlab_releases"
|
||||||
changed_when: no
|
changed_when: false
|
||||||
when: "multischleuder_download"
|
when: "multischleuder_download"
|
||||||
|
|
||||||
- name: install multischleuder from upstream release
|
- name: Install multischleuder from upstream release
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
deb: "{{ url }}"
|
deb: "{{ url }}"
|
||||||
vars:
|
vars:
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install multischleuder
|
- name: Install multischleuder
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::multischleuder"
|
- "role::multischleuder"
|
||||||
- "role::multischleuder:install"
|
- "role::multischleuder:install"
|
||||||
|
|
||||||
- name: configure multischleuder
|
- name: Configure multischleuder
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::multischleuder"
|
- "role::multischleuder"
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
opendkim_testmode: no
|
opendkim_testmode: false
|
||||||
|
|
||||||
opendkim_syslog: yes
|
opendkim_syslog: true
|
||||||
opendkim_syslog_success: yes
|
opendkim_syslog_success: true
|
||||||
opendkim_log_why: no
|
opendkim_log_why: false
|
||||||
|
|
||||||
opendkim_canonicalization: relaxed/relaxed
|
opendkim_canonicalization: relaxed/relaxed
|
||||||
opendkim_mode: sv
|
opendkim_mode: sv
|
||||||
opendkim_subdomains: no
|
opendkim_subdomains: false
|
||||||
opendkim_oversign_headers: From
|
opendkim_oversign_headers: From
|
||||||
|
|
||||||
opendkim_selector: mail
|
opendkim_selector: mail
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: restart opendkim
|
- name: Restart opendkim
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: opendkim
|
name: opendkim
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart postfix
|
- name: Restart postfix
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,44 +1,44 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create /etc/dkimkeys diretory
|
- name: Create /etc/dkimkeys diretory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/dkimkeys
|
path: /etc/dkimkeys
|
||||||
state: directory
|
state: directory
|
||||||
owner: opendkim
|
owner: opendkim
|
||||||
group: opendkim
|
group: opendkim
|
||||||
mode: 0700
|
mode: "0700"
|
||||||
|
|
||||||
- name: create dkim key
|
- name: Create dkim key
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
/usr/sbin/opendkim-genkey
|
/usr/sbin/opendkim-genkey
|
||||||
--directory=/etc/dkimkeys
|
--directory=/etc/dkimkeys
|
||||||
--selector={{ opendkim_selector }}
|
--selector={{ opendkim_selector }}
|
||||||
args:
|
args:
|
||||||
creates: "/etc/dkimkeys/{{ opendkim_selector }}.private"
|
creates: "/etc/dkimkeys/{{ opendkim_selector }}.private"
|
||||||
become: yes
|
become: true
|
||||||
become_user: opendkim
|
become_user: opendkim
|
||||||
notify: restart opendkim
|
notify: Restart opendkim
|
||||||
|
|
||||||
- name: create postfix spool socket directory
|
- name: Create postfix spool socket directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /var/spool/postfix/opendkim
|
path: /var/spool/postfix/opendkim
|
||||||
state: directory
|
state: directory
|
||||||
owner: opendkim
|
owner: opendkim
|
||||||
group: postfix
|
group: postfix
|
||||||
mode: 0770
|
mode: "0770"
|
||||||
notify: restart opendkim
|
notify: Restart opendkim
|
||||||
|
|
||||||
- name: render /etc/opendkim.conf
|
- name: Render /etc/opendkim.conf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/opendkim.conf.j2
|
src: etc/opendkim.conf.j2
|
||||||
dest: /etc/opendkim.conf
|
dest: /etc/opendkim.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart opendkim
|
notify: Restart opendkim
|
||||||
|
|
||||||
- name: start and enable opendkim
|
- name: Start and enable opendkim
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: opendkim
|
name: opendkim
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install opendkim
|
- name: Install opendkim
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name:
|
name:
|
||||||
- opendkim
|
- opendkim
|
||||||
- opendkim-tools
|
- opendkim-tools
|
||||||
|
|
||||||
- name: add postfix to opendkim group
|
- name: Add postfix to opendkim group
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: postfix
|
name: postfix
|
||||||
groups: opendkim
|
groups: opendkim
|
||||||
append: yes
|
append: true
|
||||||
notify: restart postfix
|
notify: Restart postfix
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install opendkim
|
- name: Install opendkim
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::opendkim"
|
- "role::opendkim"
|
||||||
- "role::opendkim:install"
|
- "role::opendkim:install"
|
||||||
|
|
||||||
- name: configure opendkim
|
- name: Configure opendkim
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::opendkim"
|
- "role::opendkim"
|
||||||
|
|
|
||||||
|
|
@ -16,15 +16,15 @@ postfix_mydestination:
|
||||||
postfix_additional_transport_maps: []
|
postfix_additional_transport_maps: []
|
||||||
postfix_additional_relay_domains: []
|
postfix_additional_relay_domains: []
|
||||||
|
|
||||||
postfix_postfixadmin_enable: no
|
postfix_postfixadmin_enable: false
|
||||||
postfix_mailman_enable: no
|
postfix_mailman_enable: false
|
||||||
postfix_schleuder_enable: no
|
postfix_schleuder_enable: false
|
||||||
postfix_policyd_spf_enable: no
|
postfix_policyd_spf_enable: false
|
||||||
postfix_srsd_enable: no
|
postfix_srsd_enable: false
|
||||||
postfix_srsd_nodefault: no
|
postfix_srsd_nodefault: false
|
||||||
postfix_spamassassin_enable: no
|
postfix_spamassassin_enable: false
|
||||||
postfix_easywks_pipe_transport: no
|
postfix_easywks_pipe_transport: false
|
||||||
postfix_opendkim_enable: no
|
postfix_opendkim_enable: false
|
||||||
postfix_srsd_forward_lookup: "tcp:localhost:10001"
|
postfix_srsd_forward_lookup: "tcp:localhost:10001"
|
||||||
postfix_srsd_reverse_lookup: "tcp:localhost:10002"
|
postfix_srsd_reverse_lookup: "tcp:localhost:10002"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ postfix_default_master_processes:
|
||||||
smtp:
|
smtp:
|
||||||
name: smtp
|
name: smtp
|
||||||
type: inet
|
type: inet
|
||||||
private: no
|
private: false
|
||||||
command: smtpd
|
command: smtpd
|
||||||
options:
|
options:
|
||||||
- '-o syslog_name=postfix/smtp'
|
- '-o syslog_name=postfix/smtp'
|
||||||
|
|
@ -17,7 +17,7 @@ postfix_default_master_processes:
|
||||||
submission:
|
submission:
|
||||||
name: submission
|
name: submission
|
||||||
type: inet
|
type: inet
|
||||||
private: no
|
private: false
|
||||||
command: smtpd
|
command: smtpd
|
||||||
options:
|
options:
|
||||||
- '-o syslog_name=postfix/submission'
|
- '-o syslog_name=postfix/submission'
|
||||||
|
|
@ -32,81 +32,81 @@ postfix_default_master_processes:
|
||||||
pickup:
|
pickup:
|
||||||
name: pickup
|
name: pickup
|
||||||
type: unix
|
type: unix
|
||||||
private: no
|
private: false
|
||||||
chroot: no
|
chroot: false
|
||||||
wakeup: 60
|
wakeup: 60
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
name: cleanup
|
name: cleanup
|
||||||
type: unix
|
type: unix
|
||||||
private: no
|
private: false
|
||||||
maxproc: 0
|
maxproc: 0
|
||||||
|
|
||||||
qmgr:
|
qmgr:
|
||||||
name: qmgr
|
name: qmgr
|
||||||
type: unix
|
type: unix
|
||||||
private: no
|
private: false
|
||||||
chroot: no
|
chroot: false
|
||||||
wakeup: 300
|
wakeup: 300
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
tlsmgr:
|
tlsmgr:
|
||||||
name: tlsmgr
|
name: tlsmgr
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
wakeup: '1000?'
|
wakeup: '1000?'
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
rewrite:
|
rewrite:
|
||||||
name: rewrite
|
name: rewrite
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
command: trivial-rewrite
|
command: trivial-rewrite
|
||||||
|
|
||||||
bounce:
|
bounce:
|
||||||
name: bounce
|
name: bounce
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 0
|
maxproc: 0
|
||||||
|
|
||||||
defer:
|
defer:
|
||||||
name: defer
|
name: defer
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 0
|
maxproc: 0
|
||||||
command: bounce
|
command: bounce
|
||||||
|
|
||||||
trace:
|
trace:
|
||||||
name: trace
|
name: trace
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 0
|
maxproc: 0
|
||||||
command: bounce
|
command: bounce
|
||||||
|
|
||||||
verify:
|
verify:
|
||||||
name: verify
|
name: verify
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
flush:
|
flush:
|
||||||
name: flush
|
name: flush
|
||||||
type: unix
|
type: unix
|
||||||
private: no
|
private: false
|
||||||
chroot: no
|
chroot: false
|
||||||
wakeup: '1000?'
|
wakeup: '1000?'
|
||||||
maxproc: 0
|
maxproc: 0
|
||||||
|
|
||||||
proxymap:
|
proxymap:
|
||||||
name: proxymap
|
name: proxymap
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
proxywrite:
|
proxywrite:
|
||||||
name: proxywrite
|
name: proxywrite
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
command: proxymap
|
command: proxymap
|
||||||
|
|
||||||
|
|
@ -125,59 +125,59 @@ postfix_default_master_processes:
|
||||||
showq:
|
showq:
|
||||||
name: showq
|
name: showq
|
||||||
type: unix
|
type: unix
|
||||||
private: no
|
private: false
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
error:
|
error:
|
||||||
name: error
|
name: error
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
retry:
|
retry:
|
||||||
name: retry
|
name: retry
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
command: error
|
command: error
|
||||||
|
|
||||||
discard:
|
discard:
|
||||||
name: discard
|
name: discard
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
local:
|
local:
|
||||||
name: local
|
name: local
|
||||||
type: unix
|
type: unix
|
||||||
unpriv: no
|
unpriv: false
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
virtual:
|
virtual:
|
||||||
name: virtual
|
name: virtual
|
||||||
type: unix
|
type: unix
|
||||||
unpriv: no
|
unpriv: false
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
lmtp:
|
lmtp:
|
||||||
name: lmtp
|
name: lmtp
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
|
|
||||||
anvil:
|
anvil:
|
||||||
name: anvil
|
name: anvil
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
scache:
|
scache:
|
||||||
name: scache
|
name: scache
|
||||||
type: unix
|
type: unix
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
|
|
||||||
postlog:
|
postlog:
|
||||||
name: postlog
|
name: postlog
|
||||||
type: unix-dgram
|
type: unix-dgram
|
||||||
private: no
|
private: false
|
||||||
chroot: no
|
chroot: false
|
||||||
maxproc: 1
|
maxproc: 1
|
||||||
command: postlogd
|
command: postlogd
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,8 @@ postfix_policyd_spf_testonly: 0
|
||||||
postfix_policyd_spf_helo_reject: Fail
|
postfix_policyd_spf_helo_reject: Fail
|
||||||
postfix_policyd_spf_mail_from_reject: Fail
|
postfix_policyd_spf_mail_from_reject: Fail
|
||||||
|
|
||||||
postfix_policyd_spf_permerror_reject: False
|
postfix_policyd_spf_permerror_reject: "False"
|
||||||
postfix_policyd_spf_temperror_reject: False
|
postfix_policyd_spf_temperror_reject: "False"
|
||||||
|
|
||||||
postfix_policyd_spf_skip_addresses:
|
postfix_policyd_spf_skip_addresses:
|
||||||
- "127.0.0.0/8"
|
- "127.0.0.0/8"
|
||||||
|
|
|
||||||
|
|
@ -48,6 +48,6 @@ postfix_body_checks: []
|
||||||
|
|
||||||
postfix_smtpd_sender_login_maps: []
|
postfix_smtpd_sender_login_maps: []
|
||||||
|
|
||||||
postfix_always_add_missing_headers: no
|
postfix_always_add_missing_headers: false
|
||||||
postfix_local_header_rewrite_clients:
|
postfix_local_header_rewrite_clients:
|
||||||
- permit_inet_interfaces
|
- permit_inet_interfaces
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
postfix_enable_virtual_mail: yes
|
postfix_enable_virtual_mail: true
|
||||||
|
|
||||||
virtual_mail_uid: virtual
|
virtual_mail_uid: virtual
|
||||||
virtual_mail_gid: virtual
|
virtual_mail_gid: virtual
|
||||||
virutal_mail_home: /home/virtual
|
virtual_mail_home: /home/virtual
|
||||||
|
|
||||||
virtual_minimum_uid: 100
|
virtual_minimum_uid: 100
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: restart postfix
|
- name: Restart postfix
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: reload postfix
|
- name: Reload postfix
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: restart postfix-mta-sts-resolver
|
- name: Restart postfix-mta-sts-resolver
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix-mta-sts-resolver
|
name: postfix-mta-sts-resolver
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: postalias /etc/aliases
|
- name: Postalias /etc/aliases
|
||||||
ansible.builtin.command: postalias /etc/aliases
|
ansible.builtin.command: postalias /etc/aliases
|
||||||
|
changed_when: true
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,8 @@
|
||||||
dest: /etc/postfix/main.cf
|
dest: /etc/postfix/main.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart postfix
|
notify: Restart postfix
|
||||||
|
|
||||||
- name: Render /etc/postfix/master.cf
|
- name: Render /etc/postfix/master.cf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
@ -15,8 +15,8 @@
|
||||||
dest: /etc/postfix/master.cf
|
dest: /etc/postfix/master.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart postfix
|
notify: Restart postfix
|
||||||
|
|
||||||
- name: Render /etc/postfix-policyd-spf-python/policyd-spf.conf
|
- name: Render /etc/postfix-policyd-spf-python/policyd-spf.conf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
@ -24,8 +24,8 @@
|
||||||
dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
|
dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart postfix
|
notify: Restart postfix
|
||||||
|
|
||||||
- name: Render /etc/mta-sts-daemon.yml
|
- name: Render /etc/mta-sts-daemon.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
@ -33,8 +33,8 @@
|
||||||
dest: /etc/mta-sts-daemon.yml
|
dest: /etc/mta-sts-daemon.yml
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart postfix-mta-sts-resolver
|
notify: Restart postfix-mta-sts-resolver
|
||||||
|
|
||||||
- name: Start and enable postfix-mta-sts-resolver
|
- name: Start and enable postfix-mta-sts-resolver
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install packages
|
- name: Install packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create postfix virtual users/group
|
- name: Create postfix virtual users/group
|
||||||
ansible.builtin.import_tasks: setup.yml
|
ansible.builtin.import_tasks: setup.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfix"
|
- "role::postfix"
|
||||||
|
|
@ -8,19 +8,19 @@
|
||||||
- "role::postfix:config"
|
- "role::postfix:config"
|
||||||
- "role::postfix:tables"
|
- "role::postfix:tables"
|
||||||
|
|
||||||
- name: install postfix
|
- name: Install postfix
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfix"
|
- "role::postfix"
|
||||||
- "role::postfix:install"
|
- "role::postfix:install"
|
||||||
|
|
||||||
- name: configure postfix
|
- name: Configure postfix
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfix"
|
- "role::postfix"
|
||||||
- "role::postfix:config"
|
- "role::postfix:config"
|
||||||
|
|
||||||
- name: render postfix lookup tables
|
- name: Render postfix lookup tables
|
||||||
ansible.builtin.import_tasks: tables.yml
|
ansible.builtin.import_tasks: tables.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfix"
|
- "role::postfix"
|
||||||
|
|
|
||||||
|
|
@ -1,25 +1,25 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create virtual mail group
|
- name: Create virtual mail group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: "{{ virtual_mail_gid }}"
|
name: "{{ virtual_mail_gid }}"
|
||||||
system: yes
|
system: true
|
||||||
register: postfix_register_vmail_group
|
register: postfix_register_vmail_group
|
||||||
when: postfix_enable_virtual_mail
|
when: postfix_enable_virtual_mail
|
||||||
|
|
||||||
- name: create virtual mail user
|
- name: Create virtual mail user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ virtual_mail_uid }}"
|
name: "{{ virtual_mail_uid }}"
|
||||||
group: "{{ virtual_mail_gid }}"
|
group: "{{ virtual_mail_gid }}"
|
||||||
home: "{{ virtual_mail_home }}"
|
home: "{{ virtual_mail_home }}"
|
||||||
password: '!'
|
password: '!'
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
system: yes
|
system: true
|
||||||
comment: Virtual Mail User
|
comment: Virtual Mail User
|
||||||
register: postfix_register_vmail_user
|
register: postfix_register_vmail_user
|
||||||
when: postfix_enable_virtual_mail
|
when: postfix_enable_virtual_mail
|
||||||
|
|
||||||
- name: set vmail uid and gid facts
|
- name: Set vmail uid and gid facts
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
virtual_mail_numeric_uid: "{{ postfix_register_vmail_user.uid }}"
|
virtual_mail_numeric_uid: "{{ postfix_register_vmail_user.uid }}"
|
||||||
virtual_mail_numeric_gid: "{{ postfix_register_vmail_group.gid }}"
|
virtual_mail_numeric_gid: "{{ postfix_register_vmail_group.gid }}"
|
||||||
|
|
|
||||||
|
|
@ -1,26 +1,26 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/aliases
|
- name: Render /etc/aliases
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/aliases.j2
|
src: etc/aliases.j2
|
||||||
dest: /etc/aliases
|
dest: /etc/aliases
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: postalias /etc/aliases
|
notify: Postalias /etc/aliases
|
||||||
|
|
||||||
- name: render additional hash lookup tables
|
- name: Render additional hash lookup tables
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/postfix/table.j2
|
src: etc/postfix/table.j2
|
||||||
dest: "/etc/postfix/{{ item.key }}"
|
dest: "/etc/postfix/{{ item.key }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
register: postfix_register_additional_lookup_tables
|
register: postfix_register_additional_lookup_tables
|
||||||
loop: "{{ postfix_additional_tables | dict2items }}"
|
loop: "{{ postfix_additional_tables | dict2items }}"
|
||||||
|
|
||||||
- name: postmap additional lookup tables
|
- name: Postmap additional lookup tables
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
postmap /etc/postfix/{{ item.item.key }}
|
postmap /etc/postfix/{{ item.item.key }}
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
loop: "{{ postfix_register_additional_lookup_tables.results }}"
|
loop: "{{ postfix_register_additional_lookup_tables.results }}"
|
||||||
|
|
|
||||||
|
|
@ -24,8 +24,8 @@ postfixadmin_password_validation:
|
||||||
'/([a-zA-Z].*){3}/': 'password_no_characters 3'
|
'/([a-zA-Z].*){3}/': 'password_no_characters 3'
|
||||||
'/([0-9].*){2}/': 'password_no_digits 2'
|
'/([0-9].*){2}/': 'password_no_digits 2'
|
||||||
|
|
||||||
postfixadmin_generate_password: no
|
postfixadmin_generate_password: false
|
||||||
postfixadmin_show_password: no
|
postfixadmin_show_password: false
|
||||||
postfixadmin_page_size: 25
|
postfixadmin_page_size: 25
|
||||||
|
|
||||||
postfixadmin_default_aliases:
|
postfixadmin_default_aliases:
|
||||||
|
|
@ -34,33 +34,33 @@ postfixadmin_default_aliases:
|
||||||
postmaster: 'postmaster@{{ ansible_domain }}'
|
postmaster: 'postmaster@{{ ansible_domain }}'
|
||||||
webmaster: 'webmaster@{{ ansible_domain }}'
|
webmaster: 'webmaster@{{ ansible_domain }}'
|
||||||
|
|
||||||
postfixadmin_domain_path: yes
|
postfixadmin_domain_path: true
|
||||||
postfixadmin_domain_in_mailbox: no
|
postfixadmin_domain_in_mailbox: false
|
||||||
|
|
||||||
postfixadmin_aliases: 10
|
postfixadmin_aliases: 10
|
||||||
postfixadmin_mailboxes: 10
|
postfixadmin_mailboxes: 10
|
||||||
postfixadmin_maxquota: 10
|
postfixadmin_maxquota: 10
|
||||||
postfixadmin_domain_quota_default: 2048
|
postfixadmin_domain_quota_default: 2048
|
||||||
postfixadmin_quota: no
|
postfixadmin_quota: false
|
||||||
postfixadmin_domain_quota: yes
|
postfixadmin_domain_quota: true
|
||||||
|
|
||||||
postfixadmin_transport: no
|
postfixadmin_transport: false
|
||||||
postfixadmin_transport_options:
|
postfixadmin_transport_options:
|
||||||
- lmtp:unix:private/dovecot-lmtp
|
- lmtp:unix:private/dovecot-lmtp
|
||||||
postfixadmin_alias_domain: yes
|
postfixadmin_alias_domain: true
|
||||||
postfixadmin_backup: no
|
postfixadmin_backup: false
|
||||||
postfixadmin_sendmail: yes
|
postfixadmin_sendmail: true
|
||||||
postfixadmin_sendmail_all_admins: no
|
postfixadmin_sendmail_all_admins: false
|
||||||
postfixadmin_fetchmail: yes
|
postfixadmin_fetchmail: true
|
||||||
postfixadmin_forgotten_user_password_reset: yes
|
postfixadmin_forgotten_user_password_reset: true
|
||||||
postfixadmin_forgotten_admin_password_reset: no
|
postfixadmin_forgotten_admin_password_reset: false
|
||||||
postfixadmin_password_expiration: no
|
postfixadmin_password_expiration: false
|
||||||
postfixadmin_show_header_text: no
|
postfixadmin_show_header_text: false
|
||||||
postfixadmin_header_text: ':: Postfix Admin ::'
|
postfixadmin_header_text: ':: Postfix Admin ::'
|
||||||
postfixadmin_show_footer_text: yes
|
postfixadmin_show_footer_text: true
|
||||||
postfixadmin_footer_text: 'Return to change-this-to-your.domain.tld'
|
postfixadmin_footer_text: 'Return to change-this-to-your.domain.tld'
|
||||||
postfixadmin_footer_link: 'http://change-this-to-your.domain.tld'
|
postfixadmin_footer_link: 'http://change-this-to-your.domain.tld'
|
||||||
postfixadmin_emailcheck_resolve_domain: yes
|
postfixadmin_emailcheck_resolve_domain: true
|
||||||
postfixadmin_welcome_text: |
|
postfixadmin_welcome_text: |
|
||||||
Hi,
|
Hi,
|
||||||
|
|
||||||
|
|
@ -85,10 +85,10 @@ postfixadmin_database_postfix_hosts: 'unix:/run/mysqld/mysqld.sock'
|
||||||
postfixadmin_database_dovecot_user: postfix
|
postfixadmin_database_dovecot_user: postfix
|
||||||
postfixadmin_database_dovecot_hosts: '/run/mysqld/mysqld.sock'
|
postfixadmin_database_dovecot_hosts: '/run/mysqld/mysqld.sock'
|
||||||
# This permits disabled users to still read their mail, but will not allow them to send mail.
|
# This permits disabled users to still read their mail, but will not allow them to send mail.
|
||||||
postfixadmin_permit_inactive_user_nosmtp: no
|
postfixadmin_permit_inactive_user_nosmtp: false
|
||||||
# allow login as <user> in addition to <user>@<domain>
|
# allow login as <user> in addition to <user>@<domain>
|
||||||
# Only set this when when you're only serving a single domain or can otherwise avoid conflicts
|
# Only set this when when you're only serving a single domain or can otherwise avoid conflicts
|
||||||
postfixadmin_permit_localpart_login: no
|
postfixadmin_permit_localpart_login: false
|
||||||
|
|
||||||
postfixadmin_additional_config: ''
|
postfixadmin_additional_config: ''
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: reload postfix
|
- name: Reload postfix
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: reload dovecot
|
- name: Reload dovecot
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: dovecot
|
name: dovecot
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create mariadb database
|
- name: Create mariadb database
|
||||||
community.mysql.mysql_db:
|
community.mysql.mysql_db:
|
||||||
name: '{{ postfixadmin_database_name }}'
|
name: '{{ postfixadmin_database_name }}'
|
||||||
login_host: '{{ postfixadmin_database_host }}'
|
login_host: '{{ postfixadmin_database_host }}'
|
||||||
|
|
@ -8,9 +8,9 @@
|
||||||
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
||||||
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
||||||
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create postfixadmin database user
|
- name: Create postfixadmin database user
|
||||||
community.mysql.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ postfixadmin_database_user }}"
|
name: "{{ postfixadmin_database_user }}"
|
||||||
host: "{{ postfixadmin_database_user_host }}"
|
host: "{{ postfixadmin_database_user_host }}"
|
||||||
|
|
@ -21,9 +21,9 @@
|
||||||
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
||||||
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
||||||
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: create postfix database user
|
- name: Create postfix database user
|
||||||
community.mysql.mysql_user:
|
community.mysql.mysql_user:
|
||||||
name: "{{ postfixadmin_database_postfix_user }}"
|
name: "{{ postfixadmin_database_postfix_user }}"
|
||||||
host: "{{ postfixadmin_database_postfix_user_host }}"
|
host: "{{ postfixadmin_database_postfix_user_host }}"
|
||||||
|
|
@ -34,9 +34,9 @@
|
||||||
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
login_unix_socket: '{{ postfixadmin_database_socket }}'
|
||||||
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
login_user: '{{ postfixadmin_bootstrap_login_user }}'
|
||||||
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
login_password: '{{ postfixadmin_bootstrap_login_password }}'
|
||||||
check_implicit_admin: yes
|
check_implicit_admin: true
|
||||||
|
|
||||||
- name: request setup.php to create database and admin user
|
- name: Request setup.php to create database and admin user
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: '{{ postfixadmin_bootstrap_base_url }}/setup.php'
|
url: '{{ postfixadmin_bootstrap_base_url }}/setup.php'
|
||||||
method: POST
|
method: POST
|
||||||
|
|
@ -48,7 +48,7 @@
|
||||||
password: '{{ postfixadmin_bootstrap_admin_password }}'
|
password: '{{ postfixadmin_bootstrap_admin_password }}'
|
||||||
password2: '{{ postfixadmin_bootstrap_admin_password }}'
|
password2: '{{ postfixadmin_bootstrap_admin_password }}'
|
||||||
submit: 'createadmin'
|
submit: 'createadmin'
|
||||||
return_content: yes
|
return_content: true
|
||||||
register: postfixadmin_register_boostrap_create_admin
|
register: postfixadmin_register_boostrap_create_admin
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
failed_when: '"Admin addition failed" in postfixadmin_register_boostrap_create_admin.content or postfixadmin_register_boostrap_create_admin.status != 200'
|
failed_when: '"Admin addition failed" in postfixadmin_register_boostrap_create_admin.content or postfixadmin_register_boostrap_create_admin.status != 200'
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,17 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create config.local.php
|
- name: Create config.local.php
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: config.local.php.j2
|
src: config.local.php.j2
|
||||||
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
|
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
|
|
||||||
- name: call setup.php to run database migrations
|
- name: Call setup.php to run database migrations
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: "{{ postfixadmin_bootstrap_base_url }}/setup.php"
|
url: "{{ postfixadmin_bootstrap_base_url }}/setup.php"
|
||||||
return_content: yes
|
return_content: true
|
||||||
register: postfixadmin_register_setup_upgrade
|
register: postfixadmin_register_setup_upgrade
|
||||||
changed_when:
|
changed_when:
|
||||||
- "'Database is up to date' not in postfixadmin_register_setup_upgrade.content"
|
- "'Database is up to date' not in postfixadmin_register_setup_upgrade.content"
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/dovecot/dovecot-sql.conf
|
- name: Render /etc/dovecot/dovecot-sql.conf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/dovecot/dovecot-sql.conf.j2
|
src: etc/dovecot/dovecot-sql.conf.j2
|
||||||
dest: /etc/dovecot/dovecot-sql.conf
|
dest: /etc/dovecot/dovecot-sql.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: reload dovecot
|
notify: Reload dovecot
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install php dependencies
|
- name: Install php dependencies
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- php-imap
|
- php-imap
|
||||||
|
|
@ -8,55 +8,55 @@
|
||||||
- php-mbstring
|
- php-mbstring
|
||||||
- python3-pymysql # required by ansible
|
- python3-pymysql # required by ansible
|
||||||
|
|
||||||
- name: create postfixadmin installation directory
|
- name: Create postfixadmin installation directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: download and unpack postfixadmin release
|
- name: Download and unpack postfixadmin release
|
||||||
ansible.builtin.unarchive:
|
ansible.builtin.unarchive:
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
src: "https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-{{ postfixadmin_version }}.tar.gz"
|
src: "https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-{{ postfixadmin_version }}.tar.gz"
|
||||||
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
||||||
creates: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
|
creates: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
|
||||||
extra_opts: ["--strip-components=1"]
|
extra_opts: ["--strip-components=1"]
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: create templates_c directory
|
- name: Create templates_c directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/templates_c"
|
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/templates_c"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0775
|
mode: "0775"
|
||||||
|
|
||||||
- name: create config.local.php
|
- name: Create config.local.php
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: config.local.php.j2
|
src: config.local.php.j2
|
||||||
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
|
dest: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.local.php"
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
|
|
||||||
- name: change config.inc.php permissions
|
- name: Change config.inc.php permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
|
path: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/config.inc.php"
|
||||||
owner: root
|
owner: root
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
|
|
||||||
- name: symlink postfixadmin-cli to /usr/local/bin
|
- name: Symlink postfixadmin-cli to /usr/local/bin
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/usr/local/bin/postfixadmin-cli"
|
path: "/usr/local/bin/postfixadmin-cli"
|
||||||
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/scripts/postfixadmin-cli"
|
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}/scripts/postfixadmin-cli"
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: symlink to new installation directory
|
- name: Symlink to new installation directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ postfixadmin_installation_prefix }}/postfixadmin"
|
path: "{{ postfixadmin_installation_prefix }}/postfixadmin"
|
||||||
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
src: "{{ postfixadmin_installation_prefix }}/postfixadmin-{{ postfixadmin_version }}"
|
||||||
|
|
|
||||||
|
|
@ -1,36 +1,36 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create virtual user/group
|
- name: Create virtual user/group
|
||||||
ansible.builtin.import_tasks: setup.yml
|
ansible.builtin.import_tasks: setup.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin"
|
- "role::postfixadmin"
|
||||||
- "role::postfixadmin:dovecot"
|
- "role::postfixadmin:dovecot"
|
||||||
|
|
||||||
- name: install postfixadmin
|
- name: Install postfixadmin
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin"
|
- "role::postfixadmin"
|
||||||
- "role::postfixadmin:install"
|
- "role::postfixadmin:install"
|
||||||
|
|
||||||
- name: configure postfixadmin
|
- name: Configure postfixadmin
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin"
|
- "role::postfixadmin"
|
||||||
- "role::postfixadmin:config"
|
- "role::postfixadmin:config"
|
||||||
|
|
||||||
- name: create postfixadmin database and admin users
|
- name: Create postfixadmin database and admin users
|
||||||
ansible.builtin.import_tasks: bootstrap.yml
|
ansible.builtin.import_tasks: bootstrap.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin:bootstrap"
|
- "role::postfixadmin:bootstrap"
|
||||||
- "never"
|
- "never"
|
||||||
|
|
||||||
- name: hook postfix up to postfixadmin
|
- name: Hook postfix up to postfixadmin
|
||||||
ansible.builtin.import_tasks: postfix.yml
|
ansible.builtin.import_tasks: postfix.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin"
|
- "role::postfixadmin"
|
||||||
- "role::postfixadmin:postfix"
|
- "role::postfixadmin:postfix"
|
||||||
|
|
||||||
- name: hook dovecot up to postfixadmin
|
- name: Hook dovecot up to postfixadmin
|
||||||
ansible.builtin.import_tasks: dovecot.yml
|
ansible.builtin.import_tasks: dovecot.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postfixadmin"
|
- "role::postfixadmin"
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create /etc/postfix/sql directory
|
- name: Create /etc/postfix/sql directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /etc/postfix/sql
|
path: /etc/postfix/sql
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: render postfix sql config files
|
- name: Render postfix sql config files
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/postfix/sql/{{ item }}.cf.j2
|
src: etc/postfix/sql/{{ item }}.cf.j2
|
||||||
dest: /etc/postfix/sql/{{ item }}.cf
|
dest: /etc/postfix/sql/{{ item }}.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: postfix
|
group: postfix
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
loop:
|
loop:
|
||||||
- mysql_relay_domains
|
- mysql_relay_domains
|
||||||
- mysql_transport_maps
|
- mysql_transport_maps
|
||||||
|
|
@ -25,4 +25,4 @@
|
||||||
- mysql_virtual_domains_maps
|
- mysql_virtual_domains_maps
|
||||||
- mysql_virtual_mailbox_limit_maps
|
- mysql_virtual_mailbox_limit_maps
|
||||||
- mysql_virtual_mailbox_maps
|
- mysql_virtual_mailbox_maps
|
||||||
notify: reload postfix
|
notify: Reload postfix
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,23 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: create virtual mail group
|
- name: Create virtual mail group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: "{{ virtual_mail_gid }}"
|
name: "{{ virtual_mail_gid }}"
|
||||||
system: yes
|
system: true
|
||||||
register: postfixadmin_register_vmail_group
|
register: postfixadmin_register_vmail_group
|
||||||
|
|
||||||
- name: create virtual mail user
|
- name: Create virtual mail user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ virtual_mail_uid }}"
|
name: "{{ virtual_mail_uid }}"
|
||||||
group: "{{ virtual_mail_gid }}"
|
group: "{{ virtual_mail_gid }}"
|
||||||
home: "{{ virtual_mail_home }}"
|
home: "{{ virtual_mail_home }}"
|
||||||
password: '!'
|
password: '!'
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
system: yes
|
system: true
|
||||||
comment: Virtual Mail User
|
comment: Virtual Mail User
|
||||||
register: postfixadmin_register_vmail_user
|
register: postfixadmin_register_vmail_user
|
||||||
|
|
||||||
- name: set vmail uid and gid facts
|
- name: Set vmail uid and gid facts
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
virtual_mail_numeric_uid: "{{ postfixadmin_register_vmail_user.uid }}"
|
virtual_mail_numeric_uid: "{{ postfixadmin_register_vmail_user.uid }}"
|
||||||
virtual_mail_numeric_gid: "{{ postfixadmin_register_vmail_group.gid }}"
|
virtual_mail_numeric_gid: "{{ postfixadmin_register_vmail_group.gid }}"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: restart postsrsd
|
- name: Restart postsrsd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postsrsd
|
name: postsrsd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/default/postsrsd
|
- name: Render /etc/default/postsrsd
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/default/postsrsd.j2
|
src: etc/default/postsrsd.j2
|
||||||
dest: /etc/default/postsrsd
|
dest: /etc/default/postsrsd
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart postsrsd
|
notify: Restart postsrsd
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install postsrsd
|
- name: Install postsrsd
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: postsrsd
|
name: postsrsd
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: start and enable postsrsd
|
- name: Start and enable postsrsd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postsrsd
|
name: postsrsd
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install postsrsd
|
- name: Install postsrsd
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postsrsd"
|
- "role::postsrsd"
|
||||||
- "role::postsrsd:install"
|
- "role::postsrsd:install"
|
||||||
|
|
||||||
- name: configure postsrsd
|
- name: Configure postsrsd
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::postsrsd"
|
- "role::postsrsd"
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ schleuder_defaults_subject_prefix_in: ""
|
||||||
schleuder_defaults_subject_prefix_out: ""
|
schleuder_defaults_subject_prefix_out: ""
|
||||||
schleuder_defaults_bounces_drop_all: false
|
schleuder_defaults_bounces_drop_all: false
|
||||||
schleuder_defaults_bounces_drop_on_headers:
|
schleuder_defaults_bounces_drop_on_headers:
|
||||||
x-spam-flag: yes
|
x-spam-flag: true
|
||||||
schleuder_defaults_bounces_notify_admins: true
|
schleuder_defaults_bounces_notify_admins: true
|
||||||
schleuder_defaults_include_list_headers: true
|
schleuder_defaults_include_list_headers: true
|
||||||
schleuder_defaults_include_openpgpg_header: true
|
schleuder_defaults_include_openpgpg_header: true
|
||||||
|
|
@ -62,7 +62,7 @@ schleuder_defaults_language: en
|
||||||
schleuder_defaults_forward_all_incoming_to_admins: false
|
schleuder_defaults_forward_all_incoming_to_admins: false
|
||||||
|
|
||||||
# This is the last commit before schleuder 3.5 was required
|
# This is the last commit before schleuder 3.5 was required
|
||||||
schleuder_web_install: no
|
schleuder_web_install: false
|
||||||
schleuder_web_commitish: main
|
schleuder_web_commitish: main
|
||||||
schleuder_web_hostname: schleuder.example.org
|
schleuder_web_hostname: schleuder.example.org
|
||||||
schleuder_web_mailfrom: noreply@schleuder.example.org
|
schleuder_web_mailfrom: noreply@schleuder.example.org
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: systemctl daemon-reload
|
- name: Systemctl daemon-reload
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: systemctl restart schleuder-web
|
- name: Systemctl restart schleuder-web
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: schleuder-web
|
name: schleuder-web
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: systemctl restart schleuder-api-daemon
|
- name: Systemctl restart schleuder-api-daemon
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: schleuder-api-daemon
|
name: schleuder-api-daemon
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,24 +1,24 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: get schleuder api tls fingerprint
|
- name: Get schleuder api tls fingerprint
|
||||||
community.crypto.x509_certificate_info:
|
community.crypto.x509_certificate_info:
|
||||||
path: /etc/schleuder/schleuder-certificate.pem
|
path: /etc/schleuder/schleuder-certificate.pem
|
||||||
register: schleuder_register_apicert_info
|
register: schleuder_register_apicert_info
|
||||||
|
|
||||||
- name: create the ~/.schleuder-cli/ directory
|
- name: Create the ~/.schleuder-cli/ directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.value.home }}/.schleuder-cli"
|
path: "{{ item.value.home }}/.schleuder-cli"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ item.key }}"
|
owner: "{{ item.key }}"
|
||||||
mode: 0700
|
mode: "0700"
|
||||||
loop: "{{ schleuder_cli_users | dict2items }}"
|
loop: "{{ schleuder_cli_users | dict2items }}"
|
||||||
|
|
||||||
- name: render ~/.schleuder-cli/schleuder-cli.yml
|
- name: Render ~/.schleuder-cli/schleuder-cli.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: root/.schleuder-cli/schleuder-cli.yml.j2
|
src: root/.schleuder-cli/schleuder-cli.yml.j2
|
||||||
dest: "{{ item.value.home }}/.schleuder-cli/schleuder-cli.yml"
|
dest: "{{ item.value.home }}/.schleuder-cli/schleuder-cli.yml"
|
||||||
owner: "{{ item.key }}"
|
owner: "{{ item.key }}"
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
vars:
|
vars:
|
||||||
fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
|
fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
|
||||||
token: "{{ item.value.token }}"
|
token: "{{ item.value.token }}"
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,19 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/schleuder/schleuder.yml
|
- name: Render /etc/schleuder/schleuder.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/schleuder/schleuder.yml.j2
|
src: etc/schleuder/schleuder.yml.j2
|
||||||
dest: /etc/schleuder/schleuder.yml
|
dest: /etc/schleuder/schleuder.yml
|
||||||
owner: root
|
owner: root
|
||||||
group: schleuder
|
group: schleuder
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: systemctl restart schleuder-api-daemon
|
notify: Systemctl restart schleuder-api-daemon
|
||||||
|
|
||||||
- name: render /etc/schleuder/list-defaults.yml
|
- name: Render /etc/schleuder/list-defaults.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/schleuder/list-defaults.yml.j2
|
src: etc/schleuder/list-defaults.yml.j2
|
||||||
dest: /etc/schleuder/list-defaults.yml
|
dest: /etc/schleuder/list-defaults.yml
|
||||||
owner: root
|
owner: root
|
||||||
group: schleuder
|
group: schleuder
|
||||||
mode: 0640
|
mode: "0640"
|
||||||
notify: systemctl restart schleuder-api-daemon
|
notify: Systemctl restart schleuder-api-daemon
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install schleuder packages
|
- name: Install schleuder packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- schleuder
|
- schleuder
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install schleuder-web dependencies
|
- name: Install schleuder dependencies
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- ruby
|
- ruby
|
||||||
|
|
@ -10,30 +10,30 @@
|
||||||
- libssl-dev
|
- libssl-dev
|
||||||
- acl # only needed so ansible can become_user=schleuder
|
- acl # only needed so ansible can become_user=schleuder
|
||||||
|
|
||||||
- name: create schleuder group
|
- name: Create schleuder group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: schleuder
|
name: schleuder
|
||||||
system: yes
|
system: true
|
||||||
|
|
||||||
- name: create schleuder user
|
- name: Create schleuder user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: schleuder
|
name: schleuder
|
||||||
group: schleuder
|
group: schleuder
|
||||||
home: /var/lib/schleuder
|
home: /var/lib/schleuder
|
||||||
system: yes
|
system: true
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
|
|
||||||
- name: gather service facts
|
- name: Gather service facts
|
||||||
ansible.builtin.service_facts:
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
- name: stop schleuder service
|
- name: Stop schleuder service
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: schleuder
|
name: schleuder
|
||||||
state: stopped
|
state: stopped
|
||||||
when: "'schleuder.service' in ansible_facts.services"
|
when: "'schleuder.service' in ansible_facts.services"
|
||||||
|
|
||||||
- name: install schleuder gem
|
- name: Install schleuder gem
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder
|
become_user: schleuder
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: gem install schleuder
|
cmd: gem install schleuder
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install schleuder-web dependencies
|
- name: Install schleuder-web dependencies
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- bundler
|
- bundler
|
||||||
|
|
@ -10,99 +10,99 @@
|
||||||
- git
|
- git
|
||||||
- acl # only needed so ansible can become_user=schleuder-web
|
- acl # only needed so ansible can become_user=schleuder-web
|
||||||
|
|
||||||
- name: create schleuder-web user
|
- name: Create schleuder-web user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: schleuder-web
|
name: schleuder-web
|
||||||
group: nogroup
|
group: nogroup
|
||||||
home: /var/lib/schleuder-web
|
home: /var/lib/schleuder-web
|
||||||
system: yes
|
system: true
|
||||||
shell: /usr/sbin/nologin
|
shell: /usr/sbin/nologin
|
||||||
|
|
||||||
- name: gather service facts
|
- name: Gather service facts
|
||||||
ansible.builtin.service_facts:
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
- name: stop schleuder-web service
|
- name: Stop schleuder-web service
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: schleuder-web
|
name: schleuder-web
|
||||||
state: stopped
|
state: stopped
|
||||||
when: "'schleuder-web.service' in ansible_facts.services"
|
when: "'schleuder-web.service' in ansible_facts.services"
|
||||||
|
|
||||||
- name: clone schleuder-web git repo
|
- name: Clone schleuder-web git repo
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder-web
|
become_user: schleuder-web
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
# git module would reset working directory
|
# git module would reset working directory
|
||||||
cmd: git clone https://0xacab.org/schleuder/schleuder-web /var/lib/schleuder-web/schleuder-web # noqa command-instead-of-module
|
cmd: git clone https://0xacab.org/schleuder/schleuder-web /var/lib/schleuder-web/schleuder-web # noqa command-instead-of-module
|
||||||
creates: /var/lib/schleuder-web/schleuder-web
|
creates: /var/lib/schleuder-web/schleuder-web
|
||||||
|
|
||||||
- name: fetch schleuder-web upstream
|
- name: Fetch schleuder-web upstream
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder-web
|
become_user: schleuder-web
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: git fetch origin # noqa command-instead-of-module
|
cmd: git fetch origin # noqa command-instead-of-module
|
||||||
chdir: /var/lib/schleuder-web/schleuder-web
|
chdir: /var/lib/schleuder-web/schleuder-web
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
||||||
- name: checkout requested schleuder-web version
|
- name: Checkout requested schleuder-web version
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder-web
|
become_user: schleuder-web
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: git checkout "{{ schleuder_web_commitish }}" # noqa command-instead-of-module
|
cmd: git checkout "{{ schleuder_web_commitish }}" # noqa command-instead-of-module
|
||||||
chdir: /var/lib/schleuder-web/schleuder-web
|
chdir: /var/lib/schleuder-web/schleuder-web
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
||||||
- name: render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
|
- name: Render /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
|
src: var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml.j2
|
||||||
dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
|
dest: /var/lib/schleuder-web/schleuder-web/config/schleuder-web.yml
|
||||||
owner: schleuder-web
|
owner: schleuder-web
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
notify: systemctl restart schleuder-web
|
notify: Systemctl restart schleuder-web
|
||||||
|
|
||||||
- name: render /var/lib/schleuder-web/schleuder-web/config/database.yml
|
- name: Render /var/lib/schleuder-web/schleuder-web/config/database.yml
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
|
src: var/lib/schleuder-web/schleuder-web/config/database.yml.j2
|
||||||
dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
|
dest: /var/lib/schleuder-web/schleuder-web/config/database.yml
|
||||||
owner: schleuder-web
|
owner: schleuder-web
|
||||||
group: nogroup
|
group: nogroup
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
|
|
||||||
- name: get schleuder api tls fingerprint
|
- name: Get schleuder api tls fingerprint
|
||||||
community.crypto.x509_certificate_info:
|
community.crypto.x509_certificate_info:
|
||||||
path: /etc/schleuder/schleuder-certificate.pem
|
path: /etc/schleuder/schleuder-certificate.pem
|
||||||
register: schleuder_register_apicert_info
|
register: schleuder_register_apicert_info
|
||||||
|
|
||||||
- name: render /etc/default/schleuder-web
|
- name: Render /etc/default/schleuder-web
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/default/schleuder-web.j2
|
src: etc/default/schleuder-web.j2
|
||||||
dest: /etc/default/schleuder-web
|
dest: /etc/default/schleuder-web
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: "0600"
|
||||||
vars:
|
vars:
|
||||||
tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
|
tls_fingerprint: "{{ schleuder_register_apicert_info.fingerprints.sha256 | replace(':', '') }}"
|
||||||
notify: systemctl restart schleuder-web
|
notify: Systemctl restart schleuder-web
|
||||||
|
|
||||||
- name: render systemd service unit
|
- name: Render systemd service unit
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/systemd/system/schleuder-web.service.j2
|
src: etc/systemd/system/schleuder-web.service.j2
|
||||||
dest: /etc/systemd/system/schleuder-web.service
|
dest: /etc/systemd/system/schleuder-web.service
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: systemctl daemon-reload
|
notify: Systemctl daemon-reload
|
||||||
|
|
||||||
- name: run bundle install ... this may take a few minutes
|
- name: Run bundle install ... this may take a few minutes
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder-web
|
become_user: schleuder-web
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
|
cmd: /usr/bin/bundle install --path /var/lib/schleuder-web/.gem --without deployment
|
||||||
chdir: /var/lib/schleuder-web/schleuder-web
|
chdir: /var/lib/schleuder-web/schleuder-web
|
||||||
changed_when: yes
|
changed_when: true
|
||||||
|
|
||||||
- name: run bundle db setup
|
- name: Run bundle db setup
|
||||||
become: yes
|
become: true
|
||||||
become_user: schleuder-web
|
become_user: schleuder-web
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
cmd: /usr/bin/bundle exec rake db:setup
|
cmd: /usr/bin/bundle exec rake db:setup
|
||||||
|
|
@ -111,10 +111,10 @@
|
||||||
environment:
|
environment:
|
||||||
RAILS_ENV: production
|
RAILS_ENV: production
|
||||||
|
|
||||||
- name: flush systemd daemon-reload
|
- name: Flush systemd daemon-reload
|
||||||
ansible.builtin.meta: flush_handlers
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
- name: start and enable schleuder-web
|
- name: Start and enable schleuder-web
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: schleuder-web
|
name: schleuder-web
|
||||||
state: started
|
state: started
|
||||||
|
|
|
||||||
|
|
@ -1,25 +1,25 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install schleuder
|
- name: Install schleuder
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::schleuder"
|
- "role::schleuder"
|
||||||
- "role::schleuder:install"
|
- "role::schleuder:install"
|
||||||
|
|
||||||
- name: configure schleuder
|
- name: Configure schleuder
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::schleuder"
|
- "role::schleuder"
|
||||||
- "role::schleuder:config"
|
- "role::schleuder:config"
|
||||||
|
|
||||||
- name: install and configure schleuder-web
|
- name: Install and configure schleuder-web
|
||||||
ansible.builtin.import_tasks: install_web.yml
|
ansible.builtin.import_tasks: install_web.yml
|
||||||
when: schleuder_web_install
|
when: schleuder_web_install
|
||||||
tags:
|
tags:
|
||||||
- "role::schleuder"
|
- "role::schleuder"
|
||||||
- "role::schleuder:install_web"
|
- "role::schleuder:install_web"
|
||||||
|
|
||||||
- name: create schleuder-api-daemon tokens for admin users
|
- name: Create schleuder-api-daemon tokens for admin users
|
||||||
ansible.builtin.import_tasks: cli_apitokens.yml
|
ansible.builtin.import_tasks: cli_apitokens.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::schleuder"
|
- "role::schleuder"
|
||||||
|
|
|
||||||
|
|
@ -2,20 +2,20 @@
|
||||||
|
|
||||||
spamassassin_pidfile: /var/run/spamd.pid
|
spamassassin_pidfile: /var/run/spamd.pid
|
||||||
spamassassin_niceness: 15
|
spamassassin_niceness: 15
|
||||||
spamassassin_enable_cron: no
|
spamassassin_enable_cron: false
|
||||||
spamassassin_nouser_config: no
|
spamassassin_nouser_config: false
|
||||||
|
|
||||||
spamassassin_rewrite_header_subject: "[*****SPAM*****]"
|
spamassassin_rewrite_header_subject: "[*****SPAM*****]"
|
||||||
spamassassin_report_safe: yes
|
spamassassin_report_safe: true
|
||||||
spamassassin_trusted_networks: []
|
spamassassin_trusted_networks: []
|
||||||
spamassassin_internal_networks: []
|
spamassassin_internal_networks: []
|
||||||
spamassassin_lock_method: flock
|
spamassassin_lock_method: flock
|
||||||
spamassassin_required_score: "5.0"
|
spamassassin_required_score: "5.0"
|
||||||
spamassassin_normalize_charset: yes
|
spamassassin_normalize_charset: true
|
||||||
spamassassin_body_part_scan_size: 50000
|
spamassassin_body_part_scan_size: 50000
|
||||||
spamassassin_rawbody_part_scan_size: 500000
|
spamassassin_rawbody_part_scan_size: 500000
|
||||||
spamassassin_use_bayes: yes
|
spamassassin_use_bayes: true
|
||||||
spamassassin_bayes_auto_learn: yes
|
spamassassin_bayes_auto_learn: true
|
||||||
spamassassin_bayes_path: /var/lib/spamassassin/.spamassassin/bayes
|
spamassassin_bayes_path: /var/lib/spamassassin/.spamassassin/bayes
|
||||||
spamassassin_bayes_file_mode: "0644"
|
spamassassin_bayes_file_mode: "0644"
|
||||||
spamassassin_bayes_ignore_header:
|
spamassassin_bayes_ignore_header:
|
||||||
|
|
@ -37,14 +37,14 @@ spamassassin_additional_config: ""
|
||||||
|
|
||||||
|
|
||||||
spamass_milter_user: spamass-milter
|
spamass_milter_user: spamass-milter
|
||||||
spamass_milter_nomodify: no
|
spamass_milter_nomodify: false
|
||||||
spamass_milter_postfix_socket_override: no
|
spamass_milter_postfix_socket_override: false
|
||||||
spamass_milter_postfix_socket_path: /var/spool/postfix/spamass/spamass.sock
|
spamass_milter_postfix_socket_path: /var/spool/postfix/spamass/spamass.sock
|
||||||
spamass_milter_postfix_socket_owner: postfix
|
spamass_milter_postfix_socket_owner: postfix
|
||||||
spamass_milter_postfix_socket_group: postfix
|
spamass_milter_postfix_socket_group: postfix
|
||||||
spamass_milter_postfix_socket_mode: "0600"
|
spamass_milter_postfix_socket_mode: "0600"
|
||||||
|
|
||||||
spamassassin_salearncron_enable: no
|
spamassassin_salearncron_enable: false
|
||||||
spamassassin_salearncron_cronexpr: '0 3 * * *'
|
spamassassin_salearncron_cronexpr: '0 3 * * *'
|
||||||
spamassassin_salearncron_dbpath: /var/lib/spamassassin/.spamassassin/
|
spamassassin_salearncron_dbpath: /var/lib/spamassassin/.spamassassin/
|
||||||
spamassassin_salearncron_spambox: .INBOX.sa-learn-spam
|
spamassassin_salearncron_spambox: .INBOX.sa-learn-spam
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: restart spamd
|
- name: Restart spamd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamd
|
name: spamd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart spamass-milter
|
- name: Restart spamass-milter
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamass-milter
|
name: spamass-milter
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: reload spamd
|
- name: Reload spamd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamassassin
|
name: spamassassin
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
||||||
|
|
@ -1,37 +1,37 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: render /etc/default/spamassassin
|
- name: Render /etc/default/spamassassin
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/default/spamassassin.j2
|
src: etc/default/spamassassin.j2
|
||||||
dest: /etc/default/spamassassin
|
dest: /etc/default/spamassassin
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart spamd
|
notify: Restart spamd
|
||||||
|
|
||||||
- name: render /etc/default/spamass-milter
|
- name: Render /etc/default/spamass-milter
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/default/spamass-milter.j2
|
src: etc/default/spamass-milter.j2
|
||||||
dest: /etc/default/spamass-milter
|
dest: /etc/default/spamass-milter
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart spamass-milter
|
notify: Restart spamass-milter
|
||||||
|
|
||||||
- name: render /etc/default/spamd
|
- name: Render /etc/default/spamd
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/default/spamd.j2
|
src: etc/default/spamd.j2
|
||||||
dest: /etc/default/spamd
|
dest: /etc/default/spamd
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart spamd
|
notify: Restart spamd
|
||||||
|
|
||||||
- name: render /etc/spamassassin/local.cf
|
- name: Render /etc/spamassassin/local.cf
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/spamassassin/local.cf.j2
|
src: etc/spamassassin/local.cf.j2
|
||||||
dest: /etc/spamassassin/local.cf
|
dest: /etc/spamassassin/local.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
notify: restart spamd
|
notify: Restart spamd
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install spamassassin
|
- name: Install spamassassin
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
@ -11,30 +11,30 @@
|
||||||
- pyzor
|
- pyzor
|
||||||
- razor
|
- razor
|
||||||
|
|
||||||
- name: start and enable spamassassin spamd
|
- name: Start and enable spamassassin spamd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamd
|
name: spamd
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
||||||
- name: start and enable spamass-milter spamd
|
- name: Start and enable spamass-milter spamd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: spamass-milter
|
name: spamass-milter
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
||||||
- name: render auto sa-learn script
|
- name: Render auto sa-learn script
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: usr/local/bin/sa-learn.sh.j2
|
src: usr/local/bin/sa-learn.sh.j2
|
||||||
dest: /usr/local/bin/sa-learn.sh
|
dest: /usr/local/bin/sa-learn.sh
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: "0755"
|
||||||
|
|
||||||
- name: render auto sa-learn cronjonb
|
- name: Render auto sa-learn cronjonb
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etc/cron.d/sa-learn.j2
|
src: etc/cron.d/sa-learn.j2
|
||||||
dest: /etc/cron.d/sa-learn
|
dest: /etc/cron.d/sa-learn
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: "0644"
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: install spamassassin
|
- name: Install spamassassin
|
||||||
ansible.builtin.import_tasks: install.yml
|
ansible.builtin.import_tasks: install.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::spamassassin"
|
- "role::spamassassin"
|
||||||
- "role::spamassassin:install"
|
- "role::spamassassin:install"
|
||||||
|
|
||||||
- name: configure spamassassin
|
- name: Configure spamassassin
|
||||||
ansible.builtin.import_tasks: config.yml
|
ansible.builtin.import_tasks: config.yml
|
||||||
tags:
|
tags:
|
||||||
- "role::spamassassin"
|
- "role::spamassassin"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue