gitea-admin
/
ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
collection of ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
422 KiB
 
 
 
 
Tag: Branch: Tree: bf517e622b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bf517e622b'
${ noResults }
ansible-roles/mailserver/tasks/common.yml

121 lines
3.3 KiB
Raw Blame History Escape

---
- name: "install package: {{ package }}"
package:
name: "{{ package }}"
state: latest
loop: "{{ mailserver_packages[ ansible_distribution|lower ] }}"
loop_control:
loop_var: package
when: ansible_distribution|lower != 'openbsd'
- name: "install package: {{ package }}"
community.general.openbsd_pkg:
name: "{{ package }}"
state: latest
snapshot: "{{ force_openbsd_snapshot|default(false) }}"
loop: "{{ mailserver_packages[ ansible_distribution|lower ] }}"
loop_control:
loop_var: package
when: ansible_distribution|lower == 'openbsd'
- name: "create directory: {{ directory }}"
file:
path: "{{ directory.path }}"
state: directory
mode: "{{ directory.mode }}"
loop: "{{ mailserver_directories[ ansible_distribution|lower ] }}"
loop_control:
loop_var: directory
- name: "template {{ cfg.path }}"
template:
src: "{{ cfg.template }}"
dest: "{{ cfg.path }}"
loop: "{{ mailserver_config_templates[ ansible_distribution|lower ] }}"
loop_control:
loop_var: cfg
- name: "ensure {{ cfg.line }} is in {{ cfg.path }}"
lineinfile:
path: "{{ cfg.path }}"
line: "{{ cfg.line }}"
regexp: "{{ cfg.regexp }}"
loop: "{{ mailserver_config_insertions[ ansible_distribution|lower ] }}"
loop_control:
loop_var: cfg
register: mailserver_config_task
- name: "setup mail users"
user:
name: "{{ user.name }}"
password: "{{ user.password }}"
state: "{{ user.state }}"
shell: "{{ user.shell }}"
update_password: always
loop: "{{ mailserver_users }}"
loop_control:
loop_var: user
tags:
- mailserver_users
- name: "ensure aliases are present"
lineinfile:
path: "{{ mailserver_aliases_file_path[ ansible_distribution|lower ] }}"
line: "{{ alias.key }}: {{ alias.value }}"
regexp: '^(\s*){{ alias.key }}(\s*):.*$'
state: "{{ alias.state | default('present') }}"
loop: "{{ mailserver_aliases }}"
loop_control:
loop_var: alias
notify: mailserver_reload_aliases
tags:
- mailserver_aliases
- name: "generate dkim private key"
openssl_privatekey:
path: "{{ mailserver_dkim.key }}"
size: "{{ mailserver_dkim.size }}"
- name: "generate dkim public key"
openssl_publickey:
path: "{{ mailserver_dkim.pub }}"
privatekey_path: "{{ mailserver_dkim.key }}"
mode: "0640"
group: "_rspamd"
register: dkim_pubkey_task
- name: "Use slurp module to get dkim public key"
slurp:
src: "{{ mailserver_dkim.pub }}"
register: dkim_pubkey_base64
- name: "Ensure ansible local facts dir exists"
file:
path: /etc/ansible/facts.d
state: directory
- name: "Persist dkim pubkey as local fact."
copy:
content: "{ 'dkim_pub_key' : \"{{ (dkim_pubkey_base64['content']|b64decode|replace('\n', ''))[26:-24] }}\" }"
dest: /etc/ansible/facts.d/mailserver.fact
owner: "{{ ansible_ssh_user }}"
mode: "0644"
- name: "start and enable: {{ service }}"
service:
name: "{{ service }}"
enabled: True
state: started
loop: "{{ mailserver_services[ ansible_distribution|lower ] }}"
loop_control:
loop_var: service
- name: "restart: {{ service }}"
service:
name: "{{ service }}"
enabled: True
state: restarted
when: dkim_pubkey_task.changed or mailserver_config_task.changed
loop: "{{ mailserver_services[ ansible_distribution|lower ] }}"
loop_control:
loop_var: service