ansible/ansible_role_rspamd
1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_rspamd.git synced 2024-08-16 17:09:51 +02:00
Code Issues Releases Activity

Merge pull request #4 from roles-ansible/lint

Browse source 
improve linting
This commit is contained in:
L3D 2023-10-29 23:49:54 +01:00 committed by GitHub
commit d6e2bf1282
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 169 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,9 @@
---
# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

22
.github/workflows/ansible-linting-check.yml vendored
View file

@ -2,21 +2,21 @@
name: Ansible Lint check
# yamllint disable-line rule:truthy
on:
push:
branches: '*'
pull_request:
branches: '*'
on: [push, pull_request]
jobs:
build:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'Lint Ansible Playbook'
uses: ansible/ansible-lint-action@v6
- name: Checkout git repo
uses: actions/checkout@v4
with:
targets: "."
submodules: true
fetch-depth: 0
- name: Run ansible-lint
uses: ansible-actions/ansible-lint-action@v1.0.2
with:
target: "./"

24
.github/workflows/galaxy.yml vendored Normal file
View file

@ -0,0 +1,24 @@
---
name: Galaxy-NG Roles Import
# yamllint disable-line rule:truthy
on:
release:
types: ['created']
jobs:
build:
name: Galaxy Role Importer
runs-on: ubuntu-latest
steps:
- name: 'Checkout git repo'
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: 'Release on galaxy'
uses: ansible-actions/ansible-galaxy-action@v1.1.1
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}

22
.github/workflows/j2lint-check.yml vendored Normal file
View file

@ -0,0 +1,22 @@
---
name: Jinja2 Linting check
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
name: Jinja2 Linting
runs-on: ubuntu-latest
steps:
- name: Checkout git repo
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Run j2lint
uses: ansible-actions/j2lint-action@v0.0.1
with:
target: "./"

22
.github/workflows/yamllint-check.yml vendored Normal file
View file

@ -0,0 +1,22 @@
---
name: Yamllint check
# yamllint disable-line rule:truthy
on: [push, pull_request]
jobs:
build:
name: Yamllint
runs-on: ubuntu-latest
steps:
- name: Checkout git repo
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Run yamllint
uses: ansible-actions/yamllint-action@v0.0.1
with:
target: "./"

23
.github/workflows/yamllint.yaml vendored
View file

@ -1,23 +0,0 @@
---
name: 'Yamllint GitHub Actions'
# yamllint disable-line rule:truthy
on:
push:
branches: '*'
pull_request:
branches: '*'
jobs:
yamllint:
name: 'Yamllint'
runs-on: ubuntu-latest
steps:
- name: 'checkout git repo'
uses: actions/checkout@v3
- name: 'Yamllint'
uses: karancode/yamllint-github-action@v2.0.0
with:
yamllint_file_or_dir: '.'
yamllint_config_filepath: './.yamllint'

4
handlers/main.yml
View file

@ -1,10 +1,10 @@
---
- name: sudo apt update
- name: Run sudo apt update
become: true
ansible.builtin.apt:
update_cache: true
- name: systemctl restart rspamd
- name: Run systemctl restart rspamd
become: true
ansible.builtin.systemd:
name: 'rspamd'

42
tasks/configure.yml
View file

@ -1,7 +1,7 @@
---
- name: rspamd password generation
- name: Rspamd password generation
block:
- name: configure rspamd password
- name: Configure rspamd password
become: true
ansible.builtin.template:
src: templates/worker-controller.inc.j2
@ -9,9 +9,9 @@
mode: '0640'
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
rescue:
- name: you have to install passlib
- name: You have to install passlib
ansible.builtin.fail:
msg: 'I caught an error. Maybe you have to install passlib via pip3'
@ -23,9 +23,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: milter_headers.conf
- name: Configure milter_headers.conf
become: true
ansible.builtin.copy:
src: files/milter_headers.conf
@ -33,9 +33,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: milter_headers.conf
- name: Configure classifier-bayes.conf
become: true
ansible.builtin.copy:
src: files/classifier-bayes.conf
@ -43,7 +43,7 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: Einstellug der redis.conf
become: true
@ -53,9 +53,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: classifier-bayes.conf
- name: Modify classifier-bayes.conf
become: true
ansible.builtin.copy:
src: files/classifier-bayes.conf
@ -63,7 +63,7 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: Einstellug der eignene black/whitelist
become: true
@ -73,9 +73,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: multimap whitelist_ip.map
- name: Multimap whitelist_ip.map
become: true
ansible.builtin.copy:
src: "{{ rspamd__whitelist_ip_file }}"
@ -83,9 +83,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: multimap whitelist_from.map
- name: Multimap whitelist_from.map
become: true
ansible.builtin.copy:
src: "{{ rspamd__whitelist_from_file }}"
@ -93,9 +93,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: multimap blacklist_ip.map
- name: Multimap blacklist_ip.map
become: true
ansible.builtin.copy:
src: "{{ rspamd__blacklist_ip_file }}"
@ -103,9 +103,9 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd
- name: multimap blacklist_from.map
- name: Multimap blacklist_from.map
become: true
ansible.builtin.copy:
src: "{{ rspamd__blacklist_from_file }}"
@ -113,4 +113,4 @@
owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}"
mode: '0640'
notify: systemctl restart rspamd
notify: Run systemctl restart rspamd

26
tasks/main.yml
View file

@ -1,18 +1,24 @@
---
- include_tasks: versioncheck.yml
when: submodules_versioncheck|bool
- name: Run Optional Versioncheck
ansible.builtin.include_tasks:
file: 'versioncheck.yml'
when: submodules_versioncheck | bool
- name: add apt repos and install rspamd
include_tasks: packages.yml
- name: Add apt repos and install rspamd
ansible.builtin.include_tasks:
file: 'packages.yml'
when: ansible_os_family == 'Debian'
- name: configure rspamd
include_tasks: configure.yml
- name: Configure rspamd
ansible.builtin.include_tasks:
file: 'configure.yml'
- name: rspamd dkim signing
include_tasks: dkim.yml
- name: Rspamd dkim signing
ansible.builtin.include_tasks:
file: 'dkim.yml'
when: rspamd__configure_dkim | bool
- name: redis backend
include_tasks: redis.yml
- name: Redis backend
ansible.builtin.include_tasks:
file: 'redis.yml'
when: rspamd__configure_redis | bool

51
tasks/packages.yml
View file

@ -1,50 +1,51 @@
---
- name: update repo-cache for debian/ubuntu
- name: Update repo-cache for debian/ubuntu
become: true
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
- name: install requirements to add new package repos
- name: Install requirements to add new package repos
become: true
ansible.builtin.apt:
name:
- lsb-release
- wget
- debian-goodies
- apt-dater-host
- apt-transport-https
state: present
name: "{{ item }}"
state: 'present'
loop:
- 'lsb-release'
- 'wget'
- 'debian-goodies'
- 'apt-dater-host'
- 'apt-transport-https'
- name: add rspam repo key
- name: Add rspam repo key
become: true
ansible.builtin.apt_key:
url: 'https://rspamd.com/apt-stable/gpg.key'
state: present
notify: sudo apt update
state: 'present'
notify: Run sudo apt update
- name: add rspamd repo
- name: Add rspamd repo
become: true
ansible.builtin.apt_repository:
repo: "deb https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
state: present
mode: 0644
notify: sudo apt update
state: 'present'
mode: '0644'
notify: Run sudo apt update
- name: add rspamd srv-repo
- name: Add rspamd srv-repo
become: true
ansible.builtin.apt_repository:
repo: "deb-src https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
state: present
mode: 0644
notify: sudo apt update
state: 'present'
mode: '0644'
notify: Run sudo apt update
- name: run update if something changed
- name: Run update if something changed
ansible.builtin.meta: flush_handlers
- name: install rspamd
- name: Install rspamd
become: true
ansible.builtin.apt:
name: rspamd
state: present
notify: systemctl restart rspamd
name: 'rspamd'
state: 'present'
notify: Run systemctl restart rspamd

6
tasks/redis.yml
View file

@ -1,6 +1,6 @@
---
- name: install redis backend
- name: Install redis backend
become: true
ansible.builtin.apt:
name: redis
state: present
name: 'redis'
state: 'present'

26
tasks/versioncheck.yml
View file

@ -7,38 +7,38 @@
ansible.builtin.file:
path: '/etc/.ansible-version'
state: directory
mode: 0755
when: submodules_versioncheck|bool
mode: '0755'
when: submodules_versioncheck | bool
- name: check playbook version
- name: Check playbook version
become: true
ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version
when: submodules_versioncheck|bool
ignore_errors: true
when: submodules_versioncheck | bool
failed_when: false
- name: Print remote role version
- name: Print remote role version # noqa: H500
ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck|bool
when: submodules_versioncheck | bool
- name: Print locale role version
- name: Print locale role version # noqa: H500
ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number|string }}'."
when: submodules_versioncheck|bool
msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck | bool
- name: Check if your version is outdated
ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: write new version to remote disk
- name: Write new version to remote disk
become: true
ansible.builtin.copy:
content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644'
when: submodules_versioncheck|bool
when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy