diff --git a/handlers/main.yml b/handlers/main.yml index cf03980..273950c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,10 @@ --- -- name: sudo apt update +- name: Run sudo apt update become: true ansible.builtin.apt: update_cache: true -- name: systemctl restart rspamd +- name: Run systemctl restart rspamd become: true ansible.builtin.systemd: name: 'rspamd' diff --git a/tasks/configure.yml b/tasks/configure.yml index e487039..a5f8d0c 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -9,7 +9,7 @@ mode: '0640' owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd rescue: - name: you have to install passlib ansible.builtin.fail: @@ -23,7 +23,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: milter_headers.conf become: true @@ -33,7 +33,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: milter_headers.conf become: true @@ -43,7 +43,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: Einstellug der redis.conf become: true @@ -53,7 +53,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: classifier-bayes.conf become: true @@ -63,7 +63,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: Einstellug der eignene black/whitelist become: true @@ -73,7 +73,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: multimap whitelist_ip.map become: true @@ -83,7 +83,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: multimap whitelist_from.map become: true @@ -93,7 +93,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: multimap blacklist_ip.map become: true @@ -103,7 +103,7 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd - name: multimap blacklist_from.map become: true @@ -113,4 +113,4 @@ owner: "{{ rspamd__default_owner }}" group: "{{ rspamd__default_group }}" mode: '0640' - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd diff --git a/tasks/main.yml b/tasks/main.yml index 1ec3f74..3cc8f45 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,18 +1,24 @@ --- -- include_tasks: versioncheck.yml - when: submodules_versioncheck|bool +- name: Run optional versioncheck + ansible.builtin.include_tasks: + file: 'versioncheck.yml' + when: submodules_versioncheck | bool -- name: add apt repos and install rspamd - include_tasks: packages.yml +- name: Add apt repos and install rspamd + ansible.builtin.include_tasks: + file: 'packages.yml' when: ansible_os_family == 'Debian' -- name: configure rspamd - include_tasks: configure.yml +- name: Configure rspamd + ansible.builtin.include_tasks: + file: 'configure.yml' -- name: rspamd dkim signing - include_tasks: dkim.yml +- name: Rspamd dkim signing (TODO) + ansible.builtin.include_tasks: + file: 'dkim.yml' when: rspamd__configure_dkim | bool - name: redis backend - include_tasks: redis.yml + ansible.builtin.include_tasks: + file: 'redis.yml' when: rspamd__configure_redis | bool diff --git a/tasks/packages.yml b/tasks/packages.yml index af126b0..88bc7cf 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,27 +1,28 @@ --- -- name: update repo-cache for debian/ubuntu +- name: Update repo-cache for debian/ubuntu become: true ansible.builtin.apt: update_cache: true cache_valid_time: 3600 -- name: install requirements to add new package repos +- name: Install requirements to add new package repos become: true ansible.builtin.apt: - name: - - lsb-release - - wget - - debian-goodies - - apt-dater-host - - apt-transport-https + name: "{{ item }}" state: present + loop: + - 'lsb-release' + - 'wget' + - 'debian-goodies' + - 'apt-dater-host' + - #apt-transport-https' - name: add rspam repo key become: true ansible.builtin.apt_key: url: 'https://rspamd.com/apt-stable/gpg.key' - state: present - notify: sudo apt update + state: 'present' + notify: Run sudo apt update - name: Download /etc/apt/keyrings/rspamd.gpg become: true @@ -32,28 +33,28 @@ owner: 'root' group: 'root' -- name: add rspamd repo +- name: Add rspamd repo become: true ansible.builtin.apt_repository: repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" state: present mode: 0644 - notify: sudo apt update + notify: Run sudo apt update -- name: add rspamd srv-repo +- name: Add rspamd srv-repo become: true ansible.builtin.apt_repository: repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" state: present mode: 0644 - notify: sudo apt update + notify: Run sudo apt update -- name: run update if something changed +- name: Run update if something changed ansible.builtin.meta: flush_handlers -- name: install rspamd +- name: Install rspamd become: true ansible.builtin.apt: name: rspamd state: present - notify: systemctl restart rspamd + notify: Run systemctl restart rspamd diff --git a/tasks/redis.yml b/tasks/redis.yml index 55d0d0d..2fee88f 100644 --- a/tasks/redis.yml +++ b/tasks/redis.yml @@ -1,5 +1,12 @@ --- -- name: install redis backend +- name: Update apt cache + become: true + ansible.builtin.apt: + update_cache: true + when: + - ansible_pkg_mgr == "apt" + +- name: Install redis backend become: true ansible.builtin.apt: name: redis diff --git a/tasks/versioncheck.yml b/tasks/versioncheck.yml index 5128cc8..7dd80c5 100644 --- a/tasks/versioncheck.yml +++ b/tasks/versioncheck.yml @@ -7,38 +7,38 @@ ansible.builtin.file: path: '/etc/.ansible-version' state: directory - mode: 0755 - when: submodules_versioncheck|bool + mode: '0755' + when: submodules_versioncheck | bool -- name: check playbook version +- name: Check playbook version become: true ansible.builtin.slurp: src: "/etc/.ansible-version/{{ playbook_version_path }}" register: playbook_version - when: submodules_versioncheck|bool - ignore_errors: true + when: submodules_versioncheck | bool failed_when: false -- name: Print remote role version +- name: Print remote role version # noqa: H500 ansible.builtin.debug: msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool -- name: Print locale role version +- name: Print locale role version # noqa: H500 ansible.builtin.debug: - msg: "Local role version: '{{ playbook_version_number|string }}'." - when: submodules_versioncheck|bool + msg: "Local role version: '{{ playbook_version_number | string }}'." + when: submodules_versioncheck | bool - name: Check if your version is outdated ansible.builtin.fail: msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" when: - - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool + - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool -- name: write new version to remote disk +- name: Write new version to remote disk become: true ansible.builtin.copy: content: "{{ playbook_version_number }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}" mode: '0644' - when: submodules_versioncheck|bool + when: submodules_versioncheck | bool + tags: skip_ansible_lint_template-instead-of-copy