ansible/ansible_role_rspamd
1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_rspamd.git synced 2024-08-16 17:09:51 +02:00
Code Issues Releases Activity

start improve apt, linting and versionscheck

Browse source
This commit is contained in:
L3D 2023-10-29 23:48:34 +01:00
parent d90b623ec8
commit e2a6db4c2e
No known key found for this signature in database
GPG key ID: AD65B920933B4B20
6 changed files with 67 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
handlers/main.yml
View file

@ -1,10 +1,10 @@
--- ---
- name: sudo apt update - name: Run sudo apt update
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
- name: systemctl restart rspamd - name: Run systemctl restart rspamd
become: true become: true
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'rspamd' name: 'rspamd'

22
tasks/configure.yml
View file

@ -9,7 +9,7 @@
mode: '0640' mode: '0640'
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
rescue: rescue:
- name: you have to install passlib - name: you have to install passlib
ansible.builtin.fail: ansible.builtin.fail:
@ -23,7 +23,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: milter_headers.conf - name: milter_headers.conf
become: true become: true
@ -33,7 +33,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: milter_headers.conf - name: milter_headers.conf
become: true become: true
@ -43,7 +43,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: Einstellug der redis.conf - name: Einstellug der redis.conf
become: true become: true
@ -53,7 +53,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: classifier-bayes.conf - name: classifier-bayes.conf
become: true become: true
@ -63,7 +63,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: Einstellug der eignene black/whitelist - name: Einstellug der eignene black/whitelist
become: true become: true
@ -73,7 +73,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: multimap whitelist_ip.map - name: multimap whitelist_ip.map
become: true become: true
@ -83,7 +83,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: multimap whitelist_from.map - name: multimap whitelist_from.map
become: true become: true
@ -93,7 +93,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: multimap blacklist_ip.map - name: multimap blacklist_ip.map
become: true become: true
@ -103,7 +103,7 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd
- name: multimap blacklist_from.map - name: multimap blacklist_from.map
become: true become: true
@ -113,4 +113,4 @@
owner: "{{ rspamd__default_owner }}" owner: "{{ rspamd__default_owner }}"
group: "{{ rspamd__default_group }}" group: "{{ rspamd__default_group }}"
mode: '0640' mode: '0640'
notify: systemctl restart rspamd notify: Run systemctl restart rspamd

24
tasks/main.yml
View file

@ -1,18 +1,24 @@
--- ---
- include_tasks: versioncheck.yml - name: Run optional versioncheck
when: submodules_versioncheck|bool ansible.builtin.include_tasks:
file: 'versioncheck.yml'
when: submodules_versioncheck | bool
- name: add apt repos and install rspamd - name: Add apt repos and install rspamd
include_tasks: packages.yml ansible.builtin.include_tasks:
file: 'packages.yml'
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- name: configure rspamd - name: Configure rspamd
include_tasks: configure.yml ansible.builtin.include_tasks:
file: 'configure.yml'
- name: rspamd dkim signing - name: Rspamd dkim signing (TODO)
include_tasks: dkim.yml ansible.builtin.include_tasks:
file: 'dkim.yml'
when: rspamd__configure_dkim | bool when: rspamd__configure_dkim | bool
- name: redis backend - name: redis backend
include_tasks: redis.yml ansible.builtin.include_tasks:
file: 'redis.yml'
when: rspamd__configure_redis | bool when: rspamd__configure_redis | bool

35
tasks/packages.yml
View file

@ -1,27 +1,28 @@
--- ---
- name: update repo-cache for debian/ubuntu - name: Update repo-cache for debian/ubuntu
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
- name: install requirements to add new package repos - name: Install requirements to add new package repos
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
name: name: "{{ item }}"
- lsb-release
- wget
- debian-goodies
- apt-dater-host
- apt-transport-https
state: present state: present
loop:
- 'lsb-release'
- 'wget'
- 'debian-goodies'
- 'apt-dater-host'
- #apt-transport-https'
- name: add rspam repo key - name: add rspam repo key
become: true become: true
ansible.builtin.apt_key: ansible.builtin.apt_key:
url: 'https://rspamd.com/apt-stable/gpg.key' url: 'https://rspamd.com/apt-stable/gpg.key'
state: present state: 'present'
notify: sudo apt update notify: Run sudo apt update
- name: Download /etc/apt/keyrings/rspamd.gpg - name: Download /etc/apt/keyrings/rspamd.gpg
become: true become: true
@ -32,28 +33,28 @@
owner: 'root' owner: 'root'
group: 'root' group: 'root'
- name: add rspamd repo - name: Add rspamd repo
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" repo: "deb [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
state: present state: present
mode: 0644 mode: 0644
notify: sudo apt update notify: Run sudo apt update
- name: add rspamd srv-repo - name: Add rspamd srv-repo
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main" repo: "deb-src [signed-by=/etc/apt/keyrings/rspamd.gpg] https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
state: present state: present
mode: 0644 mode: 0644
notify: sudo apt update notify: Run sudo apt update
- name: run update if something changed - name: Run update if something changed
ansible.builtin.meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: install rspamd - name: Install rspamd
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
name: rspamd name: rspamd
state: present state: present
notify: systemctl restart rspamd notify: Run systemctl restart rspamd

9
tasks/redis.yml
View file

@ -1,5 +1,12 @@
--- ---
- name: install redis backend - name: Update apt cache
become: true
ansible.builtin.apt:
update_cache: true
when:
- ansible_pkg_mgr == "apt"
- name: Install redis backend
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
name: redis name: redis

26
tasks/versioncheck.yml
View file

@ -7,38 +7,38 @@
ansible.builtin.file: ansible.builtin.file:
path: '/etc/.ansible-version' path: '/etc/.ansible-version'
state: directory state: directory
mode: 0755 mode: '0755'
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: check playbook version - name: Check playbook version
become: true become: true
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}" src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version register: playbook_version
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
ignore_errors: true
failed_when: false failed_when: false
- name: Print remote role version - name: Print remote role version # noqa: H500
ansible.builtin.debug: ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Print locale role version - name: Print locale role version # noqa: H500
ansible.builtin.debug: ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number|string }}'." msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
- name: Check if your version is outdated - name: Check if your version is outdated
ansible.builtin.fail: ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when: when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: write new version to remote disk - name: Write new version to remote disk
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ playbook_version_number }}" content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}" dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644' mode: '0644'
when: submodules_versioncheck|bool when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy