ansible migrate prep to submodule

2024-09-14 19:53:56 +02:00 · 2021-01-16 18:04:32 +01:00 · 2021-01-16 18:04:32 +01:00 · 0e6bed64bb
commit 0e6bed64bb
parent e8b6f6d5ab
15 changed files with 5 additions and 363 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -61,3 +61,6 @@
 [submodule "roles/do1jlr.ansible_version"]
 	path = roles/do1jlr.ansible_version
 	url = https://github.com/roles-ansible/role_ansible-version.git
 [submodule "roles/do1jlr.mailserver_preperation"]
 	path = roles/do1jlr.mailserver_preperation
 	url = https://github.com/DO1JLR/ansible_role_mailserver_preperations.git
--- a/roles/do1jlr.mailserver_preperation
+++ b/roles/do1jlr.mailserver_preperation
@ -0,0 +1 @@
 Subproject commit cc75d86d523dea277a6771b0b2d4bf670dd18417
--- a/roles/mailserver_preperation/README.md
+++ b/roles/mailserver_preperation/README.md
@ -1,4 +0,0 @@
 Requirements:
  - unbound for dns from localhost
  - rspamd... maybe
  ...
--- a/roles/mailserver_preperation/defaults/main.yml
+++ b/roles/mailserver_preperation/defaults/main.yml
@ -1,41 +0,0 @@
 ---
 # which is the reverse dns and dns name of this mail server
 mailserver_domain: "{{ ansible_fqdn }}"
 # configure proper dns resolution
 set_additional_nameserver: true
 additional_v4nameserver: '46.182.19.48'
 additional_v6nameserver: '2a02:2970:1002::18'
 # add additional entrys do your local /etc/hosts for the localhost entry
 additional_dns_maildomains: "{{ mailserver_domain }}"
 # mailser settings
 mailserver__user: 'vmail'
 mailserver__group: 'vmail'
 mailserver__home: '/var/vmail'
 mailserver__shell: '/bin/false'
 mailserver__domains: []
 #  - fqdn: example.com
 mailserver__accounts: []
 #  - username: 'alice'
 #    domain: 'example.com'
 #    password_hash:  # generate with $(doveadm pw -s SHA512-CRYPT)
 #      # or $ python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
 #    quota: '0'
 #    enabled: true
 #    sendonly: false
 mailserver__alias:
 #  - src_username: 'bob' # null for catchall
 #    src_domain: 'example.com'
 #    dest_username: 'alice'
 #    dest_domain: 'example.com'
 #    enabled: true
 # should we enable basic versionscheck (true is recomended)
 submodules_versioncheck: false
--- a/roles/mailserver_preperation/files/schema.sql
+++ b/roles/mailserver_preperation/files/schema.sql
@ -1,45 +0,0 @@
 CREATE DATABASE IF NOT EXISTS vmail CHARACTER SET 'utf8';
 USE vmail;
 CREATE TABLE IF NOT EXISTS `domains` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `domain` varchar(255) NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY (`domain`)
 );
 CREATE TABLE IF NOT EXISTS `accounts` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `username` varchar(64) NOT NULL,
    `domain` varchar(255) NOT NULL,
    `password` varchar(255) NOT NULL,
    `quota` int unsigned DEFAULT '0',
    `enabled` boolean DEFAULT '0',
    `sendonly` boolean DEFAULT '0',
    PRIMARY KEY (id),
    UNIQUE KEY (`username`, `domain`),
    FOREIGN KEY (`domain`) REFERENCES `domains` (`domain`)
 );
 CREATE TABLE IF NOT EXISTS `aliases` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `source_username` varchar(64) NULL,
    `source_domain` varchar(255) NOT NULL,
    `destination_username` varchar(64) NOT NULL,
    `destination_domain` varchar(255) NOT NULL,
    `enabled` boolean DEFAULT '0',
    PRIMARY KEY (`id`),
    UNIQUE KEY (`source_username`, `source_domain`, `destination_username`, `destination_domain`),
    FOREIGN KEY (`source_domain`) REFERENCES `domains` (`domain`)
 );
 CREATE TABLE IF NOT EXISTS  `tlspolicies` (
    `id` int unsigned NOT NULL AUTO_INCREMENT,
    `domain` varchar(255) NOT NULL,
    `policy` enum('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL,
    `params` varchar(255),
    PRIMARY KEY (`id`),
    UNIQUE KEY (`domain`)
 );
--- a/roles/mailserver_preperation/handlers/main.yml
+++ b/roles/mailserver_preperation/handlers/main.yml
@ -1,16 +0,0 @@
 ---
 - name: import mail database config
  become: true
  community.mysql.mysql_db:
    name: vmail
    encoding: 'utf8'
    state: import
    target: '/root/.mariadb_schema/config.sql'
 - name: create database schema
  become: true
  community.mysql.mysql_db:
    name: vmail
    encoding: 'utf8'
    state: import
    target: '/root/.mariadb_schema/schema.sql'
--- a/roles/mailserver_preperation/tasks/hosts.yml
+++ b/roles/mailserver_preperation/tasks/hosts.yml
@ -1,31 +0,0 @@
 ---
 - name: "set {{ mailserver_domain }} as hostname"
  become: true
  hostname:
    name: "{{ mailserver_domain }}"
 - name: Add hostname to /etc/hosts
  become: true
  lineinfile:
    dest: /etc/hosts
    regexp: "^127.0.1.1"
    line: "127.0.1.1 {{ inventory_hostname }} {{ ansible_hostname }} {{ additional_dns_maildomains }}"
    state: present
 - name: Set /etc/mailname
  become: true
  copy:
    dest: "/etc/mailname"
    content: "{{ mailserver_domain }}"
    mode: '0644'
 - name: set own dns resolver
  become: true
  template:
    src: templates/resolve.conf.j2
    dest: /etc/resolv.conf
    mode: 0644
    owner: root
    group: root
--- a/roles/mailserver_preperation/tasks/main.yml
+++ b/roles/mailserver_preperation/tasks/main.yml
@ -1,13 +0,0 @@
 ---
 - include_tasks: versioncheck.yml
  when: submodules_versioncheck|bool
 - name: configure local hostnames
  include_tasks: hosts.yml
 - name: configure vmail user
  include_tasks: user.yml
 - name: configure mariadb
  include_tasks: mariadb.yml
--- a/roles/mailserver_preperation/tasks/mariadb.yml
+++ b/roles/mailserver_preperation/tasks/mariadb.yml
@ -1,25 +0,0 @@
 ---
 - name: create database schema store dir
  become: true
  file:
    path: /root/.mariadb_schema
    state: directory
    mode: '0755'
    owner: root
    group: root
 - name: Copy database schema
  become: true
  copy:
    src: files/schema.sql
    dest: /root/.mariadb_schema/schema.sql
    mode: '0644'
  notify: create database schema
 - name: Copy mail config
  become: true
  template:
    src: templates/mysqlconfig.sql.j2
    dest: /root/.mariadb_schema/config.sql
    mode: '0644'
  notify: import mail database config
--- a/roles/mailserver_preperation/tasks/user.yml
+++ b/roles/mailserver_preperation/tasks/user.yml
@ -1,32 +0,0 @@
 ---
 - name: create mail group
  group:
    name: "{{ mailserver__group }}"
    state: present
 - name: Create mail user
  become: true
  user:
    name: "{{ mailserver__user }}"
    home: "{{ mailserver__home }}"
    group: "{{ mailserver__group }}"
    shell: "{{ mailserver__shell }}"
 - name: Create mail user sieve directory
  become: true
  file:
    path: "{{ mailserver__home }}/sieve/global"
    state: directory
    owner: vmail
    group: vmail
    mode: 0770
    recurse: true
 - name: Create mail user mailbox directory
  become: true
  file:
    path: /var/vmail/mailboxes
    state: directory
    owner: vmail
    group: vmail
    mode: '0770'
--- a/roles/mailserver_preperation/tasks/versioncheck.yml
+++ b/roles/mailserver_preperation/tasks/versioncheck.yml
@ -1,46 +0,0 @@
 ---
 - name: Create directory for versionscheck
  become: true
  file:
    path: '/etc/.ansible-version'
    state: directory
    mode: 0755
  when: submodules_versioncheck|bool
 - name: check playbook version
  become: true
  slurp:
    src: "/etc/.ansible-version/{{ playbook_version_path }}"
  register: playbook_version
  when: submodules_versioncheck|bool
  ignore_errors: yes
  failed_when: false
 - name: Print remote role version
  debug:
    msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
  when: submodules_versioncheck|bool
 - name: Print locale role version
  debug:
    msg: "Local role version: '{{ playbook_version_number|string }}'."
  when: submodules_versioncheck|bool
 - name: Check if your version is outdated
  fail:
    msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
  when:
    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
 - name: check if '/etc/ansible-version/' is empty
  find:
    paths: '/etc/ansible-version/'
  register: filesFound
 - name: write new version to remote disk
  become: true
  copy:
    content: "{{ playbook_version_number }}"
    dest: "/etc/.ansible-version/{{ playbook_version_path }}"
    mode: 0644
  when: submodules_versioncheck|bool
--- a/roles/mailserver_preperation/templates/mysqlconfig.sql.j2
+++ b/roles/mailserver_preperation/templates/mysqlconfig.sql.j2
@ -1,99 +0,0 @@
 {#-
  This is the mysql command template for updating all existing users, domains and alias config.
  The following yml is an example confiuration...
 ############
 ---
  mailserver__domains:
    - fqdn: example.com
  mailserver__accounts:
    - username: 'alice'
      domain: 'example.com'
      password_hash:  # generate with $(doveadm pw -s SHA512-CRYPT)
        # or $ python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'
      quota: '0'
      enabled: true
      sendonly: false
  mailserver__alias:
    - src_username: 'bob' # null for catchall
      src_domain: 'example.com'
      dest_username: 'alice'
      dest_domain: 'example.com'
      enabled: true
 ###############
  OK, first we select the wanted database!
 -#}
 use vmail;
 {#
  Next we will define all existing domains.
  We use INSERT IGNORE to insert the domains and ignore duplicates.
  To delete a domain you have to do it manually using mysql commands or sth. like that!
 -#}
 INSERT IGNORE INTO domains
  (domain)
 values
 {% for domain in mailserver__domains %}
  ('{{ domain["fqdn"] }}')
  {%- if loop.last -%}
    ;
  {%- else -%}
    ,
  {%- endif %}
 {% endfor %}
 {#-
  Now we will define the users and passwords.
  We will use REPLACE to replace updated entrys or add new one.
 #}
 REPLACE into accounts
  (username, domain, password, quota, enabled, sendonly)
 values
 {% for account in mailserver__accounts %}
  ('{{ account["username"] }}', '{{ account["domain"] }}', '{{ account["password_hash"] }}', {{ account["quota"]|default(0) | int }}, {{ account["enabled"] | bool | ternary('true', 'false') }} , {{ account["sendonly"] | bool | ternary('true', 'false' )}})
  {%- if loop.last -%}
    ;
  {%- else -%}
    ,
  {%- endif %}
 {% endfor %}
 {#
  Last we will define some aliases and catchall...
 #}
 REPLACE into aliases
  (source_username, source_domain, destination_username, destination_domain, enabled)
 values
 {% for alias in mailserver__alias %}
  (
    {%- if alias["src_username"] == 'null' -%}
      null
    {%- else -%}
      '{{ alias["src_username"] }}'
    {%- endif -%}
      , '{{ alias["src_domain"] }}', '{{ alias["dest_username"] }}', '{{ alias["dest_domain"] }}', {{ alias["enabled"] | bool | ternary('true', 'false') }})
  {%- if loop.last -%}
    ;
  {%- else -%}
    ,
  {%- endif %}
 {% endfor %}
--- a/roles/mailserver_preperation/templates/resolve.conf.j2
+++ b/roles/mailserver_preperation/templates/resolve.conf.j2
@ -1,7 +0,0 @@
 # {{ ansible_managed }}
 nameserver ::1
 nameserver 127.0.0.1
 {% if set_additional_nameserver -%}
 nameserver {{ additional_v4nameserver }}
 nameserver {{ additional_v6nameserver }}
 {%- endif %}
--- a/roles/mailserver_preperation/vars/main.yml
+++ b/roles/mailserver_preperation/vars/main.yml
@ -1,3 +0,0 @@
 ---
 playbook_version_number: 34 # should be int
 playbook_version_path: 'role-mailserver_roles-ansile_github.com.version'
--- a/site.yml
+++ b/site.yml
@ -36,7 +36,7 @@
 - name: deploy mail config
  hosts: mail
  roles:
-    - { role: mailserver_preperation, tags: [mail,mailserver_preperation,prep,mailserver]}
+    - { role: do1jlr.mailserver_preperation, tags: [mail,mailserver_preperation,prep,mailserver]}
    - { role: unbound, tags: [mail,unbound]}
    - { role: webhost2, tags: [mail,webhost]}
    - { role: acmetool_fix, tags: [mail,acmetool]}
		`@ -0,0 +1 @@`
							`Subproject commit cc75d86d523dea277a6771b0b2d4bf670dd18417`