dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
2 Branches
0 Tags
425 KiB
Tag: Branch: Tree: bdbca4a90e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bdbca4a90e'
${ noResults }
ansible-playbooks/roles/rspamd/tasks/main.yml

162 lines
3.7 KiB
Raw Normal View History Unescape

init
2 years ago
- name: set rspamd_cfg
set_fact:
rspamd_cfg: "{{ rspamd_default_config | d({}) | combine(rspamd_config | d({}), recursive=true) }}"
- name: install rspamd
include_tasks: tasks/install_packages.yml
vars:
package:
- rspamd
- rspamd-client
- rspamd-controller
- rspamd-fuzzy
- rspamd-proxy
- alpine: rspamd-openrc
- py3-cryptography
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ rspamd_user }}"
group: "{{ rspamd_group }}"
- name: create rspamd directory structure
file:
path: "{{ item }}"
state: directory
mode: 0700
owner: "{{ rspamd_user }}"
group: "{{ rspamd_group }}"
loop:
- "{{ rspamd_conf_dir }}"
- "{{ rspamd_local_dir }}"
- "{{ rspamd_override_dir }}"
- "{{ rspamd_local_map_dir }}"
- name: edit service config
lineinfile:
path: /etc/conf.d/rspamd
regexp: "^{{ item.name }}="
line: "{{ item.name }}=\"{{ item.value }}\""
notify: restart rspamd
loop:
- name: command_user
value: "{{ rspamd_user }}:{{ rspamd_group }}"
- name: cfgfile
value: "{{ rspamd_conf_dir }}/rspamd.conf"
- name: template rspamd configuration
template:
src: rspamd.j2
dest: "{{ rspamd_local_dir ~ '/' ~ ((item ~ '.conf') if item is string else item.dest) }}"
force: yes
mode: 0400
lstrip_blocks: yes
owner: "{{ rspamd_user }}"
group: "{{ rspamd_group }}"
vars:
rspamd_config_item: "{{ item if item is string else item.conf }}"
loop:
- actions
- { conf: logging, dest: logging.inc }
- { conf: options, dest: options.inc }
- settings
- { conf: worker-controller, dest: worker-controller.inc }
- { conf: worker-fuzzy, dest: worker-fuzzy.inc }
- { conf: worker-normal, dest: worker-normal.inc }
- { conf: worker-proxy, dest: worker-proxy.inc }
- antivirus
- arc
- chartable
- classifier-bayes
- dkim
- dkim_signing
- dmarc
- force_actions
- greylist
- history_redis
- milter_headers
- { conf: mime_types, dest: mime_types.inc.local }
- multimap
- mx_check
- neural
- neural_group
- phishing
- redis
- replies
notify: restart rspamd
- name: template rspamd maps
template:
src: "{{ item.src ~ '.j2' }}"
dest: "{{ rspamd_local_map_dir ~ '/' ~ item.dest }}"
force: yes
mode: 0400
lstrip_blocks: yes
owner: "{{ rspamd_user }}"
group: "{{ rspamd_group }}"
loop:
- { src: bad_filenames, dest: bad_filenames.map }
- { src: local_domains, dest: local_domains.inc }
- { src: local_ip_ranges, dest: local_ip_ranges.inc }
notify: restart rspamd
- name: generate dkim keys
include_tasks: dkim.yml
vars:
key: "{{ item }}"
loop:
- { type: 'rsa', selector: 'rsa2048', path: '{{ rspamd_dkim_rsa2048_key }}' }
- { type: 'ed25519', selector: 'ed25519', path: '{{ rspamd_dkim_ed25519_key }}' }
- name: install and configure redis
include_role:
name: redis
vars:
redis_group: "{{ rspamd_group }}"
redis_config:
unixsocket: "{{ rspamd_redis_socket }}"
unixsocketperm: "770"
- name: install and configure nginx
include_role:
name: nginx
vars:
nginx:
servers:
- conf: nginx_server
certs: "{{ host_tls }}"
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ rspamd_conf_dir }}"
- "{{ rspamd_local_dir }}"
- "{{ rspamd_local_map_dir }}"
- "{{ rspamd_override_dir }}"
- name: enable and start rspamd
service:
name: rspamd
enabled: yes
state: started