diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index 564ae68a..626ac9d9 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -20,13 +20,13 @@ primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primar _users_administrator_username: "{{ users.administrator.username | default('administrator') }}" _users_administrator_email: "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}" -# Helper Variables for bouncer -_users_bouncer_username: "{{ users.bouncer.username | default('bouncer') }}" -_users_bouncer_email: "{{ users.bouncer.email | default(_users_bouncer_username ~ '@' ~ primary_domain) }}" +# Helper Variables for bounce +_users_bounce_username: "{{ users.bounce.username | default('bounce') }}" +_users_bounce_email: "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}" # Helper Variables for no-reply -_users_no_reply_username: "{{ users.no-reply.username | default('no-reply') }}" -_users_no_reply_email: "{{ users.no-reply.email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}" +_users_no_reply_username: "{{ users['no-reply'].username | default('no-reply') }}" +_users_no_reply_email: "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}" # Administrator default_users: @@ -38,12 +38,12 @@ default_users: gid: 1001 # Posix Group ID is_admin: true # Define as admin user - bouncer: - username: "{{ _users_bouncer_username }}" # Bounce-handler account username - email: "{{ _users_bouncer_email }}" # Email address for handling bounces + bounce: + username: "{{ _users_bounce_username }}" # Bounce-handler account username + email: "{{ _users_bounce_email }}" # Email address for handling bounces password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1002 # Posix User ID for bouncer - gid: 1002 # Posix Group ID for bouncer + uid: 1002 # Posix User ID for bounce + gid: 1002 # Posix Group ID for bounce no-reply: username: "{{ _users_no_reply_username }}" # No-reply account username diff --git a/group_vars/all/02_system_email.yml b/group_vars/all/02_system_email.yml index 6dd930d6..a648dd61 100644 --- a/group_vars/all/02_system_email.yml +++ b/group_vars/all/02_system_email.yml @@ -1,12 +1,9 @@ # Email Configuration default_system_email: - local: no-reply domain: "{{primary_domain}}" - username: "no-reply@{{primary_domain}}" host: "mail.{{primary_domain}}" port: 465 tls: true start_tls: false - from: "no-reply@{{primary_domain}}" smtp: true # password: # Needs to be defined in inventory file \ No newline at end of file diff --git a/roles/docker-baserow/templates/env.j2 b/roles/docker-baserow/templates/env.j2 index 3a35cd72..8462a653 100644 --- a/roles/docker-baserow/templates/env.j2 +++ b/roles/docker-baserow/templates/env.j2 @@ -5,8 +5,8 @@ BASEROW_PUBLIC_URL=https://{{ domain }} EMAIL_SMTP={{ system_email.smtp | upper }} EMAIL_SMTP_HOST={{ system_email.host }} EMAIL_SMTP_PORT={{ system_email.port }} -EMAIL_SMTP_USER={{system_email.username}} -EMAIL_SMTP_PASSWORD={{ system_email.password }} +EMAIL_SMTP_USER={{ users['no-reply'].email }} +EMAIL_SMTP_PASSWORD={{ users['no-reply'].mailu_token }} EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }} DATABASE_USER={{ database_username }} diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index a1d847cf..5078d3d1 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -43,10 +43,12 @@ - name: flush docker service meta: flush_handlers -- name: wait for database - pause: - seconds: "{{pause_duration}}" - when: applications.bigbluebutton.setup | bool +- name: Wait for BigBlueButton + wait_for: + host: "{{ domains.bigbluebutton }}" + port: 80 + delay: 5 + timeout: 600 - name: create admin command: diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index cddee5c2..6bcb92e7 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -209,16 +209,16 @@ ALLOW_GREENLIGHT_ACCOUNTS=true SMTP_SERVER={{system_email.host}} SMTP_DOMAIN={{system_email.domain}} SMTP_PORT={{system_email.port}} -SMTP_USERNAME={{system_email.username}} -SMTP_PASSWORD={{system_email.password}} +SMTP_USERNAME={{ users['no-reply'].email }} +SMTP_PASSWORD={{ users['no-reply'].mailu_token }} SMTP_AUTH=plain SMTP_OPENSSL_VERIFY_MODE=none SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}} SMTP_STARTTLS={{system_email.start_tls | lower}} SMTP_TLS={{system_email.tls | lower}} SMTP_SSL_VERIFY=true -SMTP_SENDER={{system_email.from}} -SMTP_SENDER_EMAIL={{system_email.from}} +SMTP_SENDER={{ users['no-reply'].email }} +SMTP_SENDER_EMAIL={{ users['no-reply'].email }} # Prefix for the applications root URL. # Useful for deploying the application to a subdirectory, which is highly recommended diff --git a/roles/docker-bluesky/templates/env.j2 b/roles/docker-bluesky/templates/env.j2 index ba7602c0..0dda6ae4 100644 --- a/roles/docker-bluesky/templates/env.j2 +++ b/roles/docker-bluesky/templates/env.j2 @@ -8,8 +8,8 @@ PDS_JWT_SECRET="{{applications.bluesky.pds.jwt_secret}}" PDS_ADMIN_PASSWORD="{{applications.bluesky.pds.admin_password}}" PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.pds.plc_rotation_key_k256_private_key_hex}}" PDS_CRAWLERS=https://bsky.network -PDS_EMAIL_SMTP_URL=smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}/ -PDS_EMAIL_FROM_ADDRESS={{system_email.from}} +PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/ +PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }} LOG_ENABLED=true PDS_BLOBSTORE_DISK_LOCATION=/opt/pds/blocks PDS_DATA_DIRECTORY: /opt/pds diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index 285a8e61..d8608603 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -58,11 +58,11 @@ env: # WARNING the char '#' in SMTP password can cause problems! DISCOURSE_SMTP_ADDRESS: {{ system_email.host }} DISCOURSE_SMTP_PORT: {{ system_email.port }} - DISCOURSE_SMTP_USER_NAME: {{ system_email.username }} - DISCOURSE_SMTP_PASSWORD: {{ system_email.password }} + DISCOURSE_SMTP_USER_NAME: {{ users['no-reply'].email }} + DISCOURSE_SMTP_PASSWORD: {{ users['no-reply'].mailu_token }} DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email.start_tls | upper }} DISCOURSE_SMTP_DOMAIN: {{ system_email.domain }} - DISCOURSE_NOTIFICATION_EMAIL: {{ system_email.from }} + DISCOURSE_NOTIFICATION_EMAIL: {{ users['no-reply'].email }} # Database Configuration DISCOURSE_DB_USERNAME: {{ database_username }} diff --git a/roles/docker-friendica/templates/env.j2 b/roles/docker-friendica/templates/env.j2 index 798034d1..5ca34418 100644 --- a/roles/docker-friendica/templates/env.j2 +++ b/roles/docker-friendica/templates/env.j2 @@ -20,11 +20,11 @@ MYSQL_PASSWORD= {{database_password}} SMTP= {{system_email.host}} SMTP_DOMAIN= {{system_email.domain}} SMTP_PORT= {{system_email.port}} -SMTP_AUTH_USER= {{system_email.username}} -SMTP_AUTH_PASS= {{system_email.password}} +SMTP_AUTH_USER= {{ users['no-reply'].email }} +SMTP_AUTH_PASS= {{ users['no-reply'].mailu_token }} SMTP_TLS= {{ 'on' if system_email.tls else 'off' }} SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }} -SMTP_FROM= {{system_email.local}} +SMTP_FROM= no-reply # Administrator Credentials FRIENDICA_ADMIN_MAIL= {{users.administrator.email}} diff --git a/roles/docker-funkwhale/templates/env.j2 b/roles/docker-funkwhale/templates/env.j2 index 35c2a58a..6aea719c 100644 --- a/roles/docker-funkwhale/templates/env.j2 +++ b/roles/docker-funkwhale/templates/env.j2 @@ -60,14 +60,14 @@ LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %} # (returns `noreply%40youremail.host`) # EMAIL_CONFIG=smtp://user:password@youremail.host:25 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465 -EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}} +EMAIL_CONFIG=smtp+tls://no-reply:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}} # Make e-mail verification mandatory before using the service # Doesn't apply to admins. # ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false # The e-mail address to use to send system e-mails. -DEFAULT_FROM_EMAIL={{system_email.from}} +DEFAULT_FROM_EMAIL={{ users['no-reply'].email }} # Depending on the reverse proxy used in front of your funkwhale instance, # the API will use different kind of headers to serve audio files diff --git a/roles/docker-gitea/templates/env.j2 b/roles/docker-gitea/templates/env.j2 index d7403872..b28a7905 100644 --- a/roles/docker-gitea/templates/env.j2 +++ b/roles/docker-gitea/templates/env.j2 @@ -19,12 +19,12 @@ ROOT_URL="{{ web_protocol }}://{{domains[application_id]}}/" # @see https://docs.gitea.com/next/installation/install-with-docker#managing-deployments-with-environment-variables # @todo test GITEA__mailer__ENABLED=true -GITEA__mailer__FROM={{ system_email.from }} +GITEA__mailer__FROM={{ users['no-reply'].email }} GITEA__mailer__PROTOCOL=smtps GITEA__mailer__SMTP_ADDR={{ system_email.host }} GITEA__mailer__SMTP_PORT={{ system_email.port }} -GITEA__mailer__USER={{system_email.username}} -GITEA__mailer__PASSWD={{ system_email.password }} +GITEA__mailer__USER={{ users['no-reply'].email }} +GITEA__mailer__PASSWD={{ users['no-reply'].mailu_token }} # Allow push creation # @see https://github.com/go-gitea/gitea/issues/17619 diff --git a/roles/docker-keycloak/templates/import/realm.json.j2 b/roles/docker-keycloak/templates/import/realm.json.j2 index 6eb88a66..e7fa0b7b 100644 --- a/roles/docker-keycloak/templates/import/realm.json.j2 +++ b/roles/docker-keycloak/templates/import/realm.json.j2 @@ -1655,18 +1655,18 @@ "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": { - "password": "{{system_email.password}}", + "password": "{{ users['no-reply'].mailu_token }}", "replyToDisplayName": "", "starttls": "{{system_email.start_tls | lower}}", "auth": "true", "port": "{{system_email.port}}", "replyTo": "", "host": "{{system_email.host}}", - "from": "{{system_email.from}}", + "from": "{{ users['no-reply'].email }}", "fromDisplayName": "Keycloak Authentification System - {{domains.keycloak}}", "envelopeFrom": "", "ssl": "true", - "user": "{{system_email.username}}" + "user": "{{ users['no-reply'].email }}" }, "eventsEnabled": false, "eventsListeners": [ diff --git a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2 b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2 index 5b210bf5..e3c7e280 100644 --- a/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2 +++ b/roles/docker-ldap/templates/ldif/data/02_users.ldif.j2 @@ -11,31 +11,31 @@ objectClass: organizationalUnit ou: roles description: Container for application access profiles -{% for user in users %} +{% for username, user in users.items() %} ####################################################################### -# Create User {{ user.username }} +# Create User {{ username }} ####################################################################### -dn: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }} +dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }} objectClass: top objectClass: inetOrgPerson objectClass: posixAccount -{{ ldap.attributes.user_id }}: {{ user.username }} -sn: {{ user.username }} -cn: {{ user.username }} +{{ ldap.attributes.user_id }}: {{ username }} +sn: {{ username }} +cn: {{ username }} userPassword: {{ user.password }} loginShell: /bin/bash -homeDirectory: /home/{{ user.username }} +homeDirectory: /home/{{ username }} uidNumber: {{ user.uid }} gidNumber: {{ user.gid }} ####################################################################### -# Assign {{ user.username }} to application user roles +# Assign {{ username }} to application user roles ####################################################################### {% for app, config in defaults_applications.items() %} dn: cn={{ app }}-user,{{ ldap.dn.application_roles }} changetype: modify add: roleOccupant -roleOccupant: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }} +roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }} {% endfor %} {% endfor %} diff --git a/roles/docker-listmonk/vars/main.yml b/roles/docker-listmonk/vars/main.yml index 4ef477b6..24671ad8 100644 --- a/roles/docker-listmonk/vars/main.yml +++ b/roles/docker-listmonk/vars/main.yml @@ -38,8 +38,8 @@ listmonk_settings: "host": system_email.host, "port": system_email.port, "enabled": system_email.smtp, - "username": system_email.username, - "password": system_email.password, + "username": "no-reply", + "password": users['no-reply'].email, "tls_type": ( system_email.tls | ternary("TLS", @@ -72,8 +72,30 @@ listmonk_settings: - key: "app.site_name" value: '"{{ service_provider.company.titel }} Mailing list"' -# - key: "bounce.enabled" -# value: 'false' + # Enable the bounce module + - key: "bounce.enabled" + value: 'true' + + # Configure POP3 mailbox for processing bounces + - key: "bounce.mailboxes" + value: >- + {{ [ + { + "host": system_email.host, + "port": system_email.port, + "type": "pop", + "uuid": "471fd0e9-8c33-4e4a-9183-c4679699faca", + "enabled": true, + "username": users.bounce.email, + "password": users.bounce.mailu_token, + "return_path": users.bounce.email, + "tls_enabled": system_email.tls, + "auth_protocol": "userpass", + "scan_interval": "15m", + "tls_skip_verify": false + } + ] | to_json }} + # # - key: "upload.max_file_size" # value: '5000' @@ -85,14 +107,14 @@ listmonk_settings: # value: '1000' - key: "app.from_email" - value: '"{{ service_provider.company.titel }} Newsletter <{{ system_email.from }}>"' + value: '"{{ service_provider.company.titel }} Newsletter <{{ users["no-reply"].email }}>"' - - key: "bounce.actions" - value: >- - {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}} - - - key: "app.concurrency" - value: '10' +# - key: "bounce.actions" +# value: >- +# {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}} +# +# - key: "app.concurrency" +# value: '10' - key: "app.favicon_url" value: '"{{ service_provider.platform.favicon }}"' diff --git a/roles/docker-mailu/tasks/TODO.md b/roles/docker-mailu/tasks/TODO.md deleted file mode 100644 index ab9741a0..00000000 --- a/roles/docker-mailu/tasks/TODO.md +++ /dev/null @@ -1,2 +0,0 @@ -# Todo -- Implement create-mailu-user-and-token.yml for no-reply and bounce \ No newline at end of file diff --git a/roles/docker-mailu/tasks/create-mailu-user-and-token.yml b/roles/docker-mailu/tasks/create-mailu-user-and-token.yml index 07544978..40f4274c 100644 --- a/roles/docker-mailu/tasks/create-mailu-user-and-token.yml +++ b/roles/docker-mailu/tasks/create-mailu-user-and-token.yml @@ -1,72 +1,75 @@ ---- -# tasks/create-mailu-user-and-token.yml -# -# Ensures a Mailu user exists and idempotently creates an API token for them, -# storing tokens in a dictionary for targeted access. -# -# Required variables: -# mailu_compose_dir: Path to your docker-compose.yml directory -# mailu_user: Local part of the user (e.g., "alice") -# mailu_domain: Domain for the user (e.g., "example.com") -# mailu_password: Password for the new user -# mailu_api_base_url: Base URL of the Mailu API (e.g., "https://mail.example.com/api/v1") -# mailu_global_api_token: Global API token (from API_TOKEN environment variable) -# -# Optional variable: -# mailu_user_tokens: Dictionary of existing tokens, e.g. { "alice": "secret" } - - name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists" command: > - docker compose exec admin flask mailu {{ mailu_action }} {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}' + docker compose exec admin flask mailu {{ mailu_action }} + {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}' args: chdir: "{{ mailu_compose_dir }}" - register: mailu_user_creation - failed_when: false - changed_when: mailu_user_creation.rc == 0 and 'User added' in mailu_user_creation.stdout + register: mailu_user_result + failed_when: > + mailu_user_result.rc != 0 and + ( + "exists, not created" not in mailu_user_result.stderr and + "Duplicate entry" not in mailu_user_result.stderr + ) + changed_when: mailu_user_result.rc == 0 -- name: "Fetch existing API tokens" - uri: - url: "{{ mailu_api_base_url }}/tokens" - method: GET - headers: - Authorization: "Bearer {{ mailu_global_api_token }}" - return_content: yes - register: mailu_tokens_response - failed_when: mailu_tokens_response.status not in [200] +- name: "Change password for user {{ mailu_user }}@{{ mailu_domain }}" + command: > + docker compose exec admin flask mailu password + {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}' + args: + chdir: "{{ mailu_compose_dir }}" + +- name: "Fetch existing API tokens via curl inside admin container" + command: >- + docker compose exec -T admin \ + curl -s -X GET http://127.0.0.1:8080/api/v1/token \ + -H "Authorization: Bearer {{ mailu_global_api_token }}" + args: + chdir: "{{ mailu_compose_dir }}" + register: mailu_tokens_cli + changed_when: false - name: "Extract existing token info for {{ mailu_user }}" set_fact: - mailu_user_existing_token: > - {{ mailu_tokens_response.json - | selectattr('comment', 'equalto', mailu_user) - | list - | first }} + mailu_user_existing_token: >- + {{ ( + mailu_tokens_cli.stdout + | default('[]') + | from_json + | selectattr('comment','equalto', mailu_user ~ " - ansible.cymais") + | list + ).0 | default(None) }} - name: "Create API token for {{ mailu_user }} if none exists" - uri: - url: "{{ mailu_api_base_url }}/tokens" - method: POST - headers: - Authorization: "Bearer {{ mailu_global_api_token }}" - Content-Type: "application/json" - body_format: json - body: - comment: "{{ mailu_user }}" - ip: "{{ mailu_token_ip }}" - status_code: 201 + command: >- + docker compose exec -T admin \ + curl -s -X POST http://127.0.0.1:8080/api/v1/token \ + -H "Authorization: Bearer {{ mailu_global_api_token }}" \ + -H "Content-Type: application/json" \ + -d '{{ { + "comment": mailu_user ~ " - ansible.cymais", + "email": users[mailu_user].email, + "ip": mailu_token_ip + } | to_json }}' + args: + chdir: "{{ mailu_compose_dir }}" register: mailu_token_creation - when: mailu_user_existing_token is not defined + when: (mailu_user_existing_token | default('') | length) == 0 -- name: "Set mailu_user_tokens dictionary" +- name: "Add mailu_token to users dict if created" set_fact: - mailu_user_tokens: > - {{ (mailu_user_tokens | default({})) - | combine({ mailu_user: ((mailu_token_creation is defined) - | ternary(mailu_token_creation.json.secret, - mailu_user_existing_token.secret)) }) }} - -# Note: -# - GET /tokens returns only metadata (id, comment, ip, created), not the secret itself. -# - The secret is returned only by the POST request and must be captured when created. -# - Tokens are stored in the mailu_user_tokens dictionary for targeted access. -# - Persist mailu_user_tokens securely (e.g., in Ansible Vault) for future use. \ No newline at end of file + users: >- + {{ users + | combine({ + mailu_user: ( + users[mailu_user] + | combine({ + 'mailu_token': (mailu_token_creation.stdout | from_json).token + }) + ) + }, recursive=True) + }} + when: + - mailu_token_creation is defined + - (mailu_user_existing_token | default('') | length) == 0 diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index e4cc96dc..f4dc9c55 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -30,7 +30,7 @@ include_tasks: create-mailu-user-and-token.yml vars: mailu_compose_dir: "{{ docker_compose.directories.instance }}" - mailu_domain: "{{ domain }}" + mailu_domain: "{{ primary_domain }}" mailu_api_base_url: "{{ web_protocol }}://{{ domain }}/api/v1" mailu_global_api_token: "{{ applications.mailu.credentials.api_token }}" mailu_action: "{{ item.value.is_admin | default(false) | ternary('admin','user') }}" diff --git a/roles/docker-mailu/templates/env.j2 b/roles/docker-mailu/templates/env.j2 index 0a842ad1..3fa7305f 100644 --- a/roles/docker-mailu/templates/env.j2 +++ b/roles/docker-mailu/templates/env.j2 @@ -144,9 +144,16 @@ LOG_LEVEL=WARNING SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci + +################################### +# API Settings +################################### +API=true +WEB_API=/api # Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API. API_TOKEN={{applications.mailu.credentials.api_token}} + # Activated https://mailu.io/master/configuration.html#advanced-settings AUTH_REQUIRE_TOKENS=True diff --git a/roles/docker-mariadb/tasks/main.yml b/roles/docker-mariadb/tasks/main.yml index 464788c7..15354beb 100644 --- a/roles/docker-mariadb/tasks/main.yml +++ b/roles/docker-mariadb/tasks/main.yml @@ -36,10 +36,16 @@ state: present when: run_once_docker_mariadb is not defined -- name: wait for database - pause: - seconds: "{{pause_duration}}" - when: setup_mariadb_container_result.changed and run_once_docker_mariadb is not defined +- name: Wait for MariaDB inside the container to respond + shell: docker exec central-mariadb mysqladmin ping -h localhost --silent + register: mysql_ping + until: mysql_ping.rc == 0 + retries: 30 + delay: 5 + when: + - setup_mariadb_container_result is defined + - setup_mariadb_container_result.changed + - run_once_docker_mariadb is not defined - name: "Create database: {{ database_name }}" mysql_db: diff --git a/roles/docker-mastodon/templates/env.j2 b/roles/docker-mastodon/templates/env.j2 index 9baa3ee9..84254bc2 100644 --- a/roles/docker-mastodon/templates/env.j2 +++ b/roles/docker-mastodon/templates/env.j2 @@ -45,12 +45,12 @@ REDIS_PASSWORD= SMTP_SERVER={{system_email.host}} SMTP_PORT={{system_email.port}} -SMTP_LOGIN={{system_email.username}} -SMTP_PASSWORD={{system_email.password}} +SMTP_LOGIN={{ users['no-reply'].email }} +SMTP_PASSWORD={{ users['no-reply'].mailu_token }} SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none SMTP_ENABLE_STARTTLS=auto -SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}> +SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}> {% if applications[application_id].features.oidc | bool %} ################################### diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index 81d1c932..1191e78e 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -33,12 +33,12 @@ admin_contact: 'mailto:{{users.administrator.email}}' email: smtp_host: "{{system_email.host}}" smtp_port: "{{system_email.port}}" - smtp_user: "{{system_email.from}}" - smtp_pass: "{{system_email.password}}" + smtp_user: "{{ users['no-reply'].email }}" + smtp_pass: "{{ users['no-reply'].mailu_token }}" #force_tls: true #require_transport_security: true enable_tls: "{{ system_email.tls | upper }}" - notif_from: "Your Friendly %(app)s homeserver <{{system_email.from}}>" + notif_from: "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>" app_name: "Matrix on {{domains.matrix_synapse}}" enable_notifs: true notif_for_new_users: false @@ -49,14 +49,14 @@ email: # @See https://matrix-org.github.io/synapse/latest/openid.html oidc_providers: - idp_id: keycloak - idp_name: "{{oidc.button_text}}" - issuer: "{{oidc.client.issuer_url}}" - client_id: "{{oidc.client.id}}" - client_secret: "{{oidc.client.secret}}" + idp_name: "{{oidc.button_text}}" + issuer: "{{oidc.client.issuer_url}}" + client_id: "{{oidc.client.id}}" + client_secret: "{{oidc.client.secret}}" scopes: ["openid", "profile"] user_mapping_provider: config: - localpart_template: "{% raw %}{{ user.{% endraw %}{{oidc.attributes.username}} {% raw %}}}{% endraw %}" + localpart_template: "{% raw %}{{ user.{% endraw %}{{oidc.attributes.username}}{% raw %}}}{% endraw %}" display_name_template: "{% raw %}{{ user.name }}{% endraw %}" backchannel_logout_enabled: true {% endif %} diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2 index e2e42190..0fde9372 100644 --- a/roles/docker-nextcloud/templates/env.j2 +++ b/roles/docker-nextcloud/templates/env.j2 @@ -16,11 +16,11 @@ PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].performance.php. SMTP_HOST= {{system_email.host}} SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }} SMTP_PORT= {{system_email.port}} -SMTP_NAME= {{system_email.username}} -SMTP_PASSWORD= {{system_email.password}} +SMTP_NAME= {{ users['no-reply'].email }} +SMTP_PASSWORD= {{ users['no-reply'].mailu_token }} # Email from configuration -MAIL_FROM_ADDRESS= "{{system_email.local}}" +MAIL_FROM_ADDRESS= "no-reply" MAIL_DOMAIN= "{{system_email.domain}}" # Initial Admin Data diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index ea583428..1c2a1717 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -13,8 +13,8 @@ openproject_rails_settings: email_delivery_method: "smtp" smtp_address: "{{ system_email.host }}" smtp_domain: "{{ system_email.domain }}" - smtp_user_name: "{{ system_email.username }}" - smtp_password: "{{ system_email.password }}" + smtp_user_name: "{{ users['no-reply'].email }}" + smtp_password: "{{ users['no-reply'].mailu_token }}" smtp_ssl: false openproject_filters: diff --git a/roles/docker-peertube/templates/env.j2 b/roles/docker-peertube/templates/env.j2 index 1aad1488..c81c7f14 100644 --- a/roles/docker-peertube/templates/env.j2 +++ b/roles/docker-peertube/templates/env.j2 @@ -14,11 +14,11 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"] PEERTUBE_SECRET={{peertube_secret}} # E-mail configuration -PEERTUBE_SMTP_USERNAME={{system_email.username}} -PEERTUBE_SMTP_PASSWORD={{system_email.password}} +PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }} +PEERTUBE_SMTP_PASSWORD={{ users['no-reply'].mailu_token }} PEERTUBE_SMTP_HOSTNAME={{system_email.host}} PEERTUBE_SMTP_PORT={{system_email.port}} -PEERTUBE_SMTP_FROM={{system_email.from}} +PEERTUBE_SMTP_FROM={{ users['no-reply'].email }} PEERTUBE_SMTP_TLS={{ system_email.tls | lower }} PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }} -PEERTUBE_ADMIN_EMAIL={{system_email.from}} \ No newline at end of file +PEERTUBE_ADMIN_EMAIL={{ users['no-reply'].email }} \ No newline at end of file diff --git a/roles/docker-pixelfed/templates/env.j2 b/roles/docker-pixelfed/templates/env.j2 index c748a463..2f4b26d2 100644 --- a/roles/docker-pixelfed/templates/env.j2 +++ b/roles/docker-pixelfed/templates/env.j2 @@ -48,10 +48,10 @@ RESTRICTED_INSTANCE=false MAIL_DRIVER=log MAIL_HOST={{system_email.host}} MAIL_PORT={{system_email.port}} -MAIL_FROM_ADDRESS="{{system_email.from}}" +MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}" MAIL_FROM_NAME="Pixelfed" -MAIL_USERNAME={{system_email.username}} -MAIL_PASSWORD={{system_email.password}} +MAIL_USERNAME={{ users['no-reply'].email }} +MAIL_PASSWORD={{ users['no-reply'].mailu_token }} # Not sure if the following is correct # Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }} diff --git a/roles/docker-postgres/tasks/main.yml b/roles/docker-postgres/tasks/main.yml index bfa6a88e..27d5f1b9 100644 --- a/roles/docker-postgres/tasks/main.yml +++ b/roles/docker-postgres/tasks/main.yml @@ -30,10 +30,16 @@ register: setup_postgres_container_result when: run_once_docker_postgres is not defined -- name: wait for database - pause: - seconds: "{{pause_duration}}" - when: setup_postgres_container_result.changed and run_once_docker_postgres is not defined +- name: Wait for Postgres inside the container + shell: docker exec central-postgres pg_isready -U postgres + register: pg_ready + until: pg_ready.rc == 0 + retries: 30 + delay: 5 + when: + - setup_postgres_container_result is defined + - setup_postgres_container_result.changed + - run_once_docker_postgres is not defined - name: install python-psycopg2 pacman: diff --git a/roles/docker-snipe_it/templates/env.j2 b/roles/docker-snipe_it/templates/env.j2 index 9d54e589..b560c37f 100644 --- a/roles/docker-snipe_it/templates/env.j2 +++ b/roles/docker-snipe_it/templates/env.j2 @@ -51,12 +51,12 @@ DB_SSL_VERIFY_SERVER=null MAIL_MAILER = smtp MAIL_HOST = {{system_email.host}} # SMTP server address MAIL_PORT = {{system_email.port}} # SMTP server address -MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server -MAIL_PASSWORD = {{system_email.password}} # SMTP user's password +MAIL_USERNAME = {{ users['no-reply'].email }} # user to connect the SMTP server +MAIL_PASSWORD = {{ users['no-reply'].mailu_token }} # SMTP user's password MAIL_TLS_VERIFY_PEER = {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server -MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails +MAIL_FROM_ADDR = {{ users['no-reply'].email }} # default email address for the automated emails MAIL_FROM_NAME = 'Snipe-IT' -MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails +MAIL_REPLYTO_ADDR = {{ users['no-reply'].email }} # default email address for the automated emails MAIL_REPLYTO_NAME = 'Snipe-IT' MAIL_AUTO_EMBED_METHOD = 'attachment' diff --git a/roles/docker-taiga/templates/env.j2 b/roles/docker-taiga/templates/env.j2 index 1f5858e2..f7e4f6e3 100644 --- a/roles/docker-taiga/templates/env.j2 +++ b/roles/docker-taiga/templates/env.j2 @@ -19,11 +19,11 @@ POSTGRES_HOST = "{{database_host}}" EMAIL_BACKEND = "{{email_backend}}" # use an SMTP server or display the emails in the console (either "smtp" or "console") EMAIL_HOST = "{{system_email.host}}" # SMTP server address EMAIL_PORT = "{{system_email.port}}" # default SMTP port -EMAIL_HOST_USER = "{{system_email.username}}" # user to connect the SMTP server -EMAIL_HOST_PASSWORD = "{{system_email.password}}" # SMTP user's password -EMAIL_DEFAULT_FROM = "{{system_email.from}}" # default email address for the automated emails +EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server +EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password +EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails EMAIL_BACKEND: = "django.core.mail.backends.{{email_backend}}.EmailBackend" -DEFAULT_FROM_EMAIL = "{{system_email.from}}" +DEFAULT_FROM_EMAIL = "{{ users['no-reply'].email }}" # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True) EMAIL_USE_TLS = "{{ system_email.tls | capitalize }}" # use TLS (secure) connection with the SMTP server diff --git a/roles/msmtp/templates/msmtprc.conf.j2 b/roles/msmtp/templates/msmtprc.conf.j2 index 2e99b087..4067dc33 100644 --- a/roles/msmtp/templates/msmtprc.conf.j2 +++ b/roles/msmtp/templates/msmtprc.conf.j2 @@ -11,10 +11,10 @@ tls off {% endif %} account system_email -host {{system_email.host}} -port {{system_email.port}} -from {{system_email.from}} -user {{system_email.username}} -password {{system_email.password}} +host {{ system_email.host }} +port {{ system_email.port }} +from {{ users['no-reply'].email }} +user {{ users['no-reply'].email }} +password {{ users['no-reply'].mailu_token }} -account default : system_email +account default : system_email \ No newline at end of file diff --git a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 index ea8f9b2d..d77e14a1 100644 --- a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 +++ b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 @@ -2,7 +2,7 @@ /usr/bin/sendmail -t < +From: systemd <{{ users['no-reply'].email }}> Subject: $1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8