mailu: enable central database, improve token creation task, and add migration guide

- Enabled central_database in Mailu config - Improved API token creation task: * use curl -f to fail on HTTP errors * added explicit failed_when and changed_when conditions - Adjusted docker-compose template spacing for readability - Made logging level configurable (DEBUG when MODE_DEBUG is set) - Added new documentation Move_Domain.md explaining safe procedure for migrating mailboxes to a new domain
2025-08-29 23:08:06 +02:00 · 2025-08-18 01:03:40 +02:00
parent e4b8c97e03
commit 3d7bbabd7b
5 changed files with 115 additions and 17 deletions
--- a/roles/web-app-mailu/tasks/03_create-token.yml
+++ b/roles/web-app-mailu/tasks/03_create-token.yml
@@ -38,20 +38,28 @@

 - name: "Create API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if no local token defined"
  command: >-
-    docker compose exec -T admin \
-      curl -s -X POST {{ mailu_api_base_url }}/token \
-        -H "Authorization: Bearer {{ MAILU_API_TOKEN }}" \
-        -H "Content-Type: application/json" \
-        -d '{{ {
-              "comment": mailu_user_key ~ " - ansible.infinito",
-              "email": users[mailu_user_key].email,
-              "ip": mailu_token_ip
-            } | to_json }}'
+    docker compose exec -T admin
+    curl -sS -f -X POST {{ mailu_api_base_url }}/token
+      -H "Authorization: Bearer {{ MAILU_API_TOKEN }}"
+      -H "Content-Type: application/json"
+      -d '{{ {
+            "comment": mailu_user_key ~ " - ansible.infinito",
+            "email": users[mailu_user_key].email,
+            "ip": mailu_token_ip
+          } | to_json }}'
  args:
    chdir: "{{ MAILU_DOCKER_DIR }}"
  when: users[mailu_user_key].mailu_token is not defined
  register: mailu_token_creation
-  changed_when: mailu_token_creation.rc == 0
+  # If curl sees 4xx/5xx it returns non-zero due to -f → fail the task.
+  failed_when:
+    - mailu_token_creation.rc != 0
+    # Fallback: if some gateway returns 200 but embeds an error JSON.
+    - mailu_token_creation.rc == 0 and
+      (mailu_token_creation.stdout is search('"code"\\s*:\\s*4\\d\\d') or
+       mailu_token_creation.stdout is search('cannot be found'))
+  # Only mark changed when a token is actually present in the JSON.
+  changed_when: mailu_token_creation.stdout is search('"token"\\s*:')
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set mailu_token for '{{ mailu_user_key }};{{ mailu_user_name }}' in users dict if newly created"