kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/web-app-mailu/tasks/TODO.md Normal file
View File

@@ -0,0 +1,2 @@
# Todos
- Check if DKIM generation works on new setups

67
roles/web-app-mailu/tasks/create-mailu-token.yml Normal file
View File

@@ -0,0 +1,67 @@
- name: "Fetch existing API tokens via curl inside admin container"
command: >-
docker compose exec -T admin \
curl -s -X GET {{ mailu_api_base_url }}/token \
-H "Authorization: Bearer {{ mailu_global_api_token }}"
args:
chdir: "{{ mailu_compose_dir }}"
register: mailu_tokens_cli
changed_when: false
- name: "Extract existing token info for '{{ mailu_user_key }};{{ mailu_user_name }}'"
set_fact:
mailu_user_existing_token: >-
{{ (
mailu_tokens_cli.stdout
| default('[]')
| from_json
| selectattr('comment','equalto', mailu_user_key ~ " - ansible.cymais")
| list
).0 | default(None) }}
- name: "Delete existing API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if local token missing but remote exists"
command: >-
docker compose exec -T admin \
curl -s -X DELETE {{ mailu_api_base_url }}/token/{{ mailu_user_existing_token.id }} \
-H "Authorization: Bearer {{ mailu_global_api_token }}"
args:
chdir: "{{ mailu_compose_dir }}"
when:
- users[mailu_user_key].mailu_token is not defined
- mailu_user_existing_token is not none
- mailu_user_existing_token.id is defined
register: mailu_token_delete
changed_when: mailu_token_delete.rc == 0
- name: "Create API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if no local token defined"
command: >-
docker compose exec -T admin \
curl -s -X POST {{ mailu_api_base_url }}/token \
-H "Authorization: Bearer {{ mailu_global_api_token }}" \
-H "Content-Type: application/json" \
-d '{{ {
"comment": mailu_user_key ~ " - ansible.cymais",
"email": users[mailu_user_key].email,
"ip": mailu_token_ip
} | to_json }}'
args:
chdir: "{{ mailu_compose_dir }}"
when: users[mailu_user_key].mailu_token is not defined
register: mailu_token_creation
changed_when: mailu_token_creation.rc == 0
- name: "Set mailu_token for '{{ mailu_user_key }};{{ mailu_user_name }}' in users dict if newly created"
set_fact:
users: >-
{{ users
| combine({
mailu_user_key: (
users[mailu_user_key]
| combine({
'mailu_token': (mailu_token_creation.stdout | from_json).token
})
)
}, recursive=True)
}}
when: users[mailu_user_key].mailu_token is not defined

27
roles/web-app-mailu/tasks/create-mailu-user.yml Normal file
View File

@@ -0,0 +1,27 @@
- name: "Ensure Mailu user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'' exists"
command: >
docker compose exec admin flask mailu {{ mailu_action }}
{{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
args:
chdir: "{{ mailu_compose_dir }}"
register: mailu_user_result
failed_when: >
mailu_user_result.rc != 0 and
(
"exists, not created" not in mailu_user_result.stderr and
"Duplicate entry" not in mailu_user_result.stderr
)
changed_when: mailu_user_result.rc == 0
when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
- name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
command: >
docker compose exec admin flask mailu password
{{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
args:
chdir: "{{ mailu_compose_dir }}"
when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
- name: "Create Mailu API Token for {{ mailu_user_name }}"
include_tasks: create-mailu-token.yml
when: "{{ 'mail-bot' in item.value.roles }}"

49
roles/web-app-mailu/tasks/generate-and-read-dkim.yml Normal file
View File

@@ -0,0 +1,49 @@
- name: Check if DKIM private key file exists in the antispam container
command: >
docker compose exec -T antispam
test -f {{mailu_dkim_key_path}}
register: dkim_key_file_stat
failed_when: false
changed_when: false
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: Generate DKIM key
command: >
docker compose exec -T antispam
rspamadm dkim_keygen -s dkim -d {{ applications[application_id].domain }} -k {{ mailu_dkim_key_path }}
register: dkim_keygen_output
when: dkim_key_file_stat.rc != 0
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: Fetch DKIM private key from antispam container
shell: >
docker compose exec -T antispam
cat {{ mailu_dkim_key_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
register: dkim_priv_content
failed_when: dkim_priv_content.rc != 0
changed_when: false
- name: Generate DKIM public key on the host
command: openssl rsa -pubout
args:
stdin: "{{ dkim_priv_content.stdout }}"
register: dkim_pub_raw
changed_when: false
- name: Normalize and build Mailu DKIM TXT record
set_fact:
mailu_dkim_public_key: >-
v=DKIM1; k=rsa; p={{
dkim_pub_raw.stdout
| regex_replace('-----BEGIN PUBLIC KEY-----', '')
| regex_replace('-----END PUBLIC KEY-----', '')
| regex_replace('\s+', '')
}}
- name: Debug Mailu DKIM public key
debug:
msg: "Mailu DKIM public key: {{ mailu_dkim_public_key }}"

55
roles/web-app-mailu/tasks/main.yml Normal file
View File

@@ -0,0 +1,55 @@
---
- name: "Include service-rdbms-central"
include_role:
name: service-rdbms-central
when: run_once_docker_mailu is not defined
- name: "Include role webserver-proxy-domain for {{ application_id }}"
include_role:
name: webserver-proxy-domain
vars:
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
when: run_once_docker_mailu is not defined
- name: "Include the webserver-proxy-tls-deploy role"
include_role:
name: webserver-proxy-tls-deploy
when: run_once_docker_mailu is not defined
- name: Flush docker service handlers
meta: flush_handlers
when: run_once_docker_mailu is not defined
- name: "Create Mailu accounts"
include_tasks: create-mailu-user.yml
vars:
mailu_compose_dir: "{{ docker_compose.directories.instance }}"
mailu_domain: "{{ primary_domain }}"
mailu_api_base_url: "http://127.0.0.1:8080/api/v1"
mailu_global_api_token: "{{ applications.mailu.credentials.api_token }}"
mailu_action: >-
{{
(
'administrator' in (item.value.get('roles', []))
)
| ternary('admin','user')
}}
mailu_user_key: "{{ item.key }}"
mailu_user_name: "{{ item.value.username }}"
mailu_password: "{{ item.value.password }}"
mailu_token_ip: "{{ item.value.ip | default('') }}"
loop: "{{ users | dict2items }}"
loop_control:
loop_var: item
when: run_once_docker_mailu is not defined
- name: Set Mailu DNS records
include_tasks: set-mailu-dns-records.yml
when: dns_provider == 'cloudflare'
- name: Run the docker_mailu roles once
set_fact:
run_once_docker_mailu: true
when: run_once_docker_mailu is not defined

87
roles/web-app-mailu/tasks/set-mailu-dns-records.yml Normal file
View File

@@ -0,0 +1,87 @@
- name: "Load Mailu DNS variables"
include_vars: vars/mailu-dns.yml
- name: Generate DKIM public key
include_tasks: generate-and-read-dkim.yml
- name: "Set A record for mail server"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: A
name: "{{ domain }}"
content: "{{ mailu_dns_ip }}"
proxied: false
ttl: 1
state: present
- name: "Set CNAME record for autoconfig"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: CNAME
name: "autoconfig.{{ mailu_dns_zone }}"
value: "{{ domain }}"
proxied: false
ttl: 1
state: present
- name: "Set MX record"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: MX
name: "{{ mailu_dns_zone }}"
value: "{{ domain }}"
priority: 10
ttl: 1
state: present
- name: "Set SRV records"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: SRV
service: "_{{ item.key }}"
proto: "_tcp"
priority: "{{ item.value.priority }}"
weight: "{{ item.value.weight }}"
port: "{{ item.value.port }}"
value: "{{ domain }}"
ttl: 1
state: present
loop: "{{ mailu_dns_srv_records | dict2items }}"
ignore_errors: true
#register: srv_result
#failed_when: srv_result.rc != 0 and ("An identical record already exists" not in srv_result.stdout)
#changed_when: srv_result.rc == 0 and ("An identical record already exists" not in srv_result.stdout)
- name: "Set SPF TXT record"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: TXT
name: "{{ mailu_dns_zone }}"
value: "v=spf1 mx a:{{ domain }} ~all"
ttl: 1
state: present
- name: "Set DMARC TXT record"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: TXT
name: "_dmarc.{{ mailu_dns_zone }}"
value: "v=DMARC1; p=reject; ruf=mailto:{{ mailu_dmarc_ruf }}; adkim=s; aspf=s"
ttl: 1
state: present
- name: "Set DKIM TXT record"
community.general.cloudflare_dns:
api_token: "{{ cloudflare_record_api_token }}"
zone: "{{ mailu_dns_zone }}"
type: TXT
name: "dkim._domainkey.{{ mailu_dns_zone }}"
value: "{{ mailu_dkim_public_key }}"
ttl: 1
state: present