mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-28 18:30:24 +02:00
69 lines
2.5 KiB
YAML
69 lines
2.5 KiB
YAML
---
|
|
# tasks/create-mailu-user-and-token.yml
|
|
#
|
|
# Ensures a Mailu user exists and idempotently creates an API token for them.
|
|
#
|
|
# Required variables:
|
|
# mailu_compose_dir: Path to your docker-compose.yml directory
|
|
# mailu_user: Local part of the user (e.g., "alice")
|
|
# mailu_domain: Domain for the user (e.g., "example.com")
|
|
# mailu_password: Password for the new user
|
|
# mailu_api_base_url: Base URL of the Mailu API (e.g., "https://mail.example.com/api/v1")
|
|
# mailu_global_api_token: Global API token (from API_TOKEN environment variable)
|
|
#
|
|
# Optional variable:
|
|
# mailu_user_token: Pre-existing API token for the user (if already created)
|
|
|
|
- name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists"
|
|
command: >
|
|
docker compose exec admin flask mailu user {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
|
|
args:
|
|
chdir: "{{ mailu_compose_dir }}"
|
|
register: mailu_user_creation
|
|
failed_when: false
|
|
changed_when: mailu_user_creation.rc == 0 and 'User added' in mailu_user_creation.stdout
|
|
|
|
- name: "Fetch existing API tokens"
|
|
uri:
|
|
url: "{{ mailu_api_base_url }}/tokens"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ mailu_global_api_token }}"
|
|
return_content: yes
|
|
register: mailu_tokens_response
|
|
failed_when: mailu_tokens_response.status not in [200]
|
|
|
|
- name: "Extract existing token info for {{ mailu_user }}"
|
|
set_fact:
|
|
mailu_user_existing_token: >
|
|
{{ mailu_tokens_response.json
|
|
| selectattr('comment', 'equalto', mailu_user)
|
|
| list
|
|
| first }}
|
|
|
|
- name: "Create API token for {{ mailu_user }} if none exists"
|
|
uri:
|
|
url: "{{ mailu_api_base_url }}/tokens"
|
|
method: POST
|
|
headers:
|
|
Authorization: "Bearer {{ mailu_global_api_token }}"
|
|
Content-Type: "application/json"
|
|
body_format: json
|
|
body:
|
|
comment: "{{ mailu_user }}"
|
|
ip: "0.0.0.0/0"
|
|
status_code: 201
|
|
register: mailu_token_creation
|
|
when: mailu_user_existing_token is not defined
|
|
|
|
- name: "Set mailu_user_token fact"
|
|
set_fact:
|
|
mailu_user_token: >
|
|
{{ (mailu_token_creation is defined)
|
|
? mailu_token_creation.json.secret
|
|
: (mailu_user_existing_token.secret | default('')) }}
|
|
|
|
# Note:
|
|
# - GET /tokens returns only metadata (id, comment, ip, created), not the secret itself.
|
|
# - The secret is returned only by the POST request and must be captured when created.
|
|
# - Store mailu_user_token securely (e.g., in Ansible Vault) for future use. |