mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-18 09:45:03 +02:00
Kevin Veen-Birkenbach
2620ee088e
- replaced CERTBOT_DNS_API_TOKEN with CLOUDFLARE_API_TOKEN everywhere - introduced generic sys-dns-cloudflare-records role for managing DNS records - added sys-dns-hetzner-rdns role with both Cloud (hcloud) and Robot API flavors - updated Mailu role to: - generate DKIM before DNS setup - delegate DNS + rDNS records to the new generic roles - removed legacy per-role Cloudflare vars (MAILU_CLOUDFLARE_API_TOKEN) - extended group vars with HOSTING_PROVIDER for rDNS flavor decision - added hetzner.hcloud collection to requirements This consolidates DNS management into reusable roles, supports both Cloudflare and Hetzner providers, and standardizes variable naming across the project.
72 lines
2.6 KiB
YAML
72 lines
2.6 KiB
YAML
|
|
- name: "Fetch existing API tokens via curl inside admin container"
|
|
command: >-
|
|
docker compose exec -T admin \
|
|
curl -s -X GET {{ mailu_api_base_url }}/token \
|
|
-H "Authorization: Bearer {{ MAILU_API_TOKEN }}"
|
|
args:
|
|
chdir: "{{ MAILU_DOCKER_DIR }}"
|
|
register: mailu_tokens_cli
|
|
changed_when: false
|
|
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
|
|
|
|
- name: "Extract existing token info for '{{ mailu_user_key }};{{ mailu_user_name }}'"
|
|
set_fact:
|
|
mailu_user_existing_token: >-
|
|
{{ (
|
|
mailu_tokens_cli.stdout
|
|
| default('[]')
|
|
| from_json
|
|
| selectattr('comment','equalto', mailu_user_key ~ " - ansible.infinito")
|
|
| list
|
|
).0 | default(None) }}
|
|
|
|
- name: "Delete existing API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if local token missing but remote exists"
|
|
command: >-
|
|
docker compose exec -T admin \
|
|
curl -s -X DELETE {{ mailu_api_base_url }}/token/{{ mailu_user_existing_token.id }} \
|
|
-H "Authorization: Bearer {{ MAILU_API_TOKEN }}"
|
|
args:
|
|
chdir: "{{ MAILU_DOCKER_DIR }}"
|
|
when:
|
|
- users[mailu_user_key].mailu_token is not defined
|
|
- mailu_user_existing_token is not none
|
|
- mailu_user_existing_token.id is defined
|
|
register: mailu_token_delete
|
|
changed_when: mailu_token_delete.rc == 0
|
|
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
|
|
|
|
- name: "Create API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if no local token defined"
|
|
command: >-
|
|
docker compose exec -T admin \
|
|
curl -s -X POST {{ mailu_api_base_url }}/token \
|
|
-H "Authorization: Bearer {{ MAILU_API_TOKEN }}" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{{ {
|
|
"comment": mailu_user_key ~ " - ansible.infinito",
|
|
"email": users[mailu_user_key].email,
|
|
"ip": mailu_token_ip
|
|
} | to_json }}'
|
|
args:
|
|
chdir: "{{ MAILU_DOCKER_DIR }}"
|
|
when: users[mailu_user_key].mailu_token is not defined
|
|
register: mailu_token_creation
|
|
changed_when: mailu_token_creation.rc == 0
|
|
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
|
|
|
|
- name: "Set mailu_token for '{{ mailu_user_key }};{{ mailu_user_name }}' in users dict if newly created"
|
|
set_fact:
|
|
users: >-
|
|
{{ users
|
|
| combine({
|
|
mailu_user_key: (
|
|
users[mailu_user_key]
|
|
| combine({
|
|
'mailu_token': (mailu_token_creation.stdout | from_json).token
|
|
})
|
|
)
|
|
}, recursive=True)
|
|
}}
|
|
when: users[mailu_user_key].mailu_token is not defined
|
|
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
|