112 lines
4.9 KiB
YAML
112 lines
4.9 KiB
YAML
---
|
|
- name: Create the spamassassin user and install the Spamassassin packages on RH based systems
|
|
block:
|
|
- name: Create the spamassassin user
|
|
user: name={{ spamassassin_user }} home={{ spamassassin_home }} comment="Spamassassin Service Account" createhome=no shell=/usr/sbin/nologin system=yes
|
|
|
|
- name: spamassassin packages, RH/CentOS
|
|
yum: pkg={{ spamassassin_rh_packages }} state=present
|
|
|
|
- name: spamassassin perl DB* packages, RH/CentOS
|
|
yum: pkg={{ spamassassin_sql_rh_packages }} state=present
|
|
when: spamassassin_db_user_config | bool
|
|
|
|
- name: Set some SELinux booleans related to spamassassin
|
|
seboolean: name={{ item }} state=yes persistent=yes
|
|
with_items:
|
|
- 'spamassassin_can_network'
|
|
- 'spamd_update_can_network'
|
|
|
|
when: ansible_distribution_file_variety == "RedHat"
|
|
tags: [ 'spamassassin' ]
|
|
|
|
- name: Install pyzor from pip
|
|
block:
|
|
- name: Install the pyzor pip packages
|
|
pip: name={{ spamassassin_pyzor_pip_packages }} state=present
|
|
|
|
- name: Create the pyzor home
|
|
file: dest={{ spamassassin_conf_dir }}/pyzor state=directory owner={{ spamassassin_user }} mode=0750
|
|
|
|
- name: Install the pyzor configuration
|
|
template: src=pyzor-config.j2 dest={{ spamassassin_conf_dir }}/pyzor/config owner=root group={{ spamassassin_user }} mode=0440
|
|
|
|
when: spamassassin_enable_pyzor
|
|
tags: [ 'spamassassin', 'pyzor', 'spamassassin_conf' ]
|
|
|
|
- name: Manage the letsencrypt configuration
|
|
block:
|
|
- name: Check if the letsencrypt certificates are in place
|
|
stat: path={{ letsencrypt_acme_certs_dir }}/privkey
|
|
register: letsencrypt_keyfile
|
|
|
|
- name: Copy the letsencrypt certificate key into the right place
|
|
copy: src={{ letsencrypt_acme_certs_dir }}/privkey dest={{ spamassassin_home }}/client-key.pem owner={{ spamassassin_user }} group={{ spamassassin_group }} mode=0400 remote_src=yes force=yes
|
|
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
|
notify: Restart spamassassin
|
|
|
|
- name: Copy the letsencrypt public certificate into the right place
|
|
copy: src={{ letsencrypt_acme_certs_dir }}/fullchain dest={{ spamassassin_home }}/client-cert.pem owner={{ spamassassin_user }} group={{ spamassassin_group }} mode=0444 remote_src=yes force=yes
|
|
when: letsencrypt_keyfile.stat.exists is defined and letsencrypt_keyfile.stat.exists | bool
|
|
notify: Restart spamassassin
|
|
|
|
- name: Create the acme hooks directory if it does not yet exist
|
|
file: dest={{ letsencrypt_acme_sh_services_scripts_dir }} state=directory owner=root group=root
|
|
|
|
- name: Install a script that fix the letsencrypt certificate for mysql and then reload the service
|
|
template: src=letsencrypt-spamassassin-hook.sh.j2 dest={{ letsencrypt_acme_sh_services_scripts_dir }}/spamassassin owner=root group=root mode=4555
|
|
|
|
when:
|
|
- letsencrypt_acme_sh_install is defined and letsencrypt_acme_sh_install | bool
|
|
- spamassassin_spamd_ssl_enabled | bool
|
|
tags: [ 'spamassassin', 'letsencrypt', 'spamassassin_letsencrypt' ]
|
|
|
|
- name: Install the Spamassassin base configuration
|
|
block:
|
|
- name: spamassassin local config
|
|
template: src=spamassassin-local.cf.j2 dest={{ spamassassin_conf_dir }}/local.cf owner=root group={{ spamassassin_group }} mode=0440
|
|
notify: Reload spamassassin
|
|
|
|
- name: spamassassin spamd defaults
|
|
template: src=spamassassin_sysconfig.j2 dest=/etc/sysconfig/spamassassin owner=root group=root mode=0444
|
|
notify: Reload spamassassin
|
|
|
|
tags: [ 'spamassassin', 'spamassassin_conf' ]
|
|
|
|
- name: Install the Spamassassin DB configuration
|
|
block:
|
|
- name: spamassassin db config
|
|
template: src=spamassassin-db.cf.j2 dest={{ spamassassin_conf_dir }}/db.cf owner=root group={{ spamassassin_group }} mode=0440
|
|
notify: Reload spamassassin
|
|
|
|
when: spamassassin_db_user_config | bool
|
|
tags: [ 'spamassassin', 'spamassassin_conf' ]
|
|
|
|
- name: Install the Spamassassin DB configuration
|
|
block:
|
|
- name: Copy the spamassassin postgresql sql schema files
|
|
copy: src={{ spamassassin_db_sql_file }} dest={{ item.schema_file }} force=no
|
|
with_items: '{{ psql_db_data }}'
|
|
register: pdns_schema
|
|
when: item.schema_file is defined
|
|
|
|
- name: Install the spamassassin schema file
|
|
postgresql_db: name={{ item.name }} login_host='localhost' login_user={{ item.user }} login_password={{ item.pwd }} state=restore target={{ item.schema_file }} port={{ psql_db_port }}
|
|
with_items: '{{ psql_db_data }}'
|
|
when:
|
|
- pdns_schema is changed
|
|
- item.schema_file is defined
|
|
|
|
delegate_to: '{{ spamassassin_db_external_host }}'
|
|
run_once: True
|
|
when: spamassassin_db_user_config | bool
|
|
tags: [ 'spamassassin', 'spamassassin_conf' ]
|
|
|
|
- name: Manage the spamassassin service
|
|
block:
|
|
- name: Ensure that the spamassassin service is started and enabled
|
|
service: name=spamassassin state=started enabled=yes
|
|
|
|
when: spamassassin_install | bool
|
|
tags: [ 'spamassassin', 'spamassassin_conf', 'spamassassin_service' ]
|