Browse Source

Named all tasks and made them idempotent where possible

Luke Cyca 11 years ago
parent
commit
09c8fcb295

+ 5
- 2
roles/blog/tasks/blog.yml View File

@@ -3,6 +3,9 @@
3 3
 
4 4
 - name: Configure the Apache HTTP server for the blog
5 5
   template: src=etc_apache2_sites-available_blog.j2 dest=/etc/apache2/sites-available/${blog_domain} group=www-data owner=www-data
6
-- command: a2ensite ${blog_domain}
7 6
   notify: restart apache
8
-  
7
+
8
+- name: Enable blog site
9
+  command: a2ensite ${blog_domain} creates=/etc/apache2/sites-enabled/${blog_domain}
10
+  notify: restart apache
11
+

+ 4
- 2
roles/common/tasks/ferm.yml View File

@@ -4,8 +4,10 @@
4 4
 - name: Install ferm
5 5
   apt: pkg=ferm state=present
6 6
 
7
-- name: Copy ferm firewall rules into place
7
+- name: Create ferm confiruation directory
8 8
   file: path=/etc/ferm state=directory
9
-- copy: src=etc_ferm_ferm.conf dest=/etc/ferm/ferm.conf
9
+
10
+- name: Copy ferm firewall rules into place
11
+  copy: src=etc_ferm_ferm.conf dest=/etc/ferm/ferm.conf
10 12
   notify:
11 13
     - reload ferm rules

+ 2
- 1
roles/common/tasks/main.yml View File

@@ -32,7 +32,8 @@
32 32
   service: name=ntp state=started enabled=yes
33 33
 
34 34
 - name: Disable default Apache site
35
-  command: a2dissite default
35
+  command: a2dissite default removes=/etc/apache2/sites-enabled/default
36
+  notify: restart apache
36 37
 
37 38
 - include: encfs.yml tags=encfs
38 39
 - include: users.yml tags=users

+ 5
- 2
roles/common/tasks/security.yml View File

@@ -5,9 +5,12 @@
5 5
     - rkhunter
6 6
     - lynis
7 7
 
8
-- name: Copy fail2ban configuration files into place
8
+- name: Copy fail2ban configuration into place
9
+  template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
10
+  notify: restart fail2ban
11
+
12
+- name: Copy fail2ban dovecot configuration into place
9 13
   copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf
10
-- template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
11 14
   notify: restart fail2ban
12 15
 
13 16
 - name: Copy sshd_config into place

+ 1
- 1
roles/common/tasks/ssl.yml View File

@@ -8,4 +8,4 @@
8 8
   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root
9 9
 
10 10
 - name: Enable Apache SSL module
11
-  command: a2enmod ssl
11
+  command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load

+ 21
- 10
roles/mailserver/tasks/dovecot.yml View File

@@ -18,17 +18,28 @@
18 18
   with_items:
19 19
     - ${mail_virtual_domains}
20 20
 
21
-- name: Put Dovecot configuration files in place
21
+- name: Copy dovecot.conf into place
22 22
   copy: src=etc_dovecot_dovecot.conf dest=/etc/dovecot/dovecot.conf
23
-- copy: src=etc_dovecot_conf.d_10-mail.conf dest=/etc/dovecot/conf.d/10-mail.conf
24
-- copy: src=etc_dovecot_conf.d_10-auth.conf dest=/etc/dovecot/conf.d/10-auth.conf
25
-- copy: src=etc_dovecot_conf.d_auth-sql.conf.ext dest=/etc/dovecot/conf.d/auth-sql.conf.ext
26
-- copy: src=etc_dovecot_conf.d_10-master.conf dest=/etc/dovecot/conf.d/10-master.conf
27
-- copy: src=etc_dovecot_conf.d_10-ssl.conf dest=/etc/dovecot/conf.d/10-ssl.conf
28
-- template: src=etc_dovecot_conf.d_15-lda.conf.j2 dest=/etc/dovecot/conf.d/15-lda.conf
29
-- template: src=etc_dovecot_dovecot-sql.conf.ext.j2 dest=/etc/dovecot/dovecot-sql.conf.ext
23
+
24
+- name: Copy additional Dovecot configuration files in place
25
+  copy: src=etc_dovecot_conf.d_${item} dest=/etc/dovecot/conf.d/${item}
26
+  with_items:
27
+    - 10-mail.conf
28
+    - 10-auth.conf
29
+    - auth-sql.conf.ext
30
+    - 10-master.conf
31
+    - 10-ssl.conf
32
+  notify: restart dovecot
33
+
34
+- name: Template 15-lda.conf
35
+  template: src=etc_dovecot_conf.d_15-lda.conf.j2 dest=/etc/dovecot/conf.d/15-lda.conf
36
+  notify: restart dovecot
37
+
38
+- name: Template dovecot-sql.conf.ext
39
+  template: src=etc_dovecot_dovecot-sql.conf.ext.j2 dest=/etc/dovecot/dovecot-sql.conf.ext
40
+  notify: restart dovecot
30 41
 
31 42
 - name: Ensure correct permissions on Dovecot config directory
32
-  shell: chown -R vmail:dovecot /etc/dovecot
33
-- shell: chmod -R o-rwx /etc/dovecot
43
+  file: state=directory path=/etc/dovecot
44
+          group=dovecot owner=vmail mode=770 recurse=yes
34 45
   notify: restart dovecot

+ 20
- 7
roles/mailserver/tasks/dspam.yml View File

@@ -10,14 +10,27 @@
10 10
   file: state=directory path=/decrypted/dspam group=dspam owner=dspam
11 11
 
12 12
 - name: Put dspam configuration files in place
13
-  copy: src=etc_dspam_default.prefs dest=/etc/dspam/default.prefs owner=dspam group=dspam
14
-- copy: src=etc_dspam_dspam.conf dest=/etc/dspam/dspam.conf owner=dspam group=dspam
15
-- copy: src=etc_postfix_dspam_filter_access dest=/etc/postfix/dspam_filter_access owner=root group=root
16
-- copy: src=etc_dovecot_conf.d_20-imap.conf dest=/etc/dovecot/conf.d/20-imap.conf owner=vmail group=dovecot
17
-- copy: src=etc_dovecot_conf.d_90-plugin.conf dest=/etc/dovecot/conf.d/90-plugin.conf owner=vmail group=dovecot
18
-- copy: src=dot_dovecot.sieve dest=/decrypted/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
13
+  copy: src=etc_dspam_{{item}} dest=/etc/dspam/{{item}} owner=dspam group=dspam
19 14
   with_items:
20
-    - ${mail_virtual_domains}
15
+    - default.prefs
16
+    - dspam.conf
21 17
   notify:
22 18
     - restart postfix
23 19
     - restart dovecot
20
+
21
+- name: Put dspam postfix configuration in place
22
+  copy: src=etc_postfix_dspam_filter_access dest=/etc/postfix/dspam_filter_access owner=root group=root
23
+  notify: restart postfix
24
+
25
+- name: Put dspam dovecot configuration in place
26
+  copy: src=etc_dovecot_conf.d_{{item}} dest=/etc/dovecot/conf.d/{{item}} owner=vmail group=dovecot
27
+  with_items:
28
+    - 20-imap.conf
29
+    - 90-plugin.conf
30
+  notify: restart dovecot
31
+
32
+- name: Put sieve rules into each primary user directory
33
+  copy: src=dot_dovecot.sieve dest=/decrypted/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
34
+  with_items:
35
+    - ${mail_virtual_domains}
36
+  notify: restart dovecot

+ 17
- 7
roles/mailserver/tasks/opendkim.yml View File

@@ -20,15 +20,25 @@
20 20
   with_items:
21 21
     - ${mail_virtual_domains}
22 22
 
23
-- name: Put OpenDKIM configuration files into place
24
-  template: src=etc_opendkim_KeyTable.j2 dest=/etc/opendkim/KeyTable owner=opendkim group=opendkim
25
-- template: src=etc_opendkim_SigningTable.j2 dest=/etc/opendkim/SigningTable owner=opendkim group=opendkim
26
-- template: src=etc_opendkim_TrustedHosts.j2 dest=/etc/opendkim/TrustedHosts owner=opendkim group=opendkim
27
-- copy: src=etc_opendkim.conf dest=/etc/opendkim.conf owner=opendkim group=opendkim
23
+- name: Put opendkim.conf into place
24
+  copy: src=etc_opendkim.conf dest=/etc/opendkim.conf owner=opendkim group=opendkim
25
+  notify:
26
+    - restart opendkim
27
+    - restart postfix
28
+
29
+- name: Put additional OpenDKIM configuration files into place
30
+  template: src=etc_opendkim_{{item}}.j2 dest=/etc/opendkim/{{item}} owner=opendkim group=opendkim
31
+  with_items:
32
+    - KeyTable
33
+    - SigningTable
34
+    - TrustedHosts
35
+  notify:
36
+    - restart opendkim
37
+    - restart postfix
28 38
 
29 39
 - name: Set OpenDKIM config directory permissions
30
-  command: chmod -R go-rwx /etc/opendkim
31
-- command: chown -R opendkim:opendkim /etc/opendkim
40
+  file: state=directory path=/etc/opendkim
41
+          group=opendkim owner=opendkim mode=700 recurse=yes
32 42
   notify:
33 43
     - restart opendkim
34 44
     - restart postfix

+ 12
- 4
roles/mailserver/tasks/postfix.yml View File

@@ -25,8 +25,16 @@
25 25
 
26 26
 - name: Copy Postfix config files into place
27 27
   template: src=etc_postfix_main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root
28
-- copy: src=etc_postfix_master.cf dest=/etc/postfix/master.cf owner=root group=root
29
-- template: src=etc_postfix_mysql-virtual-mailbox-domains.cf.j2 dest=/etc/postfix/mysql-virtual-mailbox-domains.cf owner=root group=root
30
-- template: src=etc_postfix_mysql-virtual-mailbox-maps.cf.j2 dest=/etc/postfix/mysql-virtual-mailbox-maps.cf owner=root group=root
31
-- template: src=etc_postfix_mysql-virtual-alias-maps.cf.j2 dest=/etc/postfix/mysql-virtual-alias-maps.cf owner=root group=root
28
+  notify: restart postfix
29
+
30
+- name: Copy master.cf
31
+  copy: src=etc_postfix_master.cf dest=/etc/postfix/master.cf owner=root group=root
32
+  notify: restart postfix
33
+
34
+- name: Copy additional postfix configuration files
35
+  template: src=etc_postfix_${item}.j2 dest=/etc/postfix/${item} owner=root group=root
36
+  with_items:
37
+    - mysql-virtual-mailbox-domains.cf
38
+    - mysql-virtual-mailbox-maps.cf
39
+    - mysql-virtual-alias-maps.cf
32 40
   notify: restart postfix

+ 6
- 2
roles/mailserver/tasks/solr.yml View File

@@ -7,9 +7,13 @@
7 7
 - name: Work around Debian bug and copy Solr schema file into place
8 8
   copy: src=solr-schema.xml dest=/etc/solr/conf/schema.xml group=root owner=root
9 9
 
10
-- name: Copy tweaked Solr/Tomcat config files into place
10
+- name: Copy tweaked Tomcat config file into place
11 11
   copy: src=etc_tomcat6_server.xml dest=/etc/tomcat6/server.xml group=tomcat6 owner=root
12
-- copy: src=etc_solr_conf_solrconfig.xml dest=/etc/solr/conf/solrconfig.xml group=root owner=root
12
+  notify: restart solr
13
+
14
+- name: Copy tweaked Solr config file into place
15
+  copy: src=etc_solr_conf_solrconfig.xml dest=/etc/solr/conf/solrconfig.xml group=root owner=root
16
+  notify: restart solr
13 17
 
14 18
 - name: Create Solr index directory
15 19
   file: state=directory path=/decrypted/solr group=tomcat6 owner=tomcat6

Loading…
Cancel
Save