aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2019-01-02 10:57:04 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2019-01-02 10:57:04 +0100
commit62ff27b05167118c4fa9b5b6b39300041acf80da (patch)
tree8c5e75a4cf3d43535857ae15d9ad6e3b2893dffe /ansible/roles
parent1f3564a99e21af5bd4ac4d11fa3ec7c3885e5208 (diff)
downloadinfra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.gz
infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.bz2
infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.xz
infra-62ff27b05167118c4fa9b5b6b39300041acf80da.zip
wireguard: Adding conflatorio.
dovecot: adding password management postfix-satellite: removing apt update ufw: handling missing variables. Allow ssh by default. all.yml: taking passwords for postfix-satellite from dovecot.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/dovecot/tasks/main.yml20
-rw-r--r--ansible/roles/postfix-satellite/tasks/postfix-satellite.yml15
-rw-r--r--ansible/roles/ufw/tasks/main.yml26
3 files changed, 37 insertions, 24 deletions
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
new file mode 100644
index 0000000..1ee3b8d
--- /dev/null
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -0,0 +1,20 @@
+- tags:
+ - dovecot
+ - packages
+ become: yes
+ apt:
+ name: python-passlib
+ install_recommends: no
+
+- tags:
+ - dovecot
+ - update-passwords
+ become: yes
+ with_dict: "{{ dovecot__passwords }}"
+ no_log: yes
+ htpasswd:
+ path: /etc/dovecot/users
+ name: "{{ item.key }}"
+ password: "{{ item.value }}"
+ crypt_scheme: sha512_crypt
+ state: "{{ 'absent' if not item.value or item.value.strip() == '' else 'present' }}"
diff --git a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
index 5f8f02a..a92250a 100644
--- a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
+++ b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
@@ -1,15 +1,12 @@
-- name: Update apt cache
- apt:
- update_cache: yes
- cache_valid_time: 3600
- name: Install package
package:
- name: "{{ item }}"
+ name: "{{ items }}"
state: present
- with_items:
- - postfix
- - libsasl2-modules
- - swaks
+ vars:
+ items:
+ - postfix
+ - libsasl2-modules
+ - swaks
- name: "Configure postfix: main.cf"
tags: postfix-satellite-config
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
index 0579f0a..b6a963b 100644
--- a/ansible/roles/ufw/tasks/main.yml
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -2,17 +2,21 @@
- ufw
become: yes
block:
- - when:
- notify: ufw reload
+ - notify: ufw reload
+ vars:
+ state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+ nat:
+ address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}"
+ prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}"
blockinfile:
path: /etc/ufw/before.rules
insertbefore: "^# Don't delete these required lines"
marker: "# NAT config: {mark}"
- state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+ state: "{{ state }}"
content: |
*nat
:POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE
+ -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE
COMMIT
- notify: ufw reload
@@ -33,14 +37,6 @@
- ufw:
state: enabled
-# - ufw:
-# default: allow
-# direction: out
-
-# - ufw:
-# policy: deny
-# direction: out
-
-# - ufw:
-# policy: allow
-# direction: routed
+ - ufw:
+ name: OpenSSH
+ rule: allow