diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-02 10:57:04 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-02 10:57:04 +0100 |
| commit | 62ff27b05167118c4fa9b5b6b39300041acf80da (patch) | |
| tree | 8c5e75a4cf3d43535857ae15d9ad6e3b2893dffe /ansible/roles | |
| parent | 1f3564a99e21af5bd4ac4d11fa3ec7c3885e5208 (diff) | |
| download | infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.gz infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.bz2 infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.xz infra-62ff27b05167118c4fa9b5b6b39300041acf80da.zip | |
wireguard: Adding conflatorio.
dovecot: adding password management
postfix-satellite: removing apt update
ufw: handling missing variables. Allow ssh by default.
all.yml: taking passwords for postfix-satellite from dovecot.
Diffstat (limited to 'ansible/roles')
| -rw-r--r-- | ansible/roles/dovecot/tasks/main.yml | 20 | ||||
| -rw-r--r-- | ansible/roles/postfix-satellite/tasks/postfix-satellite.yml | 15 | ||||
| -rw-r--r-- | ansible/roles/ufw/tasks/main.yml | 26 |
3 files changed, 37 insertions, 24 deletions
diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..1ee3b8d --- /dev/null +++ b/ansible/roles/dovecot/tasks/main.yml @@ -0,0 +1,20 @@ +- tags: + - dovecot + - packages + become: yes + apt: + name: python-passlib + install_recommends: no + +- tags: + - dovecot + - update-passwords + become: yes + with_dict: "{{ dovecot__passwords }}" + no_log: yes + htpasswd: + path: /etc/dovecot/users + name: "{{ item.key }}" + password: "{{ item.value }}" + crypt_scheme: sha512_crypt + state: "{{ 'absent' if not item.value or item.value.strip() == '' else 'present' }}" diff --git a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml index 5f8f02a..a92250a 100644 --- a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml +++ b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml @@ -1,15 +1,12 @@ -- name: Update apt cache - apt: - update_cache: yes - cache_valid_time: 3600 - name: Install package package: - name: "{{ item }}" + name: "{{ items }}" state: present - with_items: - - postfix - - libsasl2-modules - - swaks + vars: + items: + - postfix + - libsasl2-modules + - swaks - name: "Configure postfix: main.cf" tags: postfix-satellite-config diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml index 0579f0a..b6a963b 100644 --- a/ansible/roles/ufw/tasks/main.yml +++ b/ansible/roles/ufw/tasks/main.yml @@ -2,17 +2,21 @@ - ufw become: yes block: - - when: - notify: ufw reload + - notify: ufw reload + vars: + state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + nat: + address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}" + prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}" blockinfile: path: /etc/ufw/before.rules insertbefore: "^# Don't delete these required lines" marker: "# NAT config: {mark}" - state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + state: "{{ state }}" content: | *nat :POSTROUTING ACCEPT [0:0] - -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE + -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE COMMIT - notify: ufw reload @@ -33,14 +37,6 @@ - ufw: state: enabled -# - ufw: -# default: allow -# direction: out - -# - ufw: -# policy: deny -# direction: out - -# - ufw: -# policy: allow -# direction: routed + - ufw: + name: OpenSSH + rule: allow |