From 62ff27b05167118c4fa9b5b6b39300041acf80da Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Wed, 2 Jan 2019 10:57:04 +0100
Subject: wireguard: Adding conflatorio. dovecot: adding password management
 postfix-satellite: removing apt update ufw: handling missing variables. Allow
 ssh by default. all.yml: taking passwords for postfix-satellite from dovecot.

---
 ansible/roles/dovecot/tasks/main.yml               | 20 +++++++++++++++++
 .../postfix-satellite/tasks/postfix-satellite.yml  | 15 +++++--------
 ansible/roles/ufw/tasks/main.yml                   | 26 +++++++++-------------
 3 files changed, 37 insertions(+), 24 deletions(-)
 create mode 100644 ansible/roles/dovecot/tasks/main.yml

(limited to 'ansible/roles')

diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml
new file mode 100644
index 0000000..1ee3b8d
--- /dev/null
+++ b/ansible/roles/dovecot/tasks/main.yml
@@ -0,0 +1,20 @@
+- tags:
+    - dovecot
+    - packages
+  become: yes
+  apt:
+    name: python-passlib
+    install_recommends: no
+
+- tags:
+    - dovecot
+    - update-passwords
+  become: yes
+  with_dict: "{{ dovecot__passwords }}"
+  no_log: yes
+  htpasswd:
+    path: /etc/dovecot/users
+    name: "{{ item.key }}"
+    password: "{{ item.value }}"
+    crypt_scheme: sha512_crypt
+    state: "{{ 'absent' if not item.value or item.value.strip() == '' else 'present' }}"
diff --git a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
index 5f8f02a..a92250a 100644
--- a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
+++ b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml
@@ -1,15 +1,12 @@
-- name: Update apt cache
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
 - name: Install package
   package:
-    name: "{{ item }}"
+    name: "{{ items }}"
     state: present
-  with_items:
-    - postfix
-    - libsasl2-modules
-    - swaks
+  vars:
+    items:
+      - postfix
+      - libsasl2-modules
+      - swaks
 
 - name: "Configure postfix: main.cf"
   tags: postfix-satellite-config
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
index 0579f0a..b6a963b 100644
--- a/ansible/roles/ufw/tasks/main.yml
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -2,17 +2,21 @@
     - ufw
   become: yes
   block:
-    - when: 
-      notify: ufw reload
+    - notify: ufw reload
+      vars:
+        state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+        nat:
+          address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}"
+          prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}"
       blockinfile:
         path: /etc/ufw/before.rules
         insertbefore: "^# Don't delete these required lines"
         marker: "# NAT config: {mark}"
-        state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+        state: "{{ state }}"
         content: |
           *nat
           :POSTROUTING ACCEPT [0:0]
-          -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE
+          -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE
           COMMIT
 
     - notify: ufw reload
@@ -33,14 +37,6 @@
     - ufw:
         state: enabled
 
-#    - ufw:
-#        default: allow
-#        direction: out
-
-#    - ufw:
-#        policy: deny
-#        direction: out
-
-#    - ufw:
-#        policy: allow
-#        direction: routed
+    - ufw:
+        name: OpenSSH
+        rule: allow
-- 
cgit v1.2.3