From 62ff27b05167118c4fa9b5b6b39300041acf80da Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 2 Jan 2019 10:57:04 +0100 Subject: wireguard: Adding conflatorio. dovecot: adding password management postfix-satellite: removing apt update ufw: handling missing variables. Allow ssh by default. all.yml: taking passwords for postfix-satellite from dovecot. --- ansible/roles/dovecot/tasks/main.yml | 20 +++++++++++++++++ .../postfix-satellite/tasks/postfix-satellite.yml | 15 +++++-------- ansible/roles/ufw/tasks/main.yml | 26 +++++++++------------- 3 files changed, 37 insertions(+), 24 deletions(-) create mode 100644 ansible/roles/dovecot/tasks/main.yml (limited to 'ansible/roles') diff --git a/ansible/roles/dovecot/tasks/main.yml b/ansible/roles/dovecot/tasks/main.yml new file mode 100644 index 0000000..1ee3b8d --- /dev/null +++ b/ansible/roles/dovecot/tasks/main.yml @@ -0,0 +1,20 @@ +- tags: + - dovecot + - packages + become: yes + apt: + name: python-passlib + install_recommends: no + +- tags: + - dovecot + - update-passwords + become: yes + with_dict: "{{ dovecot__passwords }}" + no_log: yes + htpasswd: + path: /etc/dovecot/users + name: "{{ item.key }}" + password: "{{ item.value }}" + crypt_scheme: sha512_crypt + state: "{{ 'absent' if not item.value or item.value.strip() == '' else 'present' }}" diff --git a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml index 5f8f02a..a92250a 100644 --- a/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml +++ b/ansible/roles/postfix-satellite/tasks/postfix-satellite.yml @@ -1,15 +1,12 @@ -- name: Update apt cache - apt: - update_cache: yes - cache_valid_time: 3600 - name: Install package package: - name: "{{ item }}" + name: "{{ items }}" state: present - with_items: - - postfix - - libsasl2-modules - - swaks + vars: + items: + - postfix + - libsasl2-modules + - swaks - name: "Configure postfix: main.cf" tags: postfix-satellite-config diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml index 0579f0a..b6a963b 100644 --- a/ansible/roles/ufw/tasks/main.yml +++ b/ansible/roles/ufw/tasks/main.yml @@ -2,17 +2,21 @@ - ufw become: yes block: - - when: - notify: ufw reload + - notify: ufw reload + vars: + state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + nat: + address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}" + prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}" blockinfile: path: /etc/ufw/before.rules insertbefore: "^# Don't delete these required lines" marker: "# NAT config: {mark}" - state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + state: "{{ state }}" content: | *nat :POSTROUTING ACCEPT [0:0] - -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE + -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE COMMIT - notify: ufw reload @@ -33,14 +37,6 @@ - ufw: state: enabled -# - ufw: -# default: allow -# direction: out - -# - ufw: -# policy: deny -# direction: out - -# - ufw: -# policy: allow -# direction: routed + - ufw: + name: OpenSSH + rule: allow -- cgit v1.2.3