ansible/roles/rspamd/tasks/main.yml

122 lines
2.7 KiB
YAML
Raw Normal View History

---
- name: Install Rspamd
package:
name: rspamd
- name: Create rspamd local.d and override.d
file:
path: '/usr/local/etc/rspamd/{{ item }}'
state: directory
mode: 0755
owner: root
group: wheel
with_items:
- local.d
- override.d
- name: Configure rspamd
template:
dest: '/usr/local/etc/rspamd/{{ item }}'
src: '{{ item }}.j2'
mode: 0444
owner: root
group: wheel
notify:
- Restart Rspamd
with_items: '{{ rspamd_config }}'
- name: Add /var/log/rspamd to fstab
mount:
path: /var/log/rspamd
src: tmpfs
fstype: tmpfs
opts: 'rw,size={{ rspamd_log_size }},mode={{ rspamd_log_mode }},uid={{ rspamd_log_uid }},gid={{ rspamd_log_gid }},late'
state: mounted
- name: Create rspamd HAProxy socket directory
file:
path: /var/run/haproxy/rspamd
state: directory
owner: haproxy
group: rspamd
mode: 0770
- name: Create Rspamd service directories
file:
path: '{{ s6_etc_dir }}/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items: '{{ rspamd_service_dirs }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
- name: Generate Rspamd service scripts
template:
dest: '{{ s6_etc_dir }}/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items: '{{ rspamd_service_scripts }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
- name: Generate Rspamd service configuration
copy:
dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
with_items: '{{ rspamd_service_config }}'
- name: Flush handlers
meta: flush_handlers
- name: Start Rspamd
command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change rspamd
register: change
changed_when: change.stdout | length > 0
- name: Enable Rspamd
lineinfile:
path: '{{ s6_etc_dir }}/service/enabled/contents'
regexp: "^rspamd$"
line: rspamd
state: present
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers
- name: Tell HAProxy where to find the Rspamd webinterface
template:
dest: /usr/local/etc/haproxy/rspamd.cfg
src: rspamd.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
- name: Expose the Rspamd webinterface via HTTPS
lineinfile:
path: /usr/local/etc/haproxy/sni.map
regexp: '^{{ ansible_fqdn }} '
line: '{{ ansible_fqdn }} sni_rspamd'
notify:
- Reload HAProxy