--- - name: install rspamd packages apt: name: - rspamd state: present - name: disable normal worker when: rspamd_disable_normal_worker copy: content: | # ansible generated enabled = false; dest: /etc/rspamd/local.d/worker-normal.inc notify: restart rspamd - name: prepare rspamd-proxy to be used with chrooted postfix when: rspamd_proxy_socket_for_postfix block: - name: create systemd override directory file: path: /etc/systemd/system/rspamd.service.d state: directory - name: add systemd service override copy: content: | [Service] ExecStartPre=+/usr/bin/install -d /var/spool/postfix/rspamd -o _rspamd -g _rspamd -m 0750 dest: /etc/systemd/system/rspamd.service.d/postfix-chroot.conf notify: reload systemd - name: set rspamd-proxy options for postfix using milter over unix-socket copy: content: | # ansible generated milter = yes; bind_socket = "/var/spool/postfix/rspamd/rspamd-proxy.sock mode=0660 owner=_rspamd" dest: /etc/rspamd/local.d/worker-proxy.inc notify: restart rspamd - name: configure rspamd web interface when: rspamd_web is defined block: - name: configure rspmad-controller passwords copy: content: | # ansible generated password = "{{ rspamd_web.password }}"; enable_password = "{{ rspamd_web.enable_password }}"; dest: /etc/rspamd/local.d/worker-controller.inc mode: 0400 owner: _rspamd notify: reload rspamd # TODO: add support for tls! # TODO: add support for whaty-nginx-sso? - name: configure nginx reverse proxy for rspamd web interface vars: nginx_vhost: default: yes name: rspamd template: generic hostnames: - "{{ rspamd_web.hostname }}" locations: '/': proxy_pass: http://127.0.0.1:11334 include_role: name: nginx/vhost - name: generate local config files loop: "{{ rspamd_modules_local_config | dict2items }}" loop_control: label: "{{ item.key }}" copy: content: | # ansible generated {{ item.value }} dest: /etc/rspamd/local.d/{{ item.key }}.conf mode: 0400 owner: _rspamd notify: reload rspamd - name: generate override config files loop: "{{ rspamd_modules_override_config | dict2items }}" loop_control: label: "{{ item.key }}" copy: content: | # ansible generated {{ item.value }} dest: /etc/rspamd/override.d/{{ item.key }}.conf mode: 0400 owner: _rspamd notify: reload rspamd