roles/mail/rspamd/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

---
- name: install rspamd packages
  apt:
    name:
    - rspamd
    state: present

- name: disable normal worker
  when: rspamd_disable_normal_worker
  copy:
    content: |
      # ansible generated
      enabled = false;
    dest: /etc/rspamd/local.d/worker-normal.inc
  notify: restart rspamd

- name: prepare rspamd-proxy to be used with chrooted postfix
  when: rspamd_proxy_socket_for_postfix
  block:
  - name: create systemd override directory
    file:
      path: /etc/systemd/system/rspamd.service.d
      state: directory

  - name: add systemd service override
    copy:
      content: |
        [Service]
        ExecStartPre=+/usr/bin/install -d /var/spool/postfix/rspamd -o _rspamd -g _rspamd -m 0750
      dest: /etc/systemd/system/rspamd.service.d/postfix-chroot.conf
    notify: reload systemd

  - name: set rspamd-proxy options for postfix using milter over unix-socket
    copy:
      content: |
        # ansible generated
        milter = yes;
        bind_socket = "/var/spool/postfix/rspamd/rspamd-proxy.sock mode=0660 owner=_rspamd"
      dest: /etc/rspamd/local.d/worker-proxy.inc
    notify: restart rspamd

- name: configure rspamd web interface
  when: rspamd_web is defined
  block:
  - name: configure rspmad-controller passwords
    copy:
      content: |
        # ansible generated
        password = "{{ rspamd_web.password }}";
        enable_password = "{{ rspamd_web.enable_password }}";
      dest: /etc/rspamd/local.d/worker-controller.inc
      mode: 0400
      owner: _rspamd
    notify: reload rspamd

    # TODO: add support for tls!
    # TODO: add support for whaty-nginx-sso?
  - name: configure nginx reverse proxy for rspamd web interface
    vars:
      nginx_vhost:
        default: yes
        name: rspamd
        template: generic
        hostnames:
        - "{{ rspamd_web.hostname }}"
        locations:
          '/':
            proxy_pass: http://127.0.0.1:11334
    include_role:
      name: nginx/vhost

- name: generate local config files
  loop: "{{ rspamd_modules_local_config | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  copy:
    content: |
      # ansible generated
      {{ item.value }}
    dest: /etc/rspamd/local.d/{{ item.key }}.conf
    mode: 0400
    owner: _rspamd
  notify: reload rspamd

- name: generate override config files
  loop: "{{ rspamd_modules_override_config | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  copy:
    content: |
      # ansible generated
      {{ item.value }}
    dest: /etc/rspamd/override.d/{{ item.key }}.conf
    mode: 0400
    owner: _rspamd
  notify: reload rspamd