blob: 1397e35db6a612d8f8d52e631a428089b562c730 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
---
- name: install rspamd packages
apt:
name:
- rspamd
state: present
- name: disable normal worker
when: rspamd_disable_normal_worker
copy:
content: |
# ansible generated
enabled = false;
dest: /etc/rspamd/local.d/worker-normal.inc
notify: restart rspamd
- name: prepare rspamd-proxy to be used with chrooted postfix
when: rspamd_proxy_socket_for_postfix
block:
- name: create systemd override directory
file:
path: /etc/systemd/system/rspamd.service.d
state: directory
- name: add systemd service override
copy:
content: |
[Service]
ExecStartPre=+/usr/bin/install -d /var/spool/postfix/rspamd -o _rspamd -g _rspamd -m 0750
dest: /etc/systemd/system/rspamd.service.d/postfix-chroot.conf
notify: reload systemd
- name: set rspamd-proxy options for postfix using milter over unix-socket
copy:
content: |
# ansible generated
milter = yes;
bind_socket = "/var/spool/postfix/rspamd/rspamd-proxy.sock mode=0660 owner=_rspamd"
dest: /etc/rspamd/local.d/worker-proxy.inc
notify: restart rspamd
- name: configure rspamd web interface
when: rspamd_web is defined
block:
- name: configure rspmad-controller passwords
copy:
content: |
# ansible generated
password = "{{ rspamd_web.password }}";
enable_password = "{{ rspamd_web.enable_password }}";
dest: /etc/rspamd/local.d/worker-controller.inc
mode: 0400
owner: _rspamd
notify: reload rspamd
# TODO: add support for tls!
# TODO: add support for whaty-nginx-sso?
- name: configure nginx reverse proxy for rspamd web interface
vars:
nginx_vhost:
default: yes
name: rspamd
template: generic
hostnames:
- "{{ rspamd_web.hostname }}"
locations:
'/':
proxy_pass: http://127.0.0.1:11334
include_role:
name: nginx/vhost
- name: generate local config files
loop: "{{ rspamd_modules_local_config | dict2items }}"
loop_control:
label: "{{ item.key }}"
copy:
content: |
# ansible generated
{{ item.value }}
dest: /etc/rspamd/local.d/{{ item.key }}.conf
mode: 0400
owner: _rspamd
notify: reload rspamd
- name: generate override config files
loop: "{{ rspamd_modules_override_config | dict2items }}"
loop_control:
label: "{{ item.key }}"
copy:
content: |
# ansible generated
{{ item.value }}
dest: /etc/rspamd/override.d/{{ item.key }}.conf
mode: 0400
owner: _rspamd
notify: reload rspamd
|