diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore index f62d35b..22ed55d 100644 --- a/.ansible-lint-ignore +++ b/.ansible-lint-ignore @@ -1,3 +1,3 @@ -tasks/ssl.yml schema[tasks] # no idea why the linter complains on this one, the whole thing works +tasks/security/ssl.yml schema[tasks] # no idea why the linter complains on this one, the whole thing works meta/main.yml schema[meta] # the platform EL version 8 does exist - not sure why the linter complains about it defaults/main.yaml jinja[spacing] # the current setup makes the schema more readable diff --git a/tasks/backups.yml b/tasks/backups/main.yml similarity index 97% rename from tasks/backups.yml rename to tasks/backups/main.yml index e0f1712..a9bc39b 100644 --- a/tasks/backups.yml +++ b/tasks/backups/main.yml @@ -183,12 +183,12 @@ register: start_ldap_server changed_when: start_ldap_server.rc == 0 - name: Restore service tarball backups - ansible.builtin.include_tasks: restore_service_tarball_backup.yml + ansible.builtin.include_tasks: backups/restore_service_tarball_backup.yml vars: service: cyrus-imap service_backup_path: "{{ imap_backup_path }}" - name: Restore service tarball backups - ansible.builtin.include_tasks: restore_service_tarball_backup.yml + ansible.builtin.include_tasks: backups/restore_service_tarball_backup.yml vars: service: "{{ item }}" service_backup_path: "{{ vars[item ~ '_backup_path'] }}" diff --git a/tasks/restore_service_tarball_backup.yml b/tasks/backups/restore_service_tarball_backup.yml similarity index 100% rename from tasks/restore_service_tarball_backup.yml rename to tasks/backups/restore_service_tarball_backup.yml diff --git a/tasks/add_dns_record.yml b/tasks/dns/add_dns_record.yml similarity index 100% rename from tasks/add_dns_record.yml rename to tasks/dns/add_dns_record.yml diff --git a/tasks/configure_dyndns_subdomain.yml b/tasks/dns/configure_dyndns_subdomain.yml similarity index 91% rename from tasks/configure_dyndns_subdomain.yml rename to tasks/dns/configure_dyndns_subdomain.yml index fa7e3ea..8475a17 100644 --- a/tasks/configure_dyndns_subdomain.yml +++ b/tasks/dns/configure_dyndns_subdomain.yml @@ -3,7 +3,7 @@ tags: - dyndns - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{% if dyndns_item | length > 0 %}dyndns.{% endif %}{{ mailserver_domain }}" @@ -15,7 +15,7 @@ tags: - dyndns - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}" @@ -27,7 +27,7 @@ tags: - dyndns - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}" diff --git a/tasks/create_default_cname_records.yml b/tasks/dns/create_default_cname_records.yml similarity index 85% rename from tasks/create_default_cname_records.yml rename to tasks/dns/create_default_cname_records.yml index de8eb7e..535e70e 100644 --- a/tasks/create_default_cname_records.yml +++ b/tasks/dns/create_default_cname_records.yml @@ -1,6 +1,6 @@ --- - name: Fill default CNAME records - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{{ dns_zone }}" diff --git a/tasks/delete_dns_record.yml b/tasks/dns/delete_dns_record.yml similarity index 100% rename from tasks/delete_dns_record.yml rename to tasks/dns/delete_dns_record.yml diff --git a/tasks/dns_records.yml b/tasks/dns/dns_records.yml similarity index 96% rename from tasks/dns_records.yml rename to tasks/dns/dns_records.yml index 83ecc14..53813af 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns/dns_records.yml @@ -34,13 +34,13 @@ register: set_primary_zone changed_when: set_primary_zone.rc == 0 - name: Fill DNS zone - ansible.builtin.include_tasks: fill_default_dns_records.yml + ansible.builtin.include_tasks: dns/fill_default_dns_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains }}" when: public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) - name: Create default CNAME records - ansible.builtin.include_tasks: create_default_cname_records.yml + ansible.builtin.include_tasks: dns/create_default_cname_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] }}" diff --git a/tasks/dnsdist.yml b/tasks/dns/dnsdist.yml similarity index 100% rename from tasks/dnsdist.yml rename to tasks/dns/dnsdist.yml diff --git a/tasks/dyndns.yml b/tasks/dns/dyndns.yml similarity index 97% rename from tasks/dyndns.yml rename to tasks/dns/dyndns.yml index 2c45b7e..08e1f23 100644 --- a/tasks/dyndns.yml +++ b/tasks/dns/dyndns.yml @@ -128,7 +128,7 @@ tags: - dyndns - poweradmin - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -140,7 +140,7 @@ tags: - dyndns - poweradmin - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -153,7 +153,7 @@ - dyndns - poweradmin - users - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml when: dyndns_item != "server" vars: record: @@ -171,7 +171,7 @@ - dyndns - poweradmin - users - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -183,7 +183,7 @@ loop_control: loop_var: dyndns_item - name: Configure DynDNS subdomains - ansible.builtin.include_tasks: configure_dyndns_subdomain.yml + ansible.builtin.include_tasks: dns/configure_dyndns_subdomain.yml when: dyndns_item != "server" loop: "{{ [''] + (wg_configs.keys() | list) }}" loop_control: diff --git a/tasks/fill_default_dns_records.yml b/tasks/dns/fill_default_dns_records.yml similarity index 87% rename from tasks/fill_default_dns_records.yml rename to tasks/dns/fill_default_dns_records.yml index a610b24..7d631ea 100644 --- a/tasks/fill_default_dns_records.yml +++ b/tasks/dns/fill_default_dns_records.yml @@ -1,6 +1,6 @@ --- - name: Fill default DNS records - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: empty_apostrophes: "''" record: diff --git a/tasks/local_dns_cache.yml b/tasks/dns/local_dns_cache.yml similarity index 100% rename from tasks/local_dns_cache.yml rename to tasks/dns/local_dns_cache.yml diff --git a/tasks/dns.yml b/tasks/dns/main.yml similarity index 71% rename from tasks/dns.yml rename to tasks/dns/main.yml index cc874e1..da7e791 100644 --- a/tasks/dns.yml +++ b/tasks/dns/main.yml @@ -1,19 +1,19 @@ --- - name: Open firewall - ansible.builtin.import_tasks: firewall.yml + ansible.builtin.import_tasks: security/firewall.yml vars: port: dns # noqa var-naming[no-reserved] we refer to a port here, so I call it a port when: 'public_dns == "yes"' - name: Configure local DNS cache - ansible.builtin.import_tasks: local_dns_cache.yml + ansible.builtin.import_tasks: dns/local_dns_cache.yml - name: Configure PowerDNS - ansible.builtin.import_tasks: pdns.yml + ansible.builtin.import_tasks: dns/pdns.yml - name: Set up DNS records - ansible.builtin.import_tasks: dns_records.yml + ansible.builtin.import_tasks: dns/dns_records.yml - name: Configure PowerDNS recursor - ansible.builtin.import_tasks: pdns_recursor.yml + ansible.builtin.import_tasks: dns/pdns_recursor.yml - name: Configure DNSDist - ansible.builtin.import_tasks: dnsdist.yml + ansible.builtin.import_tasks: dns/dnsdist.yml - name: Make sure PowerDNS is running ansible.builtin.systemd_service: name: pdns @@ -35,7 +35,7 @@ state: started when: 'public_dns == "yes"' - name: Configure PowerAdmin - ansible.builtin.import_tasks: poweradmin.yml + ansible.builtin.import_tasks: dns/poweradmin.yml tags: - dyndns - poweradmin diff --git a/tasks/pdns.yml b/tasks/dns/pdns.yml similarity index 93% rename from tasks/pdns.yml rename to tasks/dns/pdns.yml index 7de9deb..3e1aacb 100644 --- a/tasks/pdns.yml +++ b/tasks/dns/pdns.yml @@ -1,6 +1,6 @@ --- - name: Create PowerDNS DB - ansible.builtin.import_tasks: create_mariadb_schema.yml + ansible.builtin.import_tasks: mariadb/create_mariadb_schema.yml vars: mariadb_database: powerdnsdb mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" @@ -16,7 +16,7 @@ no_log: yes when: 'public_dns == "yes"' # - name: Fill PowerDNS DB with data -# ansible.builtin.import_tasks: fill_mariadb_data.yml +# ansible.builtin.import_tasks: mariadb/fill_mariadb_data.yml # vars: # mariadb_database: # db: powerdnsdb diff --git a/tasks/pdns_recursor.yml b/tasks/dns/pdns_recursor.yml similarity index 100% rename from tasks/pdns_recursor.yml rename to tasks/dns/pdns_recursor.yml diff --git a/tasks/poweradmin.yml b/tasks/dns/poweradmin.yml similarity index 100% rename from tasks/poweradmin.yml rename to tasks/dns/poweradmin.yml diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/dns/propagate_dkim_txt_records.yml similarity index 98% rename from tasks/propagate_dkim_txt_records.yml rename to tasks/dns/propagate_dkim_txt_records.yml index 5001a49..d616b4e 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/dns/propagate_dkim_txt_records.yml @@ -8,7 +8,7 @@ desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" # noqa no-tabs we need tabs in this content current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" # noqa no-tabs we need tabs in this content - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "{{ domain_item }}" diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/dns/propagate_ssl_txt_records.yml similarity index 96% rename from tasks/propagate_ssl_txt_records.yml rename to tasks/dns/propagate_ssl_txt_records.yml index 08e6cee..242832b 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/dns/propagate_ssl_txt_records.yml @@ -1,6 +1,6 @@ --- - name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "{{ challenge_item.key | replace('*.', '') }}" diff --git a/tasks/httpd.yml b/tasks/httpd/main.yml similarity index 98% rename from tasks/httpd.yml rename to tasks/httpd/main.yml index 952daa7..7a31430 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd/main.yml @@ -6,7 +6,7 @@ - poweradmin - wireguard - webdav - ansible.builtin.include_tasks: firewall.yml + ansible.builtin.include_tasks: security/firewall.yml vars: port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: diff --git a/tasks/webdav.yml b/tasks/httpd/webdav.yml similarity index 100% rename from tasks/webdav.yml rename to tasks/httpd/webdav.yml diff --git a/tasks/add_kolab_user.yml b/tasks/kolab/add_kolab_user.yml similarity index 100% rename from tasks/add_kolab_user.yml rename to tasks/kolab/add_kolab_user.yml diff --git a/tasks/kolab_auth.yml b/tasks/kolab/kolab_auth.yml similarity index 100% rename from tasks/kolab_auth.yml rename to tasks/kolab/kolab_auth.yml diff --git a/tasks/kolab.yml b/tasks/kolab/main.yml similarity index 99% rename from tasks/kolab.yml rename to tasks/kolab/main.yml index 6e5c5b5..07744cc 100644 --- a/tasks/kolab.yml +++ b/tasks/kolab/main.yml @@ -271,7 +271,7 @@ tags: - users - name: Set up user mail aliases - ansible.builtin.include_tasks: user_mail_alias.yml + ansible.builtin.include_tasks: mail/user_mail_alias.yml loop: "{{ users }}" loop_control: loop_var: user @@ -513,7 +513,7 @@ - name: Refresh the certificates ansible.builtin.command: 'openssl rehash /etc/dirsrv/slapd-{{ mailserver_domain | split(".") | first }}' - name: Configure LDAP - ansible.builtin.import_tasks: ldap.yml + ansible.builtin.import_tasks: ldap/main.yml tags: - ldap - users diff --git a/tasks/add_admin_user_to_ldap_groups.yml b/tasks/ldap/add_admin_user_to_ldap_groups.yml similarity index 100% rename from tasks/add_admin_user_to_ldap_groups.yml rename to tasks/ldap/add_admin_user_to_ldap_groups.yml diff --git a/tasks/convert_user_to_ldif.yml b/tasks/ldap/convert_user_to_ldif.yml similarity index 100% rename from tasks/convert_user_to_ldif.yml rename to tasks/ldap/convert_user_to_ldif.yml diff --git a/tasks/ldap.yml b/tasks/ldap/main.yml similarity index 97% rename from tasks/ldap.yml rename to tasks/ldap/main.yml index ea28001..ddaf773 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap/main.yml @@ -208,7 +208,7 @@ - name: Extract user data from the OS ansible.builtin.command: /var/tmp/extract_user_data_to_migrate.sh - name: "Update LDAP entries: {{ user_data_item }}" - ansible.builtin.include_tasks: convert_user_to_ldif.yml + ansible.builtin.include_tasks: ldap/convert_user_to_ldif.yml loop: "{{ users }}" loop_control: loop_var: user_data_item @@ -219,20 +219,20 @@ - users block: - name: "Add user to Kolab: {{ user.name }}" - ansible.builtin.include_tasks: add_kolab_user.yml + ansible.builtin.include_tasks: kolab/add_kolab_user.yml loop: "{{ users }}" loop_control: loop_var: user rescue: - name: Authenticate against the Kolab API - ansible.builtin.include_tasks: kolab_auth.yml + ansible.builtin.include_tasks: kolab/kolab_auth.yml - name: "Add user to Kolab: {{ user.name }}" - ansible.builtin.include_tasks: add_kolab_user.yml + ansible.builtin.include_tasks: kolab/add_kolab_user.yml loop: "{{ users }}" loop_control: loop_var: user - name: Set admin user group membership - ansible.builtin.include_tasks: add_admin_user_to_ldap_groups.yml + ansible.builtin.include_tasks: ldap/add_admin_user_to_ldap_groups.yml loop: - "cn=Directory Administrators,dc={{ mailserver_domain | split('.') | join(',dc=') }}" - "cn=Accounting Managers,ou=groups,dc={{ mailserver_domain | split('.') | join(',dc=') }}" diff --git a/tasks/dkim.yml b/tasks/mail/dkim.yml similarity index 96% rename from tasks/dkim.yml rename to tasks/mail/dkim.yml index 46c25d9..2f89c5a 100644 --- a/tasks/dkim.yml +++ b/tasks/mail/dkim.yml @@ -1,6 +1,6 @@ --- # - name: Open firewall -# ansible.builtin.import_tasks: firewall.yml +# ansible.builtin.import_tasks: security/firewall.yml # vars: # port: 8891/tcp # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Configure OpenDKIM @@ -88,7 +88,7 @@ groups: opendkim append: yes - name: Check DKIM TXT records - ansible.builtin.include_tasks: propagate_dkim_txt_records.yml + ansible.builtin.include_tasks: dns/propagate_dkim_txt_records.yml vars: current_domain: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains }}" diff --git a/tasks/dmarc.yml b/tasks/mail/dmarc.yml similarity index 97% rename from tasks/dmarc.yml rename to tasks/mail/dmarc.yml index 64338a6..b830325 100644 --- a/tasks/dmarc.yml +++ b/tasks/mail/dmarc.yml @@ -28,7 +28,7 @@ - { key: "IgnoreMailFrom", value: "{{ undeliverable_exceptions | join(',') }}", comment: false } notify: Restart opendmarc - name: Set up DMARC TXT records - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{{ item }}" diff --git a/tasks/imapsync.yml b/tasks/mail/imapsync.yml similarity index 100% rename from tasks/imapsync.yml rename to tasks/mail/imapsync.yml diff --git a/tasks/postfix.yml b/tasks/mail/postfix.yml similarity index 97% rename from tasks/postfix.yml rename to tasks/mail/postfix.yml index 5e472e8..e6863bf 100644 --- a/tasks/postfix.yml +++ b/tasks/mail/postfix.yml @@ -12,7 +12,7 @@ system: yes uid: 2000 - name: Open firewall - ansible.builtin.include_tasks: firewall.yml + ansible.builtin.include_tasks: security/firewall.yml vars: port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: @@ -34,7 +34,7 @@ register: apply_new_aliases changed_when: apply_new_aliases.rc == 0 - name: Set up automatic restart of services - ansible.builtin.import_tasks: autorestart.yml + ansible.builtin.import_tasks: systemd/autorestart.yml vars: service: postfix # - name: Deploy Postfix master config @@ -66,10 +66,10 @@ - name: Configure Postfix main.cf tags: - users - community.general.ini_file: + ansible.builtin.lineinfile: + regexp: "^{{ item.key }} = " path: /etc/postfix/main.cf - option: "{{ item.key }}" - value: "{{ item.value }}" + line: "{{ item.key }} = {{ item.value }}" backup: true mode: u=rw,og=r owner: root diff --git a/tasks/postfixadmin.yml b/tasks/mail/postfixadmin.yml similarity index 96% rename from tasks/postfixadmin.yml rename to tasks/mail/postfixadmin.yml index 8d5c510..d76af30 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/mail/postfixadmin.yml @@ -22,7 +22,7 @@ setype: httpd_sys_rw_content_t recurse: yes - name: Create postfixadmin DB schema - ansible.builtin.import_tasks: create_mariadb_schema.yml + ansible.builtin.import_tasks: mariadb/create_mariadb_schema.yml vars: mariadb_database: postfixadmin mariadb_state: "{{ ('import' if reset == 'yes') | default('present') }}" @@ -37,7 +37,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Fill postfixadmin DB with data - ansible.builtin.import_tasks: fill_mariadb_data.yml + ansible.builtin.import_tasks: mariadb/fill_mariadb_data.yml vars: mariadb_database: db: postfixadmin diff --git a/tasks/spamassassin.yml b/tasks/mail/spamassassin.yml similarity index 100% rename from tasks/spamassassin.yml rename to tasks/mail/spamassassin.yml diff --git a/tasks/user_mail_alias.yml b/tasks/mail/user_mail_alias.yml similarity index 100% rename from tasks/user_mail_alias.yml rename to tasks/mail/user_mail_alias.yml diff --git a/tasks/main.yml b/tasks/main.yml index bd05ff3..c755583 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,41 +19,41 @@ no_log: yes tags: always - name: Configure OS - ansible.builtin.import_tasks: os.yml + ansible.builtin.import_tasks: os/main.yml tags: os - name: Configure MariaDB - ansible.builtin.import_tasks: mariadb.yml + ansible.builtin.import_tasks: mariadb/main.yml tags: mariadb - name: Configure DNS - ansible.builtin.import_tasks: dns.yml + ansible.builtin.import_tasks: dns/main.yml tags: - dns - poweradmin - dyndns # - name: Configure PostfixAdmin -# ansible.builtin.import_tasks: postfixadmin.yml +# ansible.builtin.import_tasks: mail/postfixadmin.yml # tags: # - postfix # - postfixadmin - name: Set up SSL - ansible.builtin.import_tasks: ssl.yml + ansible.builtin.import_tasks: security/ssl.yml tags: ssl - name: Set up Kolab - ansible.builtin.import_tasks: kolab.yml + ansible.builtin.import_tasks: kolab/main.yml tags: - kolab - users # - name: Add users -# ansible.builtin.import_tasks: users.yml +# ansible.builtin.import_tasks: os/users.yml # tags: users - name: Set up ElasticSearch - ansible.builtin.import_tasks: elasticsearch.yml + ansible.builtin.import_tasks: misc/elasticsearch.yml tags: elasticsearch - name: Set up FTP - ansible.builtin.import_tasks: ftp.yml + ansible.builtin.import_tasks: misc/ftp.yml tags: ftp - name: Configure Apache - ansible.builtin.import_tasks: httpd.yml + ansible.builtin.import_tasks: httpd/main.yml tags: - httpd - dyndns @@ -63,20 +63,20 @@ - wireguard - webdav - name: Set up SPAMAssassin - ansible.builtin.import_tasks: spamassassin.yml + ansible.builtin.import_tasks: mail/spamassassin.yml tags: spamassassin - name: Configure Antivirus - ansible.builtin.import_tasks: antivirus.yml + ansible.builtin.import_tasks: security/antivirus.yml tags: antivirus - name: Configure Redis - ansible.builtin.import_tasks: redis.yml + ansible.builtin.import_tasks: misc/redis.yml tags: redis - name: Configure Postfix - ansible.builtin.import_tasks: postfix.yml + ansible.builtin.import_tasks: mail/postfix.yml tags: postfix - name: Sync old IMAP account # noqa jinja[invalid] for some reason this was the only way I found to pass the variable to the included task list - ansible.builtin.include_tasks: imapsync.yml + ansible.builtin.include_tasks: mail/imapsync.yml loop: "{{ users }}" loop_control: loop_var: current_user @@ -87,27 +87,27 @@ - imapsync - users - name: Set up DKIM - ansible.builtin.import_tasks: dkim.yml + ansible.builtin.import_tasks: mail/dkim.yml tags: dkim - name: Set up DMARC - ansible.builtin.import_tasks: dmarc.yml + ansible.builtin.import_tasks: mail/dmarc.yml tags: dmarc - name: Set up MongoDB - ansible.builtin.import_tasks: mongodb.yml + ansible.builtin.import_tasks: misc/mongodb.yml tags: mongodb - name: Set up WebDav - ansible.builtin.import_tasks: webdav.yml + ansible.builtin.import_tasks: httpd/webdav.yml tags: webdav - name: Set up WireGuard - ansible.builtin.import_tasks: wireguard.yml + ansible.builtin.import_tasks: wireguard/main.yml tags: - wireguard - dyndns - poweradmin # - postfixadmin - name: Set up backups - ansible.builtin.import_tasks: backups.yml + ansible.builtin.import_tasks: backups/main.yml tags: backup - name: Configure fail2ban - ansible.builtin.import_tasks: fail2ban.yml + ansible.builtin.import_tasks: security/fail2ban.yml tags: fail2ban diff --git a/tasks/create_mariadb_schema.yml b/tasks/mariadb/create_mariadb_schema.yml similarity index 100% rename from tasks/create_mariadb_schema.yml rename to tasks/mariadb/create_mariadb_schema.yml diff --git a/tasks/fill_mariadb_data.yml b/tasks/mariadb/fill_mariadb_data.yml similarity index 100% rename from tasks/fill_mariadb_data.yml rename to tasks/mariadb/fill_mariadb_data.yml diff --git a/tasks/mariadb.yml b/tasks/mariadb/main.yml similarity index 100% rename from tasks/mariadb.yml rename to tasks/mariadb/main.yml diff --git a/tasks/elasticsearch.yml b/tasks/misc/elasticsearch.yml similarity index 100% rename from tasks/elasticsearch.yml rename to tasks/misc/elasticsearch.yml diff --git a/tasks/ftp.yml b/tasks/misc/ftp.yml similarity index 98% rename from tasks/ftp.yml rename to tasks/misc/ftp.yml index 0c0f190..1007860 100644 --- a/tasks/ftp.yml +++ b/tasks/misc/ftp.yml @@ -1,6 +1,6 @@ --- - name: Open firewall - ansible.builtin.include_tasks: firewall.yml + ansible.builtin.include_tasks: security/firewall.yml vars: port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: diff --git a/tasks/mongodb.yml b/tasks/misc/mongodb.yml similarity index 100% rename from tasks/mongodb.yml rename to tasks/misc/mongodb.yml diff --git a/tasks/redis.yml b/tasks/misc/redis.yml similarity index 100% rename from tasks/redis.yml rename to tasks/misc/redis.yml diff --git a/tasks/os.yml b/tasks/os/main.yml similarity index 95% rename from tasks/os.yml rename to tasks/os/main.yml index 8c7be8a..13c1365 100644 --- a/tasks/os.yml +++ b/tasks/os/main.yml @@ -46,7 +46,7 @@ - name: Install requiremets block: - name: Install packages - ansible.builtin.import_tasks: packages.yml + ansible.builtin.import_tasks: os/packages.yml rescue: - name: Find repo configs ansible.builtin.find: @@ -68,7 +68,7 @@ validate: "grep '^baseurl=http://vault.centos.org' %s" loop: "{{ repo_files.files }}" - name: Install packages - ansible.builtin.import_tasks: packages.yml + ansible.builtin.import_tasks: os/packages.yml - name: Set up OS mail aliases ansible.builtin.lineinfile: path: /etc/aliases @@ -102,5 +102,5 @@ backup: yes tags: ssl - name: Configure AIDE - ansible.builtin.import_tasks: aide.yml + ansible.builtin.import_tasks: security/aide.yml tags: aide diff --git a/tasks/packages.yml b/tasks/os/packages.yml similarity index 100% rename from tasks/packages.yml rename to tasks/os/packages.yml diff --git a/tasks/users.yml b/tasks/os/users.yml similarity index 100% rename from tasks/users.yml rename to tasks/os/users.yml diff --git a/tasks/aide.yml b/tasks/security/aide.yml similarity index 100% rename from tasks/aide.yml rename to tasks/security/aide.yml diff --git a/tasks/antivirus.yml b/tasks/security/antivirus.yml similarity index 100% rename from tasks/antivirus.yml rename to tasks/security/antivirus.yml diff --git a/tasks/fail2ban.yml b/tasks/security/fail2ban.yml similarity index 100% rename from tasks/fail2ban.yml rename to tasks/security/fail2ban.yml diff --git a/tasks/firewall.yml b/tasks/security/firewall.yml similarity index 100% rename from tasks/firewall.yml rename to tasks/security/firewall.yml diff --git a/tasks/ssl.yml b/tasks/security/ssl.yml similarity index 98% rename from tasks/ssl.yml rename to tasks/security/ssl.yml index af504d4..f88cfbc 100644 --- a/tasks/ssl.yml +++ b/tasks/security/ssl.yml @@ -73,7 +73,7 @@ # remaining_days: 60 # register: letsencrypt_challenge # - name: Check Let's Encrypt TXT records -# ansible.builtin.import_tasks: propagate_ssl_txt_records.yml +# ansible.builtin.import_tasks: dns/propagate_ssl_txt_records.yml # with_dict: "{{ letsencrypt_challenge.challenge_data }}" # loop_control: # loop_var: challenge_item @@ -93,7 +93,7 @@ # data: "{{ letsencrypt_challenge }}" # when: letsencrypt_challenge.changed is true # - name: Clean up Let's Encrypt TXT records -# ansible.builtin.include_tasks: delete_dns_record.yml +# ansible.builtin.include_tasks: dns/delete_dns_record.yml # vars: # record: # zone: "{{ challenge_item.key|replace('*.', '') }}" diff --git a/tasks/autorestart.yml b/tasks/systemd/autorestart.yml similarity index 100% rename from tasks/autorestart.yml rename to tasks/systemd/autorestart.yml diff --git a/tasks/define_vpn_clients.yml b/tasks/wireguard/define_vpn_clients.yml similarity index 100% rename from tasks/define_vpn_clients.yml rename to tasks/wireguard/define_vpn_clients.yml diff --git a/tasks/gather_wireguard_config_sections.yml b/tasks/wireguard/gather_wireguard_config_sections.yml similarity index 100% rename from tasks/gather_wireguard_config_sections.yml rename to tasks/wireguard/gather_wireguard_config_sections.yml diff --git a/tasks/generate_wireguard_keys.yml b/tasks/wireguard/generate_wireguard_keys.yml similarity index 100% rename from tasks/generate_wireguard_keys.yml rename to tasks/wireguard/generate_wireguard_keys.yml diff --git a/tasks/wireguard.yml b/tasks/wireguard/main.yml similarity index 94% rename from tasks/wireguard.yml rename to tasks/wireguard/main.yml index 96b0121..12ccff3 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard/main.yml @@ -14,7 +14,7 @@ - { src: "httpd/vpn-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/418-vpn.{{ mailserver_domain }}-le-ssl.conf" } notify: Restart httpd - name: Open firewall - ansible.builtin.import_tasks: firewall.yml + ansible.builtin.import_tasks: security/firewall.yml vars: port: "{{ wireguard.listen_port }}/udp" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Ensure user VPN config directories exist @@ -88,7 +88,7 @@ - "{{ wireguard.config_dir }}" - /var/www/html/.vpn - name: Read WireGuard server config - ansible.builtin.import_tasks: read_wireguard_config.yml + ansible.builtin.import_tasks: wireguard/read_wireguard_config.yml vars: wg_config_file: "{{ wireguard.config_dir }}/{{ wireguard.interface }}.conf" - name: Define read server values @@ -109,7 +109,7 @@ - wireguard - kolab - dyndns - ansible.builtin.include_tasks: generate_wireguard_keys.yml + ansible.builtin.include_tasks: wireguard/generate_wireguard_keys.yml vars: wg_name: "server" wg_privatekey: "{{ wg_server.privatekey | default('') }}" @@ -117,7 +117,7 @@ wg_owner: root wg_cidr: "{{ wireguard.ipv4_pool.split('/') | first | replace('.0','.1') ~ ', ' ~ wireguard.ipv6_pool.split('/') | first | replace(':0',':1') }}" - name: Define read client values - ansible.builtin.include_tasks: define_vpn_clients.yml + ansible.builtin.include_tasks: wireguard/define_vpn_clients.yml vars: current_ipv4: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$','.' ~ next_ip_segment) }}" current_ipv6: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$',':' ~ next_ip_segment) }}" @@ -133,7 +133,7 @@ - wireguard - kolab - dyndns - ansible.builtin.include_tasks: generate_wireguard_keys.yml + ansible.builtin.include_tasks: wireguard/generate_wireguard_keys.yml vars: wg_name: "{{ item.name }}" wg_privatekey: "{{ item.privatekey | default('') }}" @@ -270,12 +270,12 @@ tags: - dyndns - poweradmin - ansible.builtin.include_tasks: dyndns.yml + ansible.builtin.include_tasks: dns/dyndns.yml - name: Add VPN NS record tags: - wireguard - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "{{ mailserver_domain }}" @@ -287,7 +287,7 @@ tags: - wireguard - poweradmin - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -299,7 +299,7 @@ tags: - wireguard - poweradmin - ansible.builtin.import_tasks: add_dns_record.yml + ansible.builtin.import_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -311,7 +311,7 @@ tags: - wireguard - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -325,7 +325,7 @@ tags: - wireguard - poweradmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -340,7 +340,7 @@ - wireguard - poweradmin # - postfixadmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -356,7 +356,7 @@ - wireguard - poweradmin # - postfixadmin - ansible.builtin.include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: dns/add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" diff --git a/tasks/read_wireguard_config.yml b/tasks/wireguard/read_wireguard_config.yml similarity index 89% rename from tasks/read_wireguard_config.yml rename to tasks/wireguard/read_wireguard_config.yml index 9c13d96..593ae55 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/wireguard/read_wireguard_config.yml @@ -14,7 +14,7 @@ ansible.builtin.set_fact: wireguard_config_lines: "{{ wg_config_content.content|b64decode|split('\n') }}" - name: Gather WireGuard config sections - ansible.builtin.include_tasks: gather_wireguard_config_sections.yml + ansible.builtin.include_tasks: wireguard/gather_wireguard_config_sections.yml vars: wireguard_config_line: "{{ item }}" loop: "{{ wireguard_config_lines }}"