ansible/roles/rspamd/tasks/main.yml

---
- name: Install Rspamd
  package:
    name: rspamd

- name: Create rspamd local.d and override.d
  file:
    path: '/usr/local/etc/rspamd/{{ item }}'
    state: directory
    mode: 0755
    owner: root
    group: wheel
  with_items:
    - local.d
    - override.d

- name: Configure rspamd
  template:
    dest: '/usr/local/etc/rspamd/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0444
    owner: root
    group: wheel
  notify:
    - Restart Rspamd
  with_items: '{{ rspamd_config }}'

- name: Add /var/log/rspamd to fstab
  mount:
    path: /var/log/rspamd
    src: tmpfs
    fstype: tmpfs
    opts: 'rw,size={{ rspamd_log_size }},mode={{ rspamd_log_mode }},uid={{ rspamd_log_uid }},gid={{ rspamd_log_gid }},late'
    state: mounted

- name: Create rspamd HAProxy socket directory
  file:
    path: /var/run/haproxy/rspamd
    state: directory
    owner: haproxy
    group: rspamd
    mode: 0770

- name: Create Rspamd service directories
  file:
    path: '{{ s6_etc_dir }}/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
    mode: 0755
  with_items: '{{ rspamd_service_dirs }}'
  notify:
    - Reload s6-rc
    - Restart Rspamd log
    - Restart Rspamd

- name: Generate Rspamd service scripts
  template:
    dest: '{{ s6_etc_dir }}/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
    group: wheel
  with_items: '{{ rspamd_service_scripts }}'
  notify:
    - Reload s6-rc
    - Restart Rspamd log
    - Restart Rspamd

- name: Generate Rspamd service configuration
  copy:
    dest: '{{ s6_etc_dir }}/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
    group: wheel
  loop_control:
    label: '{{ item.name }} = {{ item.content }}'
  notify:
    - Reload s6-rc
    - Restart Rspamd log
    - Restart Rspamd
  with_items: '{{ rspamd_service_config }}'

- name: Flush handlers
  meta: flush_handlers

- name: Start Rspamd
  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change rspamd
  register: change
  changed_when: change.stdout | length > 0

- name: Enable Rspamd
  lineinfile:
    path: '{{ s6_etc_dir }}/service/enabled/contents'
    regexp: "^rspamd$"
    line: rspamd
    state: present
  notify:
    - Reload s6-rc

- name: Flush handlers (again)
  meta: flush_handlers

- name: Tell HAProxy where to find the Rspamd webinterface
  template:
    dest: /usr/local/etc/haproxy/rspamd.cfg
    src: rspamd.cfg.j2
    owner: root
    group: wheel
    mode: 0444
  notify:
    - Reload HAProxy

- name: Expose the Rspamd webinterface via HTTPS
  lineinfile:
    path: /usr/local/etc/haproxy/sni.map
    regexp: '^{{ ansible_fqdn }} '
    line: '{{ ansible_fqdn }} sni_rspamd'
  notify:
    - Reload HAProxy