ansible/roles/rspamd/tasks/main.yml
genofire c18f53b8ea Add rspamd support.
Postfix uses the Rspamd proxy as spam filtering milter
and HAProxy exposes the Rspamd webinterface through HTTPS.

Updates #10
2020-10-26 23:46:16 +01:00

121 lines
2.6 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Install Rspamd
package:
name: rspamd
- name: Create rspamd local.d and override.d
file:
path: '/usr/local/etc/rspamd/{{ item }}'
state: directory
mode: 0755
owner: root
group: wheel
with_items:
- local.d
- override.d
- name: Configure rspamd
template:
dest: '/usr/local/etc/rspamd/{{ item }}'
src: '{{ item }}.j2'
mode: 0444
owner: root
group: wheel
notify:
- Restart Rspamd
with_items: '{{ rspamd_config }}'
- name: Add /var/log/rspamd to fstab
mount:
path: /var/log/rspamd
src: tmpfs
fstype: tmpfs
opts: 'rw,size={{ rspamd_log_size }},mode={{ rspamd_log_mode }},uid={{ rspamd_log_uid }},gid={{ rspamd_log_gid }},late'
state: mounted
- name: Create rspamd HAProxy socket directory
file:
path: /var/run/haproxy/rspamd
state: directory
owner: haproxy
group: rspamd
mode: 0770
- name: Create Rspamd service directories
file:
path: '/etc/s6-rc/service/{{ item }}'
state: directory
owner: root
group: wheel
mode: 0755
with_items: '{{ rspamd_service_dirs }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
- name: Generate Rspamd service scripts
template:
dest: '/etc/s6-rc/service/{{ item }}'
src: '{{ item }}.j2'
mode: 0555
owner: root
group: wheel
with_items: '{{ rspamd_service_scripts }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
- name: Generate Rspamd service configuration
copy:
dest: '/etc/s6-rc/service/{{ item.name }}'
content: '{{ item.content }}'
mode: 0444
owner: root
group: wheel
loop_control:
label: '{{ item.name }} = {{ item.content }}'
notify:
- Reload s6-rc
- Restart Rspamd log
- Restart Rspamd
with_items: '{{ rspamd_service_config }}'
- name: Flush handlers
meta: flush_handlers
- name: Start Rspamd
command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change rspamd
register: change
changed_when: change.stdout | length > 0
- name: Enable Rspamd
lineinfile:
path: /etc/s6-rc/service/enabled/contents
regexp: "^rspamd$"
line: rspamd
state: present
notify:
- Reload s6-rc
- name: Flush handlers (again)
meta: flush_handlers
- name: Tell HAProxy where to find the Rspamd webinterface
template:
dest: /usr/local/etc/haproxy/rspamd.cfg
src: rspamd.cfg.j2
owner: root
group: wheel
mode: 0444
notify:
- Reload HAProxy
- name: Expose the Rspamd webinterface via HTTPS
lineinfile:
path: /usr/local/etc/haproxy/sni.map
regexp: '^{{ ansible_fqdn }} '
line: '{{ ansible_fqdn }} sni_rspamd'
notify:
- Reload HAProxy