adelgado/ansible-role-dbmail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-dbmail/tasks/configure_certificates.yml

104 lines
3.7 KiB
YAML
Raw Blame History

---
- name: Get external IP of the node
uri:
url: http://checkip.dyndns.org
return_content: true
register: checkip_url
- name: Extract IP from URL content
set_fact:
node_external_ip: "{{ checkip_url | regex_search('[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}') }}"
- name: Set fact for mail server FQDN
set_fact:
mail_server_fqdn_ip: "{{ lookup('dig', mail_server_fqdn, '@1.1.1.1') | first }}"
- name: Get file certificate stats
stat:
path: "/etc/letsencrypt/live/{{ mail_server_fqdn }}"
register: cert_file
- name: Ensure server certificate exists
shell: "certbot certonly --agree-tos --email {{ admin_email }} -n --webroot -d {{ mail_server_fqdn }} --webroot-path /var/www/html"
args:
creates: "/etc/letsencrypt/live/{{ mail_server_fqdn }}"
when:
- mail_server_fqdn_ip == node_external_ip
- not cert_file.stat.exists
notify: Restart dbmail-imapd
- name: Show check for main mail server
debug:
msg: "mail_server_fqdn_ip {{ mail_server_fqdn_ip }} != node_external_ip {{ node_external_ip}}"
when: mail_server_fqdn_ip != node_external_ip
- name: Ensure dbmail certificate is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_cert
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/cert.pem"
notify: Restart dbmail-imapd
- name: Ensure dbmail certificate's private key is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_key
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/privkey.pem"
notify: Restart dbmail-imapd
- name: Ensure dbmail certificate's certificate authority certificate is configured
ini_file:
path: /etc/dbmail/dbmail.conf
create: true
section: DBMAIL
option: tls_cafile
value: "/etc/letsencrypt/live/{{ mail_server_fqdn }}/chain.pem"
notify: Restart dbmail-imapd
- name: Check if there is a public key
stat:
path: /root/.ssh/id_ed25519.pub
register: pubkey
- name: Generate new key if it doesn't exist already
shell: ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ''
when: not pubkey.stat.exists
- name: Get SSH public key content
shell: cat /root/.ssh/id_ed25519.pub
register: ssh_pubkey
- name: Add SSH public key to local (Ansible control node) file
lineinfile:
path: /tmp/pubkeys
regexp: "^{{ ssh_pubkey.stdout }}$"
line: "{{ ssh_pubkey.stdout }}"
create: true
delegate_to: 127.0.0.1
- name: Add SSH public keys to authorized_keys
authorized_key:
user: root
state: present
key: "{{ item }}"
loop: "{{ lookup('file', '/tmp/pubkeys') | split('\n') }}"
- name: Synchronize live certificates mail name
shell: "rsync -ar -e 'ssh -p 7272 -o StrictHostKeyChecking=no' {{ mail_server_fqdn_ip }}:/etc/letsencrypt/live/{{ mail_server_fqdn }} /etc/letsencrypt/live/"
when: mail_server_fqdn_ip != node_external_ip
- name: Synchronize archive certificates mail name
shell: "rsync -ar -e 'ssh -p 7272 -o StrictHostKeyChecking=no' {{ mail_server_fqdn_ip }}:/etc/letsencrypt/archive/{{ mail_server_fqdn }} /etc/letsencrypt/archive/"
when: mail_server_fqdn_ip != node_external_ip
- name: Synchronize live certificate web admin
shell: "rsync -ar -e 'ssh -p 7272 -o StrictHostKeyChecking=no' {{ dbmail_web_admin_hostname }}:/etc/letsencrypt/live/{{ dbmail_web_admin_hostname }} /etc/letsencrypt/live/"
when: mail_server_fqdn_ip != node_external_ip
- name: Synchronize archive certificates web admin
shell: "rsync -ar -e 'ssh -p 7272 -o StrictHostKeyChecking=no' {{ dbmail_web_admin_hostname }}:/etc/letsencrypt/archive/{{ dbmail_web_admin_hostname }} /etc/letsencrypt/archive/"
when: mail_server_fqdn_ip != node_external_ip
Reference in a new issue View git blame Copy permalink