Fix idempotency.

2024-06-20 13:05:28 +02:00 · 2024-06-20 13:05:28 +02:00 · 6827be9fda
commit 6827be9fda
parent 53788c5e79
9 changed files with 66 additions and 13 deletions
--- a/roles/role_deploy_SemanticScuttle/tasks/main.yml
+++ b/roles/role_deploy_SemanticScuttle/tasks/main.yml
@ -75,6 +75,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true

 - name: Create apache-scuttle container
--- a/roles/role_deploy_coturn/tasks/main.yml
+++ b/roles/role_deploy_coturn/tasks/main.yml
@ -4,6 +4,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true

 - name: Create coturn container
--- a/roles/role_deploy_dovecot/tasks/main.yml
+++ b/roles/role_deploy_dovecot/tasks/main.yml
@ -80,16 +80,15 @@
    - dovecot_expire.sh
  when: not dovecot_installed_flag.stat.exists

- name: Extract secret configuration from secrets.tar.gz.enc
-  shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ remote_workdir }}/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
-  with_items:
-    - name: secrets/docker-mail-stack/15-lda.conf
-      dir: "/usr/local/docker-mounted-files/docker-mail-stack/"
-    - name: secrets/docker-mail-stack/users
-      dir: "/usr/local/docker-mounted-files/docker-mail-stack/"
-  environment:
-    SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env', 'SECRETS_ARCHIVE_PASSPHRASE') }}"
+- name: Template dovecot config files 
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/usr/local/docker-mounted-files/docker-mail-stack/{{ item }}"
  become: true
+  with_items:
+    - 15-lda.conf
+    - users
+  when: not dovecot_installed_flag.stat.exists

 - name: Fix permissions
  ansible.builtin.file:
@ -101,10 +100,6 @@
  with_items:
    - name: dovecot_expire.sh
      mode: "u=rwx,g=rx,o="
-    - name: 15-lda.conf
-      mode: "u=rw,g=r,o="
-    - name: users
-      mode: "u=rw,g=r,o="
  when: not dovecot_installed_flag.stat.exists

 - name: Login to {{ private_registry_domain }} and create ${XDG_RUNTIME_DIR}/containers/auth.json
@ -112,6 +107,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true
  when: not dovecot_installed_flag.stat.exists

--- a/roles/role_deploy_dovecot/templates/15-lda.conf.j2
+++ b/roles/role_deploy_dovecot/templates/15-lda.conf.j2
@ -0,0 +1,48 @@
+##
+## LDA specific settings (also used by LMTP)
+##
+
+# Address to use when sending rejection mails.
+# Default is postmaster@<your domain>.
+postmaster_address = {{ recipient_email }}
+
+# Hostname to use in various parts of sent mails, eg. in Message-Id.
+# Default is the system's real hostname.
+#hostname = 
+
+# If user is over quota, return with temporary failure instead of
+# bouncing the mail.
+#quota_full_tempfail = no
+
+# Binary to use for sending mails.
+#sendmail_path = /usr/sbin/sendmail
+
+# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+#submission_host =
+
+# Subject: header to use for rejection mails. You can use the same variables
+# as for rejection_reason below.
+#rejection_subject = Rejected: %s
+
+# Human readable error message for rejection mails. You can use variables:
+#  %n = CRLF, %r = reason, %s = original subject, %t = recipient
+#rejection_reason = Your message to <%t> was automatically rejected:%n%r
+
+# Delimiter character between local-part and detail in email address.
+#recipient_delimiter = +
+
+# Header where the original recipient address (SMTP's RCPT TO: address) is taken
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this. 
+# A commonly used header for this is X-Original-To.
+#lda_original_recipient_header =
+
+# Should saving a mail to a nonexistent mailbox automatically create it?
+#lda_mailbox_autocreate = no
+
+# Should automatically created mailboxes be also automatically subscribed?
+#lda_mailbox_autosubscribe = no
+
+protocol lda {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  mail_plugins = $mail_plugins sieve
+}
--- a/roles/role_deploy_dovecot/templates/users.j2
+++ b/roles/role_deploy_dovecot/templates/users.j2
@ -0,0 +1,3 @@
+{% for user in dovecot_users %}
+{{ user }}
+{% endfor %}
--- a/roles/role_deploy_nextcloud/tasks/main.yml
+++ b/roles/role_deploy_nextcloud/tasks/main.yml
@ -72,6 +72,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true
  when: not nextcloud_installed_flag.stat.exists

--- a/roles/role_deploy_openvpn-server/tasks/main.yml
+++ b/roles/role_deploy_openvpn-server/tasks/main.yml
@ -50,6 +50,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true

 - name: Create openvpn-server container
--- a/tasks/deploy_mysql-server.yml
+++ b/tasks/deploy_mysql-server.yml
@ -17,6 +17,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true

 - name: Create mysql-server container
--- a/tasks/deploy_reverse-proxy.yml
+++ b/tasks/deploy_reverse-proxy.yml
@ -90,6 +90,7 @@
    username: "{{ private_registry_user }}"
    password: "{{ private_registry_password }}"
    registry: "{{ private_registry_domain }}"
+  changed_when: false
  become: true

 - name: Create reverse-proxy container