yohan/ovh_instance_playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Get dovecot certificates from secrets.

Browse Source
This commit is contained in:
yohan 2024-09-06 21:06:45 +02:00
parent 0a6dfbbedc
commit ea5a5ae33a
1 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
roles/role_deploy_dovecot/tasks/main.yml
View File

@ -52,11 +52,64 @@
changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0 changed_when: duplicity_result.rc is defined and duplicity_result.rc == 0
when: not dovecot_installed_flag.stat.exists when: not dovecot_installed_flag.stat.exists
- name: Create /usr/local/docker-mounted-files/docker-mail-stack directory - name: Create /usr/local/docker-mounted-files/docker-mail-stack/certs directory
ansible.builtin.file: ansible.builtin.file:
path: "/usr/local/docker-mounted-files/docker-mail-stack" path: "/usr/local/docker-mounted-files/docker-mail-stack/certs"
state: directory state: directory
mode: '0755' mode: '0755'
recurse: yes
become: true
when: not dovecot_installed_flag.stat.exists
- name: Remove temp directory
ansible.builtin.file:
path: "{{ remote_workdir }}/dovecot_secrets"
state: absent
changed_when: false
become: true
when: not dovecot_installed_flag.stat.exists
- name: Create temp directory
ansible.builtin.file:
path: "{{ remote_workdir }}/dovecot_secrets"
state: directory
recurse: yes
changed_when: false
become: true
when: not dovecot_installed_flag.stat.exists
- name: Extract dovecot certs from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in {{ remote_workdir }}/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 3 {{ item.name }}"
changed_when: false
with_items:
- name: secrets/docker-mail-stack/certs/dovecot.crt
dir: "{{ remote_workdir }}/dovecot_secrets"
- name: secrets/docker-mail-stack/certs/dovecot.key
dir: "{{ remote_workdir }}/dovecot_secrets"
environment:
SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env', 'SECRETS_ARCHIVE_PASSPHRASE') }}"
become: true
when: not dovecot_installed_flag.stat.exists
- name: Copy dovecot SSL cert
ansible.builtin.copy:
src: "{{ remote_workdir }}/dovecot_secrets/dovecot.crt"
dest: "/usr/local/docker-mounted-files/docker-mail-stack/certs/"
remote_src: yes
owner: root
group: root
mode: "u=rw,g=r,o=r"
become: true
when: not dovecot_installed_flag.stat.exists
- name: Copy dovecot SSL key
ansible.builtin.copy:
src: "{{ remote_workdir }}/dovecot_secrets/dovecot.key"
dest: "/usr/local/docker-mounted-files/docker-mail-stack/certs/"
remote_src: yes
owner: root
group: root
mode: "u=rw,g=,o="
become: true become: true
when: not dovecot_installed_flag.stat.exists when: not dovecot_installed_flag.stat.exists
@ -136,6 +189,8 @@
- /usr/local/docker-mounted-files/docker-mail-stack/users:/etc/dovecot/users:Z - /usr/local/docker-mounted-files/docker-mail-stack/users:/etc/dovecot/users:Z
- /usr/local/docker-mounted-files/docker-mail-stack/15-lda.conf:/etc/dovecot/conf.d/15-lda.conf:Z - /usr/local/docker-mounted-files/docker-mail-stack/15-lda.conf:/etc/dovecot/conf.d/15-lda.conf:Z
- /usr/local/docker-mounted-files/docker-mail-stack/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf:Z - /usr/local/docker-mounted-files/docker-mail-stack/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf:Z
- /usr/local/docker-mounted-files/docker-mail-stack/certs/dovecot.crt:/etc/dovecot/dovecot.pem:Z
- /usr/local/docker-mounted-files/docker-mail-stack/certs/dovecot.key:/etc/dovecot/private/dovecot.pem:Z
become: true become: true
when: not dovecot_installed_flag.stat.exists when: not dovecot_installed_flag.stat.exists