From 3d7d6f0ff0045a8a4de2cdbeccc1eddf14dc4786 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 7 Dec 2023 13:25:10 +0100 Subject: [PATCH 1/3] Adding support for mail aliases to the postfix role. --- docs/roles/debian/postfix.md | 7 +++++-- roles/debian/postfix/README.md | 7 +++++-- roles/debian/postfix/defaults/main.yml | 7 +++++-- roles/debian/postfix/tasks/main.yml | 13 +++++++++++-- roles/debian/postfix/templates/aliases.j2 | 3 +++ 5 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 roles/debian/postfix/templates/aliases.j2 diff --git a/docs/roles/debian/postfix.md b/docs/roles/debian/postfix.md index 6fa5e4d58..0abe2aa0b 100644 --- a/docs/roles/debian/postfix.md +++ b/docs/roles/debian/postfix.md @@ -31,8 +31,11 @@ postfix: forward_domains: - another.com - lalala.com - forward_from: "admin@example.com" - forward_to: "admin@example.com" + forward_from: admin@example.com + forward_to: admin@example.com + aliases: [] + #- user: root + # alias: admin@example.com ``` diff --git a/roles/debian/postfix/README.md b/roles/debian/postfix/README.md index 6fa5e4d58..0abe2aa0b 100644 --- a/roles/debian/postfix/README.md +++ b/roles/debian/postfix/README.md @@ -31,8 +31,11 @@ postfix: forward_domains: - another.com - lalala.com - forward_from: "admin@example.com" - forward_to: "admin@example.com" + forward_from: admin@example.com + forward_to: admin@example.com + aliases: [] + #- user: root + # alias: admin@example.com ``` diff --git a/roles/debian/postfix/defaults/main.yml b/roles/debian/postfix/defaults/main.yml index 91e66dc07..e0f09c009 100644 --- a/roles/debian/postfix/defaults/main.yml +++ b/roles/debian/postfix/defaults/main.yml @@ -22,5 +22,8 @@ postfix: forward_domains: - another.com - lalala.com - forward_from: "admin@example.com" - forward_to: "admin@example.com" + forward_from: admin@example.com + forward_to: admin@example.com + aliases: [] + #- user: root + # alias: admin@example.com diff --git a/roles/debian/postfix/tasks/main.yml b/roles/debian/postfix/tasks/main.yml index 941d15dc4..83c7ecec6 100644 --- a/roles/debian/postfix/tasks/main.yml +++ b/roles/debian/postfix/tasks/main.yml @@ -67,12 +67,12 @@ notify: - Reload Postfix configuration. -- name: Initialise sasl_passwd +- name: Initialise sasl_passwd. ansible.builtin.command: cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd when: postfix.use_ses -- name: Configure virtual +- name: Configure virtual. ansible.builtin.template: src: "virtual.j2" dest: "/etc/postfix/virtual" @@ -84,6 +84,15 @@ - Initialise virtual. - Reload Postfix configuration. +- name: Configure mail aliases. + ansible.builtin.template: + src: aliases.j2 + dest: /etc/aliases + owner: root + group: root + mode: 0644 + when: postfix.aliases | length > 0 + - name: Ensure host maildir exists. ansible.builtin.file: path: "/home/ce-dev/var/Maildir" diff --git a/roles/debian/postfix/templates/aliases.j2 b/roles/debian/postfix/templates/aliases.j2 new file mode 100644 index 000000000..078c0c25d --- /dev/null +++ b/roles/debian/postfix/templates/aliases.j2 @@ -0,0 +1,3 @@ +{% for item in postfix.aliases %} +{{ item.user }}: {{ item.alias }} +{% endfor %} \ No newline at end of file From e7c58d165a4a78276f4ae53a93546f81a18f070a Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 7 Dec 2023 17:38:30 +0100 Subject: [PATCH 2/3] Adding more default packages. --- roles/_meta/common_base/meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml index 8d87b016e..95fcebc29 100644 --- a/roles/_meta/common_base/meta/main.yml +++ b/roles/_meta/common_base/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - { role: debian/apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "vim", "unzip"] } + - { role: debian/apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "vim", "unzip", "ca-certificates"] } - { role: debian/apt_extra_packages, apt_extra_packages: ["dnsutils", "telnet", "atop", "sysstat"], when: ( is_local is not defined or not is_local ) } - role: debian/locales - role: debian/user_root From 006886eef06bc7d93d0e073f5fdbebfebb347fe4 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 7 Dec 2023 17:38:39 +0100 Subject: [PATCH 3/3] Fixing paths to roles. --- roles/debian/apache/tasks/domain.yml | 2 +- roles/debian/gitlab/tasks/main.yml | 4 ++-- roles/debian/gitlab_runner/tasks/main.yml | 4 ++-- roles/debian/jenkins/tasks/main.yml | 2 +- roles/debian/ldap_server/tasks/main.yml | 6 +++--- roles/debian/nginx/tasks/domain.yml | 2 +- roles/debian/nodejs/tasks/main.yml | 2 +- roles/debian/ossec/tasks/ossec-server.yml | 2 +- roles/debian/php-cli/tasks/main.yml | 2 +- roles/debian/php-common/tasks/main.yml | 6 +++--- roles/debian/php-fpm/tasks/main.yml | 2 +- roles/debian/php_blackfire/meta/main.yml | 3 --- roles/debian/php_xdebug/meta/main.yml | 3 --- roles/debian/squashfs/tasks/main.yml | 2 +- roles/debian/user_ansible/tasks/main.yml | 2 +- roles/debian/user_deploy/tasks/main.yml | 2 +- roles/debian/user_provision/tasks/main.yml | 2 +- 17 files changed, 21 insertions(+), 27 deletions(-) delete mode 100644 roles/debian/php_blackfire/meta/main.yml delete mode 100644 roles/debian/php_xdebug/meta/main.yml diff --git a/roles/debian/apache/tasks/domain.yml b/roles/debian/apache/tasks/domain.yml index 8faf98599..bec82a533 100644 --- a/roles/debian/apache/tasks/domain.yml +++ b/roles/debian/apache/tasks/domain.yml @@ -1,7 +1,7 @@ --- - name: Generates SSL keys. ansible.builtin.include_role: - name: ssl + name: debian/ssl when: domain.ssl is defined vars: ssl: "{{ domain.ssl }}" diff --git a/roles/debian/gitlab/tasks/main.yml b/roles/debian/gitlab/tasks/main.yml index e92ef192a..b7c9a9953 100644 --- a/roles/debian/gitlab/tasks/main.yml +++ b/roles/debian/gitlab/tasks/main.yml @@ -51,7 +51,7 @@ - name: Install the unattended-upgrades config. ansible.builtin.include_role: - name: apt_unattended_upgrades + name: debian/apt_unattended_upgrades when: apt_unattended_upgrades.enable - name: Ensure Gitlab is installed. @@ -62,7 +62,7 @@ - name: Generates SSL keys. ansible.builtin.include_role: - name: ssl + name: debian/ssl when: gitlab.ssl.enabled vars: ssl: "{{ gitlab.ssl | combine( { 'domain': gitlab.server_name } ) }}" diff --git a/roles/debian/gitlab_runner/tasks/main.yml b/roles/debian/gitlab_runner/tasks/main.yml index a418bb001..2601d8e4f 100644 --- a/roles/debian/gitlab_runner/tasks/main.yml +++ b/roles/debian/gitlab_runner/tasks/main.yml @@ -21,7 +21,7 @@ - name: Install the unattended-upgrades config. ansible.builtin.include_role: - name: apt_unattended_upgrades + name: debian/apt_unattended_upgrades when: apt_unattended_upgrades.enable - name: Ensure Gitlab Runner is installed. @@ -135,7 +135,7 @@ - name: Run docker_ce role when Fargate driver to be installed. ansible.builtin.include_role: - name: docker_ce + name: debian/docker_ce when: gitlab_runner.install_fargate - name: Add the ce-provision user to the docker group. diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index 24d1ff47e..a14ae2f7b 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -18,7 +18,7 @@ - name: Generates SSL keys. ansible.builtin.include_role: - name: "{{ jenkins.ssl_handling }}" + name: debian/ssl vars: ssl: domain: "{{ jenkins.server_name }}" diff --git a/roles/debian/ldap_server/tasks/main.yml b/roles/debian/ldap_server/tasks/main.yml index e8c24d13c..52fb1ccf4 100644 --- a/roles/debian/ldap_server/tasks/main.yml +++ b/roles/debian/ldap_server/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Stop slapd service. ansible.builtin.include_role: - name: process_manager + name: debian/process_manager when: ldap_server.slapd.purge vars: process_manager: @@ -58,7 +58,7 @@ - name: Stop slapd service. ansible.builtin.include_role: - name: process_manager + name: debian/process_manager vars: process_manager: process_name: slapd @@ -133,7 +133,7 @@ - name: Generate SSL keys if provided. ansible.builtin.include_role: - name: ssl + name: debian/ssl vars: ssl: "{{ ldap_server.ssl }}" diff --git a/roles/debian/nginx/tasks/domain.yml b/roles/debian/nginx/tasks/domain.yml index bf1c5c3e5..a38c4f451 100644 --- a/roles/debian/nginx/tasks/domain.yml +++ b/roles/debian/nginx/tasks/domain.yml @@ -29,7 +29,7 @@ - name: Generates SSL keys. ansible.builtin.include_role: - name: ssl + name: debian/ssl public: true when: domain.ssl is defined vars: diff --git a/roles/debian/nodejs/tasks/main.yml b/roles/debian/nodejs/tasks/main.yml index 89bf2a350..9cbf93d18 100644 --- a/roles/debian/nodejs/tasks/main.yml +++ b/roles/debian/nodejs/tasks/main.yml @@ -40,7 +40,7 @@ - name: Install the unattended-upgrades config. ansible.builtin.include_role: - name: apt_unattended_upgrades + name: debian/apt_unattended_upgrades when: apt_unattended_upgrades.enable - name: Ensure NodeJS and Yarn are installed. diff --git a/roles/debian/ossec/tasks/ossec-server.yml b/roles/debian/ossec/tasks/ossec-server.yml index 62ec8e174..b518ae2a7 100644 --- a/roles/debian/ossec/tasks/ossec-server.yml +++ b/roles/debian/ossec/tasks/ossec-server.yml @@ -48,7 +48,7 @@ - name: Generates SSL keys. ansible.builtin.include_role: - name: ssl + name: debian/ssl vars: ssl: "{{ ossec.ssl }}" diff --git a/roles/debian/php-cli/tasks/main.yml b/roles/debian/php-cli/tasks/main.yml index bdbe78b94..65f5c712a 100644 --- a/roles/debian/php-cli/tasks/main.yml +++ b/roles/debian/php-cli/tasks/main.yml @@ -52,4 +52,4 @@ - name: Setup composer. ansible.builtin.include_role: - name: php_composer + name: debian/php_composer diff --git a/roles/debian/php-common/tasks/main.yml b/roles/debian/php-common/tasks/main.yml index 939196fe5..7e54dc6cc 100644 --- a/roles/debian/php-common/tasks/main.yml +++ b/roles/debian/php-common/tasks/main.yml @@ -25,7 +25,7 @@ - name: Install the unattended-upgrades config. ansible.builtin.include_role: - name: apt_unattended_upgrades + name: debian/apt_unattended_upgrades when: apt_unattended_upgrades.enable - name: Install PHP packages. @@ -64,8 +64,8 @@ - name: Setup xdebug. ansible.builtin.include_role: - name: php_xdebug + name: debian/php_xdebug - name: Setup Blackfire. ansible.builtin.include_role: - name: php_blackfire + name: debian/php_blackfire diff --git a/roles/debian/php-fpm/tasks/main.yml b/roles/debian/php-fpm/tasks/main.yml index be6ac09fc..b485040ea 100644 --- a/roles/debian/php-fpm/tasks/main.yml +++ b/roles/debian/php-fpm/tasks/main.yml @@ -27,7 +27,7 @@ - name: Setup xdebug. ansible.builtin.include_role: - name: php_xdebug + name: debian/php_xdebug - name: Trigger overrides ansible.builtin.include_role: diff --git a/roles/debian/php_blackfire/meta/main.yml b/roles/debian/php_blackfire/meta/main.yml deleted file mode 100644 index b3cabd4e2..000000000 --- a/roles/debian/php_blackfire/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: debian/php-common diff --git a/roles/debian/php_xdebug/meta/main.yml b/roles/debian/php_xdebug/meta/main.yml deleted file mode 100644 index b3cabd4e2..000000000 --- a/roles/debian/php_xdebug/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: debian/php-common diff --git a/roles/debian/squashfs/tasks/main.yml b/roles/debian/squashfs/tasks/main.yml index 50aaebfd8..9635dafb2 100644 --- a/roles/debian/squashfs/tasks/main.yml +++ b/roles/debian/squashfs/tasks/main.yml @@ -12,7 +12,7 @@ - name: Allow the deploy user to mount and unmount volumes. ansible.builtin.include_role: - name: sudo_config + name: debian/sudo_config vars: sudo_config: entity_name: "{{ user_deploy.username }}" diff --git a/roles/debian/user_ansible/tasks/main.yml b/roles/debian/user_ansible/tasks/main.yml index 1598b2b5e..c40bbed11 100644 --- a/roles/debian/user_ansible/tasks/main.yml +++ b/roles/debian/user_ansible/tasks/main.yml @@ -29,7 +29,7 @@ - name: Add user to sudoers. ansible.builtin.include_role: - name: sudo_config + name: debian/sudo_config vars: sudo_config: entity_name: "{{ user_ansible.username }}" diff --git a/roles/debian/user_deploy/tasks/main.yml b/roles/debian/user_deploy/tasks/main.yml index 9b0a4708f..ff34921a7 100644 --- a/roles/debian/user_deploy/tasks/main.yml +++ b/roles/debian/user_deploy/tasks/main.yml @@ -1,5 +1,5 @@ --- - ansible.builtin.include_role: - name: user_ansible + name: debian/user_ansible vars: user_ansible: "{{ user_deploy }}" diff --git a/roles/debian/user_provision/tasks/main.yml b/roles/debian/user_provision/tasks/main.yml index f0749418a..26eed327f 100644 --- a/roles/debian/user_provision/tasks/main.yml +++ b/roles/debian/user_provision/tasks/main.yml @@ -1,5 +1,5 @@ --- - ansible.builtin.include_role: - name: user_ansible + name: debian/user_ansible vars: user_ansible: "{{ user_provision }}"