~nka/ansible-role-rspamd

3cbf04dc669a14242ec53c432467fe100dbf9643 — Nicolas KAROLAK 2 months ago v1.0.0
init
4 files changed, 136 insertions(+), 0 deletions(-)

A defaults/main.yml
A handlers/main.yml
A meta/main.yml
A tasks/main.yml
A  => defaults/main.yml +40 -0
@@ 1,40 @@
---

rspamd_packages:
  - rspamd

rspamd_password:

rspamd_worker_normal: |
  bind_socket = "localhost:11333";

rspamd_worker_proxy: |
  bind_socket = "localhost:11332";
  milter = yes;
  timeout = 120s;
  upstream "local" {
    default = yes;
    self_scan = yes;
  }

rspamd_dkim_signing: |
  selector = "mail";
  path = "/var/lib/rspamd/dkim/$selector.key";
  allow_username_mismatch = true;

rspamd_arc: |
  selector = "mail";
  path = "/var/lib/rspamd/dkim/$selector.key";
  allow_username_mismatch = true;

rspamd_worker_controller: |
  password = "{{ rspamd_password | password_hash('bcrypt') }}"

rspamd_classifier_bayes: |
  servers = "127.0.0.1";
  backend = "redis";

rspamd_milter_headers: |
  use = ["x-spamd-bar", "x-spam-level", "authentication-results"];

...

A  => handlers/main.yml +8 -0
@@ 1,8 @@
---

- name: restart rspamd
  systemd:
    name: rspamd
    state: restarted

...

A  => meta/main.yml +14 -0
@@ 1,14 @@
---

galaxy_info:
  author: Nicolas Karolak
  description: Install a Rspamd server
  galaxy_tags: []
  license: WTFPL
  min_ansible_version: 2.9
  platforms:
    - name: 'Debian'
      versions:
        - 'buster'

dependencies: []

A  => tasks/main.yml +74 -0
@@ 1,74 @@
---

- name: install rspamd packages
  apt:
    force_apt_get: true
    install_recommends: false
    name: "{{ rspamd_packages }}"

# CONFIGURATION

- name: configure worker-normal
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/worker-normal.inc
    content: "{{ rspamd_worker_normal }}"

- name: configure worker-proxy
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/worker-proxy.inc
    content: "{{ rspamd_worker_proxy }}"

- name: configure worker-controller
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/worker-controller.inc
    content: "{{ rspamd_worker_controller }}"

- name: configure classifier-bayes
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/classifier-bayes.conf
    content: "{{ rspamd_classifier_bayes }}"

- name: configure milter_headers
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/milter_headers.conf
    content: "{{ rspamd_milter_headers }}"

- name: create dkim directory
  file:
    path: /var/lib/rspand/dkim
    owner: _rspamd
    group: _rspamd
    state: directory

- name: generate dkim private key
  become: true
  become_user: _rspamd
  register: rspamd_dkim
  command:
    cmd: rspamadm dkim_keygen -s mail -k /var/lib/rspamd/dkim/mail.key
    creates: /var/lib/rspamd/dkim/mail.key

- name: save dkim public key
  when: rspamd_dkim is changed
  copy:
    dest: /var/lib/rspamd/dkim/mail.pub
    content: "{{ rspamd_dkim.stdout }}"

- name: configure dkim_signing
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/dkim_signing.conf
    content: "{{ rspamd_dkim_signing }}"

- name: configure arc
  notify: restart rspamd
  copy:
    dest: /etc/rspamd/local.d/arc.conf
    content: "{{ rspamd_arc }}"

...