Fix fresh-deploy blockers and clean up architecture
- Seed postfix-accounts.cf before mailserver start to satisfy Dovecot's requirement for at least one account on first boot - Add failed_when: false to mail user/alias list tasks (files don't exist on first run) - Add forgejo_runner_version (was undefined); default to 12 - Create /srv/forgejo/data/gitea/conf before deploying app.ini - Decouple goaccess sync from restic: new enable_goaccess_sync flag with its own goaccess_sync_* variables - Move Docker installation to bootstrap exclusively; rename docker.yml to networks.yml (runs docker_network role only) - Add radicale_password to vault template and setup.sh - Fix goaccess sync tasks gated on enable_goaccess_sync - Add upstream bug comment to authorized_key deprecation warning - Update CLAUDE.md and README.md throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
75891c3271
commit
b38cd94fc8
23 changed files with 400 additions and 307 deletions
|
|
@ -92,15 +92,32 @@
|
|||
name: certbot
|
||||
state: present
|
||||
|
||||
- name: Check if mail TLS certificate already exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/letsencrypt/live/{{ mail_hostname }}/fullchain.pem
|
||||
register: mail_cert
|
||||
|
||||
- name: Stop Caddy to free port 80 for certbot
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/caddy
|
||||
state: stopped
|
||||
when: not mail_cert.stat.exists
|
||||
|
||||
- name: Obtain a Let's Encrypt certificate for {{ mail_hostname }}
|
||||
command: >
|
||||
certbot certonly --standalone
|
||||
-d {{ mail_hostname }}
|
||||
--non-interactive --agree-tos -m postmaster@{{ domain }}
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/{{ mail_hostname }}/fullchain.pem
|
||||
when: not mail_cert.stat.exists
|
||||
tags: config
|
||||
|
||||
- name: Restart Caddy after certbot
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/caddy
|
||||
state: present
|
||||
build: never
|
||||
when: not mail_cert.stat.exists
|
||||
|
||||
- name: Deploy mail compose file
|
||||
template:
|
||||
src: compose.yml.j2
|
||||
|
|
@ -126,6 +143,17 @@
|
|||
notify: Restart mailserver
|
||||
tags: config
|
||||
|
||||
- name: Seed mail accounts into postfix-accounts.cf before first start
|
||||
ansible.builtin.shell: |
|
||||
grep -qF "{{ item.address }}" /srv/mail/config/postfix-accounts.cf 2>/dev/null && exit 0
|
||||
hash=$(openssl passwd -6 {{ item.password | quote }})
|
||||
printf '%s|{SHA512-CRYPT}%s\n' "{{ item.address }}" "${hash}" >> /srv/mail/config/postfix-accounts.cf
|
||||
loop: "{{ mail_users }}"
|
||||
no_log: true
|
||||
args:
|
||||
executable: /bin/bash
|
||||
tags: users
|
||||
|
||||
- name: Start mailserver
|
||||
community.docker.docker_compose_v2:
|
||||
project_src: /srv/mail
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue