feat: full untested ansible setup

2026-04-22 12:22:58 +02:00
parent b1d9b2a857
commit 0d967909e7
37 changed files with 1362 additions and 1 deletions
--- a/roles/mailserver/tasks/main.yml
+++ b/roles/mailserver/tasks/main.yml
@@ -0,0 +1,77 @@
+---
+- name: Ensure mail service user exists
+  ansible.builtin.user:
+    name: "{{ mailserver.service_user }}"
+    groups:
+      - "{{ mailserver.service_group }}"
+    append: true
+    system: true
+    shell: /usr/sbin/nologin
+    create_home: false
+
+- name: Ensure mailserver directories exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ mailserver.service_user }}"
+    group: "{{ mailserver.service_group }}"
+    mode: "0755"
+  loop:
+    - "{{ mailserver.path }}"
+    - "{{ mailserver.path }}/docker-data"
+    - "{{ mailserver.path }}/docker-data/dms/mail-data"
+    - "{{ mailserver.path }}/docker-data/dms/mail-state"
+    - "{{ mailserver.path }}/docker-data/dms/mail-logs"
+    - "{{ mailserver.path }}/docker-data/dms/config"
+
+- name: Render mailserver environment file
+  ansible.builtin.template:
+    src: mailserver.env.j2
+    dest: "{{ mailserver.path }}/mailserver.env"
+    owner: "{{ mailserver.service_user }}"
+    group: "{{ mailserver.service_group }}"
+    mode: "0640"
+  register: mailserver_env
+
+- name: Render mailserver accounts file
+  ansible.builtin.copy:
+    dest: "{{ mailserver.path }}/docker-data/dms/config/postfix-accounts.cf"
+    content: "{{ vault_mailserver_accounts | default('# add mail accounts here\n') }}"
+    owner: "{{ mailserver.service_user }}"
+    group: "{{ mailserver.service_group }}"
+    mode: "0600"
+  register: mailserver_accounts
+
+- name: Render mailserver compose file
+  ansible.builtin.template:
+    src: compose.yaml.j2
+    dest: "{{ mailserver.path }}/compose.yaml"
+    owner: "{{ mailserver.service_user }}"
+    group: "{{ mailserver.service_group }}"
+    mode: "0640"
+  register: mailserver_compose
+
+- name: Install mailserver compose systemd unit
+  ansible.builtin.template:
+    src: mailserver-compose.service.j2
+    dest: /etc/systemd/system/mailserver-compose.service
+    owner: root
+    group: root
+    mode: "0644"
+  register: mailserver_unit
+
+- name: Reload systemd for mailserver unit changes
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  when: mailserver_unit.changed
+
+- name: Enable mailserver compose stack
+  ansible.builtin.service:
+    name: mailserver-compose
+    state: >-
+      {{
+        'restarted'
+        if (mailserver_env.changed or mailserver_accounts.changed or mailserver_compose.changed or mailserver_unit.changed)
+        else 'started'
+      }}
+    enabled: true
--- a/roles/mailserver/templates/compose.yaml.j2
+++ b/roles/mailserver/templates/compose.yaml.j2
@@ -0,0 +1,28 @@
+services:
+  mailserver:
+    image: {{ mailserver.image }}
+    container_name: mailserver
+    hostname: {{ mailserver.hostname }}
+    env_file: {{ mailserver.path }}/mailserver.env
+    restart: unless-stopped
+    stop_grace_period: 1m
+    ports:
+      - "25:25"
+      - "143:143"
+      - "465:465"
+      - "587:587"
+      - "993:993"
+    volumes:
+      - {{ mailserver.path }}/docker-data/dms/mail-data:/var/mail
+      - {{ mailserver.path }}/docker-data/dms/mail-state:/var/mail-state
+      - {{ mailserver.path }}/docker-data/dms/mail-logs:/var/log/mail
+      - {{ mailserver.path }}/docker-data/dms/config:/tmp/docker-mailserver
+      - {{ mailserver.tls_root_path }}:/etc/letsencrypt:ro
+      - /etc/localtime:/etc/localtime:ro
+    cap_add:
+      - NET_ADMIN
+      - SYS_PTRACE
+
+networks:
+  default:
+    name: {{ mailserver.compose_project_name }}
--- a/roles/mailserver/templates/mailserver-compose.service.j2
+++ b/roles/mailserver/templates/mailserver-compose.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Docker Mailserver Compose stack
+Requires=docker.service
+After=docker.service network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+WorkingDirectory={{ mailserver.path }}
+ExecStart=/usr/bin/docker compose -f {{ mailserver.path }}/compose.yaml up -d
+ExecStop=/usr/bin/docker compose -f {{ mailserver.path }}/compose.yaml down
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/mailserver/templates/mailserver.env.j2
+++ b/roles/mailserver/templates/mailserver.env.j2
@@ -0,0 +1,5 @@
+OVERRIDE_HOSTNAME={{ mailserver.hostname }}
+POSTMASTER_ADDRESS={{ certbot_email }}
+{% for key, value in mailserver.env.items() %}
+{{ key }}={{ value }}
+{% endfor %}