From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 roles/rspamd/tasks/main.yml | 76 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 roles/rspamd/tasks/main.yml

(limited to 'roles/rspamd/tasks/main.yml')

diff --git a/roles/rspamd/tasks/main.yml b/roles/rspamd/tasks/main.yml
new file mode 100644
index 0000000..d9da674
--- /dev/null
+++ b/roles/rspamd/tasks/main.yml
@@ -0,0 +1,76 @@
+- name: install packages
+  dnf:
+    name: '{{ rspamd_packages }}'
+    state: present
+
+- name: generate config files
+  template:
+    src: '{{ item.src }}'
+    dest: /etc/rspamd/{{ item.path | splitext | first }}
+  loop: "{{ lookup('filetree', '../templates/etc/rspamd', wantlist=True) }}"
+  loop_control:
+    label: '{{ item.path }}'
+  when: item.state == 'file'
+  notify: restart rspamd
+
+- name: create dkim directory
+  file:
+    path: '{{ rspamd_data_dir }}/dkim'
+    state: directory
+    owner: root
+    group: '{{ rspamd_group }}'
+    mode: 0750
+
+- name: generate dkim keys
+  copy:
+    content: '{{ item.value }}'
+    dest: '{{ rspamd_data_dir }}/dkim/{{ item.key }}.{{ rspamd_dkim_selector }}.key'
+    owner: root
+    group: '{{ rspamd_group }}'
+    mode: 0440
+  loop: '{{ rspamd_dkim_keys | dict2items }}'
+  loop_control:
+    label: '{{ item.key }}'
+
+- name: generate domain whitelist
+  copy:
+    content: |
+      {% for domain in rspamd_domain_whitelist %}
+      {{ domain }}
+      {% endfor %}
+    dest: /etc/rspamd/maps.d/domain-whitelist.map
+  tags: whitelist
+
+- name: open firewall ports
+  firewalld:
+    port: '{{ item }}/tcp'
+    permanent: yes
+    immediate: yes
+    state: enabled
+  loop:
+    - '{{ rspamd_milter_port }}'
+    - '{{ rspamd_controller_port }}'
+  tags: firewalld
+
+- name: set http_port_t selinux context for http port
+  seport:
+    ports: '{{ rspamd_controller_port }}'
+    proto: tcp
+    setype: http_port_t
+    state: present
+  tags: selinux
+
+- name: enable rspamd
+  systemd:
+    name: rspamd
+    enabled: yes
+    state: started
+
+- name: create rspamd admin group
+  ipagroup:
+    ipaadmin_principal: '{{ ipa_user }}'
+    ipaadmin_password: '{{ ipa_pass }}'
+    name: '{{ rspamd_admin_group }}'
+    nonposix: yes
+    state: present
+  run_once: yes
-- 
cgit