diff --git a/ping.yml b/ping.yml deleted file mode 100644 index 44c1e16598ed6054c6fbc5689e2dc1583151cfe3..0000000000000000000000000000000000000000 --- a/ping.yml +++ /dev/null @@ -1,3 +0,0 @@ -- hosts: all - tasks: - - ping: diff --git a/start.yml b/start.yml index d1f6e6706d3939e821a5987894e4a05285828529..66d9e5d8455f5f2f50a712ec706427f8428462cf 100644 --- a/start.yml +++ b/start.yml @@ -159,6 +159,7 @@ body: dummy return_content: no + - name: web_update uri: url: "http://127.0.0.1:10222/web/update" @@ -184,7 +185,9 @@ stat: path: "{{STORAGE_ROOT}}/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/" register: stat + - block: + - pause: seconds: 1 prompt: | @@ -193,16 +196,19 @@ to enable HTTPS connections to your box. We're automatically agreeing you to their subscriber agreement. See https://letsencrypt.org. ------------------------------------------------------------------------------------------ + - name: certbot register command: "certbot register --register-unsafely-without-email --agree-tos --config-dir {{STORAGE_ROOT}}/ssl/lets_encrypt" args: chdir: "{{mailinabox_folder}}" failed_when: False register: shell_ret + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" failed_when: shell_ret.rc | default(0) + when: not stat.stat.exists # diff --git a/tasks/dkim.yml b/tasks/dkim.yml index 338d7d0ba36200f41a40b4af8920b221f6819d0e..ea7cf70b0cada137344f87a009e945777f11b3e7 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/dns.yml b/tasks/dns.yml index 8548cfd27b023828c398390dec8b015f4c965f86..7ec68d428e18613c857aacb8d38612f2cd747a69 100644 --- a/tasks/dns.yml +++ b/tasks/dns.yml @@ -4,6 +4,7 @@ chdir: "{{mailinabox_folder}}" failed_when: False register: shell_ret + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/mail-dovecot.yml b/tasks/mail-dovecot.yml index c209fdaf0103e67e2e444e94d60d4e5c1a3e6adc..5a499ac029cb5504250aeae0276b8e7abda0829d 100644 --- a/tasks/mail-dovecot.yml +++ b/tasks/mail-dovecot.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/mail-postfix.yml b/tasks/mail-postfix.yml index efdb54cb8c5c681a8895df987b954a63565c046e..69862139e92643bc69f12d0251978c8d8e5d41cf 100644 --- a/tasks/mail-postfix.yml +++ b/tasks/mail-postfix.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/mail-users.yml b/tasks/mail-users.yml index d0b776e9c1c9121df6ae9f795d91b0964216e556..0c3c0e3accd10b26d09c040db19c7aa5bd65f853 100644 --- a/tasks/mail-users.yml +++ b/tasks/mail-users.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/management.yml b/tasks/management.yml index 9f1efc60f154ddef08045643e590baad99279450..d2e01e1ee313c89c7751faeb2cdc3ff27ea1039f 100644 --- a/tasks/management.yml +++ b/tasks/management.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/munin.yml b/tasks/munin.yml index 5a1016e1231a7f7664e18064f98ea847d6617207..c2213c2ee7dbc9105e8b88305cfdc86c7515d963 100644 --- a/tasks/munin.yml +++ b/tasks/munin.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/nextcloud.yml b/tasks/nextcloud.yml index 396b74a18eeb95a3c9619b2413974593e0af7d46..b789067f98407cd08c70e65e31585df2d31439bc 100644 --- a/tasks/nextcloud.yml +++ b/tasks/nextcloud.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index c3c8ec0b05c94541ae3991d8e73985aa9691c02c..e006fb274d4f301222489c3da19d0e4f02a418b7 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 6c56c04c0b79035fb9228c8ced1edbae86352453..26b014810753894f583c20fe099ff419451a692b 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -6,20 +6,24 @@ package: name: openssl state: present + - name: "{{STORAGE_ROOT}}/ssl" file: path: "{{STORAGE_ROOT}}/ssl" state: directory + - name: Generate a new private key shell: "(umask 077; openssl genrsa -out {{STORAGE_ROOT}}/ssl/ssl_private_key.pem 2048)" args: creates: "{{STORAGE_ROOT}}/ssl/ssl_private_key.pem" + - name: create tmpfile for CSR tempfile: state: file suffix: temp register: tempfile_csr changed_when: False + - name: Generate a certificate signing request command: > openssl req @@ -30,6 +34,7 @@ -subj "/CN={{PRIMARY_HOSTNAME}}" args: creates: "{{STORAGE_ROOT}}/ssl/{{PRIMARY_HOSTNAME}}-selfsigned-{{ansible_date_time.year}}{{ansible_date_time.month}}{{ansible_date_time.day}}.pem" + - name: Generate the self-signed certificate command: > openssl x509 @@ -40,21 +45,25 @@ -out {{STORAGE_ROOT}}/ssl/{{PRIMARY_HOSTNAME}}-selfsigned-{{ansible_date_time.year}}{{ansible_date_time.month}}{{ansible_date_time.day}}.pem args: creates: "{{STORAGE_ROOT}}/ssl/{{PRIMARY_HOSTNAME}}-selfsigned-{{ansible_date_time.year}}{{ansible_date_time.month}}{{ansible_date_time.day}}.pem" + - name: Delete the certificate signing request because it has no other purpose file: path: "{{tempfile_csr.path}}" state: absent changed_when: False + - name: check for ssl_certificate.pem link stat: path: "{{STORAGE_ROOT}}/ssl/ssl_certificate.pem" register: ssl_certificate_stat + - name: Symlink the certificate into the system certificate path, so system services can find it. file: src: "{{STORAGE_ROOT}}/ssl/{{PRIMARY_HOSTNAME}}-selfsigned-{{ansible_date_time.year}}{{ansible_date_time.month}}{{ansible_date_time.day}}.pem" dest: "{{STORAGE_ROOT}}/ssl/ssl_certificate.pem" state: link when: not ssl_certificate_stat.stat.exists + - name: Generate some Diffie-Hellman cipher bits. # openssl's default bit length for this is 1024 bits, but we'll create # 2048 bits of bits per the latest recommendations. diff --git a/tasks/system.yml b/tasks/system.yml index f4417fc0c8e2126be1104b391d23ba4daca435b7..9def38f4ca6e60fffd9a6040a82f76d8c296dd7d 100644 --- a/tasks/system.yml +++ b/tasks/system.yml @@ -11,6 +11,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/web.yml b/tasks/web.yml index 6e638529af3f6715600bc84702b452f40f3266a5..e3c7917355cad5bb9010a35f8c4d522e6a8c336b 100644 --- a/tasks/web.yml +++ b/tasks/web.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/webmail.yml b/tasks/webmail.yml index c9b640be377ffd95c760713b52b02e98a16123bd..4563f0225c8988d9a19db42418f620ef865aad0e 100644 --- a/tasks/webmail.yml +++ b/tasks/webmail.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}" diff --git a/tasks/zpush.yml b/tasks/zpush.yml index 692f410e7a789f2a6845cad22588632dc68c3ea6..e8c861f28c28ac922fd6ddde13ff94bac41e9a10 100644 --- a/tasks/zpush.yml +++ b/tasks/zpush.yml @@ -5,6 +5,7 @@ failed_when: False register: shell_ret when: True + - name: print command results debug: msg: "{{shell_ret.stdout_lines | default(['NOT RUNNING because --check']) + shell_ret.stderr_lines | default([])}}"