volker.raschek/ansible-role-rspamd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit
All checks were successful
Ansible Linter / ansible-lint (push) Successful in 19s
Details
Lint Markdown files / markdown-lint (push) Successful in 4s
Details

Browse Source
This commit is contained in:
Markus Pesch
2026-03-02 18:48:41 +01:00
commit 3c1f5f718f
38 changed files with 1071 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
tasks/dkim_create.yaml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: "Create directory for dkim keys"
ansible.builtin.file:
path: "{{ rspamd_dkim_dir }}"
owner: "root"
group: "root"
mode: "0755"
state: "directory"
- name: "Generate dkim keys"
ansible.builtin.command:
cmd: "bash -c \"rspamadm dkim_keygen -b 2048 -s {{ item.selector }} -k {{ rspamd_dkim_dir }}/{{ item.name }}.{{ item.selector }}.key > {{ rspamd_dkim_dir }}/{{ item.name }}.{{ item.selector }}.txt\""
creates: "{{ rspamd_dkim_dir }}/{{ item.name }}.{{ item.selector }}.txt"
with_items: "{{ rspamd_dkim_domains }}"
notify: Restart rspamd
- name: "Change ownership for dkim key files"
ansible.builtin.file:
path: "{{ rspamd_dkim_dir }}/{{ item.name }}.{{ item.selector }}.txt"
owner: "{{ rspamd_unix_user }}"
group: "{{ rspamd_unix_group }}"
mode: "0440"
with_items: "{{ rspamd_dkim_domains }}"
- name: "Change ownership for dkim dns record files"
ansible.builtin.file:
path: "{{ rspamd_dkim_dir }}/{{ item.name }}.{{ item.selector }}.key"
owner: "{{ rspamd_unix_user }}"
group: "{{ rspamd_unix_group }}"
mode: "0440"
with_items: "{{ rspamd_dkim_domains }}"
- name: "Create dkim_signing.conf"
ansible.builtin.template:
src: etc/rspamd/local.d/dkim_signing.conf.j2
dest: "{{ rspamd_local_d_dir }}/dkim_signing.conf"
owner: "root"
group: "root"
mode: "0644"
- name: Link ARC module to same DKIM configuration
ansible.builtin.file:
src: "{{ rspamd_local_d_dir }}/dkim_signing.conf"
dest: "{{ rspamd_local_d_dir }}/arc.conf"
owner: "root"
group: "root"
state: link

11
tasks/dkim_delete.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: "Delete directory for dkim keys"
ansible.builtin.file:
path: "{{ rspamd_dkim_dir }}"
state: "absent"
- name: "Delete dkim_signing.conf"
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/dkim_signing.conf"
state: "absent"

9
tasks/logging_create.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: "Create logging.inc"
ansible.builtin.template:
src: etc/rspamd/local.d/logging.inc.j2
dest: "{{ rspamd_local_d_dir }}/logging.inc"
owner: "root"
group: "root"
mode: "0644"

6
tasks/logging_delete.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: "Delete logging.inc"
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/logging.inc"
state: "absent"

121
tasks/main.yaml Normal file
View File

@@ -0,0 +1,121 @@
---
- name: Include OS-specific variables
tags: [ letsencrypt-hooks ]
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_facts['distribution'] }}_{{ ansible_facts['architecture'] }}.yaml"
- "{{ ansible_facts['distribution'] }}.yaml"
- "{{ ansible_facts['os_family'] }}_{{ ansible_facts['architecture'] }}.yaml"
- "{{ ansible_facts['os_family'] }}.yaml"
- main.yaml
paths:
- vars
- name: Install rspamd
ansible.builtin.package:
name: rspamd
state: "present"
- name: Create directory for custom rspamd configurations
ansible.builtin.file:
path: "{{ item }}"
owner: "root"
group: "root"
mode: "0755"
state: directory
with_items:
- "{{ rspamd_local_d_dir }}"
- "{{ rspamd_modules_d_dir }}"
- "{{ rspamd_override_d_dir }}"
- "{{ rspamd_plugins_d_dir }}"
- name: Manage dkim configuration
notify:
- Restart rspamd
block:
- name: Create dkim configuration
when: rspamd_dkim_enabled
ansible.builtin.include_tasks: dkim_create.yaml
- name: Delete dkim configuration
when: not rspamd_dkim_enabled
ansible.builtin.include_tasks: dkim_delete.yaml
- name: Manage logging configuration
notify:
- Restart rspamd
block:
- name: Create logging configuration
when: rspamd_logging_enabled
ansible.builtin.include_tasks: logging_create.yaml
- name: Delete logging configuration
when: not rspamd_logging_enabled
ansible.builtin.include_tasks: logging_delete.yaml
- name: Manage multimaps
ansible.builtin.include_tasks: multimaps.yaml
- name: Manage redis configuration
notify:
- Restart rspamd
block:
- name: Create redis configuration
when: rspamd_redis_enabled
ansible.builtin.include_tasks: redis_create.yaml
- name: Delete redis configuration
when: not rspamd_redis_enabled
ansible.builtin.include_tasks: redis_delete.yaml
- name: Manage worker controller
notify:
- Restart rspamd
block:
- name: Create worker controller configuration
when: rspamd_worker_controller_enabled
ansible.builtin.include_tasks: worker_controller_create.yaml
- name: Delete worker controller configuration
when: not rspamd_worker_controller_enabled
ansible.builtin.include_tasks: worker_controller_delete.yaml
- name: Template local.d files
vars:
selector_name: "{{ rspamd_dkim_selector_name | default('2020') }}"
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "{{ rspamd_local_d_dir }}/{{ item | basename }}"
owner: "root"
group: "root"
mode: "0644"
with_items:
- etc/rspamd/local.d/classifier-bayes.conf
- etc/rspamd/local.d/milter_headers.conf
- etc/rspamd/local.d/options.inc
notify:
- Restart rspamd
- name: Template override.d files
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "{{ rspamd_override_d_dir }}/{{ item | basename }}"
owner: "root"
group: "root"
mode: "0644"
with_items:
- etc/rspamd/override.d/classifier-bayes.conf
notify:
- Restart rspamd
- name: Test rspamd configuration
ansible.builtin.command:
cmd: rspamadm configtest --strict --config /etc/rspamd/rspamd.conf
register: _rspamd_rspamadm_configtest
changed_when: false
failed_when: _rspamd_rspamadm_configtest.rc > 0
- name: Start and enable rspamd
ansible.builtin.systemd:
name: rspamd
state: started
enabled: true

73
tasks/multimaps.yaml Normal file
View File

@@ -0,0 +1,73 @@
---
- name: "Create multimap.conf"
ansible.builtin.template:
src: etc/rspamd/local.d/multimap.conf.j2
dest: "{{ rspamd_local_d_dir }}/multimap.conf"
owner: "root"
group: "root"
mode: "0644"
- name: "Manage sender based allowlist"
block:
- name: "Create sender based allowlist"
when: rspamd_acl_allowlist_from | length > 0
ansible.builtin.template:
src: etc/rspamd/local.d/allowlist_from.map.j2
dest: "{{ rspamd_local_d_dir }}/allowlist_from.map"
owner: "root"
group: "root"
mode: "0644"
- name: "Delete sender based allowlist"
when: rspamd_acl_allowlist_from | length == 0
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/allowlist_from.map"
state: "absent"
- name: "Manage ip based allowlist"
block:
- name: "Create ip based allowlist"
when: rspamd_acl_allowlist_ips | length > 0
ansible.builtin.template:
src: etc/rspamd/local.d/allowlist_ips.map.j2
dest: "{{ rspamd_local_d_dir }}/allowlist_ips.map"
owner: "root"
group: "root"
mode: "0644"
- name: "Delete ip based allowlist"
when: rspamd_acl_allowlist_ips | length == 0
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/allowlist_ips.map"
state: "absent"
- name: "Manage sender based blocklist"
block:
- name: "Create sender based blocklist"
when: rspamd_acl_blocklist_from | length > 0
ansible.builtin.template:
src: etc/rspamd/local.d/blocklist_from.map.j2
dest: "{{ rspamd_local_d_dir }}/blocklist_from.map"
owner: "root"
group: "root"
mode: "0644"
- name: "Delete sender based blocklist"
when: rspamd_acl_blocklist_from | length == 0
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/blocklist_from.map"
state: "absent"
- name: "Manage ip based blocklist"
block:
- name: "Create ip based blocklist"
when: rspamd_acl_blocklist_ips | length > 0
ansible.builtin.template:
src: etc/rspamd/local.d/blocklist_ips.map.j2
dest: "{{ rspamd_local_d_dir }}/blocklist_ips.map"
owner: "root"
group: "root"
mode: "0644"
- name: "Delete ip based blocklist"
when: rspamd_acl_blocklist_ips | length == 0
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/blocklist_ips.map"
state: "absent"

9
tasks/redis_create.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
- name: "Create redis.conf"
ansible.builtin.template:
src: etc/rspamd/local.d/redis.conf.j2
dest: "{{ rspamd_local_d_dir }}/redis.conf"
owner: "root"
group: "root"
mode: "0644"

6
tasks/redis_delete.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: "Delete redis.conf"
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/redis.conf"
state: "absent"

23
tasks/worker_controller_create.yaml Normal file
View File

@@ -0,0 +1,23 @@
---
- name: Generate salted read password
when: rspamd_worker_controller_read_password | length > 0
ansible.builtin.command:
cmd: "rspamadm pw --password {{ rspamd_worker_controller_read_password }}"
changed_when: false
register: rspamd_worker_controller_read_password_salted
- name: Generate salted write password
when: rspamd_worker_controller_write_password | length > 0
ansible.builtin.command:
cmd: "rspamadm pw --password {{ rspamd_worker_controller_write_password }}"
changed_when: false
register: rspamd_worker_controller_write_password_salted
- name: "Create worker-controller.inc"
ansible.builtin.template:
src: etc/rspamd/local.d/worker-controller.inc.j2
dest: "{{ rspamd_local_d_dir }}/worker-controller.inc"
owner: "root"
group: "root"
mode: "0644"

6
tasks/worker_controller_delete.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: "Delete worker-controller.inc"
ansible.builtin.file:
path: "{{ rspamd_local_d_dir }}/worker-controller.inc"
state: "absent"