summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-02-12 15:25:31 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-02-12 20:06:22 +0100
commitfa8d2b668550259e6f78d16fc209c4da1a20b842 (patch)
treecfa56bc2941f14626cbecf7e785d6c3a9c000e0d
parentce731cb119b501b2de58473c6fb0d205d772c004 (diff)
Upgrade playbooks to Ansible 2.0.
-rw-r--r--ansible.cfg116
-rw-r--r--lib/action_plugins/openldap.py86
-rw-r--r--roles/IMAP/handlers/main.yml2
-rw-r--r--roles/IMAP/tasks/imap.yml2
-rw-r--r--roles/IMAP/tasks/main.yml18
-rw-r--r--roles/LDAP-provider/tasks/main.yml4
-rw-r--r--roles/MSA/tasks/main.yml2
-rw-r--r--roles/MX/tasks/main.yml2
-rw-r--r--roles/bacula-dir/tasks/main.yml2
-rw-r--r--roles/bacula-sd/tasks/main.yml2
-rw-r--r--roles/common-LDAP/tasks/main.yml2
-rw-r--r--roles/common/tasks/bacula.yml2
-rw-r--r--roles/common/tasks/mail.yml6
-rw-r--r--roles/common/tasks/main.yml57
-rw-r--r--roles/common/tasks/munin-node.yml2
-rw-r--r--roles/common/tasks/sysctl.yml2
-rw-r--r--roles/git/tasks/cgit.yml2
-rw-r--r--roles/git/tasks/gitolite.yml4
-rw-r--r--roles/git/tasks/main.yml6
-rw-r--r--roles/lists/tasks/main.yml16
-rw-r--r--roles/lists/tasks/nginx.yml2
-rw-r--r--roles/webmail/tasks/main.yml10
-rw-r--r--roles/webmail/tasks/roundcube.yml6
-rw-r--r--roles/wiki/handlers/main.yml2
-rw-r--r--roles/wiki/tasks/main.yml4
25 files changed, 168 insertions, 191 deletions
diff --git a/ansible.cfg b/ansible.cfg
index 3810727..2de77ef 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,105 +3,43 @@
# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first
[defaults]
-
-# location of inventory file, eliminates need to specify -i
-
-#hostfile = ./stage_vms
-
-# location of ansible library, eliminates need to specify --module-path
-
-library = ./lib/modules:/usr/share/ansible
-
-# default module name used in /usr/bin/ansible when -m is not specified
-
-module_name = command
-
-# home directory where temp files are stored on remote systems. Should
-# almost always contain $HOME or be a directory writeable by all users
-
-remote_tmp = $HOME/.ansible/tmp
-
-# the default pattern for ansible-playbooks ("hosts:")
-
-pattern = *
-
-# the default number of forks (parallelism) to be used. Usually you
-# can crank this up.
-
-forks = 5
-
-# the timeout used by various connection types. Usually this corresponds
-# to an SSH timeout
-
-timeout = 10
-
-# when using --poll or "poll:" in an ansible playbook, and not specifying
-# an explicit poll interval, use this interval
-
-poll_interval = 15
-
-# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook,
-# and not specifying "--sudo-user" or "sudo_user" respectively, sudo
-# to this user account
-
-sudo = True
-#sudo_user = root
-
-# what flags to pass to sudo
-sudo_flags = -H LC_ALL=C
-
-# the following forces ansible to always ask for the sudo password (instead of having
-# to add -K to the commandline). Or you can use the environment variable (ANSIBLE_ASK_SUDO_PASS)
-
-ask_sudo_pass = True
-
-# the following forces ansible to always ask for the ssh-password (-k)
-# can also be set by the environment variable ANSIBLE_ASK_PASS
-
-#ask_pass = True
-
-# connection to use when -c <connection_type> is not specified
-
-transport = ssh
-
-# remote SSH port to be used when --port or "port:" or an equivalent inventory
-# variable is not specified.
-
-remote_port = 22
-
-# if set, always run /usr/bin/ansible commands as this user, and assume this value
-# if "user:" is not set in a playbook. If not set, use the current Unix user
-# as the default
-
-#remote_user = root
-
-# if set, always use this private key file for authentication, same as if passing
-# --private-key to ansible or ansible-playbook
-
-#private_key_file=/path/to/file
-
-# format of string $ansible_managed available within Jinja2 templates, replacing
-# {file}, {host} and {uid} with template filename, host and owner respectively.
-# The resulting string is passed through strftime(3) so it may contain any
-# time-formatting specifiers.
-#
-# Example: ansible_managed = DONT TOUCH {file}: call {uid} at {host} for changes
+library = ./lib/modules:/usr/share/ansible
+remote_tmp = $HOME/.ansible/tmp
+forks = 5
+poll_interval = 15
+transport = ssh
+remote_port = 22
+module_lang = C
+timeout = 10
+
+# format of string {{ ansible_managed }} available within Jinja2
+# templates indicates to users editing templates files will be replaced.
+# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible Managed: modified on %Y-%m-%d %H:%M:%S by {uid}@{host}
# additional plugin paths for non-core plugins
-
action_plugins = ./lib/action_plugins
callback_plugins = ./lib/callback_plugins
connection_plugins = ./lib/connection_plugins
lookup_plugins = ./lib/lookup_plugins
vars_plugins = ./lib/vars_plugins
-[ssh_connection]
+# retry files
+# When a playbook fails by default a .retry file will be created in ~/
+# You can disable this feature by setting retry_files_enabled to False
+# and you can change the location of the files by setting retry_files_save_path
+retry_files_enabled = False
+#retry_files_save_path = ~/.ansible-retry
+
-# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist
-# will result in poor performance, so use transport=paramiko on older platforms rather than
-# removing it
+[privilege_escalation]
+become=True
+become_method=sudo
+#become_user=root
+become_ask_pass=True
-control_path = /run/shm/ansible-ssh-%%C
+
+[ssh_connection]
+control_path = ~/.ssh/S.ansible-%%C
ssh_args = -oHashKnownHosts=no -oUserKnownHostsFile=./certs/ssh_known_hosts -oStrictHostKeyChecking=yes -oControlMaster=auto -oControlPersist=60s
pipelining = True
diff --git a/lib/action_plugins/openldap.py b/lib/action_plugins/openldap.py
index 5dbf59f..a66c3aa 100644
--- a/lib/action_plugins/openldap.py
+++ b/lib/action_plugins/openldap.py
@@ -14,73 +14,55 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import os
-import pipes
-import tempfile
+from ansible.plugins.action import ActionBase
+from ansible.utils.unicode import to_bytes, to_unicode
-from ansible.utils import template
-from ansible import utils
-from ansible.runner.return_data import ReturnData
-
-class ActionModule(object):
+class ActionModule(ActionBase):
TRANSFERS_FILES = True
- def __init__(self, runner):
- self.runner = runner
-
- def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs):
- ''' handler for file transfer operations '''
+ def run(self, tmp=None, task_vars=None):
+ if task_vars is None:
+ task_vars = dict()
- if self.runner.noop_on_check(inject):
- return ReturnData(conn=conn, comm_ok=True, result=dict(skipped=True))
+ if self._play_context.check_mode:
+ return dict(skipped=True, msg='check mode not supported for this module')
- # load up options
- options = {}
- if complex_args:
- options.update(complex_args)
- options.update(utils.parse_kv(module_args))
+ result = super(ActionModule, self).run(tmp, task_vars)
- target = options.get('target', None)
- local = options.get('local', 'no')
+ target = self._task.args.get('target', None)
+ local = self._task.args.get('local', 'no')
if local not in [ 'no', 'file', 'template' ]:
- result = dict(failed=True, msg="local must be in ['no','file','template']")
- return ReturnData(conn=conn, comm_ok=False, result=result)
+ return dict(failed=True, msg="local must be in ['no','file','template']")
if local != 'no' and target is None:
- result = dict(failed=True, msg="target is required in local mode")
- return ReturnData(conn=conn, comm_ok=False, result=result)
+ return dict(failed=True, msg="target is required in local mode")
if local == 'no':
# run the module remotely
- return self.runner._execute_module(conn, tmp, 'openldap', module_args, inject=inject, complex_args=complex_args)
- elif '_original_file' in inject:
- target = utils.path_dwim_relative(inject['_original_file'], local+'s', target, self.runner.basedir)
+ return self._execute_module(module_args=self._task.args, task_vars=task_vars)
+
+ if self._task._role is not None:
+ target = self._loader.path_dwim_relative(self._task._role._role_path, local+'s', target)
else:
- # the source is local, so expand it here
- target = os.path.expanduser(target)
+ target = self._loader.path_dwim_relative(self._loader.get_basedir(), local+'s', target)
+
+ new_module_args = self._task.args.copy()
+ new_module_args['target'] = self._connection._shell.join_path(self._make_tmp_path(), 'target.ldif')
+ new_module_args['local'] = 'no'
- options['local'] = 'no'
- options['target'] = os.path.join(tmp, os.path.basename(target))
if local == 'template':
- # template the source data locally and transfer it
+ # template the source data locally
try:
- s = template.template_from_file(self.runner.basedir, target, inject, vault_password=self.runner.vault_pass)
- tmpfile = tempfile.NamedTemporaryFile(delete=False)
- tmpfile.write(s)
- tmpfile.close()
- target = tmpfile.name
- except Exception, e:
- result = dict(failed=True, msg=str(e))
- return ReturnData(conn=conn, comm_ok=False, result=result)
- conn.put_file(tmpfile.name, options['target'])
- os.unlink(tmpfile.name)
-
- elif local == 'file':
- conn.put_file(target, options['target'])
+ with open(target, 'r') as f:
+ template_data = to_unicode(f.read())
+ target = self._templar.template(template_data, preserve_trailing_newlines=True, escape_backslashes=False, convert_data=False)
+ except Exception as e:
+ result['failed'] = True
+ result['msg'] = type(e).__name__ + ": " + str(e)
+ return result
- # run the script remotely with the new (temporary) filename
- module_args = ""
- for o in options:
- module_args = "%s %s=%s" % (module_args, o, pipes.quote(options[o]))
- return self.runner._execute_module(conn, tmp, 'openldap', module_args, inject=inject)
+ # transfer the file and run the module remotely
+ self._transfer_data(new_module_args['target'], target)
+ result.update(self._execute_module(module_args=new_module_args, task_vars=task_vars))
+ return result
diff --git a/roles/IMAP/handlers/main.yml b/roles/IMAP/handlers/main.yml
index 10a717d..2c49611 100644
--- a/roles/IMAP/handlers/main.yml
+++ b/roles/IMAP/handlers/main.yml
@@ -6,7 +6,7 @@
service: name=postfix state=reloaded
- name: Compile Spamassassin rules
- sudo_user: debian-spamd
+ become_user: debian-spamd
# it might take a while...
command: /usr/bin/sa-compile --quiet
chdir=/var/lib/spamassassin/
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index c9686c9..883b6a8 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -79,7 +79,7 @@
- name: Fetch Dovecot's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/dovecot/ssl/imap.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index 9ed2ea6..f9b25d1 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -1,4 +1,16 @@
---
-- include: imap.yml tags=imap,dovecot
-- include: mda.yml tags=mda,mail,postfix
-#- include: spam.yml tags=spam,spamassassin # TODO spam filter
+- include: imap.yml
+ tags:
+ - imap
+ - dovecot
+- include: mda.yml
+ tags:
+ - mda
+ - mail
+ - postfix
+# TODO spam filter
+#- include: spam.yml
+# tags
+# - spam
+# - spamassassin
+#
diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml
index 3f7f29f..ad6e7bb 100644
--- a/roles/LDAP-provider/tasks/main.yml
+++ b/roles/LDAP-provider/tasks/main.yml
@@ -6,8 +6,8 @@
- name: Enable the EXTERNAL SASL mechanism
lineinfile: dest=/usr/lib/sasl2/slapd.conf
- regexp='^mech_list'':'
- line=mech_list':'' EXTERNAL'
+ regexp='^mech_list{{':'}}'
+ line='mech_list{{':'}} EXTERNAL'
create=yes
owner=root group=root
mode=0644
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 499880f..4c0ceef 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -26,7 +26,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
# `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
fetch: src=/etc/postfix/ssl/smtp.fripost.org.pem
dest=certs/public/
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 1b820e3..6ca11c0 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -80,7 +80,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
# `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
fetch: src=/etc/postfix/ssl/mx.fripost.org.pem
dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pem
diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml
index cee6fc2..1dd0683 100644
--- a/roles/bacula-dir/tasks/main.yml
+++ b/roles/bacula-dir/tasks/main.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula Dir X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-dir.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/bacula-sd/tasks/main.yml b/roles/bacula-sd/tasks/main.yml
index 7a6c8c3..a888db6 100644
--- a/roles/bacula-sd/tasks/main.yml
+++ b/roles/bacula-sd/tasks/main.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula SD X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 5b7143f..960189b 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -56,7 +56,7 @@
- name: Fetch slapd's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/ldap/ssl/{{ item.name }}.pem
dest=certs/ldap/
fail_on_missing=yes
diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml
index 248d47d..91b37c8 100644
--- a/roles/common/tasks/bacula.yml
+++ b/roles/common/tasks/bacula.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula FD X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index c8e2495..273dc5c 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -68,7 +68,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
dest=certs/postfix/
fail_on_missing=yes
@@ -78,8 +78,8 @@
- name: Add a 'root' alias
lineinfile: dest=/etc/aliases create=yes
- regexp="^root:"" "
- line="root:"" root@fripost.org"
+ regexp="^root{{':'}} "
+ line="root{{':'}} root@fripost.org"
- name: Compile the static local Postfix database
postmap: cmd=postalias src=/etc/aliases db=cdb
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 3b95c92..3e6a4a8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,20 +1,36 @@
---
-- include: sysctl.yml tags=sysctl
+- include: sysctl.yml
+ tags: sysctl
- include: hosts.yml
-- include: apt.yml tags=apt
+- include: apt.yml
+ tags: apt
- name: Install intel-microcode
apt: pkg=intel-microcode
when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
tags: intel
-- include: firewall.yml tags=firewall,iptables
-- include: samhain.yml tags=samhain
-- include: auditd.yml tags=auditd
-- include: rkhunter.yml tags=rkhunter
-- include: clamav.yml tags=clamav
-- include: fail2ban.yml tags=fail2ban
-- include: smart.yml tags=smartmontools,smart
+- include: firewall.yml
+ tags:
+ - firewall
+ - iptables
+- include: samhain.yml
+ tags: samhain
+- include: auditd.yml
+ tags: auditd
+- include: rkhunter.yml
+ tags: rkhunter
+- include: clamav.yml
+ tags: clamav
+- include: fail2ban.yml
+ tags: fail2ban
+- include: smart.yml
+ tags:
+ - smartmontools
+ - smart
when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
-- include: haveged.yml tags=haveged,entropy
+- include: haveged.yml
+ tags:
+ - haveged
+ - entropy
- name: Copy genkeypair.sh and gendhparam.sh
copy: src=usr/local/bin/{{ item }}
dest=/usr/local/bin/{{ item }}
@@ -27,11 +43,22 @@
- name: Generate DH parameters
command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
tags: genkey
-- include: logging.yml tags=logging
-- include: ntp.yml tags=ntp
-- include: mail.yml tags=mail,postfix
-- include: bacula.yml tags=bacula-fd,bacula
-- include: munin-node.yml tags=munin-node,munin
+- include: logging.yml
+ tags: logging
+- include: ntp.yml
+ tags: ntp
+- include: mail.yml
+ tags:
+ - mail
+ - postfix
+- include: bacula.yml
+ tags:
+ - bacula-fd
+ - bacula
+- include: munin-node.yml
+ tags:
+ - munin-node
+ - munin
- name: Install common packages
apt: pkg={{ item }}
diff --git a/roles/common/tasks/munin-node.yml b/roles/common/tasks/munin-node.yml
index 9e5d8f4..c585d60 100644
--- a/roles/common/tasks/munin-node.yml
+++ b/roles/common/tasks/munin-node.yml
@@ -172,7 +172,7 @@
- name: Fetch Munin X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
dest=certs/munin/{{ inventory_hostname }}.pem
fail_on_missing=yes
diff --git a/roles/common/tasks/sysctl.yml b/roles/common/tasks/sysctl.yml
index 6ac7feb..d3ae86f 100644
--- a/roles/common/tasks/sysctl.yml
+++ b/roles/common/tasks/sysctl.yml
@@ -1,4 +1,4 @@
-- sysctl: name={{ item.name }} "value={{ item.value }}" sysctl_set=yes
+- sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
with_items:
- { name: 'kernel.domainname', value: '{{ ansible_domain }}' }
diff --git a/roles/git/tasks/cgit.yml b/roles/git/tasks/cgit.yml
index 7237aa9..cebcec8 100644
--- a/roles/git/tasks/cgit.yml
+++ b/roles/git/tasks/cgit.yml
@@ -98,7 +98,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/git.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/git/tasks/gitolite.yml b/roles/git/tasks/gitolite.yml
index 5cbce23..90b3015 100644
--- a/roles/git/tasks/gitolite.yml
+++ b/roles/git/tasks/gitolite.yml
@@ -26,8 +26,8 @@
- name: Configure gitolite
lineinfile: dest=/var/lib/gitolite/.gitolite.rc
- "regexp=^(\\s*{{ item.var }}\\s*=>\\s*)"
- "line= {{ item.var }} => {{ item.value }},"
+ regexp='^(\\s*{{ item.var }}\\s*=>\\s*)'
+ line=' {{ item.var }} => {{ item.value }},'
owner=root group=root
mode=0644
with_items:
diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
index da9f876..e24402a 100644
--- a/roles/git/tasks/main.yml
+++ b/roles/git/tasks/main.yml
@@ -1,2 +1,4 @@
-- include: gitolite.yml tags=gitolite
-- include: cgit.yml tags=cgit
+- include: gitolite.yml
+ tags: gitolite
+- include: cgit.yml
+ tags: cgit
diff --git a/roles/lists/tasks/main.yml b/roles/lists/tasks/main.yml
index f0e8e26..b43c948 100644
--- a/roles/lists/tasks/main.yml
+++ b/roles/lists/tasks/main.yml
@@ -1,3 +1,13 @@
-- include: mail.yml tags=postfix,mail
-- include: nginx.yml tags=nginx,www,web
-- include: sympa.yml tags=sympa,lists
+- include: mail.yml
+ tags:
+ - postfix
+ - mail
+- include: nginx.yml
+ tags:
+ - nginx
+ - www
+ - web
+- include: sympa.yml
+ tags:
+ - sympa
+ - lists
diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
index 21e769a..34d42bd 100644
--- a/roles/lists/tasks/nginx.yml
+++ b/roles/lists/tasks/nginx.yml
@@ -27,7 +27,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/lists.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml
index 030a547..8ee50bd 100644
--- a/roles/webmail/tasks/main.yml
+++ b/roles/webmail/tasks/main.yml
@@ -1,3 +1,9 @@
-- include: mail.yml tags=postfix,mail
+- include: mail.yml
when: "'out' not in group_names"
-- include: roundcube.yml tags=roundcube,webmail
+ tags:
+ - postfix
+ - mail
+- include: roundcube.yml
+ tags:
+ - roundcube
+ - webmail
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 3eaf766..eb04ba1 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -40,8 +40,8 @@
- name: Configure Roundcube
lineinfile: dest=/etc/roundcube/config.inc.php
- "regexp=^\\s*\\$config\\['{{ item.var }}'\\]\\s*="
- "line=$config['{{ item.var }}'] = {{ item.value }};"
+ regexp='^\\s*\\$config\\[\'{{ item.var }}\'\\]\\s*='
+ line='$config[\'{{ item.var }}\'] = {{ item.value }};'
owner=root group=www-data
mode=0640
with_items:
@@ -129,7 +129,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/mail.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/wiki/handlers/main.yml b/roles/wiki/handlers/main.yml
index 42ae6ef..109c63d 100644
--- a/roles/wiki/handlers/main.yml
+++ b/roles/wiki/handlers/main.yml
@@ -3,5 +3,5 @@
service: name=nginx state=restarted
- name: Refresh ikiwiki
- sudo_user: ikiwiki
+ become_user: ikiwiki
command: ikiwiki --setup /var/lib/ikiwiki/fripost-wiki.setup --refresh --wrappers
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 763f99a..9748768 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -59,7 +59,7 @@
- name: Add fripost-wiki to /etc/ikiwiki/wikilist
lineinfile: dest=/etc/ikiwiki/wikilist
- "line=ikiwiki /var/lib/ikiwiki/fripost-wiki.setup"
+ line='ikiwiki /var/lib/ikiwiki/fripost-wiki.setup'
owner=root group=root
mode=0644
@@ -97,7 +97,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/www.fripost.org.pem
dest=certs/public/fripost.org.pem
fail_on_missing=yes