2024-03-30 11:58:59 +01:00
|
|
|
- name: "Create {{ project_dir }} project directory"
|
2024-03-16 13:49:47 +01:00
|
|
|
file:
|
2024-03-30 11:58:59 +01:00
|
|
|
path: "{{ project_dir }}"
|
2024-03-16 13:49:47 +01:00
|
|
|
state: directory
|
|
|
|
|
2024-04-06 21:43:34 +02:00
|
|
|
- name: Template configuration files to project directory
|
2024-03-16 13:49:47 +01:00
|
|
|
template:
|
2024-04-06 21:43:34 +02:00
|
|
|
src: "{{ item.src }}"
|
|
|
|
dest: "{{ project_dir }}/{{ item.path }}"
|
2024-03-16 18:52:25 +01:00
|
|
|
owner: "{{ host_uid }}"
|
2024-04-06 21:43:34 +02:00
|
|
|
group: "{{ users['mailserver'] + uid_shift }}"
|
2024-03-16 13:49:47 +01:00
|
|
|
mode: '640'
|
2024-04-06 21:43:34 +02:00
|
|
|
with_filetree: ../templates/
|
|
|
|
when: item.state == 'file'
|
|
|
|
become: true
|
2024-03-16 13:49:47 +01:00
|
|
|
|
2024-04-06 21:43:34 +02:00
|
|
|
- name: "Create (if not exists) directory {{ volumes['mailserver_datadir'] }} & set permissions"
|
2024-03-16 13:49:47 +01:00
|
|
|
file:
|
|
|
|
path: "{{ volumes['mailserver_datadir'] }}"
|
|
|
|
state: directory
|
|
|
|
owner: "{{ users['mailserver'] + uid_shift }}"
|
|
|
|
group: "{{ users['mailserver'] + uid_shift }}"
|
2024-04-06 21:43:34 +02:00
|
|
|
mode: '700'
|
2024-03-16 13:49:47 +01:00
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: Set limited permissions on certificate directories
|
|
|
|
file:
|
|
|
|
path: "/etc/{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '751'
|
|
|
|
become: true
|
|
|
|
loop:
|
|
|
|
- letsencrypt
|
|
|
|
- letsencrypt/live
|
|
|
|
- letsencrypt/archive
|
|
|
|
|
|
|
|
- name: Set limited permissions on certificate directories
|
|
|
|
file:
|
|
|
|
path: "/etc/letsencrypt/{{ item }}/mail.{{ domain }}"
|
|
|
|
state: directory
|
|
|
|
owner: root
|
|
|
|
group: "{{ host_uid }}"
|
|
|
|
mode: '550'
|
|
|
|
become: true
|
|
|
|
loop:
|
|
|
|
- live
|
|
|
|
- archive
|
|
|
|
|
|
|
|
- name: Set limited permissions on certificate key file
|
|
|
|
file:
|
|
|
|
path: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
|
|
|
|
owner: root
|
|
|
|
group: "{{ host_uid }}"
|
|
|
|
mode: '640'
|
|
|
|
become: true
|
|
|
|
|
|
|
|
- name: Pull project services
|
|
|
|
community.docker.docker_compose:
|
2024-03-30 11:58:59 +01:00
|
|
|
project_src: "{{ project_dir }}"
|
2024-03-16 13:49:47 +01:00
|
|
|
recreate: never
|
|
|
|
pull: true
|
|
|
|
debug: true
|
|
|
|
when: docker_pull_images | bool
|
|
|
|
register: mailserver_docker_compose_pull_result
|
|
|
|
|
|
|
|
- name: Display pulled image(s) name
|
|
|
|
set_fact:
|
|
|
|
mailserver_pulled_images: "{{ mailserver_pulled_images | default([]) + [item.pulled_image.name] }}"
|
|
|
|
loop: "{{ mailserver_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
|
|
|
|
|
|
|
|
- name: Include backup tasks
|
|
|
|
include_tasks:
|
|
|
|
file: backup.yml
|
|
|
|
# Make a backup if we didn't already make one and we pulled a new image
|
|
|
|
when: not run_backup and mailserver_pulled_images is defined
|
|
|
|
|
|
|
|
- name: Create/Restart project services
|
|
|
|
community.docker.docker_compose:
|
2024-03-30 11:58:59 +01:00
|
|
|
project_src: "{{ project_dir }}"
|
2024-04-06 21:43:34 +02:00
|
|
|
restarted: true
|