tom/ansible_rspamd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
ansible_rspamd/tasks/main.yml

78 lines
2.0 KiB
YAML
Raw Permalink Blame History

---
# tasks file for rspamd
- name: configure repo
when: ansible_os_family == 'RedHat'
block:
- ansible.builtin.get_url:
url: https://rspamd.com/rpm-stable/centos-7/rspamd.repo
dest: /etc/yum.repos.d/rspamd.repo
- ansible.builtin.rpm_key:
key: https://rspamd.com/rpm-stable/gpg.key
state: present
- name: install rspamd
ansible.builtin.package:
state: present
name: rspamd
- name: configure rspamd
notify: restart rspamd
block:
- ansible.builtin.template:
src: "{{ item }}"
dest: /etc/rspamd/local.d/
loop:
- multimap.conf
- milter_headers.conf
- ip_whitelist.map
- host_whitelist.map
- address_whitelist.map
- address_blacklist.map
- actions.conf
- worker-controller.inc
- ansible.builtin.lineinfile:
create: true
path: /etc/rspamd/override.d/worker-proxy.inc
line: bind_socket = *:11332
- ansible.builtin.lineinfile:
create: true
path: /etc/rspamd/override.d/logging.inc
line: 'level = "notice";'
- name: open firewall port
when: use_ufw
community.general.ufw:
proto: tcp
port: "11332"
src: "{{ item.ip}}"
comment: "{{ item.comment }}"
rule: allow
loop:
- { ip: 163.172.96.97, comment: submarine }
- { ip: 80.67.185.27, comment: altc01 }
- { ip: 51.15.130.230, comment: mutine }
- { ip: 57.128.123.211, comment: mimine }
- { ip: 51.15.253.78, comment: cosine }
- name: ensure rspamd listen everywhere
ansible.builtin.lineinfile:
create: true
path: /etc/rspamd/local.d/proxy-normal.inc
regex: "^bind_socket = localhost:11332"
line: "bind_socket = *:11332"
notify: restart rspamd
- name: binding rspamd to redis
ansible.builtin.lineinfile:
create: true
path: /etc/rspamd/local.d/redis.conf
line: 'servers: "127.0.0.1"'
notify: restart rspamd
- name: start service
ansible.builtin.service:
name: rspamd
state: started
enabled: true
Reference in New Issue View Git Blame Copy Permalink