add mail role!

1 files changed, 57 insertions, 0 deletions

diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
new file mode 100644
index 0000000..4233f68
--- /dev/null
+++ b/roles/mail/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+- name: install letsencrypt
+  apt:
+    name: letsencrypt
+    state: latest
+
+- name: allow 80/tcp ufw
+  ufw:
+    rule: allow
+    port: '80'
+    proto: 'tcp'
+
+- name: allow 443/tcp ufw
+  ufw:
+    rule: allow
+    port: '443'
+    proto: 'tcp'
+
+- name: restart ufw
+  service: name=ufw state=restarted enabled=yes
+
+- name: request certificate
+  shell: >
+    letsencrypt certonly -n --standalone -d "{{ domain }}" \
+      -m "{{ certbot_email }}" --agree-tos
+  args:
+    creates: "/etc/letsencrypt/live/{{ domain }}"
+
+- name: add monthly letsencrypt cronjob for cert renewal
+  cron:
+    name: "letsencrypt_renewal_mail"
+    day: "18"
+    hour: "2"
+    minute: "1"
+    job: "letsencrypt renew --cert-name {{ domain }} -n --standalone --agree-tos -m {{ certbot_email }}"
+
+- name: ensure mail docker/compose exist
+  file:
+    path: /etc/docker/compose/mail
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: build mail docker-compose.yml.j2
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /etc/docker/compose/mail/docker-compose.yml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: daemon-reload and enable mail
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@mail