From ae64628958a10362aa7c65050ca8ff2546220c95 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Sun, 7 Jan 2024 00:35:54 -0500
Subject: add mail role!

---
 roles/mail/tasks/main.yml | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 roles/mail/tasks/main.yml

(limited to 'roles/mail/tasks')

diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
new file mode 100644
index 0000000..4233f68
--- /dev/null
+++ b/roles/mail/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+- name: install letsencrypt
+  apt:
+    name: letsencrypt
+    state: latest
+
+- name: allow 80/tcp ufw
+  ufw:
+    rule: allow
+    port: '80'
+    proto: 'tcp'
+
+- name: allow 443/tcp ufw
+  ufw:
+    rule: allow
+    port: '443'
+    proto: 'tcp'
+
+- name: restart ufw
+  service: name=ufw state=restarted enabled=yes
+
+- name: request certificate
+  shell: >
+    letsencrypt certonly -n --standalone -d "{{ domain }}" \
+      -m "{{ certbot_email }}" --agree-tos
+  args:
+    creates: "/etc/letsencrypt/live/{{ domain }}"
+
+- name: add monthly letsencrypt cronjob for cert renewal
+  cron:
+    name: "letsencrypt_renewal_mail"
+    day: "18"
+    hour: "2"
+    minute: "1"
+    job: "letsencrypt renew --cert-name {{ domain }} -n --standalone --agree-tos -m {{ certbot_email }}"
+
+- name: ensure mail docker/compose exist
+  file:
+    path: /etc/docker/compose/mail
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: build mail docker-compose.yml.j2
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /etc/docker/compose/mail/docker-compose.yml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: daemon-reload and enable mail
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@mail
-- 
cgit v1.2.3-70-g09d2