diff --git a/.drone.jsonnet b/.drone.jsonnet
deleted file mode 100644
index ea2de9e..0000000
--- a/.drone.jsonnet
+++ /dev/null
@@ -1,124 +0,0 @@
-local PipelineLinting = {
- kind: 'pipeline',
- name: 'linting',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- steps: [
- {
- name: 'ansible-later',
- image: 'thegeeklab/ansible-later',
- commands: [
- 'ansible-later',
- ],
- },
- {
- name: 'python-format',
- image: 'python:3.11',
- environment: {
- PY_COLORS: 1,
- },
- commands: [
- 'pip install -qq yapf',
- '[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
- ],
- },
- {
- name: 'python-flake8',
- image: 'python:3.11',
- environment: {
- PY_COLORS: 1,
- },
- commands: [
- 'pip install -qq flake8',
- 'flake8',
- ],
- },
- ],
- trigger: {
- ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
- },
-};
-
-local PipelineDocumentation = {
- kind: 'pipeline',
- name: 'documentation',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- steps: [
- {
- name: 'generate',
- image: 'thegeeklab/ansible-doctor',
- environment: {
- ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
- ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
- ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
- ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
- ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
- ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
- },
- },
- {
- name: 'publish',
- image: 'plugins/gh-pages',
- settings: {
- remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
- netrc_machine: 'gitea.rknet.org',
- username: { from_secret: 'gitea_username' },
- password: { from_secret: 'gitea_token' },
- pages_directory: '_docs/',
- target_branch: 'docs',
- },
- when: {
- ref: ['refs/heads/main'],
- },
- },
- ],
- trigger: {
- ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
- },
- depends_on: [
- 'linting',
- ],
-};
-
-local PipelineNotification = {
- kind: 'pipeline',
- name: 'notification',
- platform: {
- os: 'linux',
- arch: 'amd64',
- },
- clone: {
- disable: true,
- },
- steps: [
- {
- name: 'matrix',
- image: 'thegeeklab/drone-matrix',
- settings: {
- homeserver: { from_secret: 'matrix_homeserver' },
- roomid: { from_secret: 'matrix_roomid' },
- template: 'Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}',
- username: { from_secret: 'matrix_username' },
- password: { from_secret: 'matrix_password' },
- },
- },
- ],
- depends_on: [
- 'documentation',
- ],
- trigger: {
- status: ['success', 'failure'],
- ref: ['refs/heads/main', 'refs/tags/**'],
- },
-};
-
-[
- PipelineLinting,
- PipelineDocumentation,
- PipelineNotification,
-]
diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index f6dfd8e..0000000
--- a/.drone.yml
+++ /dev/null
@@ -1,120 +0,0 @@
----
-kind: pipeline
-name: linting
-
-platform:
- os: linux
- arch: amd64
-
-steps:
- - name: ansible-later
- image: thegeeklab/ansible-later
- commands:
- - ansible-later
-
- - name: python-format
- image: python:3.11
- commands:
- - pip install -qq yapf
- - "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
- environment:
- PY_COLORS: 1
-
- - name: python-flake8
- image: python:3.11
- commands:
- - pip install -qq flake8
- - flake8
- environment:
- PY_COLORS: 1
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- - refs/pull/**
-
----
-kind: pipeline
-name: documentation
-
-platform:
- os: linux
- arch: amd64
-
-steps:
- - name: generate
- image: thegeeklab/ansible-doctor
- environment:
- ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
- ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
- ANSIBLE_DOCTOR_LOG_LEVEL: INFO
- ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
- ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
- ANSIBLE_DOCTOR_TEMPLATE: hugo-book
-
- - name: publish
- image: plugins/gh-pages
- settings:
- netrc_machine: gitea.rknet.org
- pages_directory: _docs/
- password:
- from_secret: gitea_token
- remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
- target_branch: docs
- username:
- from_secret: gitea_username
- when:
- ref:
- - refs/heads/main
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- - refs/pull/**
-
-depends_on:
- - linting
-
----
-kind: pipeline
-name: notification
-
-platform:
- os: linux
- arch: amd64
-
-clone:
- disable: true
-
-steps:
- - name: matrix
- image: thegeeklab/drone-matrix
- settings:
- homeserver:
- from_secret: matrix_homeserver
- password:
- from_secret: matrix_password
- roomid:
- from_secret: matrix_roomid
- template: "Status: **{{ .Build.Status }}**
Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}
Message: {{ .Commit.Message.Title }}"
- username:
- from_secret: matrix_username
-
-trigger:
- ref:
- - refs/heads/main
- - refs/tags/**
- status:
- - success
- - failure
-
-depends_on:
- - documentation
-
----
-kind: signature
-hmac: fdc8576e915a103e3a4aec7dc8bf1068e602ee975ff6d0fb5d92ee2434d9d0ce
-
-...
diff --git a/.later.yml b/.later.yml
deleted file mode 100644
index 0efe5d5..0000000
--- a/.later.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-ansible:
- custom_modules:
- - iptables_raw
- - openssl_pkcs12
- - proxmox_kvm
- - ucr
- - corenetworks_dns
- - corenetworks_token
-
-rules:
- exclude_files:
- - molecule/
- - "LICENSE*"
- - "**/*.md"
- - "**/*.ini"
-
- exclude_filter:
- - LINT0009
diff --git a/.markdownlint.yml b/.markdownlint.yml
new file mode 100644
index 0000000..da116c7
--- /dev/null
+++ b/.markdownlint.yml
@@ -0,0 +1,7 @@
+---
+default: True
+MD013: False
+MD041: False
+MD024: False
+MD004:
+ style: dash
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000..6b1d0bf
--- /dev/null
+++ b/.prettierignore
@@ -0,0 +1 @@
+LICENSE
diff --git a/.woodpecker/docs.yaml b/.woodpecker/docs.yaml
new file mode 100644
index 0000000..ec71c9b
--- /dev/null
+++ b/.woodpecker/docs.yaml
@@ -0,0 +1,47 @@
+---
+when:
+ - event: [pull_request]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+ - name: generate
+ image: quay.io/thegeeklab/ansible-doctor
+ environment:
+ ANSIBLE_DOCTOR_EXCLUDE_FILES: "['molecule/']"
+ ANSIBLE_DOCTOR_RENDERER__FORCE_OVERWRITE: "true"
+ ANSIBLE_DOCTOR_LOGGING__LEVEL: info
+ ANSIBLE_DOCTOR_ROLE__NAME: ${CI_REPO_NAME}
+ ANSIBLE_DOCTOR_TEMPLATE__NAME: readme
+
+ - name: format
+ image: quay.io/thegeeklab/alpine-tools
+ commands:
+ - prettier -w README.md
+
+ - name: diff
+ image: quay.io/thegeeklab/alpine-tools
+ commands:
+ - git diff --color=always README.md
+
+ - name: publish
+ image: quay.io/thegeeklab/wp-git-action
+ settings:
+ action:
+ - commit
+ - push
+ author_email: ci-bot@rknet.org
+ author_name: ci-bot
+ branch: main
+ message: "[skip ci] automated docs update"
+ netrc_machine: gitea.rknet.org
+ netrc_password:
+ from_secret: gitea_token
+ when:
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+depends_on:
+ - lint
diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml
new file mode 100644
index 0000000..c48a8e4
--- /dev/null
+++ b/.woodpecker/lint.yaml
@@ -0,0 +1,30 @@
+---
+when:
+ - event: [pull_request, tag]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+steps:
+ - name: ansible-lint
+ image: quay.io/thegeeklab/ansible-dev-tools:1
+ commands:
+ - ansible-lint
+ environment:
+ FORCE_COLOR: "1"
+
+ - name: python-format
+ image: docker.io/python:3.12
+ commands:
+ - pip install -qq ruff
+ - ruff format --check --diff .
+ environment:
+ PY_COLORS: "1"
+
+ - name: python-lint
+ image: docker.io/python:3.12
+ commands:
+ - pip install -qq ruff
+ - ruff check .
+ environment:
+ PY_COLORS: "1"
diff --git a/.woodpecker/notify.yml b/.woodpecker/notify.yml
new file mode 100644
index 0000000..45bc21e
--- /dev/null
+++ b/.woodpecker/notify.yml
@@ -0,0 +1,26 @@
+---
+when:
+ - event: [tag]
+ - event: [push, manual]
+ branch:
+ - ${CI_REPO_DEFAULT_BRANCH}
+
+runs_on: [success, failure]
+
+steps:
+ - name: matrix
+ image: quay.io/thegeeklab/wp-matrix
+ settings:
+ homeserver:
+ from_secret: matrix_homeserver
+ room_id:
+ from_secret: matrix_room_id
+ user_id:
+ from_secret: matrix_user_id
+ access_token:
+ from_secret: matrix_access_token
+ when:
+ - status: [failure]
+
+depends_on:
+ - docs
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..df1d39e
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,20 @@
+---
+extends: default
+
+rules:
+ truthy:
+ allowed-values: ["True", "False"]
+ comments:
+ min-spaces-from-content: 1
+ comments-indentation: False
+ line-length: disable
+ braces:
+ min-spaces-inside: 0
+ max-spaces-inside: 1
+ brackets:
+ min-spaces-inside: 0
+ max-spaces-inside: 0
+ indentation: enable
+ octal-values:
+ forbid-implicit-octal: True
+ forbid-explicit-octal: True
diff --git a/handlers/main.yml b/handlers/main.yml
index 97cf924..0fc1e53 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,30 +1,24 @@
---
- name: Restart apache service
- service:
+ ansible.builtin.service:
name: apache2
state: restarted
- enabled: yes
+ enabled: True
listen: __ucs_apache_restart
when: ucs_custom_tls_apache2_enabled
- become: True
- become_user: root
- name: Restart dovecot service
- service:
+ ansible.builtin.service:
name: dovecot
state: restarted
- enabled: yes
+ enabled: True
listen: __ucs_dovecot_restart
when: ucs_custom_tls_dovecot_enabled
- become: True
- become_user: root
- name: Restart postfix service
- service:
+ ansible.builtin.service:
name: postfix
state: restarted
- enabled: yes
+ enabled: True
listen: __ucs_postfix_restart
when: ucs_custom_tls_postfix_enabled
- become: True
- become_user: root
diff --git a/meta/main.yml b/meta/main.yml
index 3bcfa8d..f9f71d6 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,4 +1,3 @@
-# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
@@ -21,16 +20,13 @@ galaxy_info:
# @end
description: Configure an Univention Corporate Server
license: MIT
- min_ansible_version: 2.10
+ min_ansible_version: "2.10"
platforms:
- name: EL
versions:
- - 7
+ - "9"
galaxy_tags:
- univention
- ucs
- domain
dependencies: []
-collections:
- - xoxys.general
- - community.general
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..7193140
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,17 @@
+[tool.ruff]
+exclude = [".git", "__pycache__"]
+
+line-length = 99
+indent-width = 4
+
+[tool.ruff.lint]
+ignore = ["W191", "E111", "E114", "E117", "S101", "S105"]
+select = ["F", "E", "I", "W", "S"]
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+line-ending = "lf"
+
+[tool.pytest.ini_options]
+filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"]
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..486663f
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,7 @@
+---
+collections:
+ - name: https://gitea.rknet.org/ansible/xoxys.general
+ type: git
+ - name: ansible.posix
+
+roles: []
diff --git a/setup.cfg b/setup.cfg
deleted file mode 100644
index 2bb8674..0000000
--- a/setup.cfg
+++ /dev/null
@@ -1,12 +0,0 @@
-[flake8]
-ignore = D100, D101, D102, D103, D105, D107, E402, W503
-max-line-length = 99
-inline-quotes = double
-exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
-
-[yapf]
-based_on_style = google
-column_limit = 99
-dedent_closing_brackets = true
-coalesce_brackets = true
-split_before_logical_operator = true
diff --git a/tasks/cron.yml b/tasks/cron.yml
deleted file mode 100644
index d4cae01..0000000
--- a/tasks/cron.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Setup custom cronjobs
- cron:
- name: "{{ item.name }}"
- minute: "{{ item.minute | default(0) }}"
- hour: "{{ item.hour | default(3) }}"
- day: "{{ item.day | default('*') }}"
- weekday: "{{ item.weekday | default('*') }}"
- month: "{{ item.month | default('*') }}"
- user: "{{ item.user | default('root') }}"
- cron_file: univention-custom
- job: "{{ item.job }}"
- state: "{{ item.state | default('present') }}"
- loop: "{{ ucs_cronjobs }}"
- loop_control:
- label: "{{ item.name }}"
- become: True
- become_user: root
diff --git a/tasks/filesystem.yml b/tasks/filesystem.yml
deleted file mode 100644
index a9e3627..0000000
--- a/tasks/filesystem.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Set acl for shares
- acl:
- path: "{{ item.path }}"
- entity: "{{ item.entity }}"
- etype: "{{ item.etype }}"
- permissions: "{{ item.permissions }}"
- state: "{{ item.state | default('query') }}"
- recursive: "{{ item.recursive | default('no') }}"
- default: "{{ item.default | default('no') }}"
- loop: "{{ ucs_filesystem_acl }}"
- loop_control:
- label: "{{ item.path }}"
- become: True
- become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index 0ac2e91..70ffdb7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,52 @@
---
-- include_tasks: registry.yml
-- include_tasks: users_groups.yml
-- include_tasks: filesystem.yml
-- include_tasks: cron.yml
-- import_tasks: tls.yml
+- name: Set system settings to registry
+ xoxys.general.ucr:
+ path: "{{ item.path }}"
+ value: "{{ item.value }}"
+ state: "{{ item.state | default('present') }}"
+ loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
+
+- name: Create system groups
+ community.general.udm_group:
+ name: "{{ item.name }}"
+ description: "{{ item.description | default(omit) }}"
+ subpath: "{{ item.subpath | default(omit) }}"
+ ou: "{{ item.ou | default(omit) }}"
+ state: "{{ item.state | default('present') }}"
+ loop: "{{ ucs_system_groups }}"
+ loop_control:
+ label: "{{ item.name }}"
+
+- name: Set acl for shares
+ ansible.posix.acl:
+ path: "{{ item.path }}"
+ entity: "{{ item.entity }}"
+ etype: "{{ item.etype }}"
+ permissions: "{{ item.permissions }}"
+ state: "{{ item.state | default('query') }}"
+ recursive: "{{ item.recursive | default('no') }}"
+ default: "{{ item.default | default('no') }}"
+ loop: "{{ ucs_filesystem_acl }}"
+ loop_control:
+ label: "{{ item.path }}"
+
+- name: Setup custom cronjobs
+ ansible.builtin.cron:
+ name: "{{ item.name }}"
+ minute: "{{ item.minute | default(0) }}"
+ hour: "{{ item.hour | default(3) }}"
+ day: "{{ item.day | default('*') }}"
+ weekday: "{{ item.weekday | default('*') }}"
+ month: "{{ item.month | default('*') }}"
+ user: "{{ item.user | default('root') }}"
+ cron_file: univention-custom
+ job: "{{ item.job }}"
+ state: "{{ item.state | default('present') }}"
+ loop: "{{ ucs_cronjobs }}"
+ loop_control:
+ label: "{{ item.name }}"
+
+- name: Deploy custom tls certs
+ ansible.builtin.import_tasks: tls.yml
+ when: ucs_custom_tls_enabled
tags: tls_renewal
diff --git a/tasks/registry.yml b/tasks/registry.yml
deleted file mode 100644
index 2fc65d0..0000000
--- a/tasks/registry.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- block:
- - name: Set system settings to registry
- ucr:
- path: "{{ item.path }}"
- value: "{{ item.value }}"
- state: "{{ item.state | default('present') }}"
- loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
- become: True
- become_user: root
diff --git a/tasks/tls.yml b/tasks/tls.yml
index b660305..6a887c6 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,66 +1,74 @@
---
-- block:
- - name: Create tls folder structure
- file:
- path: "{{ item }}"
- state: directory
- mode: 0700
- loop:
- - "{{ ucs_tls_certs_dir }}"
- - "{{ ucs_tls_key_dir }}"
+- name: Create tls folder structure
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ mode: "0700"
+ loop:
+ - "{{ ucs_tls_certs_dir }}"
+ - "{{ ucs_tls_key_dir }}"
- - name: Copy certs and private key
- copy:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: "{{ item.mode }}"
- loop:
- - { src: "{{ ucs_tls_cert_path }}", dest: "{{ ucs_tls_certs_dir }}/ucs.pem", mode: '0600' }
- - { src: "{{ ucs_tls_key_path }}", dest: "{{ ucs_tls_key_dir }}/ucs.pem", mode: '0750' }
- loop_control:
- label: "{{ item.dest }}"
- notify:
- - __ucs_apache_restart
- - __ucs_dovecot_restart
- - __ucs_postfix_restart
+- name: Copy certs and private key
+ ansible.builtin.copy:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ mode: "{{ item.mode }}"
+ loop:
+ - src: "{{ ucs_tls_cert_path }}"
+ dest: "{{ ucs_tls_certs_dir }}/ucs.pem"
+ mode: "0600"
+ - src: "{{ ucs_tls_key_path }}"
+ dest: "{{ ucs_tls_key_dir }}/ucs.pem"
+ mode: "0750"
+ loop_control:
+ label: "{{ item.dest }}"
+ notify:
+ - __ucs_apache_restart
+ - __ucs_dovecot_restart
+ - __ucs_postfix_restart
- - name: Set apache2 ucr vars
- ucr:
- path: "{{ item.path }}"
- value: "{{ item.value }}"
- loop:
- - { path: apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- - { path: apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- - { path: saml/apache2/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- - { path: saml/apache2/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- loop_control:
- label: "variable: {{ item.path }}={{ item.value }}"
- notify: __ucs_apache_restart
- when: ucs_custom_tls_apache2_enabled
+- name: Set apache2 ucr vars
+ xoxys.general.ucr:
+ path: "{{ item.path }}"
+ value: "{{ item.value }}"
+ loop:
+ - path: apache2/ssl/certificate
+ value: "{{ ucs_tls_certs_dir }}/ucs.pem"
+ - path: apache2/ssl/key
+ value: "{{ ucs_tls_key_dir }}/ucs.pem"
+ - path: saml/apache2/ssl/certificate
+ value: "{{ ucs_tls_certs_dir }}/ucs.pem"
+ - path: saml/apache2/ssl/key
+ value: "{{ ucs_tls_key_dir }}/ucs.pem"
+ loop_control:
+ label: "variable: {{ item.path }}={{ item.value }}"
+ notify: __ucs_apache_restart
+ when: ucs_custom_tls_apache2_enabled
- - name: Set dovecot ucr vars
- ucr:
- path: "{{ item.path }}"
- value: "{{ item.value }}"
- loop:
- - { path: mail/dovecot/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- - { path: mail/dovecot/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- loop_control:
- label: "variable: {{ item.path }}={{ item.value }}"
- notify: __ucs_dovecot_restart
- when: ucs_custom_tls_dovecot_enabled
+- name: Set dovecot ucr vars
+ xoxys.general.ucr:
+ path: "{{ item.path }}"
+ value: "{{ item.value }}"
+ loop:
+ - path: mail/dovecot/ssl/certificate,
+ value: "{{ ucs_tls_certs_dir }}/ucs.pem"
+ - path: mail/dovecot/ssl/key
+ value: "{{ ucs_tls_key_dir }}/ucs.pem"
+ loop_control:
+ label: "variable: {{ item.path }}={{ item.value }}"
+ notify: __ucs_dovecot_restart
+ when: ucs_custom_tls_dovecot_enabled
- - name: Set postfix ucr vars
- ucr:
- path: "{{ item.path }}"
- value: "{{ item.value }}"
- loop:
- - { path: mail/postfix/ssl/certificate, value: "{{ ucs_tls_certs_dir }}/ucs.pem" }
- - { path: mail/postfix/ssl/key, value: "{{ ucs_tls_key_dir }}/ucs.pem" }
- loop_control:
- label: "variable: {{ item.path }}={{ item.value }}"
- notify: __ucs_postfix_restart
- when: ucs_custom_tls_postfix_enabled
- become: True
- become_user: root
- when: ucs_custom_tls_enabled
+- name: Set postfix ucr vars
+ xoxys.general.ucr:
+ path: "{{ item.path }}"
+ value: "{{ item.value }}"
+ loop:
+ - path: mail/postfix/ssl/certificate
+ value: "{{ ucs_tls_certs_dir }}/ucs.pem"
+ - path: mail/postfix/ssl/key
+ value: "{{ ucs_tls_key_dir }}/ucs.pem"
+ loop_control:
+ label: "variable: {{ item.path }}={{ item.value }}"
+ notify: __ucs_postfix_restart
+ when: ucs_custom_tls_postfix_enabled
diff --git a/tasks/users_groups.yml b/tasks/users_groups.yml
deleted file mode 100644
index 8ae7734..0000000
--- a/tasks/users_groups.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-- name: Create system groups
- udm_group:
- name: "{{ item.name }}"
- description: "{{ item.description | default(omit) }}"
- subpath: "{{ item.subpath | default(omit) }}"
- ou: "{{ item.ou | default(omit) }}"
- state: "{{ item.state | default('present') }}"
- loop: "{{ ucs_system_groups }}"
- loop_control:
- label: "{{ item.name }}"
- become: True
- become_user: root