diff --git a/playbooks/managed-mailcow/enable-sni-globally.yml b/playbooks/managed-mailcow/enable-sni-globally.yml new file mode 100644 index 0000000..a3648bf --- /dev/null +++ b/playbooks/managed-mailcow/enable-sni-globally.yml @@ -0,0 +1,34 @@ +--- + +- name: Enable SNI globally + hosts: all + vars: + debug: false + tasks: + + - name: "Get mailcow Installation location" + include_role: + name: managed-mailcow + tasks_from: find-mailcow-composedir + + - name: "Prüfe ob mailcow.conf exists" + ansible.builtin.stat: + path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf" + register: mailcow_conf + + - name: "Setze SNI global ein" + ansible.builtin.replace: + path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf" + regexp: "^ENABLE_SSL_SNI=n" + replace: "ENABLE_SSL_SNI=y" + backup: yes + register: sni + when: mailcow_conf.stat.exists + + - name: "Restart mailcow Docker Compose" + vars: + docker_compose_path: "{{ mailcow_dir_result.files[0].path }}" + include_role: + name: managed-mailcow + tasks_from: start-mailcow + when: sni.changed \ No newline at end of file diff --git a/playbooks/managed-mailcow/remove-watchdog-mail.yaml b/playbooks/managed-mailcow/remove-watchdog-mail.yaml new file mode 100644 index 0000000..6d5139e --- /dev/null +++ b/playbooks/managed-mailcow/remove-watchdog-mail.yaml @@ -0,0 +1,34 @@ +--- + +- name: Enable SNI globally + hosts: all + vars: + debug: false + tasks: + + - name: "Get mailcow Installation location" + include_role: + name: managed-mailcow + tasks_from: find-mailcow-composedir + + - name: "Check if mailcow.conf exists" + ansible.builtin.stat: + path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf" + register: mailcow_conf + + - name: "Remove WATCHDOG_NOTIFY_EMAIL globally" + ansible.builtin.replace: + path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf" + regexp: "^WATCHDOG_NOTIFY_EMAIL=info@servercow.de" + replace: "#WATCHDOG_NOTIFY_EMAIL=" + backup: yes + register: watchdog + when: mailcow_conf.stat.exists + + - name: "Restart mailcow Docker Compose" + vars: + docker_compose_path: "{{ mailcow_dir_result.files[0].path }}" + verbose: false + include_role: + name: managed-mailcow + tasks_from: start-mailcow \ No newline at end of file diff --git a/playbooks/os-major-upgrade.yml b/playbooks/os-major-upgrade.yml index 52c3f61..5bc9a45 100644 --- a/playbooks/os-major-upgrade.yml +++ b/playbooks/os-major-upgrade.yml @@ -2,6 +2,10 @@ vars: os_update_major_version: true # Can either be true or false | To toggle if systems need to be upgraded to newer codename os_update_version_codename: "trixie" # Change to switch major release (e.g. bookworm or trixie) | Used for jinja2 Template fill in as it determines the current codename of system where ansible is run on + snapshot_name: "AUTO_before_major_{{ ansible_date_time.date }}" # Name of the snapshot to be created before major upgrade + vars_files: + # Load vault file for sensitive data like Proxmox API tokens + - ../vault.yml tasks: - name: Verify if system is Debian debug: @@ -13,8 +17,53 @@ msg: "This playbook only supports Debian." when: ansible_os_family != "Debian" + - name: Read /etc/os-release + ansible.builtin.slurp: + src: /etc/os-release + register: os_release + when: ansible_os_family == "Debian" + + - name: Extract current codename + ansible.builtin.set_fact: + current_os_codename: >- + {{ (os_release.content | b64decode).splitlines() + | select('match','^VERSION_CODENAME=') + | list | first | regex_replace('^VERSION_CODENAME=', '') | lower }} + when: ansible_os_family == "Debian" + + - name: Show current and target codenames + debug: + msg: "Current codename: {{ current_os_codename }}, Target codename: {{ os_update_version_codename | lower }}" + when: ansible_os_family == "Debian" + + - name: Include Proxmox Info task + ansible.builtin.include_role: + name: proxmox-automation + tasks_from: get-vmid + when: + - ansible_os_family == "Debian" + - current_os_codename | lower != os_update_version_codename | lower + + - name: Create Snapshot before Modifications + ansible.builtin.include_role: + name: proxmox-automation + tasks_from: create-snapshots + when: + - ansible_os_family == "Debian" + - current_os_codename | lower != os_update_version_codename | lower + - name: Include OS update role ansible.builtin.include_role: name: os-updates tasks_from: update_major_version - when: ansible_os_family == "Debian" \ No newline at end of file + when: + - ansible_os_family == "Debian" + - current_os_codename | lower != os_update_version_codename | lower + + - name: Check if system is back online after reboot + ansible.builtin.wait_for_connection: + delay: 10 + timeout: 300 + when: + - ansible_os_family == "Debian" + - current_os_codename | lower != os_update_version_codename | lower \ No newline at end of file diff --git a/roles/proxmox-automation/requirements.yml b/roles/proxmox-automation/requirements.yml new file mode 100644 index 0000000..b2ce184 --- /dev/null +++ b/roles/proxmox-automation/requirements.yml @@ -0,0 +1,4 @@ +--- +collections: + - name: community.proxmox + version: 1.4.0 \ No newline at end of file diff --git a/roles/proxmox-automation/tasks/create-snapshots.yaml b/roles/proxmox-automation/tasks/create-snapshots.yaml new file mode 100644 index 0000000..3fd6a93 --- /dev/null +++ b/roles/proxmox-automation/tasks/create-snapshots.yaml @@ -0,0 +1,11 @@ +- name: Create new snapshot and keep only the 2 newest snapshots + community.proxmox.proxmox_snap: + api_host: "{{ proxmox_host }}" + api_user: "{{ proxmox_user }}" + api_token_id: "{{ proxmox_token_id }}" + api_token_secret: "{{ proxmox_token_secret }}" + vmid: "{{ vmid }}" + state: present + snapname: "{{ snapshot_name | default('before_update') }}" + retention: 2 + delegate_to: localhost diff --git a/roles/proxmox-automation/tasks/delete-snapshots.yaml b/roles/proxmox-automation/tasks/delete-snapshots.yaml new file mode 100644 index 0000000..0801cd2 --- /dev/null +++ b/roles/proxmox-automation/tasks/delete-snapshots.yaml @@ -0,0 +1,10 @@ +- name: Delete snapshot before_major + community.proxmox.proxmox_snap: + api_host: "{{ proxmox_host }}" + api_user: "{{ proxmox_user }}" + api_token_id: "{{ proxmox_token_id }}" + api_token_secret: "{{ proxmox_token_secret }}" + vmid: "{{ vmid }}" + state: absent + snapname: before_major + delegate_to: localhost \ No newline at end of file diff --git a/roles/proxmox-automation/tasks/get-vmid.yaml b/roles/proxmox-automation/tasks/get-vmid.yaml new file mode 100644 index 0000000..8bd407c --- /dev/null +++ b/roles/proxmox-automation/tasks/get-vmid.yaml @@ -0,0 +1,15 @@ +- name: Retrieve information about specific VM by name and get current configuration + community.proxmox.proxmox_vm_info: + api_host: "{{ proxmox_host }}" + api_user: "{{ proxmox_user }}" + api_token_id: "{{ proxmox_token_id }}" + api_token_secret: "{{ proxmox_token_secret }}" + type: all + name: "{{ inventory_hostname }}" + config: current + register: vm_info + delegate_to: localhost + +- name: Extract VMID + ansible.builtin.set_fact: + vmid: "{{ vm_info.proxmox_vms[0].vmid }}" \ No newline at end of file diff --git a/vault.yml b/vault.yml index 018a9ff..1d635e7 100644 --- a/vault.yml +++ b/vault.yml @@ -1,12 +1,20 @@ $ANSIBLE_VAULT;1.1;AES256 -32313665396633336165656332313162356665623066313165393464666138623230333666313135 -3833623133643564323530336531363531623139376636350a653037623861383664623432333961 -39633864343631376562343839386637386634333264623231636333663230366134323061356639 -6336663761396632660a623433356566373534373266366335393463666562343035393138346663 -63396664303837323336396334643663653734666438666364643139386166633938663739303330 -39373230616662383263626136663839396662356636663938666135643063363065636133316235 -64393962396534393264613534633136353635313564303435313334646533306161346562353566 -66383239343932393130626563613437336666623765616439613963306438663665366464326632 -37326438386539633930616331303933666537643337303437313234626563363562326361373039 -31616661343633303663326165306232306639653035323963363733653538363232333832303833 -363165663966363066623762343766393130 +39616132376365333264333139383264303139356261656431656134396464393364313536303365 +3134623737626537323863386638306438336464663161340a626430393530346466356261353438 +61653663613036323537616130356363663637636132356361373436656233316464353361333233 +3163353732376531630a356332663334623565633436313466303561646437316661313439646336 +63656663663139353037393336373432613438616264393865646435636165363733323563373662 +65353432336436653632663133663362663937306436306464373333366337633665633631393934 +66646335316263336239363730653366653831396139633665393161313662353862616263623665 +61343366303365613638353764306461633565373138623463346436393762626438316165626337 +30626138336430636237643938393962646231373432646565303164653964383565383737336133 +63313238666333646366353466636135633231633630313536336466303364313265656263313639 +30613637386133386462396536366430333663366638303138646630646563343462346565653034 +61336630393634393639623836633762363832323738343939643736323536663266363766313063 +34623233396337633233386133393139353565666533353535373133306466366531383434633363 +66653763303361613236333764626236383732393735333236363364666365313336336463616334 +61326436356463316231626432633439323035326236613632323262363437336363666166343039 +66383232323762343037386362393735356638333563353433343231303562323839313733666633 +33383937626336613233666363656232313061323333323838356235313962356239353136393238 +65336435653534616538343833313564666366373433623730383631356239363261376562313634 +383763653139333766613235633433656231