added new playbooks and tasks

playbooks/managed-mailcow/enable-sni-globally.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Enable SNI globally
+  hosts: all
+  vars:
+    debug: false
+  tasks:
+
+  - name: "Get mailcow Installation location"
+    include_role:
+      name: managed-mailcow
+      tasks_from: find-mailcow-composedir
+
+  - name: "Prüfe ob mailcow.conf exists"
+    ansible.builtin.stat:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+    register: mailcow_conf
+
+  - name: "Setze SNI global ein"
+    ansible.builtin.replace:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+      regexp: "^ENABLE_SSL_SNI=n"
+      replace: "ENABLE_SSL_SNI=y"
+      backup: yes
+    register: sni
+    when: mailcow_conf.stat.exists
+      
+  - name: "Restart mailcow Docker Compose"
+    vars:
+      docker_compose_path: "{{ mailcow_dir_result.files[0].path }}"
+    include_role:
+      name: managed-mailcow
+      tasks_from: start-mailcow
+    when: sni.changed

playbooks/managed-mailcow/remove-watchdog-mail.yaml

@@ -0,0 +1,34 @@
+---
+
+- name: Enable SNI globally
+  hosts: all
+  vars:
+    debug: false
+  tasks:
+
+  - name: "Get mailcow Installation location"
+    include_role:
+      name: managed-mailcow
+      tasks_from: find-mailcow-composedir
+
+  - name: "Check if mailcow.conf exists"
+    ansible.builtin.stat:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+    register: mailcow_conf
+
+  - name: "Remove WATCHDOG_NOTIFY_EMAIL globally"
+    ansible.builtin.replace:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+      regexp: "^WATCHDOG_NOTIFY_EMAIL=info@servercow.de"
+      replace: "#WATCHDOG_NOTIFY_EMAIL="
+      backup: yes
+    register: watchdog
+    when: mailcow_conf.stat.exists
+      
+  - name: "Restart mailcow Docker Compose"
+    vars:
+      docker_compose_path: "{{ mailcow_dir_result.files[0].path }}"
+      verbose: false
+    include_role:
+      name: managed-mailcow
+      tasks_from: start-mailcow

playbooks/os-major-upgrade.yml

@@ -2,6 +2,10 @@
   vars:
     os_update_major_version: true # Can either be true or false | To toggle if systems need to be upgraded to newer codename
     os_update_version_codename: "trixie" # Change to switch major release (e.g. bookworm or trixie) | Used for jinja2 Template fill in as it determines the current codename of system where ansible is run on
+    snapshot_name: "AUTO_before_major_{{ ansible_date_time.date }}" # Name of the snapshot to be created before major upgrade
+  vars_files:
+  # Load vault file for sensitive data like Proxmox API tokens
+  - ../vault.yml
   tasks:
     - name: Verify if system is Debian
       debug:
@@ -13,8 +17,53 @@
         msg: "This playbook only supports Debian."
       when: ansible_os_family != "Debian"
 
+    - name: Read /etc/os-release
+      ansible.builtin.slurp:
+        src: /etc/os-release
+      register: os_release
+      when: ansible_os_family == "Debian"
+
+    - name: Extract current codename
+      ansible.builtin.set_fact:
+        current_os_codename: >-
+          {{ (os_release.content | b64decode).splitlines()
+             | select('match','^VERSION_CODENAME=')
+             | list | first | regex_replace('^VERSION_CODENAME=', '') | lower }}
+      when: ansible_os_family == "Debian"
+
+    - name: Show current and target codenames
+      debug:
+        msg: "Current codename: {{ current_os_codename }}, Target codename: {{ os_update_version_codename | lower }}"
+      when: ansible_os_family == "Debian"
+
+    - name: Include Proxmox Info task
+      ansible.builtin.include_role:
+        name: proxmox-automation
+        tasks_from: get-vmid
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
+    - name: Create Snapshot before Modifications
+      ansible.builtin.include_role:
+        name: proxmox-automation
+        tasks_from: create-snapshots
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
     - name: Include OS update role
       ansible.builtin.include_role:
         name: os-updates
         tasks_from: update_major_version
-      when: ansible_os_family == "Debian"
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
+    - name: Check if system is back online after reboot
+      ansible.builtin.wait_for_connection:
+        delay: 10
+        timeout: 300
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower

roles/proxmox-automation/requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - name: community.proxmox
+    version: 1.4.0

roles/proxmox-automation/tasks/create-snapshots.yaml

@@ -0,0 +1,11 @@
+- name: Create new snapshot and keep only the 2 newest snapshots
+  community.proxmox.proxmox_snap:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    vmid: "{{ vmid }}"
+    state: present
+    snapname: "{{ snapshot_name | default('before_update') }}"
+    retention: 2
+  delegate_to: localhost

roles/proxmox-automation/tasks/delete-snapshots.yaml

@@ -0,0 +1,10 @@
+- name: Delete snapshot before_major
+  community.proxmox.proxmox_snap:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    vmid: "{{ vmid }}"
+    state: absent
+    snapname: before_major
+  delegate_to: localhost

roles/proxmox-automation/tasks/get-vmid.yaml

@@ -0,0 +1,15 @@
+- name: Retrieve information about specific VM by name and get current configuration
+  community.proxmox.proxmox_vm_info:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    type: all
+    name: "{{ inventory_hostname }}"
+    config: current
+  register: vm_info
+  delegate_to: localhost
+
+- name: Extract VMID
+  ansible.builtin.set_fact:
+    vmid: "{{ vm_info.proxmox_vms[0].vmid }}"

vault.yml

@@ -1,12 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-32313665396633336165656332313162356665623066313165393464666138623230333666313135
+39616132376365333264333139383264303139356261656431656134396464393364313536303365
-3833623133643564323530336531363531623139376636350a653037623861383664623432333961
+3134623737626537323863386638306438336464663161340a626430393530346466356261353438
-39633864343631376562343839386637386634333264623231636333663230366134323061356639
+61653663613036323537616130356363663637636132356361373436656233316464353361333233
-6336663761396632660a623433356566373534373266366335393463666562343035393138346663
+3163353732376531630a356332663334623565633436313466303561646437316661313439646336
-63396664303837323336396334643663653734666438666364643139386166633938663739303330
+63656663663139353037393336373432613438616264393865646435636165363733323563373662
-39373230616662383263626136663839396662356636663938666135643063363065636133316235
+65353432336436653632663133663362663937306436306464373333366337633665633631393934
-64393962396534393264613534633136353635313564303435313334646533306161346562353566
+66646335316263336239363730653366653831396139633665393161313662353862616263623665
-66383239343932393130626563613437336666623765616439613963306438663665366464326632
+61343366303365613638353764306461633565373138623463346436393762626438316165626337
-37326438386539633930616331303933666537643337303437313234626563363562326361373039
+30626138336430636237643938393962646231373432646565303164653964383565383737336133
-31616661343633303663326165306232306639653035323963363733653538363232333832303833
+63313238666333646366353466636135633231633630313536336466303364313265656263313639
-363165663966363066623762343766393130
+30613637386133386462396536366430333663366638303138646630646563343462346565653034
+61336630393634393639623836633762363832323738343939643736323536663266363766313063
+34623233396337633233386133393139353565666533353535373133306466366531383434633363
+66653763303361613236333764626236383732393735333236363364666365313336336463616334
+61326436356463316231626432633439323035326236613632323262363437336363666166343039
+66383232323762343037386362393735356638333563353433343231303562323839313733666633
+33383937626336613233666363656232313061323333323838356235313962356239353136393238
+65336435653534616538343833313564666366373433623730383631356239363261376562313634
+383763653139333766613235633433656231