added new playbooks and tasks

2025-11-19 11:23:50 +01:00
parent 7c9a2109d5
commit 787f438a97
8 changed files with 177 additions and 12 deletions
--- a/playbooks/managed-mailcow/enable-sni-globally.yml
+++ b/playbooks/managed-mailcow/enable-sni-globally.yml
@@ -0,0 +1,34 @@
+---
+
+- name: Enable SNI globally
+  hosts: all
+  vars:
+    debug: false
+  tasks:
+
+  - name: "Get mailcow Installation location"
+    include_role:
+      name: managed-mailcow
+      tasks_from: find-mailcow-composedir
+
+  - name: "Prüfe ob mailcow.conf exists"
+    ansible.builtin.stat:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+    register: mailcow_conf
+
+  - name: "Setze SNI global ein"
+    ansible.builtin.replace:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+      regexp: "^ENABLE_SSL_SNI=n"
+      replace: "ENABLE_SSL_SNI=y"
+      backup: yes
+    register: sni
+    when: mailcow_conf.stat.exists
+      
+  - name: "Restart mailcow Docker Compose"
+    vars:
+      docker_compose_path: "{{ mailcow_dir_result.files[0].path }}"
+    include_role:
+      name: managed-mailcow
+      tasks_from: start-mailcow
+    when: sni.changed
--- a/playbooks/managed-mailcow/remove-watchdog-mail.yaml
+++ b/playbooks/managed-mailcow/remove-watchdog-mail.yaml
@@ -0,0 +1,34 @@
+---
+
+- name: Enable SNI globally
+  hosts: all
+  vars:
+    debug: false
+  tasks:
+
+  - name: "Get mailcow Installation location"
+    include_role:
+      name: managed-mailcow
+      tasks_from: find-mailcow-composedir
+
+  - name: "Check if mailcow.conf exists"
+    ansible.builtin.stat:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+    register: mailcow_conf
+
+  - name: "Remove WATCHDOG_NOTIFY_EMAIL globally"
+    ansible.builtin.replace:
+      path: "{{ mailcow_dir_result.files[0].path }}/mailcow.conf"
+      regexp: "^WATCHDOG_NOTIFY_EMAIL=info@servercow.de"
+      replace: "#WATCHDOG_NOTIFY_EMAIL="
+      backup: yes
+    register: watchdog
+    when: mailcow_conf.stat.exists
+      
+  - name: "Restart mailcow Docker Compose"
+    vars:
+      docker_compose_path: "{{ mailcow_dir_result.files[0].path }}"
+      verbose: false
+    include_role:
+      name: managed-mailcow
+      tasks_from: start-mailcow
--- a/playbooks/os-major-upgrade.yml
+++ b/playbooks/os-major-upgrade.yml
@@ -2,6 +2,10 @@
  vars:
    os_update_major_version: true # Can either be true or false | To toggle if systems need to be upgraded to newer codename
    os_update_version_codename: "trixie" # Change to switch major release (e.g. bookworm or trixie) | Used for jinja2 Template fill in as it determines the current codename of system where ansible is run on
+    snapshot_name: "AUTO_before_major_{{ ansible_date_time.date }}" # Name of the snapshot to be created before major upgrade
+  vars_files:
+  # Load vault file for sensitive data like Proxmox API tokens
+  - ../vault.yml
  tasks:
    - name: Verify if system is Debian
      debug:
@@ -13,8 +17,53 @@
        msg: "This playbook only supports Debian."
      when: ansible_os_family != "Debian"

+    - name: Read /etc/os-release
+      ansible.builtin.slurp:
+        src: /etc/os-release
+      register: os_release
+      when: ansible_os_family == "Debian"
+
+    - name: Extract current codename
+      ansible.builtin.set_fact:
+        current_os_codename: >-
+          {{ (os_release.content | b64decode).splitlines()
+             | select('match','^VERSION_CODENAME=')
+             | list | first | regex_replace('^VERSION_CODENAME=', '') | lower }}
+      when: ansible_os_family == "Debian"
+
+    - name: Show current and target codenames
+      debug:
+        msg: "Current codename: {{ current_os_codename }}, Target codename: {{ os_update_version_codename | lower }}"
+      when: ansible_os_family == "Debian"
+
+    - name: Include Proxmox Info task
+      ansible.builtin.include_role:
+        name: proxmox-automation
+        tasks_from: get-vmid
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
+    - name: Create Snapshot before Modifications
+      ansible.builtin.include_role:
+        name: proxmox-automation
+        tasks_from: create-snapshots
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
    - name: Include OS update role
      ansible.builtin.include_role:
        name: os-updates
        tasks_from: update_major_version
-      when: ansible_os_family == "Debian"
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
+
+    - name: Check if system is back online after reboot
+      ansible.builtin.wait_for_connection:
+        delay: 10
+        timeout: 300
+      when:
+        - ansible_os_family == "Debian"
+        - current_os_codename | lower != os_update_version_codename | lower
--- a/roles/proxmox-automation/requirements.yml
+++ b/roles/proxmox-automation/requirements.yml
@@ -0,0 +1,4 @@
+---
+collections:
+  - name: community.proxmox
+    version: 1.4.0
--- a/roles/proxmox-automation/tasks/create-snapshots.yaml
+++ b/roles/proxmox-automation/tasks/create-snapshots.yaml
@@ -0,0 +1,11 @@
+- name: Create new snapshot and keep only the 2 newest snapshots
+  community.proxmox.proxmox_snap:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    vmid: "{{ vmid }}"
+    state: present
+    snapname: "{{ snapshot_name | default('before_update') }}"
+    retention: 2
+  delegate_to: localhost
--- a/roles/proxmox-automation/tasks/delete-snapshots.yaml
+++ b/roles/proxmox-automation/tasks/delete-snapshots.yaml
@@ -0,0 +1,10 @@
+- name: Delete snapshot before_major
+  community.proxmox.proxmox_snap:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    vmid: "{{ vmid }}"
+    state: absent
+    snapname: before_major
+  delegate_to: localhost
--- a/roles/proxmox-automation/tasks/get-vmid.yaml
+++ b/roles/proxmox-automation/tasks/get-vmid.yaml
@@ -0,0 +1,15 @@
+- name: Retrieve information about specific VM by name and get current configuration
+  community.proxmox.proxmox_vm_info:
+    api_host: "{{ proxmox_host }}"
+    api_user: "{{ proxmox_user }}"
+    api_token_id: "{{ proxmox_token_id }}"
+    api_token_secret: "{{ proxmox_token_secret }}"
+    type: all
+    name: "{{ inventory_hostname }}"
+    config: current
+  register: vm_info
+  delegate_to: localhost
+
+- name: Extract VMID
+  ansible.builtin.set_fact:
+    vmid: "{{ vm_info.proxmox_vms[0].vmid }}"
--- a/vault.yml
+++ b/vault.yml
@@ -1,12 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-32313665396633336165656332313162356665623066313165393464666138623230333666313135
-3833623133643564323530336531363531623139376636350a653037623861383664623432333961
-39633864343631376562343839386637386634333264623231636333663230366134323061356639
-6336663761396632660a623433356566373534373266366335393463666562343035393138346663
-63396664303837323336396334643663653734666438666364643139386166633938663739303330
-39373230616662383263626136663839396662356636663938666135643063363065636133316235
-64393962396534393264613534633136353635313564303435313334646533306161346562353566
-66383239343932393130626563613437336666623765616439613963306438663665366464326632
-37326438386539633930616331303933666537643337303437313234626563363562326361373039
-31616661343633303663326165306232306639653035323963363733653538363232333832303833
-363165663966363066623762343766393130
+39616132376365333264333139383264303139356261656431656134396464393364313536303365
+3134623737626537323863386638306438336464663161340a626430393530346466356261353438
+61653663613036323537616130356363663637636132356361373436656233316464353361333233
+3163353732376531630a356332663334623565633436313466303561646437316661313439646336
+63656663663139353037393336373432613438616264393865646435636165363733323563373662
+65353432336436653632663133663362663937306436306464373333366337633665633631393934
+66646335316263336239363730653366653831396139633665393161313662353862616263623665
+61343366303365613638353764306461633565373138623463346436393762626438316165626337
+30626138336430636237643938393962646231373432646565303164653964383565383737336133
+63313238666333646366353466636135633231633630313536336466303364313265656263313639
+30613637386133386462396536366430333663366638303138646630646563343462346565653034
+61336630393634393639623836633762363832323738343939643736323536663266363766313063
+34623233396337633233386133393139353565666533353535373133306466366531383434633363
+66653763303361613236333764626236383732393735333236363364666365313336336463616334
+61326436356463316231626432633439323035326236613632323262363437336363666166343039
+66383232323762343037386362393735356638333563353433343231303562323839313733666633
+33383937626336613233666363656232313061323333323838356235313962356239353136393238
+65336435653534616538343833313564666366373433623730383631356239363261376562313634
+383763653139333766613235633433656231