reorganize code structure

.ansible-lint-ignore

@@ -1,3 +1,3 @@
-tasks/ssl.yml schema[tasks] # no idea why the linter complains on this one, the whole thing works
+tasks/security/ssl.yml schema[tasks] # no idea why the linter complains on this one, the whole thing works
 meta/main.yml schema[meta] # the platform EL version 8 does exist - not sure why the linter complains about it
 defaults/main.yaml jinja[spacing] # the current setup makes the schema more readable

tasks/backups.yml → tasks/backups/main.yml

@@ -183,12 +183,12 @@
       register: start_ldap_server
       changed_when: start_ldap_server.rc == 0
     - name: Restore service tarball backups
-      ansible.builtin.include_tasks: restore_service_tarball_backup.yml
+      ansible.builtin.include_tasks: backups/restore_service_tarball_backup.yml
       vars:
         service: cyrus-imap
         service_backup_path: "{{ imap_backup_path }}"
     - name: Restore service tarball backups
-      ansible.builtin.include_tasks: restore_service_tarball_backup.yml
+      ansible.builtin.include_tasks: backups/restore_service_tarball_backup.yml
       vars:
         service: "{{ item }}"
         service_backup_path: "{{ vars[item ~ '_backup_path'] }}"

tasks/configure_dyndns_subdomain.yml → tasks/dns/configure_dyndns_subdomain.yml

@@ -3,7 +3,7 @@
   tags:
     - dyndns
     - poweradmin
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}dyndns.{% endif %}{{ mailserver_domain }}"
@@ -15,7 +15,7 @@
   tags:
     - dyndns
     - poweradmin
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
@@ -27,7 +27,7 @@
   tags:
     - dyndns
     - poweradmin
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"

tasks/create_default_cname_records.yml → tasks/dns/create_default_cname_records.yml

@@ -1,6 +1,6 @@
 ---
 - name: Fill default CNAME records
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{{ dns_zone }}"

tasks/dns_records.yml → tasks/dns/dns_records.yml

@@ -34,13 +34,13 @@
   register: set_primary_zone
   changed_when: set_primary_zone.rc == 0
 - name: Fill DNS zone
-  ansible.builtin.include_tasks: fill_default_dns_records.yml
+  ansible.builtin.include_tasks: dns/fill_default_dns_records.yml
   vars:
     dns_zone: "{{ item }}"
   loop: "{{ [mailserver_domain] + custom_domains }}"
   when: public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines))
 - name: Create default CNAME records
-  ansible.builtin.include_tasks: create_default_cname_records.yml
+  ansible.builtin.include_tasks: dns/create_default_cname_records.yml
   vars:
     dns_zone: "{{ item }}"
   loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] }}"

tasks/dyndns.yml → tasks/dns/dyndns.yml

@@ -128,7 +128,7 @@
   tags:
     - dyndns
     - poweradmin
-  ansible.builtin.import_tasks: add_dns_record.yml
+  ansible.builtin.import_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "dyndns.{{ mailserver_domain }}"
@@ -140,7 +140,7 @@
   tags:
     - dyndns
     - poweradmin
-  ansible.builtin.import_tasks: add_dns_record.yml
+  ansible.builtin.import_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "dyndns.{{ mailserver_domain }}"
@@ -153,7 +153,7 @@
     - dyndns
     - poweradmin
     - users
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   when: dyndns_item != "server"
   vars:
     record:
@@ -171,7 +171,7 @@
     - dyndns
     - poweradmin
     - users
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "dyndns.{{ mailserver_domain }}"
@@ -183,7 +183,7 @@
   loop_control:
     loop_var: dyndns_item
 - name: Configure DynDNS subdomains
-  ansible.builtin.include_tasks: configure_dyndns_subdomain.yml
+  ansible.builtin.include_tasks: dns/configure_dyndns_subdomain.yml
   when: dyndns_item != "server"
   loop: "{{ [''] + (wg_configs.keys() | list) }}"
   loop_control:

tasks/fill_default_dns_records.yml → tasks/dns/fill_default_dns_records.yml

@@ -1,6 +1,6 @@
 ---
 - name: Fill default DNS records
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     empty_apostrophes: "''"
     record:

tasks/dns.yml → tasks/dns/main.yml

@@ -1,19 +1,19 @@
 ---
 - name: Open firewall
-  ansible.builtin.import_tasks: firewall.yml
+  ansible.builtin.import_tasks: security/firewall.yml
   vars:
     port: dns # noqa var-naming[no-reserved] we refer to a port here, so I call it a port
   when: 'public_dns == "yes"'
 - name: Configure local DNS cache
-  ansible.builtin.import_tasks: local_dns_cache.yml
+  ansible.builtin.import_tasks: dns/local_dns_cache.yml
 - name: Configure PowerDNS
-  ansible.builtin.import_tasks: pdns.yml
+  ansible.builtin.import_tasks: dns/pdns.yml
 - name: Set up DNS records
-  ansible.builtin.import_tasks: dns_records.yml
+  ansible.builtin.import_tasks: dns/dns_records.yml
 - name: Configure PowerDNS recursor
-  ansible.builtin.import_tasks: pdns_recursor.yml
+  ansible.builtin.import_tasks: dns/pdns_recursor.yml
 - name: Configure DNSDist
-  ansible.builtin.import_tasks: dnsdist.yml
+  ansible.builtin.import_tasks:   dns/dnsdist.yml
 - name: Make sure PowerDNS is running
   ansible.builtin.systemd_service:
     name: pdns
@@ -35,7 +35,7 @@
     state: started
   when: 'public_dns == "yes"'
 - name: Configure PowerAdmin
-  ansible.builtin.import_tasks: poweradmin.yml
+  ansible.builtin.import_tasks: dns/poweradmin.yml
   tags:
     - dyndns
     - poweradmin

tasks/pdns.yml → tasks/dns/pdns.yml

@@ -1,6 +1,6 @@
 ---
 - name: Create PowerDNS DB
-  ansible.builtin.import_tasks: create_mariadb_schema.yml
+  ansible.builtin.import_tasks: mariadb/create_mariadb_schema.yml
   vars:
     mariadb_database: powerdnsdb
     mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}"
@@ -16,7 +16,7 @@
   no_log: yes
   when: 'public_dns == "yes"'
 # - name: Fill PowerDNS DB with data
-#   ansible.builtin.import_tasks: fill_mariadb_data.yml
+#   ansible.builtin.import_tasks: mariadb/fill_mariadb_data.yml
 #   vars:
 #     mariadb_database:
 #       db: powerdnsdb

tasks/propagate_dkim_txt_records.yml → tasks/dns/propagate_dkim_txt_records.yml

@@ -8,7 +8,7 @@
     desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\"  \"', '').replace('\" )  ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" # noqa no-tabs we need tabs in this content
     current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" # noqa no-tabs we need tabs in this content
 - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards
-  ansible.builtin.import_tasks: add_dns_record.yml
+  ansible.builtin.import_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{{ domain_item }}"

tasks/propagate_ssl_txt_records.yml → tasks/dns/propagate_ssl_txt_records.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards
-  ansible.builtin.import_tasks: add_dns_record.yml
+  ansible.builtin.import_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{{ challenge_item.key | replace('*.', '') }}"

tasks/httpd.yml → tasks/httpd/main.yml

@@ -6,7 +6,7 @@
     - poweradmin
     - wireguard
     - webdav
-  ansible.builtin.include_tasks: firewall.yml
+  ansible.builtin.include_tasks: security/firewall.yml
   vars:
     port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port
   loop:

tasks/kolab.yml → tasks/kolab/main.yml

@@ -271,7 +271,7 @@
   tags:
     - users
 - name: Set up user mail aliases
-  ansible.builtin.include_tasks: user_mail_alias.yml
+  ansible.builtin.include_tasks: mail/user_mail_alias.yml
   loop: "{{ users }}"
   loop_control:
     loop_var: user
@@ -513,7 +513,7 @@
 - name: Refresh the certificates
   ansible.builtin.command: 'openssl rehash /etc/dirsrv/slapd-{{ mailserver_domain | split(".") | first }}'
 - name: Configure LDAP
-  ansible.builtin.import_tasks: ldap.yml
+  ansible.builtin.import_tasks: ldap/main.yml
   tags:
     - ldap
     - users

tasks/ldap.yml → tasks/ldap/main.yml

@@ -208,7 +208,7 @@
 - name: Extract user data from the OS
   ansible.builtin.command: /var/tmp/extract_user_data_to_migrate.sh
 - name: "Update LDAP entries: {{ user_data_item }}"
-  ansible.builtin.include_tasks: convert_user_to_ldif.yml
+  ansible.builtin.include_tasks: ldap/convert_user_to_ldif.yml
   loop: "{{ users }}"
   loop_control:
     loop_var: user_data_item
@@ -219,20 +219,20 @@
     - users
   block:
     - name: "Add user to Kolab: {{ user.name }}"
-      ansible.builtin.include_tasks: add_kolab_user.yml
+      ansible.builtin.include_tasks: kolab/add_kolab_user.yml
       loop: "{{ users }}"
       loop_control:
         loop_var: user
   rescue:
     - name: Authenticate against the Kolab API
-      ansible.builtin.include_tasks: kolab_auth.yml
+      ansible.builtin.include_tasks: kolab/kolab_auth.yml
     - name: "Add user to Kolab: {{ user.name }}"
-      ansible.builtin.include_tasks: add_kolab_user.yml
+      ansible.builtin.include_tasks: kolab/add_kolab_user.yml
       loop: "{{ users }}"
       loop_control:
         loop_var: user
 - name: Set admin user group membership
-  ansible.builtin.include_tasks: add_admin_user_to_ldap_groups.yml
+  ansible.builtin.include_tasks: ldap/add_admin_user_to_ldap_groups.yml
   loop:
     - "cn=Directory Administrators,dc={{ mailserver_domain | split('.') | join(',dc=') }}"
     - "cn=Accounting Managers,ou=groups,dc={{ mailserver_domain | split('.') | join(',dc=') }}"

tasks/dkim.yml → tasks/mail/dkim.yml

@@ -1,6 +1,6 @@
 ---
 # - name: Open firewall
-#   ansible.builtin.import_tasks: firewall.yml
+#   ansible.builtin.import_tasks: security/firewall.yml
 #   vars:
 #     port: 8891/tcp # noqa var-naming[no-reserved] we refer to a port here, so I call it a port
 - name: Configure OpenDKIM
@@ -88,7 +88,7 @@
     groups: opendkim
     append: yes
 - name: Check DKIM TXT records
-  ansible.builtin.include_tasks: propagate_dkim_txt_records.yml
+  ansible.builtin.include_tasks: dns/propagate_dkim_txt_records.yml
   vars:
     current_domain: "{{ item }}"
   loop: "{{ [mailserver_domain] + custom_domains }}"

tasks/dmarc.yml → tasks/mail/dmarc.yml

@@ -28,7 +28,7 @@
     - { key: "IgnoreMailFrom", value: "{{ undeliverable_exceptions | join(',') }}", comment: false }
   notify: Restart opendmarc
 - name: Set up DMARC TXT records
-  ansible.builtin.include_tasks: add_dns_record.yml
+  ansible.builtin.include_tasks: dns/add_dns_record.yml
   vars:
     record:
       zone: "{{ item }}"

tasks/postfix.yml → tasks/mail/postfix.yml

@@ -12,7 +12,7 @@
     system: yes
     uid: 2000
 - name: Open firewall
-  ansible.builtin.include_tasks: firewall.yml
+  ansible.builtin.include_tasks: security/firewall.yml
   vars:
     port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port
   loop:
@@ -34,7 +34,7 @@
   register: apply_new_aliases
   changed_when: apply_new_aliases.rc == 0
 - name: Set up automatic restart of services
-  ansible.builtin.import_tasks: autorestart.yml
+  ansible.builtin.import_tasks: systemd/autorestart.yml
   vars:
     service: postfix
 # - name: Deploy Postfix master config
@@ -66,10 +66,10 @@
 - name: Configure Postfix main.cf
   tags:
     - users
-  community.general.ini_file:
+  ansible.builtin.lineinfile:
+    regexp: "^{{ item.key }} = "
     path: /etc/postfix/main.cf
-    option: "{{ item.key }}"
-    value: "{{ item.value }}"
+    line: "{{ item.key }} = {{ item.value }}"
     backup: true
     mode: u=rw,og=r
     owner: root

tasks/postfixadmin.yml → tasks/mail/postfixadmin.yml

@@ -22,7 +22,7 @@
     setype: httpd_sys_rw_content_t
     recurse: yes
 - name: Create postfixadmin DB schema
-  ansible.builtin.import_tasks: create_mariadb_schema.yml
+  ansible.builtin.import_tasks: mariadb/create_mariadb_schema.yml
   vars:
     mariadb_database: postfixadmin
     mariadb_state: "{{ ('import' if reset == 'yes') | default('present') }}"
@@ -37,7 +37,7 @@
     login_password: "{{ mysql_root_password }}"
   no_log: yes
 - name: Fill postfixadmin DB with data
-  ansible.builtin.import_tasks: fill_mariadb_data.yml
+  ansible.builtin.import_tasks: mariadb/fill_mariadb_data.yml
   vars:
     mariadb_database:
       db: postfixadmin