From 29bfaf6b3385d8a1146ab67b6ba2a188173110fe Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Tue, 24 Sep 2024 10:25:40 +0200
Subject: [PATCH] refs #8025 relayhost fixes, self vars moved to global

---
 group_vars/all.yml                       | 13 ++++++++++++-
 playbooks/{print-facts.yml => facts.yml} |  2 +-
 roles/debian-base/defaults/main.yaml     |  6 +++---
 roles/debian-base/tasks/main.yml         |  7 ++++---
 roles/debian-base/tasks/relayhost.yml    | 19 ++++++++++++-------
 roles/debian-base/vars/main.yml          |  4 ++--
 roles/send-mail/tasks/main.yml           |  2 +-
 7 files changed, 35 insertions(+), 18 deletions(-)
 rename playbooks/{print-facts.yml => facts.yml} (81%)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index 9625d61..09b751b 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,10 +1,21 @@
-awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es
+sysadmin_mail: sysadmin@verdnatura.es
+smtp_server: smtp.verdnatura.es
+dc_net: "10.0.0.0/16"
 resolv:
   domain: verdnatura.es
   search: verdnatura.es
 resolvers:
   - '10.0.0.4'
   - '10.0.0.5'
+awx_pub_key: >
+  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHn
+  D4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJs
+  OoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2
+  MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2V
+  o05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB
+  9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGT
+  SHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= 
+  awx@awx.verdnatura.es
 nslcd_password: !vault |
   $ANSIBLE_VAULT;1.1;AES256
   30343461633538323832316231383362626636653864353535346461353937313131336135396162
diff --git a/playbooks/print-facts.yml b/playbooks/facts.yml
similarity index 81%
rename from playbooks/print-facts.yml
rename to playbooks/facts.yml
index 91e79a3..aeb0d4f 100644
--- a/playbooks/print-facts.yml
+++ b/playbooks/facts.yml
@@ -8,4 +8,4 @@
       var: ansible_facts
   - name: Print variable value
     debug:
-      msg: "Variable: {{ ansible_virtualization_type }}"
+      msg: "Variable: {{ awx_pub_key }}"
diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml
index ed9eef3..7f95631 100644
--- a/roles/debian-base/defaults/main.yaml
+++ b/roles/debian-base/defaults/main.yaml
@@ -1,11 +1,11 @@
 exim_dc_eximconfig_configtype: satellite
-dc_other_hostnames: "{{ ansible_nodename }}"
+dc_other_hostnames: "{{ ansible_fqdn }}"
 dc_local_interfaces: 127.0.0.1
-dc_readhost: "{{ ansible_nodename }}"
+dc_readhost: "{{ ansible_fqdn }}"
 dc_relay_domains: ""
 dc_minimaldns: false
 dc_relay_nets: ""
-dc_smarthost: smtp.verdnatura.es
+dc_smarthost: "{{ smtp_server }}"
 CFILEMODE: 644
 dc_use_split_config: false
 dc_hide_mailname: true
diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml
index ed03574..88a86ad 100644
--- a/roles/debian-base/tasks/main.yml
+++ b/roles/debian-base/tasks/main.yml
@@ -1,8 +1,9 @@
 - import_tasks: install.yml
-- import_tasks: sudoers.yml
+- import_tasks: locale.yml
+- import_tasks: tzdata.yml
 - import_tasks: motd.yml
 - import_tasks: profile.yml
 - import_tasks: vim.yml
-- import_tasks: locale.yml
-- import_tasks: tzdata.yml
+- import_tasks: sudoers.yml
 - import_tasks: nrpe.yml
+- import_tasks: relayhost.yml
diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml
index 1af0549..eab5dc9 100644
--- a/roles/debian-base/tasks/relayhost.yml
+++ b/roles/debian-base/tasks/relayhost.yml
@@ -2,7 +2,7 @@
   apt:
     name: exim4
     state: present
-- name: Reconfigure relayhost
+- name: Prepare exim configuration
   lineinfile:
     dest: /etc/exim4/update-exim4.conf.conf
     regexp: "{{ item.regexp }}"
@@ -13,11 +13,11 @@
     - regexp: '^dc_eximconfig_configtype'
       line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
     - regexp: '^dc_other_hostnames'
-      line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
+      line: "dc_other_hostnames='{{ dc_other_hostnames }}'"
     - regexp: '^dc_local_interfaces'
       line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
     - regexp: '^dc_readhost'
-      line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
+      line: "dc_readhost='{{ dc_readhost }}'"
     - regexp: '^dc_relay_domains'
       line: "dc_relay_domains='{{ dc_relay_domains }}'"
     - regexp: '^dc_minimaldns'
@@ -37,7 +37,12 @@
     - regexp: '^dc_localdelivery'
       line: "dc_localdelivery='{{ dc_localdelivery }}'"
   notify: restart-exim
-  register: exim4_config
-- name: Sending mail to verify exim4 config works
-  shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es
-  when: exim4_config.changed
+  register: exim_config
+- name: Update exim configuration
+  command: update-exim4.conf
+  when: exim_config.changed
+- name: Sending mail to verify relay host configuration works
+  shell: >
+    echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
+      | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+  when: exim_config.changed
diff --git a/roles/debian-base/vars/main.yml b/roles/debian-base/vars/main.yml
index a0b2eab..4fd5f1c 100644
--- a/roles/debian-base/vars/main.yml
+++ b/roles/debian-base/vars/main.yml
@@ -1,8 +1,8 @@
 fail2ban:
-  email: sysamdmin@verdnatura.es
+  email: "{{ sysadmin_mail }}"
   bantime: 600
   maxretry: 4
-  ignore: 127.0.0.0/8 10.0.0.0/16
+  ignore: "127.0.0.0/8 {{ dc_net }}"
 vn_host:
   url: http://apt.verdnatura.es/pool/main/v/vn-host
   package: vn-host_2.0.2_all.deb
diff --git a/roles/send-mail/tasks/main.yml b/roles/send-mail/tasks/main.yml
index 02b8597..f7dbc94 100644
--- a/roles/send-mail/tasks/main.yml
+++ b/roles/send-mail/tasks/main.yml
@@ -4,7 +4,7 @@
     port: 465
     username: awx@verdnatura.es
     password: "{{ awx_smtp_password }}"
-    to: sysadmin@verdnatura.es
+    to: "{{ sysadmin_mail }}"
     subject: Ansible-test
     body: System {{ ansible_hostname }} has been send successfully mail.
   delegate_to: localhost