mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-02 00:53:08 +01:00
157 lines
4.4 KiB
YAML
157 lines
4.4 KiB
YAML
|
---
|
||
|
# tasks file for debian-mail
|
||
|
|
||
|
- name: Disable APT downloading language translations
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/apt/apt.conf.d/99translations
|
||
|
line: 'Acquire::Languages "none";'
|
||
|
create: true
|
||
|
|
||
|
- name: Add Debian backports
|
||
|
ansible.builtin.apt_repository:
|
||
|
repo: deb http://deb.debian.org/debian bookworm-backports main
|
||
|
state: present
|
||
|
update_cache: true
|
||
|
|
||
|
- name: Install packages
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ packages }}"
|
||
|
state: present
|
||
|
|
||
|
- name: Fetch bridge_pubkey.gpg
|
||
|
ansible.builtin.get_url:
|
||
|
url: https://proton.me/download/bridge/bridge_pubkey.gpg
|
||
|
dest: /tmp/bridge_pubkey.gpg
|
||
|
|
||
|
- name: Sign bridge_pubkey.gpg
|
||
|
ansible.builtin.shell:
|
||
|
cmd: rm -f debsig.gpg && gpg --dearmor --output debsig.gpg bridge_pubkey.gpg
|
||
|
chdir: /tmp
|
||
|
|
||
|
- name: Create keyring directory
|
||
|
ansible.builtin.file:
|
||
|
path: /usr/share/debsig/keyrings/E2C75D68E6234B07
|
||
|
state: directory
|
||
|
recurse: true
|
||
|
|
||
|
- name: Move debsig.gpg to keyring directory
|
||
|
ansible.builtin.copy:
|
||
|
src: /tmp/debsig.gpg
|
||
|
dest: /usr/share/debsig/keyrings/E2C75D68E6234B07
|
||
|
remote_src: true
|
||
|
|
||
|
- name: Create policy directory
|
||
|
ansible.builtin.file:
|
||
|
path: /etc/debsig/policies/E2C75D68E6234B07
|
||
|
state: directory
|
||
|
recurse: true
|
||
|
|
||
|
- name: Fetch and install the policy file
|
||
|
ansible.builtin.get_url:
|
||
|
url: https://proton.me/download/bridge/bridge.pol
|
||
|
dest: /etc/debsig/policies/E2C75D68E6234B07//bridge.pol
|
||
|
|
||
|
- name: Fetch protonmail-bridge DEB package
|
||
|
ansible.builtin.get_url:
|
||
|
url: https://proton.me/download/bridge/protonmail-bridge_3.2.0-1_amd64.deb
|
||
|
dest: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
|
||
|
|
||
|
- name: Verify the signature on the protonmail-bridge package file
|
||
|
ansible.builtin.shell:
|
||
|
cmd: debsig-verify protonmail-bridge_3.2.0-1_amd64.deb
|
||
|
chdir: /tmp
|
||
|
register: debsig_output
|
||
|
failed_when: '"Verified package" not in debsig_output.stdout or debsig_output.rc != 0'
|
||
|
|
||
|
- name: Install protonmail-bridge_3.2.0-1_amd64.deb
|
||
|
ansible.builtin.apt:
|
||
|
deb: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
|
||
|
|
||
|
- name: Create user
|
||
|
ansible.builtin.user:
|
||
|
name: debian
|
||
|
shell: /bin/bash
|
||
|
|
||
|
- name: Set sudo permissions for debian
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: "/etc/sudoers.d/debian"
|
||
|
line: "debian ALL=(ALL) NOPASSWD: ALL"
|
||
|
create: true
|
||
|
|
||
|
- name: Copy systemd unit files for offlineimap
|
||
|
ansible.builtin.copy:
|
||
|
src: /usr/share/doc/offlineimap3/examples/systemd/offlineimap-oneshot.service
|
||
|
dest: /etc/systemd/system/offlineimap-oneshot.service
|
||
|
remote_src: true
|
||
|
|
||
|
- name: Change running user and group to debian for offlineimap-oneshot.service
|
||
|
ansible.builtin.blockinfile:
|
||
|
path: /etc/systemd/system/offlineimap-oneshot.service
|
||
|
insertafter: "Type=oneshot"
|
||
|
block: |
|
||
|
User=debian
|
||
|
Group=debian
|
||
|
|
||
|
- name: Create offlineimap-oneshot.timer
|
||
|
ansible.builtin.blockinfile:
|
||
|
path: /etc/systemd/system/offlineimap-oneshot.timer
|
||
|
create: true
|
||
|
block: |
|
||
|
[Unit]
|
||
|
Description=Offlineimap Query Timer
|
||
|
|
||
|
[Timer]
|
||
|
OnCalendar=daily
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=default.target
|
||
|
|
||
|
- name: Create pm-bridge-tty.service
|
||
|
ansible.builtin.blockinfile:
|
||
|
path: /etc/systemd/system/pm-bridge-tty.service
|
||
|
create: true
|
||
|
block: |
|
||
|
[Unit]
|
||
|
Description=faketty service for protonmail-bridge
|
||
|
|
||
|
[Service]
|
||
|
Type=simple
|
||
|
User=debian
|
||
|
Group=debian
|
||
|
ExecStart=/usr/local/bin/pm-bridge-tty
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
|
||
|
- name: Copy offlineimaprc for debian
|
||
|
ansible.builtin.copy:
|
||
|
src: files/offlineimaprc
|
||
|
dest: /home/debian/.offlineimaprc
|
||
|
owner: debian
|
||
|
group: debian
|
||
|
|
||
|
- name: Copy protonmail-bridge faketty script
|
||
|
ansible.builtin.copy:
|
||
|
src: files/pm-bridge-tty
|
||
|
dest: /usr/local/bin/pm-bridge-tty
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: u=rwx,g=rx,o=rx
|
||
|
|
||
|
- name: Enable offlineimap systemd timer
|
||
|
ansible.builtin.systemd:
|
||
|
name: offlineimap-oneshot.timer
|
||
|
enabled: true
|
||
|
|
||
|
- name: Message to Ansible user
|
||
|
ansible.builtin.debug:
|
||
|
msg:
|
||
|
- "Set passwd for debian"
|
||
|
- "Run 'pm-bridge-tty init' to initialize the bridge."
|
||
|
- "Login to Proton Mail with your user credentials."
|
||
|
- "Wait for the sync to finish."
|
||
|
- "Copy SMTP password and add it to /home/debian/.offlineimaprc"
|
||
|
- "Run 'notmuch setup'"
|
||
|
- "Run 'sudo systemctl enable --now pm-bridge-tty.service'"
|
||
|
- "Run 'sudo systemctl start offlineimap-oneshot.service'"
|