diff --git a/.talismanrc b/.talismanrc index 9a35049..c989102 100644 --- a/.talismanrc +++ b/.talismanrc @@ -57,3 +57,8 @@ fileignoreconfig: - filename: templates/mailcow_backup.sh.j2 ignore_detectors: [filename] + +allowed_patterns: + - > + [-_a-zA-Z0-9]+: +"{{ [-_a-zA-Z0-9]+ }}" + diff --git a/README.md b/README.md index 03606d9..c603057 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,10 @@ Note that this also requires installation of the python libraries `docker` and ` | configuration | `mailcow_submission_port` | `587` | the SUBMISSION_PORT in mailcow.conf | | configuration | `mailcow_greylisting` | `true` | if greylisting should be active | | configuration | `mailcow_mynetworks` | `` | list of subnetwork masks to add to `mynetworks` in postfix
if subnetwork masks are provided at the beginning `127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10` is added (local) | +| oauth2 | `mailcow_oauth2_client_id` | | the client id for the mailcow oauth2 app | +| oauth2 | `mailcow_oauth2_client_secret` | | the client secret for the mailcow oauth2 app | +| oauth2 | `mailcow_oauth2_client_redirect_uri` | | the redirect uri for the mailcow oauth2 app | +| oauth2 | `mailcow_oauth2_client_scope` | `profile` | the scope for the mailcow oauth2 app | | backup | `mailcow_configure_backup` | `false` | if backup of the mailcow should be configured for unattended backup | | backup | `mailcow_path` | `/opt/mailcow` | the mailcow path for the backup artifacts (scripts) | | backup | `mailcow_backup_path` | `/var/backups/mailcow` | the path for the mailcow backup | diff --git a/defaults/main.yml b/defaults/main.yml index 4f7402c..00b5ba7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,7 @@ --- +# mailcow_hostname: + mailcow_install_path: /opt/mailcow-dockerized mailcow_timezone: Europe/Berlin mailcow_version: master @@ -39,6 +41,11 @@ mailcow_dns_dkim: true mailcow_dns_do: true mailcow_dns_debug: false +# mailcow_oauth2_client_id: +# mailcow_oauth2_client_secret: +# mailcow_oauth2_client_redirect_uri: +mailcow_oauth2_client_scope: profile + mailcow_configure_backup: false mailcow_path: /opt/mailcow mailcow_backup_path: /var/backups/mailcow diff --git a/tasks/mailcow_oauth2.yml b/tasks/mailcow_oauth2.yml new file mode 100644 index 0000000..f2cf063 --- /dev/null +++ b/tasks/mailcow_oauth2.yml @@ -0,0 +1,17 @@ +--- + +- name: Ensure oauth2-client in mailcow + ansible.builtin.uri: + url: "{{ mailcow_api_url }}/add/oauth2-client" + body_format: json + headers: + X-API-Key: "{{ mailcow_api_key }}" + method: post + body: + client_id: "{{ mailcow_oauth2_client_id }}" + client_secret: "{{ mailcow_oauth2_client_secret }}" + redirect_uri: "{{ mailcow_oauth2_client_redirect_uri }}" # "https://authentik.with.de/source/oauth/callback/mailcow" + scope: "{{ mailcow_oauth2_client_scope }}" + register: _response + +... diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..d4e033c --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,5 @@ +--- + +mailcow_api_url: "https://{{ mailcow_hostname }}/api/v1" + +...