Merge pull request #51 from systemli/Remove-secrets-variable-from-role

systemli · Sep 22, 2023 · 62f9d87 · 62f9d87
2 parents 4170098 + 787533d
commit 62f9d87
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 14 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -12,20 +12,21 @@ roundcube_user_home: "/var/www/{{ roundcube_domain }}"
 roundcube_working_dir: "{{ roundcube_user_home }}"
 roundcube_path: "{{ roundcube_working_dir }}/www"
 roundcube_mysql_user: roundcube
-roundcube_mysql_password: "{{ roundcube_mysql_password_enc }}"
+roundcube_mysql_password: ""
 roundcube_mysql_db: roundcubemail
-roundcube_imap_host: 'ssl://{{ roundcube_domain }}:993'
+roundcube_imap_host: "ssl://{{ roundcube_domain }}:993"
 roundcube_skin: elastic
-roundcube_smtp_host: 'ssl://{{ roundcube_domain }}:465'
-roundcube_smtp_user: '%u'
-roundcube_smtp_pass: '%p'
+roundcube_smtp_host: "ssl://{{ roundcube_domain }}:465"
+roundcube_smtp_user: "%u"
+roundcube_smtp_pass: "%p"
 roundcube_identities_level: 1
 roundcube_date_format: d.m.Y
 roundcube_cipher_method: AES-256-CBC
 roundcube_password_charset: UTF-8
 roundcube_sendmail_delay: 4
 roundcube_max_recipients: 250
 roundcube_draft_autosave: 60
+roundcube_des_key: ""
 
 roundcube_plugins:
   - archive
@@ -53,7 +54,7 @@ roundcube_dependencies:
   - php-intl
   - libmcrypt-dev
   - php-mysql
-  - php-curl  # rcmcarddav
+  - php-curl # rcmcarddav
   - python3-mysqldb
   - git
 

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -6,6 +6,6 @@
       ansible.builtin.include_role:
         name: "ansible-role-roundcube"
       vars:
-        roundcube_mysql_password_enc: "password"
+        roundcube_mysql_password: "password"
         roundcube_des_key: "SuperS3cr3tD3SKeys"
-        testing: True
+        testing: true
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: Preflight checks
+  ansible.builtin.import_tasks: preflight.yml
+
 - name: Ensure mandatory variables are defined
   ansible.builtin.assert:
     that:
@@ -7,8 +10,8 @@
 
 - name: Ensure crontab is installed
   ansible.builtin.apt:
-   pkg: "cron"
-   state: present
+    pkg: "cron"
+    state: present
 
 - name: Ensure roundcube group is present
   ansible.builtin.group:
@@ -59,7 +62,7 @@
     dest: "{{ roundcube_working_dir }}"
     owner: "{{ roundcube_user }}"
     group: "{{ roundcube_group }}"
-    mode: '0440'
+    mode: "0440"
   when: not ansible_check_mode
   register: download
 
@@ -117,9 +120,9 @@
   ansible.builtin.command: "{{ roundcube_working_dir }}/current/bin/update.sh"
   changed_when: true
   when:
-   - link.changed
-   - ( not roundcube_enable_installer | bool )
-   - not testing|default(False)
+    - link.changed
+    - ( not roundcube_enable_installer | bool )
+    - not testing|default(False)
 
 - name: Create Roundcube cleandb cronjob
   ansible.builtin.cron:

diff --git a/tasks/preflight.yml b/tasks/preflight.yml
@@ -0,0 +1,8 @@
+---
+- name: Assert that required variables set
+  ansible.builtin.assert:
+    that:
+      - roundcube_mysql_password is defined and roundcube_mysql_password != ""
+      - roundcube_des_key is defined and roundcube_des_key != ""
+    fail_msg: "roundcube_mysql_password and roundcube_des_key must be set"
+    success_msg: "roundcube_mysql_password and roundcube_des_key are set"