From d00b7a636e946285ee07c3bc36429d969ca4fef8 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 18 Sep 2016 17:35:16 +0200
Subject: [PATCH] Add spampd to apollo
Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
playbooks/apollo.yml | 1 +
roles/spampd/files/sa-update.service | 6 ++++
roles/spampd/files/sa-update.sh | 7 ++++
roles/spampd/files/sa-update.timer | 8 +++++
roles/spampd/files/update-channels | 3 ++
roles/spampd/files/update-gpgkeys | 5 +++
roles/spampd/files/yerp.gpg.key | 41 ++++++++++++++++++++++
roles/spampd/files/zmi.gpg.key | 52 ++++++++++++++++++++++++++++
roles/spampd/handlers/main.yml | 4 +++
roles/spampd/tasks/main.yml | 38 ++++++++++++++++++++
10 files changed, 165 insertions(+)
create mode 100644 roles/spampd/files/sa-update.service
create mode 100644 roles/spampd/files/sa-update.sh
create mode 100644 roles/spampd/files/sa-update.timer
create mode 100644 roles/spampd/files/update-channels
create mode 100644 roles/spampd/files/update-gpgkeys
create mode 100644 roles/spampd/files/yerp.gpg.key
create mode 100644 roles/spampd/files/zmi.gpg.key
create mode 100644 roles/spampd/handlers/main.yml
create mode 100644 roles/spampd/tasks/main.yml
diff --git a/playbooks/apollo.yml b/playbooks/apollo.yml
index 41605598b..da7ef9986 100644
--- a/playbooks/apollo.yml
+++ b/playbooks/apollo.yml
@@ -11,6 +11,7 @@
- { role: borg-client, backup_host: "borg@vostok.archlinux.org", backup_dir: "/backup/apollo", postgres_backup_dir: "/var/lib/postgres/backup", tags: ["borg"] }
- { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
- { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
+ - { role: spampd, tags: ["mail", "spampd"] }
- { role: postfix, postfix_server: false, tags: ["mail", "postfix"] }
- { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
- { role: dovecot, tags: ['mail', "dovecot"] }
diff --git a/roles/spampd/files/sa-update.service b/roles/spampd/files/sa-update.service
new file mode 100644
index 000000000..b18b3dad8
--- /dev/null
+++ b/roles/spampd/files/sa-update.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=sa-update
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/sa-update.sh
diff --git a/roles/spampd/files/sa-update.sh b/roles/spampd/files/sa-update.sh
new file mode 100644
index 000000000..0acc2ac4a
--- /dev/null
+++ b/roles/spampd/files/sa-update.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+/usr/bin/vendor_perl/sa-update --channelfile /etc/mail/spamassassin/update-channels --gpgkeyfile /etc/mail/spamassassin/update-gpgkeys || exit 0
+/usr/bin/vendor_perl/sa-compile --quiet
+systemctl restart spampd
diff --git a/roles/spampd/files/sa-update.timer b/roles/spampd/files/sa-update.timer
new file mode 100644
index 000000000..a558043eb
--- /dev/null
+++ b/roles/spampd/files/sa-update.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=sa-update
+
+[Timer]
+OnCalendar=*-*-* 00:05:00
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/spampd/files/update-channels b/roles/spampd/files/update-channels
new file mode 100644
index 000000000..0a142a074
--- /dev/null
+++ b/roles/spampd/files/update-channels
@@ -0,0 +1,3 @@
+updates.spamassassin.org
+sought.rules.yerp.org
+sa.zmi.at
diff --git a/roles/spampd/files/update-gpgkeys b/roles/spampd/files/update-gpgkeys
new file mode 100644
index 000000000..c5e022654
--- /dev/null
+++ b/roles/spampd/files/update-gpgkeys
@@ -0,0 +1,5 @@
+# sa.zmi.at
+40F74481
+
+# sought.rules.yerp.org
+6C6191E3
diff --git a/roles/spampd/files/yerp.gpg.key b/roles/spampd/files/yerp.gpg.key
new file mode 100644
index 000000000..176a22f1f
--- /dev/null
+++ b/roles/spampd/files/yerp.gpg.key
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.1 (GNU/Linux)
+
+mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT
+s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI
+miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG
+pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I
+h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp
+iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB
+aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v
+0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8
+IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h
+c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA
+am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC
+AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU
+AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr
+armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux
+vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd
+O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0
+SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF
+p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c
+aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY
+maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR
+gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu
+ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD
+b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3
+pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md
+OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg
+ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk
+yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT
+LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy
+buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW
+bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN
+7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd
+MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x
+tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc
+u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ
+B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ
+DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw==
+=nK43
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/spampd/files/zmi.gpg.key b/roles/spampd/files/zmi.gpg.key
new file mode 100644
index 000000000..7d7261a38
--- /dev/null
+++ b/roles/spampd/files/zmi.gpg.key
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.12 (GNU/Linux)
+
+mQINBE9CEIwBEACb16mHs381gLlwiAMP1YpGpjZ82U9cJfjX3okCvhFCSnlvDzad
+fj3J3sVX96aDKkeqg6CLFuNtw0FjzxG3UUCI5IqPplJqGlmpzrznUYpNP4t9cXaN
+5lUdhzlZzbICM3E3o9BjdhGajfbmd2zrNJJOjFXblN/gWatOo9NPTP0L3s6wx/EF
+AEtWJUI9Ohn+jl53p9Kog/GIITD7UPT7mRkd3iwXHVj3yl9hgK0cXX5iP5rIkK+v
+FXHXMyaL0/ZwEe7cpC9wvPGK4LNrG/HiI9bIJJqqmXbIUB6Z0OJ9Gas3LcI/O3/i
+jMLs2cAw2PlY60bG9QLrgI68SpksMZQfAg6FGCdu6Oj3rvcXMXrxO8xOwv3roQjh
+QZVYEik6xxepjtLf37ua5+rXgq0B/nhzKgwByR2UTpaYhTRJwOgNruaE+ViE+21N
+nNLngtKkFuna8kS+AQtVvgmiXhVn8fcHGOsfFqc+e/RFLS+iZAaxg1sPy7sDn+ab
+vmXHyep7lAyezmFn98cCkjK13Gmi5CZELCFlT2yewtjUVfToG9R+yLNFLoCLLGFK
+cVwNRn6PGzEeTNjP82w+wIi2zT7YLV42SJDrVfARPsyKU2Xpbo2KDcdbd1cXTPRd
+rnWQxPGPajA3ovRaVlhNhwzUY34SwB9JIcCiEsOpCUky1als/8LGh/2jtQARAQAB
+tC5zYS56bWkuYXQgKHNhLXVwZGF0ZSBrZXkpIDxzcGFtLWdlcm1hbkB6bWkuYXQ+
+iQI8BBMBAgAmBQJPQhCMAhsDBQkSzAMABgsJCAcDAgQVAggDBBYCAwECHgECF4AA
+CgkQrsKK2UD3RIErLw/+JXbmcPRbEIefVtPh6Um7/MFEMd5TLy70OmjrBaTnEx6Z
+LAsvj0qBT/V3VAQw8TT1XaiLSlNyxY1bp9pVQdO4RhMV1g4VGWiV1SA/W2beqJGo
+oRWQuvyRqQkJAC0x1MVjnCWo0d0FGO9fE9xlifX6pSGcjEwTPjktilGwF3VihFJ1
+OevMhH73L+a8GytxdgZMVFpAL8JNdGE3d/mpuNV4igzriP8lNiAXz3SoA4pE76Bm
+lRj1AXgp/ITDSNiVpBCtQijMI701EwFpvdtd1hnVxqqDvs7Tlti8Ulqda0MP82xQ
+hkoPzQxxww7drqmvmHsEqt5noJiCtsgS1Xjuzwk2UDVL5AL5d0Af2uMkRFPUFsRy
+ZwtqYPZ8mTwjeykuXDnGmpiMuQEFj+efRd3Fs3IGrZBYb/bAuH4ciwuCde45V6Q5
+LkZkzxb73qrDuBn32Szr9KrQ8oW4mVtfqek/QiU6ODnNw5ED1fQ7Q0rFqB46IFNK
+8OE7qE0fSA2679uiPMJDPw6S3QtCTaRwhfmrG/fYXWwNlr/k3IoWW5kHEuSzbXdq
+U0Vm96HBxfFnHK75zC5QBxRHxYoO314+NeS+aJqDjLoZ7Jmcr9vs1e7asKndwEWI
+fJoTP+RHfoNKvu/t5mKzCuK/1Dl1nrsfSgQzLoOF48r4BQelg2xgzvhPHsd9eIm5
+Ag0ET0IQjAEQAMv0ZQ5qdUjZzb8R1GwnvuQxmltsZr/ArZMNs6XxP8JaVmT9877p
+7j80P34+RI45o8ITsJiphurlSh15hWqA8BamaYu2gvmOAGAaAvUTsZDzHaIfcpzi
+3kFeMqpoUFs9A3m2Dv5kbI23ALe4pZbG29ZtqgLXBIQc7JqVlxTO6mvL4/ME9JRz
+3cBHbd31ZGdavUHCR2pN8Pu/GbDacoEITkQwZBbJgfzY9/1p7w5xKQ9GcZfycHZ5
+GhtvepsDDFU10JWK+Ey4amvzt3jfjrmTFmh9YH/rk3aWMfayIjtSg/mxWGk4OegC
++BdEf7VAX0T9UXQDenbdGEpi6C9KI/wzDS1hUUNpud8kp/HVlPXD6kcbdJ6acu70
+Xw98rAkh3dnep4NzP5YjZVRCg+rd31BbmjHEuJ10KoFDnv8L3vve6PmvvRzKE9LM
+aMSB+YRxYvgbnxExA84w7wtJjY3LGNZS9xyD+WM1SzEuMEmALImnIXG/N7MXvGSc
+gM1dJo5fArKOUc0GGejKJY0vcZ8UcofucxJADR/zflPj3/oOtTVdz/+f2DZLbClv
+wAHg/h2ehK/jk4sW5JXIcIoYRCVKznPEZdouoav4Mxf9xk4ol6foY/Ppy+cu28zR
+Wikv2bpPKXjp9qqFCAts0HLDDlIRkNLI6Be7IsZxUdlrAzJoNY9LkgMJABEBAAGJ
+AiUEGAECAA8FAk9CEIwCGwwFCRLMAwAACgkQrsKK2UD3RIG3gA//VGJ151ovYmqz
+AVLdgxl7n1oSMpShJ5I6N88tANE2oMum9OvRDcUWh3hA0I460j6fxXf2JvddPR0c
+zU5dj5N8VlOtgItLCA0PkfrH3hdKhkDjtAnUbw5BloprfmoE2xfTJvRFsVh/dvkD
+aKVrV4iMmY0q/r6+NGynRqkObelii0lhwQnbXxayP0/3i4d65SumtUqX6tfswkih
+TvK97aO5YCGiJzYJGVWqBx6hGql6bng/bNfEAcAB+5zai2/uLRt9gk/IMz8Rjpy0
+rdn/IlpZMA4N+pGWqJf/VC2xLAlMH5T6GVPHUbPMm9R/BM4BJwfAFZwRphfkCVPs
+IhWHIbJlMQely+t3PEW9IgmyoD6GDXAUZyV3lGA3F8maQHltHl5GB8H9wXF4ptQs
+LXjWTTOmnsVN5l1N1FXFpg1LMcqQoicQWe6CJTDdLgrGlcPCQa0oUloO5SKmmXGB
+j1Ig8enxET7v60fQ75KReZewsrn3Ni7DKw4W3o5clFBO17UZcY559U5EfWnvwlCl
+oht87m+PqpRLod2mFSh8JJg6Z0QCThGOMGjS85E9v8OtaQCnowqKic5k9UKy7jTB
+hn2BBVMy9dqnVyh6O0RZ8lvt2bGbfgOYrBoP50A4tbJ33jpnfov282h937Vq3ayi
+cbXphKHfpKOu3R5vADTEhpF06HS7dfg=
+=bBTm
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/spampd/handlers/main.yml b/roles/spampd/handlers/main.yml
new file mode 100644
index 000000000..e2abcd67c
--- /dev/null
+++ b/roles/spampd/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: systemd daemon reload
+ command: systemctl daemon-reload
diff --git a/roles/spampd/tasks/main.yml b/roles/spampd/tasks/main.yml
new file mode 100644
index 000000000..ba9c1891e
--- /dev/null
+++ b/roles/spampd/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+
+# make and gcc are required for sa-compile
+- name: install spampd and dependencies
+ pacman: name=spampd,make,gcc state=present
+
+- name: install sa-update.sh
+ copy: src=sa-update.sh dest=/usr/local/bin/sa-update.sh owner=root group=root mode=755
+
+- name: install support files
+ copy: src={{ item }} dest=/etc/mail/spamassassin/{{ item }} owner=root group=root mode=644
+ with_items:
+ - update-gpgkeys
+ - update-channels
+ - yerp.gpg.key
+ - zmi.gpg.key
+
+- name: install systemd timers
+ copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
+ with_items:
+ - sa-update.timer
+ - sa-update.service
+ notify:
+ - systemd daemon reload
+
+- name: add gpg keys to SA keyring
+ command: /usr/bin/vendor_perl/sa-update --import "/etc/mail/spamassassin/{{item}}"
+ with_items:
+ - yerp.gpg.key
+ - zmi.gpg.key
+
+- name: activate systemd timers
+ service: name={{ item }} enabled=yes state=started
+ with_items:
+ sa-update.timer
+
+- name: start spampd
+ service: name=spampd enabled=yes state=started
--
GitLab