From cacd6df076036859b8248bcd4f660d7480c42f80 Mon Sep 17 00:00:00 2001
From: Udo Waechter <udo@maketank.net>
Date: Mon, 25 Aug 2025 14:49:08 +0200
Subject: [PATCH] more maketank roles for mx

---
 inventory.yaml => inventory/01-maketank.yaml  |  0
 roles/mkt-mx/tasks/main.yaml                  | 35 +++++++++++++++++++
 ...-generate-passdb.rb => generate-passdb.rb} |  0
 .../files/postgrey/generate_whitelist.sh      |  6 ++++
 .../files/powerdns/cleanup_slave_zones.sh     | 30 ----------------
 .../files/update-motd.d/20-mkt-failover       | 18 ----------
 .../mkt-scripts/files/update-motd.d/30-virsh  |  5 ---
 roles/mkt-scripts/tasks/main.yaml             | 23 ++----------
 site.yaml                                     |  5 +++
 9 files changed, 49 insertions(+), 73 deletions(-)
 rename inventory.yaml => inventory/01-maketank.yaml (100%)
 create mode 100644 roles/mkt-mx/tasks/main.yaml
 rename roles/mkt-scripts/files/dovecot/{dovecot-generate-passdb.rb => generate-passdb.rb} (100%)
 create mode 100755 roles/mkt-scripts/files/postgrey/generate_whitelist.sh
 delete mode 100755 roles/mkt-scripts/files/powerdns/cleanup_slave_zones.sh
 delete mode 100755 roles/mkt-scripts/files/update-motd.d/20-mkt-failover
 delete mode 100755 roles/mkt-scripts/files/update-motd.d/30-virsh

diff --git a/inventory.yaml b/inventory/01-maketank.yaml
similarity index 100%
rename from inventory.yaml
rename to inventory/01-maketank.yaml
diff --git a/roles/mkt-mx/tasks/main.yaml b/roles/mkt-mx/tasks/main.yaml
new file mode 100644
index 0000000..d16bfa8
--- /dev/null
+++ b/roles/mkt-mx/tasks/main.yaml
@@ -0,0 +1,35 @@
+- name: mkt-scripts
+  include_role:
+    name: mkt-scripts
+    
+- name: postfix maps
+  cron:
+    name: postfix maps
+    minute: "*/5"
+    job: /etc/maketank/postfix/generate_maps.sh
+       
+- name: cronjob postgrey
+  cron:
+    name: postgrey whitelist
+    minute: "*/15"
+    job: /etc/maketank/postgrey/generate_whitelist.sh
+    
+- name: amavis dkim
+  cron:
+    name: amavis dkim conf
+    minute: "*/15"
+    job: /etc/maketank/amavis/generate-dkim-conf.sh
+    
+- name: amavis sa-learn
+  cron:
+    name: amavis sa-learn
+    user: amavis
+    minute: "*/42"
+    job: /etc/maketank/amavis/sa-learn.sh
+    
+- name: dovecot passdb
+  cron:
+    name: dovecot generate passdb
+    user: dovecot
+    minute: "*/5"
+    job: /etc/maketank/dovecot/generate-passdb.rb
\ No newline at end of file
diff --git a/roles/mkt-scripts/files/dovecot/dovecot-generate-passdb.rb b/roles/mkt-scripts/files/dovecot/generate-passdb.rb
similarity index 100%
rename from roles/mkt-scripts/files/dovecot/dovecot-generate-passdb.rb
rename to roles/mkt-scripts/files/dovecot/generate-passdb.rb
diff --git a/roles/mkt-scripts/files/postgrey/generate_whitelist.sh b/roles/mkt-scripts/files/postgrey/generate_whitelist.sh
new file mode 100755
index 0000000..1606d2c
--- /dev/null
+++ b/roles/mkt-scripts/files/postgrey/generate_whitelist.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+mariadb --skip-ssl -h 10.201.0.4 -u maketank -pknatekam2007 \
+        -B --database=maketank_froxlor \
+        -e 'select email_full from mail_virtual where disablegreylist = 1' \
+        |grep -v email_full >/etc/postgrey/whitelist_recipients.local
\ No newline at end of file
diff --git a/roles/mkt-scripts/files/powerdns/cleanup_slave_zones.sh b/roles/mkt-scripts/files/powerdns/cleanup_slave_zones.sh
deleted file mode 100755
index 46b36f8..0000000
--- a/roles/mkt-scripts/files/powerdns/cleanup_slave_zones.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-##### PUPPET ###############
-# from here: http://hostingondemand.nl/techniek/pdns-clean-up-script/
-# Dependencies:
-# bind-utils
-# sqlite3
-#### Config ################################
-
-DB="/var/lib/powerdns/pdns.sqlite3"
-
-#### End of Config #########################
-SQL="/usr/bin/sqlite3 ${DB}"
-
-check() {
-   dig @$1 $2 -t SOA  +noall +answer +nocomment | grep -q maketank.net
-   if [ $? != 0 ]; then
-     echo "$1 $2: Server not AUTH or SERVfail - removing zone..."
-     DOMAIN_ID=`$SQL "SELECT id FROM domains WHERE name=\'$2\' AND type=\'SLAVE\' AND master=\'$1\' LIMIT 1;"`
-     $SQL "DELETE FROM records WHERE domain_id=\'$DOMAIN_ID\';"
-     $SQL "DELETE FROM domains WHERE id=\'$DOMAIN_ID\';"
-   fi
-}
-
-MASTERS=(`$SQL "SELECT DISTINCT ip FROM supermasters;"`)
-for m in "${MASTERS[@]}"; do
-  NAMES=(`$SQL "SELECT name FROM domains WHERE type = \'SLAVE\' AND master = \'${m}\';"`)
-  for d in "${NAMES[@]}"; do
-    check ${m} ${d}
-  done
-done
\ No newline at end of file
diff --git a/roles/mkt-scripts/files/update-motd.d/20-mkt-failover b/roles/mkt-scripts/files/update-motd.d/20-mkt-failover
deleted file mode 100755
index e6c4789..0000000
--- a/roles/mkt-scripts/files/update-motd.d/20-mkt-failover
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-echo
-echo "FailoverIPs on hosts"
-OUT=$(curl -u '#ws+7PVgXWxp:UypGThnJ5KJDXTCN' https://robot-ws.your-server.de/failover 2>/dev/null)
-#OUT=$(cat fo)
-
-#echo $OUT |
-jq  -a -r '.[] | [ .failover.ip, .failover.active_server_ip ] | @csv' <<< $OUT | 
-while read -r line
-do
-    line=$(sed 's/"//g' <<< $line)
-    IFS=',' read -r -a arr <<< "$line"
-    FOIP=$(dig -x ${arr[0]} +short)
-    HOST=$(dig -x ${arr[1]} +short)
-    printf "%15s %20s => %15s %20s\n" ${arr[0]} ${FOIP::-1} ${arr[1]} ${HOST::-1}
-done
-echo
-echo
\ No newline at end of file
diff --git a/roles/mkt-scripts/files/update-motd.d/30-virsh b/roles/mkt-scripts/files/update-motd.d/30-virsh
deleted file mode 100755
index d9527a4..0000000
--- a/roles/mkt-scripts/files/update-motd.d/30-virsh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-echo
-virsh list --all
-echo
\ No newline at end of file
diff --git a/roles/mkt-scripts/tasks/main.yaml b/roles/mkt-scripts/tasks/main.yaml
index 9f8177e..6912b5e 100644
--- a/roles/mkt-scripts/tasks/main.yaml
+++ b/roles/mkt-scripts/tasks/main.yaml
@@ -1,21 +1,4 @@
-- name: "mkt-scripts: create dir"
-  file:
-    path: /etc/maketank
-    state: directory
-    mode: '0755'
-- name: "mkt-scripts: create-remote-dirs"
-  file:
-    path: /etc/maketank/{{item.path}}
-    state: directory
-    mode:  '0775'
-  with_filetree: files/
-  when: item.state == 'directory'
 - name: "mkt-scripts: copy-files"
-  copy:
-    src: "{{item.src}}"
-    dest: /etc/maketank/{{item.path}}
-    mode:  '0744'
-  with_filetree: files/
-  # combinations of 'is' and 'is not' can be used below.
-  when: item.state == 'file' 
-        and item.path is not search("*.bak")
\ No newline at end of file
+  synchronize:
+    src: files/
+    dest: /etc/maketank
diff --git a/site.yaml b/site.yaml
index 71f2c6e..22ad450 100644
--- a/site.yaml
+++ b/site.yaml
@@ -6,3 +6,8 @@
     tags: common
   - role: mkt-scripts
     tags: mkt
+
+- hosts: ~mx.*
+  roles:
+  - role: mkt-mx
+    tags: mkt
\ No newline at end of file