diff --git a/ansible/playbooks/deploy.yml b/ansible/playbooks/deploy.yml index c421d48..55af651 100644 --- a/ansible/playbooks/deploy.yml +++ b/ansible/playbooks/deploy.yml @@ -14,6 +14,25 @@ set_fact: client_name: "{{ inventory_hostname }}" + - name: Check if base infrastructure is installed + stat: + path: /opt/docker/traefik/docker-compose.yml + register: traefik_compose + + - name: Fail if base infrastructure is not installed + fail: + msg: | + ❌ ERROR: Base infrastructure not installed! + + Traefik reverse proxy is required but not found. + + You must run the setup playbook BEFORE deploying applications: + ansible-playbook -i hcloud.yml playbooks/setup.yml --limit {{ client_name }} + + Or use the rebuild script which handles the correct order automatically: + ./scripts/rebuild-client.sh {{ client_name }} + when: not traefik_compose.stat.exists + - name: Load client secrets community.sops.load_vars: file: "{{ playbook_dir }}/../../secrets/clients/{{ client_name }}.sops.yaml" @@ -32,6 +51,7 @@ when: client_secrets.authentik_domain is defined roles: + - role: mailgun - role: authentik - role: nextcloud diff --git a/ansible/roles/authentik/tasks/email.yml b/ansible/roles/authentik/tasks/email.yml new file mode 100644 index 0000000..2cf223f --- /dev/null +++ b/ansible/roles/authentik/tasks/email.yml @@ -0,0 +1,22 @@ +--- +# Display Authentik email configuration status +# Email settings are configured via docker-compose environment variables + +- name: Display Authentik email configuration status + debug: + msg: | + ======================================== + Authentik Email Configuration + ======================================== + + Email is configured via Docker Compose environment variables: + AUTHENTIK_EMAIL__HOST: smtp.eu.mailgun.org + AUTHENTIK_EMAIL__FROM: {{ inventory_hostname }}@mg.vrije.cloud + + Status: ✓ Configured + + Authentik can now send: + - Password reset emails + - User invitation emails + - Notification emails + ======================================== diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml index 572a5f5..2a8d29e 100644 --- a/ansible/roles/authentik/tasks/main.yml +++ b/ansible/roles/authentik/tasks/main.yml @@ -11,3 +11,8 @@ - name: Include OIDC provider configuration include_tasks: providers.yml tags: ['authentik', 'oidc'] + +- name: Include email configuration + include_tasks: email.yml + when: mailgun_smtp_user is defined or (client_secrets.mailgun_smtp_user is defined and client_secrets.mailgun_smtp_user != "" and "PLACEHOLDER" not in client_secrets.mailgun_smtp_user) + tags: ['authentik', 'email'] diff --git a/ansible/roles/nextcloud/tasks/email.yml b/ansible/roles/nextcloud/tasks/email.yml new file mode 100644 index 0000000..8e2b001 --- /dev/null +++ b/ansible/roles/nextcloud/tasks/email.yml @@ -0,0 +1,46 @@ +--- +# Configure Nextcloud email settings via Mailgun SMTP + +- name: Determine SMTP credentials source + set_fact: + smtp_user: "{{ mailgun_smtp_user | default(client_secrets.mailgun_smtp_user) }}" + smtp_password: "{{ mailgun_smtp_password | default(client_secrets.mailgun_smtp_password) }}" + no_log: true + +- name: Configure SMTP email settings + shell: | + docker exec -u www-data nextcloud php occ config:system:set mail_smtpmode --value="smtp" + docker exec -u www-data nextcloud php occ config:system:set mail_smtpsecure --value="tls" + docker exec -u www-data nextcloud php occ config:system:set mail_smtphost --value="smtp.eu.mailgun.org" + docker exec -u www-data nextcloud php occ config:system:set mail_smtpport --value="587" + docker exec -u www-data nextcloud php occ config:system:set mail_smtpauth --value="1" + docker exec -u www-data nextcloud php occ config:system:set mail_smtpname --value="{{ smtp_user }}" + docker exec -u www-data nextcloud php occ config:system:set mail_smtppassword --value="{{ smtp_password }}" + docker exec -u www-data nextcloud php occ config:system:set mail_from_address --value="{{ inventory_hostname }}" + docker exec -u www-data nextcloud php occ config:system:set mail_domain --value="mg.vrije.cloud" + no_log: true + register: email_config + changed_when: true + +- name: Configure admin user email address + shell: | + docker exec -u www-data nextcloud php occ user:setting {{ client_secrets.nextcloud_admin_user }} settings email "{{ inventory_hostname }}@mg.vrije.cloud" + register: admin_email_set + changed_when: true + +- name: Display email configuration status + debug: + msg: | + ======================================== + Nextcloud Email Configuration + ======================================== + + SMTP Host: smtp.eu.mailgun.org + SMTP Port: 587 (TLS) + From Address: {{ inventory_hostname }}@mg.vrije.cloud + Admin Email: {{ inventory_hostname }}@mg.vrije.cloud + + Status: ✓ Configured + + Test: Settings → Basic settings → Send email + ======================================== diff --git a/ansible/roles/nextcloud/tasks/main.yml b/ansible/roles/nextcloud/tasks/main.yml index 2feb4fe..ea8931c 100644 --- a/ansible/roles/nextcloud/tasks/main.yml +++ b/ansible/roles/nextcloud/tasks/main.yml @@ -25,3 +25,10 @@ tags: - nextcloud - apps + +- name: Include email configuration + include_tasks: email.yml + when: mailgun_smtp_user is defined or (client_secrets.mailgun_smtp_user is defined and client_secrets.mailgun_smtp_user != "" and "PLACEHOLDER" not in client_secrets.mailgun_smtp_user) + tags: + - nextcloud + - email