68 lines
2.2 KiB
YAML
68 lines
2.2 KiB
YAML
---
|
|
- name: Assert required variables are set
|
|
assert:
|
|
that:
|
|
- default_user is defined
|
|
- ssh_authorized_key is defined
|
|
- domain_name is defined
|
|
- hostname is defined
|
|
- mailcow_admin_user is defined
|
|
- mailcow_admin_password is defined
|
|
- mailcow_fqdn is defined
|
|
fail_msg: "One or more required variables are missing. Check deployment_config.yml or group_vars/all.yml"
|
|
success_msg: "All required variables are present"
|
|
|
|
- name: Validate SSH public key format
|
|
assert:
|
|
that:
|
|
- ssh_authorized_key is match("^(ssh-(rsa|ed25519)|ecdsa-sha2-nistp[0-9]+) [A-Za-z0-9+/=]+( .*)?$")
|
|
fail_msg: "SSH public key format is invalid"
|
|
success_msg: "SSH public key format appears valid"
|
|
|
|
- name: Validate email format
|
|
assert:
|
|
that:
|
|
- mailcow_letsencrypt_email is match("^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$")
|
|
fail_msg: "Mailcow Let's Encrypt email address is not valid"
|
|
success_msg: "Mailcow Let's Encrypt email format is valid"
|
|
|
|
- name: Check if domain_name resolves
|
|
command: "getent hosts {{ domain_name }}"
|
|
register: domain_lookup
|
|
ignore_errors: yes
|
|
|
|
- name: Assert domain_name resolves in DNS
|
|
assert:
|
|
that:
|
|
- domain_lookup.rc == 0
|
|
fail_msg: "Domain name {{ domain_name }} does not resolve. Verify DNS or /etc/hosts."
|
|
success_msg: "Domain name {{ domain_name }} resolves successfully"
|
|
|
|
- name: Log preflight validation results
|
|
copy:
|
|
dest: "{{ evidence_path }}/99_preflight/validation_checks.md"
|
|
content: |
|
|
# ✅ Preflight Validation Checks
|
|
|
|
**Status:** PASSED
|
|
Timestamp: {{ ansible_date_time.iso8601 }}
|
|
|
|
## Variables
|
|
- default_user: `{{ default_user }}`
|
|
- domain_name: `{{ domain_name }}`
|
|
- hostname: `{{ hostname }}`
|
|
- mailcow_admin_user: `{{ mailcow_admin_user }}`
|
|
- mailcow_fqdn: `{{ mailcow_fqdn }}`
|
|
- mailcow_letsencrypt_email: `{{ mailcow_letsencrypt_email }}`
|
|
|
|
## DNS Resolution
|
|
- Domain `{{ domain_name }}` resolved to: `{{ domain_lookup.stdout | default('N/A') }}`
|
|
|
|
## SSH Key Format
|
|
- SSH key validated against standard format
|
|
|
|
## Email Format
|
|
- Email passed regex validation
|
|
|
|
mode: '0644'
|