From 0027c844d58bbb27b4a300a0ef113064a4faad8a Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Thu, 30 Jul 2020 22:15:17 +0200
Subject: [PATCH] Deploy roundcube conf and plugins

---
 plays/roundcube.yml                           |  8 ++
 roles/roundcube/tasks/main.yml                | 56 ++++++++++++-
 .../templates/roundcube/config.inc.php.j2     | 83 +++++++++++++++++++
 .../templates/roundcube/debian-db.php.j2      |  9 ++
 4 files changed, 154 insertions(+), 2 deletions(-)
 create mode 100755 plays/roundcube.yml
 create mode 100644 roles/roundcube/templates/roundcube/config.inc.php.j2
 create mode 100644 roles/roundcube/templates/roundcube/debian-db.php.j2

diff --git a/plays/roundcube.yml b/plays/roundcube.yml
new file mode 100755
index 00000000..9d34a117
--- /dev/null
+++ b/plays/roundcube.yml
@@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy Roundcube
+- hosts: roundcube-srv.adm.crans.org
+  vars:
+    roundcube_des_key: "{{ vault_roundcube_des_key }}"
+  roles:
+    - roundcube
diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml
index ca9dbb81..6abed6e8 100644
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@@ -6,16 +6,68 @@
     name:
       - nginx
       - roundcube
+      - roundcube-pgsql
       - roundcube-plugins
+      - roundcube-plugins-extra
       - php-fpm
       - php-gd
       - php-pspell
-      - php-crypt-gpg
-      - php-net-ldap3
   register: apt_result
   retries: 3
   until: apt_result is succeeded
 
+- name: Configure Roundcube
+  template:
+    src: "roundcube/{{ item }}.j2"
+    dest: "/etc/roundcube/{{ item }}"
+    owner: root
+    group: www-data
+    mode: 0640
+  loop:
+    - debian-db.php
+    - config.inc.php
+
+- name: Clone custom plugins
+  git:
+    repo: "{{ item.repo }}"
+    dest: "/etc/roundcube/plugins/{{ item.name }}"
+    version: "{{ item.version }}"
+  loop:
+    - repo: https://gitlab.adm.crans.org/nounous/roundcube-intranet.git
+      name: intranet
+      version: HEAD
+    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git
+      name: filters
+      version: filters-2.2.0
+    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git
+      name: automatic_addressbook
+      version: 0.4.3
+    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git
+      name: identity_smtp
+      version: HEAD
+
+- name: Symlink custom plugins (1)
+  file:
+    src: "/usr/share/roundcube/plugins/{{ item }}"
+    dest: "/var/lib/roundcube/plugins/{{ item }}"
+    state: link
+  loop:
+    - intranet
+    - filters
+    - automatic_addressbook
+    - identity_smtp
+
+- name: Symlink custom plugins (1)
+  file:
+    src: "/etc/roundcube/plugins/{{ item }}"
+    dest: "/usr/share/roundcube/plugins/{{ item }}"
+    state: link
+  loop:
+    - intranet
+    - filters
+    - automatic_addressbook
+    - identity_smtp
+
 - name: Copy NGINX site
   template:
     src: nginx/roundcube.j2
diff --git a/roles/roundcube/templates/roundcube/config.inc.php.j2 b/roles/roundcube/templates/roundcube/config.inc.php.j2
new file mode 100644
index 00000000..6225c8bc
--- /dev/null
+++ b/roles/roundcube/templates/roundcube/config.inc.php.j2
@@ -0,0 +1,83 @@
+<?php
+{{ ansible_header | comment('cblock') }}
+
+/*
++-----------------------------------------------------------------------+
+| Local configuration for the Roundcube Webmail installation.           |
+|                                                                       |
+| This is a sample configuration file only containing the minimum       |
+| setup required for a functional installation. Copy more options       |
+| from defaults.inc.php to this file to override the defaults.          |
+|                                                                       |
+| This file is part of the Roundcube Webmail client                     |
+| Copyright (C) 2005-2013, The Roundcube Dev Team                       |
+|                                                                       |
+| Licensed under the GNU General Public License version 3 or            |
+| any later version with exceptions for skins & plugins.                |
+| See the README file for a full license statement.                     |
++-----------------------------------------------------------------------+
+*/
+
+$config = array();
+
+/* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
+include_once("/etc/roundcube/debian-db-roundcube.php");
+
+// The IMAP host chosen to perform the log-in.
+// Leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// Supported replacement variables:
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['default_host'] = array(
+  'owl.adm.crans.org' => 'Crans Imap',
+);
+
+// SMTP server host (for sending mails).
+// Enter hostname with prefix tls:// to use STARTTLS, or use
+// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['smtp_server'] = 'smtp.adm.crans.org';
+
+// Use roundcube username as SMTP user
+$config['smtp_user'] = '%u';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$config['smtp_pass'] = '';
+
+// This key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
+// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
+$config['des_key'] = '{{ roundcube_des_key }}';
+
+// List of active plugins (in plugins/ directory)
+// Debian: install roundcube-plugins first to have any
+$config['plugins'] = array(
+    'intranet',
+    'filters',
+    'automatic_addressbook',
+    'identity_smtp',
+);
+
+// skin name: folder from skins/
+$config['skin'] = 'larry';
+
+// Disable spellchecking
+// Debian: spellshecking needs additional packages to be installed, or calling external APIs
+//         see defaults.inc.php for additional informations
+$config['enable_spellcheck'] = false;
+
+// This domain will be used to form e-mail addresses of new users
+$config['mail_domain'] = 'crans.org';
diff --git a/roles/roundcube/templates/roundcube/debian-db.php.j2 b/roles/roundcube/templates/roundcube/debian-db.php.j2
new file mode 100644
index 00000000..7b53c935
--- /dev/null
+++ b/roles/roundcube/templates/roundcube/debian-db.php.j2
@@ -0,0 +1,9 @@
+<?php
+{{ ansible_header | comment('cblock') }}
+$dbuser='roundcube';
+$dbpass='';
+$basepath='';
+$dbname='roundcube';
+$dbserver='pgsql.adm.crans.org';
+$dbport='';
+$dbtype='pgsql';