From 239b8ec406e92ccbd1e09b0e8a9d191257cf9ff1 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sat, 5 Sep 2020 10:41:27 +0200
Subject: [PATCH 1/3] [roundcube][unsafe] coucou erdnaxe[m] il faut que tu
 proprifies la conf nginx et que tu ajoutes ce qui est en prod :)

---
 group_vars/roundcube.yml                      | 21 ++++++++++++++
 hosts                                         | 10 +++++--
 plays/roundcube.yml                           |  6 ++--
 roles/roundcube/README.md                     | 20 +++++++++++++
 roles/roundcube/tasks/main.yml                | 28 +++----------------
 roles/roundcube/templates/nginx/roundcube.j2  |  2 ++
 .../templates/roundcube/config.inc.php.j2     | 13 ++++-----
 .../templates/roundcube/debian-db.php.j2      |  2 +-
 8 files changed, 63 insertions(+), 39 deletions(-)
 create mode 100644 group_vars/roundcube.yml
 create mode 100644 roles/roundcube/README.md

diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml
new file mode 100644
index 00000000..cbf3db15
--- /dev/null
+++ b/group_vars/roundcube.yml
@@ -0,0 +1,21 @@
+roundcube_glob:
+  name: Crans
+  imap_server: owl.adm.crans.org
+  smtp_server: smtp.adm.crans.org
+  pgsql_server: pgsql.adm.crans.org
+  mail_domain: crans.org
+  des_key: "{{ vault_roundcube_des_key }}"
+  plugins:
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-intranet.git'
+      name: intranet
+      version: HEAD
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-filters.git'
+      name: filters
+      version: filters-2.2.0
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-automatic_addressbook.git'
+      name: automatic_addressbook
+      version: 0.4.3
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-identity_smtp.git'
+      name: identity_smtp
+      version: HEAD
+
diff --git a/hosts b/hosts
index b6c94842..571e14b6 100644
--- a/hosts
+++ b/hosts
@@ -4,9 +4,7 @@
 # > We name servers according to location, then type.
 # > Then we regroup everything in global geographic and type groups.
 
-# [horde]
-# horde-srv.adm.crans.org
-#
+
 # [framadate]
 # voyager.adm.crans.org
 #
@@ -32,6 +30,12 @@ fluxx.adm.crans.org
 hodaur.adm.crans.org
 frontdaur.adm.crans.org
 
+[roundcube]
+roundcube-srv.adm.crans.org
+
+[horde]
+horde-srv.adm.crans.org
+
 [radius]
 routeur-sam.adm.crans.org
 
diff --git a/plays/roundcube.yml b/plays/roundcube.yml
index 9d34a117..996ca7c4 100755
--- a/plays/roundcube.yml
+++ b/plays/roundcube.yml
@@ -1,8 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Roundcube
-- hosts: roundcube-srv.adm.crans.org
+
+- hosts: roundcube
   vars:
-    roundcube_des_key: "{{ vault_roundcube_des_key }}"
+    roundcube: '{{ roundcube_glob | default({}) | combine(roundcube_loc | default({})) }}'
   roles:
     - roundcube
diff --git a/roles/roundcube/README.md b/roles/roundcube/README.md
new file mode 100644
index 00000000..188f61cf
--- /dev/null
+++ b/roles/roundcube/README.md
@@ -0,0 +1,20 @@
+# ROUNDCUBE
+
+Ce rôle installe roundcube sur un serveur.
+
+## VARS
+
+roundcube :
+  - name: le nom sans espace du serveur
+  - imap_server: l'uri du serveur imap
+  - smtp_server: l'uri du serveur smtp
+  - des_key: une clé pour chiffrer les mots de passes des utilisateurs. Elle
+    doit faire exactement 24 caractères
+  - mail_domain: le nom de domaine des mails
+  - pgsql_server: l'uri du serveur sur lequel se trouve la base de données au
+    format postgresql.
+  - plugins: une liste de plugin a chargé. Chaque élément est une liste
+    comprenant:
+    - repo: le repo git où est stocké le plugin
+    - name: le nom du plugin
+    - version: la version du plugin
diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml
index 493a8b08..73151518 100644
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@@ -33,41 +33,21 @@
     repo: "{{ item.repo }}"
     dest: "/etc/roundcube/plugins/{{ item.name }}"
     version: "{{ item.version }}"
-  loop:
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-intranet.git
-      name: intranet
-      version: HEAD
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git
-      name: filters
-      version: filters-2.2.0
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git
-      name: automatic_addressbook
-      version: 0.4.3
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git
-      name: identity_smtp
-      version: HEAD
+  loop: "{{ roundcube.plugins }}"
 
 - name: Symlink custom plugins (1)
   file:
     src: "/usr/share/roundcube/plugins/{{ item }}"
     dest: "/var/lib/roundcube/plugins/{{ item }}"
     state: link
-  loop:
-    - intranet
-    - filters
-    - automatic_addressbook
-    - identity_smtp
+  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
 
-- name: Symlink custom plugins (1)
+- name: Symlink custom plugins (2)
   file:
     src: "/etc/roundcube/plugins/{{ item }}"
     dest: "/usr/share/roundcube/plugins/{{ item }}"
     state: link
-  loop:
-    - intranet
-    - filters
-    - automatic_addressbook
-    - identity_smtp
+  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
 
 - name: Copy NGINX site
   template:
diff --git a/roles/roundcube/templates/nginx/roundcube.j2 b/roles/roundcube/templates/nginx/roundcube.j2
index 68992ae3..ce34cead 100644
--- a/roles/roundcube/templates/nginx/roundcube.j2
+++ b/roles/roundcube/templates/nginx/roundcube.j2
@@ -23,4 +23,6 @@ server {
     set_real_ip_from 10.231.136.0/24;
     set_real_ip_from 2a0c:700:0:2::/64;
     real_ip_header P-Real-Ip;
+
+    client_max_body_size 10G;
 }
diff --git a/roles/roundcube/templates/roundcube/config.inc.php.j2 b/roles/roundcube/templates/roundcube/config.inc.php.j2
index 7b1b79db..85817b88 100644
--- a/roles/roundcube/templates/roundcube/config.inc.php.j2
+++ b/roles/roundcube/templates/roundcube/config.inc.php.j2
@@ -35,7 +35,7 @@ include_once("/etc/roundcube/debian-db-roundcube.php");
 // %s - domain name after the '@' from e-mail address provided at login screen
 // For example %n = mail.domain.tld, %t = domain.tld
 $config['default_host'] = array(
-  'owl.adm.crans.org' => 'Crans Imap',
+  '{{ roundcube.imap_server }}' => '{{ roundcube.name }} Imap',
 );
 
 // SMTP server host (for sending mails).
@@ -48,7 +48,7 @@ $config['default_host'] = array(
 // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-$config['smtp_server'] = 'smtp.adm.crans.org';
+$config['smtp_server'] = '{{ roundcube.smtp_server }}';
 
 // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
 $config['smtp_port'] = 25;
@@ -72,15 +72,12 @@ $config['product_name'] = 'Crans Webmail';
 // in the session record. For the default cipher method it must be
 // exactly 24 characters long.
 // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
-$config['des_key'] = '{{ roundcube_des_key }}';
+$config['des_key'] = '{{ roundcube.des_key }}';
 
 // List of active plugins (in plugins/ directory)
 // Debian: install roundcube-plugins first to have any
 $config['plugins'] = array(
-    'intranet',
-    'filters',
-    'automatic_addressbook',
-    'identity_smtp',
+    {{ "'" + roundcube.plugins | map(attribute='name') | list | join("',\n    '") + "'"}},
 );
 
 // skin name: folder from skins/
@@ -92,4 +89,4 @@ $config['skin'] = 'elastic';
 $config['enable_spellcheck'] = false;
 
 // This domain will be used to form e-mail addresses of new users
-$config['mail_domain'] = 'crans.org';
+$config['mail_domain'] = '{{ roundcube.mail_domain }}';
diff --git a/roles/roundcube/templates/roundcube/debian-db.php.j2 b/roles/roundcube/templates/roundcube/debian-db.php.j2
index 7b53c935..bc6605df 100644
--- a/roles/roundcube/templates/roundcube/debian-db.php.j2
+++ b/roles/roundcube/templates/roundcube/debian-db.php.j2
@@ -4,6 +4,6 @@ $dbuser='roundcube';
 $dbpass='';
 $basepath='';
 $dbname='roundcube';
-$dbserver='pgsql.adm.crans.org';
+$dbserver='{{ roundcube.pgsql_server }}';
 $dbport='';
 $dbtype='pgsql';

From dc53d4c41195061dc4e104cecf0d2ebec55401ae Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 7 Sep 2020 11:10:17 +0200
Subject: [PATCH 2/3] Clone plugins and add logo

---
 group_vars/roundcube.yml                          |  7 ++++++-
 roles/roundcube/tasks/main.yml                    | 15 +++++++++------
 .../templates/roundcube/config.inc.php.j2         |  9 +++++++++
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml
index cbf3db15..9b772a86 100644
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@@ -18,4 +18,9 @@ roundcube_glob:
     - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-identity_smtp.git'
       name: identity_smtp
       version: HEAD
-
+    - name: zipdownload
+    - name: attachment_reminder
+    - name: newmail_notifier
+    - name: listcommands
+    - name: thunderbird_labels
+    - name: contextmenu
diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml
index 73151518..18745b55 100644
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@@ -34,20 +34,23 @@
     dest: "/etc/roundcube/plugins/{{ item.name }}"
     version: "{{ item.version }}"
   loop: "{{ roundcube.plugins }}"
+  when: item.repo is defined
 
 - name: Symlink custom plugins (1)
   file:
-    src: "/usr/share/roundcube/plugins/{{ item }}"
-    dest: "/var/lib/roundcube/plugins/{{ item }}"
+    src: "/usr/share/roundcube/plugins/{{ item.name }}"
+    dest: "/var/lib/roundcube/plugins/{{ item.name }}"
     state: link
-  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
+  loop: "{{ roundcube.plugins }}"
+  when: item.repo is defined
 
 - name: Symlink custom plugins (2)
   file:
-    src: "/etc/roundcube/plugins/{{ item }}"
-    dest: "/usr/share/roundcube/plugins/{{ item }}"
+    src: "/etc/roundcube/plugins/{{ item.name }}"
+    dest: "/usr/share/roundcube/plugins/{{ item.name }}"
     state: link
-  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
+  loop: "{{ roundcube.plugins }}"
+  when: item.repo is defined
 
 - name: Copy NGINX site
   template:
diff --git a/roles/roundcube/templates/roundcube/config.inc.php.j2 b/roles/roundcube/templates/roundcube/config.inc.php.j2
index 85817b88..f49a0d9a 100644
--- a/roles/roundcube/templates/roundcube/config.inc.php.j2
+++ b/roles/roundcube/templates/roundcube/config.inc.php.j2
@@ -88,5 +88,14 @@ $config['skin'] = 'elastic';
 //         see defaults.inc.php for additional informations
 $config['enable_spellcheck'] = false;
 
+// Custom logo
+$config['skin_logo'] = array(
+    "elastic:login[small]" => "https://www.crans.org/images/crans_black.svg",
+    "elastic:login" => "https://www.crans.org/images/crans_black.svg",
+    "elastic:*" => "https://www.crans.org/images/crans.svg",
+    "larry:*" => "https://www.crans.org/images/crans_banner.png",
+    "classic:*" => "https://www.crans.org/images/crans_banner.png"
+);
+
 // This domain will be used to form e-mail addresses of new users
 $config['mail_domain'] = '{{ roundcube.mail_domain }}';

From 206f0ced7dd00ae27a313281e6c12e1a73e42918 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Mon, 7 Sep 2020 11:14:36 +0200
Subject: [PATCH 3/3] Generalize logo

---
 group_vars/roundcube.yml                              |  5 +++++
 roles/roundcube/templates/roundcube/config.inc.php.j2 | 10 +++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml
index 9b772a86..ebc76ac0 100644
--- a/group_vars/roundcube.yml
+++ b/group_vars/roundcube.yml
@@ -24,3 +24,8 @@ roundcube_glob:
     - name: listcommands
     - name: thunderbird_labels
     - name: contextmenu
+  logo:
+    elastic_login: https://www.crans.org/images/crans_black.svg
+    elastic: https://www.crans.org/images/crans.svg
+    larry: https://www.crans.org/images/crans_banner.png
+    classic: https://www.crans.org/images/crans_banner.png
diff --git a/roles/roundcube/templates/roundcube/config.inc.php.j2 b/roles/roundcube/templates/roundcube/config.inc.php.j2
index f49a0d9a..5336f508 100644
--- a/roles/roundcube/templates/roundcube/config.inc.php.j2
+++ b/roles/roundcube/templates/roundcube/config.inc.php.j2
@@ -90,11 +90,11 @@ $config['enable_spellcheck'] = false;
 
 // Custom logo
 $config['skin_logo'] = array(
-    "elastic:login[small]" => "https://www.crans.org/images/crans_black.svg",
-    "elastic:login" => "https://www.crans.org/images/crans_black.svg",
-    "elastic:*" => "https://www.crans.org/images/crans.svg",
-    "larry:*" => "https://www.crans.org/images/crans_banner.png",
-    "classic:*" => "https://www.crans.org/images/crans_banner.png"
+    "elastic:login[small]" => "{{ roundcube.logo.elastic_login }}",
+    "elastic:login" => "{{ roundcube.logo.elastic_login }}",
+    "elastic:*" => "{{ roundcube.logo.elastic }}",
+    "larry:*" => "{{ roundcube.logo.larry }}",
+    "classic:*" => "{{ roundcube.logo.classic }}"
 );
 
 // This domain will be used to form e-mail addresses of new users