crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[roundcube][unsafe] coucou erdnaxe[m] il faut que tu proprifies la conf nginx et que tu ajoutes ce qui est en prod :)

certbot_on_virtu
_shirenn 2020-09-05 10:41:27 +02:00
parent 5cce4865e6
commit 239b8ec406
8 changed files with 63 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
group_vars/roundcube.yml 100644
View File

@ -0,0 +1,21 @@
roundcube_glob:
name: Crans
imap_server: owl.adm.crans.org
smtp_server: smtp.adm.crans.org
pgsql_server: pgsql.adm.crans.org
mail_domain: crans.org
des_key: "{{ vault_roundcube_des_key }}"
plugins:
- repo: 'https://gitlab.crans.org/nounous/roundcube-intranet.git'
name: intranet
version: HEAD
- repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-filters.git'
name: filters
version: filters-2.2.0
- repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-automatic_addressbook.git'
name: automatic_addressbook
version: 0.4.3
- repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-identity_smtp.git'
name: identity_smtp
version: HEAD

10
hosts
View File

@ -4,9 +4,7 @@
# > We name servers according to location, then type. # > We name servers according to location, then type.
# > Then we regroup everything in global geographic and type groups. # > Then we regroup everything in global geographic and type groups.
# [horde]
# horde-srv.adm.crans.org
#
# [framadate] # [framadate]
# voyager.adm.crans.org # voyager.adm.crans.org
# #
@ -32,6 +30,12 @@ fluxx.adm.crans.org
hodaur.adm.crans.org hodaur.adm.crans.org
frontdaur.adm.crans.org frontdaur.adm.crans.org
[roundcube]
roundcube-srv.adm.crans.org
[horde]
horde-srv.adm.crans.org
[radius] [radius]
routeur-sam.adm.crans.org routeur-sam.adm.crans.org

6
plays/roundcube.yml
View File

@ -1,8 +1,8 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
# Deploy Roundcube
- hosts: roundcube-srv.adm.crans.org - hosts: roundcube
vars: vars:
roundcube_des_key: "{{ vault_roundcube_des_key }}" roundcube: '{{ roundcube_glob | default({}) | combine(roundcube_loc | default({})) }}'
roles: roles:
- roundcube - roundcube

20
roles/roundcube/README.md 100644
View File

@ -0,0 +1,20 @@
# ROUNDCUBE
Ce rôle installe roundcube sur un serveur.
## VARS
roundcube :
- name: le nom sans espace du serveur
- imap_server: l'uri du serveur imap
- smtp_server: l'uri du serveur smtp
- des_key: une clé pour chiffrer les mots de passes des utilisateurs. Elle
doit faire exactement 24 caractères
- mail_domain: le nom de domaine des mails
- pgsql_server: l'uri du serveur sur lequel se trouve la base de données au
format postgresql.
- plugins: une liste de plugin a chargé. Chaque élément est une liste
comprenant:
- repo: le repo git où est stocké le plugin
- name: le nom du plugin
- version: la version du plugin

28
roles/roundcube/tasks/main.yml
View File

@ -33,41 +33,21 @@
repo: "{{ item.repo }}" repo: "{{ item.repo }}"
dest: "/etc/roundcube/plugins/{{ item.name }}" dest: "/etc/roundcube/plugins/{{ item.name }}"
version: "{{ item.version }}" version: "{{ item.version }}"
loop: loop: "{{ roundcube.plugins }}"
- repo: https://gitlab.adm.crans.org/nounous/roundcube-intranet.git
name: intranet
version: HEAD
- repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git
name: filters
version: filters-2.2.0
- repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git
name: automatic_addressbook
version: 0.4.3
- repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git
name: identity_smtp
version: HEAD
- name: Symlink custom plugins (1) - name: Symlink custom plugins (1)
file: file:
src: "/usr/share/roundcube/plugins/{{ item }}" src: "/usr/share/roundcube/plugins/{{ item }}"
dest: "/var/lib/roundcube/plugins/{{ item }}" dest: "/var/lib/roundcube/plugins/{{ item }}"
state: link state: link
loop: loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
- intranet
- filters
- automatic_addressbook
- identity_smtp
- name: Symlink custom plugins (1) - name: Symlink custom plugins (2)
file: file:
src: "/etc/roundcube/plugins/{{ item }}" src: "/etc/roundcube/plugins/{{ item }}"
dest: "/usr/share/roundcube/plugins/{{ item }}" dest: "/usr/share/roundcube/plugins/{{ item }}"
state: link state: link
loop: loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
- intranet
- filters
- automatic_addressbook
- identity_smtp
- name: Copy NGINX site - name: Copy NGINX site
template: template:

2
roles/roundcube/templates/nginx/roundcube.j2
View File

@ -23,4 +23,6 @@ server {
set_real_ip_from 10.231.136.0/24; set_real_ip_from 10.231.136.0/24;
set_real_ip_from 2a0c:700:0:2::/64; set_real_ip_from 2a0c:700:0:2::/64;
real_ip_header P-Real-Ip; real_ip_header P-Real-Ip;
client_max_body_size 10G;
} }

13
roles/roundcube/templates/roundcube/config.inc.php.j2
View File

@ -35,7 +35,7 @@ include_once("/etc/roundcube/debian-db-roundcube.php");
// %s - domain name after the '@' from e-mail address provided at login screen // %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld // For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = array( $config['default_host'] = array(
'owl.adm.crans.org' => 'Crans Imap', '{{ roundcube.imap_server }}' => '{{ roundcube.name }} Imap',
); );
// SMTP server host (for sending mails). // SMTP server host (for sending mails).
@ -48,7 +48,7 @@ $config['default_host'] = array(
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part) // %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld // For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'smtp.adm.crans.org'; $config['smtp_server'] = '{{ roundcube.smtp_server }}';
// SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default) // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
$config['smtp_port'] = 25; $config['smtp_port'] = 25;
@ -72,15 +72,12 @@ $config['product_name'] = 'Crans Webmail';
// in the session record. For the default cipher method it must be // in the session record. For the default cipher method it must be
// exactly 24 characters long. // exactly 24 characters long.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = '{{ roundcube_des_key }}'; $config['des_key'] = '{{ roundcube.des_key }}';
// List of active plugins (in plugins/ directory) // List of active plugins (in plugins/ directory)
// Debian: install roundcube-plugins first to have any // Debian: install roundcube-plugins first to have any
$config['plugins'] = array( $config['plugins'] = array(
'intranet', {{ "'" + roundcube.plugins | map(attribute='name') | list | join("',\n '") + "'"}},
'filters',
'automatic_addressbook',
'identity_smtp',
); );
// skin name: folder from skins/ // skin name: folder from skins/
@ -92,4 +89,4 @@ $config['skin'] = 'elastic';
$config['enable_spellcheck'] = false; $config['enable_spellcheck'] = false;
// This domain will be used to form e-mail addresses of new users // This domain will be used to form e-mail addresses of new users
$config['mail_domain'] = 'crans.org'; $config['mail_domain'] = '{{ roundcube.mail_domain }}';

2
roles/roundcube/templates/roundcube/debian-db.php.j2
View File

@ -4,6 +4,6 @@ $dbuser='roundcube';
$dbpass=''; $dbpass='';
$basepath=''; $basepath='';
$dbname='roundcube'; $dbname='roundcube';
$dbserver='pgsql.adm.crans.org'; $dbserver='{{ roundcube.pgsql_server }}';
$dbport=''; $dbport='';
$dbtype='pgsql'; $dbtype='pgsql';