[roundcube][unsafe] coucou erdnaxe[m] il faut que tu proprifies la conf nginx et que tu ajoutes ce qui est en prod :)

group_vars/roundcube.yml

@@ -0,0 +1,21 @@
+roundcube_glob:
+  name: Crans
+  imap_server: owl.adm.crans.org
+  smtp_server: smtp.adm.crans.org
+  pgsql_server: pgsql.adm.crans.org
+  mail_domain: crans.org
+  des_key: "{{ vault_roundcube_des_key }}"
+  plugins:
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-intranet.git'
+      name: intranet
+      version: HEAD
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-filters.git'
+      name: filters
+      version: filters-2.2.0
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-automatic_addressbook.git'
+      name: automatic_addressbook
+      version: 0.4.3
+    - repo: 'https://gitlab.crans.org/nounous/roundcube-plugin-identity_smtp.git'
+      name: identity_smtp
+      version: HEAD
+

hosts

@@ -4,9 +4,7 @@
 # > We name servers according to location, then type.
 # > Then we regroup everything in global geographic and type groups.
 
-# [horde]
-# horde-srv.adm.crans.org
-#
+
 # [framadate]
 # voyager.adm.crans.org
 #
@@ -32,6 +30,12 @@ fluxx.adm.crans.org
 hodaur.adm.crans.org
 frontdaur.adm.crans.org
 
+[roundcube]
+roundcube-srv.adm.crans.org
+
+[horde]
+horde-srv.adm.crans.org
+
 [radius]
 routeur-sam.adm.crans.org
 

plays/roundcube.yml

@@ -1,8 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy Roundcube
-- hosts: roundcube-srv.adm.crans.org
+
+- hosts: roundcube
   vars:
-    roundcube_des_key: "{{ vault_roundcube_des_key }}"
+    roundcube: '{{ roundcube_glob | default({}) | combine(roundcube_loc | default({})) }}'
   roles:
     - roundcube

roles/roundcube/README.md

@@ -0,0 +1,20 @@
+# ROUNDCUBE
+
+Ce rôle installe roundcube sur un serveur.
+
+## VARS
+
+roundcube :
+  - name: le nom sans espace du serveur
+  - imap_server: l'uri du serveur imap
+  - smtp_server: l'uri du serveur smtp
+  - des_key: une clé pour chiffrer les mots de passes des utilisateurs. Elle
+    doit faire exactement 24 caractères
+  - mail_domain: le nom de domaine des mails
+  - pgsql_server: l'uri du serveur sur lequel se trouve la base de données au
+    format postgresql.
+  - plugins: une liste de plugin a chargé. Chaque élément est une liste
+    comprenant:
+    - repo: le repo git où est stocké le plugin
+    - name: le nom du plugin
+    - version: la version du plugin

roles/roundcube/tasks/main.yml

@@ -33,41 +33,21 @@
     repo: "{{ item.repo }}"
     dest: "/etc/roundcube/plugins/{{ item.name }}"
     version: "{{ item.version }}"
-  loop:
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-intranet.git
-      name: intranet
-      version: HEAD
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git
-      name: filters
-      version: filters-2.2.0
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git
-      name: automatic_addressbook
-      version: 0.4.3
-    - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git
-      name: identity_smtp
-      version: HEAD
+  loop: "{{ roundcube.plugins }}"
 
 - name: Symlink custom plugins (1)
   file:
     src: "/usr/share/roundcube/plugins/{{ item }}"
     dest: "/var/lib/roundcube/plugins/{{ item }}"
     state: link
-  loop:
-    - intranet
-    - filters
-    - automatic_addressbook
-    - identity_smtp
+  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
 
-- name: Symlink custom plugins (1)
+- name: Symlink custom plugins (2)
   file:
     src: "/etc/roundcube/plugins/{{ item }}"
     dest: "/usr/share/roundcube/plugins/{{ item }}"
     state: link
-  loop:
-    - intranet
-    - filters
-    - automatic_addressbook
-    - identity_smtp
+  loop: "{{ roundcube.plugins | map(attribute='name') | list }}"
 
 - name: Copy NGINX site
   template:

roles/roundcube/templates/nginx/roundcube.j2

@@ -23,4 +23,6 @@ server {
     set_real_ip_from 10.231.136.0/24;
     set_real_ip_from 2a0c:700:0:2::/64;
     real_ip_header P-Real-Ip;
+
+    client_max_body_size 10G;
 }

roles/roundcube/templates/roundcube/config.inc.php.j2

@@ -35,7 +35,7 @@ include_once("/etc/roundcube/debian-db-roundcube.php");
 // %s - domain name after the '@' from e-mail address provided at login screen
 // For example %n = mail.domain.tld, %t = domain.tld
 $config['default_host'] = array(
-  'owl.adm.crans.org' => 'Crans Imap',
+  '{{ roundcube.imap_server }}' => '{{ roundcube.name }} Imap',
 );
 
 // SMTP server host (for sending mails).
@@ -48,7 +48,7 @@ $config['default_host'] = array(
 // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
 // %z - IMAP domain (IMAP hostname without the first part)
 // For example %n = mail.domain.tld, %t = domain.tld
-$config['smtp_server'] = 'smtp.adm.crans.org';
+$config['smtp_server'] = '{{ roundcube.smtp_server }}';
 
 // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
 $config['smtp_port'] = 25;
@@ -72,15 +72,12 @@ $config['product_name'] = 'Crans Webmail';
 // in the session record. For the default cipher method it must be
 // exactly 24 characters long.
 // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
-$config['des_key'] = '{{ roundcube_des_key }}';
+$config['des_key'] = '{{ roundcube.des_key }}';
 
 // List of active plugins (in plugins/ directory)
 // Debian: install roundcube-plugins first to have any
 $config['plugins'] = array(
-    'intranet',
-    'filters',
-    'automatic_addressbook',
-    'identity_smtp',
+    {{ "'" + roundcube.plugins | map(attribute='name') | list | join("',\n    '") + "'"}},
 );
 
 // skin name: folder from skins/
@@ -92,4 +89,4 @@ $config['skin'] = 'elastic';
 $config['enable_spellcheck'] = false;
 
 // This domain will be used to form e-mail addresses of new users
-$config['mail_domain'] = 'crans.org';
+$config['mail_domain'] = '{{ roundcube.mail_domain }}';

roles/roundcube/templates/roundcube/debian-db.php.j2

@@ -4,6 +4,6 @@ $dbuser='roundcube';
 $dbpass='';
 $basepath='';
 $dbname='roundcube';
-$dbserver='pgsql.adm.crans.org';
+$dbserver='{{ roundcube.pgsql_server }}';
 $dbport='';
 $dbtype='pgsql';