crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[horde] configuration complete

certbot_on_virtu
_shirenn 2020-08-05 00:15:02 +02:00
parent 995cf4d67b
commit b888bfb204
8 changed files with 131 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
roles/horde/README.md
View File

@ -2,7 +2,25 @@
Ce rôle ansible deploie une instance du webmail horde.
## Variables
- glob_horde.secret : le secret de horde
- glob_horde.imap : le serveur imap
- glob_horde.db : la bdd
- glob_horde.admins: la liste des admins de horde
- glob_horde. :
- secret : le secret de horde
- imap : le serveur imap
- smtp : le serveur smtp (il doit juste être contactable depuis le serveur
imap)
- maildomain : le nom de domaine depuis qui envoyé les mails
- db : la bdd
- admins : la liste des admins de horde
- redirection : ou rediriger les utilisateurs si il essaie de voir la racine
du site
- src_hostname : on utilise deux hostnames, le premier va rediriger vers le
second. Ici c'est le premier
- dest_hostname : Ici c'est le second
- admin_src_hostname : même chose mais sur le réseau d'administration. Ici
c'est le premier
- admin_dest_hostname : Ici c'est le second
- zone_ipv4 : la zone ipv4 du réseaux sur lequel le proxy discute avec le
serveur
- zone ipv6 : la zone ipv6 du réseaux sur lequel le proxy discute avec le
serveur
- loc_horde :
- ipv6 : l'ipv6 du serveur

6
roles/horde/handlers/main.yml 100644
View File

@ -0,0 +1,6 @@
---
- name: Restart nginx
service:
name: nginx.service
state: restarted

24
roles/horde/tasks/main.yml
View File

@ -12,26 +12,34 @@
- name: Configure horde
template:
src: horde/horde/conf.php.j2
dest: /etc/horde/horde/conf.php"
src: '{{ item }}.j2'
dest: '/etc/{{ item }}'
owner: www-data
group: www-data
mode: 0640
loop:
- horde/horde/conf.php
- horde/imp/backends.php
- name: Configure nginx site
template:
src: 'nginx/sites-available/{{ item }}.j2'
dest: '/etc/nginx/sites-available/{{ item }}'
notify: restart nginx
src: '{{ item }}.j2'
dest: '/etc/{{ item }}'
owner: root
group: root
mode: 0644
loop:
- webmail
- horde
- nginx/sites-available/webmail
- nginx/sites-available/horde
- nginx/snippets/php.conf
notify: Restart nginx
- name: Enable nginx site
file:
src: '/etc/nginx/sites-available/{{ item }}'
dest: '/etc/nginx/sites-enabled/{{ item }}'
state: link
notify: restart nginx
loop:
- webmail
- horde
notify: Restart nginx

6
roles/horde/templates/horde/horde/conf.php.j2
View File

@ -1,6 +1,7 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 78acbab5980b3b1531db0732c3611a17deae7c83 $
// $Id: 08fc885cd91fbae2d752e274b554c5f1645129c8 $
$conf['vhosts'] = false;
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['max_exec_time'] = 0;
@ -27,10 +28,11 @@ $conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
$conf['sql']['splitread'] = false;
$conf['sql']['logqueries'] = false;
$conf['sql']['phptype'] = 'pgsql';
$conf['nosql']['phptype'] = false;
$conf['ldap']['useldap'] = false;
$conf['auth']['admins'] = array({{ glob_horde.admins | map('quote') | join(', ')}});
$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
$conf['auth']['checkip'] = false;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = false;

19
roles/horde/templates/horde/imp/backends.php.j2 100644
View File

@ -0,0 +1,19 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
$servers['imp'] = array(
// Disabled by default
'disabled' => false,
'name' => 'IMAP Cr@ns',
'hostspec' => '{{ glob_horde.imap }}',
'hordeauth' => true,
'protocol' => 'imap',
'port' => 143,
'secure' => 'tls',
'maildomain' => '{{ glob_horde.maildomain }}',
'smtp' => array(
'host' => '{{ glob_horde.smtp }}',
'port' => 25,
),
'cache' => false,
);
?>

17
roles/horde/templates/nginx/sites-available/horde.j2 100644
View File

@ -0,0 +1,17 @@
{{ ansible_header | comment }}
server {
listen {{ glob_horde.admin_src_hostname }}:80;
listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
root /usr/share/;
location / {
return 302 https://{{ glob_horde.dest_hostname }}/horde;
}
include "snippets/php.conf";
set_real_ip_from {{ glob_horde.zone_ipv4 }};
set_real_ip_from {{ glob_horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}

21
roles/horde/templates/nginx/sites-available/webmail.j2 100644
View File

@ -0,0 +1,21 @@
{{ ansible_header | comment }}
server {
listen {{ glob_horde.admin_dest_hostname }}:80;
listen {{ loc_horde.ipv6 }}:80;
server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
root /usr/share/;
location / {
return 302 {{ glob_horde.redirection }};
}
location /horde {
try_files $uri $uri/ /horde/rampage.php?$args;
index index.php index.htm index.html;
}
include "snippets/php.conf";
set_real_ip_from {{ glob_horde.zone_ipv4 }};
set_real_ip_from {{ glob_horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}

26
roles/horde/templates/nginx/snippets/php.conf.j2 100644
View File

@ -0,0 +1,26 @@
{{ ansible_header | comment }}
location ~ .+\.php {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-e $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/php_(ping|status)$ {
access_log off;
allow 127.0.0.1;
deny all;
root /usr/share/nginx/html;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
include fastcgi_params;
}