crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Horde, welcome to new infra

certbot_on_virtu
_pollion 2020-11-29 00:25:13 +01:00
parent 3c3416648e
commit bc80702bea
23 changed files with 172 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/certbot.yml
View File

@ -1,6 +1,6 @@
---
glob_certbot:
dns_rfc2136_server: '172.16.10.147'
dns_rfc2136_server: '185.230.79.9'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org

8
group_vars/horde.yml
View File

@ -1,9 +1,9 @@
glob_horde:
secret: '{{ vault_horde_secret }}'
imap: imap.adm.crans.org
smtp: smtp.crans.org
smtp: smtp.adm.crans.org
maildomain: crans.org
db: thot.adm.crans.org
db: pgsql.adm.crans.org
admins:
- "'paulon'"
- "'vulcain'"
@ -16,5 +16,5 @@ glob_horde:
dest_hostname : webmail.crans.org
admin_src_hostname : horde.adm.crans.org
admin_dest_hostname : webmail.adm.crans.org
zone_ipv4 : 10.231.136.0/24
zone_ipv6 : 2a0c:700:0:2::/64
zone_ipv4 : 172.16.10.0/24
zone_ipv6 : fd00:0:0:10::/64

6
group_vars/reverseproxy.yml
View File

@ -29,8 +29,6 @@ nginx:
# - {from: roundcube.crans.org, to: 10.231.136.105}
# - {from: phabricator.crans.org, to: 10.231.136.123}
# - {from: trackerusercontent.crans.org, to: 10.231.136.123}
# - {from: webmail.crans.org, to: 10.231.136.107}
# - {from: horde.crans.org, to: 10.231.136.107}
# - {from: owncloud.crans.org, to: 10.231.136.26}
# - {from: ftps.crans.org, to: 10.231.136.98}
# - {from: wiki.crans.org, to: 10.231.136.204}
@ -44,6 +42,8 @@ nginx:
# - {from: autoconfig.crans.org, to: 10.231.136.46}
# - {from: grafana.crans.org, to: "10.231.136.102:3000"}
# - {from: webirc.crans.org, to: "10.231.136.1:9000"}
- {from: webmail.crans.org, to: 172.16.10.108}
- {from: horde.crans.org, to: 172.16.10.108}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
- {from: cas.crans.org, to: 172.16.10.120}
@ -55,7 +55,7 @@ nginx:
- {from: pad.crans.org, to: "172.16.10.130:9001"}
- {from: zero.crans.org, to: 172.16.10.130}
- {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
- {from: belenios.crans.org, to: 172.16.10.111}
# - {from: belenios.crans.org, to: 172.16.10.111}
# - {from: mailman.crans.org, to: 10.231.136.180}
#
# # Zamok

3
host_vars/hodaur.adm.crans.org.yml 100644
View File

@ -0,0 +1,3 @@
---
loc_certbot:
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"

2
host_vars/horde-srv.adm.crans.org.yml
View File

@ -1,2 +0,0 @@
loc_horde:
ipv6: '[2a0c:700:0:2:5474:8dff:fe5d:e2be]'

3
host_vars/horde.adm.crans.org.yml 100644
View File

@ -0,0 +1,3 @@
loc_horde:
ipv6: 'fd00::10:400:ff:fe01:810'
ipv4: '172.16.10.108'

5
hosts
View File

@ -28,13 +28,13 @@ gitzly.adm.crans.org
[certbot:children]
radius # We use certbot to manage LE certificates
reverseproxy
[nginx_rtmp]
fluxx.adm.crans.org
[reverseproxy]
hodaur.adm.crans.org
frontdaur.adm.crans.org
[roundcube]
roundcube-srv.adm.crans.org
@ -43,7 +43,7 @@ roundcube-srv.adm.crans.org
ethercalc-srv.adm.crans.org
[horde]
horde-srv.adm.crans.org
horde.adm.crans.org
[radius]
routeur-sam.adm.crans.org
@ -107,6 +107,7 @@ tracker.adm.crans.org
jitsi.adm.crans.org
#ethercalc-srv.adm.crans.org
kenobi.adm.crans.org
horde.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org

2
plays/horde.yml
View File

@ -2,5 +2,7 @@
---
# Moi j'aime le ocaml et lui il installe horde
- hosts: horde
vars:
horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
roles:
- horde

3
plays/reverse-proxy.yml
View File

@ -1,6 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: reverseproxy
vars:
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
mirror: '{{ glob_mirror.name }}'
roles:
- certbot
- nginx-reverseproxy

2
roles/horde/README.md
View File

@ -2,7 +2,7 @@
Ce rôle ansible deploie une instance du webmail horde.
## Variables
- glob_horde. :
- horde. :
- secret : le secret de horde
- imap : le serveur imap
- smtp : le serveur smtp (il doit juste être contactable depuis le serveur

27
roles/horde/tasks/main.yml
View File

@ -3,9 +3,13 @@
- name: Install horde APT dependencies
apt:
update_cache: true
name:
- nginx
- php-horde-webmail
name: '{{ item }}'
loop: # Install dependencies in the right order.
- nginx
- php7.3-fpm
- php-horde-webmail
- php-pgsql
- oidentd
register: apt_result
retries: 3
until: apt_result is succeeded
@ -21,6 +25,23 @@
- horde/horde/conf.php
- horde/imp/backends.php
- name: Enable horde plugins
template:
src: 'horde/{{ item }}/conf.php.j2'
dest: '/etc/horde/{{ item }}/conf.php'
owner: www-data
group: www-data
mode: 0640
loop:
- gollem
- imp
- ingo
- kronolith
- mnemo
- nag
- trean
- turba
- name: Configure nginx site
template:
src: '{{ item }}.j2'

8
roles/horde/templates/horde/gollem/conf.php.j2 100644
View File

@ -0,0 +1,8 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: c70cc328a58f2b69cb67558ab883380298313e1e $
$conf['backend']['backend_list'] = 'none';
$conf['foldercache']['use_cache'] = false;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

8
roles/horde/templates/horde/horde/conf.php.j2
View File

@ -6,7 +6,7 @@ $conf['vhosts'] = false;
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['max_exec_time'] = 0;
$conf['compress_pages'] = true;
$conf['secret_key'] = '{{ glob_horde.secret }}';
$conf['secret_key'] = '{{ horde.secret }}';
$conf['umask'] = 077;
$conf['testdisable'] = true;
$conf['use_ssl'] = 1;
@ -23,7 +23,7 @@ $conf['session']['max_time'] = 72000;
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
$conf['cookie']['path'] = '/';
$conf['sql']['username'] = 'www-data';
$conf['sql']['hostspec'] = '{{ glob_horde.db }}';
$conf['sql']['hostspec'] = '{{ horde.db }}';
$conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
@ -32,14 +32,14 @@ $conf['sql']['logqueries'] = false;
$conf['sql']['phptype'] = 'pgsql';
$conf['nosql']['phptype'] = false;
$conf['ldap']['useldap'] = false;
$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
$conf['auth']['admins'] = array({{ horde.admins | join(', ')}});
$conf['auth']['checkip'] = false;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = false;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
$conf['auth']['params']['hostspec'] = '{{ glob_horde.imap }}';
$conf['auth']['params']['hostspec'] = '{{ horde.imap }}';
$conf['auth']['params']['port'] = 143;
$conf['auth']['params']['secure'] = 'tls';
$conf['auth']['driver'] = 'imap';

6
roles/horde/templates/horde/imp/backends.php.j2
View File

@ -4,14 +4,14 @@ $servers['imp'] = array(
// Disabled by default
'disabled' => false,
'name' => 'IMAP Cr@ns',
'hostspec' => '{{ glob_horde.imap }}',
'hostspec' => '{{ horde.imap }}',
'hordeauth' => true,
'protocol' => 'imap',
'port' => 143,
'secure' => 'tls',
'maildomain' => '{{ glob_horde.maildomain }}',
'maildomain' => '{{ horde.maildomain }}',
'smtp' => array(
'host' => '{{ glob_horde.smtp }}',
'host' => '{{ horde.smtp }}',
'port' => 25,
),
'cache' => false,

22
roles/horde/templates/horde/imp/conf.php.j2 100644
View File

@ -0,0 +1,22 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 48bf0b4cc99e7941b4432a29e70e145b8d654cc7 $
$conf['user']['allow_view_source'] = true;
$conf['server']['server_list'] = 'none';
$conf['compose']['use_vfs'] = false;
$conf['compose']['link_attachments'] = false;
$conf['compose']['attach_size_limit'] = 0;
$conf['compose']['attach_count_limit'] = 0;
$conf['compose']['reply_limit'] = 200000;
$conf['compose']['ac_threshold'] = 3;
$conf['compose']['htmlsig_img_size'] = 30000;
$conf['pgp']['keylength'] = 0;
$conf['maillog']['driver'] = 'history';
$conf['sentmail']['driver'] = 'Null';
$conf['contactsimage']['backends'] = array('IMP_Contacts_Avatar_Addressbook');
$conf['tasklist']['use_tasklist'] = true;
$conf['notepad']['use_notepad'] = true;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

12
roles/horde/templates/horde/ingo/conf.php.j2 100644
View File

@ -0,0 +1,12 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 48142d13ef06c07f56427fe5b43981631bdbfdb0 $
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['rules']['userheader'] = true;
$conf['spam']['header'] = 'X-Spam-Level';
$conf['spam']['char'] = '*';
$conf['spam']['compare'] = 'string';
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

23
roles/horde/templates/horde/kronolith/conf.php.j2 100644
View File

@ -0,0 +1,23 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 380230c774efc2661b03a58bd71824d28cdc6040 $
$conf['calendar']['params']['table'] = 'kronolith_events';
$conf['calendar']['params']['driverconfig'] = 'horde';
$conf['calendar']['params']['utc'] = true;
$conf['calendar']['driver'] = 'sql';
$conf['storage']['params']['table'] = 'kronolith_storage';
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['calendars']['driver'] = 'default';
$conf['resource']['params']['table'] = 'kronolith_resources';
$conf['resource']['params']['driverconfig'] = 'horde';
$conf['resource']['params']['utc'] = true;
$conf['resource']['driver'] = 'sql';
$conf['autoshare']['shareperms'] = 'none';
$conf['share']['notify'] = false;
$conf['holidays']['enable'] = true;
$conf['menu']['import_export'] = true;
$conf['maps']['driver'] = false;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

11
roles/horde/templates/horde/mnemo/conf.php.j2 100644
View File

@ -0,0 +1,11 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: d97e56b407852ff0a86c7d88c9a57c8f3089e82f $
$conf['storage']['params']['table'] = 'mnemo_memos';
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['notepads']['driver'] = 'default';
$conf['menu']['import_export'] = true;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

11
roles/horde/templates/horde/nag/conf.php.j2 100644
View File

@ -0,0 +1,11 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 7a2eb8e9002cee73d99d618dfb6509a56ab639ec $
$conf['storage']['params']['table'] = 'nag_tasks';
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['tasklists']['driver'] = 'default';
$conf['menu']['import_export'] = true;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

10
roles/horde/templates/horde/trean/conf.php.j2 100644
View File

@ -0,0 +1,10 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 5622bdf8096764a63c7e1039b09edb337bd46a0f $
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['content_index']['enabled'] = false;
$conf['favicons']['type'] = 'horde';
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

11
roles/horde/templates/horde/turba/conf.php.j2 100644
View File

@ -0,0 +1,11 @@
{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Id: 4cd616848fb2e5c81200bf7c65930e9086ec2dcd $
$conf['menu']['import_export'] = true;
$conf['shares']['source'] = 'localsql';
$conf['comments']['allow'] = true;
$conf['documents']['type'] = 'horde';
$conf['tags']['enabled'] = true;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */

11
roles/horde/templates/nginx/sites-available/horde.j2
View File

@ -1,17 +1,16 @@
{{ ansible_header | comment }}
server {
listen {{ glob_horde.admin_src_hostname }}:80;
listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
listen [{{ horde.ipv6 }}]:80;
server_name {{ horde.admin_src_hostname }} {{ horde.src_hostname }};
root /usr/share/;
location / {
return 302 https://{{ glob_horde.dest_hostname }}/horde;
return 302 https://{{ horde.dest_hostname }}/horde;
}
include "snippets/php.conf";
set_real_ip_from {{ glob_horde.zone_ipv4 }};
set_real_ip_from {{ glob_horde.zone_ipv6 }};
set_real_ip_from {{ horde.zone_ipv4 }};
set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}

11
roles/horde/templates/nginx/sites-available/webmail.j2
View File

@ -1,12 +1,11 @@
{{ ansible_header | comment }}
server {
listen {{ glob_horde.admin_dest_hostname }}:80;
listen {{ loc_horde.ipv6 }}:80;
server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
listen {{ horde.ipv4 }}:80;
server_name {{ horde.dest_hostname }} {{ horde.admin_dest_hostname }};
root /usr/share/;
location / {
return 302 {{ glob_horde.redirection }};
return 302 {{ horde.redirection }};
}
location /horde {
try_files $uri $uri/ /horde/rampage.php?$args;
@ -14,8 +13,8 @@ server {
}
include "snippets/php.conf";
set_real_ip_from {{ glob_horde.zone_ipv4 }};
set_real_ip_from {{ glob_horde.zone_ipv6 }};
set_real_ip_from {{ horde.zone_ipv4 }};
set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}