Add dovecot role, evoadmin-mail role and packmail role
This commit is contained in:
parent
95408a2409
commit
1d7d45eb44
28 changed files with 756 additions and 2 deletions
36
dovecot/.kitchen.yml
Normal file
36
dovecot/.kitchen.yml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
driver:
|
||||
name: docker
|
||||
privileged: true
|
||||
use_sudo: false
|
||||
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
hosts: test-kitchen
|
||||
roles_path: ../
|
||||
ansible_verbose: true
|
||||
require_ansible_source: false
|
||||
require_chef_for_busser: false
|
||||
idempotency_test: true
|
||||
|
||||
platforms:
|
||||
- name: debian
|
||||
driver_config:
|
||||
image: evolix/ansible:2.2.1
|
||||
|
||||
verifier:
|
||||
name: serverspec
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
playbook: ./tests/test.yml
|
||||
verifier:
|
||||
patterns:
|
||||
- nginx/tests/spec/memcached_spec.rb
|
||||
bundler_path: '/usr/local/bin'
|
||||
rspec_path: '/usr/local/bin'
|
||||
|
||||
transport:
|
||||
max_ssh_sessions: 6
|
11
dovecot/README.md
Normal file
11
dovecot/README.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Dovecot
|
||||
|
||||
Installation and basic configuration of dovecot
|
||||
|
||||
## Tasks
|
||||
|
||||
Minimal configuration is in `tasks/main.yml`
|
||||
|
||||
## Available variables
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
2
dovecot/defaults/main.yml
Normal file
2
dovecot/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
dovecot_foo: bar
|
126
dovecot/files/munin_plugin
Executable file
126
dovecot/files/munin_plugin
Executable file
|
@ -0,0 +1,126 @@
|
|||
#! /bin/bash
|
||||
#
|
||||
# Munin Plugin
|
||||
# to count logins to your dovecot mailserver
|
||||
#
|
||||
# Created by Dominik Schulz <lkml@ds.gauner.org>
|
||||
# http://developer.gauner.org/munin/
|
||||
# Contributions by:
|
||||
# - Stephane Enten <tuf@delyth.net>
|
||||
# - Steve Schnepp <steve.schnepp@pwkf.org>
|
||||
#
|
||||
# Parameters understood:
|
||||
#
|
||||
# config (required)
|
||||
# autoconf (optional - used by munin-config)
|
||||
#
|
||||
# Config variables:
|
||||
#
|
||||
# logfile - Where to find the syslog file
|
||||
#
|
||||
# Add the following line to a file in /etc/munin/plugin-conf.d:
|
||||
# env.logfile /var/log/your/logfile.log
|
||||
#
|
||||
# Magic markers (optional - used by munin-config and installation scripts):
|
||||
#
|
||||
#%# family=auto
|
||||
#%# capabilities=autoconf
|
||||
|
||||
######################
|
||||
# Configuration
|
||||
######################
|
||||
EXPR_BIN=/usr/bin/expr
|
||||
LOGFILE=${logfile:-/var/log/mail.log}
|
||||
######################
|
||||
|
||||
if [ "$1" = "autoconf" ]; then
|
||||
echo yes
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$1" = "config" ]; then
|
||||
echo 'graph_title Dovecot Logins'
|
||||
echo 'graph_category Mail'
|
||||
echo 'graph_args --base 1000 -l 0'
|
||||
echo 'graph_vlabel Login Counters'
|
||||
|
||||
for t in Total TLS SSL IMAP POP3
|
||||
do
|
||||
field=$(echo $t | tr '[:upper:]' '[:lower:]')
|
||||
echo "login_$field.label $t Logins"
|
||||
echo "login_$field.type DERIVE"
|
||||
echo "login_$field.min 0"
|
||||
done
|
||||
|
||||
echo 'connected.label Connected Users'
|
||||
|
||||
exit 0
|
||||
fi
|
||||
|
||||
######################
|
||||
# Total Logins
|
||||
######################
|
||||
echo -en "login_total.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
echo -n
|
||||
######################
|
||||
# Connected Users
|
||||
######################
|
||||
DISCONNECTS=$(egrep -c '[dovecot]?.*Disconnected' $LOGFILE)
|
||||
CONNECTS=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
|
||||
VALUE=$($EXPR_BIN $CONNECTS - $DISCONNECTS)
|
||||
if [ -z "$VALUE" ] || [ "$VALUE" -lt 0 ]; then
|
||||
VALUE=0
|
||||
fi
|
||||
echo -en "connected.value "
|
||||
echo $VALUE
|
||||
echo -n
|
||||
######################
|
||||
# TLS Logins
|
||||
######################
|
||||
echo -en "login_tls.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*Login.*TLS' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
echo -n
|
||||
######################
|
||||
# SSL Logins
|
||||
######################
|
||||
echo -en "login_ssl.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*Login.*SSL' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
echo -n
|
||||
######################
|
||||
# IMAP Logins
|
||||
######################
|
||||
echo -en "login_imap.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*imap.*Login' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
echo -n
|
||||
######################
|
||||
# POP3 Logins
|
||||
######################
|
||||
echo -en "login_pop3.value "
|
||||
VALUE=$(egrep -c '[dovecot]?.*pop3.*Login' $LOGFILE)
|
||||
if [ ! -z "$VALUE" ]; then
|
||||
echo "$VALUE"
|
||||
else
|
||||
echo "0"
|
||||
fi
|
||||
echo -n
|
5
dovecot/handlers/main.yml
Normal file
5
dovecot/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: restart dovecot
|
||||
service:
|
||||
name: dovecot
|
||||
state: restarted
|
11
dovecot/tasks/main.yml
Normal file
11
dovecot/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
- name: ensure packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- dovecot-ldap
|
||||
- dovecot-imapd
|
||||
- dovecot-pop3d
|
||||
- dovecot-sieve
|
||||
|
||||
- include: munin.yml
|
20
dovecot/tasks/munin.yml
Normal file
20
dovecot/tasks/munin.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
|
||||
- name: is Munin present ?
|
||||
stat:
|
||||
path: /etc/munin/plugin-conf.d/munin-node
|
||||
check_mode: no
|
||||
register: munin_node_plugins_config
|
||||
|
||||
- block:
|
||||
- name: Install munin plugin
|
||||
copy:
|
||||
src: munin_plugin
|
||||
dest: /etc/munin/plugins/dovecot
|
||||
mode: "0755"
|
||||
|
||||
# TODO : add in /etc/munin/plugin-conf.d/munin-node
|
||||
# [dovecot]
|
||||
# group adm
|
||||
|
||||
when: munin_node_plugins_config.stat.exists
|
15
packmail/README.md
Normal file
15
packmail/README.md
Normal file
|
@ -0,0 +1,15 @@
|
|||
# packmail
|
||||
|
||||
Install the mail pack, with Postfix/Dovecot/LDAP/evoadmin-mail.
|
||||
|
||||
## Tasks
|
||||
|
||||
See `tasks/main.yml`.
|
||||
|
||||
## Available variables
|
||||
|
||||
Main variables are :
|
||||
|
||||
* `packmail_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create mail accounts)
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
5
packmail/defaults/main.yml
Normal file
5
packmail/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
# defaults file for packmail
|
||||
general_alert_email: "root@localhost"
|
||||
|
||||
packmail_enable_evoadmin_vhost: True
|
63
packmail/files/cn4evolix.ldif
Normal file
63
packmail/files/cn4evolix.ldif
Normal file
|
@ -0,0 +1,63 @@
|
|||
dn: cn={4}evolix,cn=config
|
||||
objectClass: olcSchemaConfig
|
||||
cn: {4}evolix
|
||||
olcAttributeTypes: {0}( 1.3.6.1.4.1.24331.22.1.1 NAME 'maildrop' DESC 'mail fo
|
||||
rward' SUP mail )
|
||||
olcAttributeTypes: {1}( 1.3.6.1.4.1.24331.22.1.2 NAME 'mailacceptinggeneralid'
|
||||
DESC 'mail alias' SUP mail )
|
||||
olcAttributeTypes: {2}( 1.3.6.1.4.1.24331.22.1.3 NAME 'isActive' DESC 'boolean
|
||||
to verify an global account is active or not' EQUALITY booleanMatch SYNTAX 1
|
||||
.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {3}( 1.3.6.1.4.1.24331.22.1.4 NAME 'accountActive' DESC 'bo
|
||||
olean to verify if an mail account is active' EQUALITY booleanMatch SYNTAX 1.
|
||||
3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {4}( 1.3.6.1.4.1.24331.22.1.5 NAME 'authsmtpActive' DESC 'b
|
||||
oolean to verify if SMTP-AUTH is enabled for entry' EQUALITY booleanMatch SYN
|
||||
TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {5}( 1.3.6.1.4.1.24331.22.1.6 NAME 'courierActive' DESC 'bo
|
||||
olean to verify if Courier POP/IMAP is enabled for entry' EQUALITY booleanMat
|
||||
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {6}( 1.3.6.1.4.1.24331.22.1.7 NAME 'webmailActive' DESC 'bo
|
||||
olean to verify if webmail is enabled for entry' EQUALITY booleanMatch SYNTAX
|
||||
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {7}( 1.3.6.1.4.1.24331.22.1.8 NAME 'isAdmin' DESC 'boolean
|
||||
to verify if entry is admin for entry' EQUALITY booleanMatch SYNTAX 1.3.6.1.4
|
||||
.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {8}( 1.3.6.1.4.1.24331.22.1.9 NAME 'postfixTransport' DESC
|
||||
'transport for Postfix' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.11
|
||||
5.121.1.26{20} SINGLE-VALUE )
|
||||
olcAttributeTypes: {9}( 1.3.6.1.4.1.24331.22.1.10 NAME 'domain' DESC 'Postfix
|
||||
domain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA
|
||||
X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||
olcAttributeTypes: {10}( 1.3.6.1.4.1.24331.22.1.11 NAME 'quota' DESC 'Courier
|
||||
maildir quota' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
|
||||
26 SINGLE-VALUE )
|
||||
olcAttributeTypes: {11}( 1.3.6.1.4.1.24331.22.1.16 NAME 'vacationActive' DESC
|
||||
'A flag, for marking the user as being away' EQUALITY booleanMatch SYNTAX 1.3
|
||||
.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcAttributeTypes: {12}( 1.3.6.1.4.1.24331.22.1.17 NAME 'vacationInfo' DESC 'A
|
||||
bsentee note to leave behind, while on vacation' EQUALITY octetStringMatch SY
|
||||
NTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
|
||||
olcAttributeTypes: {13}( 1.3.6.1.4.1.24331.22.1.18 NAME 'vacationStart' DESC '
|
||||
Beginning of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.
|
||||
121.1.40 SINGLE-VALUE )
|
||||
olcAttributeTypes: {14}( 1.3.6.1.4.1.24331.22.1.19 NAME 'vacationEnd' DESC 'En
|
||||
d of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
|
||||
SINGLE-VALUE )
|
||||
olcAttributeTypes: {15}( 1.3.6.1.4.1.24331.22.1.20 NAME 'vacationForward' DESC
|
||||
'Where to forward mails to, while on vacation' EQUALITY caseIgnoreIA5Match S
|
||||
UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
|
||||
)
|
||||
olcAttributeTypes: {16}( 1.3.6.1.4.1.24331.22.1.21 NAME 'smbActive' DESC 'bool
|
||||
ean to verify if an Samba account is active' EQUALITY booleanMatch SYNTAX 1.3
|
||||
.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||
olcObjectClasses: {0}( 1.3.6.1.4.1.24331.22.2.1 NAME 'mailAccount' DESC 'LDAP/
|
||||
Unix mail account or virtual account' SUP top AUXILIARY MUST ( uid $ mailacce
|
||||
ptinggeneralid ) MAY ( accountActive $ authsmtpActive $ quota $ isActive $ co
|
||||
urierActive $ webmailActive $ isAdmin $ vacationActive $ vacationInfo $ vacat
|
||||
ionStart $ vacationEnd $ vacationForward $ maildrop ) )
|
||||
olcObjectClasses: {1}( 1.3.6.1.4.1.24331.22.2.2 NAME 'mailAlias' DESC 'Mail al
|
||||
iasing/forwarding entry' SUP top STRUCTURAL MUST ( mailacceptinggeneralid $ m
|
||||
aildrop ) MAY ( cn $ isActive ) )
|
||||
olcObjectClasses: {2}( 1.3.6.1.4.1.24331.22.2.4 NAME 'postfixDomain' DESC 'Pos
|
||||
tfix domain' SUP posixGroup STRUCTURAL MAY ( postfixTransport $ isActive ) )
|
10
packmail/handlers/main.yml
Normal file
10
packmail/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: restart postfix
|
||||
service:
|
||||
name: postfix
|
||||
state: restarted
|
||||
|
||||
- name: restart dovecot
|
||||
service:
|
||||
name: dovecot
|
||||
state: restarted
|
21
packmail/tasks/apache.yml
Normal file
21
packmail/tasks/apache.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- libapache2-mod-security2
|
||||
- modsecurity-crs
|
||||
- apg
|
||||
|
||||
- name: Additional modules are enabled
|
||||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
- alias
|
||||
|
46
packmail/tasks/main.yml
Normal file
46
packmail/tasks/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
|
||||
- fail:
|
||||
msg: only compatible with Debian >= 9
|
||||
when:
|
||||
- ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('9', '<')
|
||||
|
||||
- name: Include ldap role
|
||||
include_role:
|
||||
name: ldap
|
||||
|
||||
- name: upload evolix schema
|
||||
copy:
|
||||
src: cn4evolix.ldif
|
||||
dest: /root/cn4evolix.ldif
|
||||
mode: "0640"
|
||||
|
||||
- name: inject evolix schema
|
||||
command: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/cn4evolix.ldif
|
||||
|
||||
- name: Include postfix role
|
||||
include_role:
|
||||
name: postfix
|
||||
|
||||
- name: Include dovecot role
|
||||
include_role:
|
||||
name: dovecot
|
||||
|
||||
- name: Include apache role
|
||||
include_role:
|
||||
name: apache
|
||||
|
||||
- name: Include PHP role
|
||||
include_role:
|
||||
name: php
|
||||
vars:
|
||||
php_apache_enable: True
|
||||
|
||||
- include: apache.yml
|
||||
|
||||
- name: Install Evoadmin
|
||||
include_role:
|
||||
name: webapps/evoadmin-mail
|
||||
vars:
|
||||
evoadminmail_enable_vhost: '{{ packmail_enable_evoadmin_vhost }}'
|
||||
|
23
webapps/evoadmin-mail/defaults/main.yml
Normal file
23
webapps/evoadmin-mail/defaults/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
general_alert_email: "root@localhost"
|
||||
evoadminmail_contact_email: Null
|
||||
evoadminmail_bounce_email: "{{ evoadminmail_contact_email }}"
|
||||
|
||||
evoadminmail_username: evoadmin-mail
|
||||
evoadminmail_home_dir: "/home/{{ evoadminmail_username }}"
|
||||
evoadminmail_document_root: "{{ evoadminmail_home_dir }}/www"
|
||||
evoadminmail_log_dir: "{{ evoadminmail_home_dir }}/log"
|
||||
evoadminmail_scripts_dir: /usr/share/scripts/
|
||||
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
|
||||
|
||||
evoadminmail_enable_vhost: True
|
||||
|
||||
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
|
||||
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
|
||||
evoadminmail_tpl_phpmyadmin_url: Null
|
||||
evoadminmail_tpl_cgi_suffix: Null
|
||||
evoadminmail_tpl_signature: evoadmin
|
||||
evoadminmail_tpl_mail_from: root@localhost
|
||||
evoadminmail_tpl_mail_bcc: Null
|
||||
evoadminmail_tpl_mail_standard: "{{ general_alert_email }}"
|
||||
evoadminmail_tpl_mail_urgent: "{{ general_alert_email }}"
|
6
webapps/evoadmin-mail/handlers/main.yml
Normal file
6
webapps/evoadmin-mail/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: reload apache2
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
17
webapps/evoadmin-mail/tasks/config.yml
Normal file
17
webapps/evoadmin-mail/tasks/config.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
|
||||
- name: "Create /etc/evolinux"
|
||||
file:
|
||||
dest: "/etc/evolinux"
|
||||
recurse: yes
|
||||
state: directory
|
||||
|
||||
#- name: Configure web-add config file
|
||||
# template:
|
||||
# src: web-add.conf.j2
|
||||
# dest: /etc/evolinux/web-add.conf
|
||||
#
|
||||
#- name: Configure web-add template file for mail
|
||||
# template:
|
||||
# src: web-mail.tpl.j2
|
||||
# dest: "{{ evoadminmail_scripts_dir }}/web-mail.tpl"
|
19
webapps/evoadmin-mail/tasks/main.yml
Normal file
19
webapps/evoadmin-mail/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
|
||||
- include: packages.yml
|
||||
|
||||
- include: user.yml
|
||||
|
||||
- include: config.yml
|
||||
|
||||
- include: ssl.yml
|
||||
|
||||
- include: web.yml
|
||||
|
||||
- name: enable evoadmin-mail link in default site index
|
||||
blockinfile:
|
||||
dest: /var/www/index.html
|
||||
marker: "<!-- {mark} evoadmin-mail section -->"
|
||||
block: |
|
||||
<li><a href="https://{{ evoadminmail_host }}">Interface admin mail (EvoAdmin-mail)</a></li>
|
||||
|
16
webapps/evoadmin-mail/tasks/packages.yml
Normal file
16
webapps/evoadmin-mail/tasks/packages.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
|
||||
- include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Install PHP packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- php-pear
|
||||
- php-log
|
||||
- php-crypt-chap
|
15
webapps/evoadmin-mail/tasks/remount_usr_rw.yml
Normal file
15
webapps/evoadmin-mail/tasks/remount_usr_rw.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: Get mount options for partitions
|
||||
shell: "mount | grep 'on /usr type'"
|
||||
args:
|
||||
warn: no
|
||||
register: mount
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Remount /usr if it is a partition and it is not mounted in rw
|
||||
command: "mount -o remount,rw /usr"
|
||||
when: mount.rc == 0 and not mount.stdout_lines.0 | search("rw")
|
||||
args:
|
||||
warn: no
|
24
webapps/evoadmin-mail/tasks/ssl.yml
Normal file
24
webapps/evoadmin-mail/tasks/ssl.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
|
||||
- name: ssl-cert package is installed
|
||||
apt:
|
||||
name: ssl-cert
|
||||
state: present
|
||||
|
||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
|
||||
args:
|
||||
creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
|
||||
|
||||
- name: Adjust rights on private key
|
||||
file:
|
||||
path: /etc/ssl/private/{{ evoadminmail_host }}.key
|
||||
owner: root
|
||||
group: ssl-cert
|
||||
mode: "0640"
|
||||
|
||||
- name: Create certificate for default site
|
||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
|
||||
args:
|
||||
creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"
|
67
webapps/evoadmin-mail/tasks/user.yml
Normal file
67
webapps/evoadmin-mail/tasks/user.yml
Normal file
|
@ -0,0 +1,67 @@
|
|||
---
|
||||
|
||||
- name: Create evoadmin account
|
||||
user:
|
||||
name: "{{ evoadminmail_username }}"
|
||||
comment: "Evoadmin Web Account"
|
||||
home: "{{ evoadminmail_home_dir}}"
|
||||
password: "!"
|
||||
|
||||
- name: Create log/ directory
|
||||
file:
|
||||
path: "{{ evoadminmail_home_dir}}/log"
|
||||
state: directory
|
||||
owner: "{{ evoadminmail_username }}"
|
||||
group: "{{ evoadminmail_username }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Create www-evoadminmail group
|
||||
group:
|
||||
name: "www-{{ evoadminmail_username }}"
|
||||
state: present
|
||||
|
||||
- name: "Create www-evoadmin (Debian 9 or later)"
|
||||
user:
|
||||
name: "www-{{ evoadminmail_username }}"
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Install Git
|
||||
apt:
|
||||
name: git
|
||||
state: present
|
||||
|
||||
- name: "Clone evoadmin repository (Debian 9 or later)"
|
||||
git:
|
||||
repo: https://forge.evolix.org/evoadmin-mail.git
|
||||
dest: "{{ evoadminmail_document_root}}"
|
||||
version: master
|
||||
update: yes
|
||||
# Warning: Need sudo!
|
||||
become_user: "{{ evoadminmail_username }}"
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- include: remount_usr_rw.yml
|
||||
when: evoadminmail_scripts_dir | search ("/usr")
|
||||
|
||||
- name: "Create {{ evoadminmail_scripts_dir }}"
|
||||
file:
|
||||
dest: "{{ evoadminmail_scripts_dir }}"
|
||||
# recurse: yes
|
||||
mode: "0700"
|
||||
state: directory
|
||||
|
||||
# we use a shell command to have a "changed" thet really reflects the result.
|
||||
- name: Fix permissions
|
||||
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
# failed_when: False
|
||||
with_items:
|
||||
- "{{ evoadminmail_home_dir}}/www"
|
||||
|
||||
#- name: Add evoadmin sudoers file
|
||||
# template:
|
||||
# src: sudoers.j2
|
||||
# dest: /etc/sudoers.d/evoadmin
|
||||
# mode: "0600"
|
||||
# validate: "visudo -cf %s"
|
39
webapps/evoadmin-mail/tasks/web.yml
Normal file
39
webapps/evoadmin-mail/tasks/web.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Install evoadminmail VHost
|
||||
template:
|
||||
src: evoadminmail.conf.j2
|
||||
dest: /etc/apache2/sites-available/evoadminmail.conf
|
||||
notify: reload apache2
|
||||
|
||||
- name: Enable evoadminmail vhost
|
||||
command: "a2ensite evoadminmail.conf"
|
||||
register: cmd_a2ensite
|
||||
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||
notify: reload apache2
|
||||
when: evoadminmail_enable_vhost
|
||||
|
||||
- name: Disable evoadminmail vhost
|
||||
command: "a2dissite evoadminmail.conf"
|
||||
register: cmd_a2dissite
|
||||
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
|
||||
notify: reload apache2
|
||||
when: not evoadminmail_enable_vhost
|
||||
|
||||
#- name: Copy config file for evoadmin
|
||||
# template:
|
||||
# src: config.local.php.j2
|
||||
# dest: "{{ evoadminmail_document_root}}/conf/config.local.php"
|
||||
# mode: "0644"
|
||||
# owner: evoadmin
|
||||
# group: evoadmin
|
||||
# force: no
|
8
webapps/evoadmin-mail/templates/config.local.php.j2
Normal file
8
webapps/evoadmin-mail/templates/config.local.php.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
<?php
|
||||
|
||||
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
|
||||
$localconf['debug'] = FALSE;
|
||||
// Add local users that should be superadmin
|
||||
$localconf['superadmin'] = array();
|
||||
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
|
||||
$localconf['cluster'] = FALSE;
|
58
webapps/evoadmin-mail/templates/evoadminmail.conf.j2
Normal file
58
webapps/evoadmin-mail/templates/evoadminmail.conf.j2
Normal file
|
@ -0,0 +1,58 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName {{ evoadminmail_host }}
|
||||
Redirect permanent / https://{{ evoadminmail_host }}/
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
|
||||
# FQDN principal
|
||||
ServerName {{ evoadminmail_host }}
|
||||
#ServerAlias {{ evoadminmail_host }}
|
||||
|
||||
# Repertoire principal
|
||||
DocumentRoot {{ evoadminmail_document_root }}/evoadmin/htdocs/
|
||||
|
||||
# SSL
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/ssl/certs/{{ evoadminmail_host }}.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/{{ evoadminmail_host }}.key
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
|
||||
# Propriete du repertoire
|
||||
<Directory {{ evoadminmail_document_root }}/htdocs/>
|
||||
#Options Indexes SymLinksIfOwnerMatch
|
||||
Options SymLinksIfOwnerMatch
|
||||
AllowOverride AuthConfig Limit FileInfo
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
# user - group (thanks to sesse@debian.org)
|
||||
AssignUserID www-{{ evoadminmail_username }} {{ evoadminmail_username }}
|
||||
|
||||
# LOG
|
||||
CustomLog /var/log/apache2/access.log combined
|
||||
CustomLog {{ evoadminmail_log_dir }}/access.log combined
|
||||
ErrorLog {{ evoadminmail_log_dir }}/error.log
|
||||
|
||||
# AWSTATS
|
||||
SetEnv AWSTATS_FORCE_CONFIG {{ evoadminmail_username }}
|
||||
|
||||
# REWRITE
|
||||
UseCanonicalName On
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP_HOST} !^{{ evoadminmail_host }}$
|
||||
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
|
||||
|
||||
# PHP
|
||||
#php_admin_flag engine off
|
||||
#AddType text/html .html
|
||||
#php_admin_flag display_errors On
|
||||
#php_flag short_open_tag On
|
||||
#php_flag register_globals On
|
||||
#php_admin_value memory_limit 256M
|
||||
#php_admin_value max_execution_time 60
|
||||
#php_admin_value upload_max_filesize 8M
|
||||
#php_admin_flag allow_url_fopen Off
|
||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-{{ evoadminmail_username }}"
|
||||
php_admin_value open_basedir "none"
|
||||
</VirtualHost>
|
3
webapps/evoadmin-mail/templates/sudoers.j2
Normal file
3
webapps/evoadmin-mail/templates/sudoers.j2
Normal file
|
@ -0,0 +1,3 @@
|
|||
User_Alias EVOADMIN = www-evoadmin
|
||||
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
|
||||
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
|
2
webapps/evoadmin-mail/templates/web-add.conf.j2
Normal file
2
webapps/evoadmin-mail/templates/web-add.conf.j2
Normal file
|
@ -0,0 +1,2 @@
|
|||
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
|
||||
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
|
86
webapps/evoadmin-mail/templates/web-mail.tpl.j2
Normal file
86
webapps/evoadmin-mail/templates/web-mail.tpl.j2
Normal file
|
@ -0,0 +1,86 @@
|
|||
From: {{ evoadmin_tpl_mail_from }}
|
||||
To: RCPTTO
|
||||
Bcc: {{ evoadmin_tpl_mail_bcc }}
|
||||
Subject: Parametres hebergement web : LOGIN
|
||||
|
||||
Bonjour,
|
||||
|
||||
Votre compte d'hebergement web a ete cree.
|
||||
|
||||
**********************************
|
||||
* CONNEXION SFTP/SSH
|
||||
**********************************
|
||||
|
||||
NOM DU SERVEUR : {{ evoadmin_tpl_servername }}
|
||||
USER : LOGIN
|
||||
PASSWORD : PASSE1
|
||||
|
||||
*****************************************
|
||||
* Details sur l'environnement Apache/PHP
|
||||
*****************************************
|
||||
|
||||
URL du site :
|
||||
http://{{ evoadmin_tpl_servername }}
|
||||
|
||||
URL des stats :
|
||||
http://{{ evoadmin_tpl_servername }}/cgi-RANDOM/awstats.pl
|
||||
(acces par IP ou login a demander !)
|
||||
|
||||
Repertoire de connexion : HOME_DIR/LOGIN/
|
||||
Repertoire pour site web : HOME_DIR/LOGIN/www/
|
||||
|
||||
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
|
||||
uniquement *en lecture* aux differents fichiers/repertoires
|
||||
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
|
||||
fichiers ce qui est le comportement par defaut).
|
||||
|
||||
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
|
||||
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
|
||||
|
||||
***********************************
|
||||
* MySQL
|
||||
***********************************
|
||||
|
||||
SERVEUR : 127.0.0.1
|
||||
PORT DU SERVEUR : 3306
|
||||
USER : LOGIN
|
||||
PASSWORD : PASSE2
|
||||
NOM BASE : DBNAME
|
||||
URL interface d'admin :
|
||||
{{ evoadmin_tpl_phpmyadmin_url }}
|
||||
|
||||
***********************************
|
||||
* Rappels divers
|
||||
***********************************
|
||||
|
||||
Votre nom de domaine doit etre configure pour pointer
|
||||
sur l'adresse IP {{ evoadmin_tpl_address }} (enregistrement DNS A)
|
||||
ou etre un alias de {{ evoadmin_tpl_servername }} (enregistrement DNS CNAME).
|
||||
|
||||
Si vous avez besoin de faire des tests, vous devez
|
||||
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
|
||||
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
|
||||
{{ evoadmin_tpl_address }} {{ evoadmin_tpl_servername }}
|
||||
|
||||
Attention, par defaut, toutes les connexions vers l'exterieur
|
||||
sont bloquees. Si vous avez besoin de recuperer des donnees
|
||||
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
|
||||
afin de mettre en oeuvre les autorisations necessaires.
|
||||
|
||||
Afin de securiser au maximum le serveur, certaines URL
|
||||
particulieres sont non autorisees pour eviter diverses
|
||||
attaques (XSS, robots, trojans, injections, etc.).
|
||||
Exemple d'URL refusee :
|
||||
http://{{ evoadmin_tpl_servername }}/cmd32.exe
|
||||
En cas de soucis avec votre application, prevenez-nous.
|
||||
|
||||
Si vous desirez mettre en place des parametres particuliers
|
||||
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
|
||||
etc.), n'hesitez pas a nous contacter a l'adresse
|
||||
{{ evoadmin_tpl_mail_standard }} (ou {{ evoadmin_tpl_mail_urgent }} si votre demande est
|
||||
urgente).
|
||||
|
||||
|
||||
Cordialement,
|
||||
--
|
||||
{{ evoadmin_tpl_signature }}
|
|
@ -6,7 +6,7 @@
|
|||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||
|
@ -15,7 +15,7 @@
|
|||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Install evoadmin VHost
|
||||
|
|
Loading…
Reference in a new issue