Add dovecot role, evoadmin-mail role and packmail role

dovecot/.kitchen.yml

@@ -0,0 +1,36 @@
+---
+driver:
+  name: docker
+  privileged: true
+  use_sudo: false
+
+provisioner:
+  name: ansible_playbook
+  hosts: test-kitchen
+  roles_path: ../
+  ansible_verbose: true
+  require_ansible_source: false
+  require_chef_for_busser: false
+  idempotency_test: true
+
+platforms:
+  - name: debian
+    driver_config:
+      image: evolix/ansible:2.2.1
+
+verifier:
+  name: serverspec
+
+suites:
+  - name: default
+    provisioner:
+      name: ansible_playbook
+      playbook: ./tests/test.yml
+    verifier:
+      patterns:
+      - nginx/tests/spec/memcached_spec.rb
+      bundler_path: '/usr/local/bin'
+      rspec_path: '/usr/local/bin'
+
+transport:
+  max_ssh_sessions: 6

dovecot/README.md

@@ -0,0 +1,11 @@
+# Dovecot
+
+Installation and basic configuration of dovecot
+
+## Tasks
+
+Minimal configuration is in `tasks/main.yml`
+
+## Available variables
+
+The full list of variables (with default values) can be found in `defaults/main.yml`.

dovecot/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+dovecot_foo: bar

dovecot/files/munin_plugin

@@ -0,0 +1,126 @@
+#! /bin/bash
+#
+# Munin Plugin
+# to count logins to your dovecot mailserver
+# 
+# Created by Dominik Schulz <lkml@ds.gauner.org>
+# http://developer.gauner.org/munin/
+# Contributions by:
+# - Stephane Enten <tuf@delyth.net>
+# - Steve Schnepp <steve.schnepp@pwkf.org>
+# 
+# Parameters understood:
+#
+#	config		(required)
+#	autoconf 	(optional - used by munin-config)
+# 
+# Config variables:
+#
+#       logfile      - Where to find the syslog file
+#
+# Add the following line to a file in /etc/munin/plugin-conf.d:
+# 	env.logfile /var/log/your/logfile.log
+#
+# Magic markers (optional - used by munin-config and installation scripts):
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+######################
+# Configuration
+######################
+EXPR_BIN=/usr/bin/expr
+LOGFILE=${logfile:-/var/log/mail.log}
+######################
+
+if [ "$1" = "autoconf" ]; then
+	echo yes
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo 'graph_title Dovecot Logins'
+	echo 'graph_category Mail'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel Login Counters'
+
+	for t in Total TLS SSL IMAP POP3
+	do
+		field=$(echo $t | tr '[:upper:]' '[:lower:]')
+		echo "login_$field.label $t Logins"
+		echo "login_$field.type DERIVE"
+		echo "login_$field.min 0"
+	done
+
+	echo 'connected.label Connected Users'
+
+	exit 0
+fi
+
+######################
+# Total Logins
+######################
+echo -en "login_total.value "
+VALUE=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
+if [ ! -z "$VALUE" ]; then
+	echo "$VALUE"
+else
+	echo "0"
+fi
+echo -n
+######################
+# Connected Users
+######################
+DISCONNECTS=$(egrep -c '[dovecot]?.*Disconnected' $LOGFILE)
+CONNECTS=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
+VALUE=$($EXPR_BIN $CONNECTS - $DISCONNECTS)
+if [ -z "$VALUE" ] || [ "$VALUE" -lt 0 ]; then
+	VALUE=0
+fi
+echo -en "connected.value "
+echo $VALUE
+echo -n
+######################
+# TLS Logins
+######################
+echo -en "login_tls.value "
+VALUE=$(egrep -c '[dovecot]?.*Login.*TLS' $LOGFILE)
+if [ ! -z "$VALUE" ]; then
+        echo "$VALUE"
+else
+	echo "0"
+fi
+echo -n
+######################
+# SSL Logins
+######################
+echo -en "login_ssl.value "
+VALUE=$(egrep -c '[dovecot]?.*Login.*SSL' $LOGFILE)
+if [ ! -z "$VALUE" ]; then
+        echo "$VALUE"
+else
+	echo "0"
+fi
+echo -n
+######################
+# IMAP Logins
+######################
+echo -en "login_imap.value "
+VALUE=$(egrep -c '[dovecot]?.*imap.*Login' $LOGFILE)
+if [ ! -z "$VALUE" ]; then
+        echo "$VALUE"
+else
+	echo "0"
+fi
+echo -n
+######################
+# POP3 Logins
+######################
+echo -en "login_pop3.value "
+VALUE=$(egrep -c '[dovecot]?.*pop3.*Login' $LOGFILE)
+if [ ! -z "$VALUE" ]; then
+        echo "$VALUE"
+else
+	echo "0"
+fi
+echo -n

dovecot/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart dovecot
+  service:
+    name: dovecot
+    state: restarted

dovecot/tasks/main.yml

@@ -0,0 +1,11 @@
+- name: ensure packages are installed
+  apt:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - dovecot-ldap
+  - dovecot-imapd
+  - dovecot-pop3d
+  - dovecot-sieve
+
+- include: munin.yml

dovecot/tasks/munin.yml

@@ -0,0 +1,20 @@
+---
+
+- name: is Munin present ?
+  stat:
+    path: /etc/munin/plugin-conf.d/munin-node
+  check_mode: no
+  register: munin_node_plugins_config
+
+- block:
+  - name: Install munin plugin
+    copy:
+      src: munin_plugin
+      dest: /etc/munin/plugins/dovecot
+      mode: "0755"
+
+# TODO : add in /etc/munin/plugin-conf.d/munin-node
+# [dovecot]
+# group adm
+
+  when: munin_node_plugins_config.stat.exists

packmail/README.md

@@ -0,0 +1,15 @@
+# packmail
+
+Install the mail pack, with Postfix/Dovecot/LDAP/evoadmin-mail.
+
+## Tasks
+
+See `tasks/main.yml`.
+
+## Available variables
+
+Main variables are :
+
+* `packmail_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create mail accounts)
+
+The full list of variables (with default values) can be found in `defaults/main.yml`.

packmail/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+# defaults file for packmail
+general_alert_email: "root@localhost"
+
+packmail_enable_evoadmin_vhost: True

packmail/files/cn4evolix.ldif

@@ -0,0 +1,63 @@
+dn: cn={4}evolix,cn=config
+objectClass: olcSchemaConfig
+cn: {4}evolix
+olcAttributeTypes: {0}( 1.3.6.1.4.1.24331.22.1.1 NAME 'maildrop' DESC 'mail fo
+ rward' SUP mail )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.24331.22.1.2 NAME 'mailacceptinggeneralid'
+  DESC 'mail alias' SUP mail )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.24331.22.1.3 NAME 'isActive' DESC 'boolean
+  to verify an global account is active or not' EQUALITY booleanMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.24331.22.1.4 NAME 'accountActive' DESC 'bo
+ olean to verify if an mail account is active' EQUALITY booleanMatch SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.24331.22.1.5 NAME 'authsmtpActive' DESC 'b
+ oolean to verify if SMTP-AUTH is enabled for entry' EQUALITY booleanMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.24331.22.1.6 NAME 'courierActive' DESC 'bo
+ olean to verify if Courier POP/IMAP is enabled for entry' EQUALITY booleanMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.24331.22.1.7 NAME 'webmailActive' DESC 'bo
+ olean to verify if webmail is enabled for entry' EQUALITY booleanMatch SYNTAX
+  1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.24331.22.1.8 NAME 'isAdmin' DESC 'boolean
+ to verify if entry is admin for entry' EQUALITY booleanMatch SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.24331.22.1.9 NAME 'postfixTransport' DESC
+ 'transport for Postfix' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.11
+ 5.121.1.26{20} SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.24331.22.1.10 NAME 'domain' DESC 'Postfix
+ domain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA
+ X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.24331.22.1.11 NAME 'quota' DESC 'Courier
+ maildir quota' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.24331.22.1.16 NAME 'vacationActive' DESC
+ 'A flag, for marking the user as being away' EQUALITY booleanMatch SYNTAX 1.3
+ .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.24331.22.1.17 NAME 'vacationInfo' DESC 'A
+ bsentee note to leave behind, while on vacation' EQUALITY octetStringMatch SY
+ NTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.24331.22.1.18 NAME 'vacationStart' DESC '
+ Beginning of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.40 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.24331.22.1.19 NAME 'vacationEnd' DESC 'En
+ d of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+  SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.24331.22.1.20 NAME 'vacationForward' DESC
+  'Where to forward mails to, while on vacation' EQUALITY caseIgnoreIA5Match S
+ UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.24331.22.1.21 NAME 'smbActive' DESC 'bool
+ ean to verify if an Samba account is active' EQUALITY booleanMatch SYNTAX 1.3
+ .6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.24331.22.2.1 NAME 'mailAccount' DESC 'LDAP/
+ Unix mail account or virtual account' SUP top AUXILIARY MUST ( uid $ mailacce
+ ptinggeneralid ) MAY ( accountActive $ authsmtpActive $ quota $ isActive $ co
+ urierActive $ webmailActive $ isAdmin $ vacationActive $ vacationInfo $ vacat
+ ionStart $ vacationEnd $ vacationForward $ maildrop ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.24331.22.2.2 NAME 'mailAlias' DESC 'Mail al
+ iasing/forwarding entry' SUP top STRUCTURAL MUST ( mailacceptinggeneralid $ m
+ aildrop ) MAY ( cn $ isActive ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.24331.22.2.4 NAME 'postfixDomain' DESC 'Pos
+ tfix domain' SUP posixGroup STRUCTURAL MAY ( postfixTransport $ isActive ) )

packmail/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: restart postfix
+  service:
+    name: postfix
+    state: restarted
+
+- name: restart dovecot
+  service:
+    name: dovecot
+    state: restarted

packmail/tasks/apache.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Additional packages are installed
+  apt:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - libapache2-mod-security2
+  - modsecurity-crs
+  - apg
+
+- name: Additional modules are enabled
+  apache2_module:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - ssl
+  - include
+  - negotiation
+  - alias
+

packmail/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+
+- fail:
+    msg: only compatible with Debian >= 9
+  when:
+  - ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('9', '<')
+
+- name: Include ldap role
+  include_role:
+    name: ldap
+
+- name: upload evolix schema
+  copy:
+    src: cn4evolix.ldif
+    dest: /root/cn4evolix.ldif
+    mode: "0640"
+
+- name: inject evolix schema
+  command: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/cn4evolix.ldif
+
+- name: Include postfix role
+  include_role:
+    name: postfix
+
+- name: Include dovecot role
+  include_role:
+    name: dovecot
+
+- name: Include apache role
+  include_role:
+    name: apache
+
+- name: Include PHP role
+  include_role:
+    name: php
+  vars:
+    php_apache_enable: True
+
+- include: apache.yml
+
+- name: Install Evoadmin
+  include_role:
+    name: webapps/evoadmin-mail
+  vars:
+    evoadminmail_enable_vhost: '{{ packmail_enable_evoadmin_vhost }}'
+

webapps/evoadmin-mail/defaults/main.yml

@@ -0,0 +1,23 @@
+---
+general_alert_email: "root@localhost"
+evoadminmail_contact_email: Null
+evoadminmail_bounce_email: "{{ evoadminmail_contact_email }}"
+
+evoadminmail_username: evoadmin-mail
+evoadminmail_home_dir: "/home/{{ evoadminmail_username }}"
+evoadminmail_document_root: "{{ evoadminmail_home_dir }}/www"
+evoadminmail_log_dir: "{{ evoadminmail_home_dir }}/log"
+evoadminmail_scripts_dir: /usr/share/scripts/
+evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
+
+evoadminmail_enable_vhost: True
+
+evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
+evoadminmail_tpl_address:  "{{ ansible_default_ipv4.address }}"
+evoadminmail_tpl_phpmyadmin_url: Null
+evoadminmail_tpl_cgi_suffix: Null
+evoadminmail_tpl_signature: evoadmin
+evoadminmail_tpl_mail_from: root@localhost
+evoadminmail_tpl_mail_bcc: Null
+evoadminmail_tpl_mail_standard: "{{ general_alert_email }}"
+evoadminmail_tpl_mail_urgent: "{{ general_alert_email }}"

webapps/evoadmin-mail/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: reload apache2
+  service:
+    name: apache2
+    state: reloaded

webapps/evoadmin-mail/tasks/config.yml

@@ -0,0 +1,17 @@
+---
+
+- name: "Create /etc/evolinux"
+  file:
+    dest: "/etc/evolinux"
+    recurse: yes
+    state: directory
+
+#- name: Configure web-add config file
+#  template:
+#    src: web-add.conf.j2
+#    dest: /etc/evolinux/web-add.conf
+#
+#- name: Configure web-add template file for mail
+#  template:
+#    src: web-mail.tpl.j2
+#    dest: "{{ evoadminmail_scripts_dir }}/web-mail.tpl"

webapps/evoadmin-mail/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+
+- include: packages.yml
+
+- include: user.yml
+
+- include: config.yml
+
+- include: ssl.yml
+
+- include: web.yml
+
+- name: enable evoadmin-mail link in default site index
+  blockinfile:
+    dest: /var/www/index.html
+    marker: "<!-- {mark} evoadmin-mail section -->"
+    block: |
+      <li><a href="https://{{ evoadminmail_host }}">Interface admin mail (EvoAdmin-mail)</a></li>
+

webapps/evoadmin-mail/tasks/packages.yml

@@ -0,0 +1,16 @@
+---
+
+- include_role:
+    name: apt
+    tasks_from: evolix_public.yml
+
+- meta: flush_handlers
+
+- name: Install PHP packages
+  apt:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - php-pear
+  - php-log
+  - php-crypt-chap

webapps/evoadmin-mail/tasks/remount_usr_rw.yml

@@ -0,0 +1,15 @@
+---
+- name: Get mount options for partitions
+  shell: "mount | grep 'on /usr type'"
+  args:
+    warn: no
+  register: mount
+  changed_when: False
+  failed_when: False
+  when: not ansible_check_mode
+
+- name: Remount /usr if it is a partition and it is not mounted in rw
+  command: "mount -o remount,rw /usr"
+  when: mount.rc == 0 and not mount.stdout_lines.0 | search("rw")
+  args:
+    warn: no

webapps/evoadmin-mail/tasks/ssl.yml

@@ -0,0 +1,24 @@
+---
+
+
+- name: ssl-cert package is installed
+  apt:
+    name: ssl-cert
+    state: present
+
+- name: Create private key and csr for default site ({{ ansible_fqdn }})
+  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
+  args:
+    creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
+
+- name: Adjust rights on private key
+  file:
+    path: /etc/ssl/private/{{ evoadminmail_host }}.key
+    owner: root
+    group: ssl-cert
+    mode: "0640"
+
+- name: Create certificate for default site
+  command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
+  args:
+    creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"

webapps/evoadmin-mail/tasks/user.yml

@@ -0,0 +1,67 @@
+---
+
+- name: Create evoadmin account
+  user:
+    name: "{{ evoadminmail_username }}"
+    comment: "Evoadmin Web Account"
+    home: "{{ evoadminmail_home_dir}}"
+    password: "!"
+
+- name: Create log/ directory
+  file:
+    path: "{{ evoadminmail_home_dir}}/log"
+    state: directory
+    owner: "{{ evoadminmail_username }}"
+    group: "{{ evoadminmail_username }}"
+    mode: "0750"
+
+- name: Create www-evoadminmail group
+  group:
+    name: "www-{{ evoadminmail_username }}"
+    state: present
+
+- name: "Create www-evoadmin (Debian 9 or later)"
+  user:
+    name: "www-{{ evoadminmail_username }}"
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: Install Git
+  apt:
+    name: git
+    state: present
+
+- name: "Clone evoadmin repository (Debian 9 or later)"
+  git:
+    repo: https://forge.evolix.org/evoadmin-mail.git
+    dest: "{{ evoadminmail_document_root}}"
+    version: master
+    update: yes
+  # Warning: Need sudo!
+  become_user: "{{ evoadminmail_username }}"
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- include: remount_usr_rw.yml
+  when: evoadminmail_scripts_dir | search ("/usr")
+
+- name: "Create {{ evoadminmail_scripts_dir }}"
+  file:
+    dest: "{{ evoadminmail_scripts_dir }}"
+    # recurse: yes
+    mode: "0700"
+    state: directory
+
+# we use a shell command to have a "changed" thet really reflects the result.
+- name: Fix permissions
+  shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
+  register: command_result
+  changed_when: "'changed' in command_result.stdout"
+  # failed_when: False
+  with_items:
+  - "{{ evoadminmail_home_dir}}/www"
+
+#- name: Add evoadmin sudoers file
+#  template:
+#    src: sudoers.j2
+#    dest: /etc/sudoers.d/evoadmin
+#    mode: "0600"
+#    validate: "visudo -cf %s"

webapps/evoadmin-mail/tasks/web.yml

@@ -0,0 +1,39 @@
+---
+
+- name: "Set custom values for PHP config (Debian 9 or later)"
+  ini_file:
+    dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
+    section: PHP
+    option: "disable_functions"
+    value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
+  notify: reload apache2
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: Install evoadminmail VHost
+  template:
+    src: evoadminmail.conf.j2
+    dest: /etc/apache2/sites-available/evoadminmail.conf
+  notify: reload apache2
+
+- name: Enable evoadminmail vhost
+  command: "a2ensite evoadminmail.conf"
+  register: cmd_a2ensite
+  changed_when: "'Enabling site' in cmd_a2ensite.stdout"
+  notify: reload apache2
+  when: evoadminmail_enable_vhost
+
+- name: Disable evoadminmail vhost
+  command: "a2dissite evoadminmail.conf"
+  register: cmd_a2dissite
+  changed_when: "'Disabling site' in cmd_a2dissite.stdout"
+  notify: reload apache2
+  when: not evoadminmail_enable_vhost
+
+#- name: Copy config file for evoadmin
+#  template:
+#    src: config.local.php.j2
+#    dest: "{{ evoadminmail_document_root}}/conf/config.local.php"
+#    mode: "0644"
+#    owner: evoadmin
+#    group: evoadmin
+#    force: no

webapps/evoadmin-mail/templates/config.local.php.j2

@@ -0,0 +1,8 @@
+<?php
+
+$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
+$localconf['debug'] = FALSE;
+// Add local users that should be superadmin
+$localconf['superadmin'] = array();
+$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
+$localconf['cluster'] = FALSE;

webapps/evoadmin-mail/templates/evoadminmail.conf.j2

@@ -0,0 +1,58 @@
+<VirtualHost *:80>
+    ServerName {{ evoadminmail_host }}
+    Redirect permanent / https://{{ evoadminmail_host }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+
+    # FQDN principal
+    ServerName {{ evoadminmail_host }}
+    #ServerAlias {{ evoadminmail_host }}
+
+    # Repertoire principal
+    DocumentRoot {{ evoadminmail_document_root }}/evoadmin/htdocs/
+
+    # SSL
+    SSLEngine on
+    SSLCertificateFile    /etc/ssl/certs/{{ evoadminmail_host }}.crt
+    SSLCertificateKeyFile /etc/ssl/private/{{ evoadminmail_host }}.key
+    SSLProtocol all -SSLv2 -SSLv3
+
+    # Propriete du repertoire
+    <Directory {{ evoadminmail_document_root }}/htdocs/>
+        #Options Indexes SymLinksIfOwnerMatch
+        Options SymLinksIfOwnerMatch
+        AllowOverride AuthConfig Limit FileInfo
+        Require all granted
+    </Directory>
+
+    # user - group (thanks to sesse@debian.org)
+    AssignUserID www-{{ evoadminmail_username }} {{ evoadminmail_username }}
+
+    # LOG
+    CustomLog /var/log/apache2/access.log combined
+    CustomLog {{ evoadminmail_log_dir }}/access.log combined
+    ErrorLog  {{ evoadminmail_log_dir }}/error.log
+
+    # AWSTATS
+    SetEnv AWSTATS_FORCE_CONFIG {{ evoadminmail_username }}
+
+    # REWRITE
+    UseCanonicalName On
+    RewriteEngine On
+    RewriteCond %{HTTP_HOST} !^{{ evoadminmail_host }}$
+    RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
+
+    # PHP
+    #php_admin_flag engine off
+    #AddType text/html .html
+    #php_admin_flag display_errors On
+    #php_flag short_open_tag On
+    #php_flag register_globals On
+    #php_admin_value memory_limit 256M
+    #php_admin_value max_execution_time 60
+    #php_admin_value upload_max_filesize 8M
+    #php_admin_flag allow_url_fopen Off
+    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-{{ evoadminmail_username }}"
+    php_admin_value open_basedir "none"
+</VirtualHost>

webapps/evoadmin-mail/templates/sudoers.j2

@@ -0,0 +1,3 @@
+User_Alias EVOADMIN = www-evoadmin
+Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
+EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB

webapps/evoadmin-mail/templates/web-add.conf.j2

@@ -0,0 +1,2 @@
+CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
+WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"

webapps/evoadmin-mail/templates/web-mail.tpl.j2

@@ -0,0 +1,86 @@
+From: {{ evoadmin_tpl_mail_from }}
+To: RCPTTO
+Bcc: {{ evoadmin_tpl_mail_bcc }}
+Subject: Parametres hebergement web : LOGIN
+
+Bonjour,
+
+Votre compte d'hebergement web a ete cree.
+
+**********************************
+* CONNEXION SFTP/SSH
+**********************************
+
+NOM DU SERVEUR : {{ evoadmin_tpl_servername }}
+USER : LOGIN
+PASSWORD : PASSE1
+
+*****************************************
+* Details sur l'environnement Apache/PHP
+*****************************************
+
+URL du site :
+http://{{ evoadmin_tpl_servername }}
+
+URL des stats :
+http://{{ evoadmin_tpl_servername }}/cgi-RANDOM/awstats.pl
+(acces par IP ou login a demander !)
+
+Repertoire de connexion : HOME_DIR/LOGIN/
+Repertoire pour site web : HOME_DIR/LOGIN/www/
+
+Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
+uniquement *en lecture* aux differents fichiers/repertoires
+(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
+fichiers ce qui est le comportement par defaut).
+
+Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
+fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
+
+***********************************
+* MySQL
+***********************************
+
+SERVEUR : 127.0.0.1
+PORT DU SERVEUR : 3306
+USER : LOGIN
+PASSWORD : PASSE2
+NOM BASE : DBNAME
+URL interface d'admin :
+{{ evoadmin_tpl_phpmyadmin_url }}
+
+***********************************
+* Rappels divers
+***********************************
+
+Votre nom de domaine doit etre configure pour pointer
+sur l'adresse IP {{ evoadmin_tpl_address }} (enregistrement DNS A)
+ou etre un alias de {{ evoadmin_tpl_servername }} (enregistrement DNS CNAME).
+
+Si vous avez besoin de faire des tests, vous devez
+ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
+ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
+{{ evoadmin_tpl_address }} {{ evoadmin_tpl_servername }}
+
+Attention, par defaut, toutes les connexions vers l'exterieur
+sont bloquees. Si vous avez besoin de recuperer des donnees
+a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
+afin de mettre en oeuvre les autorisations necessaires.
+
+Afin de securiser au maximum le serveur, certaines URL
+particulieres sont non autorisees pour eviter diverses
+attaques (XSS, robots, trojans, injections, etc.).
+Exemple d'URL refusee :
+http://{{ evoadmin_tpl_servername }}/cmd32.exe
+En cas de soucis avec votre application, prevenez-nous.
+
+Si vous desirez mettre en place des parametres particuliers
+pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
+etc.), n'hesitez pas a nous contacter a l'adresse
+{{ evoadmin_tpl_mail_standard }} (ou {{ evoadmin_tpl_mail_urgent }} si votre demande est
+urgente).
+
+
+Cordialement,
+--
+{{ evoadmin_tpl_signature }}

webapps/evoadmin-web/tasks/web.yml

@@ -6,7 +6,7 @@
     section: PHP
     option: "disable_functions"
     value: "shell-exec,system,passthru,putenv,popen"
-  notify: reload apache
+  notify: reload apache2
   when: ansible_distribution_release == "jessie"
 
 - name: "Set custom values for PHP config (Debian 9 or later)"
@@ -15,7 +15,7 @@
     section: PHP
     option: "disable_functions"
     value: "shell-exec,system,passthru,putenv,popen"
-  notify: reload apache
+  notify: reload apache2
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
 - name: Install evoadmin VHost