evoadmin-mail: complete refactoring, use Debian Package
Victor LABORIE
5 years ago
parent
f2f595af13
commit
2a6cb3b381
@ -1,30 +1,27 @@
|
||||
---
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Install evoadminmail VHost
|
||||
template:
|
||||
src: apache_evoadminmail.conf.j2
|
||||
dest: /etc/apache2/sites-available/evoadminmail.conf
|
||||
notify: reload apache2
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
- name: Enable evoadminmail vhost
|
||||
command: "a2ensite evoadminmail.conf"
|
||||
register: cmd_a2ensite
|
||||
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||
file:
|
||||
src: "/etc/apache2/sites-available/evoadminmail.conf"
|
||||
dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
|
||||
state: link
|
||||
notify: reload apache2
|
||||
when: evoadminmail_enable_vhost
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
- name: Disable evoadminmail vhost
|
||||
command: "a2dissite evoadminmail.conf"
|
||||
register: cmd_a2dissite
|
||||
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
|
||||
file:
|
||||
dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
|
||||
state: absent
|
||||
notify: reload apache2
|
||||
when: not evoadminmail_enable_vhost
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
---
|
||||
|
||||
- name: "Create /etc/evolinux"
|
||||
file:
|
||||
dest: "/etc/evolinux"
|
||||
recurse: yes
|
||||
state: directory
|
||||
|
||||
#- name: Configure web-add config file
|
||||
# template:
|
||||
# src: web-add.conf.j2
|
||||
# dest: /etc/evolinux/web-add.conf
|
||||
#
|
||||
#- name: Configure web-add template file for mail
|
||||
# template:
|
||||
# src: web-mail.tpl.j2
|
||||
# dest: "{{ evoadminmail_scripts_dir }}/web-mail.tpl"
|
||||
@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
- include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
|
||||
- name: Install PHP packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- php-pear
|
||||
- php-log
|
||||
- php-crypt-chap
|
||||
- php-twig
|
||||
@ -1,24 +1,30 @@
|
||||
---
|
||||
|
||||
|
||||
- name: ssl-cert package is installed
|
||||
apt:
|
||||
name: ssl-cert
|
||||
state: present
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
|
||||
args:
|
||||
creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
- name: Adjust rights on private key
|
||||
file:
|
||||
path: /etc/ssl/private/{{ evoadminmail_host }}.key
|
||||
dest: /etc/ssl/private/{{ evoadminmail_host }}.key
|
||||
owner: root
|
||||
group: ssl-cert
|
||||
mode: "0640"
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
- name: Create certificate for default site
|
||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
|
||||
args:
|
||||
creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"
|
||||
tags:
|
||||
- evoadmin-mail
|
||||
|
||||
@ -1,121 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Create evoadmin account
|
||||
user:
|
||||
name: "{{ evoadminmail_username }}"
|
||||
comment: "Evoadmin Web Account"
|
||||
home: "{{ evoadminmail_home_dir}}"
|
||||
shell: /bin/bash
|
||||
password: "!"
|
||||
|
||||
- name: Create log/ directory
|
||||
file:
|
||||
path: "{{ evoadminmail_home_dir}}/log"
|
||||
state: directory
|
||||
owner: "{{ evoadminmail_username }}"
|
||||
group: "{{ evoadminmail_username }}"
|
||||
mode: "0750"
|
||||
|
||||
- name: Create www-evoadminmail group
|
||||
group:
|
||||
name: "www-{{ evoadminmail_username }}"
|
||||
state: present
|
||||
|
||||
- name: "Create www-evoadmin (Debian 9 or later)"
|
||||
user:
|
||||
name: "www-{{ evoadminmail_username }}"
|
||||
home: "{{ evoadminmail_home_dir}}/www"
|
||||
shell: /bin/bash
|
||||
createhome: no
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Add www-data to app's group
|
||||
user:
|
||||
name: 'www-data'
|
||||
groups: "{{ evoadminmail_username }}"
|
||||
append: yes
|
||||
when: evoadminmail_webserver == "nginx"
|
||||
|
||||
- name: Install Git
|
||||
apt:
|
||||
name: git
|
||||
state: present
|
||||
|
||||
- name: "Clone evoadmin repository (Debian 9 or later)"
|
||||
git:
|
||||
repo: https://forge.evolix.org/evoadmin-mail.git
|
||||
dest: "{{ evoadminmail_document_root}}"
|
||||
version: master
|
||||
update: yes
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: "Change perms on evoadminmail document root"
|
||||
file:
|
||||
dest: "{{ evoadminmail_document_root }}"
|
||||
owner: "www-{{ evoadminmail_username }}"
|
||||
group: "{{ evoadminmail_username }}"
|
||||
recurse: yes
|
||||
|
||||
- name: "Copy connect.php"
|
||||
template:
|
||||
src: connect.php.j2
|
||||
dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php"
|
||||
owner: "www-{{ evoadminmail_username }}"
|
||||
group: "{{ evoadminmail_username }}"
|
||||
when: ldap_admin_password is defined
|
||||
|
||||
- name: "Copy conf.php"
|
||||
template:
|
||||
src: conf.php.j2
|
||||
dest: "{{ evoadminmail_document_root }}/htdocs/config/conf.php"
|
||||
owner: "www-{{ evoadminmail_username }}"
|
||||
group: "{{ evoadminmail_username }}"
|
||||
|
||||
- name: create a password for evoadmin user
|
||||
command: "apg -n 1 -m 16 -M lcN"
|
||||
register: evoadminmail_admin_password
|
||||
changed_when: False
|
||||
|
||||
- name: upload ldif for evoadmin user
|
||||
template:
|
||||
src: evoadmin.ldif.j2
|
||||
dest: /root/evolinux_evoadminmail_admin.ldif
|
||||
mode: "0640"
|
||||
|
||||
- name: inject config
|
||||
command: slapadd -l /root/evolinux_evoadminmail_admin.ldif
|
||||
|
||||
- name: create log file
|
||||
file:
|
||||
dest: /var/log/evoadmin-mail.log
|
||||
state: touch
|
||||
owner: "www-{{ evoadminmail_username }}"
|
||||
group: "adm"
|
||||
mode: "0640"
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
when: evoadminmail_scripts_dir | search ("/usr")
|
||||
|
||||
- name: "Create {{ evoadminmail_scripts_dir }}"
|
||||
file:
|
||||
dest: "{{ evoadminmail_scripts_dir }}"
|
||||
# recurse: yes
|
||||
mode: "0700"
|
||||
state: directory
|
||||
|
||||
# we use a shell command to have a "changed" thet really reflects the result.
|
||||
- name: Fix permissions
|
||||
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
# failed_when: False
|
||||
with_items:
|
||||
- "{{ evoadminmail_home_dir}}/www"
|
||||
|
||||
#- name: Add evoadmin sudoers file
|
||||
# template:
|
||||
# src: sudoers.j2
|
||||
# dest: /etc/sudoers.d/evoadmin
|
||||
# mode: "0600"
|
||||
# validate: "visudo -cf %s"
|
||||
@ -1,56 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Email pour les notifications
|
||||
$conf['admin']['mail'] = '{{ evoadminmail_contact_email or general_alert_email | mandatory }}';
|
||||
// login des superadmins
|
||||
// Note: utile uniquement si domaines/driver=ldap, laisser vide sinon...
|
||||
$conf['admin']['logins'] = array('evoadmin');
|
||||
// What do you want?
|
||||
// 0 = nothing...
|
||||
// 1 = only mail accounts
|
||||
// 2 = only samba accounts
|
||||
// 3 = mail and samba accounts
|
||||
$conf['admin']['what'] = 1;
|
||||
// use hook.php instead of hook-dist.php
|
||||
$conf['admin']['use_hook'] = false;
|
||||
// enable quota
|
||||
$conf['admin']['quota'] = true;
|
||||
|
||||
// compatibilite LDAP
|
||||
$conf['evoadmin']['version'] = 3;
|
||||
$conf['url']['webroot'] = '/';
|
||||
|
||||
$conf['domaines']['onlyone'] = false;
|
||||
$conf['domaines']['driver'] = 'ldap';
|
||||
$conf['domaines']['file']['all'] = array('example.com');
|
||||
$conf['domaines']['file']['gid'] = 1000;
|
||||
// Pack Mail "virtuel"... attention
|
||||
// uniquement possible si $conf['admin']['what']=1 !!
|
||||
$conf['domaines']['ldap']['virtual'] = true;
|
||||
|
||||
// Mode cluster
|
||||
// Uniquement en mode mail seul et des utilisateurs virtuels
|
||||
$conf['evoadmin']['cluster'] = false;
|
||||
|
||||
// auth SMTP by default ?
|
||||
$conf['evoadmin']['useauthsmtp'] = false;
|
||||
|
||||
// Si comptes virtuels
|
||||
$conf['unix']['uid'] = 5000;
|
||||
|
||||
// Si pas virtuel
|
||||
$conf['unix']['minuid'] = 1000;
|
||||
$conf['unix']['mingid'] = 1000;
|
||||
|
||||
$conf['html']['title'] = "Evoadmin Mail";
|
||||
|
||||
// gestion des logs
|
||||
$conf['log']['priority'] = PEAR_LOG_DEBUG;
|
||||
$conf['log']['name'] = '/var/log/evoadmin-mail.log';
|
||||
$conf['log']['software'] = 'evoadminmail';
|
||||
$conf['log']['enabled'] = true;
|
||||
|
||||
// samba
|
||||
$conf['samba']['dn'] = 'DOMAINNAME';
|
||||
$conf['samba']['sid'] = 'S-1-5-21-XXX-XXX-XXX';
|
||||
$conf['samba']['admin_default'] = false;
|
||||
@ -1,28 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Secrete parameters
|
||||
*
|
||||
* $Id: connect-dist.php,v 1.3 2007-05-22 21:12:23 reg Exp $
|
||||
*
|
||||
* @author Gregory Colpart <reg@evolix.fr>
|
||||
* @version 1.0
|
||||
*/
|
||||
|
||||
define("LDAP_URI","ldap://127.0.0.1");
|
||||
$ldap_servers = array('ldap://127.0.0.1');
|
||||
define("LDAP_BASE","{{ ldap_suffix }}");
|
||||
define("LDAP_ADMIN_DN","cn=admin,{{ ldap_suffix }}");
|
||||
define("LDAP_ADMIN_PASS","{{ ldap_admin_password.stdout }}");
|
||||
|
||||
define("SUDOBIN","/usr/bin/sudo");
|
||||
define("SUDOSCRIPT","/usr/share/scripts/evoadmin.sh");
|
||||
define("SUDOPASS","xxxxxx");
|
||||
|
||||
define('SERVEUR','localhost');
|
||||
define('SERVEURPORT',3306);
|
||||
define('BASE','horde');
|
||||
define('NOM', 'horde');
|
||||
define('PASSE', 'xxxx');
|
||||
|
||||
?>
|
||||
@ -1,12 +0,0 @@
|
||||
dn: uid=evoadmin,{{ ldap_suffix }}
|
||||
uid: evoadmin
|
||||
cn: Evoadmin ADM
|
||||
uidNumber: 4242
|
||||
gidNumber: 4242
|
||||
homeDirectory: /dev/null
|
||||
isAdmin: TRUE
|
||||
mailacceptinggeneralid: evoadmin@{{ ansible_fqdn }}
|
||||
objectClass: mailAccount
|
||||
objectClass: organizationalRole
|
||||
objectClass: posixAccount
|
||||
userPassword: {{ evoadminmail_admin_password.stdout }}
|
||||
@ -1,3 +0,0 @@
|
||||
User_Alias EVOADMIN = www-evoadmin
|
||||
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
|
||||
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
|
||||
@ -1,2 +0,0 @@
|
||||
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
|
||||
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
|
||||
@ -1,86 +0,0 @@
|
||||
From: {{ evoadmin_tpl_mail_from }}
|
||||
To: RCPTTO
|
||||
Bcc: {{ evoadmin_tpl_mail_bcc }}
|
||||
Subject: Parametres hebergement web : LOGIN
|
||||
|
||||
Bonjour,
|
||||
|
||||
Votre compte d'hebergement web a ete cree.
|
||||
|
||||
**********************************
|
||||
* CONNEXION SFTP/SSH
|
||||
**********************************
|
||||
|
||||
NOM DU SERVEUR : {{ evoadmin_tpl_servername }}
|
||||
USER : LOGIN
|
||||
PASSWORD : PASSE1
|
||||
|
||||
*****************************************
|
||||
* Details sur l'environnement Apache/PHP
|
||||
*****************************************
|
||||
|
||||
URL du site :
|
||||
http://{{ evoadmin_tpl_servername }}
|
||||
|
||||
URL des stats :
|
||||
http://{{ evoadmin_tpl_servername }}/cgi-RANDOM/awstats.pl
|
||||
(acces par IP ou login a demander !)
|
||||
|
||||
Repertoire de connexion : HOME_DIR/LOGIN/
|
||||
Repertoire pour site web : HOME_DIR/LOGIN/www/
|
||||
|
||||
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
|
||||
uniquement *en lecture* aux differents fichiers/repertoires
|
||||
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
|
||||
fichiers ce qui est le comportement par defaut).
|
||||
|
||||
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
|
||||
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
|
||||
|
||||
***********************************
|
||||
* MySQL
|
||||
***********************************
|
||||
|
||||
SERVEUR : 127.0.0.1
|
||||
PORT DU SERVEUR : 3306
|
||||
USER : LOGIN
|
||||
PASSWORD : PASSE2
|
||||
NOM BASE : DBNAME
|
||||
URL interface d'admin :
|
||||
{{ evoadmin_tpl_phpmyadmin_url }}
|
||||
|
||||
***********************************
|
||||
* Rappels divers
|
||||
***********************************
|
||||
|
||||
Votre nom de domaine doit etre configure pour pointer
|
||||
sur l'adresse IP {{ evoadmin_tpl_address }} (enregistrement DNS A)
|
||||
ou etre un alias de {{ evoadmin_tpl_servername }} (enregistrement DNS CNAME).
|
||||
|
||||
Si vous avez besoin de faire des tests, vous devez
|
||||
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
|
||||
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
|
||||
{{ evoadmin_tpl_address }} {{ evoadmin_tpl_servername }}
|
||||
|
||||
Attention, par defaut, toutes les connexions vers l'exterieur
|
||||
sont bloquees. Si vous avez besoin de recuperer des donnees
|
||||
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
|
||||
afin de mettre en oeuvre les autorisations necessaires.
|
||||
|
||||
Afin de securiser au maximum le serveur, certaines URL
|
||||
particulieres sont non autorisees pour eviter diverses
|
||||
attaques (XSS, robots, trojans, injections, etc.).
|
||||
Exemple d'URL refusee :
|
||||
http://{{ evoadmin_tpl_servername }}/cmd32.exe
|
||||
En cas de soucis avec votre application, prevenez-nous.
|
||||
|
||||
Si vous desirez mettre en place des parametres particuliers
|
||||
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
|
||||
etc.), n'hesitez pas a nous contacter a l'adresse
|
||||
{{ evoadmin_tpl_mail_standard }} (ou {{ evoadmin_tpl_mail_urgent }} si votre demande est
|
||||
urgente).
|
||||
|
||||
|
||||
Cordialement,
|
||||
--
|
||||
{{ evoadmin_tpl_signature }}
|
||||
Loading…
Reference in New Issue