Merge branch 'unstable' into stable

This commit is contained in:
Jérémy Lecour 2019-01-17 18:13:16 +01:00 committed by Jérémy Lecour
commit b883d63cc5
49 changed files with 360 additions and 462 deletions

View File

@ -18,6 +18,36 @@ The **patch** part changes incrementally at each release.
### Security
## [9.7.0] - 2019-01-17
### Added
* apache: add Munin configuration for Apache server-status URL
* evomaintenance: database variables must be set or the task fails
* fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml
* metricbeat: add a variable for the protocol to use with Elasticsearch
* rbenv: add pkg-config to the list of packages to install
* redis: Configure munin when working in instance mode
* redis: add a variable for renamed/disabled commands
* redis: add a variable to disable the restart handler
* redis: add a variable to force a restart (even with no change)
### Changed
* redis: distinction between main and master password
* evocheck: update evocheck.sh for source install
* php: added php-zip in the installed package list for debian 9 (and later)
* squid: added packagist.org in the whitelist
* java: update Oracle java package to 8u192
### Fixed
* fail2ban: fix "ignoreip" update
* metricbeat: fix username/password replacement
* nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
* nginx: Munin url config is now a template to insert the server-status prefix
* nodejs: Update yarn repo GPG key (current key expired)
* redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
* redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
## [9.6.0] - 2018-12-04
### Added
@ -29,6 +59,7 @@ The **patch** part changes incrementally at each release.
### Changed
* minifirewall: compare config before/after (for restart condition)
* squid: better replacement in minifirewall config
* evoadmin-mail: complete refactoring, use Debian Package
## [9.5.0] - 2018-11-14

View File

@ -39,3 +39,17 @@
dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}"
- name: Munin configuration has a section for apache
lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]"
create: no
- name: apache-status URL is configured for Munin
lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "env.url http://127.0.0.1/server-status-{{ apache_serverstatus_suffix }}?auto"
regexp: "env.url http://127.0.0.1/server-status"
insertafter: "[apache_*]"
create: no

View File

@ -4,8 +4,8 @@
# Script to verify compliance of a Debian/OpenBSD server
# powered by Evolix
# Repository: https://gitlab.evolix.org/evolix/evocheck
# Commit: 956877442a3f43243fed89c491d9bdddd1ac77cd
# Repository: https://gitea.evolix.org/evolix/evocheck
# Commit: e6e0b8c216ed28a2ee2229e5e122ff1d49701ffc
# Disable LANG*
export LANG=C
@ -525,19 +525,17 @@ if [ -e /etc/debian_version ]; then
# Check if no package has been upgraded since $limit.
if [ "$IS_NOTUPGRADED" = 1 ]; then
if zgrep -hq upgrade /var/log/dpkg.log*; then
last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
fi
if grep -q '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
|| grep -q -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
last_upgrade=$(date +%s -d $(zgrep -h upgrade /var/log/dpkg.log* |sort -n |tail -1 |cut -f1 -d ' '))
if grep -sq '^mailto="listupgrade-todo@' /etc/evolinux/listupgrade.cnf \
|| grep -sq -E '^[[:digit:]]+[[:space:]]+[[:digit:]]+[[:space:]]+[^\*]' /etc/cron.d/listupgrade; then
# Manual upgrade process
limit=$(date +%s -d "now - 180 days")
else
# Regular process
limit=$(date +%s -d "now - 90 days")
fi
if [ -d /var/log/installer ]; then
install_date=$(stat -c %Z /var/log/installer)
if [ -f /var/log/evolinux/00_prepare_system.log ]; then
install_date=$(stat -c %Z /var/log/evolinux/00_prepare_system.log)
else
install_date=0
fi
@ -591,8 +589,8 @@ if [ -e /etc/debian_version ]; then
if [ "$IS_BACKPORTSCONF" = 1 ]; then
if is_debianversion stretch; then
grep -q backports /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
grep -q backports /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -q backports /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
grep -qE "^[^#].*backports" /etc/apt/sources.list && echo 'IS_BACKPORTSCONF FAILED!'
grep -qE "^[^#].*backports" /etc/apt/sources.list.d/*.list 2>/dev/null && (grep -qE "^[^#].*backports" /etc/apt/preferences.d/* || echo 'IS_BACKPORTSCONF FAILED!')
fi
fi
@ -988,9 +986,10 @@ fi
if [ "$IS_PRIVKEYWOLRDREADABLE" = 1 ]; then
for f in /etc/ssl/private/*; do
perms=$(stat -c "%a" $f)
perms=$(stat -L -c "%a" $f)
if [ ${perms: -1} != "0" ]; then
echo 'IS_PRIVKEYWOLRDREADABLE FAILED!'
break
fi
done
fi

View File

@ -101,7 +101,7 @@
line: 'SENDMAILTO="{{ logcheck_alert_email or general_alert_email | mandatory }}"'
when: evolinux_packages_logcheck_recipient
- name: Deleting rpcbin and nfs-common
- name: Deleting rpcbind and nfs-common
apt:
name: "{{ item }}"
state: absent

View File

@ -16,12 +16,12 @@
- name: "Security directives for Evolinux (Debian 10 or later)"
blockinfile:
dest: /etc/ssh/sshd_config
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS"
block: |
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
PasswordAuthentication yes
Match Group evolix
PasswordAuthentication no
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS"
insertafter: EOF
validate: '/usr/sbin/sshd -T -f %s'
notify: reload sshd
@ -32,10 +32,10 @@
- name: Security directives for Evolinux (Jessie/Stretch)
blockinfile:
dest: /etc/ssh/sshd_config
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
block: |
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
PasswordAuthentication yes
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
insertafter: EOF
validate: '/usr/sbin/sshd -T -f %s'
notify: reload sshd

View File

@ -3,6 +3,14 @@
- set_fact:
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
- assert:
that:
- evomaintenance_pg_passwd is not none
- evomaintenance_pg_db is not none
- evomaintenance_pg_table is not none
- evomaintenance_pg_host is not none
msg: evomaintenance database variables must be set
- include: install_package_debian.yml
when:
- not evomaintenance_install_vendor

View File

@ -1,11 +1,11 @@
HOSTNAME={{ evomaintenance_hostname }}
EVOMAINTMAIL={{ evomaintenance_alert_email or general_alert_email | mandatory }}
export PGPASSWORD={{ evomaintenance_pg_passwd | mandatory }}
export PGPASSWORD={{ evomaintenance_pg_passwd }}
PGDB={{ evomaintenance_pg_db | mandatory }}
PGTABLE={{ evomaintenance_pg_table | mandatory }}
PGHOST={{ evomaintenance_pg_host | mandatory }}
PGDB={{ evomaintenance_pg_db }}
PGTABLE={{ evomaintenance_pg_table }}
PGHOST={{ evomaintenance_pg_host }}
FROM={{ evomaintenance_from }}
FULLFROM="{{ evomaintenance_full_from }}"
URGENCYFROM={{ evomaintenance_urgency_from }}

View File

@ -1,10 +1,15 @@
---
- set_fact:
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
- name: Update ignoreips lists
ini_file:
dest: /etc/fail2ban/jail.local
section: "[DEFAULT]"
option: "ignoreips"
section: "DEFAULT"
option: "ignoreip"
value: "{{ fail2ban_ignore_ips | join(' ') }}"
notify: restart fail2ban
tags:
- fail2ban
- ips

View File

@ -13,10 +13,12 @@
- "/etc/fail2ban"
- "/etc/fail2ban/filter.d"
tags:
- fail2ban
- fail2ban
- set_fact:
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
tags:
- fail2ban
- name: local jail is installed
template:
@ -26,7 +28,7 @@
force: no
notify: restart fail2ban
tags:
- fail2ban
- fail2ban
- name: Include ignoredips update task
include: ip_whitelist.yml

View File

@ -23,19 +23,19 @@
- name: Get Oracle jre archive
get_url:
url: 'http://download.oracle.com/otn-pub/java/jdk/8u172-b11/a58eab1ec242421181065cdc37240b08/jre-8u172-linux-x64.tar.gz'
url: 'https://download.oracle.com/otn-pub/java/jdk/8u192-b12/750e1c8617c5452694857ad95c3ee230/server-jre-8u192-linux-x64.tar.gz'
dest: '/srv/java-package/src/'
checksum: 'sha256:f08f25aec2bdc86138ccba8fd5b904451e3afa1d24a88c85f28c2d84bfd45bad'
checksum: 'sha256:3d811a5ec65dc6fc261f488757bae86ecfe285a79992363b016f60cdb4dbe7e6'
headers: 'Cookie: oraclelicense=accept-securebackup-cookie'
mode: "0644"
tags:
- java
- name: Make Debian package from Oracle JDK archive
shell: "yes | TMPDIR=/srv/java-package/tmp make-jpkg /srv/java-package/src/jre-8u172-linux-x64.tar.gz"
shell: "yes | TMPDIR=/srv/java-package/tmp make-jpkg /srv/java-package/src/server-jre-8u192-linux-x64.tar.gz"
args:
chdir: /srv/java-package
creates: /srv/java-package/oracle-java8-jre_8u172_amd64.deb
creates: /srv/java-package/oracle-java8-server-jre_8u192_amd64.deb
become: False
tags:
- java
@ -45,14 +45,14 @@
- name: Install java package
apt:
deb: /srv/java-package/oracle-java8-jre_8u172_amd64.deb
deb: /srv/java-package/oracle-java8-server-jre_8u192_amd64.deb
tags:
- java
- name: This openjdk version is the default alternative
alternatives:
name: java
path: "/usr/lib/jvm/jre-{{ java_version }}-oracle-x64/bin/java"
path: "/usr/lib/jvm/oracle-java{{ java_version }}-server-jre-amd64/bin/java"
when: java_default_alternative
tags:
- java

View File

@ -1,6 +1,7 @@
---
elastic_stack_version: "6.x"
metricbeat_elasticsearch_protocol: ""
metricbeat_elasticsearch_hosts:
- "localhost:9200"
metricbeat_elasticsearch_auth_username: ""

View File

@ -50,6 +50,15 @@
when:
- metricbeat_elasticsearch_hosts
- name: Metricbeat protocol for Elasticsearch
lineinfile:
dest: /etc/metricbeat/metricbeat.yml
regexp: '^ #?protocol: .*'
line: " protocol: \"{{ metricbeat_elasticsearch_protocol }}\""
insertafter: "output.elasticsearch:"
notify: restart metricbeat
when: metricbeat_elasticsearch_protocol == "http" or metricbeat_elasticsearch_protocol == "https"
- name: Metricbeat auth/username for Elasticsearch are configured
lineinfile:
dest: /etc/metricbeat/metricbeat.yml
@ -57,8 +66,8 @@
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
- { regexp: '^ #username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
- { regexp: '^ #?username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
notify: restart metricbeat
when:
- metricbeat_elasticsearch_auth_username != ""

View File

@ -26,9 +26,9 @@
- name: Begin marker for IP addresses
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
insertbefore: '^# Main interface'
create: no
- name: End marker for IP addresses
lineinfile:
@ -47,7 +47,6 @@
- name: Configure IP addresses
blockinfile:
dest: "{{ minifirewall_main_file }}"
create: no
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR IPS"
content: |
# Main interface
@ -66,26 +65,26 @@
# Privilegied IPv4 addresses for semi-public services
# (no need to add again TRUSTEDIPS)
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
create: no
register: minifirewall_config_ips
- name: Begin marker for ports
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
insertbefore: '^# Protected services'
create: no
- name: End marker for ports
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
insertafter: '^SERVICESUDP3='
create: no
- name: Configure ports
blockinfile:
dest: "{{ minifirewall_main_file }}"
create: no
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR PORTS"
content: |
# Protected services
@ -104,70 +103,71 @@
# Private services (IPv4)
SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
create: no
register: minifirewall_config_ports
- name: Configure DNSSERVEURS
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
regexp: "DNSSERVEURS='.*'"
create: no
when: minifirewall_dns_servers is not none
- name: Configure HTTPSITES
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
regexp: "HTTPSITES='.*'"
create: no
when: minifirewall_http_sites is not none
- name: Configure HTTPSSITES
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
regexp: "HTTPSSITES='.*'"
create: no
when: minifirewall_https_sites is not none
- name: Configure FTPSITES
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
regexp: "FTPSITES='.*'"
create: no
when: minifirewall_ftp_sites is not none
- name: Configure SSHOK
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
regexp: "SSHOK='.*'"
create: no
when: minifirewall_ssh_ok is not none
- name: Configure SMTPOK
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
regexp: "SMTPOK='.*'"
create: no
when: minifirewall_smtp_ok is not none
- name: Configure SMTPSECUREOK
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
regexp: "SMTPSECUREOK='.*'"
create: no
when: minifirewall_smtp_secure_ok is not none
- name: Configure NTPOK
lineinfile:
dest: "{{ minifirewall_main_file }}"
create: no
line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
regexp: "NTPOK='.*'"
create: no
when: minifirewall_ntp_ok is not none
- name: evomaintenance

View File

@ -77,6 +77,7 @@
- name: adjustments for grsec kernel
blockinfile:
dest: /etc/munin/plugin-conf.d/munin-node
marker: "# {mark} ANSIBLE MANAGED GRSECURITY CUSTOMIZATIONS"
block: |
[processes]

View File

@ -5,3 +5,5 @@ for proc in cron rsyslogd ntpd munin-node; do
sudo /usr/lib/nagios//plugins/check_procs -C $proc -c 1:
rc=$(($rc|$?))
done
exit $rc

View File

@ -1,2 +0,0 @@
[nginx_*]
env.url http://munin/nginx_status

View File

@ -1,7 +1,7 @@
---
- name: Copy Munin config for Nginx
copy:
template:
src: munin/evolinux.nginx
dest: /etc/munin/plugin-conf.d/
mode: "0644"

View File

@ -0,0 +1,2 @@
[nginx_*]
env.url http://munin/nginx_status-{{ nginx_serverstatus_suffix }}

View File

@ -147,6 +147,40 @@ r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
jeDghj400U6pjSUW3bIC/PI=
=gZNT
jeDghj400U6pjSUW3bIC/PK5Ag0EXCxEEQEQAKVjsdljwPDGO+48879LDa1d7GEu
/Jm9HRK6INCQiSiS/0mHkeKa6t4DRgCY2ID9lFiegx2Er+sIgL0chs16XJrFO21u
kw+bkBdm2HYUKSsUFmr/bms8DkmAM699vRYVUAzO9eXG/g8lVrAzlb3RT7eGHYKd
15DT5KxXDQB+T+mWE9qD5RJwEyPjSU+4WjYF+Rr9gbSuAt5UySUb9jTR5HRNj9wt
b4YutfP9jbfqy8esQVG9R/hpWKb2laxvn8Qc2Xj93qNIkBt/SILfx9WDJl0wNUmu
+zUwpiC2wrLFTgNOpq7g9wRPtg5mi8MXExWwSF2DlD54yxOOAvdVACJFBXEcstQ3
SWg8gxljG8eLMpDjwoIBax3DZwiYZjkjJPeydSulh8vKoFBCQkf2PcImXdOk2HqO
V1L7FROM6fKydeSLJbx17SNjVdQnq1OsyqSO0catAFNptMHBsN+tiCI29gpGegao
umV9cnND69aYvyPBgvdtmzPChjSmc6rzW1yXCJDm2qzwm/BcwJNXW5B3EUPxc0qS
Wste9fUna0G4l/WMuaIzVkuTgXf1/r9HeQbjtxAztxH0d0VgdHAWPDkUYmztcZ4s
d0PWkVa18qSrOvyhI96gCzdvMRLX17m1kPvP5PlPulvqizjDs8BScqeSzGgSbbQV
m5Tx4w2uF4/n3FBnABEBAAGJBEQEGAECAA8FAlwsRBECGwIFCQIKEgACKQkQFkaw
G4blAxDBXSAEGQECAAYFAlwsRBEACgkQI+cWZ4i2Ph6B0g//cPis3v2M6XvAbVoM
3GIMXnsVj1WAHuwA/ja7UfZJ9+kV/PiMLkAbW0fBj0/y0O3Ry12VVQGXhC+Vo4j6
C8qwFP4OXa6EsxHXuvWMIztBaX1Kav613aXBtxp6tTrud0FFUh4sDc1RREb3tMr6
y5cvFJgnrdWcX1gsl6ODcgWBGNc6ZX7H7j48hMR6KmNeZocW7p8W+BgDQJqXYwVN
L15qOHzVAh0dWsFLE9gwBTmDCY03x9arxSNDGCXyxt6E77LbNVIoSRlEbkvi6j33
nEbuERICYl6CltXQCyiVKjheJcLMjbgv5+bLCv2zfeJ/WyOmOGKpHRu+lBV1Gvli
RxUblVlmjWPhYPBZXGyjII16Tqr+ilREcZFW+STccbrVct75JWLbxwlEmix+W1Hw
SRCR+KHx3Cur4ZPMOBlPsFilOOsNa7ROUB56t7zv21Ef3BeeaCd9c4kzNGN8d1ic
EqSXoWWPqgST0LZPtZyqWZVnWrHChVHfrioxhSnw8O3wY1A2GSahiCSvvjvOeEoJ
yU21ZMw6AVyHCh6v42oYadBfGgFwNo5OCMhNxNy/CcUrBSDqyLVTM5QlNsT75Ys7
kHHnc+Jk+xx4JpiyNCz5LzcPhlwpqnJQcjJdY1hDhK75Ormj/NfCMeZ8g1aVPX4x
Eq8AMyZYhZ5/lmM+13Rdv8ZW6FK7HQ/+IAKzntxOjw0MzCXkksKdmIOZ2bLeOVI8
aSLaUmoT5CLuoia9g7iFHlYrSY+01riRrAaPtYx0x8onfyVxL9dlW/Fv5+qc1fF5
FxdhyIgdqgzm82TnXHu/haUxYmUvNrbsmmNl5UTTOf+YQHMccKFdYfZ2rCBtbN2n
iXG1tuz2+k83pozu4mJ1rOOLNAsQoY3yR6OODte1FyOgp7blwDhTIoQb8/UiJ7CM
BI3OPrfoXFAnhYoxeRSAN4UFu9/HIkqfaQgRPCZS1gNerWF6r6yz9AZWUZqjSJss
jBqXCtK9bGbTYBZk+pw3H9Nd0RJ2WJ9qPqmlmUr1wdqct0ChsJx1xAT86QrssicJ
/HFFmF45hlnGkHUBWLaVJt8YkLb/DqOIbVbwyCLQtJ80VQLEeupfmu5QNsTpntRY
NKf8cr00uc8vSYXYFRxa5H5oRT1eoFEEjDDvokNnHXfT+Hya44IjYpzaqvAgeDp6
sYlOdtWIv/V3s+trxACwTkRN7zw3lLTbT8PK9szK0fYZ5KHG1/AKH+mbZ6qNc/25
PNbAFRtttLGuEIC3HJ12IAp2JdjioeD2OnWLu4ZeCT2CKKFsleZPrSyCrn3gyZPm
fYvv5h2JbQNO6uweOrZENWX5SU43OBoplbuKJZsMP6p6NahuGnIeJLlv509JYAf/
HN4ARyvvOpM=
=SQ7t
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -3,7 +3,7 @@
- fail:
msg: only compatible with Debian >= 8
when:
- ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('8', '<')
- ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('8', '<')
- name: install info.php
copy:
@ -23,9 +23,9 @@
state: "{{ item.state }}"
mode: "{{ item.mode }}"
with_items:
- { path: log, mode: "0750", state: directory }
- { path: awstats, mode: "0750", state: directory }
- { path: www, mode: "0750", state: directory }
- { path: log, mode: "0750", state: directory }
- { path: awstats, mode: "0750", state: directory }
- { path: www, mode: "0750", state: directory }
- name: Apache log file (templates) are present
command: "touch /etc/skel/log/{{ item }}"

View File

@ -28,6 +28,7 @@
- php-gettext
- php-curl
- php-ssh2
- php-zip
- composer
- libphp-phpmailer

View File

@ -14,6 +14,7 @@
- libxml2-dev
- libxslt1-dev
- zlib1g-dev
- pkg-config
tags:
- rbenv
- packages
@ -78,10 +79,10 @@
- name: "Rbenv is initialized in profile for {{ username }}"
blockinfile:
dest: '~{{ username }}/.profile'
marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
block: |
export PATH="{{ rbenv_root }}/bin:$PATH"
eval "$(rbenv init -)"
marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
become_user: "{{ username }}"
become: yes
tags:

View File

@ -8,7 +8,10 @@ redis_unixsocket: '/var/run/redis/redis.sock'
redis_pidfile: "/var/run/redis/{{ redis_daemon }}.pid"
redis_timeout: 300
# for client authorization
redis_password: NULL
# for slave authorization on master
redis_password_master: "{{ redis_password }}"
redis_loglevel: "notice"
redis_logfile: /var/log/redis/redis-server.log
@ -37,3 +40,8 @@ redis_protected_mode: "yes"
# Add extra include files for local configuration/overrides.
redis_includes: []
redis_restart_if_needed: True
redis_restart_force: False
redis_disabled_commands: []

View File

@ -4,6 +4,11 @@
name: "{{ redis_daemon }}"
state: restarted
- name: restart redis (noop)
meta: noop
failed_when: False
changed_when: False
- name: restart munin-node
service:
name: munin-node

View File

@ -52,6 +52,17 @@
tags:
- redis
- name: Ensure redis base folders will be accessible for all instances
file:
dest: "{{ item }}"
state: directory
mode: "0755"
owner: "redis"
group: "redis"
with_items:
- "/var/lib/redis"
- "/var/log/redis"
- name: Instances directories are present
file:
dest: "{{ item }}"
@ -60,9 +71,7 @@
owner: "redis-{{ redis_instance_name }}"
group: "redis-{{ redis_instance_name }}"
with_items:
- "/var/lib/redis"
- "{{ redis_dbdir }}"
- "/var/log/redis"
- "{{ redis_logfile | dirname }}"
tags:
- redis

View File

@ -1,4 +1,8 @@
---
- set_fact:
redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
- name: Redis is installed.
apt:
name: "{{ item }}"
@ -32,7 +36,7 @@
src: redis.conf.j2
dest: "{{ redis_conf_path }}"
mode: "0644"
notify: restart redis
notify: "{{ redis_restart_handler_name }}"
when: redis_instance_name is not defined
tags:
- redis
@ -55,7 +59,19 @@
- munin
- include: munin.yml
when: _munin_installed.stat.exists and _munin_installed.stat.isdir
when:
- _munin_installed.stat.exists
- _munin_installed.stat.isdir
- redis_instance_name is not defined
tags:
- redis
- munin
- include: munin-instances.yml
when:
- _munin_installed.stat.exists
- _munin_installed.stat.isdir
- redis_instance_name is defined
tags:
- redis
- munin
@ -74,3 +90,8 @@
tags:
- redis
- nrpe
- name: Force restart redis
command: /bin/true
notify: restart redis
when: redis_restart_force

View File

@ -0,0 +1,61 @@
---
- name: Install munin check dependencies
apt:
name: libswitch-perl
state: present
tags:
- redis
- include_role:
name: remount-usr
tags:
- redis
- name: Create plugin directory
file:
name: /usr/local/share/munin/
state: directory
mode: "0755"
tags:
- redis
- name: Create plugin directory
file:
name: /usr/local/share/munin/plugins/
state: directory
mode: "0755"
tags:
- redis
- name: Copy redis munin plugin
copy:
src: munin_redis
dest: /usr/local/share/munin/plugins/redis_
mode: "0755"
notify: restart munin-node
tags:
- redis
- name: Enable redis munin plugin
file:
src: /usr/local/share/munin/plugins/redis_
dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}"
state: link
with_items:
- connected_clients
- key_ratio
- keys_per_sec
- per_sec
- used_keys
- used_memory
notify: restart munin-node
tags:
- redis
- name: Configure redis plugin for munin
template:
src: templates/munin-plugin-instances.conf.j2
dest: '/etc/munin/plugin-conf.d/evolinux.redis_{{ redis_instance_name }}'
mode: 0740
notify: restart munin-node
tags: redis

View File

@ -12,6 +12,18 @@
dest: /etc/nagios/nrpe.d/evolix.cfg
regexp: '^command\[check_redis\]=.+'
replace: 'command[check_redis]=/usr/lib/nagios/plugins/check_redis -H 127.0.0.1'
when: redis_instance_name is undefined
notify: restart nagios-nrpe-server
tags:
- redis
- nrpe
- name: Replace check_tcp or check_redis by check_redis_instances for NRPE
replace:
dest: /etc/nagios/nrpe.d/evolix.cfg
regexp: '^command\[check_redis\]=.+'
replace: 'command[check_redis]=/usr/local/lib/nagios/plugins/check_redis_instances'
when: redis_instance_name is defined
notify: restart nagios-nrpe-server
tags:
- redis

View File

@ -0,0 +1,8 @@
# Ansible managed
[{{ redis_instance_name }}_redis_*]
env.title_prefix Instance {{ redis_instance_name }}
env.port {{ redis_port }}
{% if redis_password %}
env.password {{ redis_password }}
{% endif %}

View File

@ -9,7 +9,9 @@ unixsocket {{ redis_unixsocket }}
{% if redis_password %}
requirepass {{ redis_password }}
masterauth {{ redis_password }}
{% endif %}
{% if redis_password_master %}
masterauth {{ redis_password_master }}
{% endif %}
timeout {{ redis_timeout }}
@ -49,6 +51,10 @@ appendonly {{ redis_appendonly }}
appendfsync {{ redis_appendfsync }}
no-appendfsync-on-rewrite no
{% for disabled_command in redis_disabled_commands %}
rename-command {{ disabled_command }} ""
{% endfor %}
{% for include in redis_includes %}
include {{ include }}
{% endfor %}

View File

@ -105,6 +105,7 @@
^www\.phpbb\.com$
^www\.typolight\.org$
^www\.spip\.net$
^packagist\.org$
### Feeds / API / WS Tools / ...

View File

@ -3,22 +3,7 @@ general_alert_email: "root@localhost"
evoadminmail_contact_email: Null
evoadminmail_bounce_email: "{{ evoadminmail_contact_email }}"
evoadminmail_username: evoadmin-mail
evoadminmail_home_dir: "/home/{{ evoadminmail_username }}"
evoadminmail_document_root: "{{ evoadminmail_home_dir }}/www"
evoadminmail_log_dir: "{{ evoadminmail_home_dir }}/log"
evoadminmail_scripts_dir: /usr/share/scripts/
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
evoadminmail_enable_vhost: True
evoadminmail_webserver: apache
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
evoadminmail_tpl_phpmyadmin_url: Null
evoadminmail_tpl_cgi_suffix: Null
evoadminmail_tpl_signature: evoadmin
evoadminmail_tpl_mail_from: root@localhost
evoadminmail_tpl_mail_bcc: Null
evoadminmail_tpl_mail_standard: "{{ general_alert_email }}"
evoadminmail_tpl_mail_urgent: "{{ general_alert_email }}"

View File

@ -1,6 +1,6 @@
[evoadmin-mail]
user = www-evoadmin-mail
user = evoadmin-mail
group = evoadmin-mail
listen = /run/php/php7.0-evoadmin-mail-fpm.sock
@ -12,3 +12,4 @@ listen.group = www-data
pm = ondemand
pm.max_children = 25
env[EVOADMINMAIL_CONFIG_FILE] = /etc/evoadmin-mail/config.ini

View File

@ -11,5 +11,5 @@
- name: reload php-fpm
service:
name: php7.0-fpm
state: reload
name: php7.0-fpm
state: reloaded

View File

@ -1,30 +1,27 @@
---
- name: "Set custom values for PHP config (Debian 9 or later)"
ini_file:
dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
section: PHP
option: "disable_functions"
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
notify: reload apache2
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Install evoadminmail VHost
template:
src: apache_evoadminmail.conf.j2
dest: /etc/apache2/sites-available/evoadminmail.conf
notify: reload apache2
tags:
- evoadmin-mail
- name: Enable evoadminmail vhost
command: "a2ensite evoadminmail.conf"
register: cmd_a2ensite
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
file:
src: "/etc/apache2/sites-available/evoadminmail.conf"
dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
state: link
notify: reload apache2
when: evoadminmail_enable_vhost
tags:
- evoadmin-mail
- name: Disable evoadminmail vhost
command: "a2dissite evoadminmail.conf"
register: cmd_a2dissite
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
file:
dest: "/etc/apache2/sites-enabled/evoadminmail.conf"
state: absent
notify: reload apache2
when: not evoadminmail_enable_vhost
tags:
- evoadmin-mail

View File

@ -1,17 +0,0 @@
---
- name: "Create /etc/evolinux"
file:
dest: "/etc/evolinux"
recurse: yes
state: directory
#- name: Configure web-add config file
# template:
# src: web-add.conf.j2
# dest: /etc/evolinux/web-add.conf
#
#- name: Configure web-add template file for mail
# template:
# src: web-mail.tpl.j2
# dest: "{{ evoadminmail_scripts_dir }}/web-mail.tpl"

View File

@ -1,10 +1,19 @@
---
- name: Install evoadmin-mail package
apt:
name: evoadmin-mail
state: present
tags:
- evoadmin-mail
- include: packages.yml
- include: user.yml
- include: config.yml
- name: Configure contact mail
ini_file:
dest: /etc/evoadmin-mail/config.ini
section: global
option: mail
value: "\"{{ evoadminmail_contact_email or general_alert_email | mandatory }}\""
tags:
- evoadmin-mail
- include: ssl.yml
@ -21,3 +30,5 @@
regexp: "EvoAdmin-mail"
line: ' <li><a href="https://{{ evoadminmail_host }}">Interface admin mail (EvoAdmin-mail)</a></li>'
insertbefore: "</ul>"
tags:
- evoadmin-mail

View File

@ -1,25 +1,19 @@
---
- name: "Set custom values for PHP config (Debian 9 or later)"
ini_file:
dest: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini
section: PHP
option: "disable_functions"
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
notify: reload nginx
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Copy php-fpm evoadmin-mail pool
copy:
src: pool.evoadmin-mail.conf
dest: /etc/php/7.0/fpm/pool.d/evoadmin-mail.conf
notify: reload php-fpm
tags:
- evoadmin-mail
- name: Install evoadminmail VHost
template:
src: nginx_evoadminmail.conf.j2
dest: /etc/nginx/sites-available/evoadminmail.conf
notify: reload nginx
tags:
- evoadmin-mail
- name: Active evoadminmail VHost
file:
@ -28,8 +22,14 @@
state: link
notify: reload nginx
when: evoadminmail_enable_vhost
tags:
- evoadmin-mail
- name: Disable evoadminmail vhost
command: "unlink /etc/nginx/sites-enabled/evoadminmail.conf"
file:
dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
state: absent
notify: reload nginx
when: not evoadminmail_enable_vhost
tags:
- evoadmin-mail

View File

@ -1,15 +0,0 @@
---
- include_role:
name: apt
tasks_from: evolix_public.yml
- name: Install PHP packages
apt:
name: '{{ item }}'
state: present
with_items:
- php-pear
- php-log
- php-crypt-chap
- php-twig

View File

@ -1,24 +1,30 @@
---
- name: ssl-cert package is installed
apt:
name: ssl-cert
state: present
tags:
- evoadmin-mail
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
args:
creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
tags:
- evoadmin-mail
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ evoadminmail_host }}.key
dest: /etc/ssl/private/{{ evoadminmail_host }}.key
owner: root
group: ssl-cert
mode: "0640"
tags:
- evoadmin-mail
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
args:
creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"
tags:
- evoadmin-mail

View File

@ -1,121 +0,0 @@
---
- name: Create evoadmin account
user:
name: "{{ evoadminmail_username }}"
comment: "Evoadmin Web Account"
home: "{{ evoadminmail_home_dir}}"
shell: /bin/bash
password: "!"
- name: Create log/ directory
file:
path: "{{ evoadminmail_home_dir}}/log"
state: directory
owner: "{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
mode: "0750"
- name: Create www-evoadminmail group
group:
name: "www-{{ evoadminmail_username }}"
state: present
- name: "Create www-evoadmin (Debian 9 or later)"
user:
name: "www-{{ evoadminmail_username }}"
home: "{{ evoadminmail_home_dir}}/www"
shell: /bin/bash
createhome: no
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Add www-data to app's group
user:
name: 'www-data'
groups: "{{ evoadminmail_username }}"
append: yes
when: evoadminmail_webserver == "nginx"
- name: Install Git
apt:
name: git
state: present
- name: "Clone evoadmin repository (Debian 9 or later)"
git:
repo: https://forge.evolix.org/evoadmin-mail.git
dest: "{{ evoadminmail_document_root}}"
version: master
update: yes
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: "Change perms on evoadminmail document root"
file:
dest: "{{ evoadminmail_document_root }}"
owner: "www-{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
recurse: yes
- name: "Copy connect.php"
template:
src: connect.php.j2
dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php"
owner: "www-{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
when: ldap_admin_password is defined
- name: "Copy conf.php"
template:
src: conf.php.j2
dest: "{{ evoadminmail_document_root }}/htdocs/config/conf.php"
owner: "www-{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
- name: create a password for evoadmin user
command: "apg -n 1 -m 16 -M lcN"
register: evoadminmail_admin_password
changed_when: False
- name: upload ldif for evoadmin user
template:
src: evoadmin.ldif.j2
dest: /root/evolinux_evoadminmail_admin.ldif
mode: "0640"
- name: inject config
command: slapadd -l /root/evolinux_evoadminmail_admin.ldif
- name: create log file
file:
dest: /var/log/evoadmin-mail.log
state: touch
owner: "www-{{ evoadminmail_username }}"
group: "adm"
mode: "0640"
- include_role:
name: remount-usr
when: evoadminmail_scripts_dir | search ("/usr")
- name: "Create {{ evoadminmail_scripts_dir }}"
file:
dest: "{{ evoadminmail_scripts_dir }}"
# recurse: yes
mode: "0700"
state: directory
# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
register: command_result
changed_when: "'changed' in command_result.stdout"
# failed_when: False
with_items:
- "{{ evoadminmail_home_dir}}/www"
#- name: Add evoadmin sudoers file
# template:
# src: sudoers.j2
# dest: /etc/sudoers.d/evoadmin
# mode: "0600"
# validate: "visudo -cf %s"

View File

@ -10,7 +10,7 @@
#ServerAlias {{ evoadminmail_host }}
# Repertoire principal
DocumentRoot {{ evoadminmail_document_root }}/htdocs/
DocumentRoot /usr/share/evoadmin-mail/
# SSL
SSLEngine on
@ -19,7 +19,7 @@
SSLProtocol all -SSLv2 -SSLv3
# Propriete du repertoire
<Directory {{ evoadminmail_document_root }}/htdocs/>
<Directory /usr/share/evoadmin-mail/>
#Options Indexes SymLinksIfOwnerMatch
Options SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo Indexes
@ -27,15 +27,15 @@
</Directory>
# user - group (thanks to sesse@debian.org)
AssignUserID www-{{ evoadminmail_username }} {{ evoadminmail_username }}
AssignUserID evoadmin-mail evoadmin-mail
# LOG
CustomLog /var/log/apache2/access.log combined
CustomLog {{ evoadminmail_log_dir }}/access.log combined
ErrorLog {{ evoadminmail_log_dir }}/error.log
ErrorLog /var/log/apache2/error.log
# AWSTATS
SetEnv AWSTATS_FORCE_CONFIG {{ evoadminmail_username }}
SetEnv AWSTATS_FORCE_CONFIG evoadmin-mail
SetEnv EVOADMINMAIL_CONFIG_FILE /etc/evoadmin-mail/config.ini
# REWRITE
UseCanonicalName On
@ -53,6 +53,5 @@
#php_admin_value max_execution_time 60
#php_admin_value upload_max_filesize 8M
#php_admin_flag allow_url_fopen Off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-{{ evoadminmail_username }}"
php_admin_value open_basedir "none"
</VirtualHost>

View File

@ -1,56 +0,0 @@
<?php
// Email pour les notifications
$conf['admin']['mail'] = '{{ evoadminmail_contact_email or general_alert_email | mandatory }}';
// login des superadmins
// Note: utile uniquement si domaines/driver=ldap, laisser vide sinon...
$conf['admin']['logins'] = array('evoadmin');
// What do you want?
// 0 = nothing...
// 1 = only mail accounts
// 2 = only samba accounts
// 3 = mail and samba accounts
$conf['admin']['what'] = 1;
// use hook.php instead of hook-dist.php
$conf['admin']['use_hook'] = false;
// enable quota
$conf['admin']['quota'] = true;
// compatibilite LDAP
$conf['evoadmin']['version'] = 3;
$conf['url']['webroot'] = '/';
$conf['domaines']['onlyone'] = false;
$conf['domaines']['driver'] = 'ldap';
$conf['domaines']['file']['all'] = array('example.com');
$conf['domaines']['file']['gid'] = 1000;
// Pack Mail "virtuel"... attention
// uniquement possible si $conf['admin']['what']=1 !!
$conf['domaines']['ldap']['virtual'] = true;
// Mode cluster
// Uniquement en mode mail seul et des utilisateurs virtuels
$conf['evoadmin']['cluster'] = false;
// auth SMTP by default ?
$conf['evoadmin']['useauthsmtp'] = false;
// Si comptes virtuels
$conf['unix']['uid'] = 5000;
// Si pas virtuel
$conf['unix']['minuid'] = 1000;
$conf['unix']['mingid'] = 1000;
$conf['html']['title'] = "Evoadmin Mail";
// gestion des logs
$conf['log']['priority'] = PEAR_LOG_DEBUG;
$conf['log']['name'] = '/var/log/evoadmin-mail.log';
$conf['log']['software'] = 'evoadminmail';
$conf['log']['enabled'] = true;
// samba
$conf['samba']['dn'] = 'DOMAINNAME';
$conf['samba']['sid'] = 'S-1-5-21-XXX-XXX-XXX';
$conf['samba']['admin_default'] = false;

View File

@ -1,28 +0,0 @@
<?php
/**
* Secrete parameters
*
* $Id: connect-dist.php,v 1.3 2007-05-22 21:12:23 reg Exp $
*
* @author Gregory Colpart <reg@evolix.fr>
* @version 1.0
*/
define("LDAP_URI","ldap://127.0.0.1");
$ldap_servers = array('ldap://127.0.0.1');
define("LDAP_BASE","{{ ldap_suffix }}");
define("LDAP_ADMIN_DN","cn=admin,{{ ldap_suffix }}");
define("LDAP_ADMIN_PASS","{{ ldap_admin_password.stdout }}");
define("SUDOBIN","/usr/bin/sudo");
define("SUDOSCRIPT","/usr/share/scripts/evoadmin.sh");
define("SUDOPASS","xxxxxx");
define('SERVEUR','localhost');
define('SERVEURPORT',3306);
define('BASE','horde');
define('NOM', 'horde');
define('PASSE', 'xxxx');
?>

View File

@ -1,12 +0,0 @@
dn: uid=evoadmin,{{ ldap_suffix }}
uid: evoadmin
cn: Evoadmin ADM
uidNumber: 4242
gidNumber: 4242
homeDirectory: /dev/null
isAdmin: TRUE
mailacceptinggeneralid: evoadmin@{{ ansible_fqdn }}
objectClass: mailAccount
objectClass: organizationalRole
objectClass: posixAccount
userPassword: {{ evoadminmail_admin_password.stdout }}

View File

@ -18,10 +18,10 @@ server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
root {{ evoadminmail_document_root }}/htdocs/;
root /usr/share/evoadmin-mail/;
location / {
index index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {

View File

@ -1,3 +0,0 @@
User_Alias EVOADMIN = www-evoadmin
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB

View File

@ -1,2 +0,0 @@
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"

View File

@ -1,86 +0,0 @@
From: {{ evoadmin_tpl_mail_from }}
To: RCPTTO
Bcc: {{ evoadmin_tpl_mail_bcc }}
Subject: Parametres hebergement web : LOGIN
Bonjour,
Votre compte d'hebergement web a ete cree.
**********************************
* CONNEXION SFTP/SSH
**********************************
NOM DU SERVEUR : {{ evoadmin_tpl_servername }}
USER : LOGIN
PASSWORD : PASSE1
*****************************************
* Details sur l'environnement Apache/PHP
*****************************************
URL du site :
http://{{ evoadmin_tpl_servername }}
URL des stats :
http://{{ evoadmin_tpl_servername }}/cgi-RANDOM/awstats.pl
(acces par IP ou login a demander !)
Repertoire de connexion : HOME_DIR/LOGIN/
Repertoire pour site web : HOME_DIR/LOGIN/www/
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
uniquement *en lecture* aux differents fichiers/repertoires
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
fichiers ce qui est le comportement par defaut).
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
***********************************
* MySQL
***********************************
SERVEUR : 127.0.0.1
PORT DU SERVEUR : 3306
USER : LOGIN
PASSWORD : PASSE2
NOM BASE : DBNAME
URL interface d'admin :
{{ evoadmin_tpl_phpmyadmin_url }}
***********************************
* Rappels divers
***********************************
Votre nom de domaine doit etre configure pour pointer
sur l'adresse IP {{ evoadmin_tpl_address }} (enregistrement DNS A)
ou etre un alias de {{ evoadmin_tpl_servername }} (enregistrement DNS CNAME).
Si vous avez besoin de faire des tests, vous devez
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
{{ evoadmin_tpl_address }} {{ evoadmin_tpl_servername }}
Attention, par defaut, toutes les connexions vers l'exterieur
sont bloquees. Si vous avez besoin de recuperer des donnees
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
afin de mettre en oeuvre les autorisations necessaires.
Afin de securiser au maximum le serveur, certaines URL
particulieres sont non autorisees pour eviter diverses
attaques (XSS, robots, trojans, injections, etc.).
Exemple d'URL refusee :
http://{{ evoadmin_tpl_servername }}/cmd32.exe
En cas de soucis avec votre application, prevenez-nous.
Si vous desirez mettre en place des parametres particuliers
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
etc.), n'hesitez pas a nous contacter a l'adresse
{{ evoadmin_tpl_mail_standard }} (ou {{ evoadmin_tpl_mail_urgent }} si votre demande est
urgente).
Cordialement,
--
{{ evoadmin_tpl_signature }}