Setting up Roundcube password plugin

roles/ispmail-webmail/tasks/main.yml

@@ -13,4 +13,6 @@
   template: src=roundcube-config.inc.php.j2 dest=/etc/roundcube/config.inc.php owner=root group=www-data mode=640
 - name: Deploying Roundcube managesieve plugin configuration
   copy: src=roundcube-managesieve-config.inc.php dest=/etc/roundcube/plugins/managesieve/config.inc.php mode=0640
+- name: Deploying Roundcube password plugin configuration
+  template: src=roundcube-password-config.inc.php.j2 dest=/etc/roundcube/plugins/password/config.inc.php owner=root group=www-data mode=640
 

roles/ispmail-webmail/templates/roundcube-config.inc.php.j2

@@ -76,6 +76,7 @@ $config['plugins'] = array(
 'archive',
 'zipdownload',
 'managesieve',
+'password',
 );
 
 // skin name: folder from skins/

roles/ispmail-webmail/templates/roundcube-password-config.inc.php.j2

@@ -0,0 +1,103 @@
+<?php
+
+// Password Plugin options
+// -----------------------
+// A driver to use for password change. Default: "sql".
+// See README file for list of supported driver names.
+$config['password_driver'] = 'sql';
+
+// Determine whether current password is required to change password.
+// Default: false.
+$config['password_confirm_current'] = true;
+
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$config['password_minimum_length'] = 10;
+
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$config['password_require_nonalpha'] = false;
+
+// Enables logging of password changes into logs/password
+$config['password_log'] = true;
+
+// Comma-separated list of login exceptions for which password change
+// will be not available (no Password tab in Settings)
+$config['password_login_exceptions'] = null;
+
+// Array of hosts that support password changing. Default is NULL.
+// Listed hosts will feature a Password option in Settings; others will not.
+// Example:
+//$config['password_hosts'] = array('mail.example.com', 'mail2.example.org');
+$config['password_hosts'] = null;
+
+// Enables saving the new password even if it matches the old password. Useful
+// for upgrading the stored passwords after the encryption scheme has changed.
+$config['password_force_save'] = true;
+
+// Enables forcing new users to change their password at their first login.
+$config['password_force_new_user'] = false;
+
+
+// SQL Driver options
+// ------------------
+// PEAR database DSN for performing the query. By default
+// Roundcube DB settings are used.
+$config['password_db_dsn'] = 'mysql://mailuser:{{ispmail_mysql_mailuser_password}}@127.0.0.1/mailserver';
+
+// The SQL query used to change the password.
+// The query can contain the following macros that will be expanded as follows:
+//      %p is replaced with the plaintext new password
+//      %c is replaced with the crypt version of the new password, MD5 if available
+//         otherwise DES. More hash function can be enabled using the password_crypt_hash 
+//         configuration parameter.
+//      %D is replaced with the dovecotpw-crypted version of the new password
+//      %o is replaced with the password before the change
+//      %n is replaced with the hashed version of the new password
+//      %q is replaced with the hashed password before the change
+//      %h is replaced with the imap host (from the session info)
+//      %u is replaced with the username (from the session info)
+//      %l is replaced with the local part of the username
+//         (in case the username is an email address)
+//      %d is replaced with the domain part of the username
+//         (in case the username is an email address)
+// Escaping of macros is handled by this module.
+// Default: "SELECT update_passwd(%c, %u)"
+//$config['password_query'] = 'SELECT update_passwd(%D, %u)';
+$config['password_query'] = 'UPDATE virtual_users set password=%D where email=%u';
+
+// By default the crypt() function which is used to create the '%c' 
+// parameter uses the md5 algorithm. To use different algorithms 
+// you can choose between: des, md5, blowfish, sha256, sha512.
+// Before using other hash functions than des or md5 please make sure
+// your operating system supports the other hash functions.
+//$config['password_crypt_hash'] = 'sha256';
+
+// By default domains in variables are using unicode.
+// Enable this option to use punycoded names
+$config['password_idn_ascii'] = false;
+
+// Path for dovecotpw (if not in $PATH)
+$config['password_dovecotpw'] = '/usr/sbin/dovecot pw';
+
+// Dovecot method (dovecotpw -s 'method')
+$config['password_dovecotpw_method'] = 'SHA256-CRYPT';
+
+// Enables use of password with crypt method prefix in %D, e.g. {MD5}$1$LUiMYWqx$fEkg/ggr/L6Mb2X7be4i1/
+$config['password_dovecotpw_with_method'] = true;
+
+// Using a password hash for %n and %q variables.
+// Determine which hashing algorithm should be used to generate
+// the hashed new and current password for using them within the
+// SQL query. Requires PHP's 'hash' extension.
+//$config['password_hash_algorithm'] = 'sha1';
+
+// You can also decide whether the hash should be provided
+// as hex string or in base64 encoded format.
+//$config['password_hash_base64'] = false;
+
+// Iteration count parameter for Blowfish-based hashing algo.
+// It must be between 4 and 31. Default: 12.
+// Be aware, the higher the value, the longer it takes to generate the password hashes.
+//$config['password_blowfish_cost'] = 12;
+