From e6418745b0e80713c3cadfafe050cbb803482511 Mon Sep 17 00:00:00 2001 From: Christoph Haas Date: Wed, 28 Aug 2019 13:41:41 +0200 Subject: [PATCH] Horde base configuration added --- ansible/group_vars/all | 5 +- ansible/ispmail.yml | 2 +- ansible/roles/ispmail-database/tasks/main.yml | 16 +-- ansible/roles/ispmail-packages/tasks/main.yml | 9 +- ansible/roles/ispmail-postfix/tasks/main.yml | 1 + .../ispmail-webmail-apache-horde/handlers/main.yml | 4 + .../ispmail-webmail-apache-horde/tasks/main.yml | 44 +++++++ .../templates/apache/webmail.conf-443.j2 | 138 ++++++++++++++++++++ .../templates/apache/webmail.conf-80.j2 | 6 + .../templates/horde/conf.php.j2 | 126 +++++++++++++++++++ .../files/ispmail-logo.png | Bin 0 -> 7202 bytes .../files/roundcube-managesieve-config.inc.php | 101 +++++++++++++++ .../tasks/main.yml | 44 +++++++ .../templates/roundcube-config.inc.php.j2 | 90 +++++++++++++ .../templates/roundcube-debian-db.php.j2 | 8 ++ .../templates/roundcube-password-config.inc.php.j2 | 103 +++++++++++++++ .../roles/ispmail-webmail-apache/handlers/main.yml | 4 - .../roles/ispmail-webmail-apache/tasks/main.yml | 18 --- .../templates/webmail.conf-443.j2 | 139 --------------------- .../templates/webmail.conf-80.j2 | 6 - .../roles/ispmail-webmail/files/ispmail-logo.png | Bin 7202 -> 0 bytes .../files/roundcube-managesieve-config.inc.php | 101 --------------- ansible/roles/ispmail-webmail/tasks/main.yml | 40 ------ .../templates/roundcube-config.inc.php.j2 | 90 ------------- .../templates/roundcube-debian-db.php.j2 | 8 -- .../templates/roundcube-password-config.inc.php.j2 | 103 --------------- 26 files changed, 683 insertions(+), 523 deletions(-) create mode 100644 ansible/roles/ispmail-webmail-apache-horde/handlers/main.yml create mode 100644 ansible/roles/ispmail-webmail-apache-horde/tasks/main.yml create mode 100644 ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-443.j2 create mode 100644 ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-80.j2 create mode 100644 ansible/roles/ispmail-webmail-apache-horde/templates/horde/conf.php.j2 create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/files/ispmail-logo.png create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/files/roundcube-managesieve-config.inc.php create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/tasks/main.yml create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-config.inc.php.j2 create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-debian-db.php.j2 create mode 100644 ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-password-config.inc.php.j2 delete mode 100644 ansible/roles/ispmail-webmail-apache/handlers/main.yml delete mode 100644 ansible/roles/ispmail-webmail-apache/tasks/main.yml delete mode 100644 ansible/roles/ispmail-webmail-apache/templates/webmail.conf-443.j2 delete mode 100644 ansible/roles/ispmail-webmail-apache/templates/webmail.conf-80.j2 delete mode 100644 ansible/roles/ispmail-webmail/files/ispmail-logo.png delete mode 100644 ansible/roles/ispmail-webmail/files/roundcube-managesieve-config.inc.php delete mode 100644 ansible/roles/ispmail-webmail/tasks/main.yml delete mode 100644 ansible/roles/ispmail-webmail/templates/roundcube-config.inc.php.j2 delete mode 100644 ansible/roles/ispmail-webmail/templates/roundcube-debian-db.php.j2 delete mode 100644 ansible/roles/ispmail-webmail/templates/roundcube-password-config.inc.php.j2 diff --git a/ansible/group_vars/all b/ansible/group_vars/all index 8c03e31..9100a67 100644 --- a/ansible/group_vars/all +++ b/ansible/group_vars/all @@ -9,7 +9,10 @@ ispmail_mysql_mailuser_password: ChangeMe ispmail_mysql_root_password: ChangeMeRoot # MySQL password for storing Roundcube configuration -ispmail_mysql_roundcube_password: ChangeMeRound +#ispmail_mysql_roundcube_password: ChangeMeRound + +# MySQL password for storing Horde webmail user configuration +ispmail_mysql_horde_password: ChangeMeHorde # Allowed authentication mechanisms for IMAP/POP3 # See: https://wiki2.dovecot.org/Authentication/Mechanisms diff --git a/ansible/ispmail.yml b/ansible/ispmail.yml index 0743d5f..aa961eb 100644 --- a/ansible/ispmail.yml +++ b/ansible/ispmail.yml @@ -19,5 +19,5 @@ # - ispmail-postfix # - ispmail-dovecot # - ispmail-webmail -# - ispmail-webmail-apache + - ispmail-webmail-apache-horde - ispmail-tests diff --git a/ansible/roles/ispmail-database/tasks/main.yml b/ansible/roles/ispmail-database/tasks/main.yml index 2b30304..626a231 100644 --- a/ansible/roles/ispmail-database/tasks/main.yml +++ b/ansible/roles/ispmail-database/tasks/main.yml @@ -27,9 +27,9 @@ mysql_db: name: mailserver -- name: creating Roundcube MySQL database - mysql_db: - name: roundcube +# - name: creating Roundcube MySQL database +# mysql_db: +# name: roundcube - name: copying MySQL database schema to server copy: src: schema.sql @@ -44,11 +44,11 @@ name: mailuser password: "{{ispmail_mysql_mailuser_password}}" priv: mailserver.*:SELECT,INSERT,UPDATE,DELETE -- name: creating MySQL user for roundcube - mysql_user: - name: roundcube - password: "{{ispmail_mysql_roundcube_password}}" - priv: roundcube.*:ALL +# - name: creating MySQL user for roundcube +# mysql_user: +# name: roundcube +# password: "{{ispmail_mysql_roundcube_password}}" +# priv: roundcube.*:ALL - name: copying MySQL test data to server copy: src: test.sql diff --git a/ansible/roles/ispmail-packages/tasks/main.yml b/ansible/roles/ispmail-packages/tasks/main.yml index b3d0ed6..fcf29ad 100644 --- a/ansible/roles/ispmail-packages/tasks/main.yml +++ b/ansible/roles/ispmail-packages/tasks/main.yml @@ -6,14 +6,15 @@ vars: packages: - etckeeper + - certbot - pwgen - mariadb-server - postfix - postfix-mysql - - roundcube - - roundcube-mysql - - roundcube-plugins - - roundcube-plugins-extra + # - roundcube + # - roundcube-mysql + # - roundcube-plugins + # - roundcube-plugins-extra - swaks - dovecot-mysql - dovecot-pop3d diff --git a/ansible/roles/ispmail-postfix/tasks/main.yml b/ansible/roles/ispmail-postfix/tasks/main.yml index 313f85e..2e27a47 100644 --- a/ansible/roles/ispmail-postfix/tasks/main.yml +++ b/ansible/roles/ispmail-postfix/tasks/main.yml @@ -16,6 +16,7 @@ src: master.cf dest: /etc/postfix/master.cf mode: 0644 + notify: restart postfix # - name: tell Postfix to use the virtual mailbox domain mapping # command: postconf virtual_mailbox_domains=mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf diff --git a/ansible/roles/ispmail-webmail-apache-horde/handlers/main.yml b/ansible/roles/ispmail-webmail-apache-horde/handlers/main.yml new file mode 100644 index 0000000..3a5124c --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-horde/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: restart apache + service: name=apache2 state=restarted + diff --git a/ansible/roles/ispmail-webmail-apache-horde/tasks/main.yml b/ansible/roles/ispmail-webmail-apache-horde/tasks/main.yml new file mode 100644 index 0000000..73a3fe8 --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-horde/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Install required binary packages + apt: name={{item}} state=installed + with_items: + - apache2 + - libapache2-mod-php + notify: restart apache +- name: Create Apache vhost configuration for HTTPS (Horde and Adminer) + template: + src: apache/webmail.conf-443.j2 + dest: /etc/apache2/sites-available/default-ssl.conf + notify: restart apache +- name: Enable Apache vhost for HTTPS + command: /usr/sbin/a2ensite default-ssl creates=/etc/apache2/sites-enabled/default-ssl.conf + notify: restart apache +- name: Create Apache vhost configuration for HTTP (redirect to HTTPS) + template: + src: apache/webmail.conf-80.j2 + dest: /etc/apache2/sites-available/000-default.conf + notify: restart apache +- name: Enable Apache SSL module + command: /usr/sbin/a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.conf + notify: restart apache + +- name: creating Horde MySQL database + mysql_db: + name: horde +- name: creating MySQL user to access the Horde database + mysql_user: + name: horde + password: "{{ispmail_mysql_horde_password}}" + priv: horde.*:ALL + +- name: Generate random secret key for this Horde installation + command: pwgen -s 20 + register: horde_secret_key +- name: Generate Horde config file + template: + src: horde/conf.php.j2 + dest: /etc/horde/horde/conf.php + +- name: Create Horde database schema + command: /usr/bin/horde-db-migrate + +# code: language=ansible insertSpaces=true tabSize=2 diff --git a/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-443.j2 b/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-443.j2 new file mode 100644 index 0000000..497fd86 --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-443.j2 @@ -0,0 +1,138 @@ + + + ServerAdmin {{ ispmail_postmaster_address }} + ServerName {{ ispmail_webmail_hostname }} + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + RedirectMatch permanent ^/$ https://{{ ispmail_webmail_hostname}}/horde/ + + ErrorLog ${APACHE_LOG_DIR}/webmail.error.log + CustomLog ${APACHE_LOG_DIR}/webmail.access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile /etc/ssl/certs/mailserver.pem + SSLCertificateKeyFile /etc/ssl/private/mailserver.pem + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet + diff --git a/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-80.j2 b/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-80.j2 new file mode 100644 index 0000000..59589bc --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-horde/templates/apache/webmail.conf-80.j2 @@ -0,0 +1,6 @@ + + ServerAdmin {{ ispmail_postmaster_address }} + ServerName {{ ispmail_webmail_hostname }} + + Redirect permanent / https://{{ ispmail_webmail_hostname}}/ + diff --git a/ansible/roles/ispmail-webmail-apache-horde/templates/horde/conf.php.j2 b/ansible/roles/ispmail-webmail-apache-horde/templates/horde/conf.php.j2 new file mode 100644 index 0000000..63d53a1 --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-horde/templates/horde/conf.php.j2 @@ -0,0 +1,126 @@ +wDLMcEujD>TtHSGAc;P}thQE`4e58O^$j0)r(!k4q zPi{v^BD@F9;iHx_0AS$%S3p2|CNaDd#YIk024xK$371r0p2U0<0LZH4q~Cw_SUS=5 z)J)X4_QS`Mlw3eWlKwt|<%&WiEu>bejZ~r2U~;r%Wo=DSueR)X@RMRnh+Sys(o`v9Adwcd3NUB9c8{?%ks^t^MvO_2T@Ig zT7@xTxn@7JdhP!;fC(rFa6q62PnuGYmWxz7{4AlpTuQ(Oael}~ z21-B`$T;BKi!;YK5B1DP_5f>C1yap{Zh3i~)?zwL2swlTQjYsYOx(c0QCZdJqA*ld zTNvp6_^Ao#Rs%GK)@*>0wO&YGwASx>DCU2^G8o^qPs4BYqjEKuu(11`;zQQZRRri0t5qnJ>(r(enoi4*WY4pLuE>F zR_vp@i~$LIR7Y8-gdEK{BSCh>Yjqu8b@!=&e`y-B?Z22{c7L;=AjTMdFFbN@0OF*A z0FXG%5A2}gbWIVq1D;qP4(c3|^DI0_gpXaLp$|ET_xCf5gQ@nN-=v4^W2krui+UBYJ^ZBvZ{ST=$(=+2miufp3jnKE@lFfD4VkZMd2>jaXUKrP{|% zcN)Vva2&!RF65vqC3MOqTaXf55hJZs)f=W*! zEsCTsMxr~1hl-gZt}>b)BEoE}$UBo@AvJ=dYWDBdh|ybEompvVoke8tBT--)1qKnI zC;o5@{e0GOvr5j-&mWtfo*q%D)Aal_%F!hvtKUuu`9oyj!}WcpjqiZn)*Z#$OLHo~Zeo%#OTXHi zx}1Z9qsv+D88(0xy0n?85;FD2ObwwKah)4<%{RU4hMi6J<4SJ`Ku47z1w?3gbd(^* zQk_I#2Wt6v@DIQZaY%P00V+=|KhKM6{p;OVi4g~SS7989i?@*qU`?4Nnj%WUQrTrC zao7#ru@xQiIxZ0rk>mbk9)+8mTVus{)zYv1eSJO-*T;)GrXsDJn9l997&{IFpk`&( zobOSQOn1MO-X6Ncj-}8j_6>v*eJuWrxR)TyC_NZW9_1+IKA!I3mMT@UTKr`G$=2c8 zc=ukttgXG4J82!*e)@)g6X<)Y)1$Nib}%R2{T>err&*th55NZ;7`okK!^6?CxJ(8{ z0|Ej>;nId0EGZly(XCNFtDXF*sH(KIl!cj@dGz=1_FCKJ#*3?~tNx_m*~C`ilHy`^ zg2?{PEFsr(7gtwT+;C}0_>X)4JanT!{Hahc=ZlVxo<2W6FU!o#e9RJd*Z(~>=KGOB zi|q$_#0xGpMu}3EP!cjH0H3jqf6d2vXc1~ol_1ud26MDE^2DNUU(4M<0=%YQNCdg< zHg}wvN`D-nFkX{$o?4j8ouN@o%A#aTEObGY?Om=9qMuD(5IGf+wO2j5is>}8-S*n` zrlP;BTFGolqBFW8=XQRKn*Wj_fGR=V%Q+YYxpkE+oxwE}0PmAhQ2h1Z8i;njzdXRV zu{=^^PG;ukzu5}_qg2s!TQhLvGxlE{aFfe<2d)qNzZP103`@Mn~of&4d z^vj3ybsfEeuzK_L%rJeoGvd1MdUpVJiDJgPUKon^_3_={N{cggyuX_{@we1?_jefG zig+L8#%d5xfwJd%FIlIV^2AMTzPPE>vG9|N=Gwe*>!l?F^jid@1$)jP8CUnaK9;tY zmOCAou8yZ9dxt3Vfg~N-J3sk=X;4%?N~|k(RCro5nj0MimL}?b%_1i!XT1bA1ZtpA zD1NxK-rJWS%E`-OP8ow+A7o@+3ArB57?_xtpd_YlNN7>VfSycE=pZ{JXbLUJFN09( zect}-wDMHz^#^{i3YD18Em4E^6TxlLr=t7r0I){*QD2(o>R3a3N&tW}&EKColQuSV>P`M zgq#cr=UJ!_c?k)~OR-|cYe4}4)SM#M@bK`#QtBwFDd`D1xOO=$wK(q?=c()~s-p>` zzqNre(Va9gN|;k|?TkX72vh=!7uJmemBsk%$Z3Jy&+n_lBB;oJ-oCe>3!6<;lg`e} z^l_gpQ`7k*FVFIoIk~a9x!LCKd?#Z9u9G=^#6lQpSdqGDfYAJSw&;>7PB=w@y1k%} z?y3q&!u3i1Q5XFSMs7Pyd!+Lz=h9!U{PS-dVF3f0@=;f*oHP?-b*MrR4n$s3vWL#x z+#E$auekU_i|f(csQGwiOLA(eMjqU{_4W1L-oJm(E)|M(6%!GGzQ5MxAE(P+yx z@z&C=BJT*Cd-wq=seq7g0v0&urHxYoMboIG2!U(puO#gMe26Q{7tm`|Bn8fcf`Wd- z3yo?Fo&+CZ-;!(G8rA9g0#i=!Mo^mSA;s&f4=%@4vDr#@dq@3(CH}Aj3ef|kKn*Pe zx4n`?g9)_RpN00zXeVdB={5EShSe~3`*s@KCM09$nOFcKz{*;Ylh>nT-{HEuJ)HQX z52YNO%gW3=O+-kzm?_}+9i@9NVtyQZ@18MEuP zZnwktjEsmw--n-uMpE+VgS2!ISU{3BCk2=d&@@LGIsf+)ZM2RNojJU_2=A37v-Uh* z$6!!Hp4MwOGo!)bfErQuJ~cc%L+7_~%tL2n!?d(76MP#H#9Ny=sdE_Eu~D4})HAx1 zch7ZQuf|72-06MSHq)5Or^it#bY(kHFRch-CrVB|bk;Q01b+1H%ykIb--$DJJxy^s z2-p+-?YiKYKD7>^ZlsIs15-P=y4n)r?rm@Ls?KQO6DriSbHg?3c_^ONiaEm+twcxG zqwf;}fq931EPUUchlhuGEM>x_r;|6^GC&KmA3h+%@m?AcE}q`r?#^)ZbaZsY#Xv;R zp^P;zP%WK-_q@{5(sG}#&`QkC%F-L%yRc1R)tYu+X?8Svets5HQc}Va%Bs?0NMxcE z^U+L7PxrdJm=G72L69RukRUub>hfGYS#FBOMn@;z+}PMSIy_uj{PpXXJ~a-Ek2G3| zJ(VRQGE$yHx7ooJZVaWQ(Zx|Utg(wQ5G2hgjrPO$MlR&?g^Q2aKvm!iEWPM7U@u0B zw#7#f(Yq6mD{8jpUuATO{Oo!g=`G{hh5m|O4SoHmapAKHWktmf zNp&VRrrsQ*G&))n?&KLud6&+2`8=uZ+s52nO9%&F0hAlcF5mH~e%t0ElVtCw>G5PL zrOdtKjR*Oa!NKp@T)5Lcko}CazXB~=O5;EN767RCul#ma82uFq7SV#FFkQtx_Zq$+ zHC20qJcc=Icx1t~odvDM#l>pr4ww5=V!^?|7&pg@JO%D&s~f;0a0|fbgk<^pP>c)cEyKc2%utNVTm|y_Hj>(zuS@Lp=pgL$B>P)#Iz@|_$uHlmQ`g{wXHRGFS9c3MzWy*j5{#6q* zza}C|-8>*D|7;-6%X|4VG4ankc+VL8W66$_CrepbMTNrMlq^-z!|m-cZxInbKF{xN zJZRgH>3o%58>|;woIH)kd^`mPgCWYw4!YXe*%^#wi$2)E?Z3POBo%^rpq$*#6K`vc zjbf7!i8Lwhv+xrgOFOT@v5Wnf8 zA~#lpndcgnwqOM}o8tzV4`u4h!M(5C+OtbrxxHb|FayIW{(O0TO~PdxVVLJ@ZDV>M zT7iLuMA+>(eS3R*$Is7Cj6rsIAmk66??C*X?vZ}yi2JWh7s64ZlZAYnXBEMbiju8%Awz{94nsB~Z%yLb~7Jr0^K$hvigQ~XYaIh2&?X6vd znok&ln|cE4dUhGyWi>Z&fNLhs#plJu>ysf&-UPHz zm_5Os@y_q|6> z*x1`^;(7DtP4GE%`S%$QCQom|I3XcnGMip2Z?ZAELJM949cKbqGy)X&-EgJL)k}I(`oVy8UCY)a0WcdrhK zi(c;K`FNX8keg$#sfJj7OE04m7$PfwKu81RgI8l{!=bgYIOI*8|(P*j#`qxV3ZMYUSgv2-?X%F{^BtYS&DZK`|_j>pWaa~e7TsSD)6~}&eRy+ zaA;?>sm@<_Q^$eu40P6CMrCE^k1R+i&#kQJHd+2Dj)2qrEH@{oLvH)k_V=~5wSm38 zy-&lDo}Ypw^G?dt${Auvcy`6i!k2A5c}W$WwY9Yedf=$P+UCxYV+t)ylCi<)JAVGg z2dLTFR?eX2E+i6Ye^QJdsYt?K|fa z$Mp?nYQECtK8SW4q%Zv9ce~L31Aox}<|Q+Hnz%H8K z{OP?gLjk>(l(W|*14F7zVe3G4*$n)%Z4o3Em z1`Ro!p|JUa7O=v?=EUVL-*Ue^u6pPhJ&(yr#`}JruH})H^t#G`5VlV?JPpKSeSJ=q%oZkv5Axm_6-<I=SAwht+}Nm+QfyKC628H}a!--QF0Cp?BXLl4g9 z=I3v!03VtyX*;g0tO&&?E6s$+kfQ=wqOD8`*vAXPwjQzi!FT*9%D&ci=M8OyD{=Zy z3|mMBWhT8_NXNnnUhl7)-@r0nQJJTE+ow(xyMP?Z*+?g*JMe8_oAqX+DI0L&du3^9 zshG4jbU&h7SJ(#N#FFq7&th6zSs8!H8zbnl;uRW5{AwepJzX-!>AQcaRk;K`obnF! zl+2qPA1Z7J*h$Uc{N_R&aXn+noBpkL!32)IdGIx}^(0<)B{X~22Z6dDz97p2FgMpD zCwitU)$lgidAY8gUe8tPxQ7*~XMnhlgocKsbacMRiC_q{IbR*l zI%O#hI=j1{S@pnOpsz`wQZhVhAXCjenyVz+Iz6pYfK%U<4sQ*t+~33<$hpfk8XxRd z8_q1qyGg><^qURrUgpjumr6(Ip#~=n99MQ|siVon%)^xYyBovd$K|^c75pY7w}AA2 z<1xLC%mS!6Icv-f4Gkx*>$NM@t@-U%JfbvF=$V>YDsu_g$U+uM*bE(6wXC8QzVFSN zD7%z{hS1T`PeVgP#T)ean3+c|9`7#fH919Ce@xWYh*^IA{JFNg+?pe>FI);9@kS-H zXei-C_7_AaO?AgC_Sf_HqhGtdMMXQw5HUK`nHG;CW;YtcK8*`(yzf)hpZ%MPR!_%55TN|nu8T`f1+znu1k zWc}T>$xYrKK=Vp zpkK`|L!0+hK=X?DJKT@Za zhYD5Sk=;x7&5Q3h4BL+jWjnIdH&SyP8HB7Eh`4^02n*CHmZ;!LK{Bco)K=np3s;FJ z>n~rv_OB-R}|+UDc)kHuV*w~W;G0oPL>+1bF?e%8k!37^Ye*qsphK@VYJzu zZznOj2>@XhmJutg)2FWY(Bfz^3d&7E&IO&{eNm`gohG9O%4;LTO0yRA8mR0-bOO&l zPmLha@_y8Z51nOS6wWq5QfGTpV!Hd7{YZM~z z;OV)uv-7X0h{y^#1qB5n0w`y6$7#sXR}C(Da3whSw>4Pp^K>=e#f|wzai9C$`ug|d zE=?7dM0eNAs-v=kn`S=|#ZXnzUhwS%bpjylxx>GAPVy+V`Ats4UB5D^h+ zU07a@w6V3dbrH(aFP}X$<^E9zpSl!oaIJ-fh1BrGtaWe5s{>P~i+|hb!7e;k|2_gI zT&6>D>+n3>yrh&ASVUA*I8vIXtw1*RG!35GYVvS0JA$H8Nl^8C!=&qU!6B2lxNGbO zhf41ZDy8M4Qi&++Pc>w0d#=QdMAUuhML~*2MSUflRrBCM0L1IBWr}ju9mxZ32%4to zeZ}m`M(+oajgATBV}k7PHx9tD#|cVQPey;*RqJh1=5c+!5n9JB9yVW-B!jpI@fK8h zb4#Bs!m8xST$^NLU84m|@oIHsvnHK*M^cQH7o_7ixQZCKwH7ZMGQ#gQstK_KVdSg}XGzqLf1clQUQymN&1z%%Bt~hH4<1w}9T&UTRIsao#$YtXgr^EjsAQsv$NpVmzz7!50;dMh+(V2G^+|{| z_4L#>T3){XTI6ARnelD&z4|J$nCds7OVgWxfpidwc?-QsSj<1@jJd~ED%NgwtrzYzVYdnp-=}@Uh>!P9 zMBl`s+Rr_IuuomKQ)Ifh#2~J%lC6tF7(_;PIDvh@MqJl%G0uR`{nZgvm&ID{_1N^YOCe=oOiS6d=Mm3<(Mw72b+uOH*!_Ie!mka# z?NM5)53%82g0N!<{O|fB5|Ro7p~KP&V4T0JsV}S=#~EJw(tjzmzR4anxclgv`gWN+ zBErxiML+_~lm#SJDRjKYVMtj1NEFVvQ9X|!AcL@oJ7@HNmt+6$o($gXvcK~WY>7@z UqxNEl-{t{wGD^}_l7`>^2Ur;a>i_@% literal 0 HcmV?d00001 diff --git a/ansible/roles/ispmail-webmail-apache-roundcube/files/roundcube-managesieve-config.inc.php b/ansible/roles/ispmail-webmail-apache-roundcube/files/roundcube-managesieve-config.inc.php new file mode 100644 index 0000000..cc53cb0 --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-roundcube/files/roundcube-managesieve-config.inc.php @@ -0,0 +1,101 @@ +// Taken from /usr/share/roundcube/plugins/managesieve/config.inc.php.dist + array( +// 'verify_peer' => true, +// 'verify_depth' => 3, +// 'cafile' => '/etc/openssl/certs/ca.crt', +// ), +// ); +$config['managesieve_conn_options'] = null; + +// default contents of filters script (eg. default spam filter) +$config['managesieve_default'] = '/etc/dovecot/sieve/global'; + +// The name of the script which will be used when there's no user script +$config['managesieve_script_name'] = 'managesieve'; + +// Sieve RFC says that we should use UTF-8 endcoding for mailbox names, +// but some implementations does not covert UTF-8 to modified UTF-7. +// Defaults to UTF7-IMAP +$config['managesieve_mbox_encoding'] = 'UTF-8'; + +// I need this because my dovecot (with listescape plugin) uses +// ':' delimiter, but creates folders with dot delimiter +$config['managesieve_replace_delimiter'] = ''; + +// disabled sieve extensions (body, copy, date, editheader, encoded-character, +// envelope, environment, ereject, fileinto, ihave, imap4flags, index, +// mailbox, mboxmetadata, regex, reject, relational, servermetadata, +// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. +// Note: not all extensions are implemented +$config['managesieve_disabled_extensions'] = array(); + +// Enables debugging of conversation with sieve server. Logs it into /sieve +$config['managesieve_debug'] = false; + +// Enables features described in http://wiki.kolab.org/KEP:14 +$config['managesieve_kolab_master'] = false; + +// Script name extension used for scripts including. Dovecot uses '.sieve', +// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled. +$config['managesieve_filename_extension'] = '.sieve'; + +// List of reserved script names (without extension). +// Scripts listed here will be not presented to the user. +$config['managesieve_filename_exceptions'] = array(); + +// List of domains limiting destination emails in redirect action +// If not empty, user will need to select domain from a list +$config['managesieve_domains'] = array(); + +// Enables separate management interface for vacation responses (out-of-office) +// 0 - no separate section (default), +// 1 - add Vacation section, +// 2 - add Vacation section, but hide Filters section +$config['managesieve_vacation'] = 0; + +// Default vacation interval (in days). +// Note: If server supports vacation-seconds extension it is possible +// to define interval in seconds here (as a string), e.g. "3600s". +$config['managesieve_vacation_interval'] = 0; + +// Some servers require vacation :addresses to be filled with all +// user addresses (aliases). This option enables automatic filling +// of these on initial vacation form creation. +$config['managesieve_vacation_addresses_init'] = false; + +// Supported methods of notify extension. Default: 'mailto' +$config['managesieve_notify_methods'] = array('mailto'); diff --git a/ansible/roles/ispmail-webmail-apache-roundcube/tasks/main.yml b/ansible/roles/ispmail-webmail-apache-roundcube/tasks/main.yml new file mode 100644 index 0000000..3019f6a --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-roundcube/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: install required binary packages + apt: + name: "{{ packages }}" + update_cache: yes + vars: + packages: + #- roundcube + #- roundcube-plugins + - php-horde-imp + - php-horde-ingo + - php-horde-kronolith + - php-horde-turba +# - name: Creating random des_key for Roundcube +# shell: pwgen 24 +# register: roundcube_random_des_key +# - name: Deploying Roundcube configuration +# template: +# src: roundcube-config.inc.php.j2 +# dest: /etc/roundcube/config.inc.php +# owner: root +# group: www-data +# mode: 0640 +# - name: Deploying Roundcube managesieve plugin configuration +# copy: +# src: roundcube-managesieve-config.inc.php +# dest: /etc/roundcube/plugins/managesieve/config.inc.php +# mode: 0640 +# - name: Deploying Roundcube password plugin configuration +# template: +# src: roundcube-password-config.inc.php.j2 +# dest: /etc/roundcube/plugins/password/config.inc.php +# owner: root +# group: www-data +# mode: 0640 +# - name: Copy ISPmail logo +# copy: +# src: ispmail-logo.png +# dest: /var/lib/roundcube/ +# - name: Copy Roundcube database config file +# template: +# src: roundcube-debian-db.php.j2 +# dest: /etc/roundcube/debian-db.php +# mode: 0640 diff --git a/ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-config.inc.php.j2 b/ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-config.inc.php.j2 new file mode 100644 index 0000000..0fae756 --- /dev/null +++ b/ansible/roles/ispmail-webmail-apache-roundcube/templates/roundcube-config.inc.php.j2 @@ -0,0 +1,90 @@ + - - ServerAdmin {{ ispmail_postmaster_address }} - ServerName {{ ispmail_webmail_hostname }} - - Include /etc/roundcube/apache.conf - Alias / /var/lib/roundcube/ - - # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, - # error, crit, alert, emerg. - # It is also possible to configure the loglevel for particular - # modules, e.g. - #LogLevel info ssl:warn - - ErrorLog ${APACHE_LOG_DIR}/webmail.error.log - CustomLog ${APACHE_LOG_DIR}/webmail.access.log combined - - # For most configuration files from conf-available/, which are - # enabled or disabled at a global level, it is possible to - # include a line for only one particular virtual host. For example the - # following line enables the CGI configuration for this host only - # after it has been globally disabled with "a2disconf". - #Include conf-available/serve-cgi-bin.conf - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/mailserver.pem - SSLCertificateKeyFile /etc/ssl/private/mailserver.pem - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet - diff --git a/ansible/roles/ispmail-webmail-apache/templates/webmail.conf-80.j2 b/ansible/roles/ispmail-webmail-apache/templates/webmail.conf-80.j2 deleted file mode 100644 index 59589bc..0000000 --- a/ansible/roles/ispmail-webmail-apache/templates/webmail.conf-80.j2 +++ /dev/null @@ -1,6 +0,0 @@ - - ServerAdmin {{ ispmail_postmaster_address }} - ServerName {{ ispmail_webmail_hostname }} - - Redirect permanent / https://{{ ispmail_webmail_hostname}}/ - diff --git a/ansible/roles/ispmail-webmail/files/ispmail-logo.png b/ansible/roles/ispmail-webmail/files/ispmail-logo.png deleted file mode 100644 index 062946db20523bbe678b56a54fc52c8c3db3567b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7202 zcmYjWbx<5nu-@Zv2u^Sb8r*|RkPw1~1a}MW?niKU3GM`!!#%hJ4GzIwFSzsWSMUAt zdTVy3W@~3^X1c%rx+h#kN%j>wDLMcEujD>TtHSGAc;P}thQE`4e58O^$j0)r(!k4q zPi{v^BD@F9;iHx_0AS$%S3p2|CNaDd#YIk024xK$371r0p2U0<0LZH4q~Cw_SUS=5 z)J)X4_QS`Mlw3eWlKwt|<%&WiEu>bejZ~r2U~;r%Wo=DSueR)X@RMRnh+Sys(o`v9Adwcd3NUB9c8{?%ks^t^MvO_2T@Ig zT7@xTxn@7JdhP!;fC(rFa6q62PnuGYmWxz7{4AlpTuQ(Oael}~ z21-B`$T;BKi!;YK5B1DP_5f>C1yap{Zh3i~)?zwL2swlTQjYsYOx(c0QCZdJqA*ld zTNvp6_^Ao#Rs%GK)@*>0wO&YGwASx>DCU2^G8o^qPs4BYqjEKuu(11`;zQQZRRri0t5qnJ>(r(enoi4*WY4pLuE>F zR_vp@i~$LIR7Y8-gdEK{BSCh>Yjqu8b@!=&e`y-B?Z22{c7L;=AjTMdFFbN@0OF*A z0FXG%5A2}gbWIVq1D;qP4(c3|^DI0_gpXaLp$|ET_xCf5gQ@nN-=v4^W2krui+UBYJ^ZBvZ{ST=$(=+2miufp3jnKE@lFfD4VkZMd2>jaXUKrP{|% zcN)Vva2&!RF65vqC3MOqTaXf55hJZs)f=W*! zEsCTsMxr~1hl-gZt}>b)BEoE}$UBo@AvJ=dYWDBdh|ybEompvVoke8tBT--)1qKnI zC;o5@{e0GOvr5j-&mWtfo*q%D)Aal_%F!hvtKUuu`9oyj!}WcpjqiZn)*Z#$OLHo~Zeo%#OTXHi zx}1Z9qsv+D88(0xy0n?85;FD2ObwwKah)4<%{RU4hMi6J<4SJ`Ku47z1w?3gbd(^* zQk_I#2Wt6v@DIQZaY%P00V+=|KhKM6{p;OVi4g~SS7989i?@*qU`?4Nnj%WUQrTrC zao7#ru@xQiIxZ0rk>mbk9)+8mTVus{)zYv1eSJO-*T;)GrXsDJn9l997&{IFpk`&( zobOSQOn1MO-X6Ncj-}8j_6>v*eJuWrxR)TyC_NZW9_1+IKA!I3mMT@UTKr`G$=2c8 zc=ukttgXG4J82!*e)@)g6X<)Y)1$Nib}%R2{T>err&*th55NZ;7`okK!^6?CxJ(8{ z0|Ej>;nId0EGZly(XCNFtDXF*sH(KIl!cj@dGz=1_FCKJ#*3?~tNx_m*~C`ilHy`^ zg2?{PEFsr(7gtwT+;C}0_>X)4JanT!{Hahc=ZlVxo<2W6FU!o#e9RJd*Z(~>=KGOB zi|q$_#0xGpMu}3EP!cjH0H3jqf6d2vXc1~ol_1ud26MDE^2DNUU(4M<0=%YQNCdg< zHg}wvN`D-nFkX{$o?4j8ouN@o%A#aTEObGY?Om=9qMuD(5IGf+wO2j5is>}8-S*n` zrlP;BTFGolqBFW8=XQRKn*Wj_fGR=V%Q+YYxpkE+oxwE}0PmAhQ2h1Z8i;njzdXRV zu{=^^PG;ukzu5}_qg2s!TQhLvGxlE{aFfe<2d)qNzZP103`@Mn~of&4d z^vj3ybsfEeuzK_L%rJeoGvd1MdUpVJiDJgPUKon^_3_={N{cggyuX_{@we1?_jefG zig+L8#%d5xfwJd%FIlIV^2AMTzPPE>vG9|N=Gwe*>!l?F^jid@1$)jP8CUnaK9;tY zmOCAou8yZ9dxt3Vfg~N-J3sk=X;4%?N~|k(RCro5nj0MimL}?b%_1i!XT1bA1ZtpA zD1NxK-rJWS%E`-OP8ow+A7o@+3ArB57?_xtpd_YlNN7>VfSycE=pZ{JXbLUJFN09( zect}-wDMHz^#^{i3YD18Em4E^6TxlLr=t7r0I){*QD2(o>R3a3N&tW}&EKColQuSV>P`M zgq#cr=UJ!_c?k)~OR-|cYe4}4)SM#M@bK`#QtBwFDd`D1xOO=$wK(q?=c()~s-p>` zzqNre(Va9gN|;k|?TkX72vh=!7uJmemBsk%$Z3Jy&+n_lBB;oJ-oCe>3!6<;lg`e} z^l_gpQ`7k*FVFIoIk~a9x!LCKd?#Z9u9G=^#6lQpSdqGDfYAJSw&;>7PB=w@y1k%} z?y3q&!u3i1Q5XFSMs7Pyd!+Lz=h9!U{PS-dVF3f0@=;f*oHP?-b*MrR4n$s3vWL#x z+#E$auekU_i|f(csQGwiOLA(eMjqU{_4W1L-oJm(E)|M(6%!GGzQ5MxAE(P+yx z@z&C=BJT*Cd-wq=seq7g0v0&urHxYoMboIG2!U(puO#gMe26Q{7tm`|Bn8fcf`Wd- z3yo?Fo&+CZ-;!(G8rA9g0#i=!Mo^mSA;s&f4=%@4vDr#@dq@3(CH}Aj3ef|kKn*Pe zx4n`?g9)_RpN00zXeVdB={5EShSe~3`*s@KCM09$nOFcKz{*;Ylh>nT-{HEuJ)HQX z52YNO%gW3=O+-kzm?_}+9i@9NVtyQZ@18MEuP zZnwktjEsmw--n-uMpE+VgS2!ISU{3BCk2=d&@@LGIsf+)ZM2RNojJU_2=A37v-Uh* z$6!!Hp4MwOGo!)bfErQuJ~cc%L+7_~%tL2n!?d(76MP#H#9Ny=sdE_Eu~D4})HAx1 zch7ZQuf|72-06MSHq)5Or^it#bY(kHFRch-CrVB|bk;Q01b+1H%ykIb--$DJJxy^s z2-p+-?YiKYKD7>^ZlsIs15-P=y4n)r?rm@Ls?KQO6DriSbHg?3c_^ONiaEm+twcxG zqwf;}fq931EPUUchlhuGEM>x_r;|6^GC&KmA3h+%@m?AcE}q`r?#^)ZbaZsY#Xv;R zp^P;zP%WK-_q@{5(sG}#&`QkC%F-L%yRc1R)tYu+X?8Svets5HQc}Va%Bs?0NMxcE z^U+L7PxrdJm=G72L69RukRUub>hfGYS#FBOMn@;z+}PMSIy_uj{PpXXJ~a-Ek2G3| zJ(VRQGE$yHx7ooJZVaWQ(Zx|Utg(wQ5G2hgjrPO$MlR&?g^Q2aKvm!iEWPM7U@u0B zw#7#f(Yq6mD{8jpUuATO{Oo!g=`G{hh5m|O4SoHmapAKHWktmf zNp&VRrrsQ*G&))n?&KLud6&+2`8=uZ+s52nO9%&F0hAlcF5mH~e%t0ElVtCw>G5PL zrOdtKjR*Oa!NKp@T)5Lcko}CazXB~=O5;EN767RCul#ma82uFq7SV#FFkQtx_Zq$+ zHC20qJcc=Icx1t~odvDM#l>pr4ww5=V!^?|7&pg@JO%D&s~f;0a0|fbgk<^pP>c)cEyKc2%utNVTm|y_Hj>(zuS@Lp=pgL$B>P)#Iz@|_$uHlmQ`g{wXHRGFS9c3MzWy*j5{#6q* zza}C|-8>*D|7;-6%X|4VG4ankc+VL8W66$_CrepbMTNrMlq^-z!|m-cZxInbKF{xN zJZRgH>3o%58>|;woIH)kd^`mPgCWYw4!YXe*%^#wi$2)E?Z3POBo%^rpq$*#6K`vc zjbf7!i8Lwhv+xrgOFOT@v5Wnf8 zA~#lpndcgnwqOM}o8tzV4`u4h!M(5C+OtbrxxHb|FayIW{(O0TO~PdxVVLJ@ZDV>M zT7iLuMA+>(eS3R*$Is7Cj6rsIAmk66??C*X?vZ}yi2JWh7s64ZlZAYnXBEMbiju8%Awz{94nsB~Z%yLb~7Jr0^K$hvigQ~XYaIh2&?X6vd znok&ln|cE4dUhGyWi>Z&fNLhs#plJu>ysf&-UPHz zm_5Os@y_q|6> z*x1`^;(7DtP4GE%`S%$QCQom|I3XcnGMip2Z?ZAELJM949cKbqGy)X&-EgJL)k}I(`oVy8UCY)a0WcdrhK zi(c;K`FNX8keg$#sfJj7OE04m7$PfwKu81RgI8l{!=bgYIOI*8|(P*j#`qxV3ZMYUSgv2-?X%F{^BtYS&DZK`|_j>pWaa~e7TsSD)6~}&eRy+ zaA;?>sm@<_Q^$eu40P6CMrCE^k1R+i&#kQJHd+2Dj)2qrEH@{oLvH)k_V=~5wSm38 zy-&lDo}Ypw^G?dt${Auvcy`6i!k2A5c}W$WwY9Yedf=$P+UCxYV+t)ylCi<)JAVGg z2dLTFR?eX2E+i6Ye^QJdsYt?K|fa z$Mp?nYQECtK8SW4q%Zv9ce~L31Aox}<|Q+Hnz%H8K z{OP?gLjk>(l(W|*14F7zVe3G4*$n)%Z4o3Em z1`Ro!p|JUa7O=v?=EUVL-*Ue^u6pPhJ&(yr#`}JruH})H^t#G`5VlV?JPpKSeSJ=q%oZkv5Axm_6-<I=SAwht+}Nm+QfyKC628H}a!--QF0Cp?BXLl4g9 z=I3v!03VtyX*;g0tO&&?E6s$+kfQ=wqOD8`*vAXPwjQzi!FT*9%D&ci=M8OyD{=Zy z3|mMBWhT8_NXNnnUhl7)-@r0nQJJTE+ow(xyMP?Z*+?g*JMe8_oAqX+DI0L&du3^9 zshG4jbU&h7SJ(#N#FFq7&th6zSs8!H8zbnl;uRW5{AwepJzX-!>AQcaRk;K`obnF! zl+2qPA1Z7J*h$Uc{N_R&aXn+noBpkL!32)IdGIx}^(0<)B{X~22Z6dDz97p2FgMpD zCwitU)$lgidAY8gUe8tPxQ7*~XMnhlgocKsbacMRiC_q{IbR*l zI%O#hI=j1{S@pnOpsz`wQZhVhAXCjenyVz+Iz6pYfK%U<4sQ*t+~33<$hpfk8XxRd z8_q1qyGg><^qURrUgpjumr6(Ip#~=n99MQ|siVon%)^xYyBovd$K|^c75pY7w}AA2 z<1xLC%mS!6Icv-f4Gkx*>$NM@t@-U%JfbvF=$V>YDsu_g$U+uM*bE(6wXC8QzVFSN zD7%z{hS1T`PeVgP#T)ean3+c|9`7#fH919Ce@xWYh*^IA{JFNg+?pe>FI);9@kS-H zXei-C_7_AaO?AgC_Sf_HqhGtdMMXQw5HUK`nHG;CW;YtcK8*`(yzf)hpZ%MPR!_%55TN|nu8T`f1+znu1k zWc}T>$xYrKK=Vp zpkK`|L!0+hK=X?DJKT@Za zhYD5Sk=;x7&5Q3h4BL+jWjnIdH&SyP8HB7Eh`4^02n*CHmZ;!LK{Bco)K=np3s;FJ z>n~rv_OB-R}|+UDc)kHuV*w~W;G0oPL>+1bF?e%8k!37^Ye*qsphK@VYJzu zZznOj2>@XhmJutg)2FWY(Bfz^3d&7E&IO&{eNm`gohG9O%4;LTO0yRA8mR0-bOO&l zPmLha@_y8Z51nOS6wWq5QfGTpV!Hd7{YZM~z z;OV)uv-7X0h{y^#1qB5n0w`y6$7#sXR}C(Da3whSw>4Pp^K>=e#f|wzai9C$`ug|d zE=?7dM0eNAs-v=kn`S=|#ZXnzUhwS%bpjylxx>GAPVy+V`Ats4UB5D^h+ zU07a@w6V3dbrH(aFP}X$<^E9zpSl!oaIJ-fh1BrGtaWe5s{>P~i+|hb!7e;k|2_gI zT&6>D>+n3>yrh&ASVUA*I8vIXtw1*RG!35GYVvS0JA$H8Nl^8C!=&qU!6B2lxNGbO zhf41ZDy8M4Qi&++Pc>w0d#=QdMAUuhML~*2MSUflRrBCM0L1IBWr}ju9mxZ32%4to zeZ}m`M(+oajgATBV}k7PHx9tD#|cVQPey;*RqJh1=5c+!5n9JB9yVW-B!jpI@fK8h zb4#Bs!m8xST$^NLU84m|@oIHsvnHK*M^cQH7o_7ixQZCKwH7ZMGQ#gQstK_KVdSg}XGzqLf1clQUQymN&1z%%Bt~hH4<1w}9T&UTRIsao#$YtXgr^EjsAQsv$NpVmzz7!50;dMh+(V2G^+|{| z_4L#>T3){XTI6ARnelD&z4|J$nCds7OVgWxfpidwc?-QsSj<1@jJd~ED%NgwtrzYzVYdnp-=}@Uh>!P9 zMBl`s+Rr_IuuomKQ)Ifh#2~J%lC6tF7(_;PIDvh@MqJl%G0uR`{nZgvm&ID{_1N^YOCe=oOiS6d=Mm3<(Mw72b+uOH*!_Ie!mka# z?NM5)53%82g0N!<{O|fB5|Ro7p~KP&V4T0JsV}S=#~EJw(tjzmzR4anxclgv`gWN+ zBErxiML+_~lm#SJDRjKYVMtj1NEFVvQ9X|!AcL@oJ7@HNmt+6$o($gXvcK~WY>7@z UqxNEl-{t{wGD^}_l7`>^2Ur;a>i_@% diff --git a/ansible/roles/ispmail-webmail/files/roundcube-managesieve-config.inc.php b/ansible/roles/ispmail-webmail/files/roundcube-managesieve-config.inc.php deleted file mode 100644 index cc53cb0..0000000 --- a/ansible/roles/ispmail-webmail/files/roundcube-managesieve-config.inc.php +++ /dev/null @@ -1,101 +0,0 @@ -// Taken from /usr/share/roundcube/plugins/managesieve/config.inc.php.dist - array( -// 'verify_peer' => true, -// 'verify_depth' => 3, -// 'cafile' => '/etc/openssl/certs/ca.crt', -// ), -// ); -$config['managesieve_conn_options'] = null; - -// default contents of filters script (eg. default spam filter) -$config['managesieve_default'] = '/etc/dovecot/sieve/global'; - -// The name of the script which will be used when there's no user script -$config['managesieve_script_name'] = 'managesieve'; - -// Sieve RFC says that we should use UTF-8 endcoding for mailbox names, -// but some implementations does not covert UTF-8 to modified UTF-7. -// Defaults to UTF7-IMAP -$config['managesieve_mbox_encoding'] = 'UTF-8'; - -// I need this because my dovecot (with listescape plugin) uses -// ':' delimiter, but creates folders with dot delimiter -$config['managesieve_replace_delimiter'] = ''; - -// disabled sieve extensions (body, copy, date, editheader, encoded-character, -// envelope, environment, ereject, fileinto, ihave, imap4flags, index, -// mailbox, mboxmetadata, regex, reject, relational, servermetadata, -// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. -// Note: not all extensions are implemented -$config['managesieve_disabled_extensions'] = array(); - -// Enables debugging of conversation with sieve server. Logs it into /sieve -$config['managesieve_debug'] = false; - -// Enables features described in http://wiki.kolab.org/KEP:14 -$config['managesieve_kolab_master'] = false; - -// Script name extension used for scripts including. Dovecot uses '.sieve', -// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled. -$config['managesieve_filename_extension'] = '.sieve'; - -// List of reserved script names (without extension). -// Scripts listed here will be not presented to the user. -$config['managesieve_filename_exceptions'] = array(); - -// List of domains limiting destination emails in redirect action -// If not empty, user will need to select domain from a list -$config['managesieve_domains'] = array(); - -// Enables separate management interface for vacation responses (out-of-office) -// 0 - no separate section (default), -// 1 - add Vacation section, -// 2 - add Vacation section, but hide Filters section -$config['managesieve_vacation'] = 0; - -// Default vacation interval (in days). -// Note: If server supports vacation-seconds extension it is possible -// to define interval in seconds here (as a string), e.g. "3600s". -$config['managesieve_vacation_interval'] = 0; - -// Some servers require vacation :addresses to be filled with all -// user addresses (aliases). This option enables automatic filling -// of these on initial vacation form creation. -$config['managesieve_vacation_addresses_init'] = false; - -// Supported methods of notify extension. Default: 'mailto' -$config['managesieve_notify_methods'] = array('mailto'); diff --git a/ansible/roles/ispmail-webmail/tasks/main.yml b/ansible/roles/ispmail-webmail/tasks/main.yml deleted file mode 100644 index cd350b2..0000000 --- a/ansible/roles/ispmail-webmail/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: install required binary packages - apt: - name: "{{ packages }}" - update_cache: yes - vars: - packages: - - roundcube - - roundcube-plugins -- name: Creating random des_key for Roundcube - shell: pwgen 24 - register: roundcube_random_des_key -- name: Deploying Roundcube configuration - template: - src: roundcube-config.inc.php.j2 - dest: /etc/roundcube/config.inc.php - owner: root - group: www-data - mode: 0640 -- name: Deploying Roundcube managesieve plugin configuration - copy: - src: roundcube-managesieve-config.inc.php - dest: /etc/roundcube/plugins/managesieve/config.inc.php - mode: 0640 -- name: Deploying Roundcube password plugin configuration - template: - src: roundcube-password-config.inc.php.j2 - dest: /etc/roundcube/plugins/password/config.inc.php - owner: root - group: www-data - mode: 0640 -- name: Copy ISPmail logo - copy: - src: ispmail-logo.png - dest: /var/lib/roundcube/ -- name: Copy Roundcube database config file - template: - src: roundcube-debian-db.php.j2 - dest: /etc/roundcube/debian-db.php - mode: 0640 diff --git a/ansible/roles/ispmail-webmail/templates/roundcube-config.inc.php.j2 b/ansible/roles/ispmail-webmail/templates/roundcube-config.inc.php.j2 deleted file mode 100644 index 0fae756..0000000 --- a/ansible/roles/ispmail-webmail/templates/roundcube-config.inc.php.j2 +++ /dev/null @@ -1,90 +0,0 @@ -