ISTI-ansible-roles
/
ansible-role-roundcube
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Import the old role.

This commit is contained in:
Andrea Dell'Amico 2020-07-10 16:46:06 +02:00
parent 05e21e0045
commit 3b1ae63396
10 changed files with 1061 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
README.md
View File

@ -1,31 +1,62 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
A role that installs the RoundCube webmail, <https://roundcube.net/>
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
The most important variables are listed below:
``` yaml
roundcube_version: 1.4.7
roundcube_upgrade: False
roundcube_dist: 'roundcubemail-{{ roundcube_version }}'
roundcube_dist_filename: '{{ roundcube_dist }}-complete.tar.gz'
roundcube_download_url: 'https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/{{ roundcube_dist_filename }}'
roundcube_use_redis: False
roundcube_use_memcache: True
roundcube_local_postgresql: True
roundcube_web_basedir: /var/www/html
roundcube_web_root: '{{ roundcube_web_basedir }}/roundcube'
roundcube_data_base_dir: /srv
roundcube_data_dir: '{{ roundcube_data_base_dir }}/roundcube'
roundcube_logs_dir: '{{ roundcube_data_dir }}/logs'
roundcube_temp_dir: '{{ roundcube_data_dir }}/temp'
roundcube_skin_logo: 'null'
roundcube_servername: '{{ ansible_fqdn }}'
roundcube_user: roundcube
roundcube_db: pgsql
roundcube_db_host: localhost
roundcube_db_name: roundcubemail
roundcube_db_user: roundcube_u
#roundcube_db_pwd: 'Use a vault file'
roundcube_imap_server: 'localhost'
roundcube_imap_connection_type: 'tls'
roundcube_smtp_server: 'localhost'
roundcube_smtp_port: 587
roundcube_smtp_automatic_credentials: True
roundcube_smtp_user: '%u'
roundcube_smtp_pass: '%p'
roundcube_support_url: ''
roundcube_product_name: 'Roundcube Webmail'
#roundcube_crypt_key: 'Use a vault file'
roundcube_force_https_connection: true
# 0 - disabled, 1 - username and host only, 2 - username, host, password
roundcube_login_autocomplete: 0
# 0 - disabled, 1 - only domain part, 2 - domain and local part.
roundcube_login_lc: 0
roundcube_memcache_hosts:
- '127.0.0.1:11211'
```
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
None
License
-------
@ -35,4 +66,4 @@ EUPL-1.2
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>

185
defaults/main.yml
View File

@ -1,2 +1,185 @@
---
# defaults file for ansible-role-template
roundcube_version: 1.4.7
roundcube_upgrade: False
roundcube_dist: 'roundcubemail-{{ roundcube_version }}'
roundcube_dist_filename: '{{ roundcube_dist }}-complete.tar.gz'
roundcube_download_url: 'https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/{{ roundcube_dist_filename }}'
roundcube_use_redis: False
roundcube_use_memcache: True
roundcube_local_postgresql: True
roundcube_web_basedir: /var/www/html
roundcube_web_root: '{{ roundcube_web_basedir }}/roundcube'
roundcube_data_base_dir: /srv
roundcube_data_dir: '{{ roundcube_data_base_dir }}/roundcube'
roundcube_logs_dir: '{{ roundcube_data_dir }}/logs'
roundcube_temp_dir: '{{ roundcube_data_dir }}/temp'
roundcube_skin_logo: 'null'
roundcube_servername: '{{ ansible_fqdn }}'
roundcube_user: roundcube
roundcube_db: pgsql
roundcube_db_host: localhost
roundcube_db_name: roundcubemail
roundcube_db_user: roundcube_u
#roundcube_db_pwd: 'Use a vault file'
roundcube_imap_server: 'localhost'
roundcube_imap_connection_type: 'tls'
roundcube_smtp_server: 'localhost'
roundcube_smtp_port: 587
roundcube_smtp_automatic_credentials: True
roundcube_smtp_user: '%u'
roundcube_smtp_pass: '%p'
roundcube_support_url: ''
roundcube_product_name: 'Roundcube Webmail'
#roundcube_crypt_key: 'Use a vault file'
roundcube_force_https_connection: true
# 0 - disabled, 1 - username and host only, 2 - username, host, password
roundcube_login_autocomplete: 0
# 0 - disabled, 1 - only domain part, 2 - domain and local part.
roundcube_login_lc: 0
roundcube_memcache_hosts:
- '127.0.0.1:11211'
# redis
redis_install: '{{ roundcube_redis_install }}'
# PHP
phpfpm_pools: '{{ roundcube_phpfpm_pools }}'
php_global_settings: '{{ roundcube_php_global_settings }}'
roundcube_domain_name: ''
roundcube_http_received_header_encrypt: false
# Set identities access level:
# 0 - many identities with possibility to edit all params
# 1 - many identities with possibility to edit all params but not email address
# 2 - one identity with possibility to edit all params
# 3 - one identity with possibility to edit all params but not email address
# 4 - one identity with possibility to edit only signature
roundcube_identities_level: 0
roundcube_enable_spellcheck: false
# display remote resources (inline images, styles)
# 0 - Never, always ask
# 1 - Ask if sender is not in address book
# 2 - Always allow
roundcube_show_images: 0
# compose html formatted messages by default
# 0 - never,
# 1 - always,
# 2 - on reply to HTML message,
# 3 - on forward or reply to HTML message
# 4 - always, except when replying to plain text message
roundcube_html_editor: 0
# In minutes
roundcube_session_lifetime: 60
roundcube_default_plugins:
- acl
- additional_message_headers
- archive
- autologon
- database_attachments
- debug_logger
- emoticons
- hide_blockquote
- identicon
- identity_select
- jqueryui
- markasjunk
- newmail_notifier
- new_user_dialog
- new_user_identity
- show_additional_headers
- squirrelmail_usercopy
- subscriptions_option
- userinfo
- zipdownload
# The help plugin points by default to an english-only and obsolete documentation
roundcube_optional_plugins:
- virtuser_file
- virtuser_query
- vcard_attachments
- attachment_reminder
- example_addressbook
- http_authentication
- password
- filesystem_attachments
- redundant_attachments
- managesieve
- krb_authentication
#- help
roundcube_default_skin: 'elastic'
roundcube_available_skins:
- 'elastic'
- 'larry'
roundcube_install_enigma: True
roundcube_enigma_plugin: enigma
roundcube_enigma_data_dir: '{{ roundcube_data_dir }}/enigma'
roundcube_enigma_deps:
- gnupg
- pinentry-curses
- pinentry-tty
roundcube_enigma_gpg_bin: /usr/bin/gpg
roundcube_enigma_gpgconf_bin: /usr/bin/gpgconf
roundcube_enigma_gpgagent_bin: /usr/bin/gpg-agent
roundcube_enigma_multihost: 'false'
roundcube_sauserprefs_plugin_install: False
roundcube_sauserprefs_plugin_name: sauserprefs
roundcube_sauserprefs_version: '1.18.1'
roundcube_sauserprefs_db_type: 'pgsql'
roundcube_sauserprefs_db_host: 'localhost'
roundcube_sauserprefs_db_name: 'spamassassin'
roundcube_sauserprefs_db_user: 'spamassassin'
# roundcube_sauserprefs_db_pwd: 'vault file'
roundcube_sauserprefs_git: 'https://github.com/johndoh/roundcube-sauserprefs.git'
roundcube_sauserprefs_username_field: '%i'
roundcube_sauserprefs_abook_sync: 'false'
roundcube_sauserprefs_abook_import: 'false'
roundcube_sauserprefs_pyzor_enabled: '0'
roundcube_sauserprefs_bayes_enabled: False
roundcube_sauserprefs_bayes_rules: '0'
roundcube_sauserprefs_bayes_autolearn: '0'
roundcube_sauserprefs_bayes_autolearn_threshold_nospam: '0.1'
roundcube_sauserprefs_bayes_autolearn_threshold_spam: '12.0'
roundcube_sauserprefs_autowhitelist_enabled: False
roundcube_sauserprefs_subject: '[SPAM]'
roundcube_sauserprefs_report_safe: '0'
roundcube_sauserprefs_skip_rbl_checks: '0'
# Sections are: general,tests,bayes,headers,report,addresses
roundcube_sauserprefs_do_not_override_array: "'use_razor1','use_razor2','use_dcc'"
roundcube_sauserprefs_score_opts_min: 1
roundcube_sauserprefs_score_opts_max: 10
roundcube_managesieve_config: True
roundcube_managesieve_auth: 'plain'
roundcube_managesieve_port: 4190
roundcube_managesieve_host: 'localhost'
roundcube_managesieve_tls: true
roundcube_managesieve_debug: false
roundcube_managesieve_vacation: 1
roundcube_managesieve_forward: 1
# IMPORTANT: you must provide a task that downloads each of the defined plugins
# cd /path/to/roundcube/plugins
# $ git clone git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git identity_smtp
roundcube_identity_smtp_plugin: False
roundcube_identity_smtp_git: 'git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git'
roundcube_identity_smtp_name: identity_smtp
roundcube_additional_plugins: []
#roundcube_additional_plugins:
# - identity_smtp
# The help docs are too old to be useful
roundcube_help_url: "http://docs.roundcube.net/doc/help/1.1/en_US/"
#roundcube_help_url: 'https://www.roundcubeforum.net'
roundcube_help_extwin: 'false'
# In Megabytes. This affects both the nginx/apache and php configurations
roundcube_max_attachments_size: 5
# This one is represented in bytes instead.
roundcube_max_db_allowed_packet: '{{ roundcube_max_attachments_size * 1024 * 1024 * 5 }}'

85
meta/main.yml
View File

@ -1,61 +1,50 @@
galaxy_info:
author: your name
description: your description
author: Andrea Dell'Amico
description: Systems Architect
company: ISTI-CNR
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: EUPL-1.2
license: EUPL 1.2+
min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Ubuntu
versions:
- bionic
- name: EL
versions:
- 7
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
galaxy_tags:
- webmail
- roundcube
dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-postgresql.git
version: master
name: postgresql
state: latest
when: roundcube_local_postgresql
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-php-fpm.git
version: master
name: php-fpm
state: latest
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-nginx.git
version: master
name: nginx
state: latest
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-redis.git
version: master
name: redis
state: latest
when: roundcube_use_redis
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-memcached.git
version: master
name: memcached
state: latest
when: roundcube_use_memcache

3
tasks/main.yml
View File

@ -1,2 +1,3 @@
---
# tasks file for ansible-role-template
- import_tasks: roundcube-nginx.yml
- import_tasks: roundcube-install.yml

84
tasks/roundcube-install.yml Normal file
View File

@ -0,0 +1,84 @@
---
- name: Prepare roundcube for upgrade
block:
- name: Remove the roundcube current installation
file: dest={{ roundcube_web_root }} state=absent
when: roundcube_upgrade | bool
tags: [ 'roundcube', 'roundcube_upgrade' ]
- name: Install Roundcube
block:
- name: Create the roundcube webroot
file: dest={{ roundcube_web_basedir }} owner=root group=root state=directory
- name: Create the roundcube base data directory
file: dest={{ roundcube_data_dir }} owner=root group=root state=directory
- name: Create the roundcube data directories
file: dest={{ item }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }}
with_items:
- '{{ roundcube_logs_dir }}'
- '{{ roundcube_temp_dir }}'
- name: Unpack the roundcube archive
unarchive: remote_src=yes src={{ roundcube_download_url }} dest={{ roundcube_data_dir }} owner=root group=root
args:
creates: '{{ roundcube_web_root }}/public_html/index.php'
- name: Move the roundcube installation to the final place
shell: mv {{ roundcube_data_dir }}/{{ roundcube_dist }} {{ roundcube_web_root }}
args:
creates: '{{ roundcube_web_root }}/public_html/index.php'
tags: [ 'roundcube' ]
- name: Manage some additional plugins
block:
- name: Install the identity_smtp plugin
git: repo={{ roundcube_identity_smtp_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_identity_smtp_name }}
when: roundcube_identity_smtp_plugin | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config' ]
- name: Manage the Enigma (PGP) plugin
block:
- name: Create the enigma data directory
file: dest={{ roundcube_enigma_data_dir }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }}
- name: Install the gnupg packages
apt: pkg={{ roundcube_enigma_deps }} state=present cache_valid_time=1800
when: roundcube_install_enigma | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_enigma' ]
- name: Manage the Spamassassin preferences plugin and its dependency
block:
- name: Install the sauserprefs plugin
git: repo={{ roundcube_sauserprefs_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} version={{ roundcube_sauserprefs_version }}
- name: Install the sauserprefs plugin configuration
template: src=sauserprefs-config.inc.php.j2 dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }}/config.inc.php owner=root group={{ roundcube_user }} mode=0440
when: roundcube_sauserprefs_plugin_install | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ]
- name: Remove the Spamassassin preferences plugin when not enabled
block:
- name: Remove the sauserprefs plugin
file: dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} state=absent
when: not roundcube_sauserprefs_plugin_install | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ]
- block:
- name: Configure the roundcube instance
template: src=config.inc.php.j2 dest={{ roundcube_web_root }}/config/config.inc.php owner=root group=root mode=0444
- name: Initialize the roundcube database
shell: PGPASSWORD={{ roundcube_db_pwd }} psql -h {{ roundcube_db_host }} -U {{ roundcube_db_user }} -f {{ roundcube_web_root }}/SQL/postgres.initial.sql {{ roundcube_db_name }} && touch {{ roundcube_logs_dir }}/.roundcube_db.initialized
args:
creates: '{{ roundcube_logs_dir }}/.roundcube_db.initialized'
tags: [ 'roundcube', 'roundcube_config' ]

17
tasks/roundcube-nginx.yml Normal file
View File

@ -0,0 +1,17 @@
---
- block:
- name: Install the nginx virtualhosts
template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Enable the nginx virtualhosts
file: src=/etc/nginx/sites-available/{{ item.virthost }} dest=/etc/nginx/sites-enabled/{{ item.virthost }} state=link
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Create the nginx body temp directory
file: dest={{ nginx_client_body_temp_dir }} state=directory owner=www-data group=www-data mode=1700
when: nginx_client_body_temp_dir is defined
tags: [ 'nginx', 'virtualhost', 'roundcube' ]

364
templates/config.inc.php.j2 Normal file
View File

@ -0,0 +1,364 @@
<?php
/*
+-----------------------------------------------------------------------+
| Local configuration for the Roundcube Webmail installation. |
| |
| This is a sample configuration file only containing the minimum |
| setup required for a functional installation. Copy more options |
| from defaults.inc.php to this file to override the defaults. |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
+-----------------------------------------------------------------------+
*/
$config = array();
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
// or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
$config['db_dsnw'] = '{{ roundcube_db }}://{{ roundcube_db_user }}:{{ roundcube_db_pwd }}@{{ roundcube_db_host }}/{{ roundcube_db_name}}';
// It is possible to specify database variable values e.g. some limits here.
// Use them if your server is not MySQL or for better performance.
// For example Roundcube uses max_allowed_packet value (in bytes)
// which limits query size for database cache operations.
$config['db_max_allowed_packet'] = '{{ roundcube_max_db_allowed_packet }}';
// The IMAP host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = '{{ roundcube_imap_connection_type }}://{{ roundcube_imap_server }}';
// SMTP server host (for sending mails).
// Enter hostname with prefix tls:// to use STARTTLS, or use
// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = '{{ roundcube_smtp_server }}';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = {{ roundcube_smtp_port }};
{% if roundcube_smtp_automatic_credentials %}
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '{{ roundcube_smtp_user }}';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '{{ roundcube_smtp_pass }}';
{% endif %}
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '{{ roundcube_support_url }}';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = '{{ roundcube_product_name }}';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = '{{ roundcube_crypt_key }}';
$config['cipher_method'] = 'AES-256-CBC';
// List of active plugins (in plugins/ directory)
$config['plugins'] = array({% for plug in roundcube_default_plugins %}'{{ plug }}', {% endfor %}{% for opt_plug in roundcube_optional_plugins %}'{{ opt_plug }}', {% endfor %}{% for add_plug in roundcube_additional_plugins %}'{{ add_plug }}', {% endfor %}{% if roundcube_install_enigma %}'{{ roundcube_enigma_plugin }}'{% endif %});
{% if roundcube_install_enigma %}
// Enigma Plugin options
// --------------------
// A driver to use for PGP. Default: "gnupg".
$config['enigma_pgp_driver'] = 'gnupg';
// A driver to use for S/MIME. Default: "phpssl".
$config['enigma_smime_driver'] = 'phpssl';
// Enables logging of enigma operations (including Crypt_GPG debug info)
$config['enigma_debug'] = false;
// REQUIRED! Keys directory for all users.
// Must be writeable by PHP process, and not in the web server document root
$config['enigma_pgp_homedir'] = '{{ roundcube_enigma_data_dir }}/';
// Location of gpg binary. By default it will be auto-detected.
// This is also a way to force gpg2 use if there are both 1.x and 2.x on the system.
$config['enigma_pgp_binary'] = '{{ roundcube_enigma_gpg_bin }}';
// Location of gpg-agent binary. By default it will be auto-detected.
// It's used with GnuPG 2.x.
$config['enigma_pgp_agent'] = '{{ roundcube_enigma_gpgagent_bin }}';
// Location of gpgconf binary. By default it will be auto-detected.
// It's used with GnuPG >= 2.1.
$config['enigma_pgp_gpgconf'] = '{{ roundcube_enigma_gpgconf_bin }}';
// Name of the PGP symmetric cipher algorithm.
// Run gpg --version to see the list of supported algorithms
$config['enigma_pgp_cipher_algo'] = null;
// Name of the PGP digest (hash) algorithm.
// Run gpg --version to see the list of supported algorithms
$config['enigma_pgp_digest_algo'] = null;
// Enables multi-host environments support.
// Enable it if you have more than one HTTP server.
// Make sure all servers run the same GnuPG version and have time in sync.
// Keys will be stored in SQL database (make sure max_allowed_packet
// is big enough).
$config['enigma_multihost'] = {{ roundcube_enigma_multihost }};
// Enables signatures verification feature.
$config['enigma_signatures'] = true;
// Enables messages decryption feature.
$config['enigma_decryption'] = true;
// Enables messages encryption and signing feature.
$config['enigma_encryption'] = true;
// Enable signing all messages by default
$config['enigma_sign_all'] = false;
// Enable encrypting all messages by default
$config['enigma_encrypt_all'] = false;
// Enable attaching a public key to all messages by default
$config['enigma_attach_pubkey'] = false;
// Default for how long to store private key passwords (in minutes).
// When set to 0 passwords will be stored for the whole session.
$config['enigma_password_time'] = 5;
// With this option you can lock composing options
// of the plugin forcing the user to use configured settings.
// The array accepts: 'sign', 'encrypt', 'pubkey'.
//
// For example, to force your users to sign every email,
// you should set:
// - enigma_sign_all = true
// - enigma_options_lock = array('sign')
// - dont_override = array('enigma_sign_all')
$config['enigma_options_lock'] = array();
{% endif %}
{% if roundcube_use_memcache %}
// Use these hosts for accessing memcached
// Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file
// Example: array('localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock');
$config['memcache_hosts'] = array({% for h in roundcube_memcache_hosts %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %});
// Controls the use of a persistent connections to memcache servers
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_pconnect'] = true;
// Value in seconds which will be used for connecting to the daemon
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_timeout'] = 1;
// Controls how often a failed server will be retried (value in seconds).
// Setting this parameter to -1 disables automatic retry.
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_retry_interval'] = 15;
{% endif %}
{% if roundcube_use_redis %}
// Use these hosts for accessing Redis.
// Currently only one host is supported. Cluster support may come in a future release.
// You can pass 4 fields, host, port (optional), database (optional) and password (optional).
// Unset fields will be set to the default values host=127.0.0.1, port=6379.
// Examples:
// array('localhost:6379');
// array('192.168.1.1:6379:1:secret');
// array('unix:///var/run/redis/redis-server.sock:1:secret');
$config['redis_hosts'] = null;
// Maximum size of an object in memcache (in bytes). Default: 2MB
$config['memcache_max_allowed_packet'] = '2M';
// Maximum size of an object in APC cache (in bytes). Default: 2MB
$config['apc_max_allowed_packet'] = '2M';
// Maximum size of an object in Redis cache (in bytes). Default: 2MB
$config['redis_max_allowed_packet'] = '2M';
{% endif %}
// Message size limit. Note that SMTP server(s) may use a different value.
// This limit is verified when user attaches files to a composed message.
// Size in bytes (possible unit suffix: K, M, G)
$config['max_message_size'] = '{{ roundcube_max_attachments_size }}M';
// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
$config['enable_installer'] = false;
// skin name: folder from skins/
$config['skin'] = '{{ roundcube_default_skin }}';
// limit skins available/shown in the settings section
$config['skins_allowed'] = array({% for skin in roundcube_available_skins %}'{{ skin }}'{% if not loop.last %}, {% endif %} {% endfor %});
// Logo image replacement. Specifies location of the image as:
// - URL relative to the document root of this Roundcube installation
// - full URL with http:// or https:// prefix
// - URL relative to the current skin folder (when starts with a '/')
//
// An array can be used to specify different logos for specific template files
// The array key specifies the place(s) the logo should be applied to and
// is made up of (up to) 3 parts:
// - skin name prefix (always with colon, can be replaced with *)
// - template name (or * for all templates)
// - logo type - it is used for logos used on multiple templates
// the available types include '[favicon]' for favicon, '[print]' for logo on all print
// templates (e.g. messageprint, contactprint) and '[small]' for small screen logo in supported skins
//
// Example config for skin_logo
/*
array(
// show the image /images/logo_login_small.png for the Login screen in the Elastic skin on small screens
"elastic:login[small]" => "/images/logo_login_small.png",
// show the image /images/logo_login.png for the Login screen in the Elastic skin
"elastic:login" => "/images/logo_login.png",
// show the image /images/logo_small.png in the Elastic skin
"elastic:*[small]" => "/images/logo_small.png",
// show the image /images/larry.png in the Larry skin
"larry:*" => "/images/larry.png",
// show the image /images/logo_login.png on the login template in all skins
"login" => "/images/logo_login.png",
// show the image /images/logo_print.png for all print type logos in all skins
"[print]" => "/images/logo_print.png",
);
*/
$config['skin_logo'] = '{{ roundcube_skin_logo }}';
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$config['auto_create_user'] = true;
// Enables possibility to log in using email address from user identities
$config['user_aliases'] = false;
// use this folder to store log files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
// This is used by the 'file' log driver.
$config['log_dir'] = '{{ roundcube_logs_dir }}/';
// use this folder to store temp files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
$config['temp_dir'] = '{{ roundcube_temp_dir }}/';
// expire files in temp_dir after 48 hours
// possible units: s, m, h, d, w
$config['temp_dir_ttl'] = '48h';
// Enforce connections over https
// With this option enabled, all non-secure connections will be redirected.
// It can be also a port number, hostname or hostname:port if they are
// different than default HTTP_HOST:443
$config['force_https'] = {{ roundcube_force_https_connection }};
// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$config['use_https'] = false;
// Allow browser-autocompletion on login form.
// 0 - disabled, 1 - username and host only, 2 - username, host, password
$config['login_autocomplete'] = {{ roundcube_login_autocomplete }};
// Forces conversion of logins to lower case.
// 0 - disabled, 1 - only domain part, 2 - domain and local part.
// If users authentication is case-insensitive this must be enabled.
// Note: After enabling it all user records need to be updated, e.g. with query:
// UPDATE users SET username = LOWER(username);
$config['login_lc'] = {{ roundcube_login_lc }};
$config['display_product_info'] = 0;
// Session lifetime in minutes
$config['session_lifetime'] = {{ roundcube_session_lifetime }};
// Session domain: .example.org
$config['session_domain'] = '';
// Session name. Default: 'roundcube_sessid'
$config['session_name'] = null;
// Session authentication cookie name. Default: 'roundcube_sessauth'
$config['session_auth_name'] = null;
{% if roundcube_use_memcache %}
$config['session_storage'] = 'memcache';
{% elif roundcube_use_redis %}
$config['session_storage'] = 'redis';
{% else %}
$config['session_storage'] = 'db';
{% endif %}
{% if haproxy_ips is defined %}
$config['proxy_whitelist'] = array({% for h in haproxy_ips %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %});
{% endif %}
$config['mail_domain'] = '{{ roundcube_domain_name }}';
$config['http_received_header_encrypt'] = {{ roundcube_http_received_header_encrypt }};
$config['identities_level'] = {{ roundcube_identities_level }};
$config['create_default_folders'] = true;
$config['show_real_foldernames'] = true;
$config['enable_spellcheck'] = {{ roundcube_enable_spellcheck }};
$config['show_images'] = {{ roundcube_show_images }};
$config['htmleditor'] = {{ roundcube_html_editor }};
{% if roundcube_managesieve_config %}
// managesieve server port
$rcmail_config['managesieve_port'] = {{ roundcube_managesieve_port }};
$config['managesieve_auth_type'] = '{{ roundcube_managesieve_auth }}';
$rcmail_config['managesieve_host'] = '{{ roundcube_managesieve_host }}';
$rcmail_config['managesieve_usetls'] = {{ roundcube_managesieve_tls }};
$config['managesieve_debug'] = {{ roundcube_managesieve_debug }};
$config['managesieve_vacation'] = {{ roundcube_managesieve_vacation }};
$config['managesieve_forward'] = {{ roundcube_managesieve_forward }};
{% endif %}
// Help URL. The default does not work
$config['help_source'] = '{{ roundcube_help_url }}';
// Map to translate Roundcube language codes into help document languages
// The '*' entry will be used as default
$config['help_language_map'] = array('*' => 'en_US');
// Enter an absolute URL to a page displaying information about this webmail
// Alternatively, create a HTML file under <this-plugin-dir>/content/about.html
$config['help_about_url'] = null;
// Enter an absolute URL to a page displaying information about this webmail
// Alternatively, put your license text to <this-plugin-dir>/content/license.html
$config['help_license_url'] = null;
// Determine whether to open the help in a new window
$config['help_open_extwin'] = {{ roundcube_help_extwin }};

135
templates/nginx-virthost.conf.j2 Normal file
View File

@ -0,0 +1,135 @@
upstream php-handler {
server {{ item.listen }};
}
server {
listen 80;
{% if haproxy_ips is not defined %}
listen [::]:80;
{% endif %}
server_name {{ item.nginx_servername }};
# enforce https
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
{% if haproxy_ips is not defined %}
listen [::]:443 ssl http2;
{% endif %}
server_name {{ item.nginx_servername }};
include /etc/nginx/snippets/nginx-server-ssl.conf;
server_tokens off;
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
index index.php;
# This determines the max size of attachments. Configure the corresponding php options accordingly
client_max_body_size {{ nginx_client_max_body_size }};
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root {{ item.doc_root }};
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location ~ \.php$ {
include /etc/nginx/snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

132
templates/sauserprefs-config.inc.php.j2 Normal file
View File

@ -0,0 +1,132 @@
<?php
/**
* SAUserPrefs configuration file
*/
// spamassassin database settings
$config['sauserprefs_db_dsnw'] = '{{ roundcube_sauserprefs_db_type }}://{{ roundcube_sauserprefs_db_user }}:{{ roundcube_sauserprefs_db_pwd }}@{{ roundcube_sauserprefs_db_host }}/{{ roundcube_sauserprefs_db_name }}';
// PEAR database DSN for read only operations (if empty write database will be used)
// useful for database replication
$config['sauserprefs_db_dsnr'] = '';
// use persistent db-connections
// beware this will not "always" work as expected
// see: http://www.php.net/manual/en/features.persistent-connections.php
$config['sauserprefs_db_persistent'] = false;
// table that holds user prefs
$config['sauserprefs_sql_table_name'] = 'userpref';
// name of the username field in the user prefs table
$config['sauserprefs_sql_username_field'] = 'username';
// name of the preference field in the user prefs table, holds the name of the preference
$config['sauserprefs_sql_preference_field'] = 'preference';
// name of the value field in the user prefs table, holds the value of the preference
$config['sauserprefs_sql_value_field'] = 'value';
// username of the current user in the database, normaly %u (username from the session info)
// %u is replaced with the username (from the session info)
// %l is replaced with the local part of the username (if the username is an email address)
// %d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
// %i is replaced with the email address from the user's default identity
$config['sauserprefs_userid'] = '{{ roundcube_sauserprefs_username_field }}';
// username of the global or default settings user in the database, normaly $GLOBAL or @GLOBAL
$config['sauserprefs_global_userid'] = '\$GLOBAL';
// enable address whitelist synchronisation with address book(s)
// possible values:
// false - synchronisation disabled
// true - synchronise with default address book
// array - an array of address book ids to synchronise with e.g. array('0', 'global'); '0' = the default address book
$config['sauserprefs_abook_sync'] = {{ roundcube_sauserprefs_abook_sync }};
// set to false to disable address book import
// possible values:
// false - address import disabled
// true - import addresses from default address book
// array - an array of address book ids to import e.g. array('0', 'global'); '0' = the default address book
$config['sauserprefs_abook_import'] = {{ roundcube_sauserprefs_abook_import }};
// don't allow these settings to be overriden by the user
// eg. $config['sauserprefs_dont_override'] = array('required_score','rewrite_header Subject');
// to disable entire sections enter the section name surrounded by braces. Sections are: general,tests,bayes,headers,report,addresses
// eg. $config['sauserprefs_dont_override'] = array('{tests}');
$config['sauserprefs_dont_override'] = array({{ roundcube_sauserprefs_do_not_override_array }});
// activate SAUserPrefs for selected mail hosts only. If this is not set all mail hosts are allowed.
// example: $config['sauserprefs_allowed_hosts'] = array('mail1.domain.tld', 'mail2.domain.tld');
$config['sauserprefs_allowed_hosts'] = null;
// load specific config for different mail hosts
// example: $config['sauserprefs_host_config'] = array(
// 'mail1.domain.tld' => 'mail1_config.inc.php',
// 'mail2.domain.tld' => 'mail2_config.inc.php',
// );
$config['sauserprefs_host_config'] = null;
// default settings
// these are overridden by $GLOBAL and user settings from the database
$config['sauserprefs_default_prefs'] = array(
'required_score' => 5,
'rewrite_header Subject' => '{{ roundcube_sauserprefs_subject }}',
'ok_languages' => 'all',
'ok_locales' => 'all',
'fold_headers' => 1,
'add_header all Level' => '_STARS(*)_',
'use_razor1' => 0,
'use_razor2' => 0,
'use_pyzor' => {{ roundcube_sauserprefs_pyzor_enabled }},
'use_dcc' => 0,
'report_safe' => {{ roundcube_sauserprefs_report_safe }},
{% if roundcube_sauserprefs_bayes_enabled %}
'use_bayes' => 1,
'bayes_auto_learn' => {{ roundcube_sauserprefs_bayes_autolearn }},
'bayes_auto_learn_threshold_nonspam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_nospam }},
'bayes_auto_learn_threshold_spam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_spam }},
'use_bayes_rules' => {{ roundcube_sauserprefs_bayes_rules }},
{% endif %}
{% if roundcube_sauserprefs_autowhitelist_enabled %}
'use_auto_whitelist' => 1,
{% else %}
'use_auto_whitelist' => 0,
{% endif %}
'skip_rbl_checks' => {{ roundcube_sauserprefs_skip_rbl_checks }},
'score USER_IN_BLACKLIST' => 10,
'score USER_IN_WHITELIST' => -10
);
// score options
// define the ranges for the various score select boxes
// '[field name]' => array('min' => [min], 'max' => [max], 'increment' => [increment], 'extra' => array())
// note: the 'extra' key is optional and should contain further arrays with min, max and increment keys
$config['sauserprefs_score_options'] = array(
'*' => array('min' => {{ roundcube_sauserprefs_score_opts_min }}, 'max' => {{ roundcube_sauserprefs_score_opts_max }}, 'increment' => 1),
'_bayesnonspam' => array('min' => -1, 'max' => 1, 'increment' => 0.1),
'_bayesspam' => array('min' => 1, 'max' => 20, 'increment' => 1),
'_score_user_blacklist' => array('min' => 0, 'max' => 100, 'increment' => 10, 'extra' => array(array('min' => 1, 'max' => 10, 'increment' => 1))),
'_score_user_whitelist' => array('min' => -100, 'max' => -1, 'increment' => 10, 'extra' => array(array('min' => -10, 'max' => -1, 'increment' => 1)))
);
// delete user bayesian data stored in database
// the query can contain the following macros that will be expanded as follows:
// %u is replaced with the username from the sauserprefs_userid setting above
// use an array to run multiple queries
// set to null to disable this option
// eg. $config['sauserprefs_bayes_delete_query'] = array(
// 'DELETE FROM bayes_seen WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);',
// 'DELETE FROM bayes_token WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);',
// 'DELETE FROM bayes_vars WHERE username = %u;'
// );
$config['sauserprefs_bayes_delete_query'] = null;
// allowed languages
// set to array of language codes to limit the language list available for the ok_languages option
// eg array('en', 'es', 'ru', 'zh');
// see the README for a full list of supported languages
// set to null for all possible languages
$config['sauserprefs_langs_allowed'] = null;

58
vars/main.yml
View File

@ -1,2 +1,58 @@
---
# vars file for ansible-role-template
nginx_use_common_virthost: False
nginx_client_max_body_size: '{{ roundcube_max_attachments_size * 2 }}M'
phpfpm_default_user: '{{ roundcube_user }}'
phpfpm_default_pool_name: roundcube
phpfpm_default_memory_limit: '{{ roundcube_max_attachments_size * 10 }}M'
roundcube_redis_install: False
http_port: 80
https_port: 443
php_from_ppa: True
php_version: 7.2
php_additional_packages:
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-json'
- 'php{{ php_version }}-ldap'
- 'php{{ php_version }}-{{ roundcube_db }}'
- 'php{{ php_version }}-xml'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-intl'
- 'php{{ php_version }}-curl'
- 'php{{ php_version }}-zip'
- 'php{{ php_version }}-bz2'
- 'php{{ php_version }}-gmp'
- 'php-imagick'
- 'php-apcu'
- postgresql-client
- 'php{{ php_version }}-memcache'
roundcube_php_global_settings:
- { option: 'zlib.output_compression', value: 'Off' }
- { option: 'post_max_size', value: '{{ roundcube_max_attachments_size }}M' }
- { option: 'upload_max_filesize', value: '{{ roundcube_max_attachments_size }}M' }
- { option: 'session.auto_start', value: 'Off' }
- { option: 'suhosin.session.encrypt', value: 'Off' }
- { option: 'session.gc_maxlifetime', value: '21600' }
- { option: 'session.gc_divisor', value: '500' }
- { option: 'session.gc_probability', value: '1' }
- { option: 'always_populate_raw_post_data', value: '-1' }
- { option: 'allow_url_fopen', value: 'on' }
- { option: 'max_execution_time', value: '240' }
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
- { option: 'max_input_vars', value: '1400' }
- { option: 'opcache.enable', value: '1' }
- { option: 'opcache.enable_cli', value: '1' }
- { option: 'opcache.interned_strings_buffer', value: '8' }
- { option: 'opcache.max_accelerated_files', value: '10000' }
- { option: 'opcache.memory_consumption', value: '128' }
- { option: 'opcache.save_comments', value: '1' }
- { option: 'opcache.revalidate_freq', value: '1' }
php_cli_global_settings: '{{ php_global_settings }}'
roundcube_phpfpm_pools:
- { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', upload_max_filesize: '{{ roundcube_max_attachments_size }}M', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', doc_root: '{{ roundcube_web_root }}/public_html', req_term_timeout: '240s', virthost: '{{ roundcube_servername }}', nginx_servername: '{{ roundcube_servername }}' }