diff --git a/library/roles/roundcube/defaults/main.yml b/library/roles/roundcube/defaults/main.yml deleted file mode 100644 index 9875759..0000000 --- a/library/roles/roundcube/defaults/main.yml +++ /dev/null @@ -1,181 +0,0 @@ ---- -roundcube_version: 1.4.3 -roundcube_upgrade: False -roundcube_dist: 'roundcubemail-{{ roundcube_version }}' -roundcube_dist_filename: '{{ roundcube_dist }}-complete.tar.gz' -roundcube_download_url: 'https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/{{ roundcube_dist_filename }}' -roundcube_use_redis: False -roundcube_use_memcache: True -roundcube_local_postgresql: True -roundcube_web_basedir: /var/www/html -roundcube_web_root: '{{ roundcube_web_basedir }}/roundcube' -roundcube_data_base_dir: /srv -roundcube_data_dir: '{{ roundcube_data_base_dir }}/roundcube' -roundcube_logs_dir: '{{ roundcube_data_dir }}/logs' -roundcube_temp_dir: '{{ roundcube_data_dir }}/temp' -roundcube_skin_logo: 'null' - -roundcube_servername: '{{ ansible_fqdn }}' - -roundcube_user: roundcube - -roundcube_db: pgsql -roundcube_db_host: localhost -roundcube_db_name: roundcubemail -roundcube_db_user: roundcube_u -#roundcube_db_pwd: 'Use a vault file' - -roundcube_imap_server: 'localhost' -roundcube_imap_connection_type: 'tls' -roundcube_smtp_server: 'localhost' -roundcube_smtp_port: 587 -roundcube_smtp_automatic_credentials: True -roundcube_smtp_user: '%u' -roundcube_smtp_pass: '%p' -roundcube_support_url: '' -roundcube_product_name: 'Roundcube Webmail' -#roundcube_crypt_key: 'Use a vault file' -roundcube_force_https_connection: true -# 0 - disabled, 1 - username and host only, 2 - username, host, password -roundcube_login_autocomplete: 0 -# 0 - disabled, 1 - only domain part, 2 - domain and local part. -roundcube_login_lc: 0 - -roundcube_memcache_hosts: - - '127.0.0.1:11211' - -roundcube_domain_name: '' -roundcube_http_received_header_encrypt: false -# Set identities access level: -# 0 - many identities with possibility to edit all params -# 1 - many identities with possibility to edit all params but not email address -# 2 - one identity with possibility to edit all params -# 3 - one identity with possibility to edit all params but not email address -# 4 - one identity with possibility to edit only signature -roundcube_identities_level: 0 -roundcube_enable_spellcheck: false -# display remote resources (inline images, styles) -# 0 - Never, always ask -# 1 - Ask if sender is not in address book -# 2 - Always allow -roundcube_show_images: 0 -# compose html formatted messages by default -# 0 - never, -# 1 - always, -# 2 - on reply to HTML message, -# 3 - on forward or reply to HTML message -# 4 - always, except when replying to plain text message -roundcube_html_editor: 0 -# In minutes -roundcube_session_lifetime: 60 - -roundcube_default_plugins: - - acl - - additional_message_headers - - archive - - autologon - - database_attachments - - debug_logger - - emoticons - - hide_blockquote - - identicon - - identity_select - - jqueryui - - markasjunk - - newmail_notifier - - new_user_dialog - - new_user_identity - - show_additional_headers - - squirrelmail_usercopy - - subscriptions_option - - userinfo - - zipdownload - -# The help plugin points by default to an english-only and obsolete documentation -roundcube_optional_plugins: - - virtuser_file - - virtuser_query - - vcard_attachments - - attachment_reminder - - example_addressbook - - http_authentication - - password - - filesystem_attachments - - redundant_attachments - - managesieve - - krb_authentication - #- help - -roundcube_default_skin: 'elastic' -roundcube_available_skins: - - 'elastic' - - 'larry' - -roundcube_install_enigma: True -roundcube_enigma_plugin: enigma -roundcube_enigma_data_dir: '{{ roundcube_data_dir }}/enigma' -roundcube_enigma_deps: - - gnupg - - pinentry-curses - - pinentry-tty - -roundcube_enigma_gpg_bin: /usr/bin/gpg -roundcube_enigma_gpgconf_bin: /usr/bin/gpgconf -roundcube_enigma_gpgagent_bin: /usr/bin/gpg-agent -roundcube_enigma_multihost: 'false' - -roundcube_sauserprefs_plugin_install: False -roundcube_sauserprefs_plugin_name: sauserprefs -roundcube_sauserprefs_version: '1.18.1' -roundcube_sauserprefs_db_type: 'pgsql' -roundcube_sauserprefs_db_host: 'localhost' -roundcube_sauserprefs_db_name: 'spamassassin' -roundcube_sauserprefs_db_user: 'spamassassin' -# roundcube_sauserprefs_db_pwd: 'vault file' -roundcube_sauserprefs_git: 'https://github.com/johndoh/roundcube-sauserprefs.git' -roundcube_sauserprefs_username_field: '%i' -roundcube_sauserprefs_abook_sync: 'false' -roundcube_sauserprefs_abook_import: 'false' -roundcube_sauserprefs_pyzor_enabled: '0' -roundcube_sauserprefs_bayes_enabled: False -roundcube_sauserprefs_bayes_rules: '0' -roundcube_sauserprefs_bayes_autolearn: '0' -roundcube_sauserprefs_bayes_autolearn_threshold_nospam: '0.1' -roundcube_sauserprefs_bayes_autolearn_threshold_spam: '12.0' -roundcube_sauserprefs_autowhitelist_enabled: False -roundcube_sauserprefs_subject: '[SPAM]' -roundcube_sauserprefs_report_safe: '0' -roundcube_sauserprefs_skip_rbl_checks: '0' -# Sections are: general,tests,bayes,headers,report,addresses -roundcube_sauserprefs_do_not_override_array: "'use_razor1','use_razor2','use_dcc'" -roundcube_sauserprefs_score_opts_min: 1 -roundcube_sauserprefs_score_opts_max: 10 - -roundcube_managesieve_config: True -roundcube_managesieve_auth: 'plain' -roundcube_managesieve_port: 4190 -roundcube_managesieve_host: 'localhost' -roundcube_managesieve_tls: true -roundcube_managesieve_debug: false -roundcube_managesieve_vacation: 1 -roundcube_managesieve_forward: 1 -# IMPORTANT: you must provide a task that downloads each of the defined plugins -# cd /path/to/roundcube/plugins -# $ git clone git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git identity_smtp -roundcube_identity_smtp_plugin: False -roundcube_identity_smtp_git: 'git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git' -roundcube_identity_smtp_name: identity_smtp -roundcube_additional_plugins: [] -#roundcube_additional_plugins: -# - identity_smtp - -# The help docs are too old to be useful -roundcube_help_url: "http://docs.roundcube.net/doc/help/1.1/en_US/" -#roundcube_help_url: 'https://www.roundcubeforum.net' -roundcube_help_extwin: 'false' - -# In Megabytes. This affects both the nginx/apache and php configurations -roundcube_max_attachments_size: 5 -# This one is represented in bytes instead. -roundcube_max_db_allowed_packet: '{{ roundcube_max_attachments_size * 1024 * 1024 * 5 }}' - diff --git a/library/roles/roundcube/meta/main.yml b/library/roles/roundcube/meta/main.yml deleted file mode 100644 index 9a61777..0000000 --- a/library/roles/roundcube/meta/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -dependencies: - - { role: '../../library/roles/postgresql', when: roundcube_local_postgresql } - - { role: '../../library/roles/php-fpm' } - - { role: '../../library/roles/nginx' } - - { role: '../../library/roles/redis', when roundcube_use_redis } - - { role: '../../library/roles/memcached', when roundcube_use_memcache } diff --git a/library/roles/roundcube/tasks/main.yml b/library/roles/roundcube/tasks/main.yml deleted file mode 100644 index 5d8f035..0000000 --- a/library/roles/roundcube/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_tasks: roundcube-nginx.yml -- import_tasks: roundcube-install.yml diff --git a/library/roles/roundcube/tasks/roundcube-install.yml b/library/roles/roundcube/tasks/roundcube-install.yml deleted file mode 100644 index 7403b98..0000000 --- a/library/roles/roundcube/tasks/roundcube-install.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -- name: Prepare roundcube for upgrade - block: - - name: Remove the roundcube current installation - file: dest={{ roundcube_web_root }} state=absent - - when: roundcube_upgrade | bool - tags: [ 'roundcube', 'roundcube_upgrade' ] - -- name: Install Roundcube - block: - - name: Create the roundcube webroot - file: dest={{ roundcube_web_basedir }} owner=root group=root state=directory - - - name: Create the roundcube base data directory - file: dest={{ roundcube_data_dir }} owner=root group=root state=directory - - - name: Create the roundcube data directories - file: dest={{ item }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }} - with_items: - - '{{ roundcube_logs_dir }}' - - '{{ roundcube_temp_dir }}' - - - name: Unpack the roundcube archive - unarchive: remote_src=yes src={{ roundcube_download_url }} dest={{ roundcube_data_dir }} owner=root group=root - args: - creates: '{{ roundcube_web_root }}/public_html/index.php' - - - name: Move the roundcube installation to the final place - shell: mv {{ roundcube_data_dir }}/{{ roundcube_dist }} {{ roundcube_web_root }} - args: - creates: '{{ roundcube_web_root }}/public_html/index.php' - - tags: [ 'roundcube' ] - -- name: Manage some additional plugins - block: - - name: Install the identity_smtp plugin - git: repo={{ roundcube_identity_smtp_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_identity_smtp_name }} - when: roundcube_identity_smtp_plugin | bool - - tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config' ] - -- name: Manage the Enigma (PGP) plugin - block: - - name: Create the enigma data directory - file: dest={{ roundcube_enigma_data_dir }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }} - - - name: Install the gnupg packages - apt: pkg={{ roundcube_enigma_deps }} state=present cache_valid_time=1800 - - when: roundcube_install_enigma | bool - tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_enigma' ] - -- name: Manage the Spamassassin preferences plugin and its dependency - block: - - name: Install the sauserprefs plugin - git: repo={{ roundcube_sauserprefs_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} version={{ roundcube_sauserprefs_version }} - - - name: Install the sauserprefs plugin configuration - template: src=sauserprefs-config.inc.php.j2 dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }}/config.inc.php owner=root group={{ roundcube_user }} mode=0440 - - when: roundcube_sauserprefs_plugin_install | bool - tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ] - -- name: Remove the Spamassassin preferences plugin when not enabled - block: - - name: Remove the sauserprefs plugin - file: dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} state=absent - - when: not roundcube_sauserprefs_plugin_install | bool - tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ] - -- block: - - name: Configure the roundcube instance - template: src=config.inc.php.j2 dest={{ roundcube_web_root }}/config/config.inc.php owner=root group=root mode=0444 - - - name: Initialize the roundcube database - shell: PGPASSWORD={{ roundcube_db_pwd }} psql -h {{ roundcube_db_host }} -U {{ roundcube_db_user }} -f {{ roundcube_web_root }}/SQL/postgres.initial.sql {{ roundcube_db_name }} && touch {{ roundcube_logs_dir }}/.roundcube_db.initialized - args: - creates: '{{ roundcube_logs_dir }}/.roundcube_db.initialized' - - tags: [ 'roundcube', 'roundcube_config' ] - diff --git a/library/roles/roundcube/tasks/roundcube-nginx.yml b/library/roles/roundcube/tasks/roundcube-nginx.yml deleted file mode 100644 index c5b1b69..0000000 --- a/library/roles/roundcube/tasks/roundcube-nginx.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- block: - - name: Install the nginx virtualhosts - template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444 - with_items: '{{ phpfpm_pools }}' - notify: Reload nginx - - - name: Enable the nginx virtualhosts - file: src=/etc/nginx/sites-available/{{ item.virthost }} dest=/etc/nginx/sites-enabled/{{ item.virthost }} state=link - with_items: '{{ phpfpm_pools }}' - notify: Reload nginx - - - name: Create the nginx body temp directory - file: dest={{ nginx_client_body_temp_dir }} state=directory owner=www-data group=www-data mode=1700 - when: nginx_client_body_temp_dir is defined - - tags: [ 'nginx', 'virtualhost', 'roundcube' ] diff --git a/library/roles/roundcube/templates/config.inc.php.j2 b/library/roles/roundcube/templates/config.inc.php.j2 deleted file mode 100644 index 425b0b5..0000000 --- a/library/roles/roundcube/templates/config.inc.php.j2 +++ /dev/null @@ -1,364 +0,0 @@ -= 2.1. -$config['enigma_pgp_gpgconf'] = '{{ roundcube_enigma_gpgconf_bin }}'; - -// Name of the PGP symmetric cipher algorithm. -// Run gpg --version to see the list of supported algorithms -$config['enigma_pgp_cipher_algo'] = null; - -// Name of the PGP digest (hash) algorithm. -// Run gpg --version to see the list of supported algorithms -$config['enigma_pgp_digest_algo'] = null; - -// Enables multi-host environments support. -// Enable it if you have more than one HTTP server. -// Make sure all servers run the same GnuPG version and have time in sync. -// Keys will be stored in SQL database (make sure max_allowed_packet -// is big enough). -$config['enigma_multihost'] = {{ roundcube_enigma_multihost }}; - -// Enables signatures verification feature. -$config['enigma_signatures'] = true; - -// Enables messages decryption feature. -$config['enigma_decryption'] = true; - -// Enables messages encryption and signing feature. -$config['enigma_encryption'] = true; - -// Enable signing all messages by default -$config['enigma_sign_all'] = false; - -// Enable encrypting all messages by default -$config['enigma_encrypt_all'] = false; - -// Enable attaching a public key to all messages by default -$config['enigma_attach_pubkey'] = false; - -// Default for how long to store private key passwords (in minutes). -// When set to 0 passwords will be stored for the whole session. -$config['enigma_password_time'] = 5; - -// With this option you can lock composing options -// of the plugin forcing the user to use configured settings. -// The array accepts: 'sign', 'encrypt', 'pubkey'. -// -// For example, to force your users to sign every email, -// you should set: -// - enigma_sign_all = true -// - enigma_options_lock = array('sign') -// - dont_override = array('enigma_sign_all') -$config['enigma_options_lock'] = array(); -{% endif %} - -{% if roundcube_use_memcache %} -// Use these hosts for accessing memcached -// Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file -// Example: array('localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock'); -$config['memcache_hosts'] = array({% for h in roundcube_memcache_hosts %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %}); - -// Controls the use of a persistent connections to memcache servers -// See http://php.net/manual/en/memcache.addserver.php -$config['memcache_pconnect'] = true; - -// Value in seconds which will be used for connecting to the daemon -// See http://php.net/manual/en/memcache.addserver.php -$config['memcache_timeout'] = 1; - -// Controls how often a failed server will be retried (value in seconds). -// Setting this parameter to -1 disables automatic retry. -// See http://php.net/manual/en/memcache.addserver.php -$config['memcache_retry_interval'] = 15; -{% endif %} - -{% if roundcube_use_redis %} -// Use these hosts for accessing Redis. -// Currently only one host is supported. Cluster support may come in a future release. -// You can pass 4 fields, host, port (optional), database (optional) and password (optional). -// Unset fields will be set to the default values host=127.0.0.1, port=6379. -// Examples: -// array('localhost:6379'); -// array('192.168.1.1:6379:1:secret'); -// array('unix:///var/run/redis/redis-server.sock:1:secret'); -$config['redis_hosts'] = null; - -// Maximum size of an object in memcache (in bytes). Default: 2MB -$config['memcache_max_allowed_packet'] = '2M'; - -// Maximum size of an object in APC cache (in bytes). Default: 2MB -$config['apc_max_allowed_packet'] = '2M'; - -// Maximum size of an object in Redis cache (in bytes). Default: 2MB -$config['redis_max_allowed_packet'] = '2M'; -{% endif %} - -// Message size limit. Note that SMTP server(s) may use a different value. -// This limit is verified when user attaches files to a composed message. -// Size in bytes (possible unit suffix: K, M, G) -$config['max_message_size'] = '{{ roundcube_max_attachments_size }}M'; - -// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. -// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! -$config['enable_installer'] = false; - -// skin name: folder from skins/ -$config['skin'] = '{{ roundcube_default_skin }}'; - -// limit skins available/shown in the settings section -$config['skins_allowed'] = array({% for skin in roundcube_available_skins %}'{{ skin }}'{% if not loop.last %}, {% endif %} {% endfor %}); - -// Logo image replacement. Specifies location of the image as: -// - URL relative to the document root of this Roundcube installation -// - full URL with http:// or https:// prefix -// - URL relative to the current skin folder (when starts with a '/') -// -// An array can be used to specify different logos for specific template files -// The array key specifies the place(s) the logo should be applied to and -// is made up of (up to) 3 parts: -// - skin name prefix (always with colon, can be replaced with *) -// - template name (or * for all templates) -// - logo type - it is used for logos used on multiple templates -// the available types include '[favicon]' for favicon, '[print]' for logo on all print -// templates (e.g. messageprint, contactprint) and '[small]' for small screen logo in supported skins -// -// Example config for skin_logo -/* - array( - // show the image /images/logo_login_small.png for the Login screen in the Elastic skin on small screens - "elastic:login[small]" => "/images/logo_login_small.png", - // show the image /images/logo_login.png for the Login screen in the Elastic skin - "elastic:login" => "/images/logo_login.png", - // show the image /images/logo_small.png in the Elastic skin - "elastic:*[small]" => "/images/logo_small.png", - // show the image /images/larry.png in the Larry skin - "larry:*" => "/images/larry.png", - // show the image /images/logo_login.png on the login template in all skins - "login" => "/images/logo_login.png", - // show the image /images/logo_print.png for all print type logos in all skins - "[print]" => "/images/logo_print.png", - ); -*/ -$config['skin_logo'] = '{{ roundcube_skin_logo }}'; - -// automatically create a new Roundcube user when log-in the first time. -// a new user will be created once the IMAP login succeeds. -// set to false if only registered users can use this service -$config['auto_create_user'] = true; - -// Enables possibility to log in using email address from user identities -$config['user_aliases'] = false; - -// use this folder to store log files -// must be writeable for the user who runs PHP process (Apache user if mod_php is being used) -// This is used by the 'file' log driver. -$config['log_dir'] = '{{ roundcube_logs_dir }}/'; - -// use this folder to store temp files -// must be writeable for the user who runs PHP process (Apache user if mod_php is being used) -$config['temp_dir'] = '{{ roundcube_temp_dir }}/'; - -// expire files in temp_dir after 48 hours -// possible units: s, m, h, d, w -$config['temp_dir_ttl'] = '48h'; - -// Enforce connections over https -// With this option enabled, all non-secure connections will be redirected. -// It can be also a port number, hostname or hostname:port if they are -// different than default HTTP_HOST:443 -$config['force_https'] = {{ roundcube_force_https_connection }}; - -// tell PHP that it should work as under secure connection -// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) -// e.g. when you're running Roundcube behind a https proxy -// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. -$config['use_https'] = false; - -// Allow browser-autocompletion on login form. -// 0 - disabled, 1 - username and host only, 2 - username, host, password -$config['login_autocomplete'] = {{ roundcube_login_autocomplete }}; - -// Forces conversion of logins to lower case. -// 0 - disabled, 1 - only domain part, 2 - domain and local part. -// If users authentication is case-insensitive this must be enabled. -// Note: After enabling it all user records need to be updated, e.g. with query: -// UPDATE users SET username = LOWER(username); -$config['login_lc'] = {{ roundcube_login_lc }}; - -$config['display_product_info'] = 0; - -// Session lifetime in minutes -$config['session_lifetime'] = {{ roundcube_session_lifetime }}; - -// Session domain: .example.org -$config['session_domain'] = ''; - -// Session name. Default: 'roundcube_sessid' -$config['session_name'] = null; - -// Session authentication cookie name. Default: 'roundcube_sessauth' -$config['session_auth_name'] = null; - -{% if roundcube_use_memcache %} -$config['session_storage'] = 'memcache'; -{% elif roundcube_use_redis %} -$config['session_storage'] = 'redis'; -{% else %} -$config['session_storage'] = 'db'; -{% endif %} - -{% if haproxy_ips is defined %} -$config['proxy_whitelist'] = array({% for h in haproxy_ips %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %}); -{% endif %} - -$config['mail_domain'] = '{{ roundcube_domain_name }}'; -$config['http_received_header_encrypt'] = {{ roundcube_http_received_header_encrypt }}; -$config['identities_level'] = {{ roundcube_identities_level }}; - -$config['create_default_folders'] = true; -$config['show_real_foldernames'] = true; -$config['enable_spellcheck'] = {{ roundcube_enable_spellcheck }}; -$config['show_images'] = {{ roundcube_show_images }}; -$config['htmleditor'] = {{ roundcube_html_editor }}; - -{% if roundcube_managesieve_config %} -// managesieve server port -$rcmail_config['managesieve_port'] = {{ roundcube_managesieve_port }}; -$config['managesieve_auth_type'] = '{{ roundcube_managesieve_auth }}'; -$rcmail_config['managesieve_host'] = '{{ roundcube_managesieve_host }}'; -$rcmail_config['managesieve_usetls'] = {{ roundcube_managesieve_tls }}; -$config['managesieve_debug'] = {{ roundcube_managesieve_debug }}; -$config['managesieve_vacation'] = {{ roundcube_managesieve_vacation }}; -$config['managesieve_forward'] = {{ roundcube_managesieve_forward }}; -{% endif %} - -// Help URL. The default does not work -$config['help_source'] = '{{ roundcube_help_url }}'; -// Map to translate Roundcube language codes into help document languages -// The '*' entry will be used as default -$config['help_language_map'] = array('*' => 'en_US'); - -// Enter an absolute URL to a page displaying information about this webmail -// Alternatively, create a HTML file under /content/about.html -$config['help_about_url'] = null; - -// Enter an absolute URL to a page displaying information about this webmail -// Alternatively, put your license text to /content/license.html -$config['help_license_url'] = null; - -// Determine whether to open the help in a new window -$config['help_open_extwin'] = {{ roundcube_help_extwin }}; diff --git a/library/roles/roundcube/templates/nginx-virthost.conf.j2 b/library/roles/roundcube/templates/nginx-virthost.conf.j2 deleted file mode 100644 index 6bba5ef..0000000 --- a/library/roles/roundcube/templates/nginx-virthost.conf.j2 +++ /dev/null @@ -1,135 +0,0 @@ -upstream php-handler { - server {{ item.listen }}; -} - -server { - listen 80; - {% if haproxy_ips is not defined %} - listen [::]:80; - {% endif %} - server_name {{ item.nginx_servername }}; - # enforce https - location ~ /\.(?!well-known).* { - deny all; - access_log off; - log_not_found off; - return 404; - } - include /etc/nginx/snippets/letsencrypt-proxy.conf; - location / { - return 301 https://$server_name$request_uri; - } -} - -server { - listen 443 ssl http2; - {% if haproxy_ips is not defined %} - listen [::]:443 ssl http2; - {% endif %} - server_name {{ item.nginx_servername }}; - - include /etc/nginx/snippets/nginx-server-ssl.conf; - server_tokens off; - - {% if haproxy_ips is defined %} - # We are behind haproxy - {% for ip in haproxy_ips %} - set_real_ip_from {{ ip }}; - {% endfor %} - real_ip_header X-Forwarded-For; - {% endif %} - - index index.php; - - # This determines the max size of attachments. Configure the corresponding php options accordingly - client_max_body_size {{ nginx_client_max_body_size }}; - - # Add headers to serve security related headers - # Before enabling Strict-Transport-Security headers please read into this - # topic first. - # add_header Strict-Transport-Security "max-age=15768000; - # includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - - # Path to the root of your installation - root {{ item.doc_root }}; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - location ~ \.php$ { - include /etc/nginx/snippets/fastcgi-php.conf; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - #Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - # Adding the cache control header for js and css files - # Make sure it is BELOW the PHP block - location ~ \.(?:css|js|woff|svg|gif)$ { - try_files $uri /index.php$uri$is_args$args; - add_header Cache-Control "public, max-age=15778463"; - # Add headers to serve security related headers (It is intended to - # have those duplicated to the ones above) - # Before enabling Strict-Transport-Security headers please read into - # this topic first. - # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - # - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - # Optional: Don't log access to assets - access_log off; - } - - location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; - # Optional: Don't log access to other assets - access_log off; - } -} - diff --git a/library/roles/roundcube/templates/sauserprefs-config.inc.php.j2 b/library/roles/roundcube/templates/sauserprefs-config.inc.php.j2 deleted file mode 100644 index e97816b..0000000 --- a/library/roles/roundcube/templates/sauserprefs-config.inc.php.j2 +++ /dev/null @@ -1,132 +0,0 @@ - 'mail1_config.inc.php', -// 'mail2.domain.tld' => 'mail2_config.inc.php', -// ); -$config['sauserprefs_host_config'] = null; - -// default settings -// these are overridden by $GLOBAL and user settings from the database -$config['sauserprefs_default_prefs'] = array( - 'required_score' => 5, - 'rewrite_header Subject' => '{{ roundcube_sauserprefs_subject }}', - 'ok_languages' => 'all', - 'ok_locales' => 'all', - 'fold_headers' => 1, - 'add_header all Level' => '_STARS(*)_', - 'use_razor1' => 0, - 'use_razor2' => 0, - 'use_pyzor' => {{ roundcube_sauserprefs_pyzor_enabled }}, - 'use_dcc' => 0, - 'report_safe' => {{ roundcube_sauserprefs_report_safe }}, -{% if roundcube_sauserprefs_bayes_enabled %} - 'use_bayes' => 1, - 'bayes_auto_learn' => {{ roundcube_sauserprefs_bayes_autolearn }}, - 'bayes_auto_learn_threshold_nonspam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_nospam }}, - 'bayes_auto_learn_threshold_spam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_spam }}, - 'use_bayes_rules' => {{ roundcube_sauserprefs_bayes_rules }}, -{% endif %} -{% if roundcube_sauserprefs_autowhitelist_enabled %} - 'use_auto_whitelist' => 1, -{% else %} - 'use_auto_whitelist' => 0, -{% endif %} - 'skip_rbl_checks' => {{ roundcube_sauserprefs_skip_rbl_checks }}, - 'score USER_IN_BLACKLIST' => 10, - 'score USER_IN_WHITELIST' => -10 - ); - -// score options -// define the ranges for the various score select boxes -// '[field name]' => array('min' => [min], 'max' => [max], 'increment' => [increment], 'extra' => array()) -// note: the 'extra' key is optional and should contain further arrays with min, max and increment keys -$config['sauserprefs_score_options'] = array( - '*' => array('min' => {{ roundcube_sauserprefs_score_opts_min }}, 'max' => {{ roundcube_sauserprefs_score_opts_max }}, 'increment' => 1), - '_bayesnonspam' => array('min' => -1, 'max' => 1, 'increment' => 0.1), - '_bayesspam' => array('min' => 1, 'max' => 20, 'increment' => 1), - '_score_user_blacklist' => array('min' => 0, 'max' => 100, 'increment' => 10, 'extra' => array(array('min' => 1, 'max' => 10, 'increment' => 1))), - '_score_user_whitelist' => array('min' => -100, 'max' => -1, 'increment' => 10, 'extra' => array(array('min' => -10, 'max' => -1, 'increment' => 1))) - ); - -// delete user bayesian data stored in database -// the query can contain the following macros that will be expanded as follows: -// %u is replaced with the username from the sauserprefs_userid setting above -// use an array to run multiple queries -// set to null to disable this option -// eg. $config['sauserprefs_bayes_delete_query'] = array( -// 'DELETE FROM bayes_seen WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);', -// 'DELETE FROM bayes_token WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);', -// 'DELETE FROM bayes_vars WHERE username = %u;' -// ); -$config['sauserprefs_bayes_delete_query'] = null; - -// allowed languages -// set to array of language codes to limit the language list available for the ok_languages option -// eg array('en', 'es', 'ru', 'zh'); -// see the README for a full list of supported languages -// set to null for all possible languages -$config['sauserprefs_langs_allowed'] = null; diff --git a/library/roles/roundcube/vars/main.yml b/library/roles/roundcube/vars/main.yml deleted file mode 100644 index 264cafd..0000000 --- a/library/roles/roundcube/vars/main.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -nginx_use_common_virthost: False -nginx_client_max_body_size: '{{ roundcube_max_attachments_size * 2 }}M' - -phpfpm_default_user: '{{ roundcube_user }}' -phpfpm_default_pool_name: roundcube -phpfpm_default_memory_limit: '{{ roundcube_max_attachments_size * 10 }}M' -redis_install: False -http_port: 80 -https_port: 443 - -php_version: 7.2 - -php_additional_packages: - - 'php{{ php_version }}-gd' - - 'php{{ php_version }}-json' - - 'php{{ php_version }}-ldap' - - 'php{{ php_version }}-{{ roundcube_db }}' - - 'php{{ php_version }}-xml' - - 'php{{ php_version }}-mbstring' - - 'php{{ php_version }}-intl' - - 'php{{ php_version }}-curl' - - 'php{{ php_version }}-zip' - - 'php{{ php_version }}-bz2' - - 'php{{ php_version }}-gmp' - - 'php-imagick' - - 'php-apcu' - - postgresql-client - - 'php{{ php_version }}-memcache' - -php_global_settings: - - { option: 'zlib.output_compression', value: 'Off' } - - { option: 'post_max_size', value: '{{ roundcube_max_attachments_size }}M' } - - { option: 'upload_max_filesize', value: '{{ roundcube_max_attachments_size }}M' } - - { option: 'session.auto_start', value: 'Off' } - - { option: 'suhosin.session.encrypt', value: 'Off' } - - { option: 'session.gc_maxlifetime', value: '21600' } - - { option: 'session.gc_divisor', value: '500' } - - { option: 'session.gc_probability', value: '1' } - - { option: 'always_populate_raw_post_data', value: '-1' } - - { option: 'allow_url_fopen', value: 'on' } - - { option: 'max_execution_time', value: '240' } - - { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' } - - { option: 'max_input_vars', value: '1400' } - - { option: 'opcache.enable', value: '1' } - - { option: 'opcache.enable_cli', value: '1' } - - { option: 'opcache.interned_strings_buffer', value: '8' } - - { option: 'opcache.max_accelerated_files', value: '10000' } - - { option: 'opcache.memory_consumption', value: '128' } - - { option: 'opcache.save_comments', value: '1' } - - { option: 'opcache.revalidate_freq', value: '1' } - -php_cli_global_settings: '{{ php_global_settings }}' - -phpfpm_pools: - - { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', upload_max_filesize: '{{ roundcube_max_attachments_size }}M', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', doc_root: '{{ roundcube_web_root }}/public_html', req_term_timeout: '240s', virthost: '{{ roundcube_servername }}', nginx_servername: '{{ roundcube_servername }}' } -