From 9170706a0395e590d19d45f56e795403d8bba2cb Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 31 Dec 2019 15:31:19 +0100 Subject: [PATCH] roundcube: the available skins is now a variable. Configure enigma to support multihost as an option. --- .../centos/playbooks/centos-update/main.yml | 39 +--------- library/roles/roundcube/defaults/main.yml | 10 +++ .../roundcube/templates/config.inc.php.j2 | 78 ++++++++++++++++++- 3 files changed, 87 insertions(+), 40 deletions(-) mode change 100644 => 120000 library/centos/playbooks/centos-update/main.yml diff --git a/library/centos/playbooks/centos-update/main.yml b/library/centos/playbooks/centos-update/main.yml deleted file mode 100644 index d156e3e4..00000000 --- a/library/centos/playbooks/centos-update/main.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This playbook updates hosts without guests. -# -# requires -e "target=somehostname" -e "yumcommand=update" - - -- name: update the system - hosts: "{{ target }}" - gather_facts: false - remote_user: root - - tasks: -# - name: expire-caches -# command: yum clean expire-cache - -# - name: yum -y {{ yumcommand }} -# command: yum -y {{ yumcommand }} -# async: 7200 -# poll: 30 - - - name: Update all the packages - yum: name=* state=latest update_cache=yes - async: 7200 - poll: 30 - -- name: run rkhunter if installed - hosts: "{{ target }}" - remote_user: root - - tasks: - - name: check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter - register: rkhunter - ignore_errors: true - - - name: run rkhunter --propupd - command: /usr/bin/rkhunter --propupd - when: rkhunter|success - diff --git a/library/centos/playbooks/centos-update/main.yml b/library/centos/playbooks/centos-update/main.yml new file mode 120000 index 00000000..0e8ab2e7 --- /dev/null +++ b/library/centos/playbooks/centos-update/main.yml @@ -0,0 +1 @@ +centos-update.yml \ No newline at end of file diff --git a/library/roles/roundcube/defaults/main.yml b/library/roles/roundcube/defaults/main.yml index 8e91332a..142478eb 100644 --- a/library/roles/roundcube/defaults/main.yml +++ b/library/roles/roundcube/defaults/main.yml @@ -102,6 +102,11 @@ roundcube_optional_plugins: - managesieve - krb_authentication +roundcube_default_skin: 'elastic' +roundcube_available_skins: + - 'elastic' + - 'larry' + roundcube_install_enigma: True roundcube_enigma_plugin: enigma roundcube_enigma_data_dir: '{{ roundcube_data_dir }}/enigma' @@ -110,6 +115,11 @@ roundcube_enigma_deps: - pinentry-curses - pinentry-tty +roundcube_enigma_gpg_bin: /usr/bin/gpg +roundcube_enigma_gpgconf_bin: /usr/bin/gpgconf +roundcube_enigma_gpgagent_bin: /usr/bin/gpg-agent +roundcube_enigma_multihost: 'false' + roundcube_managesieve_config: True roundcube_managesieve_auth: 'plain' roundcube_managesieve_port: 4190 diff --git a/library/roles/roundcube/templates/config.inc.php.j2 b/library/roles/roundcube/templates/config.inc.php.j2 index f574903c..1571aa4b 100644 --- a/library/roles/roundcube/templates/config.inc.php.j2 +++ b/library/roles/roundcube/templates/config.inc.php.j2 @@ -83,7 +83,81 @@ $config['cipher_method'] = 'AES-256-CBC'; $config['plugins'] = array({% for plug in roundcube_default_plugins %}'{{ plug }}', {% endfor %}{% for opt_plug in roundcube_optional_plugins %}'{{ opt_plug }}', {% endfor %}{% for add_plug in roundcube_additional_plugins %}'{{ add_plug }}', {% endfor %}{% if roundcube_install_enigma %}{{ roundcube_enigma_plugin }}{% endif %}); {% if roundcube_install_enigma %} +// Enigma Plugin options +// -------------------- + +// A driver to use for PGP. Default: "gnupg". +$config['enigma_pgp_driver'] = 'gnupg'; + +// A driver to use for S/MIME. Default: "phpssl". +$config['enigma_smime_driver'] = 'phpssl'; + +// Enables logging of enigma operations (including Crypt_GPG debug info) +$config['enigma_debug'] = false; + +// REQUIRED! Keys directory for all users. +// Must be writeable by PHP process, and not in the web server document root $config['enigma_pgp_homedir'] = '{{ roundcube_enigma_data_dir }}/'; + +// Location of gpg binary. By default it will be auto-detected. +// This is also a way to force gpg2 use if there are both 1.x and 2.x on the system. +$config['enigma_pgp_binary'] = '{{ roundcube_enigma_gpg_bin }}'; + +// Location of gpg-agent binary. By default it will be auto-detected. +// It's used with GnuPG 2.x. +$config['enigma_pgp_agent'] = '{{ roundcube_enigma_gpgagent_bin }}'; + +// Location of gpgconf binary. By default it will be auto-detected. +// It's used with GnuPG >= 2.1. +$config['enigma_pgp_gpgconf'] = '{{ roundcube_enigma_gpgconf_bin }}'; + +// Name of the PGP symmetric cipher algorithm. +// Run gpg --version to see the list of supported algorithms +$config['enigma_pgp_cipher_algo'] = null; + +// Name of the PGP digest (hash) algorithm. +// Run gpg --version to see the list of supported algorithms +$config['enigma_pgp_digest_algo'] = null; + +// Enables multi-host environments support. +// Enable it if you have more than one HTTP server. +// Make sure all servers run the same GnuPG version and have time in sync. +// Keys will be stored in SQL database (make sure max_allowed_packet +// is big enough). +$config['enigma_multihost'] = {{ roundcube_enigma_multihost }}; + +// Enables signatures verification feature. +$config['enigma_signatures'] = true; + +// Enables messages decryption feature. +$config['enigma_decryption'] = true; + +// Enables messages encryption and signing feature. +$config['enigma_encryption'] = true; + +// Enable signing all messages by default +$config['enigma_sign_all'] = false; + +// Enable encrypting all messages by default +$config['enigma_encrypt_all'] = false; + +// Enable attaching a public key to all messages by default +$config['enigma_attach_pubkey'] = false; + +// Default for how long to store private key passwords (in minutes). +// When set to 0 passwords will be stored for the whole session. +$config['enigma_password_time'] = 5; + +// With this option you can lock composing options +// of the plugin forcing the user to use configured settings. +// The array accepts: 'sign', 'encrypt', 'pubkey'. +// +// For example, to force your users to sign every email, +// you should set: +// - enigma_sign_all = true +// - enigma_options_lock = array('sign') +// - dont_override = array('enigma_sign_all') +$config['enigma_options_lock'] = array(); {% endif %} {% if roundcube_use_memcache %} @@ -132,10 +206,10 @@ $config['redis_max_allowed_packet'] = '2M'; $config['enable_installer'] = false; // skin name: folder from skins/ -$config['skin'] = 'elastic'; +$config['skin'] = '{{ roundcube_default_skin }}'; // limit skins available/shown in the settings section -$config['skins_allowed'] = array('elastic'); +$config['skins_allowed'] = array({% for skin in roundcube_available_skins %}'{{ skin }}'{% if not loop.last %}, {% endif %} {% endfor %}); // Logo image replacement. Specifies location of the image as: // - URL relative to the document root of this Roundcube installation