tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Roundcube lives in its own repository now.

This commit is contained in:
Andrea Dell'Amico 2020-07-10 16:46:33 +02:00
parent 6a2caf92a9
commit 4041633aa4
9 changed files with 0 additions and 980 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
library/roles/roundcube/defaults/main.yml
View File

@ -1,181 +0,0 @@
---
roundcube_version: 1.4.3
roundcube_upgrade: False
roundcube_dist: 'roundcubemail-{{ roundcube_version }}'
roundcube_dist_filename: '{{ roundcube_dist }}-complete.tar.gz'
roundcube_download_url: 'https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/{{ roundcube_dist_filename }}'
roundcube_use_redis: False
roundcube_use_memcache: True
roundcube_local_postgresql: True
roundcube_web_basedir: /var/www/html
roundcube_web_root: '{{ roundcube_web_basedir }}/roundcube'
roundcube_data_base_dir: /srv
roundcube_data_dir: '{{ roundcube_data_base_dir }}/roundcube'
roundcube_logs_dir: '{{ roundcube_data_dir }}/logs'
roundcube_temp_dir: '{{ roundcube_data_dir }}/temp'
roundcube_skin_logo: 'null'
roundcube_servername: '{{ ansible_fqdn }}'
roundcube_user: roundcube
roundcube_db: pgsql
roundcube_db_host: localhost
roundcube_db_name: roundcubemail
roundcube_db_user: roundcube_u
#roundcube_db_pwd: 'Use a vault file'
roundcube_imap_server: 'localhost'
roundcube_imap_connection_type: 'tls'
roundcube_smtp_server: 'localhost'
roundcube_smtp_port: 587
roundcube_smtp_automatic_credentials: True
roundcube_smtp_user: '%u'
roundcube_smtp_pass: '%p'
roundcube_support_url: ''
roundcube_product_name: 'Roundcube Webmail'
#roundcube_crypt_key: 'Use a vault file'
roundcube_force_https_connection: true
# 0 - disabled, 1 - username and host only, 2 - username, host, password
roundcube_login_autocomplete: 0
# 0 - disabled, 1 - only domain part, 2 - domain and local part.
roundcube_login_lc: 0
roundcube_memcache_hosts:
- '127.0.0.1:11211'
roundcube_domain_name: ''
roundcube_http_received_header_encrypt: false
# Set identities access level:
# 0 - many identities with possibility to edit all params
# 1 - many identities with possibility to edit all params but not email address
# 2 - one identity with possibility to edit all params
# 3 - one identity with possibility to edit all params but not email address
# 4 - one identity with possibility to edit only signature
roundcube_identities_level: 0
roundcube_enable_spellcheck: false
# display remote resources (inline images, styles)
# 0 - Never, always ask
# 1 - Ask if sender is not in address book
# 2 - Always allow
roundcube_show_images: 0
# compose html formatted messages by default
# 0 - never,
# 1 - always,
# 2 - on reply to HTML message,
# 3 - on forward or reply to HTML message
# 4 - always, except when replying to plain text message
roundcube_html_editor: 0
# In minutes
roundcube_session_lifetime: 60
roundcube_default_plugins:
- acl
- additional_message_headers
- archive
- autologon
- database_attachments
- debug_logger
- emoticons
- hide_blockquote
- identicon
- identity_select
- jqueryui
- markasjunk
- newmail_notifier
- new_user_dialog
- new_user_identity
- show_additional_headers
- squirrelmail_usercopy
- subscriptions_option
- userinfo
- zipdownload
# The help plugin points by default to an english-only and obsolete documentation
roundcube_optional_plugins:
- virtuser_file
- virtuser_query
- vcard_attachments
- attachment_reminder
- example_addressbook
- http_authentication
- password
- filesystem_attachments
- redundant_attachments
- managesieve
- krb_authentication
#- help
roundcube_default_skin: 'elastic'
roundcube_available_skins:
- 'elastic'
- 'larry'
roundcube_install_enigma: True
roundcube_enigma_plugin: enigma
roundcube_enigma_data_dir: '{{ roundcube_data_dir }}/enigma'
roundcube_enigma_deps:
- gnupg
- pinentry-curses
- pinentry-tty
roundcube_enigma_gpg_bin: /usr/bin/gpg
roundcube_enigma_gpgconf_bin: /usr/bin/gpgconf
roundcube_enigma_gpgagent_bin: /usr/bin/gpg-agent
roundcube_enigma_multihost: 'false'
roundcube_sauserprefs_plugin_install: False
roundcube_sauserprefs_plugin_name: sauserprefs
roundcube_sauserprefs_version: '1.18.1'
roundcube_sauserprefs_db_type: 'pgsql'
roundcube_sauserprefs_db_host: 'localhost'
roundcube_sauserprefs_db_name: 'spamassassin'
roundcube_sauserprefs_db_user: 'spamassassin'
# roundcube_sauserprefs_db_pwd: 'vault file'
roundcube_sauserprefs_git: 'https://github.com/johndoh/roundcube-sauserprefs.git'
roundcube_sauserprefs_username_field: '%i'
roundcube_sauserprefs_abook_sync: 'false'
roundcube_sauserprefs_abook_import: 'false'
roundcube_sauserprefs_pyzor_enabled: '0'
roundcube_sauserprefs_bayes_enabled: False
roundcube_sauserprefs_bayes_rules: '0'
roundcube_sauserprefs_bayes_autolearn: '0'
roundcube_sauserprefs_bayes_autolearn_threshold_nospam: '0.1'
roundcube_sauserprefs_bayes_autolearn_threshold_spam: '12.0'
roundcube_sauserprefs_autowhitelist_enabled: False
roundcube_sauserprefs_subject: '[SPAM]'
roundcube_sauserprefs_report_safe: '0'
roundcube_sauserprefs_skip_rbl_checks: '0'
# Sections are: general,tests,bayes,headers,report,addresses
roundcube_sauserprefs_do_not_override_array: "'use_razor1','use_razor2','use_dcc'"
roundcube_sauserprefs_score_opts_min: 1
roundcube_sauserprefs_score_opts_max: 10
roundcube_managesieve_config: True
roundcube_managesieve_auth: 'plain'
roundcube_managesieve_port: 4190
roundcube_managesieve_host: 'localhost'
roundcube_managesieve_tls: true
roundcube_managesieve_debug: false
roundcube_managesieve_vacation: 1
roundcube_managesieve_forward: 1
# IMPORTANT: you must provide a task that downloads each of the defined plugins
# cd /path/to/roundcube/plugins
# $ git clone git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git identity_smtp
roundcube_identity_smtp_plugin: False
roundcube_identity_smtp_git: 'git://github.com/elm/Roundcube-SMTP-per-Identity-Plugin.git'
roundcube_identity_smtp_name: identity_smtp
roundcube_additional_plugins: []
#roundcube_additional_plugins:
# - identity_smtp
# The help docs are too old to be useful
roundcube_help_url: "http://docs.roundcube.net/doc/help/1.1/en_US/"
#roundcube_help_url: 'https://www.roundcubeforum.net'
roundcube_help_extwin: 'false'
# In Megabytes. This affects both the nginx/apache and php configurations
roundcube_max_attachments_size: 5
# This one is represented in bytes instead.
roundcube_max_db_allowed_packet: '{{ roundcube_max_attachments_size * 1024 * 1024 * 5 }}'

7
library/roles/roundcube/meta/main.yml
View File

@ -1,7 +0,0 @@
---
dependencies:
- { role: '../../library/roles/postgresql', when: roundcube_local_postgresql }
- { role: '../../library/roles/php-fpm' }
- { role: '../../library/roles/nginx' }
- { role: '../../library/roles/redis', when roundcube_use_redis }
- { role: '../../library/roles/memcached', when roundcube_use_memcache }

3
library/roles/roundcube/tasks/main.yml
View File

@ -1,3 +0,0 @@
---
- import_tasks: roundcube-nginx.yml
- import_tasks: roundcube-install.yml

84
library/roles/roundcube/tasks/roundcube-install.yml
View File

@ -1,84 +0,0 @@
---
- name: Prepare roundcube for upgrade
block:
- name: Remove the roundcube current installation
file: dest={{ roundcube_web_root }} state=absent
when: roundcube_upgrade | bool
tags: [ 'roundcube', 'roundcube_upgrade' ]
- name: Install Roundcube
block:
- name: Create the roundcube webroot
file: dest={{ roundcube_web_basedir }} owner=root group=root state=directory
- name: Create the roundcube base data directory
file: dest={{ roundcube_data_dir }} owner=root group=root state=directory
- name: Create the roundcube data directories
file: dest={{ item }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }}
with_items:
- '{{ roundcube_logs_dir }}'
- '{{ roundcube_temp_dir }}'
- name: Unpack the roundcube archive
unarchive: remote_src=yes src={{ roundcube_download_url }} dest={{ roundcube_data_dir }} owner=root group=root
args:
creates: '{{ roundcube_web_root }}/public_html/index.php'
- name: Move the roundcube installation to the final place
shell: mv {{ roundcube_data_dir }}/{{ roundcube_dist }} {{ roundcube_web_root }}
args:
creates: '{{ roundcube_web_root }}/public_html/index.php'
tags: [ 'roundcube' ]
- name: Manage some additional plugins
block:
- name: Install the identity_smtp plugin
git: repo={{ roundcube_identity_smtp_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_identity_smtp_name }}
when: roundcube_identity_smtp_plugin | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config' ]
- name: Manage the Enigma (PGP) plugin
block:
- name: Create the enigma data directory
file: dest={{ roundcube_enigma_data_dir }} state=directory owner={{ roundcube_user }} group={{ roundcube_user }}
- name: Install the gnupg packages
apt: pkg={{ roundcube_enigma_deps }} state=present cache_valid_time=1800
when: roundcube_install_enigma | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_enigma' ]
- name: Manage the Spamassassin preferences plugin and its dependency
block:
- name: Install the sauserprefs plugin
git: repo={{ roundcube_sauserprefs_git }} dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} version={{ roundcube_sauserprefs_version }}
- name: Install the sauserprefs plugin configuration
template: src=sauserprefs-config.inc.php.j2 dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }}/config.inc.php owner=root group={{ roundcube_user }} mode=0440
when: roundcube_sauserprefs_plugin_install | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ]
- name: Remove the Spamassassin preferences plugin when not enabled
block:
- name: Remove the sauserprefs plugin
file: dest={{ roundcube_web_root }}/plugins/{{ roundcube_sauserprefs_plugin_name }} state=absent
when: not roundcube_sauserprefs_plugin_install | bool
tags: [ 'roundcube', 'roundcube_plugins', 'roundcube_config', 'roundcube_sauserprefs' ]
- block:
- name: Configure the roundcube instance
template: src=config.inc.php.j2 dest={{ roundcube_web_root }}/config/config.inc.php owner=root group=root mode=0444
- name: Initialize the roundcube database
shell: PGPASSWORD={{ roundcube_db_pwd }} psql -h {{ roundcube_db_host }} -U {{ roundcube_db_user }} -f {{ roundcube_web_root }}/SQL/postgres.initial.sql {{ roundcube_db_name }} && touch {{ roundcube_logs_dir }}/.roundcube_db.initialized
args:
creates: '{{ roundcube_logs_dir }}/.roundcube_db.initialized'
tags: [ 'roundcube', 'roundcube_config' ]

17
library/roles/roundcube/tasks/roundcube-nginx.yml
View File

@ -1,17 +0,0 @@
---
- block:
- name: Install the nginx virtualhosts
template: src=nginx-virthost.conf.j2 dest=/etc/nginx/sites-available/{{ item.virthost }} owner=root group=root mode=0444
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Enable the nginx virtualhosts
file: src=/etc/nginx/sites-available/{{ item.virthost }} dest=/etc/nginx/sites-enabled/{{ item.virthost }} state=link
with_items: '{{ phpfpm_pools }}'
notify: Reload nginx
- name: Create the nginx body temp directory
file: dest={{ nginx_client_body_temp_dir }} state=directory owner=www-data group=www-data mode=1700
when: nginx_client_body_temp_dir is defined
tags: [ 'nginx', 'virtualhost', 'roundcube' ]

364
library/roles/roundcube/templates/config.inc.php.j2
View File

@ -1,364 +0,0 @@
<?php
/*
+-----------------------------------------------------------------------+
| Local configuration for the Roundcube Webmail installation. |
| |
| This is a sample configuration file only containing the minimum |
| setup required for a functional installation. Copy more options |
| from defaults.inc.php to this file to override the defaults. |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
+-----------------------------------------------------------------------+
*/
$config = array();
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
// or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
$config['db_dsnw'] = '{{ roundcube_db }}://{{ roundcube_db_user }}:{{ roundcube_db_pwd }}@{{ roundcube_db_host }}/{{ roundcube_db_name}}';
// It is possible to specify database variable values e.g. some limits here.
// Use them if your server is not MySQL or for better performance.
// For example Roundcube uses max_allowed_packet value (in bytes)
// which limits query size for database cache operations.
$config['db_max_allowed_packet'] = '{{ roundcube_max_db_allowed_packet }}';
// The IMAP host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = '{{ roundcube_imap_connection_type }}://{{ roundcube_imap_server }}';
// SMTP server host (for sending mails).
// Enter hostname with prefix tls:// to use STARTTLS, or use
// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = '{{ roundcube_smtp_server }}';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = {{ roundcube_smtp_port }};
{% if roundcube_smtp_automatic_credentials %}
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '{{ roundcube_smtp_user }}';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '{{ roundcube_smtp_pass }}';
{% endif %}
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '{{ roundcube_support_url }}';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = '{{ roundcube_product_name }}';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = '{{ roundcube_crypt_key }}';
$config['cipher_method'] = 'AES-256-CBC';
// List of active plugins (in plugins/ directory)
$config['plugins'] = array({% for plug in roundcube_default_plugins %}'{{ plug }}', {% endfor %}{% for opt_plug in roundcube_optional_plugins %}'{{ opt_plug }}', {% endfor %}{% for add_plug in roundcube_additional_plugins %}'{{ add_plug }}', {% endfor %}{% if roundcube_install_enigma %}'{{ roundcube_enigma_plugin }}'{% endif %});
{% if roundcube_install_enigma %}
// Enigma Plugin options
// --------------------
// A driver to use for PGP. Default: "gnupg".
$config['enigma_pgp_driver'] = 'gnupg';
// A driver to use for S/MIME. Default: "phpssl".
$config['enigma_smime_driver'] = 'phpssl';
// Enables logging of enigma operations (including Crypt_GPG debug info)
$config['enigma_debug'] = false;
// REQUIRED! Keys directory for all users.
// Must be writeable by PHP process, and not in the web server document root
$config['enigma_pgp_homedir'] = '{{ roundcube_enigma_data_dir }}/';
// Location of gpg binary. By default it will be auto-detected.
// This is also a way to force gpg2 use if there are both 1.x and 2.x on the system.
$config['enigma_pgp_binary'] = '{{ roundcube_enigma_gpg_bin }}';
// Location of gpg-agent binary. By default it will be auto-detected.
// It's used with GnuPG 2.x.
$config['enigma_pgp_agent'] = '{{ roundcube_enigma_gpgagent_bin }}';
// Location of gpgconf binary. By default it will be auto-detected.
// It's used with GnuPG >= 2.1.
$config['enigma_pgp_gpgconf'] = '{{ roundcube_enigma_gpgconf_bin }}';
// Name of the PGP symmetric cipher algorithm.
// Run gpg --version to see the list of supported algorithms
$config['enigma_pgp_cipher_algo'] = null;
// Name of the PGP digest (hash) algorithm.
// Run gpg --version to see the list of supported algorithms
$config['enigma_pgp_digest_algo'] = null;
// Enables multi-host environments support.
// Enable it if you have more than one HTTP server.
// Make sure all servers run the same GnuPG version and have time in sync.
// Keys will be stored in SQL database (make sure max_allowed_packet
// is big enough).
$config['enigma_multihost'] = {{ roundcube_enigma_multihost }};
// Enables signatures verification feature.
$config['enigma_signatures'] = true;
// Enables messages decryption feature.
$config['enigma_decryption'] = true;
// Enables messages encryption and signing feature.
$config['enigma_encryption'] = true;
// Enable signing all messages by default
$config['enigma_sign_all'] = false;
// Enable encrypting all messages by default
$config['enigma_encrypt_all'] = false;
// Enable attaching a public key to all messages by default
$config['enigma_attach_pubkey'] = false;
// Default for how long to store private key passwords (in minutes).
// When set to 0 passwords will be stored for the whole session.
$config['enigma_password_time'] = 5;
// With this option you can lock composing options
// of the plugin forcing the user to use configured settings.
// The array accepts: 'sign', 'encrypt', 'pubkey'.
//
// For example, to force your users to sign every email,
// you should set:
// - enigma_sign_all = true
// - enigma_options_lock = array('sign')
// - dont_override = array('enigma_sign_all')
$config['enigma_options_lock'] = array();
{% endif %}
{% if roundcube_use_memcache %}
// Use these hosts for accessing memcached
// Define any number of hosts in the form of hostname:port or unix:///path/to/socket.file
// Example: array('localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock');
$config['memcache_hosts'] = array({% for h in roundcube_memcache_hosts %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %});
// Controls the use of a persistent connections to memcache servers
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_pconnect'] = true;
// Value in seconds which will be used for connecting to the daemon
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_timeout'] = 1;
// Controls how often a failed server will be retried (value in seconds).
// Setting this parameter to -1 disables automatic retry.
// See http://php.net/manual/en/memcache.addserver.php
$config['memcache_retry_interval'] = 15;
{% endif %}
{% if roundcube_use_redis %}
// Use these hosts for accessing Redis.
// Currently only one host is supported. Cluster support may come in a future release.
// You can pass 4 fields, host, port (optional), database (optional) and password (optional).
// Unset fields will be set to the default values host=127.0.0.1, port=6379.
// Examples:
// array('localhost:6379');
// array('192.168.1.1:6379:1:secret');
// array('unix:///var/run/redis/redis-server.sock:1:secret');
$config['redis_hosts'] = null;
// Maximum size of an object in memcache (in bytes). Default: 2MB
$config['memcache_max_allowed_packet'] = '2M';
// Maximum size of an object in APC cache (in bytes). Default: 2MB
$config['apc_max_allowed_packet'] = '2M';
// Maximum size of an object in Redis cache (in bytes). Default: 2MB
$config['redis_max_allowed_packet'] = '2M';
{% endif %}
// Message size limit. Note that SMTP server(s) may use a different value.
// This limit is verified when user attaches files to a composed message.
// Size in bytes (possible unit suffix: K, M, G)
$config['max_message_size'] = '{{ roundcube_max_attachments_size }}M';
// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
$config['enable_installer'] = false;
// skin name: folder from skins/
$config['skin'] = '{{ roundcube_default_skin }}';
// limit skins available/shown in the settings section
$config['skins_allowed'] = array({% for skin in roundcube_available_skins %}'{{ skin }}'{% if not loop.last %}, {% endif %} {% endfor %});
// Logo image replacement. Specifies location of the image as:
// - URL relative to the document root of this Roundcube installation
// - full URL with http:// or https:// prefix
// - URL relative to the current skin folder (when starts with a '/')
//
// An array can be used to specify different logos for specific template files
// The array key specifies the place(s) the logo should be applied to and
// is made up of (up to) 3 parts:
// - skin name prefix (always with colon, can be replaced with *)
// - template name (or * for all templates)
// - logo type - it is used for logos used on multiple templates
// the available types include '[favicon]' for favicon, '[print]' for logo on all print
// templates (e.g. messageprint, contactprint) and '[small]' for small screen logo in supported skins
//
// Example config for skin_logo
/*
array(
// show the image /images/logo_login_small.png for the Login screen in the Elastic skin on small screens
"elastic:login[small]" => "/images/logo_login_small.png",
// show the image /images/logo_login.png for the Login screen in the Elastic skin
"elastic:login" => "/images/logo_login.png",
// show the image /images/logo_small.png in the Elastic skin
"elastic:*[small]" => "/images/logo_small.png",
// show the image /images/larry.png in the Larry skin
"larry:*" => "/images/larry.png",
// show the image /images/logo_login.png on the login template in all skins
"login" => "/images/logo_login.png",
// show the image /images/logo_print.png for all print type logos in all skins
"[print]" => "/images/logo_print.png",
);
*/
$config['skin_logo'] = '{{ roundcube_skin_logo }}';
// automatically create a new Roundcube user when log-in the first time.
// a new user will be created once the IMAP login succeeds.
// set to false if only registered users can use this service
$config['auto_create_user'] = true;
// Enables possibility to log in using email address from user identities
$config['user_aliases'] = false;
// use this folder to store log files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
// This is used by the 'file' log driver.
$config['log_dir'] = '{{ roundcube_logs_dir }}/';
// use this folder to store temp files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
$config['temp_dir'] = '{{ roundcube_temp_dir }}/';
// expire files in temp_dir after 48 hours
// possible units: s, m, h, d, w
$config['temp_dir_ttl'] = '48h';
// Enforce connections over https
// With this option enabled, all non-secure connections will be redirected.
// It can be also a port number, hostname or hostname:port if they are
// different than default HTTP_HOST:443
$config['force_https'] = {{ roundcube_force_https_connection }};
// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$config['use_https'] = false;
// Allow browser-autocompletion on login form.
// 0 - disabled, 1 - username and host only, 2 - username, host, password
$config['login_autocomplete'] = {{ roundcube_login_autocomplete }};
// Forces conversion of logins to lower case.
// 0 - disabled, 1 - only domain part, 2 - domain and local part.
// If users authentication is case-insensitive this must be enabled.
// Note: After enabling it all user records need to be updated, e.g. with query:
// UPDATE users SET username = LOWER(username);
$config['login_lc'] = {{ roundcube_login_lc }};
$config['display_product_info'] = 0;
// Session lifetime in minutes
$config['session_lifetime'] = {{ roundcube_session_lifetime }};
// Session domain: .example.org
$config['session_domain'] = '';
// Session name. Default: 'roundcube_sessid'
$config['session_name'] = null;
// Session authentication cookie name. Default: 'roundcube_sessauth'
$config['session_auth_name'] = null;
{% if roundcube_use_memcache %}
$config['session_storage'] = 'memcache';
{% elif roundcube_use_redis %}
$config['session_storage'] = 'redis';
{% else %}
$config['session_storage'] = 'db';
{% endif %}
{% if haproxy_ips is defined %}
$config['proxy_whitelist'] = array({% for h in haproxy_ips %}'{{ h }}'{% if not loop.last %}, {% endif %} {% endfor %});
{% endif %}
$config['mail_domain'] = '{{ roundcube_domain_name }}';
$config['http_received_header_encrypt'] = {{ roundcube_http_received_header_encrypt }};
$config['identities_level'] = {{ roundcube_identities_level }};
$config['create_default_folders'] = true;
$config['show_real_foldernames'] = true;
$config['enable_spellcheck'] = {{ roundcube_enable_spellcheck }};
$config['show_images'] = {{ roundcube_show_images }};
$config['htmleditor'] = {{ roundcube_html_editor }};
{% if roundcube_managesieve_config %}
// managesieve server port
$rcmail_config['managesieve_port'] = {{ roundcube_managesieve_port }};
$config['managesieve_auth_type'] = '{{ roundcube_managesieve_auth }}';
$rcmail_config['managesieve_host'] = '{{ roundcube_managesieve_host }}';
$rcmail_config['managesieve_usetls'] = {{ roundcube_managesieve_tls }};
$config['managesieve_debug'] = {{ roundcube_managesieve_debug }};
$config['managesieve_vacation'] = {{ roundcube_managesieve_vacation }};
$config['managesieve_forward'] = {{ roundcube_managesieve_forward }};
{% endif %}
// Help URL. The default does not work
$config['help_source'] = '{{ roundcube_help_url }}';
// Map to translate Roundcube language codes into help document languages
// The '*' entry will be used as default
$config['help_language_map'] = array('*' => 'en_US');
// Enter an absolute URL to a page displaying information about this webmail
// Alternatively, create a HTML file under <this-plugin-dir>/content/about.html
$config['help_about_url'] = null;
// Enter an absolute URL to a page displaying information about this webmail
// Alternatively, put your license text to <this-plugin-dir>/content/license.html
$config['help_license_url'] = null;
// Determine whether to open the help in a new window
$config['help_open_extwin'] = {{ roundcube_help_extwin }};

135
library/roles/roundcube/templates/nginx-virthost.conf.j2
View File

@ -1,135 +0,0 @@
upstream php-handler {
server {{ item.listen }};
}
server {
listen 80;
{% if haproxy_ips is not defined %}
listen [::]:80;
{% endif %}
server_name {{ item.nginx_servername }};
# enforce https
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
return 404;
}
include /etc/nginx/snippets/letsencrypt-proxy.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
{% if haproxy_ips is not defined %}
listen [::]:443 ssl http2;
{% endif %}
server_name {{ item.nginx_servername }};
include /etc/nginx/snippets/nginx-server-ssl.conf;
server_tokens off;
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
index index.php;
# This determines the max size of attachments. Configure the corresponding php options accordingly
client_max_body_size {{ nginx_client_max_body_size }};
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root {{ item.doc_root }};
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location ~ \.php$ {
include /etc/nginx/snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

132
library/roles/roundcube/templates/sauserprefs-config.inc.php.j2
View File

@ -1,132 +0,0 @@
<?php
/**
* SAUserPrefs configuration file
*/
// spamassassin database settings
$config['sauserprefs_db_dsnw'] = '{{ roundcube_sauserprefs_db_type }}://{{ roundcube_sauserprefs_db_user }}:{{ roundcube_sauserprefs_db_pwd }}@{{ roundcube_sauserprefs_db_host }}/{{ roundcube_sauserprefs_db_name }}';
// PEAR database DSN for read only operations (if empty write database will be used)
// useful for database replication
$config['sauserprefs_db_dsnr'] = '';
// use persistent db-connections
// beware this will not "always" work as expected
// see: http://www.php.net/manual/en/features.persistent-connections.php
$config['sauserprefs_db_persistent'] = false;
// table that holds user prefs
$config['sauserprefs_sql_table_name'] = 'userpref';
// name of the username field in the user prefs table
$config['sauserprefs_sql_username_field'] = 'username';
// name of the preference field in the user prefs table, holds the name of the preference
$config['sauserprefs_sql_preference_field'] = 'preference';
// name of the value field in the user prefs table, holds the value of the preference
$config['sauserprefs_sql_value_field'] = 'value';
// username of the current user in the database, normaly %u (username from the session info)
// %u is replaced with the username (from the session info)
// %l is replaced with the local part of the username (if the username is an email address)
// %d is replaced with the domain part of the username (if the username is an email address or default mail domain if not)
// %i is replaced with the email address from the user's default identity
$config['sauserprefs_userid'] = '{{ roundcube_sauserprefs_username_field }}';
// username of the global or default settings user in the database, normaly $GLOBAL or @GLOBAL
$config['sauserprefs_global_userid'] = '\$GLOBAL';
// enable address whitelist synchronisation with address book(s)
// possible values:
// false - synchronisation disabled
// true - synchronise with default address book
// array - an array of address book ids to synchronise with e.g. array('0', 'global'); '0' = the default address book
$config['sauserprefs_abook_sync'] = {{ roundcube_sauserprefs_abook_sync }};
// set to false to disable address book import
// possible values:
// false - address import disabled
// true - import addresses from default address book
// array - an array of address book ids to import e.g. array('0', 'global'); '0' = the default address book
$config['sauserprefs_abook_import'] = {{ roundcube_sauserprefs_abook_import }};
// don't allow these settings to be overriden by the user
// eg. $config['sauserprefs_dont_override'] = array('required_score','rewrite_header Subject');
// to disable entire sections enter the section name surrounded by braces. Sections are: general,tests,bayes,headers,report,addresses
// eg. $config['sauserprefs_dont_override'] = array('{tests}');
$config['sauserprefs_dont_override'] = array({{ roundcube_sauserprefs_do_not_override_array }});
// activate SAUserPrefs for selected mail hosts only. If this is not set all mail hosts are allowed.
// example: $config['sauserprefs_allowed_hosts'] = array('mail1.domain.tld', 'mail2.domain.tld');
$config['sauserprefs_allowed_hosts'] = null;
// load specific config for different mail hosts
// example: $config['sauserprefs_host_config'] = array(
// 'mail1.domain.tld' => 'mail1_config.inc.php',
// 'mail2.domain.tld' => 'mail2_config.inc.php',
// );
$config['sauserprefs_host_config'] = null;
// default settings
// these are overridden by $GLOBAL and user settings from the database
$config['sauserprefs_default_prefs'] = array(
'required_score' => 5,
'rewrite_header Subject' => '{{ roundcube_sauserprefs_subject }}',
'ok_languages' => 'all',
'ok_locales' => 'all',
'fold_headers' => 1,
'add_header all Level' => '_STARS(*)_',
'use_razor1' => 0,
'use_razor2' => 0,
'use_pyzor' => {{ roundcube_sauserprefs_pyzor_enabled }},
'use_dcc' => 0,
'report_safe' => {{ roundcube_sauserprefs_report_safe }},
{% if roundcube_sauserprefs_bayes_enabled %}
'use_bayes' => 1,
'bayes_auto_learn' => {{ roundcube_sauserprefs_bayes_autolearn }},
'bayes_auto_learn_threshold_nonspam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_nospam }},
'bayes_auto_learn_threshold_spam' => {{ roundcube_sauserprefs_bayes_autolearn_threshold_spam }},
'use_bayes_rules' => {{ roundcube_sauserprefs_bayes_rules }},
{% endif %}
{% if roundcube_sauserprefs_autowhitelist_enabled %}
'use_auto_whitelist' => 1,
{% else %}
'use_auto_whitelist' => 0,
{% endif %}
'skip_rbl_checks' => {{ roundcube_sauserprefs_skip_rbl_checks }},
'score USER_IN_BLACKLIST' => 10,
'score USER_IN_WHITELIST' => -10
);
// score options
// define the ranges for the various score select boxes
// '[field name]' => array('min' => [min], 'max' => [max], 'increment' => [increment], 'extra' => array())
// note: the 'extra' key is optional and should contain further arrays with min, max and increment keys
$config['sauserprefs_score_options'] = array(
'*' => array('min' => {{ roundcube_sauserprefs_score_opts_min }}, 'max' => {{ roundcube_sauserprefs_score_opts_max }}, 'increment' => 1),
'_bayesnonspam' => array('min' => -1, 'max' => 1, 'increment' => 0.1),
'_bayesspam' => array('min' => 1, 'max' => 20, 'increment' => 1),
'_score_user_blacklist' => array('min' => 0, 'max' => 100, 'increment' => 10, 'extra' => array(array('min' => 1, 'max' => 10, 'increment' => 1))),
'_score_user_whitelist' => array('min' => -100, 'max' => -1, 'increment' => 10, 'extra' => array(array('min' => -10, 'max' => -1, 'increment' => 1)))
);
// delete user bayesian data stored in database
// the query can contain the following macros that will be expanded as follows:
// %u is replaced with the username from the sauserprefs_userid setting above
// use an array to run multiple queries
// set to null to disable this option
// eg. $config['sauserprefs_bayes_delete_query'] = array(
// 'DELETE FROM bayes_seen WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);',
// 'DELETE FROM bayes_token WHERE id IN (SELECT id FROM bayes_vars WHERE username = %u);',
// 'DELETE FROM bayes_vars WHERE username = %u;'
// );
$config['sauserprefs_bayes_delete_query'] = null;
// allowed languages
// set to array of language codes to limit the language list available for the ok_languages option
// eg array('en', 'es', 'ru', 'zh');
// see the README for a full list of supported languages
// set to null for all possible languages
$config['sauserprefs_langs_allowed'] = null;

57
library/roles/roundcube/vars/main.yml
View File

@ -1,57 +0,0 @@
---
nginx_use_common_virthost: False
nginx_client_max_body_size: '{{ roundcube_max_attachments_size * 2 }}M'
phpfpm_default_user: '{{ roundcube_user }}'
phpfpm_default_pool_name: roundcube
phpfpm_default_memory_limit: '{{ roundcube_max_attachments_size * 10 }}M'
redis_install: False
http_port: 80
https_port: 443
php_version: 7.2
php_additional_packages:
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-json'
- 'php{{ php_version }}-ldap'
- 'php{{ php_version }}-{{ roundcube_db }}'
- 'php{{ php_version }}-xml'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-intl'
- 'php{{ php_version }}-curl'
- 'php{{ php_version }}-zip'
- 'php{{ php_version }}-bz2'
- 'php{{ php_version }}-gmp'
- 'php-imagick'
- 'php-apcu'
- postgresql-client
- 'php{{ php_version }}-memcache'
php_global_settings:
- { option: 'zlib.output_compression', value: 'Off' }
- { option: 'post_max_size', value: '{{ roundcube_max_attachments_size }}M' }
- { option: 'upload_max_filesize', value: '{{ roundcube_max_attachments_size }}M' }
- { option: 'session.auto_start', value: 'Off' }
- { option: 'suhosin.session.encrypt', value: 'Off' }
- { option: 'session.gc_maxlifetime', value: '21600' }
- { option: 'session.gc_divisor', value: '500' }
- { option: 'session.gc_probability', value: '1' }
- { option: 'always_populate_raw_post_data', value: '-1' }
- { option: 'allow_url_fopen', value: 'on' }
- { option: 'max_execution_time', value: '240' }
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
- { option: 'max_input_vars', value: '1400' }
- { option: 'opcache.enable', value: '1' }
- { option: 'opcache.enable_cli', value: '1' }
- { option: 'opcache.interned_strings_buffer', value: '8' }
- { option: 'opcache.max_accelerated_files', value: '10000' }
- { option: 'opcache.memory_consumption', value: '128' }
- { option: 'opcache.save_comments', value: '1' }
- { option: 'opcache.revalidate_freq', value: '1' }
php_cli_global_settings: '{{ php_global_settings }}'
phpfpm_pools:
- { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', upload_max_filesize: '{{ roundcube_max_attachments_size }}M', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', doc_root: '{{ roundcube_web_root }}/public_html', req_term_timeout: '240s', virthost: '{{ roundcube_servername }}', nginx_servername: '{{ roundcube_servername }}' }