Role: Roundcube

Download & inital config file template

.ansible-lint.yml

@@ -0,0 +1,2 @@
+skip_list:
+  - yaml[line-length]

ANSIBLE/group_vars/all/all.yml

@@ -1,5 +1,5 @@
 svc_acct_name: "ubuntu"
 svc_acct_keys: 
   - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
-  - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com"
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= peter.edmond@telos.digital"
   - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "

ANSIBLE/inventory/telos_digital.yml

@@ -10,3 +10,6 @@ eoq:
 monitor:
   hosts:
     monitor.telos.digital:
+dev_roundcube:
+  hosts:
+    test-webmail.telos.digital:

ANSIBLE/roles/roundcube/defaults/main.yml

@@ -0,0 +1,14 @@
+---
+roundcube_version: '1.6.11'
+roundcube_version_sha256: 'sha256:a230e432065555bfa27bea3fcf4ac672f2359ef28ad84f5945ea3ccf702e7466'
+roundcube_user: 'www-data'
+roundcube_db_dsnw: 'mysql://roundcube:pass@localhost/roundcubemail'
+roundcube_imap_host: 'localhost:143'
+roundcube_smtp_host: 'localhost:587'
+roundcube_support_url: 'support@test.com'
+roundcube_product_name: 'Webmail'
+roundcube_des_key: 'rcmail-!24ByteDESkey*Str'
+roundcube_skin: 'elastic'
+roundcube_enabled_plugins:
+  - archive
+  - zipdownload

ANSIBLE/roles/roundcube/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Load Roundcube Release
+  ansible.builtin.include_tasks: roundcube-release.yml
+- name: Congigure Roundcube
+  ansible.builtin.include_tasks: roundcube-config.yml

ANSIBLE/roles/roundcube/tasks/roundcube-config.yml

@@ -0,0 +1,7 @@
+---
+- name: Configure Roundcube config.php
+  ansible.builtin.template:
+    src: config/config.inc.php.j2
+    dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/config/config.inc.php"
+    mode: '644'
+    owner: "{{ roundcube_user }}"

ANSIBLE/roles/roundcube/tasks/roundcube-release.yml

@@ -0,0 +1,20 @@
+---
+- name: Download Roundcube Archive from GitHub Released Page
+  ansible.builtin.get_url:
+    url: "https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/roundcubemail-{{ roundcube_version }}-complete.tar.gz"
+    dest: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
+    checksum: "{{ roundcube_version_sha256 }}"
+    mode: '644'
+    force: false
+- name: Ensure Roundcube Base Dir exsists
+  ansible.builtin.file:
+    dest: "{{ roundcube_base_dir }}"
+    mode: '0755'
+    state: 'directory'
+- name: Unarchive Roundcube release
+  ansible.builtin.unarchive:
+    src: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
+    dest: "{{ roundcube_base_dir }}"
+    creates: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}"
+    remote_src: true
+

ANSIBLE/roles/roundcube/templates/config/config.inc.php.j2

@@ -0,0 +1,67 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Local configuration for the Roundcube Webmail installation.           |
+ |                                                                       |
+ | This is a sample configuration file only containing the minimum       |
+ | setup required for a functional installation. Copy more options       |
+ | from defaults.inc.php to this file to override the defaults.          |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) The Roundcube Dev Team                                  |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ +-----------------------------------------------------------------------+
+*/
+
+$config = [];
+
+// Database connection string (DSN) for read+write operations
+// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
+// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
+// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
+// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
+//       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
+$config['db_dsnw'] = '{{ roundcube_db_dsnw }}';
+
+// IMAP host chosen to perform the log-in.
+// See defaults.inc.php for the option description.
+$config['imap_host'] = '{{ roundcube_imap_host }}';
+
+// SMTP server host (for sending mails).
+// See defaults.inc.php for the option description.
+$config['smtp_host'] = '{{ roundcube_smtp_host }}';
+
+// SMTP username (if required) if you use %u as the username Roundcube
+// will use the current username for login
+$config['smtp_user'] = '%u';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$config['smtp_pass'] = '%p';
+
+// provide an URL where a user can get support for this Roundcube installation
+// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+$config['support_url'] = '{{ roundcube_support_url }}';
+
+// Name your service. This is displayed on the login screen and in the window title
+$config['product_name'] = '{{ roundcube_product_name }}';
+
+// This key is used to encrypt the users imap password which is stored
+// in the session record. For the default cipher method it must be
+// exactly 24 characters long.
+// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
+$config['des_key'] = '{{ roundcube_des_key }}';
+
+// List of active plugins (in plugins/ directory)
+$config['plugins'] = [
+{% for plugin in roundcube_enabled_plugins %}
+    '{{ plugin }}',
+{% endfor %}
+];
+
+// skin name: folder from skins/
+$config['skin'] = '{{ roundcube_skin }}';

ANSIBLE/roles/roundcube/vars/main.yml

@@ -0,0 +1,2 @@
+---
+roundcube_base_dir: "/srv/roundcube"

ANSIBLE/roles/svc_acct/tasks/main.yml

@@ -8,7 +8,7 @@
 - name: Wheel Group
   when: ansible_facts['os_family'] == "RedHat"
   ansible.builtin.user:
-    name: servicelink
+    name: "{{ svc_acct_name }}"
     groups: wheel
     append: true
 - name: Sudo Group
@@ -17,13 +17,13 @@
     name: "{{ svc_acct_name }}"
     groups: sudo
     append: true
-- name: Make servicelink sudo Passwordless
+- name: "Make sudo passwordless for {{ svc_acct_name }}"
   ansible.builtin.lineinfile:
     path: /etc/sudoers
     state: present
     line: "{{ svc_acct_name }}  ALL=(ALL)       NOPASSWD: ALL"
     validate: /usr/sbin/visudo -cf %s
-- name: "Make .ssh  dir"
+- name: "Create or fix ~/.ssh dir"
   ansible.builtin.file:
     path: "/home/{{ svc_acct_name }}/.ssh/"
     state: directory
@@ -37,7 +37,7 @@
     owner: "{{ svc_acct_name }}"
     group: "{{ svc_acct_name }}"
     mode: "0600"
-- name: Add Publickey
+- name: Add Publickeys
   ansible.builtin.lineinfile:
     path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
     line: "{{ item }}"

ANSIBLE/roundcube.yml

@@ -0,0 +1,9 @@
+---
+- name: Install http php and mariadb
+  hosts: dev_roundcube
+  become: true
+  gather_facts: true
+  roles:
+#    - httpd_with_php
+    - roundcube
+    - svc_acct