Compare commits
1 Commits
role_round
...
master
Author | SHA1 | Date | |
---|---|---|---|
bdd9c71e53 |
@ -1,2 +0,0 @@
|
|||||||
skip_list:
|
|
||||||
- yaml[line-length]
|
|
@ -1,6 +1,5 @@
|
|||||||
svc_acct_name: "ubuntu"
|
svc_acct_name: "ubuntu"
|
||||||
svc_acct_keys:
|
svc_acct_keys:
|
||||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
|
||||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= peter.edmond@telos.digital"
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com"
|
||||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
|
||||||
admin_email: "digital@telospartners.com"
|
|
||||||
|
@ -1,85 +0,0 @@
|
|||||||
---
|
|
||||||
httpd_php: true
|
|
||||||
httpd_tls_site_root: /srv/roundcube/roundcubemail-{{ roundcube_version }}/public_html
|
|
||||||
httpd_optional_enabled_modules:
|
|
||||||
- deflate
|
|
||||||
- expires
|
|
||||||
- headers
|
|
||||||
httpd_tls_vhost_raw: |
|
|
||||||
<IfModule mod_rewrite.c>
|
|
||||||
Options +SymLinksIfOwnerMatch
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^favicon\.ico$ skins/elastic/images/favicon.ico
|
|
||||||
|
|
||||||
# security rules:
|
|
||||||
# - deny access to files not containing a dot or starting with a dot
|
|
||||||
# in all locations except installer directory
|
|
||||||
RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
|
|
||||||
# - deny access to some locations
|
|
||||||
RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|vendor|program\/(include|lib|localization|steps)) - [F]
|
|
||||||
# - deny access to some documentation files
|
|
||||||
RewriteRule /?(README.*|CHANGELOG.*|SECURITY.*|meta\.json|composer\..*|jsdeps.json)$ - [F]
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<IfModule mod_deflate.c>
|
|
||||||
SetOutputFilter DEFLATE
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
# prefer to brotli over gzip if brotli is available
|
|
||||||
<IfModule mod_brotli.c>
|
|
||||||
SetOutputFilter BROTLI_COMPRESS
|
|
||||||
# some assets have been compressed, so no need to do it again
|
|
||||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|web[pm]|woff2?)$ no-brotli
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<IfModule mod_expires.c>
|
|
||||||
ExpiresActive On
|
|
||||||
ExpiresDefault "access plus 1 month"
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
FileETag MTime Size
|
|
||||||
|
|
||||||
<IfModule mod_autoindex.c>
|
|
||||||
Options -Indexes
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<IfModule mod_headers.c>
|
|
||||||
# Disable page indexing
|
|
||||||
Header set X-Robots-Tag "noindex, nofollow"
|
|
||||||
# replace 'merge' with 'append' for Apache < 2.2.9
|
|
||||||
#Header merge Cache-Control public env=!NO_CACHE
|
|
||||||
# Optional security headers
|
|
||||||
# Only provides increased security if the browser supports those features
|
|
||||||
# Be careful! Testing is required! They should be adjusted to your installation / user environment
|
|
||||||
# HSTS - HTTP Strict Transport Security
|
|
||||||
#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
|
|
||||||
# HPKP - HTTP Public Key Pinning
|
|
||||||
# Only template - fill with your values
|
|
||||||
#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
|
|
||||||
# X-Xss-Protection
|
|
||||||
# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
|
|
||||||
#Header set X-XSS-Protection "1; mode=block"
|
|
||||||
# X-Frame-Options
|
|
||||||
# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
|
|
||||||
# Already set by php code! Do not activate both options
|
|
||||||
#Header set X-Frame-Options SAMEORIGIN
|
|
||||||
# X-Content-Type-Options
|
|
||||||
# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
|
|
||||||
#Header set X-Content-Type-Options "nosniff"
|
|
||||||
</IfModule>
|
|
||||||
mariadb_manage: true
|
|
||||||
mariadb_users:
|
|
||||||
- user: roundcube
|
|
||||||
password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
31383138383839383861303464383230363265323536636336306530316337333266373730643835
|
|
||||||
6130356163343631616663666132346633346336333538650a303932343831386132326261313433
|
|
||||||
61306462623666353831626136633633623331666338663239373236376464303338633364656364
|
|
||||||
3333653363653838300a326662626333666135366130366466633466353366666235316633383135
|
|
||||||
39323532623037656635356266666434333831363834646232373031336134626166666664653662
|
|
||||||
6266313336656565303663353436626334313865313330303538
|
|
||||||
priv: "'roundcubedb.*'': 'ALL,GRANT'"
|
|
||||||
mariadb_databases:
|
|
||||||
- roundcubedb
|
|
||||||
roundcube_db_dsnw: "mysql://roundcube:{{ mariadb_users[0].password }}@localhost/roundcubedb"
|
|
||||||
# roundcube_db_dsnw: 'mysql://roundcube:pass@localhost/roundcubemail'
|
|
@ -1 +0,0 @@
|
|||||||
php_user: ''
|
|
@ -10,15 +10,3 @@ eoq:
|
|||||||
monitor:
|
monitor:
|
||||||
hosts:
|
hosts:
|
||||||
monitor.telos.digital:
|
monitor.telos.digital:
|
||||||
dev_roundcube:
|
|
||||||
hosts:
|
|
||||||
test-webmail.telos.digital:
|
|
||||||
httpd_site_name: 'test-webmail.telos.digital'
|
|
||||||
mariadb_root_password: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
63353366356333386164316433646431393932623666353235656666363833653339616162633765
|
|
||||||
3738313666653431383936643035326338313935303065360a643135666638373235313532326135
|
|
||||||
63376637646130373863383366313538623938656531376234616234336534356539306536356363
|
|
||||||
3364323038316565300a646239646636386363373664323530623130663130653337363861313434
|
|
||||||
61643933643263633363643436366261623934346339333032663935386135313264646637306464
|
|
||||||
3438303435373562363163363939386565336535363165303639
|
|
||||||
|
@ -1,36 +0,0 @@
|
|||||||
httpd_pkgs:
|
|
||||||
- apache2
|
|
||||||
httpd_pkgs_plugins: []
|
|
||||||
|
|
||||||
httpd_site_name: 'default'
|
|
||||||
httpd_site_root: '/var/www/html'
|
|
||||||
httpd_default_enabled_modules:
|
|
||||||
- ssl
|
|
||||||
httpd_optional_enabled_modules: []
|
|
||||||
|
|
||||||
httpd_tls_certbot: true
|
|
||||||
httpd_tls_auto_redirect: true
|
|
||||||
httpd_tls_certbot_additonal_args: ''
|
|
||||||
httpd_tls_site_root:
|
|
||||||
|
|
||||||
httpd_tls_vhost_default: true
|
|
||||||
|
|
||||||
httpd_tls_vhost_raw: ''
|
|
||||||
|
|
||||||
httpd_php: false
|
|
||||||
httpd_php_version: 8.3
|
|
||||||
httpd_php_socket: '/run/php/php{{ httpd_php_version }}-fpm.sock'
|
|
||||||
httpd_php_pkgs:
|
|
||||||
- php
|
|
||||||
- php-fpm
|
|
||||||
- php-cli
|
|
||||||
- php-mysql
|
|
||||||
- php-curl
|
|
||||||
- php-gd
|
|
||||||
- php-mbstring
|
|
||||||
- php-xml
|
|
||||||
- php-zip
|
|
||||||
httpd_php_enabled_modules:
|
|
||||||
- proxy_fcgi
|
|
||||||
- setenvif
|
|
||||||
- php{{ httpd_php_version }}
|
|
@ -9,7 +9,3 @@
|
|||||||
name: apache2
|
name: apache2
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: Restart PHP-FPM
|
|
||||||
service:
|
|
||||||
name: php{{ httpd_php_version }}-fpm
|
|
||||||
state: restarted
|
|
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install Certbot and Apache plugin
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- certbot
|
|
||||||
- python3-certbot-apache
|
|
||||||
state: present
|
|
||||||
- name: Ensure Apache is running and enabled
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: apache2
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
- name: Obtain Let's Encrypt certificate using certbot
|
|
||||||
ansible.builtin.command: >
|
|
||||||
certbot --apache -n --agree-tos --redirect
|
|
||||||
-d {{ httpd_site_name }}
|
|
||||||
--email {{ admin_email }} {{ httpd_tls_certbot_additonal_args }}
|
|
||||||
args:
|
|
||||||
creates: "/etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem"
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create index.html
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: httpd/index.html.j2
|
|
||||||
dest: "{{ httpd_site_root }}/index.html"
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
mode: '0644'
|
|
||||||
|
|
||||||
- name: Create Apache virtual host config
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: httpd/vhost.conf.j2
|
|
||||||
dest: "/etc/apache2/sites-available/{{ httpd_site_name }}.conf"
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
mode: '0644'
|
|
||||||
notify: Reload Apache
|
|
||||||
|
|
||||||
- name: "Enable http site {{ httpd_site_name }}"
|
|
||||||
ansible.builtin.command: "a2ensite {{ httpd_site_name }}"
|
|
||||||
args:
|
|
||||||
creates: "/etc/apache2/sites-enabled/{{ httpd_site_name }}.conf"
|
|
||||||
notify: Reload Apache
|
|
||||||
|
|
||||||
- name: Enable modules
|
|
||||||
ansible.builtin.command: " a2enmod {{ item }}"
|
|
||||||
args:
|
|
||||||
creates: "/etc/apache2/mods-enabled/{{ item }}*"
|
|
||||||
loop: "{{ httpd_default_enabled_modules + httpd_optional_enabled_modules }}"
|
|
||||||
notify: Reload Apache
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install Apache2 and plugins
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: "{{ httpd_pkgs + httpd_pkgs_plugins }}"
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
|
|
||||||
- name: Ensure site root exists
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ httpd_site_root }}"
|
|
||||||
state: directory
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
mode: '0755'
|
|
||||||
|
|
||||||
- name: Ensure Apache is running and enabled
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: apache2
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
- name: "Disable Certbot autocreated {{ httpd_site_name }}-le-ssl"
|
|
||||||
ansible.builtin.command: "a2dissite {{ httpd_site_name }}-le-ssl"
|
|
||||||
args:
|
|
||||||
removes: "/etc/apache2/sites-enabled/{{ httpd_site_name }}-le-ssl.conf"
|
|
||||||
notify: Reload Apache
|
|
||||||
- name: Create Apache TLS virtual host config
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: httpd/tls_vhost.conf.j2
|
|
||||||
dest: "/etc/apache2/sites-available/{{ httpd_site_name }}_tls.conf"
|
|
||||||
owner: www-data
|
|
||||||
group: www-data
|
|
||||||
mode: '0644'
|
|
||||||
notify: Reload Apache
|
|
||||||
- name: "Enable http site {{ httpd_site_name }}_tls"
|
|
||||||
ansible.builtin.command: "a2ensite {{ httpd_site_name }}_tls"
|
|
||||||
args:
|
|
||||||
creates: "/etc/apache2/sites-enabled/{{ httpd_site_name }}_tls.conf"
|
|
||||||
notify: Reload Apache
|
|
@ -1,14 +1,59 @@
|
|||||||
---
|
---
|
||||||
|
- name: Install Apache2
|
||||||
|
apt:
|
||||||
|
name: apache2
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Install Certbot and Apache plugin
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- certbot
|
||||||
|
- python3-certbot-apache
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure site root exists
|
||||||
|
file:
|
||||||
|
path: "{{ site_root }}"
|
||||||
|
state: directory
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Create index.html
|
||||||
|
template:
|
||||||
|
src: index.html.j2
|
||||||
|
dest: "{{ site_root }}/index.html"
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Create Apache virtual host config
|
||||||
|
template:
|
||||||
|
src: vhost.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{ site_name }}.conf
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Enable site
|
||||||
|
command: a2ensite {{ site_name }}
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Enable SSL module
|
||||||
|
command: a2enmod ssl
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Ensure Apache is running and enabled
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Obtain Let's Encrypt certificate using certbot
|
||||||
|
command: >
|
||||||
|
certbot --apache -n --agree-tos --redirect
|
||||||
|
-d {{ site_name }}
|
||||||
|
--email {{ admin_email }}
|
||||||
|
args:
|
||||||
|
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
|
||||||
|
|
||||||
|
|
||||||
- name: Apache2 Install
|
|
||||||
ansible.builtin.include_tasks: httpd_install.yml
|
|
||||||
- name: Apache2 Default Config
|
|
||||||
ansible.builtin.include_tasks: httpd_default_config.yml
|
|
||||||
- name: Certbot TLS
|
|
||||||
when: httpd_tls_certbot
|
|
||||||
ansible.builtin.include_tasks: httpd_certbot_tls.yml
|
|
||||||
- name: PHP Application
|
|
||||||
when: httpd_php
|
|
||||||
ansible.builtin.include_tasks: php.yml
|
|
||||||
- name: TLS Enabled Site
|
|
||||||
ansible.builtin.include_tasks: httpd_vhost_tls.yml
|
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install PHP, PHP-FPM, and common extensions
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: "{{ httpd_php_pkgs }}"
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
- name: Enable Apache modules for PHP-FPM
|
|
||||||
ansible.builtin.command: a2enmod {{ item }}
|
|
||||||
args:
|
|
||||||
creates: "/etc/apache2/mods-enabled/{{ item }}*"
|
|
||||||
loop: "{{ httpd_php_enabled_modules }}"
|
|
||||||
notify: Reload Apache
|
|
||||||
ignore_errors: true # in case some modules aren't available
|
|
||||||
register: httpd_php_modules_errors
|
|
||||||
|
|
||||||
- name: Ensure PHP-FPM service is running
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: php{{ httpd_php_version }}-fpm
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
when: httpd_php_version is defined
|
|
||||||
|
|
||||||
- name: Deploy custom PHP-FPM pool config
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: php/www.conf.j2
|
|
||||||
dest: /etc/php/{{ httpd_php_version }}/fpm/pool.d/www.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
notify: Restart PHP-FPM
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8">
|
|
||||||
<title>Welcome to {{ httpd_site_name }}</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>Welcome to {{ httpd_site_name }}</h1>
|
|
||||||
<p>This site is served from: {{ httpd_site_root }}</p>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
<IfModule mod_ssl.c>
|
|
||||||
<VirtualHost *:443>
|
|
||||||
# General vhost config
|
|
||||||
ServerName {{ httpd_site_name }}
|
|
||||||
DocumentRoot {{ httpd_tls_site_root }}
|
|
||||||
#TLS Config
|
|
||||||
SSLCertificateFile /etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem
|
|
||||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ httpd_site_name }}/privkey.pem
|
|
||||||
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
||||||
# Standardised Access & error Logging locations
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
|
|
||||||
{% if httpd_tls_vhost_default %}
|
|
||||||
<Directory {{ httpd_tls_site_root }} >
|
|
||||||
Options Indexes FollowSymLinks
|
|
||||||
AllowOverride All
|
|
||||||
Require all granted
|
|
||||||
{% if httpd_php %}
|
|
||||||
<FilesMatch \.php$>
|
|
||||||
SetHandler "proxy:unix:{{ httpd_php_socket }}|fcgi://localhost/"
|
|
||||||
</FilesMatch>
|
|
||||||
{% endif %}
|
|
||||||
</Directory>
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if httpd_tls_vhost_raw != '' %}
|
|
||||||
|
|
||||||
{{ httpd_tls_vhost_raw }}
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
</VirtualHost>
|
|
||||||
</IfModule>
|
|
@ -1,14 +0,0 @@
|
|||||||
<VirtualHost *:80>
|
|
||||||
ServerName {{ httpd_site_name }}
|
|
||||||
DocumentRoot {{ httpd_site_root }}
|
|
||||||
|
|
||||||
<Directory {{ httpd_site_root }}>
|
|
||||||
Options Indexes FollowSymLinks
|
|
||||||
AllowOverride All
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
|
|
||||||
</VirtualHost>
|
|
||||||
|
|
12
ANSIBLE/roles/httpd/templates/index.html.j2
Normal file
12
ANSIBLE/roles/httpd/templates/index.html.j2
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Welcome to {{ site_name }}</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to {{ site_name }}</h1>
|
||||||
|
<p>This site is served from: {{ site_root }}</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
14
ANSIBLE/roles/httpd/templates/vhost.conf.j2
Normal file
14
ANSIBLE/roles/httpd/templates/vhost.conf.j2
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
DocumentRoot {{ site_root }}
|
||||||
|
|
||||||
|
<Directory {{ site_root }}>
|
||||||
|
Options Indexes FollowSymLinks
|
||||||
|
AllowOverride All
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
|
||||||
|
</VirtualHost>
|
||||||
|
|
16
ANSIBLE/roles/httpd_with_php/handlers/main.yml
Normal file
16
ANSIBLE/roles/httpd_with_php/handlers/main.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- name: Reload Apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: Restart Apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Restart PHP-FPM
|
||||||
|
service:
|
||||||
|
name: php{{ php_version }}-fpm
|
||||||
|
state: restarted
|
||||||
|
|
59
ANSIBLE/roles/httpd_with_php/tasks/main.yml
Normal file
59
ANSIBLE/roles/httpd_with_php/tasks/main.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
- name: Install Apache2
|
||||||
|
apt:
|
||||||
|
name: apache2
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Install Certbot and Apache plugin
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- certbot
|
||||||
|
- python3-certbot-apache
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure site root exists
|
||||||
|
file:
|
||||||
|
path: "{{ site_root }}"
|
||||||
|
state: directory
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Create index.html
|
||||||
|
template:
|
||||||
|
src: index.html.j2
|
||||||
|
dest: "{{ site_root }}/index.html"
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Create Apache virtual host config
|
||||||
|
template:
|
||||||
|
src: vhost.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{ site_name }}.conf
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Enable site
|
||||||
|
command: a2ensite {{ site_name }}
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Enable SSL module
|
||||||
|
command: a2enmod ssl
|
||||||
|
notify: Reload Apache
|
||||||
|
|
||||||
|
- name: Ensure Apache is running and enabled
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Obtain Let's Encrypt certificate using certbot
|
||||||
|
command: >
|
||||||
|
certbot --apache -n --agree-tos --redirect
|
||||||
|
-d {{ site_name }}
|
||||||
|
--email {{ admin_email }}
|
||||||
|
args:
|
||||||
|
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
|
||||||
|
|
||||||
|
- import_tasks: php.yml
|
42
ANSIBLE/roles/httpd_with_php/tasks/php.yml
Normal file
42
ANSIBLE/roles/httpd_with_php/tasks/php.yml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
- name: Install PHP, PHP-FPM, and common extensions
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- php
|
||||||
|
- php-fpm
|
||||||
|
- php-cli
|
||||||
|
- php-mysql
|
||||||
|
- php-curl
|
||||||
|
- php-gd
|
||||||
|
- php-mbstring
|
||||||
|
- php-xml
|
||||||
|
- php-zip
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Enable Apache modules for PHP-FPM
|
||||||
|
command: a2enmod {{ item }}
|
||||||
|
loop:
|
||||||
|
- proxy_fcgi
|
||||||
|
- setenvif
|
||||||
|
- php{{ php_version }} # or php8.1 depending on your distro
|
||||||
|
notify: Reload Apache
|
||||||
|
ignore_errors: yes # in case some modules aren't available
|
||||||
|
|
||||||
|
- name: Ensure PHP-FPM service is running
|
||||||
|
service:
|
||||||
|
name: php{{ php_version }}-fpm
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
when: php_version is defined
|
||||||
|
|
||||||
|
- name: Deploy custom PHP-FPM pool config
|
||||||
|
template:
|
||||||
|
src: www.conf.j2
|
||||||
|
dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
notify: Restart PHP-FPM
|
||||||
|
|
||||||
|
|
12
ANSIBLE/roles/httpd_with_php/templates/index.html.j2
Normal file
12
ANSIBLE/roles/httpd_with_php/templates/index.html.j2
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Welcome to {{ site_name }}</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Welcome to {{ site_name }}</h1>
|
||||||
|
<p>This site is served from: {{ site_root }}</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
14
ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
Normal file
14
ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
DocumentRoot {{ site_root }}
|
||||||
|
|
||||||
|
<Directory {{ site_root }}>
|
||||||
|
Options Indexes FollowSymLinks
|
||||||
|
AllowOverride All
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
|
||||||
|
</VirtualHost>
|
||||||
|
|
@ -3,7 +3,7 @@
|
|||||||
user = www-data
|
user = www-data
|
||||||
group = www-data
|
group = www-data
|
||||||
|
|
||||||
listen = {{ httpd_php_socket }}
|
listen = /run/php/php{{ php_version }}-fpm.sock
|
||||||
|
|
||||||
listen.owner = www-data
|
listen.owner = www-data
|
||||||
listen.group = www-data
|
listen.group = www-data
|
||||||
@ -20,7 +20,7 @@ chdir = /
|
|||||||
; Logging
|
; Logging
|
||||||
catch_workers_output = yes
|
catch_workers_output = yes
|
||||||
; Uncomment for more detailed error logging
|
; Uncomment for more detailed error logging
|
||||||
; php_admin_value[error_log] = /var/log/php{{ httpd_php_version }}-fpm.log
|
; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
|
||||||
; php_admin_flag[log_errors] = on
|
; php_admin_flag[log_errors] = on
|
||||||
|
|
||||||
; Additional PHP configuration values
|
; Additional PHP configuration values
|
@ -1,5 +1,2 @@
|
|||||||
---
|
---
|
||||||
# defaults file for roles/mariadb
|
# defaults file for roles/mariadb
|
||||||
mariadb_manage: false
|
|
||||||
mariadb_users: []
|
|
||||||
mariadb_databases: []
|
|
@ -1,9 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Try to create databases
|
|
||||||
community.mysql.mysql_db:
|
|
||||||
login_user: root
|
|
||||||
login_password: "{{ mariadb_root_password }}"
|
|
||||||
login_unix_socket: /run/mysqld/mysqld.sock
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
loop: "{{ mariadb_databases }}"
|
|
@ -1,12 +0,0 @@
|
|||||||
#
|
|
||||||
---
|
|
||||||
- name: Create Database users
|
|
||||||
community.mysql.mysql_user:
|
|
||||||
column_case_sensitive: false
|
|
||||||
login_password: "{{ mariadb_root_password }}"
|
|
||||||
# logon_user: "root"
|
|
||||||
login_unix_socket: /run/mysqld/mysqld.sock
|
|
||||||
name: "{{ item.user }}"
|
|
||||||
password: "{{ item.password }}"
|
|
||||||
priv: "{{ item.priv }}"
|
|
||||||
loop: "{{ mariadb_users }}"
|
|
@ -1,48 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install MariaDB server and client
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- mariadb-server
|
|
||||||
- mariadb-client
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
|
|
||||||
- name: Ensure PyMySQL is installed
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: python3-pymysql
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Ensure MariaDB is running and enabled
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: mariadb
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
- name: Try to connect to MariaDB with root password
|
|
||||||
ansible.builtin.shell: |
|
|
||||||
mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
|
|
||||||
register: mysql_root_status
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
- name: Value of mysql_root_status
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "{{mysql_root_status}}"
|
|
||||||
|
|
||||||
- name: Set MariaDB root password if not already set
|
|
||||||
community.mysql.mysql_user:
|
|
||||||
name: root
|
|
||||||
host: "{{ item }}"
|
|
||||||
password: "{{ mariadb_root_password }}"
|
|
||||||
login_unix_socket: /run/mysqld/mysqld.sock
|
|
||||||
check_implicit_admin: true
|
|
||||||
state: present
|
|
||||||
loop:
|
|
||||||
- localhost
|
|
||||||
# - 127.0.0.1
|
|
||||||
# - ::1
|
|
||||||
when: mysql_root_status.rc != 0
|
|
||||||
|
|
||||||
- name: Check MariaDB root password is set
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "MariaDB root password is already set, skipping reset"
|
|
||||||
when: mysql_root_status.rc == 0
|
|
@ -1,8 +1,45 @@
|
|||||||
- name: Mariadb Install & Init
|
---
|
||||||
ansible.builtin.include_tasks: install_initilise.yml
|
- name: Install MariaDB server and client
|
||||||
- name: Mariadb db create
|
apt:
|
||||||
when: mariadb_manage
|
name:
|
||||||
ansible.builtin.include_tasks: create_dbs.yml
|
- mariadb-server
|
||||||
- name: Mariadb users create
|
- mariadb-client
|
||||||
when: mariadb_manage
|
state: present
|
||||||
ansible.builtin.include_tasks: create_users.yml
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Ensure PyMySQL is installed
|
||||||
|
apt:
|
||||||
|
name: python3-pymysql
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure MariaDB is running and enabled
|
||||||
|
service:
|
||||||
|
name: mariadb
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Try to connect to MariaDB with root password
|
||||||
|
shell: |
|
||||||
|
mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
|
||||||
|
register: mysql_root_status
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Set MariaDB root password if not already set
|
||||||
|
mysql_user:
|
||||||
|
name: root
|
||||||
|
host: "{{ item }}"
|
||||||
|
password: "{{ mariadb_root_password }}"
|
||||||
|
login_unix_socket: /run/mysqld/mysqld.sock
|
||||||
|
check_implicit_admin: true
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- localhost
|
||||||
|
- 127.0.0.1
|
||||||
|
- ::1
|
||||||
|
when: mysql_root_status.rc != 0
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "MariaDB root password is already set, skipping reset"
|
||||||
|
when: mysql_root_status.rc == 0
|
||||||
|
|
||||||
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
roundcube_version: '1.6.11'
|
|
||||||
roundcube_version_sha256: 'sha256:a230e432065555bfa27bea3fcf4ac672f2359ef28ad84f5945ea3ccf702e7466'
|
|
||||||
roundcube_user: 'www-data'
|
|
||||||
roundcube_db_dsnw: 'mysql://roundcube:pass@localhost/roundcubemail'
|
|
||||||
roundcube_imap_host: 'localhost:143'
|
|
||||||
roundcube_smtp_host: 'localhost:587'
|
|
||||||
roundcube_support_url: 'support@test.com'
|
|
||||||
roundcube_product_name: 'Webmail'
|
|
||||||
roundcube_des_key: 'rcmail-!24ByteDESkey*Str'
|
|
||||||
roundcube_skin: 'elastic'
|
|
||||||
roundcube_enabled_plugins:
|
|
||||||
- archive
|
|
||||||
- zipdownload
|
|
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Load Roundcube Release
|
|
||||||
ansible.builtin.include_tasks: roundcube-release.yml
|
|
||||||
- name: Congigure Roundcube
|
|
||||||
ansible.builtin.include_tasks: roundcube-config.yml
|
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Configure Roundcube config.inc.php
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: config/config.inc.php.j2
|
|
||||||
dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/config/config.inc.php"
|
|
||||||
mode: '640'
|
|
||||||
owner: "{{ roundcube_user }}"
|
|
||||||
- name: Remove Roundcube Installer Dir
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/installer/"
|
|
||||||
state: absent
|
|
||||||
|
|
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Download Roundcube Archive from GitHub Released Page
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: "https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/roundcubemail-{{ roundcube_version }}-complete.tar.gz"
|
|
||||||
dest: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
|
|
||||||
checksum: "{{ roundcube_version_sha256 }}"
|
|
||||||
mode: '644'
|
|
||||||
force: false
|
|
||||||
- name: Ensure Roundcube Base Dir exsists
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: "{{ roundcube_base_dir }}"
|
|
||||||
mode: '0755'
|
|
||||||
state: 'directory'
|
|
||||||
- name: Unarchive Roundcube release
|
|
||||||
ansible.builtin.unarchive:
|
|
||||||
src: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
|
|
||||||
dest: "{{ roundcube_base_dir }}"
|
|
||||||
creates: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}"
|
|
||||||
owner: "{{ roundcube_user }}"
|
|
||||||
group: "{{ roundcube_user }}"
|
|
||||||
remote_src: true
|
|
||||||
|
|
@ -1,67 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
/*
|
|
||||||
+-----------------------------------------------------------------------+
|
|
||||||
| Local configuration for the Roundcube Webmail installation. |
|
|
||||||
| |
|
|
||||||
| This is a sample configuration file only containing the minimum |
|
|
||||||
| setup required for a functional installation. Copy more options |
|
|
||||||
| from defaults.inc.php to this file to override the defaults. |
|
|
||||||
| |
|
|
||||||
| This file is part of the Roundcube Webmail client |
|
|
||||||
| Copyright (C) The Roundcube Dev Team |
|
|
||||||
| |
|
|
||||||
| Licensed under the GNU General Public License version 3 or |
|
|
||||||
| any later version with exceptions for skins & plugins. |
|
|
||||||
| See the README file for a full license statement. |
|
|
||||||
+-----------------------------------------------------------------------+
|
|
||||||
*/
|
|
||||||
|
|
||||||
$config = [];
|
|
||||||
|
|
||||||
// Database connection string (DSN) for read+write operations
|
|
||||||
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
|
|
||||||
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
|
|
||||||
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
|
|
||||||
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
|
|
||||||
// or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
|
|
||||||
$config['db_dsnw'] = '{{ roundcube_db_dsnw }}';
|
|
||||||
|
|
||||||
// IMAP host chosen to perform the log-in.
|
|
||||||
// See defaults.inc.php for the option description.
|
|
||||||
$config['imap_host'] = '{{ roundcube_imap_host }}';
|
|
||||||
|
|
||||||
// SMTP server host (for sending mails).
|
|
||||||
// See defaults.inc.php for the option description.
|
|
||||||
$config['smtp_host'] = '{{ roundcube_smtp_host }}';
|
|
||||||
|
|
||||||
// SMTP username (if required) if you use %u as the username Roundcube
|
|
||||||
// will use the current username for login
|
|
||||||
$config['smtp_user'] = '%u';
|
|
||||||
|
|
||||||
// SMTP password (if required) if you use %p as the password Roundcube
|
|
||||||
// will use the current user's password for login
|
|
||||||
$config['smtp_pass'] = '%p';
|
|
||||||
|
|
||||||
// provide an URL where a user can get support for this Roundcube installation
|
|
||||||
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
|
|
||||||
$config['support_url'] = '{{ roundcube_support_url }}';
|
|
||||||
|
|
||||||
// Name your service. This is displayed on the login screen and in the window title
|
|
||||||
$config['product_name'] = '{{ roundcube_product_name }}';
|
|
||||||
|
|
||||||
// This key is used to encrypt the users imap password which is stored
|
|
||||||
// in the session record. For the default cipher method it must be
|
|
||||||
// exactly 24 characters long.
|
|
||||||
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
|
|
||||||
$config['des_key'] = '{{ roundcube_des_key }}';
|
|
||||||
|
|
||||||
// List of active plugins (in plugins/ directory)
|
|
||||||
$config['plugins'] = [
|
|
||||||
{% for plugin in roundcube_enabled_plugins %}
|
|
||||||
'{{ plugin }}',
|
|
||||||
{% endfor %}
|
|
||||||
];
|
|
||||||
|
|
||||||
// skin name: folder from skins/
|
|
||||||
$config['skin'] = '{{ roundcube_skin }}';
|
|
@ -1,2 +0,0 @@
|
|||||||
---
|
|
||||||
roundcube_base_dir: "/srv/roundcube"
|
|
@ -8,7 +8,7 @@
|
|||||||
- name: Wheel Group
|
- name: Wheel Group
|
||||||
when: ansible_facts['os_family'] == "RedHat"
|
when: ansible_facts['os_family'] == "RedHat"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ svc_acct_name }}"
|
name: servicelink
|
||||||
groups: wheel
|
groups: wheel
|
||||||
append: true
|
append: true
|
||||||
- name: Sudo Group
|
- name: Sudo Group
|
||||||
@ -17,13 +17,13 @@
|
|||||||
name: "{{ svc_acct_name }}"
|
name: "{{ svc_acct_name }}"
|
||||||
groups: sudo
|
groups: sudo
|
||||||
append: true
|
append: true
|
||||||
- name: "Make sudo passwordless for {{ svc_acct_name }}"
|
- name: Make servicelink sudo Passwordless
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/sudoers
|
path: /etc/sudoers
|
||||||
state: present
|
state: present
|
||||||
line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL"
|
line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL"
|
||||||
validate: /usr/sbin/visudo -cf %s
|
validate: /usr/sbin/visudo -cf %s
|
||||||
- name: "Create or fix ~/.ssh dir"
|
- name: "Make .ssh dir"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/home/{{ svc_acct_name }}/.ssh/"
|
path: "/home/{{ svc_acct_name }}/.ssh/"
|
||||||
state: directory
|
state: directory
|
||||||
@ -37,7 +37,7 @@
|
|||||||
owner: "{{ svc_acct_name }}"
|
owner: "{{ svc_acct_name }}"
|
||||||
group: "{{ svc_acct_name }}"
|
group: "{{ svc_acct_name }}"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
- name: Add Publickeys
|
- name: Add Publickey
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
|
path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Install http php and mariadb
|
|
||||||
hosts: dev_roundcube
|
|
||||||
become: true
|
|
||||||
gather_facts: true
|
|
||||||
roles:
|
|
||||||
- httpd
|
|
||||||
- roundcube
|
|
||||||
- mariadb
|
|
||||||
# - svc_acct
|
|
Loading…
x
Reference in New Issue
Block a user