From ba0434195653270fbbe1c28f4406bfea4ff812d0 Mon Sep 17 00:00:00 2001
From: genofire <geno+dev@fireorbit.de>
Date: Wed, 22 Jul 2020 19:51:50 +0200
Subject: [PATCH] db+postfixadmin

---
 README.md                          |  9 ++++-
 defaults/main.yml                  | 15 ++++++++
 tasks/db.yml                       | 57 +++++++++++++++++++-----------
 tasks/main.yml                     |  3 ++
 tasks/postfixadmin.yml             | 41 +++++++++++++++++++++
 templates/postfixadmin-local.nginx |  2 +-
 templates/postfixadmin.local.php   | 43 ++++++++++++++++++++++
 7 files changed, 147 insertions(+), 23 deletions(-)
 create mode 100644 tasks/postfixadmin.yml
 create mode 100644 templates/postfixadmin.local.php

diff --git a/README.md b/README.md
index e8d84d6..1eb5dcb 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,8 @@
-# Ansible Role for a Mailserver
\ No newline at end of file
+# Ansible Role for a Mailserver
+
+## Dependencies on Ansible
+- psycopg2
+
+```
+pacman -S python-psycopg2
+```
diff --git a/defaults/main.yml b/defaults/main.yml
index 0026458..d12950b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,17 @@
 ---
 mailserver_postfixadmin_domain: ""
+mailserver_db_type: "pgsql"
+mailserver_db_host: "localhost"
+mailserver_db_name: "mailserver"
+mailserver_db_user: "mailserver"
+mailserver_db_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mailserver/db_password length=15') }}"
+mailserver_postfixadmin_mail_domain: "sum7.eu"
+mailserver_postfixadmin_mail_admin: "admin@{{ mailserver_postfixadmin_mail_domain }}"
+mailserver_postfixadmin_setup: ""
+mailserver_postfixadmin_default_aliases:
+  abuse: "abuse@{{ mailserver_postfixadmin_mail_domain }}"
+  hostmaster: "hostmaster@{{ mailserver_postfixadmin_mail_domain }}"
+  postmaster: "postmaster@{{ mailserver_postfixadmin_mail_domain }}"
+  webmaster: "webmaster@{{ mailserver_postfixadmin_mail_domain }}"
+
+
diff --git a/tasks/db.yml b/tasks/db.yml
index 5a3347a..2087fe4 100644
--- a/tasks/db.yml
+++ b/tasks/db.yml
@@ -1,27 +1,42 @@
-- name: package
+- name: Install PostgreSQL
   package:
+    state: latest
     name:
     - postgresql
-    - postfixadmin
+    - python-psycopg2
+    - postgresql-old-upgrade
+    - postgis
 
-- name: nginx local
-  notify: reload nginx
-  when: mailserver_postfixadmin_domain == ""
-  template:
-    src: postfixadmin-local.nginx
-    dest: /etc/nginx/local.d/postfixadmin.act
+- name: Ensure a locale exists
+  locale_gen:
+    name: en_US.UTF-8
+    state: present
 
-- name: nginx domain
-  notify: reload nginx
-  when: mailserver_postfixadmin_domain != ""
-  template:
-    src: postfixadmin-domain.nginx
-    dest: /etc/nginx/sites.d/postfixadmin.act
+- name: init db
+  become: yes
+  become_user: postgres
+  become_method: su
+  command: initdb --locale=en_US.UTF-8 -E UTF8 -D /var/lib/postgres/data
+  args:
+    creates: /var/lib/postgres/data/postgresql.conf
 
-- name: allow access php to postfixadmin.conf
-  file:
-    path: "/etc/webapps/postfixadmin/{{ item }}"
-    group: http
-  with_items:
-  - config.inc.php
-  - config.local.php
+- name: start db
+  systemd:
+    name: postgresql
+    enabled: yes
+    state: started
+
+- name: create db user
+  postgresql_user:
+    login_host: "{{ mailserver_db_host }}"
+    name: "{{ mailserver_db_user }}"
+    password: "{{ mailserver_db_password }}"
+
+- name: create db
+  postgresql_db:
+    login_host: "{{ mailserver_db_host }}"
+    name: "{{ mailserver_db_name }}"
+    owner: "{{ mailserver_db_user }}"
+    encoding: UTF-8
+    lc_collate: en_US.UTF-8
+    lc_ctype: en_US.UTF-8
diff --git a/tasks/main.yml b/tasks/main.yml
index 05f300a..f0e0254 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,6 +19,9 @@
 - name: Run userdatabase
   import_tasks: db.yml
   
+- name: Run postfixadmin
+  import_tasks: postfixadmin.yml
+  
 - name: Run dovecot
   import_tasks: dovecot.yml
   
diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml
new file mode 100644
index 0000000..7c5e898
--- /dev/null
+++ b/tasks/postfixadmin.yml
@@ -0,0 +1,41 @@
+- name: package
+  package:
+    name:
+    - postfixadmin
+
+- name: nginx local
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain == ""
+  template:
+    src: postfixadmin-local.nginx
+    dest: /etc/nginx/local.d/postfixadmin.act
+
+- name: nginx domain
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain != ""
+  template:
+    src: postfixadmin-domain.nginx
+    dest: /etc/nginx/sites.d/postfixadmin.act
+
+- name: config postfixadmin
+  template:
+    src: postfixadmin.local.php
+    dest: /etc/webapps/postfixadmin/config.local.php
+
+- name: allow access php to postfixadmin.conf
+  file:
+    path: "/etc/webapps/postfixadmin/{{ item }}"
+    owner: http
+    group: http
+  with_items:
+  - config.inc.php
+  - config.local.php
+
+- name: config caching
+  file:
+    path: "{{ item }}"
+    owner: http
+    group: http
+  with_items:
+  - "/usr/share/webapps/postfixadmin/templates_c/"
+  - "/var/cache/postfixadmin/templates_c/"
diff --git a/templates/postfixadmin-local.nginx b/templates/postfixadmin-local.nginx
index 3b55c31..bece2cb 100644
--- a/templates/postfixadmin-local.nginx
+++ b/templates/postfixadmin-local.nginx
@@ -13,7 +13,7 @@ location /postfixadmin/public {
 	
 		include fastcgi.conf;
 
-		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/tmp:/usr/share/pear:/dev/urandom;
+		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/var/cache/postfixadmin/:/tmp:/usr/share/pear:/dev/urandom;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		fastcgi_param PATH_INFO $fastcgi_path_info;
 		fastcgi_param HTTPS on;
diff --git a/templates/postfixadmin.local.php b/templates/postfixadmin.local.php
new file mode 100644
index 0000000..bd224e0
--- /dev/null
+++ b/templates/postfixadmin.local.php
@@ -0,0 +1,43 @@
+<?php
+
+$CONF['configured'] = true;
+
+$CONF['database_type'] = '{{ mailserver_db_type }}';
+$CONF['database_host'] = '{{ mailserver_db_host }}';
+$CONF['database_name'] = '{{ mailserver_db_name }}';
+$CONF['database_user'] = '{{ mailserver_db_user }}';
+$CONF['database_password'] = '{{ mailserver_db_password }}';
+
+$CONF['domain_path'] = 'YES';
+$CONF['domain_in_mailbox'] = 'NO';
+
+$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';
+
+$CONF['theme'] = 'sum7';
+$CONF['page_size'] = '10';
+
+$CONF['aliases'] = '0';
+$CONF['mailboxes'] = '0';
+$CONF['maxquota'] = '0';
+
+{% if mailserver_postfixadmin_domain == "" %}
+$CONF['footer_text'] = 'Return to {{ inventory_hostname }}/postfixadmin';
+$CONF['footer_link'] = 'https://{{ inventory_hostname }}/postfixadmin';
+{% else %}
+$CONF['footer_text'] = 'Return to {{ mailserver_postfixadmin_domain }}';
+$CONF['footer_link'] = 'https://{{ mailserver_postfixadmin_domain }}';
+{% endif %}
+$CONF['default_aliases'] = array (
+{% for k,v in mailserver_postfixadmin_default_aliases.items() %}
+    '{{ k }}' => '{{ v }}',
+{% endfor %}
+);
+$CONF['admin_email'] = '{{ mailserver_postfixadmin_mail_admin }}';
+$CONF['admin_name'] = 'Hosting of {{ mailserver_postfixadmin_mail_domain }}';
+
+$CONF['password_validation'] = array(
+#    '/regular expression/' => '$PALANG key (optional: + parameter)',
+    '/.{5}/'                => 'password_too_short 5',      # minimum length 5 characters
+    '/([a-zA-Z].*){3}/'     => 'password_no_characters 3',  # must contain at least 3 characters
+#    '/([0-9].*){2}/'        => 'password_no_digits 2',      # must contain at least 2 digits
+);