db+postfixadmin

2020-07-22 19:51:50 +02:00 · 2020-07-22 19:51:50 +02:00 · ba04341956
parent 4097334294
commit ba04341956
7 changed files with 147 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,8 @@
-# Ansible Role for a Mailserver
+# Ansible Role for a Mailserver
 ## Dependencies on Ansible
 - psycopg2
 ```
 pacman -S python-psycopg2
 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,2 +1,17 @@
 ---
 mailserver_postfixadmin_domain: ""
 mailserver_db_type: "pgsql"
 mailserver_db_host: "localhost"
 mailserver_db_name: "mailserver"
 mailserver_db_user: "mailserver"
 mailserver_db_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mailserver/db_password length=15') }}"
 mailserver_postfixadmin_mail_domain: "sum7.eu"
 mailserver_postfixadmin_mail_admin: "admin@{{ mailserver_postfixadmin_mail_domain }}"
 mailserver_postfixadmin_setup: ""
 mailserver_postfixadmin_default_aliases:
  abuse: "abuse@{{ mailserver_postfixadmin_mail_domain }}"
  hostmaster: "hostmaster@{{ mailserver_postfixadmin_mail_domain }}"
  postmaster: "postmaster@{{ mailserver_postfixadmin_mail_domain }}"
  webmaster: "webmaster@{{ mailserver_postfixadmin_mail_domain }}"
--- a/tasks/db.yml
+++ b/tasks/db.yml
@ -1,27 +1,42 @@
- name: package
+- name: Install PostgreSQL
  package:
    state: latest
    name:
    - postgresql
-    - postfixadmin
+    - python-psycopg2
    - postgresql-old-upgrade
    - postgis
- name: nginx local
+- name: Ensure a locale exists
-  notify: reload nginx
+  locale_gen:
-  when: mailserver_postfixadmin_domain == ""
+    name: en_US.UTF-8
-  template:
+    state: present
    src: postfixadmin-local.nginx
    dest: /etc/nginx/local.d/postfixadmin.act
- name: nginx domain
+- name: init db
-  notify: reload nginx
+  become: yes
-  when: mailserver_postfixadmin_domain != ""
+  become_user: postgres
-  template:
+  become_method: su
-    src: postfixadmin-domain.nginx
+  command: initdb --locale=en_US.UTF-8 -E UTF8 -D /var/lib/postgres/data
-    dest: /etc/nginx/sites.d/postfixadmin.act
+  args:
    creates: /var/lib/postgres/data/postgresql.conf
- name: allow access php to postfixadmin.conf
+- name: start db
-  file:
+  systemd:
-    path: "/etc/webapps/postfixadmin/{{ item }}"
+    name: postgresql
-    group: http
+    enabled: yes
-  with_items:
+    state: started
-  - config.inc.php
+
-  - config.local.php
+- name: create db user
  postgresql_user:
    login_host: "{{ mailserver_db_host }}"
    name: "{{ mailserver_db_user }}"
    password: "{{ mailserver_db_password }}"
 - name: create db
  postgresql_db:
    login_host: "{{ mailserver_db_host }}"
    name: "{{ mailserver_db_name }}"
    owner: "{{ mailserver_db_user }}"
    encoding: UTF-8
    lc_collate: en_US.UTF-8
    lc_ctype: en_US.UTF-8
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -19,6 +19,9 @@
 - name: Run userdatabase
  import_tasks: db.yml
 - name: Run postfixadmin
  import_tasks: postfixadmin.yml
 - name: Run dovecot
  import_tasks: dovecot.yml
--- a/tasks/postfixadmin.yml
+++ b/tasks/postfixadmin.yml
@ -0,0 +1,41 @@
 - name: package
  package:
    name:
    - postfixadmin
 - name: nginx local
  notify: reload nginx
  when: mailserver_postfixadmin_domain == ""
  template:
    src: postfixadmin-local.nginx
    dest: /etc/nginx/local.d/postfixadmin.act
 - name: nginx domain
  notify: reload nginx
  when: mailserver_postfixadmin_domain != ""
  template:
    src: postfixadmin-domain.nginx
    dest: /etc/nginx/sites.d/postfixadmin.act
 - name: config postfixadmin
  template:
    src: postfixadmin.local.php
    dest: /etc/webapps/postfixadmin/config.local.php
 - name: allow access php to postfixadmin.conf
  file:
    path: "/etc/webapps/postfixadmin/{{ item }}"
    owner: http
    group: http
  with_items:
  - config.inc.php
  - config.local.php
 - name: config caching
  file:
    path: "{{ item }}"
    owner: http
    group: http
  with_items:
  - "/usr/share/webapps/postfixadmin/templates_c/"
  - "/var/cache/postfixadmin/templates_c/"
--- a/templates/postfixadmin-local.nginx
+++ b/templates/postfixadmin-local.nginx
@ -13,7 +13,7 @@ location /postfixadmin/public {
 		include fastcgi.conf;
-		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/tmp:/usr/share/pear:/dev/urandom;
+		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/var/cache/postfixadmin/:/tmp:/usr/share/pear:/dev/urandom;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		fastcgi_param PATH_INFO $fastcgi_path_info;
 		fastcgi_param HTTPS on;
--- a/templates/postfixadmin.local.php
+++ b/templates/postfixadmin.local.php
@ -0,0 +1,43 @@
 <?php
 $CONF['configured'] = true;
 $CONF['database_type'] = '{{ mailserver_db_type }}';
 $CONF['database_host'] = '{{ mailserver_db_host }}';
 $CONF['database_name'] = '{{ mailserver_db_name }}';
 $CONF['database_user'] = '{{ mailserver_db_user }}';
 $CONF['database_password'] = '{{ mailserver_db_password }}';
 $CONF['domain_path'] = 'YES';
 $CONF['domain_in_mailbox'] = 'NO';
 $CONF['encrypt'] = 'dovecot:SHA512-CRYPT';
 $CONF['theme'] = 'sum7';
 $CONF['page_size'] = '10';
 $CONF['aliases'] = '0';
 $CONF['mailboxes'] = '0';
 $CONF['maxquota'] = '0';
 {% if mailserver_postfixadmin_domain == "" %}
 $CONF['footer_text'] = 'Return to {{ inventory_hostname }}/postfixadmin';
 $CONF['footer_link'] = 'https://{{ inventory_hostname }}/postfixadmin';
 {% else %}
 $CONF['footer_text'] = 'Return to {{ mailserver_postfixadmin_domain }}';
 $CONF['footer_link'] = 'https://{{ mailserver_postfixadmin_domain }}';
 {% endif %}
 $CONF['default_aliases'] = array (
 {% for k,v in mailserver_postfixadmin_default_aliases.items() %}
    '{{ k }}' => '{{ v }}',
 {% endfor %}
 );
 $CONF['admin_email'] = '{{ mailserver_postfixadmin_mail_admin }}';
 $CONF['admin_name'] = 'Hosting of {{ mailserver_postfixadmin_mail_domain }}';
 $CONF['password_validation'] = array(
 #    '/regular expression/' => '$PALANG key (optional: + parameter)',
    '/.{5}/'                => 'password_too_short 5',      # minimum length 5 characters
    '/([a-zA-Z].*){3}/'     => 'password_no_characters 3',  # must contain at least 3 characters
 #    '/([0-9].*){2}/'        => 'password_no_digits 2',      # must contain at least 2 digits
 );