db+postfixadmin

README.md

@@ -1 +1,8 @@
 # Ansible Role for a Mailserver
+
+## Dependencies on Ansible
+- psycopg2
+
+```
+pacman -S python-psycopg2
+```

defaults/main.yml

@@ -1,2 +1,17 @@
 ---
 mailserver_postfixadmin_domain: ""
+mailserver_db_type: "pgsql"
+mailserver_db_host: "localhost"
+mailserver_db_name: "mailserver"
+mailserver_db_user: "mailserver"
+mailserver_db_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mailserver/db_password length=15') }}"
+mailserver_postfixadmin_mail_domain: "sum7.eu"
+mailserver_postfixadmin_mail_admin: "admin@{{ mailserver_postfixadmin_mail_domain }}"
+mailserver_postfixadmin_setup: ""
+mailserver_postfixadmin_default_aliases:
+  abuse: "abuse@{{ mailserver_postfixadmin_mail_domain }}"
+  hostmaster: "hostmaster@{{ mailserver_postfixadmin_mail_domain }}"
+  postmaster: "postmaster@{{ mailserver_postfixadmin_mail_domain }}"
+  webmaster: "webmaster@{{ mailserver_postfixadmin_mail_domain }}"
+
+

tasks/db.yml

@@ -1,27 +1,42 @@
-- name: package
+- name: Install PostgreSQL
   package:
+    state: latest
     name:
     - postgresql
-    - postfixadmin
+    - python-psycopg2
+    - postgresql-old-upgrade
+    - postgis
 
-- name: nginx local
-  notify: reload nginx
-  when: mailserver_postfixadmin_domain == ""
-  template:
-    src: postfixadmin-local.nginx
-    dest: /etc/nginx/local.d/postfixadmin.act
+- name: Ensure a locale exists
+  locale_gen:
+    name: en_US.UTF-8
+    state: present
 
-- name: nginx domain
-  notify: reload nginx
-  when: mailserver_postfixadmin_domain != ""
-  template:
-    src: postfixadmin-domain.nginx
-    dest: /etc/nginx/sites.d/postfixadmin.act
+- name: init db
+  become: yes
+  become_user: postgres
+  become_method: su
+  command: initdb --locale=en_US.UTF-8 -E UTF8 -D /var/lib/postgres/data
+  args:
+    creates: /var/lib/postgres/data/postgresql.conf
 
-- name: allow access php to postfixadmin.conf
-  file:
-    path: "/etc/webapps/postfixadmin/{{ item }}"
-    group: http
-  with_items:
-  - config.inc.php
-  - config.local.php
+- name: start db
+  systemd:
+    name: postgresql
+    enabled: yes
+    state: started
+
+- name: create db user
+  postgresql_user:
+    login_host: "{{ mailserver_db_host }}"
+    name: "{{ mailserver_db_user }}"
+    password: "{{ mailserver_db_password }}"
+
+- name: create db
+  postgresql_db:
+    login_host: "{{ mailserver_db_host }}"
+    name: "{{ mailserver_db_name }}"
+    owner: "{{ mailserver_db_user }}"
+    encoding: UTF-8
+    lc_collate: en_US.UTF-8
+    lc_ctype: en_US.UTF-8

tasks/main.yml

@@ -19,6 +19,9 @@
 - name: Run userdatabase
   import_tasks: db.yml
   
+- name: Run postfixadmin
+  import_tasks: postfixadmin.yml
+  
 - name: Run dovecot
   import_tasks: dovecot.yml
   

tasks/postfixadmin.yml

@@ -0,0 +1,41 @@
+- name: package
+  package:
+    name:
+    - postfixadmin
+
+- name: nginx local
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain == ""
+  template:
+    src: postfixadmin-local.nginx
+    dest: /etc/nginx/local.d/postfixadmin.act
+
+- name: nginx domain
+  notify: reload nginx
+  when: mailserver_postfixadmin_domain != ""
+  template:
+    src: postfixadmin-domain.nginx
+    dest: /etc/nginx/sites.d/postfixadmin.act
+
+- name: config postfixadmin
+  template:
+    src: postfixadmin.local.php
+    dest: /etc/webapps/postfixadmin/config.local.php
+
+- name: allow access php to postfixadmin.conf
+  file:
+    path: "/etc/webapps/postfixadmin/{{ item }}"
+    owner: http
+    group: http
+  with_items:
+  - config.inc.php
+  - config.local.php
+
+- name: config caching
+  file:
+    path: "{{ item }}"
+    owner: http
+    group: http
+  with_items:
+  - "/usr/share/webapps/postfixadmin/templates_c/"
+  - "/var/cache/postfixadmin/templates_c/"

templates/postfixadmin-local.nginx

@@ -13,7 +13,7 @@ location /postfixadmin/public {
 	
 		include fastcgi.conf;
 
-		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/tmp:/usr/share/pear:/dev/urandom;
+		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/postfixadmin/:/usr/share/webapps/postfixadmin:/var/cache/postfixadmin/:/tmp:/usr/share/pear:/dev/urandom;
 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 		fastcgi_param PATH_INFO $fastcgi_path_info;
 		fastcgi_param HTTPS on;

templates/postfixadmin.local.php

@@ -0,0 +1,43 @@
+<?php
+
+$CONF['configured'] = true;
+
+$CONF['database_type'] = '{{ mailserver_db_type }}';
+$CONF['database_host'] = '{{ mailserver_db_host }}';
+$CONF['database_name'] = '{{ mailserver_db_name }}';
+$CONF['database_user'] = '{{ mailserver_db_user }}';
+$CONF['database_password'] = '{{ mailserver_db_password }}';
+
+$CONF['domain_path'] = 'YES';
+$CONF['domain_in_mailbox'] = 'NO';
+
+$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';
+
+$CONF['theme'] = 'sum7';
+$CONF['page_size'] = '10';
+
+$CONF['aliases'] = '0';
+$CONF['mailboxes'] = '0';
+$CONF['maxquota'] = '0';
+
+{% if mailserver_postfixadmin_domain == "" %}
+$CONF['footer_text'] = 'Return to {{ inventory_hostname }}/postfixadmin';
+$CONF['footer_link'] = 'https://{{ inventory_hostname }}/postfixadmin';
+{% else %}
+$CONF['footer_text'] = 'Return to {{ mailserver_postfixadmin_domain }}';
+$CONF['footer_link'] = 'https://{{ mailserver_postfixadmin_domain }}';
+{% endif %}
+$CONF['default_aliases'] = array (
+{% for k,v in mailserver_postfixadmin_default_aliases.items() %}
+    '{{ k }}' => '{{ v }}',
+{% endfor %}
+);
+$CONF['admin_email'] = '{{ mailserver_postfixadmin_mail_admin }}';
+$CONF['admin_name'] = 'Hosting of {{ mailserver_postfixadmin_mail_domain }}';
+
+$CONF['password_validation'] = array(
+#    '/regular expression/' => '$PALANG key (optional: + parameter)',
+    '/.{5}/'                => 'password_too_short 5',      # minimum length 5 characters
+    '/([a-zA-Z].*){3}/'     => 'password_no_characters 3',  # must contain at least 3 characters
+#    '/([0-9].*){2}/'        => 'password_no_digits 2',      # must contain at least 2 digits
+);