From cbf8dce4ef1981b4212754cb7331159d375d0e60 Mon Sep 17 00:00:00 2001
From: genofire <geno+dev@fireorbit.de>
Date: Fri, 24 Jul 2020 17:07:52 +0200
Subject: [PATCH] cleanup + add roundcubemail

---
 defaults/main.yml                             |  3 +
 tasks/main.yml                                | 15 ++-
 tasks/postfixadmin.yml                        |  2 +-
 tasks/roundcubemail.yml                       | 16 ++++
 templates/postfix/main.cf                     |  4 +-
 ...xadmin.local.php => postfixadmin-conf.php} |  0
 templates/roundcubemail-conf.php              | 91 +++++++++++++++++++
 templates/roundcubemail-local.nginx           | 21 +++++
 8 files changed, 147 insertions(+), 5 deletions(-)
 create mode 100644 tasks/roundcubemail.yml
 rename templates/{postfixadmin.local.php => postfixadmin-conf.php} (100%)
 create mode 100644 templates/roundcubemail-conf.php
 create mode 100644 templates/roundcubemail-local.nginx

diff --git a/defaults/main.yml b/defaults/main.yml
index c909a11..a980093 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -31,3 +31,6 @@ mailserver_mailman_web: true
 mailserver_mailman_domains:
 - mail: "lists.{{ mailserver_mail_domain }}"
   web: "lists.{{ mailserver_mail_domain }}"
+
+mailserver_roundcubemail_enabled: true
+mailserver_roundcubemail_domain: ""
diff --git a/tasks/main.yml b/tasks/main.yml
index 323429a..b791562 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -25,23 +25,34 @@
 - name: Run userdatabase
   when: mailserver_dovecot_enabled
   import_tasks: db.yml
+  tags: mail-db
   
 - name: Run postfixadmin
   when: mailserver_dovecot_enabled
   import_tasks: postfixadmin.yml
+  tags: postfixadmin
   
 - name: Run dovecot
   when: mailserver_dovecot_enabled
   import_tasks: dovecot.yml
+  tags: dovecot
   
 - name: Run rspamd
   import_tasks: rspamd.yml
   when: mailserver_rspamd_enabled
-  
+  tags: rspamd  
+
 - name: Run mailman
   when: mailserver_mailman_enabled
   import_tasks: mailman.yml
-  
+  tags: mailman
+
 - name: Run postfix
   import_tasks: postfix.yml
+  tags: postfix
+
+- name: Run roundcubemail
+  when: mailserver_roundcubemail_enabled
+  import_tasks: roundcubemail.yml
+  tags: roundcubemail
 
diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml
index a9d987d..7a44253 100644
--- a/tasks/postfixadmin.yml
+++ b/tasks/postfixadmin.yml
@@ -19,7 +19,7 @@
 
 - name: postfixadmin - config
   template:
-    src: postfixadmin.local.php
+    src: postfixadmin-conf.php
     dest: /etc/webapps/postfixadmin/config.local.php
 
 - name: postfixadmin - fix config access
diff --git a/tasks/roundcubemail.yml b/tasks/roundcubemail.yml
new file mode 100644
index 0000000..5ca63a6
--- /dev/null
+++ b/tasks/roundcubemail.yml
@@ -0,0 +1,16 @@
+- name: roundcubemail - install
+  package:
+    name: roundcubemail
+    state: latest
+
+- name: roundcubemail - nginx local
+  notify: reload nginx
+  when: mailserver_roundcubemail_domain == ""
+  template:
+    src: roundcubemail-local.nginx
+    dest: /etc/nginx/local.d/roundcubemail.act
+
+- name: roundcubemail - config
+  template:
+    src: roundcubemail-conf.php
+    dest: /etc/webapps/roundcubemail/config/config.inc.php
diff --git a/templates/postfix/main.cf b/templates/postfix/main.cf
index a3c549e..19893f4 100644
--- a/templates/postfix/main.cf
+++ b/templates/postfix/main.cf
@@ -91,7 +91,7 @@ smtpd_relay_restrictions =      reject_non_fqdn_recipient
 
 ### Restrictions for all sending foreign servers ("SMTP clients")
 smtpd_client_restrictions =     permit_mynetworks
-                                check_client_access hash:/etc/postfix/without_ptr
+#                                check_client_access hash:/etc/postfix/without_ptr
 #                                reject_unknown_client_hostname
 
 
@@ -122,7 +122,7 @@ mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
 
 ### Postscreen Whitelist / Blocklist
 postscreen_access_list =        permit_mynetworks
-                                cidr:/etc/postfix/postscreen_access
+#                                cidr:/etc/postfix/postscreen_access
 postscreen_blacklist_action = drop
 
 
diff --git a/templates/postfixadmin.local.php b/templates/postfixadmin-conf.php
similarity index 100%
rename from templates/postfixadmin.local.php
rename to templates/postfixadmin-conf.php
diff --git a/templates/roundcubemail-conf.php b/templates/roundcubemail-conf.php
new file mode 100644
index 0000000..88dd2f6
--- /dev/null
+++ b/templates/roundcubemail-conf.php
@@ -0,0 +1,91 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Local configuration for the Roundcube Webmail installation.           |
+ |                                                                       |
+ | This is a sample configuration file only containing the minimum       |
+ | setup required for a functional installation. Copy more options       |
+ | from defaults.inc.php to this file to override the defaults.          |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ +-----------------------------------------------------------------------+
+*/
+
+$config = array();
+
+// Database connection string (DSN) for read+write operations
+// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
+// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
+// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
+// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
+//       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
+$config['db_dsnw'] = 'mysql://roundcube:JAoHRkIPdsCC3woD52cfy5Eu@localhost:3306/roundcube';
+
+// The mail host chosen to perform the log-in.
+// Leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// Supported replacement variables:
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['default_host'] = 'ssl://mail.sum7.eu';
+
+// SMTP server host (for sending mails).
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// If left blank, the PHP mail() function is used
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['smtp_server'] = 'tls://mail.sum7.eu';
+
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$config['smtp_port'] = 587;
+
+// SMTP username (if required) if you use %u as the username Roundcube
+// will use the current username for login
+$config['smtp_user'] = '%u';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$config['smtp_pass'] = '%p';
+// $config['smtp_auth_type'] = 'PLAIN';
+
+// provide an URL where a user can get support for this Roundcube installation
+// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+$config['support_url'] = '';
+
+// Name your service. This is displayed on the login screen and in the window title
+$config['product_name'] = 'Webmail';
+
+// this key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
+// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
+$config['des_key'] = 'oaV96vtQ6simuPuDgpABGKF7';
+
+// List of active plugins (in plugins/ directory)
+$config['plugins'] = array(
+    'archive',
+    'zipdownload',
+    'managesieve',
+);
+
+// skin name: folder from skins/
+$config['skin'] = 'sum7';
+$config['skin_logo'] = 'https://sum7.eu/img/logo.svg';
+$config['enable_installer'] = false;
+
diff --git a/templates/roundcubemail-local.nginx b/templates/roundcubemail-local.nginx
new file mode 100644
index 0000000..53fd318
--- /dev/null
+++ b/templates/roundcubemail-local.nginx
@@ -0,0 +1,21 @@
+location /roundcubemail {
+	rewrite ^/roundcubemail/?(.*)$ /roundcubemail/public_html/$1 last;
+}
+
+location /roundcubemail/public_html {
+	root /usr/share/webapps;
+	index index.html index.htm index.php;
+
+	location ~ \.php(?:$|/) {
+		fastcgi_split_path_info ^(.+.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+		fastcgi_index index.php;
+	
+		include fastcgi.conf;
+
+		fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/roundcubemail/:/usr/share/webapps/roundcubemail:/var/logs/roundcubemail/:/var/cache/roundcubemail/:/tmp:/usr/share/pear:/dev/urandom;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTPS on;
+	}
+}