sum7/ansible-role-warehost
sum7
/
ansible-role-warehost
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

new roles warehost and mailserver

This commit is contained in:
Martin Geno 2016-11-25 00:04:34 +01:00
parent ff28b2215f
commit 4adbf717bf
26 changed files with 616 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
mailserver/README.md Normal file
View File

@ -0,0 +1,98 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
Test Mail
=================
`nc ipaddress 25` und einfach passten.
delimiter
---
```
EHLO apus.h.sum7.eu
MAIL FROM:<test@apus.h.sum7.eu>
RCPT TO:<genofire+test@apus.h.sum7.eu>
DATA
Subject: Test Delimiter mail (GTUBE)
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam.
.
```
Spam and delimiter
-------------------
```
EHLO apus.h.sum7.eu
MAIL FROM:<test@apus.h.sum7.eu>
RCPT TO:<genofire+test@apus.h.sum7.eu>
DATA
Subject: Test spam mail (GTUBE)
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.
.
```
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

9
mailserver/defaults/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
mail_db_host: localhost
mail_db_dbname: '{{warehost_db_dbname}}'
mail_db_user: '{{warehost_db_user}}'
mail_db_pass: '{{warehost_db_pass}}'
mail_homedir: /srv/mail
#mail_ssl_private:
#mail_ssl_public:
#mail_domain:

12
mailserver/handlers/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: reload postfix
service: name=postfix state=reloaded
- name: restart postfix
service: name=postfix state=restarted
- name: restart dovecot
service: name=dovecot state=restarted
- name: restart spamassassin
service: name=spamassassin state=restarted

32
mailserver/tasks/dovecot.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: Configure dovecot
template: src={{item}} dest=/etc/dovecot/{{item}} owner=vmail group=vmail mode=640
with_items:
- dovecot.conf
- dovecot-sql.conf
- dovecot-sql_lda.conf
notify: restart dovecot
# Authentification
- name: Download warehost-auth (TODO current copy)
copy: src=warehost-auth dest=/usr/local/bin/warehost-auth owner=root group=root mode=0755
- name: Configurate authentification
template: src=warehost-auth.conf dest=/etc/warehost/auth.conf mode=660 owner=vmail group=vmail
- name: Install warehost-auth to dovecot
template: src=dovecot_auth.sh dest=/etc/dovecot/warehost-auth-dovecot mode=770 owner=vmail group=vmail
# Sieve
- name: Create sieve folder
file: path=/var/lib/dovecot/sieve/ state=directory mode=770 owner=vmail group=vmail
- name: Sieve for Spamassassin
template: src=sieve_default dest=/var/lib/dovecot/sieve/default.sieve owner=root group=root mode=644
notify: restart dovecot
- name: Generate sieve
command: sievec /var/lib/dovecot/sieve/default.sieve creates=/var/lib/dovecot/sieve/default.svbin
- name: Enable dovecot
service: name=dovecot state=started enabled=yes

12
mailserver/tasks/install_archlinux.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Install dependencies
pacman: name={{item}} state=present
with_items:
- postfix
- dovecot
- pigeonhole
- spamassassin
- procmail
notify:
- restart postfix
- restart dovecot

22
mailserver/tasks/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
- include: install_archlinux.yml
when: ansible_os_family == 'Archlinux'
- name: Add service smtp lines
lineinfile: dest=/etc/services regexp='^smtps {{item}}' line="smtps {{item}}"
with_items:
- 465/tcp
- 465/udp
- name: Create vmail group
group: name=vmail state=present
- name: Create vmail user
user: name=vmail group=vmail shell=/usr/bin/nologin home={{mail_homedir}}
- name: Create homedir
file: path={{mail_homedir}} state=directory mode=770 owner=vmail group=vmail
- include: postfix.yml
- include: dovecot.yml
- include: spamassassin.yml

25
mailserver/tasks/postfix.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Configure postfix
template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=640
with_items:
- master.cf
- main.cf
notify: reload postfix
- name: Configure postfix-dbconnection
template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=postfix mode=640
with_items:
- virtual_mailbox_domains.cf
- virtual_mailbox_maps.cf
- virtual_alias_maps.cf
- virtual_sender_login_maps.cf
notify: reload postfix
- name: Generate default aliases postfix
command: postalias /etc/postfix/aliases creates=/etc/postfix/aliases.db
- name: Generate default transport postfix
command: postmap /etc/postfix/transport creates=/etc/postfix/transport.db
- name: Enable postfix
service: name=postfix state=started enabled=yes

10
mailserver/tasks/spamassassin.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Spamassassin update
command: /usr/bin/vendor_perl/sa-update -v
register: bass_result
changed_when: "bass_result.rc != 1"
ignore_errors: yes
notify: restart spamassassin
- name: Enable spamassassin
service: name=spamassassin enabled=yes

4
mailserver/templates/dovecot-sql.conf Normal file
View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
driver = pgsql
connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}'
user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE ml.mail='%u' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'

4
mailserver/templates/dovecot-sql_lda.conf Normal file
View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
driver = pgsql
connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}'
user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%u','@',1) AND fqdn=split_part('%u','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'

61
mailserver/templates/dovecot.conf Normal file
View File

@ -0,0 +1,61 @@
# {{ ansible_managed }}
protocols = imap pop3 sieve
auth_mechanisms = plain login
#ipv4 only -> *,:: for both (später)
listen = *,::
postmaster_address = hostmaster@{{mail_domain}}
passdb {
driver = checkpassword
args = /etc/dovecot/warehost-auth-dovecot
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
protocol lda {
mail_plugins = $mail_plugins sieve
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql_lda.conf
}
}
protocol sieve {
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
}
plugin {
sieve = ~/.dovecot.sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/global/
}
mail_home = maildir:{{mail_homedir}}/%u
mail_location = maildir:~
ssl = yes
ssl_cert = <{{mail_ssl_public}}
ssl_key = <{{mail_ssl_private}}

12
mailserver/templates/dovecot_auth.sh Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/env sh
# {{ ansible_managed }}
read -d $'\x0' -r -u 3 USER;
read -d $'\x0' -r -u 3 PASSWD;
/usr/local/bin/warehost-auth -c /etc/warehost/auth.conf -u "$USER" -p "$PASSWD";
output=$?;
if [ "$output" == "0" ]; then
exec "$1";
fi
exit $output;

87
mailserver/templates/postfix_main.cf Normal file
View File

@ -0,0 +1,87 @@
# {{ ansible_managed }}
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = {{mail_domain}}
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
# TODO-verify
relay_domains = $mydestination
# Defaults
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
# Optionale Delimitier
recipient_delimiter = +
home_mailbox = Maildir/
mail_spool_directory = /var/mail
# Defaults
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
#ipv4 only -> "all" for both (später)
inet_protocols = all
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf
#TODO Create Folder
virtual_mailbox_base = {{mail_homedir}}/
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# Eine Mail zurzeit an Dovecot übergeben (Mehrere Empfänger)
dovecot_destination_recipient_limit = 1
local_transport = dovecot
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/virtual_sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = {{mail_ssl_public}}
smtpd_tls_key_file = {{mail_ssl_private}}
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1

134
mailserver/templates/postfix_master.cf Normal file
View File

@ -0,0 +1,134 @@
# {{ ansible_managed }}
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
# -o content_filter=spamassassin
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop}
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

6
mailserver/templates/postfix_virtual_alias_maps.cf Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
hosts = {{mail_db_host}}
dbname = {{mail_db_dbname}}
user = {{mail_db_user}}
password = {{mail_db_pass}}
query = SELECT mf.to as goto FROM host_mail_forward mf LEFT JOIN host_mail m on m.id = mf.mail LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' EXCEPT SELECT '%s' UNION SELECT '%s' FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';

6
mailserver/templates/postfix_virtual_mailbox_domains.cf Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
hosts = {{mail_db_host}}
dbname = {{mail_db_dbname}}
user = {{mail_db_user}}
password = {{mail_db_pass}}
query = SELECT fqdn as description FROM host_domain d LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE fqdn='%s' AND l.active='1' AND d.mail='1' AND d.active='1';

6
mailserver/templates/postfix_virtual_mailbox_maps.cf Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
hosts = {{mail_db_host}}
dbname = {{mail_db_dbname}}
user = {{mail_db_user}}
password = {{mail_db_pass}}
query = SELECT CONCAT(m.login,'/') as maildir FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name='%u' AND fqdn='%d' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';

6
mailserver/templates/postfix_virtual_sender_login_maps.cf Normal file
View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
hosts = {{mail_db_host}}
dbname = {{mail_db_dbname}}
user = {{mail_db_user}}
password = {{mail_db_pass}}
query = SELECT ml.mail FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1';

5
mailserver/templates/sieve_default Normal file
View File

@ -0,0 +1,5 @@
# {{ ansible_managed }}
require ["fileinto","mailbox"];
if header :contains "X-Spam-Flag" "YES" {
fileinto :create "Junk";
}

2
mailserver/templates/warehost-auth.conf Normal file
View File

@ -0,0 +1,2 @@
---
database: "host={{mail_db_host}} user={{mail_db_user}} dbname={{mail_db_dbname}} password={{mail_db_pass}} sslmode=disable"

5
warehost-web/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
warehost_db_host: localhost
warehost_web_internal_ip: 127.0.0.1
warehost_web_internal_port: 60000
warehost_web_webroot: /srv/warehost-web

6
warehost-web/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: reload daemon-reload
command: systemctl daemon-reload
- name: restart warehost-web
service: name=warehost-web state=restarted

4
warehost-web/meta/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
dependencies:
- warehost-meta
- warehost-db

19
warehost-web/tasks/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Download Warehost-web (TODO current copy)
copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755
- name: Create web folder
file: path={{warehost_web_webroot}} state=directory owner=warehost group=http mode=0770
- name: Configurate warehost
template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600
notify: restart warehost-web
- name: Install service
template: src=warehost-web.unit dest=/lib/systemd/system/warehost-web.service owner=root mode=644
notify:
- reload daemon-reload
- restart warehost-web
- name: Enable warehost
service: name=warehost-web state=started enabled=yes

8
warehost-web/templates/config.yml Normal file
View File

@ -0,0 +1,8 @@
---
address: {{warehost_web_internal_ip}}
port: {{warehost_web_internal_port}}
webroot: {{warehost_web_webroot}}
log:
path: /var/log/warehost/web.log
database: "host={{warehost_db_host}} user={{warehost_db_user}} dbname={{warehost_db_dbname}} password={{warehost_db_pass}} sslmode=disable"
databasedebug: false

21
warehost-web/templates/warehost-web.unit Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=Warehost web v2
After=syslog.target
After=network.target
After=postgresql.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=warehost
Group=nobody
ExecStart=/usr/local/bin/warehost-web -c /etc/warehost/web.conf
Restart=always
[Install]
WantedBy=multi-user.target