From 4adbf717bff41780e6a3fc39b871157c4ce73344 Mon Sep 17 00:00:00 2001 From: Martin Geno Date: Fri, 25 Nov 2016 00:04:34 +0100 Subject: [PATCH] new roles warehost and mailserver --- mailserver/README.md | 98 +++++++++++++ mailserver/defaults/main.yml | 9 ++ mailserver/handlers/main.yml | 12 ++ mailserver/tasks/dovecot.yml | 32 +++++ mailserver/tasks/install_archlinux.yml | 12 ++ mailserver/tasks/main.yml | 22 +++ mailserver/tasks/postfix.yml | 25 ++++ mailserver/tasks/spamassassin.yml | 10 ++ mailserver/templates/dovecot-sql.conf | 4 + mailserver/templates/dovecot-sql_lda.conf | 4 + mailserver/templates/dovecot.conf | 61 ++++++++ mailserver/templates/dovecot_auth.sh | 12 ++ mailserver/templates/postfix_main.cf | 87 ++++++++++++ mailserver/templates/postfix_master.cf | 134 ++++++++++++++++++ .../templates/postfix_virtual_alias_maps.cf | 6 + .../postfix_virtual_mailbox_domains.cf | 6 + .../templates/postfix_virtual_mailbox_maps.cf | 6 + .../postfix_virtual_sender_login_maps.cf | 6 + mailserver/templates/sieve_default | 5 + mailserver/templates/warehost-auth.conf | 2 + warehost-web/defaults/main.yml | 5 + warehost-web/handlers/main.yml | 6 + warehost-web/meta/main.yml | 4 + warehost-web/tasks/main.yml | 19 +++ warehost-web/templates/config.yml | 8 ++ warehost-web/templates/warehost-web.unit | 21 +++ 26 files changed, 616 insertions(+) create mode 100644 mailserver/README.md create mode 100644 mailserver/defaults/main.yml create mode 100644 mailserver/handlers/main.yml create mode 100644 mailserver/tasks/dovecot.yml create mode 100644 mailserver/tasks/install_archlinux.yml create mode 100644 mailserver/tasks/main.yml create mode 100644 mailserver/tasks/postfix.yml create mode 100644 mailserver/tasks/spamassassin.yml create mode 100644 mailserver/templates/dovecot-sql.conf create mode 100644 mailserver/templates/dovecot-sql_lda.conf create mode 100644 mailserver/templates/dovecot.conf create mode 100644 mailserver/templates/dovecot_auth.sh create mode 100644 mailserver/templates/postfix_main.cf create mode 100644 mailserver/templates/postfix_master.cf create mode 100644 mailserver/templates/postfix_virtual_alias_maps.cf create mode 100644 mailserver/templates/postfix_virtual_mailbox_domains.cf create mode 100644 mailserver/templates/postfix_virtual_mailbox_maps.cf create mode 100644 mailserver/templates/postfix_virtual_sender_login_maps.cf create mode 100644 mailserver/templates/sieve_default create mode 100644 mailserver/templates/warehost-auth.conf create mode 100644 warehost-web/defaults/main.yml create mode 100644 warehost-web/handlers/main.yml create mode 100644 warehost-web/meta/main.yml create mode 100644 warehost-web/tasks/main.yml create mode 100644 warehost-web/templates/config.yml create mode 100644 warehost-web/templates/warehost-web.unit diff --git a/mailserver/README.md b/mailserver/README.md new file mode 100644 index 0000000..08aa34c --- /dev/null +++ b/mailserver/README.md @@ -0,0 +1,98 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +Test Mail +================= + +`nc ipaddress 25` und einfach passten. + +delimiter +--- +``` +EHLO apus.h.sum7.eu +MAIL FROM: +RCPT TO: +DATA +Subject: Test Delimiter mail (GTUBE) + +This is the GTUBE, the + Generic + Test for + Unsolicited + Bulk + Email + +If your spam filter supports it, the GTUBE provides a test by which you +can verify that the filter is installed correctly and is detecting incoming +spam. + +. + +``` + + +Spam and delimiter +------------------- +``` +EHLO apus.h.sum7.eu +MAIL FROM: +RCPT TO: +DATA +Subject: Test spam mail (GTUBE) + +This is the GTUBE, the + Generic + Test for + Unsolicited + Bulk + Email + +If your spam filter supports it, the GTUBE provides a test by which you +can verify that the filter is installed correctly and is detecting incoming +spam. You can send yourself a test mail containing the following string of +characters (in upper case and with no white spaces and line breaks): + +XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X + +You should send this test mail from an account outside of your network. + +. + +``` + + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/mailserver/defaults/main.yml b/mailserver/defaults/main.yml new file mode 100644 index 0000000..b15d6cf --- /dev/null +++ b/mailserver/defaults/main.yml @@ -0,0 +1,9 @@ +--- +mail_db_host: localhost +mail_db_dbname: '{{warehost_db_dbname}}' +mail_db_user: '{{warehost_db_user}}' +mail_db_pass: '{{warehost_db_pass}}' +mail_homedir: /srv/mail +#mail_ssl_private: +#mail_ssl_public: +#mail_domain: diff --git a/mailserver/handlers/main.yml b/mailserver/handlers/main.yml new file mode 100644 index 0000000..3e537a5 --- /dev/null +++ b/mailserver/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: reload postfix + service: name=postfix state=reloaded + +- name: restart postfix + service: name=postfix state=restarted + +- name: restart dovecot + service: name=dovecot state=restarted + +- name: restart spamassassin + service: name=spamassassin state=restarted diff --git a/mailserver/tasks/dovecot.yml b/mailserver/tasks/dovecot.yml new file mode 100644 index 0000000..dff76db --- /dev/null +++ b/mailserver/tasks/dovecot.yml @@ -0,0 +1,32 @@ +--- +- name: Configure dovecot + template: src={{item}} dest=/etc/dovecot/{{item}} owner=vmail group=vmail mode=640 + with_items: + - dovecot.conf + - dovecot-sql.conf + - dovecot-sql_lda.conf + notify: restart dovecot + +# Authentification +- name: Download warehost-auth (TODO current copy) + copy: src=warehost-auth dest=/usr/local/bin/warehost-auth owner=root group=root mode=0755 + +- name: Configurate authentification + template: src=warehost-auth.conf dest=/etc/warehost/auth.conf mode=660 owner=vmail group=vmail + +- name: Install warehost-auth to dovecot + template: src=dovecot_auth.sh dest=/etc/dovecot/warehost-auth-dovecot mode=770 owner=vmail group=vmail + +# Sieve +- name: Create sieve folder + file: path=/var/lib/dovecot/sieve/ state=directory mode=770 owner=vmail group=vmail + +- name: Sieve for Spamassassin + template: src=sieve_default dest=/var/lib/dovecot/sieve/default.sieve owner=root group=root mode=644 + notify: restart dovecot + +- name: Generate sieve + command: sievec /var/lib/dovecot/sieve/default.sieve creates=/var/lib/dovecot/sieve/default.svbin + +- name: Enable dovecot + service: name=dovecot state=started enabled=yes diff --git a/mailserver/tasks/install_archlinux.yml b/mailserver/tasks/install_archlinux.yml new file mode 100644 index 0000000..899a2b3 --- /dev/null +++ b/mailserver/tasks/install_archlinux.yml @@ -0,0 +1,12 @@ +--- +- name: Install dependencies + pacman: name={{item}} state=present + with_items: + - postfix + - dovecot + - pigeonhole + - spamassassin + - procmail + notify: + - restart postfix + - restart dovecot diff --git a/mailserver/tasks/main.yml b/mailserver/tasks/main.yml new file mode 100644 index 0000000..10c8500 --- /dev/null +++ b/mailserver/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- include: install_archlinux.yml + when: ansible_os_family == 'Archlinux' + +- name: Add service smtp lines + lineinfile: dest=/etc/services regexp='^smtps {{item}}' line="smtps {{item}}" + with_items: + - 465/tcp + - 465/udp + +- name: Create vmail group + group: name=vmail state=present + +- name: Create vmail user + user: name=vmail group=vmail shell=/usr/bin/nologin home={{mail_homedir}} + +- name: Create homedir + file: path={{mail_homedir}} state=directory mode=770 owner=vmail group=vmail + +- include: postfix.yml +- include: dovecot.yml +- include: spamassassin.yml diff --git a/mailserver/tasks/postfix.yml b/mailserver/tasks/postfix.yml new file mode 100644 index 0000000..fcd6a91 --- /dev/null +++ b/mailserver/tasks/postfix.yml @@ -0,0 +1,25 @@ +--- +- name: Configure postfix + template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=root mode=640 + with_items: + - master.cf + - main.cf + notify: reload postfix + +- name: Configure postfix-dbconnection + template: src=postfix_{{item}} dest=/etc/postfix/{{item}} owner=root group=postfix mode=640 + with_items: + - virtual_mailbox_domains.cf + - virtual_mailbox_maps.cf + - virtual_alias_maps.cf + - virtual_sender_login_maps.cf + notify: reload postfix + +- name: Generate default aliases postfix + command: postalias /etc/postfix/aliases creates=/etc/postfix/aliases.db + +- name: Generate default transport postfix + command: postmap /etc/postfix/transport creates=/etc/postfix/transport.db + +- name: Enable postfix + service: name=postfix state=started enabled=yes diff --git a/mailserver/tasks/spamassassin.yml b/mailserver/tasks/spamassassin.yml new file mode 100644 index 0000000..973d21b --- /dev/null +++ b/mailserver/tasks/spamassassin.yml @@ -0,0 +1,10 @@ +--- +- name: Spamassassin update + command: /usr/bin/vendor_perl/sa-update -v + register: bass_result + changed_when: "bass_result.rc != 1" + ignore_errors: yes + notify: restart spamassassin + +- name: Enable spamassassin + service: name=spamassassin enabled=yes diff --git a/mailserver/templates/dovecot-sql.conf b/mailserver/templates/dovecot-sql.conf new file mode 100644 index 0000000..6ed57a5 --- /dev/null +++ b/mailserver/templates/dovecot-sql.conf @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +driver = pgsql +connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}' +user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE ml.mail='%u' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1' diff --git a/mailserver/templates/dovecot-sql_lda.conf b/mailserver/templates/dovecot-sql_lda.conf new file mode 100644 index 0000000..1af3d46 --- /dev/null +++ b/mailserver/templates/dovecot-sql_lda.conf @@ -0,0 +1,4 @@ +# {{ ansible_managed }} +driver = pgsql +connect = host={{mail_db_host}} dbname={{mail_db_dbname}} user={{mail_db_user}} password='{{mail_db_pass}}' +user_query = SELECT CONCAT('{{mail_homedir}}/',m.login,'/') as home, CONCAT('maildir:{{mail_homedir}}/',m.login,'/') as mail, 5000 AS uid, 5000 AS gid, 'dirsize:storage=512000000' AS quota FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%u','@',1) AND fqdn=split_part('%u','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1' diff --git a/mailserver/templates/dovecot.conf b/mailserver/templates/dovecot.conf new file mode 100644 index 0000000..9920163 --- /dev/null +++ b/mailserver/templates/dovecot.conf @@ -0,0 +1,61 @@ +# {{ ansible_managed }} +protocols = imap pop3 sieve + +auth_mechanisms = plain login +#ipv4 only -> *,:: for both (später) +listen = *,:: + +postmaster_address = hostmaster@{{mail_domain}} + +passdb { + driver = checkpassword + args = /etc/dovecot/warehost-auth-dovecot +} +userdb { + driver = sql + args = /etc/dovecot/dovecot-sql.conf +} + + +protocol lda { + mail_plugins = $mail_plugins sieve + userdb { + driver = sql + args = /etc/dovecot/dovecot-sql_lda.conf + } +} +protocol sieve { +} + + +service auth { + unix_listener auth-client { + group = postfix + mode = 0660 + user = postfix + } + user = root +} +service managesieve-login { + inet_listener sieve { + port = 4190 + } +} +service managesieve { +} + + +plugin { + sieve = ~/.dovecot.sieve + sieve_global_path = /var/lib/dovecot/sieve/default.sieve + sieve_dir = ~/sieve + sieve_global_dir = /var/lib/dovecot/sieve/global/ +} + + +mail_home = maildir:{{mail_homedir}}/%u +mail_location = maildir:~ + +ssl = yes +ssl_cert = <{{mail_ssl_public}} +ssl_key = <{{mail_ssl_private}} diff --git a/mailserver/templates/dovecot_auth.sh b/mailserver/templates/dovecot_auth.sh new file mode 100644 index 0000000..b5a0146 --- /dev/null +++ b/mailserver/templates/dovecot_auth.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env sh +# {{ ansible_managed }} + +read -d $'\x0' -r -u 3 USER; +read -d $'\x0' -r -u 3 PASSWD; +/usr/local/bin/warehost-auth -c /etc/warehost/auth.conf -u "$USER" -p "$PASSWD"; +output=$?; + +if [ "$output" == "0" ]; then + exec "$1"; +fi +exit $output; diff --git a/mailserver/templates/postfix_main.cf b/mailserver/templates/postfix_main.cf new file mode 100644 index 0000000..dbb35c1 --- /dev/null +++ b/mailserver/templates/postfix_main.cf @@ -0,0 +1,87 @@ +# {{ ansible_managed }} +compatibility_level = 2 + +queue_directory = /var/spool/postfix + +command_directory = /usr/bin +daemon_directory = /usr/lib/postfix/bin +data_directory = /var/lib/postfix + +mail_owner = postfix + +myhostname = {{mail_domain}} +myorigin = $mydomain +mydestination = $myhostname, localhost.$mydomain, localhost + +mynetworks_style = host + +# TODO-verify +relay_domains = $mydestination + +# Defaults +alias_maps = hash:/etc/postfix/aliases +alias_database = $alias_maps + +# Optionale Delimitier +recipient_delimiter = + + +home_mailbox = Maildir/ + +mail_spool_directory = /var/mail + +# Defaults +debug_peer_level = 2 +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + + +sendmail_path = /usr/bin/sendmail +newaliases_path = /usr/bin/newaliases +mailq_path = /usr/bin/mailq +setgid_group = postdrop +html_directory = no +manpage_directory = /usr/share/man +sample_directory = /etc/postfix +readme_directory = /usr/share/doc/postfix +#ipv4 only -> "all" for both (später) +inet_protocols = all +meta_directory = /etc/postfix +shlib_directory = /usr/lib/postfix + + + + +virtual_alias_maps = proxy:pgsql:/etc/postfix/virtual_alias_maps.cf +virtual_mailbox_domains = proxy:pgsql:/etc/postfix/virtual_mailbox_domains.cf +virtual_mailbox_maps = proxy:pgsql:/etc/postfix/virtual_mailbox_maps.cf +#TODO Create Folder +virtual_mailbox_base = {{mail_homedir}}/ +virtual_mailbox_limit = 512000000 +virtual_minimum_uid = 5000 +virtual_transport = dovecot +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 +# Eine Mail zurzeit an Dovecot übergeben (Mehrere Empfänger) +dovecot_destination_recipient_limit = 1 +local_transport = dovecot +local_recipient_maps = $virtual_mailbox_maps +transport_maps = hash:/etc/postfix/transport + +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = /var/run/dovecot/auth-client +smtpd_sender_login_maps = proxy:pgsql:/etc/postfix/virtual_sender_login_maps.cf +smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_sender_login_mismatch, permit_sasl_authenticated +smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +smtpd_sasl_security_options = noanonymous +smtpd_sasl_tls_security_options = $smtpd_sasl_security_options +smtpd_tls_security_level = may +smtpd_tls_auth_only = yes +smtpd_tls_received_header = yes +smtpd_tls_cert_file = {{mail_ssl_public}} +smtpd_tls_key_file = {{mail_ssl_private}} +smtpd_sasl_local_domain = $mydomain +broken_sasl_auth_clients = yes +smtpd_tls_loglevel = 1 diff --git a/mailserver/templates/postfix_master.cf b/mailserver/templates/postfix_master.cf new file mode 100644 index 0000000..d50f2fa --- /dev/null +++ b/mailserver/templates/postfix_master.cf @@ -0,0 +1,134 @@ +# {{ ansible_managed }} +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - n - - smtpd +# -o content_filter=spamassassin +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +submission inet n - n - - smtpd +# -o syslog_name=postfix/submission + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +smtps inet n - n - - smtpd +# -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +dovecot unix - n n - - pipe + flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${recipient} -d ${user}@${nexthop} +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/mailserver/templates/postfix_virtual_alias_maps.cf b/mailserver/templates/postfix_virtual_alias_maps.cf new file mode 100644 index 0000000..798bea6 --- /dev/null +++ b/mailserver/templates/postfix_virtual_alias_maps.cf @@ -0,0 +1,6 @@ +# {{ ansible_managed }} +hosts = {{mail_db_host}} +dbname = {{mail_db_dbname}} +user = {{mail_db_user}} +password = {{mail_db_pass}} +query = SELECT mf.to as goto FROM host_mail_forward mf LEFT JOIN host_mail m on m.id = mf.mail LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' EXCEPT SELECT '%s' UNION SELECT '%s' FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'; diff --git a/mailserver/templates/postfix_virtual_mailbox_domains.cf b/mailserver/templates/postfix_virtual_mailbox_domains.cf new file mode 100644 index 0000000..08887e8 --- /dev/null +++ b/mailserver/templates/postfix_virtual_mailbox_domains.cf @@ -0,0 +1,6 @@ +# {{ ansible_managed }} +hosts = {{mail_db_host}} +dbname = {{mail_db_dbname}} +user = {{mail_db_user}} +password = {{mail_db_pass}} +query = SELECT fqdn as description FROM host_domain d LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE fqdn='%s' AND l.active='1' AND d.mail='1' AND d.active='1'; diff --git a/mailserver/templates/postfix_virtual_mailbox_maps.cf b/mailserver/templates/postfix_virtual_mailbox_maps.cf new file mode 100644 index 0000000..2fd425a --- /dev/null +++ b/mailserver/templates/postfix_virtual_mailbox_maps.cf @@ -0,0 +1,6 @@ +# {{ ansible_managed }} +hosts = {{mail_db_host}} +dbname = {{mail_db_dbname}} +user = {{mail_db_user}} +password = {{mail_db_pass}} +query = SELECT CONCAT(m.login,'/') as maildir FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name='%u' AND fqdn='%d' AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'; diff --git a/mailserver/templates/postfix_virtual_sender_login_maps.cf b/mailserver/templates/postfix_virtual_sender_login_maps.cf new file mode 100644 index 0000000..214c425 --- /dev/null +++ b/mailserver/templates/postfix_virtual_sender_login_maps.cf @@ -0,0 +1,6 @@ +# {{ ansible_managed }} +hosts = {{mail_db_host}} +dbname = {{mail_db_dbname}} +user = {{mail_db_user}} +password = {{mail_db_pass}} +query = SELECT ml.mail FROM host_mail m LEFT JOIN login ml on ml.id=m.login LEFT JOIN host_domain d ON m.domain=d.id LEFT JOIN host_profil p on p.id=d.profil LEFT JOIN login l on l.id=p.login WHERE m.name=split_part('%s','@',1) AND fqdn=split_part('%s','@',2) AND l.active='1' AND d.mail='1' AND d.active='1' AND m.login IS NOT NULL AND ml.active='1'; diff --git a/mailserver/templates/sieve_default b/mailserver/templates/sieve_default new file mode 100644 index 0000000..64ed103 --- /dev/null +++ b/mailserver/templates/sieve_default @@ -0,0 +1,5 @@ +# {{ ansible_managed }} +require ["fileinto","mailbox"]; +if header :contains "X-Spam-Flag" "YES" { + fileinto :create "Junk"; +} diff --git a/mailserver/templates/warehost-auth.conf b/mailserver/templates/warehost-auth.conf new file mode 100644 index 0000000..2a4654a --- /dev/null +++ b/mailserver/templates/warehost-auth.conf @@ -0,0 +1,2 @@ +--- +database: "host={{mail_db_host}} user={{mail_db_user}} dbname={{mail_db_dbname}} password={{mail_db_pass}} sslmode=disable" diff --git a/warehost-web/defaults/main.yml b/warehost-web/defaults/main.yml new file mode 100644 index 0000000..55bc4ba --- /dev/null +++ b/warehost-web/defaults/main.yml @@ -0,0 +1,5 @@ +--- +warehost_db_host: localhost +warehost_web_internal_ip: 127.0.0.1 +warehost_web_internal_port: 60000 +warehost_web_webroot: /srv/warehost-web diff --git a/warehost-web/handlers/main.yml b/warehost-web/handlers/main.yml new file mode 100644 index 0000000..bf64e06 --- /dev/null +++ b/warehost-web/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload daemon-reload + command: systemctl daemon-reload + +- name: restart warehost-web + service: name=warehost-web state=restarted diff --git a/warehost-web/meta/main.yml b/warehost-web/meta/main.yml new file mode 100644 index 0000000..af97e9f --- /dev/null +++ b/warehost-web/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: +- warehost-meta +- warehost-db diff --git a/warehost-web/tasks/main.yml b/warehost-web/tasks/main.yml new file mode 100644 index 0000000..bc77063 --- /dev/null +++ b/warehost-web/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Download Warehost-web (TODO current copy) + copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755 + +- name: Create web folder + file: path={{warehost_web_webroot}} state=directory owner=warehost group=http mode=0770 + +- name: Configurate warehost + template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600 + notify: restart warehost-web + +- name: Install service + template: src=warehost-web.unit dest=/lib/systemd/system/warehost-web.service owner=root mode=644 + notify: + - reload daemon-reload + - restart warehost-web + +- name: Enable warehost + service: name=warehost-web state=started enabled=yes diff --git a/warehost-web/templates/config.yml b/warehost-web/templates/config.yml new file mode 100644 index 0000000..cb31fd9 --- /dev/null +++ b/warehost-web/templates/config.yml @@ -0,0 +1,8 @@ +--- +address: {{warehost_web_internal_ip}} +port: {{warehost_web_internal_port}} +webroot: {{warehost_web_webroot}} +log: + path: /var/log/warehost/web.log +database: "host={{warehost_db_host}} user={{warehost_db_user}} dbname={{warehost_db_dbname}} password={{warehost_db_pass}} sslmode=disable" +databasedebug: false diff --git a/warehost-web/templates/warehost-web.unit b/warehost-web/templates/warehost-web.unit new file mode 100644 index 0000000..d65910e --- /dev/null +++ b/warehost-web/templates/warehost-web.unit @@ -0,0 +1,21 @@ +[Unit] +Description=Warehost web v2 +After=syslog.target +After=network.target +After=postgresql.service + +[Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +Type=simple +User=warehost +Group=nobody +ExecStart=/usr/local/bin/warehost-web -c /etc/warehost/web.conf +Restart=always + +[Install] +WantedBy=multi-user.target