From b888bfb204b64624bd7b51b292b9516b3fa6312d Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 5 Aug 2020 00:15:02 +0200
Subject: [PATCH] [horde] configuration complete
---
roles/horde/README.md | 26 ++++++++++++++++---
roles/horde/handlers/main.yml | 6 +++++
roles/horde/tasks/main.yml | 24 +++++++++++------
roles/horde/templates/horde/horde/conf.php.j2 | 6 +++--
.../horde/templates/horde/imp/backends.php.j2 | 19 ++++++++++++++
.../templates/nginx/sites-available/horde.j2 | 17 ++++++++++++
.../nginx/sites-available/webmail.j2 | 21 +++++++++++++++
.../templates/nginx/snippets/php.conf.j2 | 26 +++++++++++++++++++
8 files changed, 131 insertions(+), 14 deletions(-)
create mode 100644 roles/horde/handlers/main.yml
create mode 100644 roles/horde/templates/horde/imp/backends.php.j2
create mode 100644 roles/horde/templates/nginx/sites-available/horde.j2
create mode 100644 roles/horde/templates/nginx/sites-available/webmail.j2
create mode 100644 roles/horde/templates/nginx/snippets/php.conf.j2
diff --git a/roles/horde/README.md b/roles/horde/README.md
index 9e964ba8..874a42e6 100644
--- a/roles/horde/README.md
+++ b/roles/horde/README.md
@@ -2,7 +2,25 @@
Ce rôle ansible deploie une instance du webmail horde.
## Variables
- - glob_horde.secret : le secret de horde
- - glob_horde.imap : le serveur imap
- - glob_horde.db : la bdd
- - glob_horde.admins: la liste des admins de horde
+ - glob_horde. :
+ - secret : le secret de horde
+ - imap : le serveur imap
+ - smtp : le serveur smtp (il doit juste être contactable depuis le serveur
+ imap)
+ - maildomain : le nom de domaine depuis qui envoyé les mails
+ - db : la bdd
+ - admins : la liste des admins de horde
+ - redirection : ou rediriger les utilisateurs si il essaie de voir la racine
+ du site
+ - src_hostname : on utilise deux hostnames, le premier va rediriger vers le
+ second. Ici c'est le premier
+ - dest_hostname : Ici c'est le second
+ - admin_src_hostname : même chose mais sur le réseau d'administration. Ici
+ c'est le premier
+ - admin_dest_hostname : Ici c'est le second
+ - zone_ipv4 : la zone ipv4 du réseaux sur lequel le proxy discute avec le
+ serveur
+ - zone ipv6 : la zone ipv6 du réseaux sur lequel le proxy discute avec le
+ serveur
+ - loc_horde :
+ - ipv6 : l'ipv6 du serveur
diff --git a/roles/horde/handlers/main.yml b/roles/horde/handlers/main.yml
new file mode 100644
index 00000000..721ac462
--- /dev/null
+++ b/roles/horde/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Restart nginx
+ service:
+ name: nginx.service
+ state: restarted
diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml
index 78cc5d0e..55ab2891 100644
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@@ -12,26 +12,34 @@
- name: Configure horde
template:
- src: horde/horde/conf.php.j2
- dest: /etc/horde/horde/conf.php"
+ src: '{{ item }}.j2'
+ dest: '/etc/{{ item }}'
owner: www-data
group: www-data
+ mode: 0640
+ loop:
+ - horde/horde/conf.php
+ - horde/imp/backends.php
- name: Configure nginx site
template:
- src: 'nginx/sites-available/{{ item }}.j2'
- dest: '/etc/nginx/sites-available/{{ item }}'
- notify: restart nginx
+ src: '{{ item }}.j2'
+ dest: '/etc/{{ item }}'
+ owner: root
+ group: root
+ mode: 0644
loop:
- - webmail
- - horde
+ - nginx/sites-available/webmail
+ - nginx/sites-available/horde
+ - nginx/snippets/php.conf
+ notify: Restart nginx
- name: Enable nginx site
file:
src: '/etc/nginx/sites-available/{{ item }}'
dest: '/etc/nginx/sites-enabled/{{ item }}'
state: link
- notify: restart nginx
loop:
- webmail
- horde
+ notify: Restart nginx
diff --git a/roles/horde/templates/horde/horde/conf.php.j2 b/roles/horde/templates/horde/horde/conf.php.j2
index ae0bba4e..6da1cbab 100644
--- a/roles/horde/templates/horde/horde/conf.php.j2
+++ b/roles/horde/templates/horde/horde/conf.php.j2
@@ -1,6 +1,7 @@
+{{ ansible_header | comment(decoration='// ') }}
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
-// $Id: 78acbab5980b3b1531db0732c3611a17deae7c83 $
+// $Id: 08fc885cd91fbae2d752e274b554c5f1645129c8 $
$conf['vhosts'] = false;
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['max_exec_time'] = 0;
@@ -27,10 +28,11 @@ $conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
$conf['sql']['splitread'] = false;
+$conf['sql']['logqueries'] = false;
$conf['sql']['phptype'] = 'pgsql';
$conf['nosql']['phptype'] = false;
$conf['ldap']['useldap'] = false;
-$conf['auth']['admins'] = array({{ glob_horde.admins | map('quote') | join(', ')}});
+$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
$conf['auth']['checkip'] = false;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = false;
diff --git a/roles/horde/templates/horde/imp/backends.php.j2 b/roles/horde/templates/horde/imp/backends.php.j2
new file mode 100644
index 00000000..b03fc3de
--- /dev/null
+++ b/roles/horde/templates/horde/imp/backends.php.j2
@@ -0,0 +1,19 @@
+{{ ansible_header | comment(decoration='// ') }}
+<?php
+$servers['imp'] = array(
+ // Disabled by default
+ 'disabled' => false,
+ 'name' => 'IMAP Cr@ns',
+ 'hostspec' => '{{ glob_horde.imap }}',
+ 'hordeauth' => true,
+ 'protocol' => 'imap',
+ 'port' => 143,
+ 'secure' => 'tls',
+ 'maildomain' => '{{ glob_horde.maildomain }}',
+ 'smtp' => array(
+ 'host' => '{{ glob_horde.smtp }}',
+ 'port' => 25,
+ ),
+ 'cache' => false,
+);
+?>
diff --git a/roles/horde/templates/nginx/sites-available/horde.j2 b/roles/horde/templates/nginx/sites-available/horde.j2
new file mode 100644
index 00000000..cbf84402
--- /dev/null
+++ b/roles/horde/templates/nginx/sites-available/horde.j2
@@ -0,0 +1,17 @@
+{{ ansible_header | comment }}
+server {
+ listen {{ glob_horde.admin_src_hostname }}:80;
+ listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
+ server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
+
+ root /usr/share/;
+ location / {
+ return 302 https://{{ glob_horde.dest_hostname }}/horde;
+ }
+ include "snippets/php.conf";
+
+ set_real_ip_from {{ glob_horde.zone_ipv4 }};
+ set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ real_ip_header P-Real-Ip;
+}
+
diff --git a/roles/horde/templates/nginx/sites-available/webmail.j2 b/roles/horde/templates/nginx/sites-available/webmail.j2
new file mode 100644
index 00000000..71270f89
--- /dev/null
+++ b/roles/horde/templates/nginx/sites-available/webmail.j2
@@ -0,0 +1,21 @@
+{{ ansible_header | comment }}
+server {
+ listen {{ glob_horde.admin_dest_hostname }}:80;
+ listen {{ loc_horde.ipv6 }}:80;
+ server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
+
+ root /usr/share/;
+ location / {
+ return 302 {{ glob_horde.redirection }};
+ }
+ location /horde {
+ try_files $uri $uri/ /horde/rampage.php?$args;
+ index index.php index.htm index.html;
+ }
+ include "snippets/php.conf";
+
+ set_real_ip_from {{ glob_horde.zone_ipv4 }};
+ set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ real_ip_header P-Real-Ip;
+}
+
diff --git a/roles/horde/templates/nginx/snippets/php.conf.j2 b/roles/horde/templates/nginx/snippets/php.conf.j2
new file mode 100644
index 00000000..144ec410
--- /dev/null
+++ b/roles/horde/templates/nginx/snippets/php.conf.j2
@@ -0,0 +1,26 @@
+{{ ansible_header | comment }}
+
+location ~ .+\.php {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ if (!-e $document_root$fastcgi_script_name) {
+ return 404;
+ }
+ fastcgi_buffer_size 128k;
+ fastcgi_buffers 4 256k;
+ fastcgi_busy_buffers_size 256k;
+ fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+}
+
+location ~ ^/php_(ping|status)$ {
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ root /usr/share/nginx/html;
+ fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+ include fastcgi_params;
+}
--
GitLab