diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml
index 3dd13db998ea06e82c28d11561aec33a5df745a6..89ae3297a380dce3e51396f4cf4b428b9bcf2c40 100644
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@@ -1,6 +1,6 @@
---
glob_certbot:
- dns_rfc2136_server: '172.16.10.147'
+ dns_rfc2136_server: '185.230.79.9'
dns_rfc2136_name: certbot_challenge.
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
mail: root@crans.org
diff --git a/group_vars/horde.yml b/group_vars/horde.yml
index 11ea19577bd20b9813390b1adfc84cb9c414aee7..1e5ba8909b0cf3c6e6910c24cd07ed4f3d6fc21a 100644
--- a/group_vars/horde.yml
+++ b/group_vars/horde.yml
@@ -1,9 +1,9 @@
glob_horde:
secret: '{{ vault_horde_secret }}'
imap: imap.adm.crans.org
- smtp: smtp.crans.org
+ smtp: smtp.adm.crans.org
maildomain: crans.org
- db: thot.adm.crans.org
+ db: pgsql.adm.crans.org
admins:
- "'paulon'"
- "'vulcain'"
@@ -16,5 +16,5 @@ glob_horde:
dest_hostname : webmail.crans.org
admin_src_hostname : horde.adm.crans.org
admin_dest_hostname : webmail.adm.crans.org
- zone_ipv4 : 10.231.136.0/24
- zone_ipv6 : 2a0c:700:0:2::/64
+ zone_ipv4 : 172.16.10.0/24
+ zone_ipv6 : fd00:0:0:10::/64
diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index 11b54f6572f62804ab62ca9dc9d37e04bf0d77c3..15ba99aa862fdf804b3beaabdbfd3158aaf9b084 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -29,8 +29,6 @@ nginx:
# - {from: roundcube.crans.org, to: 10.231.136.105}
# - {from: phabricator.crans.org, to: 10.231.136.123}
# - {from: trackerusercontent.crans.org, to: 10.231.136.123}
- # - {from: webmail.crans.org, to: 10.231.136.107}
- # - {from: horde.crans.org, to: 10.231.136.107}
# - {from: owncloud.crans.org, to: 10.231.136.26}
# - {from: ftps.crans.org, to: 10.231.136.98}
# - {from: wiki.crans.org, to: 10.231.136.204}
@@ -44,6 +42,8 @@ nginx:
# - {from: autoconfig.crans.org, to: 10.231.136.46}
# - {from: grafana.crans.org, to: "10.231.136.102:3000"}
# - {from: webirc.crans.org, to: "10.231.136.1:9000"}
+ - {from: webmail.crans.org, to: 172.16.10.108}
+ - {from: horde.crans.org, to: 172.16.10.108}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
- {from: cas.crans.org, to: 172.16.10.120}
@@ -55,7 +55,7 @@ nginx:
- {from: pad.crans.org, to: "172.16.10.130:9001"}
- {from: zero.crans.org, to: 172.16.10.130}
- {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
- - {from: belenios.crans.org, to: 172.16.10.111}
+ # - {from: belenios.crans.org, to: 172.16.10.111}
# - {from: mailman.crans.org, to: 10.231.136.180}
#
# # Zamok
diff --git a/host_vars/hodaur.adm.crans.org.yml b/host_vars/hodaur.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2aa4c1945303a1ebd593b9b139ad6a63e8bc23d5
--- /dev/null
+++ b/host_vars/hodaur.adm.crans.org.yml
@@ -0,0 +1,3 @@
+---
+loc_certbot:
+ domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
diff --git a/host_vars/horde-srv.adm.crans.org.yml b/host_vars/horde-srv.adm.crans.org.yml
deleted file mode 100644
index 54e2e5fc70e2001ccb847854836ae1449e1e08e8..0000000000000000000000000000000000000000
--- a/host_vars/horde-srv.adm.crans.org.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-loc_horde:
- ipv6: '[2a0c:700:0:2:5474:8dff:fe5d:e2be]'
diff --git a/host_vars/horde.adm.crans.org.yml b/host_vars/horde.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f0914f81882cd7cce111a7b20e2fcb225411d2d5
--- /dev/null
+++ b/host_vars/horde.adm.crans.org.yml
@@ -0,0 +1,3 @@
+loc_horde:
+ ipv6: 'fd00::10:400:ff:fe01:810'
+ ipv4: '172.16.10.108'
diff --git a/hosts b/hosts
index 33934acfa63d675aff2242adf8f55a5384bb9559..e0eaaaaf03df80da55e8f6d6680a3641c15fde19 100644
--- a/hosts
+++ b/hosts
@@ -28,13 +28,13 @@ gitzly.adm.crans.org
[certbot:children]
radius # We use certbot to manage LE certificates
+reverseproxy
[nginx_rtmp]
fluxx.adm.crans.org
[reverseproxy]
hodaur.adm.crans.org
-frontdaur.adm.crans.org
[roundcube]
roundcube-srv.adm.crans.org
@@ -43,7 +43,7 @@ roundcube-srv.adm.crans.org
ethercalc-srv.adm.crans.org
[horde]
-horde-srv.adm.crans.org
+horde.adm.crans.org
[radius]
routeur-sam.adm.crans.org
@@ -107,6 +107,7 @@ tracker.adm.crans.org
jitsi.adm.crans.org
#ethercalc-srv.adm.crans.org
kenobi.adm.crans.org
+horde.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org
diff --git a/plays/horde.yml b/plays/horde.yml
index bc775369a6ad54dd7b9f0f19ffabce723ec19b12..f1b8aa8dda249f8ce6c0a134a09142fe0a700da1 100755
--- a/plays/horde.yml
+++ b/plays/horde.yml
@@ -2,5 +2,7 @@
---
# Moi j'aime le ocaml et lui il installe horde
- hosts: horde
+ vars:
+ horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
roles:
- horde
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index b7a8d3ade94e8df60e3674d8d97276c28aba2785..0e25fc503a45ebf6f9ba936d7143ac6b96fa43be 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -1,6 +1,9 @@
#!/usr/bin/env ansible-playbook
---
- hosts: reverseproxy
+ vars:
+ certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
+ mirror: '{{ glob_mirror.name }}'
roles:
- certbot
- nginx-reverseproxy
diff --git a/roles/horde/README.md b/roles/horde/README.md
index 874a42e6360c9d4cbc0f4ca9a8a447fecd79de32..133011b6459db35a71eaa34f217372756fba5738 100644
--- a/roles/horde/README.md
+++ b/roles/horde/README.md
@@ -2,7 +2,7 @@
Ce rôle ansible deploie une instance du webmail horde.
## Variables
- - glob_horde. :
+ - horde. :
- secret : le secret de horde
- imap : le serveur imap
- smtp : le serveur smtp (il doit juste être contactable depuis le serveur
diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml
index f08addf09c11109e8cd9bb2f88c9842ecc049d70..aa7dd9acb7b25c58828e0d8da015ef5668455c76 100644
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@@ -3,9 +3,13 @@
- name: Install horde APT dependencies
apt:
update_cache: true
- name:
- - nginx
- - php-horde-webmail
+ name: '{{ item }}'
+ loop: # Install dependencies in the right order.
+ - nginx
+ - php7.3-fpm
+ - php-horde-webmail
+ - php-pgsql
+ - oidentd
register: apt_result
retries: 3
until: apt_result is succeeded
@@ -21,6 +25,23 @@
- horde/horde/conf.php
- horde/imp/backends.php
+- name: Enable horde plugins
+ template:
+ src: 'horde/{{ item }}/conf.php.j2'
+ dest: '/etc/horde/{{ item }}/conf.php'
+ owner: www-data
+ group: www-data
+ mode: 0640
+ loop:
+ - gollem
+ - imp
+ - ingo
+ - kronolith
+ - mnemo
+ - nag
+ - trean
+ - turba
+
- name: Configure nginx site
template:
src: '{{ item }}.j2'
diff --git a/roles/horde/templates/horde/gollem/conf.php.j2 b/roles/horde/templates/horde/gollem/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..abd03a53d09ce83ff3c559cded6ebf28d26b0261
--- /dev/null
+++ b/roles/horde/templates/horde/gollem/conf.php.j2
@@ -0,0 +1,8 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: c70cc328a58f2b69cb67558ab883380298313e1e $
+$conf['backend']['backend_list'] = 'none';
+$conf['foldercache']['use_cache'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/horde/conf.php.j2 b/roles/horde/templates/horde/horde/conf.php.j2
index 6da1cbab1bb264876c3f65d739b7b900a7aaf31b..1c6c5018446a00617ee04b9ea6e08db761c6ee53 100644
--- a/roles/horde/templates/horde/horde/conf.php.j2
+++ b/roles/horde/templates/horde/horde/conf.php.j2
@@ -6,7 +6,7 @@ $conf['vhosts'] = false;
$conf['debug_level'] = E_ALL & ~E_NOTICE;
$conf['max_exec_time'] = 0;
$conf['compress_pages'] = true;
-$conf['secret_key'] = '{{ glob_horde.secret }}';
+$conf['secret_key'] = '{{ horde.secret }}';
$conf['umask'] = 077;
$conf['testdisable'] = true;
$conf['use_ssl'] = 1;
@@ -23,7 +23,7 @@ $conf['session']['max_time'] = 72000;
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
$conf['cookie']['path'] = '/';
$conf['sql']['username'] = 'www-data';
-$conf['sql']['hostspec'] = '{{ glob_horde.db }}';
+$conf['sql']['hostspec'] = '{{ horde.db }}';
$conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde5';
$conf['sql']['charset'] = 'utf-8';
@@ -32,14 +32,14 @@ $conf['sql']['logqueries'] = false;
$conf['sql']['phptype'] = 'pgsql';
$conf['nosql']['phptype'] = false;
$conf['ldap']['useldap'] = false;
-$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
+$conf['auth']['admins'] = array({{ horde.admins | join(', ')}});
$conf['auth']['checkip'] = false;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['resetpassword'] = false;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['list_users'] = 'list';
-$conf['auth']['params']['hostspec'] = '{{ glob_horde.imap }}';
+$conf['auth']['params']['hostspec'] = '{{ horde.imap }}';
$conf['auth']['params']['port'] = 143;
$conf['auth']['params']['secure'] = 'tls';
$conf['auth']['driver'] = 'imap';
diff --git a/roles/horde/templates/horde/imp/backends.php.j2 b/roles/horde/templates/horde/imp/backends.php.j2
index b03fc3de616eed3e0405a5df8045f3194946a74e..cac5f91504a2e77360935b244b15c6abde571faf 100644
--- a/roles/horde/templates/horde/imp/backends.php.j2
+++ b/roles/horde/templates/horde/imp/backends.php.j2
@@ -4,14 +4,14 @@ $servers['imp'] = array(
// Disabled by default
'disabled' => false,
'name' => 'IMAP Cr@ns',
- 'hostspec' => '{{ glob_horde.imap }}',
+ 'hostspec' => '{{ horde.imap }}',
'hordeauth' => true,
'protocol' => 'imap',
'port' => 143,
'secure' => 'tls',
- 'maildomain' => '{{ glob_horde.maildomain }}',
+ 'maildomain' => '{{ horde.maildomain }}',
'smtp' => array(
- 'host' => '{{ glob_horde.smtp }}',
+ 'host' => '{{ horde.smtp }}',
'port' => 25,
),
'cache' => false,
diff --git a/roles/horde/templates/horde/imp/conf.php.j2 b/roles/horde/templates/horde/imp/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..31ee99c4de260bf7cd6c377892af908a3994f3c2
--- /dev/null
+++ b/roles/horde/templates/horde/imp/conf.php.j2
@@ -0,0 +1,22 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48bf0b4cc99e7941b4432a29e70e145b8d654cc7 $
+$conf['user']['allow_view_source'] = true;
+$conf['server']['server_list'] = 'none';
+$conf['compose']['use_vfs'] = false;
+$conf['compose']['link_attachments'] = false;
+$conf['compose']['attach_size_limit'] = 0;
+$conf['compose']['attach_count_limit'] = 0;
+$conf['compose']['reply_limit'] = 200000;
+$conf['compose']['ac_threshold'] = 3;
+$conf['compose']['htmlsig_img_size'] = 30000;
+$conf['pgp']['keylength'] = 0;
+$conf['maillog']['driver'] = 'history';
+$conf['sentmail']['driver'] = 'Null';
+$conf['contactsimage']['backends'] = array('IMP_Contacts_Avatar_Addressbook');
+$conf['tasklist']['use_tasklist'] = true;
+$conf['notepad']['use_notepad'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
+
diff --git a/roles/horde/templates/horde/ingo/conf.php.j2 b/roles/horde/templates/horde/ingo/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..99753a627f4a5f64b7af88c155d8fa7bc69fa86a
--- /dev/null
+++ b/roles/horde/templates/horde/ingo/conf.php.j2
@@ -0,0 +1,12 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48142d13ef06c07f56427fe5b43981631bdbfdb0 $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['rules']['userheader'] = true;
+$conf['spam']['header'] = 'X-Spam-Level';
+$conf['spam']['char'] = '*';
+$conf['spam']['compare'] = 'string';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/kronolith/conf.php.j2 b/roles/horde/templates/horde/kronolith/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..a58b33402bedb3b468e25c4dc9ec520fccae55d3
--- /dev/null
+++ b/roles/horde/templates/horde/kronolith/conf.php.j2
@@ -0,0 +1,23 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 380230c774efc2661b03a58bd71824d28cdc6040 $
+$conf['calendar']['params']['table'] = 'kronolith_events';
+$conf['calendar']['params']['driverconfig'] = 'horde';
+$conf['calendar']['params']['utc'] = true;
+$conf['calendar']['driver'] = 'sql';
+$conf['storage']['params']['table'] = 'kronolith_storage';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['calendars']['driver'] = 'default';
+$conf['resource']['params']['table'] = 'kronolith_resources';
+$conf['resource']['params']['driverconfig'] = 'horde';
+$conf['resource']['params']['utc'] = true;
+$conf['resource']['driver'] = 'sql';
+$conf['autoshare']['shareperms'] = 'none';
+$conf['share']['notify'] = false;
+$conf['holidays']['enable'] = true;
+$conf['menu']['import_export'] = true;
+$conf['maps']['driver'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/mnemo/conf.php.j2 b/roles/horde/templates/horde/mnemo/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..31cbd097b3c368f3f0e02db3b69cf14b4bd97917
--- /dev/null
+++ b/roles/horde/templates/horde/mnemo/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: d97e56b407852ff0a86c7d88c9a57c8f3089e82f $
+$conf['storage']['params']['table'] = 'mnemo_memos';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['notepads']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/nag/conf.php.j2 b/roles/horde/templates/horde/nag/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ae4e5425009b0b717824ec5fa4ba125474a0a95d
--- /dev/null
+++ b/roles/horde/templates/horde/nag/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 7a2eb8e9002cee73d99d618dfb6509a56ab639ec $
+$conf['storage']['params']['table'] = 'nag_tasks';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['tasklists']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/trean/conf.php.j2 b/roles/horde/templates/horde/trean/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b1e7d1a5d75c47a3bcd751a35d018c6d7092a00d
--- /dev/null
+++ b/roles/horde/templates/horde/trean/conf.php.j2
@@ -0,0 +1,10 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 5622bdf8096764a63c7e1039b09edb337bd46a0f $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['content_index']['enabled'] = false;
+$conf['favicons']['type'] = 'horde';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/turba/conf.php.j2 b/roles/horde/templates/horde/turba/conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aebb5b9cf331a8d149e6db35d22e5f2b4d117a0d
--- /dev/null
+++ b/roles/horde/templates/horde/turba/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 4cd616848fb2e5c81200bf7c65930e9086ec2dcd $
+$conf['menu']['import_export'] = true;
+$conf['shares']['source'] = 'localsql';
+$conf['comments']['allow'] = true;
+$conf['documents']['type'] = 'horde';
+$conf['tags']['enabled'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/nginx/sites-available/horde.j2 b/roles/horde/templates/nginx/sites-available/horde.j2
index cbf84402e869e2fbd8675874a93210f358b04a34..cc91c95244eb9816958d6602100e2ba9a4725faf 100644
--- a/roles/horde/templates/nginx/sites-available/horde.j2
+++ b/roles/horde/templates/nginx/sites-available/horde.j2
@@ -1,17 +1,16 @@
{{ ansible_header | comment }}
server {
- listen {{ glob_horde.admin_src_hostname }}:80;
- listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
- server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
+ listen [{{ horde.ipv6 }}]:80;
+ server_name {{ horde.admin_src_hostname }} {{ horde.src_hostname }};
root /usr/share/;
location / {
- return 302 https://{{ glob_horde.dest_hostname }}/horde;
+ return 302 https://{{ horde.dest_hostname }}/horde;
}
include "snippets/php.conf";
- set_real_ip_from {{ glob_horde.zone_ipv4 }};
- set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ set_real_ip_from {{ horde.zone_ipv4 }};
+ set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}
diff --git a/roles/horde/templates/nginx/sites-available/webmail.j2 b/roles/horde/templates/nginx/sites-available/webmail.j2
index 71270f89204cded39f28fc063634569e0b7949ef..a8896e5bd01f47b28de5b87d3106e2da657c6149 100644
--- a/roles/horde/templates/nginx/sites-available/webmail.j2
+++ b/roles/horde/templates/nginx/sites-available/webmail.j2
@@ -1,12 +1,11 @@
{{ ansible_header | comment }}
server {
- listen {{ glob_horde.admin_dest_hostname }}:80;
- listen {{ loc_horde.ipv6 }}:80;
- server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
+ listen {{ horde.ipv4 }}:80;
+ server_name {{ horde.dest_hostname }} {{ horde.admin_dest_hostname }};
root /usr/share/;
location / {
- return 302 {{ glob_horde.redirection }};
+ return 302 {{ horde.redirection }};
}
location /horde {
try_files $uri $uri/ /horde/rampage.php?$args;
@@ -14,8 +13,8 @@ server {
}
include "snippets/php.conf";
- set_real_ip_from {{ glob_horde.zone_ipv4 }};
- set_real_ip_from {{ glob_horde.zone_ipv6 }};
+ set_real_ip_from {{ horde.zone_ipv4 }};
+ set_real_ip_from {{ horde.zone_ipv6 }};
real_ip_header P-Real-Ip;
}