diff --git a/lists.yaml b/lists.yaml new file mode 100644 index 0000000..8a678f6 --- /dev/null +++ b/lists.yaml @@ -0,0 +1,8 @@ +--- +- hosts: biff + roles: + - role: lxc_guest + vm_name: lists +- hosts: lists + roles: + - role: sympa diff --git a/roles/apache/tasks/main.yaml b/roles/apache/tasks/main.yaml deleted file mode 100644 index 1179bda..0000000 --- a/roles/apache/tasks/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: install apache - apt: name={{ item }} state=latest - with_items: - - apache2 -- name: start apache at boot - service: name=apache2 state=started enabled=yes - diff --git a/roles/apache2/defaults/main.yml b/roles/apache2/defaults/main.yml new file mode 100644 index 0000000..c8c6b89 --- /dev/null +++ b/roles/apache2/defaults/main.yml @@ -0,0 +1,2 @@ +--- + php: false diff --git a/roles/apache2/tasks/main.yaml b/roles/apache2/tasks/main.yaml new file mode 100644 index 0000000..caebde7 --- /dev/null +++ b/roles/apache2/tasks/main.yaml @@ -0,0 +1,26 @@ +--- +- include: service.yaml + vars: + service_name: apache2 + service_packages: + - apache2 + +- name: enable apache2 configuration + file: + src: "/etc/apache2/sites-available/{{ config_name }}" + dest: "/etc/apache2/sites-enabled/{{ config_name }}" + state: link + notify: restart apache2 + +- name: disable apache2 default configuration + file: path=/etc/apache2/sites-enabled/000-default.conf state=absent + notify: restart apache2 + +- name: upload apache proxy configuration + apt: name="{{ item }}" state=present + with_items: + - libapache2-mod-php5 + when: php | bool + notify: + - enable apache2 configuration + - restart apache2 diff --git a/roles/dokuwiki/meta/main.yaml b/roles/dokuwiki/meta/main.yaml index b6f5775..ced5045 100644 --- a/roles/dokuwiki/meta/main.yaml +++ b/roles/dokuwiki/meta/main.yaml @@ -1,3 +1,4 @@ --- dependencies: - - nginx + - role: nginx + config_name: docuwiki.conf diff --git a/roles/dokuwiki/tasks/main.yaml b/roles/dokuwiki/tasks/main.yaml index fb3d9b2..13f6b6d 100644 --- a/roles/dokuwiki/tasks/main.yaml +++ b/roles/dokuwiki/tasks/main.yaml @@ -2,7 +2,11 @@ - name: install dokuwiki and associated packages apt: name={{ item }} state=latest with_items: - - php5-cgi - - php5-fpm - - php5-gd - dokuwiki +- name: add nginx config for docukiwi + template: + src: docukiwi_nginx.j2 + dest: "/etc/nginx/sites-available/{{ config_name }}" + notify: + - enable nginx configuration + - restart nginx diff --git a/roles/dokuwiki/templates/site_config.j2 b/roles/dokuwiki/templates/docuwiki_nginx.j2 similarity index 100% rename from roles/dokuwiki/templates/site_config.j2 rename to roles/dokuwiki/templates/docuwiki_nginx.j2 diff --git a/roles/gitlab/tasks/main.yaml b/roles/gitlab/tasks/main.yaml deleted file mode 100644 index 3887ef2..0000000 --- a/roles/gitlab/tasks/main.yaml +++ /dev/null @@ -1,19 +0,0 @@ -- name: configure gitlab (fqdn) - debconf: - name: 'gitlab' - question: 'gitlab/fqdn' - vtype: 'string' - value: '{{ gitlab_fqdn }}' -- name: configure gitlab (ssl) - debconf: - name: 'gitlab' - question: 'gitlab/ssl' - vtype: 'string' - value: "false" -- name: install gitlab packages - apt: - name: '{{ item }}' - state: latest - install_recommends: false - with_items: - - gitlab diff --git a/roles/gogs/meta/main.yaml b/roles/gogs/meta/main.yaml deleted file mode 100644 index 318dc32..0000000 --- a/roles/gogs/meta/main.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -dependencies: - - nginx - - role: nginx_proxy - server_name: "gogs" - config_name: "gogs" - remote_host: "http://127.0.0.1:3000" - - role: postgres diff --git a/roles/gogs/tasks/main.yaml b/roles/gogs/tasks/main.yaml deleted file mode 100644 index 2b5cfd1..0000000 --- a/roles/gogs/tasks/main.yaml +++ /dev/null @@ -1,42 +0,0 @@ -- name: Generate database password - gen_passwd: length=20 - register: db_password -- name: Generate random gogs password - gen_passwd: length=20 - register: gogs_password -- block: - - postgresql_db: - # database name - name=gogs - state=present - - postgresql_user: - # the user - name: gogs - password: "{{ db_password.passwd }}" - # which db owns - db: gogs - # privileges on gogs db - priv: ALL - become: true - become_method: su - become_user: postgres -- name: Install dependencies - apt: name={{ item }} state=latest - with_items: - - git -- name: Install Https for APT - apt: name=apt-transport-https update_cache=yes -- name: Add the repository key to system - apt_key: url=https://deb.packager.io/key state=present -- name: Add the package.io repository to the list - apt_repository: repo='deb https://deb.packager.io/gh/pkgr/gogs jessie pkgr' state=present -- name: Install Gogs - apt: name=gogs update_cache=yes -- name: Copy Gogs configuration - template: - dest=/etc/gogs/conf/app.ini - src=templates/app.ini - owner=gogs - group=gogs -- name: Start at boot - service: name=gogs state=started enabled=yes diff --git a/roles/gogs/templates/app.ini b/roles/gogs/templates/app.ini deleted file mode 100644 index fd4bb09..0000000 --- a/roles/gogs/templates/app.ini +++ /dev/null @@ -1,367 +0,0 @@ -; App name that shows on every page title -APP_NAME = Gogs: Go Git Service -; Change it if you run locally -RUN_USER = gogs -; Either "dev", "prod" or "test", default is "dev" -RUN_MODE = prod - -[repository] -ROOT = -SCRIPT_TYPE = bash -; Default ANSI charset -ANSI_CHARSET = -; Force every new repository to be private -FORCE_PRIVATE = false -; Global maximum creation limit of repository per user, -1 means no limit -MAX_CREATION_LIMIT = -1 -; Patch test queue length, make it as large as possible -PULL_REQUEST_QUEUE_LENGTH = 10000 - -[ui] -; Number of repositories that are showed in one explore page -EXPLORE_PAGING_NUM = 20 -; Number of issues that are showed in one page -ISSUE_PAGING_NUM = 10 -; Number of maximum commits showed in one activity feed -FEED_MAX_COMMIT_NUM = 5 -; Value of `theme-color` meta tag, used by Android >= 5.0 -; An invalid color like "none" or "disable" will have the default style -; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android -THEME_COLOR_META_TAG = `#ff5343` - -[ui.admin] -; Number of users that are showed in one page -USER_PAGING_NUM = 50 -; Number of repos that are showed in one page -REPO_PAGING_NUM = 50 -; Number of notices that are showed in one page -NOTICE_PAGING_NUM = 25 -; Number of organization that are showed in one page -ORG_PAGING_NUM = 50 - -[markdown] -; Enable hard line break extension -ENABLE_HARD_LINE_BREAK = false -; List of custom URL-Schemes that are allowed as links when rendering Markdown -; for example git,magnet -CUSTOM_URL_SCHEMES = - -[server] -PROTOCOL = http -DOMAIN = projects.lilik.it -ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/ -HTTP_ADDR = -HTTP_PORT = 3000 -; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service. -; In most cases you do not need to change the default value. -; Alter it only if your SSH server node is not the same as HTTP node. -LOCAL_ROOT_URL = http://localhost:%(HTTP_PORT)s/ -; Disable SSH feature when not available -DISABLE_SSH = false -; Whether use builtin SSH server or not. false default -START_SSH_SERVER = false -; Domain name to be exposed in clone URL -SSH_DOMAIN = %(DOMAIN)s -; Port number to be exposed in clone URL -SSH_PORT = 22 -; Port number builtin SSH server listens on -SSH_LISTEN_PORT = %(SSH_PORT)s -; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. -SSH_ROOT_PATH = /home/gogs/.ssh -; Directory to create temporary files when test publick key using ssh-keygen, -; default is system temporary directory. -SSH_KEY_TEST_PATH = -; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. -SSH_KEYGEN_PATH = ssh-keygen -; Indicate whether to check minimum key size with corresponding type -MINIMUM_KEY_SIZE_CHECK = false -; Disable CDN even in "prod" mode -OFFLINE_MODE = false -DISABLE_ROUTER_LOG = false -; Generate steps: -; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com -; -; Or from a .pfx file exported from the Windows certificate store (do -; not forget to export the private key): -; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys -; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes -CERT_FILE = custom/https/cert.pem -KEY_FILE = custom/https/key.pem -; Upper level of template and static file path -; default is the path where Gogs is executed -STATIC_ROOT_PATH = -; Default path for App data -APP_DATA_PATH = data -; Application level GZIP support -ENABLE_GZIP = false -; Landing page for non-logged users, can be "home" or "explore" -LANDING_PAGE = home - -; Define allowed algorithms and their minimum key length (use -1 to disable a type) -[ssh.minimum_key_sizes] -ED25519 = 256 -ECDSA = 256 -RSA = 2048 -DSA = 1024 - -[database] -; Either "mysql", "postgres" or "sqlite3", it's your choice -DB_TYPE = postgres -HOST = 127.0.0.1:5432 -NAME = gogs -USER = gogs -PASSWD = `{{ db_password.passwd }}` -; For "postgres" only, either "disable", "require" or "verify-full" -SSL_MODE = disable -; For "sqlite3" and "tidb", use absolute path when you start as service -PATH = data/gogs.db - -[admin] - -[security] -INSTALL_LOCK = false -; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! -SECRET_KEY = {{ gogs_password.passwd }} -; Auto-login remember days -LOGIN_REMEMBER_DAYS = 7 -COOKIE_USERNAME = gogs_awesome -COOKIE_REMEMBER_NAME = gogs_incredible -; Reverse proxy authentication header name of user name -REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER - -[service] -ACTIVE_CODE_LIVE_MINUTES = 180 -RESET_PASSWD_CODE_LIVE_MINUTES = 180 -; User need to confirm e-mail for registration -REGISTER_EMAIL_CONFIRM = false -; Does not allow register and admin create account only -DISABLE_REGISTRATION = false -; User must sign in to view anything. -REQUIRE_SIGNIN_VIEW = false -; Mail notification -ENABLE_NOTIFY_MAIL = false -; More detail: https://github.com/gogits/gogs/issues/165 -ENABLE_REVERSE_PROXY_AUTHENTICATION = false -ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false -; Enable captcha validation for registration -ENABLE_CAPTCHA = true - -[webhook] -; Hook task queue length -QUEUE_LENGTH = 1000 -; Deliver timeout in seconds -DELIVER_TIMEOUT = 5 -; Allow insecure certification -SKIP_TLS_VERIFY = false -; Number of history information in each page -PAGING_NUM = 10 - -[mailer] -ENABLED = false -; Buffer length of channel, keep it as it is if you don't know what it is. -SEND_BUFFER_LEN = 100 -; Name displayed in mail title -SUBJECT = %(APP_NAME)s -; Mail server -; Gmail: smtp.gmail.com:587 -; QQ: smtp.qq.com:25 -; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. -HOST = smtp.lilik.it:587 -; Disable HELO operation when hostname are different. -DISABLE_HELO = -; Custom hostname for HELO operation, default is from system. -HELO_HOSTNAME = -; Do not verify the certificate of the server. Only use this for self-signed certificates -SKIP_VERIFY = false -; Use client certificate -USE_CERTIFICATE = true -CERT_FILE = custom/mailer/cert.pem -KEY_FILE = custom/mailer/key.pem -; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format -FROM = projects@lilik.it -; Mailer user name and password -USER = -PASSWD = - -[cache] -; Either "memory", "redis", or "memcache", default is "memory" -ADAPTER = memory -; For "memory" only, GC interval in seconds, default is 60 -INTERVAL = 60 -; For "redis" and "memcache", connection host address -; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 -; memcache: `127.0.0.1:11211` -HOST = - -[session] -; Either "memory", "file", "redis" or "mysql", default is "memory" -PROVIDER = memory -; Provider config options -; memory: not have any config yet -; file: session file path, e.g. `data/sessions` -; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 -; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` -PROVIDER_CONFIG = data/sessions -; Session cookie name -COOKIE_NAME = i_like_gogits -; If you use session in https only, default is false -COOKIE_SECURE = false -; Enable set cookie, default is true -ENABLE_SET_COOKIE = true -; Session GC time interval, default is 86400 -GC_INTERVAL_TIME = 86400 -; Session life time, default is 86400 -SESSION_LIFE_TIME = 86400 - -[picture] -AVATAR_UPLOAD_PATH = data/avatars -; Chinese users can choose "duoshuo" -; or a custom avatar source, like: http://cn.gravatar.com/avatar/ -GRAVATAR_SOURCE = gravatar -DISABLE_GRAVATAR = false - -[attachment] -; Whether attachments are enabled. Defaults to `true` -ENABLE = true -; Path for attachments. Defaults to `data/attachments` -PATH = data/attachments -; One or more allowed types, e.g. image/jpeg|image/png -ALLOWED_TYPES = image/jpeg|image/png -; Max size of each file. Defaults to 32MB -MAX_SIZE = 4 -; Max number of files per upload. Defaults to 10 -MAX_FILES = 5 - -[time] -; Specifies the format for fully outputed dates. Defaults to RFC1123 -; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano -; For more information about the format see http://golang.org/pkg/time/#pkg-constants -FORMAT = - -[log] -ROOT_PATH = -; Either "console", "file", "conn", "smtp" or "database", default is "console" -; Use comma to separate multiple modes, e.g. "console, file" -MODE = console -; Buffer length of channel, keep it as it is if you don't know what it is. -BUFFER_LEN = 10000 -; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = Trace - -; For "console" mode only -[log.console] -LEVEL = - -; For "file" mode only -[log.file] -LEVEL = -; This enables automated log rotate(switch of following options), default is true -LOG_ROTATE = true -; Max line number of single file, default is 1000000 -MAX_LINES = 1000000 -; Max size shift of single file, default is 28 means 1 << 28, 256MB -MAX_SIZE_SHIFT = 28 -; Segment log daily, default is true -DAILY_ROTATE = true -; Expired days of log file(delete after max days), default is 7 -MAX_DAYS = 7 - -; For "conn" mode only -[log.conn] -LEVEL = -; Reconnect host for every single message, default is false -RECONNECT_ON_MSG = false -; Try to reconnect when connection is lost, default is false -RECONNECT = false -; Either "tcp", "unix" or "udp", default is "tcp" -PROTOCOL = tcp -; Host address -ADDR = - -; For "smtp" mode only -[log.smtp] -LEVEL = -; Name displayed in mail title, default is "Diagnostic message from server" -SUBJECT = Diagnostic message from server -; Mail server -HOST = -; Mailer user name and password -USER = -PASSWD = -; Receivers, can be one or more, e.g. ["1@example.com","2@example.com"] -RECEIVERS = - -; For "database" mode only -[log.database] -LEVEL = -; Either "mysql" or "postgres" -DRIVER = -; Based on xorm, e.g.: root:root@localhost/gogs?charset=utf8 -CONN = - -[cron] -; Enable running cron tasks periodically. -ENABLED = true -; Run cron tasks when Gogs starts. -RUN_AT_START = false - -; Update mirrors -[cron.update_mirrors] -SCHEDULE = @every 1h - -; Repository health check -[cron.repo_health_check] -SCHEDULE = @every 24h -TIMEOUT = 60s -; Arguments for command 'git fsck', e.g. "--unreachable --tags" -; see more on http://git-scm.com/docs/git-fsck/1.7.5 -ARGS = - -; Check repository statistics -[cron.check_repo_stats] -RUN_AT_START = true -SCHEDULE = @every 24h - -[git] -MAX_GIT_DIFF_LINES = 10000 -; Arguments for command 'git gc', e.g. "--aggressive --auto" -; see more on http://git-scm.com/docs/git-gc/1.7.5 -GC_ARGS = - -; Operation timeout in seconds -[git.timeout] -MIGRATE = 600 -MIRROR = 300 -CLONE = 300 -PULL = 300 - -[i18n] -LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR -NAMES = English,简体中文,繁體中文(香港),繁體中文(台湾),Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türk - -; Used for datetimepicker -[i18n.datelang] -en-US = en -zh-CN = zh -zh-HK = zh-TW -de-DE = de -fr-FR = fr -nl-NL = nl -lv-LV = lv -ru-RU = ru -ja-JP = ja -es-ES = es -pt-BR = pt-BR -pl-PL = pl -bg-BG = bg -it-IT = it -fi-FI = fi - -; Extension mapping to highlight class -; e.g. .toml=ini -[highlight.mapping] - -[other] -SHOW_FOOTER_BRANDING = false -; Show version information about gogs and go in the footer -SHOW_FOOTER_VERSION = true diff --git a/roles/ldap/handlers/main.yaml b/roles/ldap/handlers/main.yaml index 16501b2..e9616f2 100644 --- a/roles/ldap/handlers/main.yaml +++ b/roles/ldap/handlers/main.yaml @@ -1,2 +1,4 @@ -- name: restart_slapd - service: name=slapd state=restarted +--- +- include: service.yaml + vars: + service_name: slapd diff --git a/roles/ldap/tasks/main.yaml b/roles/ldap/tasks/main.yaml index 5f52f97..42e97f7 100644 --- a/roles/ldap/tasks/main.yaml +++ b/roles/ldap/tasks/main.yaml @@ -37,16 +37,14 @@ question: 'phamm-ldap/init_base_ldap' vtype: 'boolean' value: false -- name: install ldap packages - apt: - name: '{{ item }}' - state: latest - install_recommends: false - with_items: - - slapd - - ldap-utils - - phamm-ldap - - sudo +- include: service.yaml + vars: + service_name: slapd + service_packages: + - slapd + - ldap-utils + - phamm-ldap + - sudo - name: upload slapd config template: src: slapd.conf.j2 diff --git a/roles/mysql/handlers/main.yaml b/roles/mysql/handlers/main.yaml new file mode 100644 index 0000000..50ac056 --- /dev/null +++ b/roles/mysql/handlers/main.yaml @@ -0,0 +1,4 @@ +--- +- include: service.yaml + vars: + service_name: mysql diff --git a/roles/mysql/tasks/main.yaml b/roles/mysql/tasks/main.yaml index 15ecb0a..895073c 100644 --- a/roles/mysql/tasks/main.yaml +++ b/roles/mysql/tasks/main.yaml @@ -1,8 +1,6 @@ --- -- name: install mysql - apt: name={{ item }} state=latest - with_items: - - mysql -- name: start mysql at boot - service: name=mysql state=started enabled=yes - +- include: service.yaml + vars: + service_name: mysql + service_packages: + - mysql diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml index a2c96af..63ce2f3 100644 --- a/roles/nginx/tasks/main.yaml +++ b/roles/nginx/tasks/main.yaml @@ -9,7 +9,7 @@ notify: restart nginx - name: upload nginx proxy configuration template: - src: proxy_config.j2 + src: proxy_nginx.j2 dest: "/etc/nginx/sites-available/{{ config_name }}" when: is_proxy | bool notify: diff --git a/roles/nginx/templates/site_config.j2 b/roles/nginx/templates/proxy_nginx.j2 similarity index 100% rename from roles/nginx/templates/site_config.j2 rename to roles/nginx/templates/proxy_nginx.j2 diff --git a/roles/postgres/handlers/main.yaml b/roles/postgres/handlers/main.yaml new file mode 100644 index 0000000..6d04c98 --- /dev/null +++ b/roles/postgres/handlers/main.yaml @@ -0,0 +1,4 @@ +--- +- include: service.yaml + vars: + service_name: postgres diff --git a/roles/postgres/main.yaml b/roles/postgres/main.yaml new file mode 100644 index 0000000..f1c6884 --- /dev/null +++ b/roles/postgres/main.yaml @@ -0,0 +1,15 @@ +--- +- include: service.yaml + vars: + service_name: nginx + +- name: validate nginx configuration + command: nginx -t -c /etc/nginx/nginx.conf + changed_when: False + +- name: enable nginx configuration + file: + src: "/etc/nginx/sites-available/{{ config_name }}" + dest: "/etc/nginx/sites-enabled/{{ config_name }}" + state: link + notify: restart nginx diff --git a/roles/postgres/tasks/main.yaml b/roles/postgres/tasks/main.yaml index 6921845..a2c96af 100644 --- a/roles/postgres/tasks/main.yaml +++ b/roles/postgres/tasks/main.yaml @@ -1,8 +1,17 @@ -- name: install postgresql - apt: name={{ item }} state=latest - with_items: - - postgresql - - postgresql-contrib - - python-psycopg2 -- name: start postgresql at boot - service: name=postgresql state=started enabled=yes +--- +- include: service.yaml + vars: + service_name: nginx + service_packages: + - nginx +- name: disable nginx default configuration + file: path=/etc/nginx/sites-enabled/default state=absent + notify: restart nginx +- name: upload nginx proxy configuration + template: + src: proxy_config.j2 + dest: "/etc/nginx/sites-available/{{ config_name }}" + when: is_proxy | bool + notify: + - enable nginx configuration + - restart nginx diff --git a/roles/postgres/tasks0/main.yaml b/roles/postgres/tasks0/main.yaml new file mode 100644 index 0000000..190c804 --- /dev/null +++ b/roles/postgres/tasks0/main.yaml @@ -0,0 +1,8 @@ +--- +- include: service.yaml + vars: + service_name: postgres + service_packages: + - postgresql + - postgresql-contrib + - python-psycopg2 diff --git a/roles/postgres/templates/mattermost.service.j2 b/roles/postgres/templates/mattermost.service.j2 deleted file mode 100644 index b3bda1d..0000000 --- a/roles/postgres/templates/mattermost.service.j2 +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Mattermost -After=network.target - -[Service] -User=mattermost -ExecStart=/opt/mattermost/bin/platform -WorkingDirectory=/opt/mattermost -Restart=always -RestartSec=30 - -[Install] -WantedBy=multi-user.target diff --git a/roles/roundcube/meta/main.yaml b/roles/roundcube/meta/main.yaml new file mode 100644 index 0000000..854f8e8 --- /dev/null +++ b/roles/roundcube/meta/main.yaml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: nginx + config_name: roundcube.conf diff --git a/roles/roundcube/tasks/main.yaml b/roles/roundcube/tasks/main.yaml new file mode 100644 index 0000000..2ea981b --- /dev/null +++ b/roles/roundcube/tasks/main.yaml @@ -0,0 +1,23 @@ +- name: add jessie-backports repository +- apt_repository: repo='deb http://ftp.debian.org/debian jessie-backports main' state=present + +- name: install roundcube packages + apt: + name: '{{ item }}' + state: latest + update_cache: yes + with_items: + - roundcube-sqlite3 + - roundcube + - roundcube-plugins + +- name: add nginx config for roundcube + template: + dest=/etc/nginx/sites-available/roundcube.conf + src=roundcube_config.j2 + owner=root + group=root + mode=0700 + notify: + - enable nginx configuration + - restart nginx diff --git a/roles/roundcube/templates/roundcube-config.j2 b/roles/roundcube/templates/roundcube-config.j2 new file mode 100644 index 0000000..e5d1930 --- /dev/null +++ b/roles/roundcube/templates/roundcube-config.j2 @@ -0,0 +1,25 @@ +server { + listen 80 default_server; + server_name localhost:80; + + # support roundcubemail secure urls + rewrite "^/[a-zA-Z0-9]{16}/(.*)" /$1; + + # roundcube + root /var/lib/roundcube; + + index index.php; + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + } + + #deny access to .htaccess files, if Apache's document root + #concurs with nginx's one + location ~ /\.ht { + deny all; + } +} diff --git a/roles/sympa/meta/main.yaml b/roles/sympa/meta/main.yaml new file mode 100644 index 0000000..a8b917c --- /dev/null +++ b/roles/sympa/meta/main.yaml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: nginx + config_name: sympa.conf diff --git a/roles/sympa/tasks/main.yaml b/roles/sympa/tasks/main.yaml new file mode 100644 index 0000000..6eab77b --- /dev/null +++ b/roles/sympa/tasks/main.yaml @@ -0,0 +1,22 @@ +--- +- include: service.yaml + vars: + service_name: nginx + service_packages: + - nginx +- name: install sympa and associated packages + apt: name={{ item }} state=latest + with_items: + - sympa + - wwsympa + - fcgiwrap +- name: add nginx config for sympa + template: + src: sympa_nginx.j2 + dest: "/etc/nginx/sites-available/{{ config_name }}" + notify: + - enable nginx configuration + - restart nginx + notify: + - enable nginx configuration + - restart nginx diff --git a/roles/sympa/templates/sympa_nginx.j2 b/roles/sympa/templates/sympa_nginx.j2 new file mode 100644 index 0000000..d94a8f4 --- /dev/null +++ b/roles/sympa/templates/sympa_nginx.j2 @@ -0,0 +1,65 @@ +# based on https://gist.github.com/bjacint/7862912 + +server { + listen 80; + + server_name *.*; + root /usr/lib/cgi-bin/sympa; + access_log /var/log/nginx/sympa.access.log; + error_log /var/log/nginx/sympa.error.log; + error_page 403 500 502 503 504 /50x.html; + + rewrite ^/$ /wws permanent; + + # While configuring sympa, you should specify wwsympa_url for each robot. + # if you do not do so, sympa will generate wwsympa_url as ${robot_name}/sympa. + # So to prevent non-active urls for robots without wwsympa_url, we do this redirect: + + rewrite ^/sympa/(.*)$ /wws/$1 permanent; + + location ^~ /static-sympa/ { + alias /var/lib/sympa/static_content/; + access_log off; + } + location /50x.html { + root /usr/share/nginx/html; + } + location ~* \.(php|pl|py|jsp|asp|sh|cgi|bin|csh|ksh|out|run|o)$ { + deny all; + } + location ~ /\.ht { + deny all; + } + location /wws { + gzip off; + fastcgi_pass unix:/run/fcgiwrap.socket; + fastcgi_split_path_info ^(/wws)(.+)$; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + + # According to RFC3875 (https://tools.ietf.org/html/rfc3875#section-4.1.14) in SERVER_NAME + # we should put an actual hostname user came to. For nginx it is in $host + # This will allow to run sympa multihost instances + fastcgi_param SERVER_NAME $host; + + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param SCRIPT_FILENAME $document_root/wwsympa-wrapper.fcgi; + + fastcgi_param HTTP_HOST $http_host; + fastcgi_intercept_errors on; + } +} diff --git a/roles/wordpress/meta/main.yaml b/roles/wordpress/meta/main.yaml index 69aa254..5e2cab7 100644 --- a/roles/wordpress/meta/main.yaml +++ b/roles/wordpress/meta/main.yaml @@ -1,3 +1,4 @@ --- dependencies: - role: apache + php: true diff --git a/webmail.yaml b/webmail.yaml new file mode 100644 index 0000000..851d53e --- /dev/null +++ b/webmail.yaml @@ -0,0 +1,10 @@ +--- +- hosts: biff + roles: + - role: lxc_guest + vm_name: webmail +- hosts: webmail + roles: + - role: roundcube + imap_server: "{{ hostvars['mail'].ansible_host }}" + fqdn_domain: "lilik.it"