Browse Source

huge refactoring on services

services
Andrea Cimbalo 8 years ago
parent
commit
69d124d014
30 changed files with 265 additions and 489 deletions
  1. +8
    -0
      lists.yaml
  2. +0
    -8
      roles/apache/tasks/main.yaml
  3. +2
    -0
      roles/apache2/defaults/main.yml
  4. +26
    -0
      roles/apache2/tasks/main.yaml
  5. +2
    -1
      roles/dokuwiki/meta/main.yaml
  6. +7
    -3
      roles/dokuwiki/tasks/main.yaml
  7. +0
    -0
      roles/dokuwiki/templates/docuwiki_nginx.j2
  8. +0
    -19
      roles/gitlab/tasks/main.yaml
  9. +0
    -8
      roles/gogs/meta/main.yaml
  10. +0
    -42
      roles/gogs/tasks/main.yaml
  11. +0
    -367
      roles/gogs/templates/app.ini
  12. +4
    -2
      roles/ldap/handlers/main.yaml
  13. +8
    -10
      roles/ldap/tasks/main.yaml
  14. +4
    -0
      roles/mysql/handlers/main.yaml
  15. +5
    -7
      roles/mysql/tasks/main.yaml
  16. +1
    -1
      roles/nginx/tasks/main.yaml
  17. +0
    -0
      roles/nginx/templates/proxy_nginx.j2
  18. +4
    -0
      roles/postgres/handlers/main.yaml
  19. +15
    -0
      roles/postgres/main.yaml
  20. +17
    -8
      roles/postgres/tasks/main.yaml
  21. +8
    -0
      roles/postgres/tasks0/main.yaml
  22. +0
    -13
      roles/postgres/templates/mattermost.service.j2
  23. +4
    -0
      roles/roundcube/meta/main.yaml
  24. +23
    -0
      roles/roundcube/tasks/main.yaml
  25. +25
    -0
      roles/roundcube/templates/roundcube-config.j2
  26. +4
    -0
      roles/sympa/meta/main.yaml
  27. +22
    -0
      roles/sympa/tasks/main.yaml
  28. +65
    -0
      roles/sympa/templates/sympa_nginx.j2
  29. +1
    -0
      roles/wordpress/meta/main.yaml
  30. +10
    -0
      webmail.yaml

+ 8
- 0
lists.yaml View File

@ -0,0 +1,8 @@
---
- hosts: biff
roles:
- role: lxc_guest
vm_name: lists
- hosts: lists
roles:
- role: sympa

+ 0
- 8
roles/apache/tasks/main.yaml View File

@ -1,8 +0,0 @@
---
- name: install apache
apt: name={{ item }} state=latest
with_items:
- apache2
- name: start apache at boot
service: name=apache2 state=started enabled=yes

+ 2
- 0
roles/apache2/defaults/main.yml View File

@ -0,0 +1,2 @@
---
php: false

+ 26
- 0
roles/apache2/tasks/main.yaml View File

@ -0,0 +1,26 @@
---
- include: service.yaml
vars:
service_name: apache2
service_packages:
- apache2
- name: enable apache2 configuration
file:
src: "/etc/apache2/sites-available/{{ config_name }}"
dest: "/etc/apache2/sites-enabled/{{ config_name }}"
state: link
notify: restart apache2
- name: disable apache2 default configuration
file: path=/etc/apache2/sites-enabled/000-default.conf state=absent
notify: restart apache2
- name: upload apache proxy configuration
apt: name="{{ item }}" state=present
with_items:
- libapache2-mod-php5
when: php | bool
notify:
- enable apache2 configuration
- restart apache2

+ 2
- 1
roles/dokuwiki/meta/main.yaml View File

@ -1,3 +1,4 @@
--- ---
dependencies: dependencies:
- nginx
- role: nginx
config_name: docuwiki.conf

+ 7
- 3
roles/dokuwiki/tasks/main.yaml View File

@ -2,7 +2,11 @@
- name: install dokuwiki and associated packages - name: install dokuwiki and associated packages
apt: name={{ item }} state=latest apt: name={{ item }} state=latest
with_items: with_items:
- php5-cgi
- php5-fpm
- php5-gd
- dokuwiki - dokuwiki
- name: add nginx config for docukiwi
template:
src: docukiwi_nginx.j2
dest: "/etc/nginx/sites-available/{{ config_name }}"
notify:
- enable nginx configuration
- restart nginx

roles/dokuwiki/templates/site_config.j2 → roles/dokuwiki/templates/docuwiki_nginx.j2 View File


+ 0
- 19
roles/gitlab/tasks/main.yaml View File

@ -1,19 +0,0 @@
- name: configure gitlab (fqdn)
debconf:
name: 'gitlab'
question: 'gitlab/fqdn'
vtype: 'string'
value: '{{ gitlab_fqdn }}'
- name: configure gitlab (ssl)
debconf:
name: 'gitlab'
question: 'gitlab/ssl'
vtype: 'string'
value: "false"
- name: install gitlab packages
apt:
name: '{{ item }}'
state: latest
install_recommends: false
with_items:
- gitlab

+ 0
- 8
roles/gogs/meta/main.yaml View File

@ -1,8 +0,0 @@
---
dependencies:
- nginx
- role: nginx_proxy
server_name: "gogs"
config_name: "gogs"
remote_host: "http://127.0.0.1:3000"
- role: postgres

+ 0
- 42
roles/gogs/tasks/main.yaml View File

@ -1,42 +0,0 @@
- name: Generate database password
gen_passwd: length=20
register: db_password
- name: Generate random gogs password
gen_passwd: length=20
register: gogs_password
- block:
- postgresql_db:
# database name
name=gogs
state=present
- postgresql_user:
# the user
name: gogs
password: "{{ db_password.passwd }}"
# which db owns
db: gogs
# privileges on gogs db
priv: ALL
become: true
become_method: su
become_user: postgres
- name: Install dependencies
apt: name={{ item }} state=latest
with_items:
- git
- name: Install Https for APT
apt: name=apt-transport-https update_cache=yes
- name: Add the repository key to system
apt_key: url=https://deb.packager.io/key state=present
- name: Add the package.io repository to the list
apt_repository: repo='deb https://deb.packager.io/gh/pkgr/gogs jessie pkgr' state=present
- name: Install Gogs
apt: name=gogs update_cache=yes
- name: Copy Gogs configuration
template:
dest=/etc/gogs/conf/app.ini
src=templates/app.ini
owner=gogs
group=gogs
- name: Start at boot
service: name=gogs state=started enabled=yes

+ 0
- 367
roles/gogs/templates/app.ini View File

@ -1,367 +0,0 @@
; App name that shows on every page title
APP_NAME = Gogs: Go Git Service
; Change it if you run locally
RUN_USER = gogs
; Either "dev", "prod" or "test", default is "dev"
RUN_MODE = prod
[repository]
ROOT =
SCRIPT_TYPE = bash
; Default ANSI charset
ANSI_CHARSET =
; Force every new repository to be private
FORCE_PRIVATE = false
; Global maximum creation limit of repository per user, -1 means no limit
MAX_CREATION_LIMIT = -1
; Patch test queue length, make it as large as possible
PULL_REQUEST_QUEUE_LENGTH = 10000
[ui]
; Number of repositories that are showed in one explore page
EXPLORE_PAGING_NUM = 20
; Number of issues that are showed in one page
ISSUE_PAGING_NUM = 10
; Number of maximum commits showed in one activity feed
FEED_MAX_COMMIT_NUM = 5
; Value of `theme-color` meta tag, used by Android >= 5.0
; An invalid color like "none" or "disable" will have the default style
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
THEME_COLOR_META_TAG = `#ff5343`
[ui.admin]
; Number of users that are showed in one page
USER_PAGING_NUM = 50
; Number of repos that are showed in one page
REPO_PAGING_NUM = 50
; Number of notices that are showed in one page
NOTICE_PAGING_NUM = 25
; Number of organization that are showed in one page
ORG_PAGING_NUM = 50
[markdown]
; Enable hard line break extension
ENABLE_HARD_LINE_BREAK = false
; List of custom URL-Schemes that are allowed as links when rendering Markdown
; for example git,magnet
CUSTOM_URL_SCHEMES =
[server]
PROTOCOL = http
DOMAIN = projects.lilik.it
ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
HTTP_ADDR =
HTTP_PORT = 3000
; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node.
LOCAL_ROOT_URL = http://localhost:%(HTTP_PORT)s/
; Disable SSH feature when not available
DISABLE_SSH = false
; Whether use builtin SSH server or not. false default
START_SSH_SERVER = false
; Domain name to be exposed in clone URL
SSH_DOMAIN = %(DOMAIN)s
; Port number to be exposed in clone URL
SSH_PORT = 22
; Port number builtin SSH server listens on
SSH_LISTEN_PORT = %(SSH_PORT)s
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
SSH_ROOT_PATH = /home/gogs/.ssh
; Directory to create temporary files when test publick key using ssh-keygen,
; default is system temporary directory.
SSH_KEY_TEST_PATH =
; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
SSH_KEYGEN_PATH = ssh-keygen
; Indicate whether to check minimum key size with corresponding type
MINIMUM_KEY_SIZE_CHECK = false
; Disable CDN even in "prod" mode
OFFLINE_MODE = false
DISABLE_ROUTER_LOG = false
; Generate steps:
; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
;
; Or from a .pfx file exported from the Windows certificate store (do
; not forget to export the private key):
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
CERT_FILE = custom/https/cert.pem
KEY_FILE = custom/https/key.pem
; Upper level of template and static file path
; default is the path where Gogs is executed
STATIC_ROOT_PATH =
; Default path for App data
APP_DATA_PATH = data
; Application level GZIP support
ENABLE_GZIP = false
; Landing page for non-logged users, can be "home" or "explore"
LANDING_PAGE = home
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
RSA = 2048
DSA = 1024
[database]
; Either "mysql", "postgres" or "sqlite3", it's your choice
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gogs
USER = gogs
PASSWD = `{{ db_password.passwd }}`
; For "postgres" only, either "disable", "require" or "verify-full"
SSL_MODE = disable
; For "sqlite3" and "tidb", use absolute path when you start as service
PATH = data/gogs.db
[admin]
[security]
INSTALL_LOCK = false
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
SECRET_KEY = {{ gogs_password.passwd }}
; Auto-login remember days
LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gogs_awesome
COOKIE_REMEMBER_NAME = gogs_incredible
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
[service]
ACTIVE_CODE_LIVE_MINUTES = 180
RESET_PASSWD_CODE_LIVE_MINUTES = 180
; User need to confirm e-mail for registration
REGISTER_EMAIL_CONFIRM = false
; Does not allow register and admin create account only
DISABLE_REGISTRATION = false
; User must sign in to view anything.
REQUIRE_SIGNIN_VIEW = false
; Mail notification
ENABLE_NOTIFY_MAIL = false
; More detail: https://github.com/gogits/gogs/issues/165
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = true
[webhook]
; Hook task queue length
QUEUE_LENGTH = 1000
; Deliver timeout in seconds
DELIVER_TIMEOUT = 5
; Allow insecure certification
SKIP_TLS_VERIFY = false
; Number of history information in each page
PAGING_NUM = 10
[mailer]
ENABLED = false
; Buffer length of channel, keep it as it is if you don't know what it is.
SEND_BUFFER_LEN = 100
; Name displayed in mail title
SUBJECT = %(APP_NAME)s
; Mail server
; Gmail: smtp.gmail.com:587
; QQ: smtp.qq.com:25
; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
HOST = smtp.lilik.it:587
; Disable HELO operation when hostname are different.
DISABLE_HELO =
; Custom hostname for HELO operation, default is from system.
HELO_HOSTNAME =
; Do not verify the certificate of the server. Only use this for self-signed certificates
SKIP_VERIFY = false
; Use client certificate
USE_CERTIFICATE = true
CERT_FILE = custom/mailer/cert.pem
KEY_FILE = custom/mailer/key.pem
; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
FROM = projects@lilik.it
; Mailer user name and password
USER =
PASSWD =
[cache]
; Either "memory", "redis", or "memcache", default is "memory"
ADAPTER = memory
; For "memory" only, GC interval in seconds, default is 60
INTERVAL = 60
; For "redis" and "memcache", connection host address
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; memcache: `127.0.0.1:11211`
HOST =
[session]
; Either "memory", "file", "redis" or "mysql", default is "memory"
PROVIDER = memory
; Provider config options
; memory: not have any config yet
; file: session file path, e.g. `data/sessions`
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
PROVIDER_CONFIG = data/sessions
; Session cookie name
COOKIE_NAME = i_like_gogits
; If you use session in https only, default is false
COOKIE_SECURE = false
; Enable set cookie, default is true
ENABLE_SET_COOKIE = true
; Session GC time interval, default is 86400
GC_INTERVAL_TIME = 86400
; Session life time, default is 86400
SESSION_LIFE_TIME = 86400
[picture]
AVATAR_UPLOAD_PATH = data/avatars
; Chinese users can choose "duoshuo"
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
GRAVATAR_SOURCE = gravatar
DISABLE_GRAVATAR = false
[attachment]
; Whether attachments are enabled. Defaults to `true`
ENABLE = true
; Path for attachments. Defaults to `data/attachments`
PATH = data/attachments
; One or more allowed types, e.g. image/jpeg|image/png
ALLOWED_TYPES = image/jpeg|image/png
; Max size of each file. Defaults to 32MB
MAX_SIZE = 4
; Max number of files per upload. Defaults to 10
MAX_FILES = 5
[time]
; Specifies the format for fully outputed dates. Defaults to RFC1123
; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
; For more information about the format see http://golang.org/pkg/time/#pkg-constants
FORMAT =
[log]
ROOT_PATH =
; Either "console", "file", "conn", "smtp" or "database", default is "console"
; Use comma to separate multiple modes, e.g. "console, file"
MODE = console
; Buffer length of channel, keep it as it is if you don't know what it is.
BUFFER_LEN = 10000
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
LEVEL = Trace
; For "console" mode only
[log.console]
LEVEL =
; For "file" mode only
[log.file]
LEVEL =
; This enables automated log rotate(switch of following options), default is true
LOG_ROTATE = true
; Max line number of single file, default is 1000000
MAX_LINES = 1000000
; Max size shift of single file, default is 28 means 1 << 28, 256MB
MAX_SIZE_SHIFT = 28
; Segment log daily, default is true
DAILY_ROTATE = true
; Expired days of log file(delete after max days), default is 7
MAX_DAYS = 7
; For "conn" mode only
[log.conn]
LEVEL =
; Reconnect host for every single message, default is false
RECONNECT_ON_MSG = false
; Try to reconnect when connection is lost, default is false
RECONNECT = false
; Either "tcp", "unix" or "udp", default is "tcp"
PROTOCOL = tcp
; Host address
ADDR =
; For "smtp" mode only
[log.smtp]
LEVEL =
; Name displayed in mail title, default is "Diagnostic message from server"
SUBJECT = Diagnostic message from server
; Mail server
HOST =
; Mailer user name and password
USER =
PASSWD =
; Receivers, can be one or more, e.g. ["1@example.com","2@example.com"]
RECEIVERS =
; For "database" mode only
[log.database]
LEVEL =
; Either "mysql" or "postgres"
DRIVER =
; Based on xorm, e.g.: root:root@localhost/gogs?charset=utf8
CONN =
[cron]
; Enable running cron tasks periodically.
ENABLED = true
; Run cron tasks when Gogs starts.
RUN_AT_START = false
; Update mirrors
[cron.update_mirrors]
SCHEDULE = @every 1h
; Repository health check
[cron.repo_health_check]
SCHEDULE = @every 24h
TIMEOUT = 60s
; Arguments for command 'git fsck', e.g. "--unreachable --tags"
; see more on http://git-scm.com/docs/git-fsck/1.7.5
ARGS =
; Check repository statistics
[cron.check_repo_stats]
RUN_AT_START = true
SCHEDULE = @every 24h
[git]
MAX_GIT_DIFF_LINES = 10000
; Arguments for command 'git gc', e.g. "--aggressive --auto"
; see more on http://git-scm.com/docs/git-gc/1.7.5
GC_ARGS =
; Operation timeout in seconds
[git.timeout]
MIGRATE = 600
MIRROR = 300
CLONE = 300
PULL = 300
[i18n]
LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR
NAMES = English,简体中文,繁體中文(香港),繁體中文(台湾),Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türk
; Used for datetimepicker
[i18n.datelang]
en-US = en
zh-CN = zh
zh-HK = zh-TW
de-DE = de
fr-FR = fr
nl-NL = nl
lv-LV = lv
ru-RU = ru
ja-JP = ja
es-ES = es
pt-BR = pt-BR
pl-PL = pl
bg-BG = bg
it-IT = it
fi-FI = fi
; Extension mapping to highlight class
; e.g. .toml=ini
[highlight.mapping]
[other]
SHOW_FOOTER_BRANDING = false
; Show version information about gogs and go in the footer
SHOW_FOOTER_VERSION = true

+ 4
- 2
roles/ldap/handlers/main.yaml View File

@ -1,2 +1,4 @@
- name: restart_slapd
service: name=slapd state=restarted
---
- include: service.yaml
vars:
service_name: slapd

+ 8
- 10
roles/ldap/tasks/main.yaml View File

@ -37,16 +37,14 @@
question: 'phamm-ldap/init_base_ldap' question: 'phamm-ldap/init_base_ldap'
vtype: 'boolean' vtype: 'boolean'
value: false value: false
- name: install ldap packages
apt:
name: '{{ item }}'
state: latest
install_recommends: false
with_items:
- slapd
- ldap-utils
- phamm-ldap
- sudo
- include: service.yaml
vars:
service_name: slapd
service_packages:
- slapd
- ldap-utils
- phamm-ldap
- sudo
- name: upload slapd config - name: upload slapd config
template: template:
src: slapd.conf.j2 src: slapd.conf.j2


+ 4
- 0
roles/mysql/handlers/main.yaml View File

@ -0,0 +1,4 @@
---
- include: service.yaml
vars:
service_name: mysql

+ 5
- 7
roles/mysql/tasks/main.yaml View File

@ -1,8 +1,6 @@
--- ---
- name: install mysql
apt: name={{ item }} state=latest
with_items:
- mysql
- name: start mysql at boot
service: name=mysql state=started enabled=yes
- include: service.yaml
vars:
service_name: mysql
service_packages:
- mysql

+ 1
- 1
roles/nginx/tasks/main.yaml View File

@ -9,7 +9,7 @@
notify: restart nginx notify: restart nginx
- name: upload nginx proxy configuration - name: upload nginx proxy configuration
template: template:
src: proxy_config.j2
src: proxy_nginx.j2
dest: "/etc/nginx/sites-available/{{ config_name }}" dest: "/etc/nginx/sites-available/{{ config_name }}"
when: is_proxy | bool when: is_proxy | bool
notify: notify:


roles/nginx/templates/site_config.j2 → roles/nginx/templates/proxy_nginx.j2 View File


+ 4
- 0
roles/postgres/handlers/main.yaml View File

@ -0,0 +1,4 @@
---
- include: service.yaml
vars:
service_name: postgres

+ 15
- 0
roles/postgres/main.yaml View File

@ -0,0 +1,15 @@
---
- include: service.yaml
vars:
service_name: nginx
- name: validate nginx configuration
command: nginx -t -c /etc/nginx/nginx.conf
changed_when: False
- name: enable nginx configuration
file:
src: "/etc/nginx/sites-available/{{ config_name }}"
dest: "/etc/nginx/sites-enabled/{{ config_name }}"
state: link
notify: restart nginx

+ 17
- 8
roles/postgres/tasks/main.yaml View File

@ -1,8 +1,17 @@
- name: install postgresql
apt: name={{ item }} state=latest
with_items:
- postgresql
- postgresql-contrib
- python-psycopg2
- name: start postgresql at boot
service: name=postgresql state=started enabled=yes
---
- include: service.yaml
vars:
service_name: nginx
service_packages:
- nginx
- name: disable nginx default configuration
file: path=/etc/nginx/sites-enabled/default state=absent
notify: restart nginx
- name: upload nginx proxy configuration
template:
src: proxy_config.j2
dest: "/etc/nginx/sites-available/{{ config_name }}"
when: is_proxy | bool
notify:
- enable nginx configuration
- restart nginx

+ 8
- 0
roles/postgres/tasks0/main.yaml View File

@ -0,0 +1,8 @@
---
- include: service.yaml
vars:
service_name: postgres
service_packages:
- postgresql
- postgresql-contrib
- python-psycopg2

+ 0
- 13
roles/postgres/templates/mattermost.service.j2 View File

@ -1,13 +0,0 @@
[Unit]
Description=Mattermost
After=network.target
[Service]
User=mattermost
ExecStart=/opt/mattermost/bin/platform
WorkingDirectory=/opt/mattermost
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target

+ 4
- 0
roles/roundcube/meta/main.yaml View File

@ -0,0 +1,4 @@
---
dependencies:
- role: nginx
config_name: roundcube.conf

+ 23
- 0
roles/roundcube/tasks/main.yaml View File

@ -0,0 +1,23 @@
- name: add jessie-backports repository
- apt_repository: repo='deb http://ftp.debian.org/debian jessie-backports main' state=present
- name: install roundcube packages
apt:
name: '{{ item }}'
state: latest
update_cache: yes
with_items:
- roundcube-sqlite3
- roundcube
- roundcube-plugins
- name: add nginx config for roundcube
template:
dest=/etc/nginx/sites-available/roundcube.conf
src=roundcube_config.j2
owner=root
group=root
mode=0700
notify:
- enable nginx configuration
- restart nginx

+ 25
- 0
roles/roundcube/templates/roundcube-config.j2 View File

@ -0,0 +1,25 @@
server {
listen 80 default_server;
server_name localhost:80;
# support roundcubemail secure urls
rewrite "^/[a-zA-Z0-9]{16}/(.*)" /$1;
# roundcube
root /var/lib/roundcube;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
#deny access to .htaccess files, if Apache's document root
#concurs with nginx's one
location ~ /\.ht {
deny all;
}
}

+ 4
- 0
roles/sympa/meta/main.yaml View File

@ -0,0 +1,4 @@
---
dependencies:
- role: nginx
config_name: sympa.conf

+ 22
- 0
roles/sympa/tasks/main.yaml View File

@ -0,0 +1,22 @@
---
- include: service.yaml
vars:
service_name: nginx
service_packages:
- nginx
- name: install sympa and associated packages
apt: name={{ item }} state=latest
with_items:
- sympa
- wwsympa
- fcgiwrap
- name: add nginx config for sympa
template:
src: sympa_nginx.j2
dest: "/etc/nginx/sites-available/{{ config_name }}"
notify:
- enable nginx configuration
- restart nginx
notify:
- enable nginx configuration
- restart nginx

+ 65
- 0
roles/sympa/templates/sympa_nginx.j2 View File

@ -0,0 +1,65 @@
# based on https://gist.github.com/bjacint/7862912
server {
listen 80;
server_name *.*;
root /usr/lib/cgi-bin/sympa;
access_log /var/log/nginx/sympa.access.log;
error_log /var/log/nginx/sympa.error.log;
error_page 403 500 502 503 504 /50x.html;
rewrite ^/$ /wws permanent;
# While configuring sympa, you should specify wwsympa_url for each robot.
# if you do not do so, sympa will generate wwsympa_url as ${robot_name}/sympa.
# So to prevent non-active urls for robots without wwsympa_url, we do this redirect:
rewrite ^/sympa/(.*)$ /wws/$1 permanent;
location ^~ /static-sympa/ {
alias /var/lib/sympa/static_content/;
access_log off;
}
location /50x.html {
root /usr/share/nginx/html;
}
location ~* \.(php|pl|py|jsp|asp|sh|cgi|bin|csh|ksh|out|run|o)$ {
deny all;
}
location ~ /\.ht {
deny all;
}
location /wws {
gzip off;
fastcgi_pass unix:/run/fcgiwrap.socket;
fastcgi_split_path_info ^(/wws)(.+)$;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
# According to RFC3875 (https://tools.ietf.org/html/rfc3875#section-4.1.14) in SERVER_NAME
# we should put an actual hostname user came to. For nginx it is in $host
# This will allow to run sympa multihost instances
fastcgi_param SERVER_NAME $host;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SCRIPT_FILENAME $document_root/wwsympa-wrapper.fcgi;
fastcgi_param HTTP_HOST $http_host;
fastcgi_intercept_errors on;
}
}

+ 1
- 0
roles/wordpress/meta/main.yaml View File

@ -1,3 +1,4 @@
--- ---
dependencies: dependencies:
- role: apache - role: apache
php: true

+ 10
- 0
webmail.yaml View File

@ -0,0 +1,10 @@
---
- hosts: biff
roles:
- role: lxc_guest
vm_name: webmail
- hosts: webmail
roles:
- role: roundcube
imap_server: "{{ hostvars['mail'].ansible_host }}"
fqdn_domain: "lilik.it"

Loading…
Cancel
Save