Role that deploys lacre.io e2e mailbox encryption
Go to file
muppeth 9efc808bba Merge pull request '0.2-fix' (#7) from 0.2-fix into main
Reviewed-on: #7
2024-02-29 00:17:37 +00:00
Playbooks added web frontend; py3 update 2022-03-21 21:21:02 +01:00
defaults small fix to the role after final testing 2024-02-29 01:16:14 +01:00
handlers moved db deploy to backend(temporary implementation);rename project to lacre; 2024-02-19 00:02:00 +01:00
tasks small fix to the role after final testing 2024-02-29 01:16:14 +01:00
templates added permanent solution to dbschema install 2024-02-21 21:38:07 +01:00
.gitignore initial commit 2021-07-19 07:03:05 +02:00
LICENSE initial commit 2021-07-19 07:03:05 +02:00
README.MD moved db deploy to backend(temporary implementation);rename project to lacre; 2024-02-19 00:02:00 +01:00
Vagrantfile moved db deploy to backend(temporary implementation);rename project to lacre; 2024-02-19 00:02:00 +01:00

README.MD

GPG - Lacre

This is a role that deploys GPG-Lacre with all needed dependencies. Additionally takes care of installing a simply key upload web frontend. For set of defaults variables check defaults/main.yml file. This role assumes that:

  • You are running Debian based OS
  • You run postfix

Lacre daemon or simple filter

Postfix offers two types of filters. Simple and advanced content filters. Depending on your use case you can choose between two. Set lacre_daemon to false for simple filter and true for advanced filter (aka daemon). Additionally refer to variable defaults for extra settings needed for either option. Also check postfix documentation for more details on both filter features.

Lacre Webgate

Lacre-webgate is a simple interface for uploading keys. You can decide whether to install it by setting variable lacre_webgate_deploy. Default is set to true. This frontend depends on php and an sql database. The role defaults to mariadb. For Mariadb following variables need to be set. Check following example:

lacre_db_enabled: 'yes'
lacre_db_backend: 'mysql'
lacre_db_name: 'lacre'
lacre_db_host: 'localhost'
lacre_db_username: 'user'
lacre_db_password: 'password'

The Lacre-webgate can be installed on remote host. You must make sure that mariadb is reachable from host running postfix+lacre as lacre needs to be able to pull uploaded keys. You can use this role to install Lacre-webgate on remote host by specifying tag=webgate. Make sure to set lacre_webgate_deploy to false on the lacre/postfix host.

Dependency variables

Lacre depends on additional software such as postfix, php-fpm, mariadb, nginx. This software isn't covered by the role and you need to make sure to install and configure them according to your needs. You can use disroot roles or any other roles or just set them up manually. Included defaults work with disroot ansible roles.