2021-07-19 07:03:05 +02:00
|
|
|
---
|
2023-08-11 08:18:46 +02:00
|
|
|
|
|
|
|
# Main vars
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_python_version: '3.11'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
|
2024-02-23 16:55:27 +01:00
|
|
|
lacre_version: 'main'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_app_dir: '/opt/lacre'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_username: 'lacre'
|
|
|
|
lacre_group: 'lacre'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_homedir: '/var/lib/lacre'
|
2022-10-21 22:56:51 +02:00
|
|
|
lacre_backend_deploy: 'true'
|
|
|
|
lacre_webgate_deploy: 'true'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_apt:
|
|
|
|
- 'git'
|
|
|
|
- 'gnupg'
|
2023-08-11 08:18:46 +02:00
|
|
|
- 'sudo'
|
2023-09-25 21:53:33 +02:00
|
|
|
- 'python3-pip'
|
|
|
|
- 'python3-dev'
|
2024-02-19 00:02:00 +01:00
|
|
|
- 'python3-full'
|
2023-09-25 21:53:33 +02:00
|
|
|
- 'libssl-dev'
|
|
|
|
- 'swig'
|
2024-02-19 00:02:00 +01:00
|
|
|
- 'virtualenv'
|
2023-09-25 21:53:33 +02:00
|
|
|
lacre_pip_pkgs:
|
|
|
|
- 'setuptools'
|
|
|
|
- 'wheel'
|
|
|
|
- 'pip'
|
|
|
|
- 'pyyaml'
|
2022-10-28 21:53:53 +02:00
|
|
|
lacre_daemon: 'false'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_set_content_filter: 'true'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_content_filter: 'lacre'
|
2022-10-28 21:53:53 +02:00
|
|
|
lacre_postfix_simplefilter: 'true'
|
|
|
|
lacre_postfix_daemon: 'false'
|
2023-08-11 08:18:46 +02:00
|
|
|
|
|
|
|
# Lacre config file
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_config_file: '/etc/lacre.conf'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_add_header: 'yes'
|
|
|
|
lacre_enc_keymap_only: 'no'
|
|
|
|
lacre_dec_keymap_only: 'no'
|
|
|
|
lacre_failsave_dec: 'yes'
|
|
|
|
lacre_mime_conversion: 'yes'
|
|
|
|
lacre_mail_case_insensitive: 'no'
|
|
|
|
lacre_no_inline_dec: 'yes'
|
|
|
|
lacre_dec_regex: 'None'
|
2022-05-09 23:43:14 +02:00
|
|
|
lacre_keyhome: '{{ lacre_homedir }}/.gnupg'
|
|
|
|
lacre_cert_path: '{{ lacre_homedir }}/smime'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_register_email: 'register@example.org'
|
2022-10-18 13:30:40 +02:00
|
|
|
lacre_mail_templates: '{{ lacre_app_dir }}/register_templates'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_webpanel_url: 'http://example.org'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_notification_email: 'lacre@example.org'
|
2022-10-18 13:30:40 +02:00
|
|
|
lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_logfile: '/etc/lacre-logging.conf'
|
2023-08-11 08:18:46 +02:00
|
|
|
lacre_max_data_bytes: '33554432'
|
|
|
|
lacre_log_headers: 'no'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_relay: '127.0.0.1'
|
2023-09-25 21:53:33 +02:00
|
|
|
lacre_relay_port: '10028'
|
2021-07-19 07:03:05 +02:00
|
|
|
lacre_enc_port: '25'
|
|
|
|
lacre_starttls: 'no'
|
2023-08-11 08:18:46 +02:00
|
|
|
|
|
|
|
## Lacre database
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_db_enabled: 'yes'
|
|
|
|
lacre_db_backend: 'mysql'
|
|
|
|
lacre_db_name: 'lacre'
|
|
|
|
lacre_db_host: 'localhost'
|
|
|
|
lacre_db_username: 'user'
|
|
|
|
lacre_db_password: 'password'
|
|
|
|
|
|
|
|
## Lacre pooling
|
|
|
|
lacre_pooling_mode: 'optimistic'
|
|
|
|
lacre_pooling_maxcon_age: '3600'
|
|
|
|
lacre_pooling_poolsize: '5'
|
|
|
|
lacre_pooling_max_overflow: '10'
|
2023-08-11 08:18:46 +02:00
|
|
|
|
|
|
|
## Lacre daemon
|
|
|
|
lacre_daemon_host: '127.0.0.1'
|
|
|
|
lacre_daemon_port: '10025'
|
2024-02-21 21:38:07 +01:00
|
|
|
lacre_systemd_execstart: '{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} -m lacre.daemon'
|
2022-10-28 21:53:53 +02:00
|
|
|
lacre_systemd_restartsec: '3'
|
2021-07-19 07:03:05 +02:00
|
|
|
|
2023-08-11 08:18:46 +02:00
|
|
|
# Lacre logger
|
2022-05-14 00:01:09 +02:00
|
|
|
lacre_log_loggers_keys: 'root'
|
|
|
|
lacre_log_logger_level: 'NOTSET'
|
|
|
|
lacre_logger_handlers: 'syslog'
|
|
|
|
lacre_log_handlers_keys: 'syslog'
|
|
|
|
lacre_log_formatters: 'postfixfmt'
|
|
|
|
lacre_log_handler: 'FileHandler'
|
|
|
|
lacre_log_level: 'DEBUG'
|
|
|
|
lacre_log_formatter: 'postfixfmt'
|
|
|
|
lacre_log_syslog_class: 'handlers.SysLogHandler'
|
|
|
|
lacre_log_syslog_level: 'INFO'
|
|
|
|
lacre_log_syslog_formatter: 'postfixfmt'
|
|
|
|
lacre_log_postfix_format: '%(asctime)s %(module)s[%(process)d]: %(message)s'
|
|
|
|
lacre_log_postfix_datefmt: '%b %e %H:%M:%S'
|
|
|
|
lacre_log_postfix_style: '%'
|
|
|
|
lacre_log_postfix_validate: 'True'
|
2023-08-11 08:18:46 +02:00
|
|
|
|
|
|
|
# Lacre webgate
|
|
|
|
lacre_smtp_enabled: 'false'
|
2022-05-09 23:43:14 +02:00
|
|
|
lacre_smtp_username: 'no-reply'
|
2023-08-11 08:18:46 +02:00
|
|
|
lacre_smtp_password: 'changeme'
|
2022-05-09 23:43:14 +02:00
|
|
|
lacre_smtp_host: 'example.lan'
|
|
|
|
lacre_smtp_port: '587'
|
|
|
|
lacre_smtp_starttls: 'true'
|
2022-10-18 13:30:40 +02:00
|
|
|
lacre_webgate_cron: 'true'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_deploy: 'true'
|
|
|
|
lacre_webgate_apt:
|
|
|
|
- 'python3-markdown'
|
|
|
|
- 'python3-mysqldb'
|
2022-10-18 13:30:40 +02:00
|
|
|
lacre_webgate_repo: 'https://git.disroot.org/Lacre/lacre-webgate.git'
|
|
|
|
lacre_webgate_version: 'main'
|
2023-08-11 08:18:46 +02:00
|
|
|
lacre_webgate_dir: '/var/www/lacre-webgate'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_user: 'www-data'
|
|
|
|
lacre_webgate_group: 'www-data'
|
|
|
|
lacre_webgate_email_web: 'admin@example.com'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_webgate_email_from: 'lacre@example.com'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_webgate_site_url: 'http://example.com/lacre'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_site_title: 'PGP key management'
|
2023-08-14 18:12:36 +02:00
|
|
|
lacre_webgate_site_logo: 'img/logo.png'
|
|
|
|
lacre_webgate_site_faqurl: 'https://lacre.io/faq'
|
|
|
|
lacre_webgate_site_howurl: 'https://learn.lacre.io'
|
|
|
|
lacre_webgate_site_contacturl: 'https://lacre.io/contact'
|
|
|
|
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_language: 'english'
|
|
|
|
lacre_webgate_debug: 'enable'
|
2023-08-11 08:18:46 +02:00
|
|
|
lacre_webgate_mail_smtp: 'false'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_smtp_host: 'localhost'
|
|
|
|
lacre_webgate_smtp_port: '25'
|
2024-02-19 00:02:00 +01:00
|
|
|
lacre_webgate_smtp_username: 'lacre'
|
2022-03-21 21:21:02 +01:00
|
|
|
lacre_webgate_smtp_password: ''
|
|
|
|
lacre_webgate_pgpverify: 'false'
|
|
|
|
lacre_webgate_pgpverify_tmpdir: '/tmp'
|
|
|
|
lacre_webgate_pgpverify_allowblank: 'true'
|
|
|
|
lacre_webgate_lock_time: '10'
|
|
|
|
lacre_webgate_lock_retrycount: '3'
|
|
|
|
lacre_webgate_lock_cooldown: '900'
|
|
|
|
lacre_webgate_lock_reset: '300'
|
|
|
|
lacre_webgate_locktime_max: '3600'
|
|
|
|
|
2023-08-11 08:18:46 +02:00
|
|
|
# Lacre dependency variables. Not covered by the role itself and when used with dependent disroot roles (nginx, php-fpm, mariadb, mailserver)
|
|
|
|
|
|
|
|
# Mailserver vars (when used with disroot mailserver role)
|
2021-07-19 07:03:05 +02:00
|
|
|
postfix_header_checks: 'false'
|
|
|
|
postfix_body_checks: 'false'
|
|
|
|
postfix_rbl_whitelist: 'false'
|
|
|
|
postfix_postgrey_deploy: 'false'
|
2022-03-21 21:21:02 +01:00
|
|
|
|
2023-08-11 08:18:46 +02:00
|
|
|
# php & nginx (when used with disroot php-fpm and nginx role)
|
|
|
|
install_php: 'true'
|
|
|
|
php_version: '8.0'
|
|
|
|
php_etc_path: '/etc/php'
|
2022-03-21 21:21:02 +01:00
|
|
|
install_php: 'true'
|
2023-08-11 08:18:46 +02:00
|
|
|
pool_listen: '/var/run/php/php{{ php_version }}-fpm.sock'
|
2022-03-21 21:21:02 +01:00
|
|
|
php_pkgs:
|
|
|
|
- 'php{{ php_version }}-fpm'
|
|
|
|
- 'php{{ php_version }}-mysql'
|
|
|
|
nginx_vhosts:
|
|
|
|
- name: 'example.org'
|
|
|
|
template: 'basephp'
|
|
|
|
proto: 'http'
|
|
|
|
listen: '80'
|
2023-08-11 08:18:46 +02:00
|
|
|
root: 'lacre-webgate/public_html'
|
2022-03-21 21:21:02 +01:00
|
|
|
index: 'index.php'
|
|
|
|
use_access_log: 'true'
|
|
|
|
use_error_log: 'true'
|
|
|
|
nginx_error_log_level: 'warn'
|
|
|
|
upstream_params:
|
|
|
|
- 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
|
|
|
|
- 'fastcgi_index index.php;'
|
|
|
|
- 'include /etc/nginx/fastcgi_params;'
|
|
|
|
- 'fastcgi_pass unix:{{ pool_listen }};'
|
2023-08-11 08:18:46 +02:00
|
|
|
custom_locations:
|
|
|
|
- name: '/config\.*'
|
|
|
|
options:
|
|
|
|
- 'deny all;'
|
2022-03-21 21:21:02 +01:00
|
|
|
state: 'enable'
|
|
|
|
letsencrypt: 'false'
|
|
|
|
|
|
|
|
nginx_default_vhost_ssl: 'example.org'
|
|
|
|
nginx_default_vhost: 'example.org'
|
|
|
|
|
2023-08-11 08:18:46 +02:00
|
|
|
# Mariadb (when using disroot mariadb role)
|
2022-03-21 21:21:02 +01:00
|
|
|
mariadb_root_password: 'changeme'
|
|
|
|
mariadb_default_config:
|
|
|
|
- name: 'client'
|
|
|
|
config:
|
|
|
|
- port = {{mariadb_client_port}}
|
|
|
|
- socket = /var/run/mysqld/mysqld.sock
|
|
|
|
- default-character-set = utf8mb4
|
|
|
|
- name: 'mysqld_safe'
|
|
|
|
config:
|
|
|
|
- safe_socket = /var/run/mysqld/mysqld.sock
|
|
|
|
- safe_nice = 0
|
|
|
|
- name: 'mysqld'
|
|
|
|
config:
|
|
|
|
- user = mysql
|
|
|
|
- pid_file = /var/run/mysqld/mysqld.pid
|
|
|
|
- socket = /var/run/mysqld/mysqld.sock
|
|
|
|
- port = 3306
|
|
|
|
- basedir = /usr
|
|
|
|
- datadir = "{{mariadb_datadir}}"
|
|
|
|
- tmpdir = /tmp
|
|
|
|
- init_connect ='SET collation_connection = utf8mb4_unicode_ci'
|
|
|
|
- init_connect ='SET NAMES utf8mb4'
|
|
|
|
- character-set-server = utf8mb4
|
|
|
|
- collation-server = utf8mb4_unicode_ci
|
|
|
|
- skip_external_locking = True
|
2024-02-19 00:02:00 +01:00
|
|
|
- bind_address = {{ lacre_db_host }}
|
2022-03-21 21:21:02 +01:00
|
|
|
- key_buffer = 16M
|
|
|
|
- max_allowed_packet = 16M
|
|
|
|
- thread_stack = 192K
|
|
|
|
- thread_cache_size = 16
|
|
|
|
- myisam_recover = BACKUP
|
|
|
|
- max_connections = 1000
|
|
|
|
- query_cache_limit = 1M
|
|
|
|
- query_cache_size = 16M
|
|
|
|
- general_log_file = /var/log/mysql/mysql.log
|
|
|
|
- general_log = 0
|
|
|
|
- slow_query_log = 1
|
|
|
|
- slow_query_log_file = /var/log/mysql/mysql-slow.log
|
|
|
|
- long_query_time = 1
|
|
|
|
- log_queries_not_using_indexes = False
|
|
|
|
- default_storage_engine = InnoDB
|
|
|
|
- innodb_buffer_pool_size = 1024M
|
|
|
|
- innodb_log_file_size = 128M
|
|
|
|
- innodb_log_buffer_size = 8M
|
|
|
|
- innodb_thread_concurrency = 64
|
|
|
|
- innodb_read_io_threads = 16
|
|
|
|
- innodb_write_io_threads = 16
|
|
|
|
- innodb_file_per_table = 1
|
|
|
|
- innodb_open_files = 400
|
|
|
|
- innodb_io_capacity = 600
|
|
|
|
- innodb_lock_wait_timeout = 60
|
|
|
|
- innodb_flush_method = O_DIRECT
|
|
|
|
- innodb_doublewrite = 0
|
|
|
|
- innodb_use_native_aio = 0
|
|
|
|
- innodb_large_prefix = on
|
|
|
|
- server_id = 1
|
|
|
|
- log_bin = /var/log/mysql/mysql-bin.log
|
|
|
|
- expire_logs_days = 2
|
|
|
|
- max_binlog_size = 10M
|
|
|
|
- binlog_format = row
|
|
|
|
- query_cache_type = 1
|
|
|
|
- query_cache_limit = 256K
|
|
|
|
- query_cache_min_res_unit = 2k
|
|
|
|
- query_cache_size = 300M
|
|
|
|
- tmp_table_size= 64M
|
|
|
|
- max_heap_table_size= 64M
|
|
|
|
|
|
|
|
|
|
|
|
- name: 'mysqldump'
|
|
|
|
config:
|
|
|
|
- quick
|
|
|
|
#- quotes-names
|
|
|
|
- max_allowed_packet = 16M
|
|
|
|
- name: 'isamchk'
|
|
|
|
config:
|
|
|
|
- key_buffer = 16M
|
|
|
|
|
|
|
|
mariadb_databases:
|
2024-02-19 00:02:00 +01:00
|
|
|
- name: '{{ lacre_db_name }}'
|
2022-03-21 21:21:02 +01:00
|
|
|
collation: 'utf8mb4_unicode_ci'
|
|
|
|
encoding: 'utf8mb4'
|
|
|
|
|
|
|
|
mariadb_users:
|
2024-02-19 00:02:00 +01:00
|
|
|
- name: '{{ lacre_db_username }}'
|
|
|
|
host: '{{ lacre_db_host }}'
|
|
|
|
password: '{{ lacre_db_password }}'
|
|
|
|
priv: '{{ lacre_db_name }}.*:ALL'
|
2022-03-21 21:21:02 +01:00
|
|
|
|