Merge pull request '1.0.1' (#2) from 1.0.1 into main

Reviewed-on: #2
2022-07-25 04:20:16 +00:00 · 2022-07-25 04:20:16 +00:00 · 23e3c22241
commit 23e3c22241
parent f0016fbf4f d795b3fd27
8 changed files with 148 additions and 28 deletions
--- a/README.MD
+++ b/README.MD
@ -1,2 +1,8 @@
-**WIP**
-Role that deploys, configures and upgrades GPG Lacre.
+# GPG - Lacre
+This is a role that deploys GPG-Lacre with all needed dependencies and web frontends. 
+For set of defaults variables check `defaults/main.yml` file. This role assumes that:
+ - You are running Debian based OS
+ - You run postfix
+
+**Warning**
+Due to heavy development of lacre this role may be broken at times. Lacre is currently not recommended for production use. Please use for testing only.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,25 +21,48 @@ lacre_mime_conversion: 'yes'
 lacre_mail_case_insensitive: 'no'
 lacre_no_inline_dec: 'yes'
 lacre_dec_regex: 'None'
-lacre_keyhome: '/var/gpgmailgate/.gnupg'
-lacre_cert_path: '/var/gpgmailgate/smime'
+lacre_keyhome: '{{ lacre_homedir }}/.gnupg'
+lacre_cert_path: '{{ lacre_homedir }}/smime'
 lacre_register_email: 'register@example.org'
-lacre_mail_templates: '/var/gpgmailgate/register_templates'
+lacre_mail_templates: '{{ lacre_homedir }}/register_templates'
 lacre_webpanel_url: 'http://example.org'
 lacre_notification_email: 'gpg-mailgate@example.org'
-lacre_mail_templates: '/var/gpgmailgate/cron_templates'
-lacre_verbose: 'yes'
+lacre_mail_templates: '{{ lacre_homedir }}/cron_templates'
+lacre_logfile: '/etc/gpg-lacre-logging.conf'
 lacre_relay: '127.0.0.1'
 lacre_port: '10028'
 lacre_enc_port: '25'
 lacre_starttls: 'no'
-lacre_db_enabled: 'no'
+lacre_db_enabled: 'yes'
+lacre_db_backend: 'mysql'
 lacre_db_name: 'gpgmw'
 lacre_db_host: 'localhost'
 lacre_db_username: 'user'
 lacre_db_password: 'password'   

+#lacre logger
+lacre_log_loggers_keys: 'root'
+lacre_log_logger_level: 'NOTSET'
+lacre_logger_handlers: 'syslog'
+lacre_log_handlers_keys: 'syslog'
+lacre_log_formatters: 'postfixfmt'
+lacre_log_handler: 'FileHandler'
+lacre_log_level: 'DEBUG'
+lacre_log_formatter: 'postfixfmt'
+lacre_log_syslog_class: 'handlers.SysLogHandler'
+lacre_log_syslog_level: 'INFO'
+lacre_log_syslog_formatter: 'postfixfmt'
+lacre_log_postfix_format: '%(asctime)s %(module)s[%(process)d]: %(message)s'
+lacre_log_postfix_datefmt: '%b %e %H:%M:%S'
+lacre_log_postfix_style: '%'
+lacre_log_postfix_validate: 'True'
 #lacre webgate
+lacre_smtp_enabled: 'false'                                                                                  
+lacre_smtp_username: 'no-reply'          
+lacre_smtp_password: 'chanfeme'
+lacre_smtp_host: 'example.lan'                       
+lacre_smtp_port: '587'                            
+lacre_smtp_starttls: 'true' 
 lacre_cron: 'true'
 lacre_webgate_deploy: 'true'
 lacre_webgate_apt:
@ -69,11 +92,6 @@ lacre_webgate_lock_cooldown: '900'
 lacre_webgate_lock_reset: '300'
 lacre_webgate_locktime_max: '3600'

-
-
-
-
-
 #mailserver vars
 postfix_header_checks: 'false'
 postfix_body_checks: 'false'
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -4,10 +4,18 @@
  template:
    src: 'etc/gpg-mailgate.conf.j2'
    dest: '/etc/gpg-mailgate.conf'
-    owner: root
-    group: root
+    owner: '{{ lacre_username }}'
+    group: '{{ lacre_group }}'
    mode: 0644
    
+- name: '[LACRE] - Configure lacre logger'
+  template:
+    src: 'etc/gpg-lacre-logging.conf.j2'
+    dest: '/etc/gpg-lacre-logging.conf'
+    owner: '{{ lacre_username }}'
+    group: '{{ lacre_group }}'
+    mode: 0644
+
 - name: '[LACRE] - Add lacre config to postfix'
  blockinfile:
    dest: '/etc/postfix/master.cf'
--- a/tasks/frontend.yml
+++ b/tasks/frontend.yml
@ -12,6 +12,12 @@
    owner: "{{ lacre_webgate_user }}"
    group: "{{ lacre_webgate_group }}"

+- name: '[Webgate] - Check if db schema is loaded'
+  shell:
+    cmd: mysql -h {{ lacre_db_host }} -u {{ lacre_db_username }} -p{{ lacre_db_password }} {{ lacre_db_name }} -se "SELECT EXISTS (SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA LIKE '{{ lacre_db_name }}' AND TABLE_TYPE LIKE 'BASE TABLE' AND TABLE_NAME = 'gpgmw_keys' );"
+  register: webgate_installed
+  ignore_errors: true
+
 - name: '[Webgate] - Import sql schema'
  mysql_db:
    state: import 
@ -20,6 +26,7 @@
    login_user: "{{ lacre_db_username }}"
    login_password: "{{ lacre_db_password }}"
    target: "{{ lacre_app_dir }}/gpg-mailgate-web/schema.sql"
+  when: webgate_installed.stdout != '1'

 - name: 'Webgate] - Deploy config'
  template:
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -5,30 +5,38 @@
    name: "{{ lacre_apt }}"
    update_cache: yes
   
- name: '[Install] - Make sure gpgmailgate home exists'
+- name: '[Install] - Make sure Lacre home exists'
  file:
    path: '{{ lacre_homedir }}'
    state: directory
    owner: '{{ lacre_username }}'
    group: '{{ lacre_group }}'
 
- name: '[Install] - Make sure gpgmailgate .gnupg dir exists'
+- name: '[Install] - Make sure Lacre .gnupg dir exists'
  file:
    path: '{{ lacre_homedir }}/.gnupg'
    state: directory
    owner: '{{ lacre_username }}'
    group: '{{ lacre_group }}'
+    mode: '700'

- name: '[Install] - Make sure gpgmailgate smime dir exists'
+- name: '[Install] - Make sure Lacre smime dir exists'
  file:
    path: '{{ lacre_homedir }}/smime'
    state: directory
    owner: '{{ lacre_username }}'
    group: '{{ lacre_group }}'
+    mode: '700'

- name: '[Install] - Link GnuPG direcotry to global python modules'
+- name: '[Install] - Link GnuPG Lacre to global python modules'
  file:
    src: '{{ lacre_app_dir }}/GnuPG'
    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG'
    state: link

+
+- name: '[Install] - Link Lacre module to global python modules'
+  file:
+    src: '{{ lacre_app_dir }}/lacre'
+    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/lacre'
+    state: link
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -11,7 +11,12 @@

 - name: 'Configure Lacre'
  include: configure.yml
+  tags:
+    - 'config'
+    - 'configure'

 - name: 'Deploy frontend'
  include: frontend.yml
+  tags:
+    - 'frontend'

--- a/templates/etc/gpg-lacre-logging.conf.j2
+++ b/templates/etc/gpg-lacre-logging.conf.j2
@ -0,0 +1,58 @@
+# Example configuration for Lacre logging.  If you don't intend to change the
+# log format, you can just keep this file unchanged.
+
+# HANDLERS:
+#
+# Two main targets for log entries are defined here: syslog and a plain text
+# log file.  They are available as "handlers" named "syslog" and "lacrelog"
+# respectively.
+
+[loggers]
+keys={{ lacre_log_loggers_keys }}
+
+[logger_root]
+level={{ lacre_log_logger_level }}
+# Comma-separated handler names, see HANDLERS note at the top.
+handlers={{ lacre_logger_handlers }}
+
+[handlers]
+# Comma-separated handler names, see HANDLERS note at the top.
+keys={{ lacre_log_handlers_keys }}
+
+[formatters]
+keys={{ lacre_log_formatters }}
+
+#
+# By default, include messages from all log levels up to DEBUG.
+# However, productive systems may use something less verbose, like
+# WARN or even ERROR.
+#
+[handler_lacrelog]
+class={{ lacre_log_handler }}
+level={{ lacre_log_level }}
+formatter={{ lacre_log_formatter }}
+args=('test/logs/lacre.log', 'a+')
+
+# You may want to change the second argument (handlers.SysLogHandler.LOG_MAIL)
+# to change the syslog facility used to record messages from Lacre.
+#
+# Options you can consider are "localX" facilities, available under names from
+# handlers.SysLogHandler.LOG_LOCAL0 to handlers.SysLogHandler.LOG_LOCAL7.
+#
+# Please refer to your syslog configuration for details on how to separate
+# records from different facilities.
+[handler_syslog]
+class={{ lacre_log_syslog_class }}
+level={{ lacre_log_syslog_level }}
+formatter={{ lacre_log_syslog_formatter }}
+args=('/dev/log', handlers.SysLogHandler.LOG_MAIL)
+
+#
+# Default Postfix log format.
+#
+[formatter_postfixfmt]
+format={{ lacre_log_postfix_format }}
+datefmt={{ lacre_log_postfix_datefmt }}
+style={{ lacre_log_postfix_style }}
+validate={{ lacre_log_postfix_validate }}
+
--- a/templates/etc/gpg-mailgate.conf.j2
+++ b/templates/etc/gpg-mailgate.conf.j2
@ -66,9 +66,9 @@ notification_email = {{ lacre_notification_email }}
 mail_templates = {{ lacre_mail_templates }}

 [logging]
-# For logging to syslog. 'file = syslog', otherwise use path to the file.
-file = syslog
-verbose = {{ lacre_verbose }}
+# path to the logging configuration; see documentation for details:
+# https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
+config = {{ lacre_logfile }}

 [relay]
 # the relay settings to use for Postfix
@ -83,14 +83,24 @@ enc_port = {{ lacre_enc_port }}
 # Set this option to yes to use TLS for SMTP Servers which require TLS.
 starttls = {{ lacre_starttls }}

+
+[smtp]
+# Options when smtp auth is required to send out emails 
+enabled = {{ lacre_smtp_enabled }}
+username = {{ lacre_smtp_username }}
+password = {{ lacre_smtp_password }}
+host = {{ lacre_smtp_host }}
+port = {{ lacre_smtp_port }}
+starttls = {{ lacre_smtp_starttls }}
+
 [database]
-# uncomment the settings below if you want
-#  to read keys from a gpg-mailgate-web database
 enabled = {{ lacre_db_enabled }}
-name = {{ lacre_db_name }}
-host = {{ lacre_db_host }}
-username = {{ lacre_db_username }}
-password = {{ lacre_db_password }}
+{% if lacre_db_backend == 'sqlite' %}
+url = sqlite://{{ lacre_db_name }}
+{% endif %}
+{% if lacre_db_backend == 'mysql' %}
+url = mysql://{{ lacre_db_username }}:{{ lacre_db_password }}@{{ lacre_db_host }}/{{ lacre_db_name }}
+{% endif %}

 [enc_keymap]
 # You can find these by running the following command: