Merge pull request '0.2' (#6) from 0.3 into main

Reviewed-on: #6

README.MD

@@ -10,14 +10,14 @@ Postfix offers two types of filters. Simple and advanced content filters. Depend
 Lacre-webgate is a simple interface for uploading keys. You can decide whether to install it by setting variable `lacre_webgate_deploy`. Default is set to `true`. This frontend depends on php and an sql database. The role defaults to `mariadb`. For Mariadb following variables need to be set. Check following example:
 
 ```
-lacre_webgate_db_enabled: 'yes'
-lacre_webgate_db_backend: 'mysql'
-lacre_webgate_db_name: 'gpgmw'
-lacre_webgate_db_host: 'localhost'
-lacre_webgate_db_username: 'user'
-lacre_webgate_db_password: 'password'
+lacre_db_enabled: 'yes'
+lacre_db_backend: 'mysql'
+lacre_db_name: 'lacre'
+lacre_db_host: 'localhost'
+lacre_db_username: 'user'
+lacre_db_password: 'password'
 ```
-The Lacre-webgate can be installed on remote host. You must make sure that mariadb is reachable from host running postfix+gpg-lacre as gpg-lacre needs to be able to pull uploaded keys. You can use this role to install Lacre-webgate on remote host by specifying `tag=webgate`. Make sure to set `lacre_webgate_deploy` to `false` on the `gpg-lacre/postfix` host.
+The Lacre-webgate can be installed on remote host. You must make sure that mariadb is reachable from host running postfix+lacre as lacre needs to be able to pull uploaded keys. You can use this role to install Lacre-webgate on remote host by specifying `tag=webgate`. Make sure to set `lacre_webgate_deploy` to `false` on the `lacre/postfix` host.
 
 ### Dependency variables
 Lacre depends on additional software such as postfix, php-fpm, mariadb, nginx. This software isn't covered by the role and you need to make sure to install and configure them according to your needs. You can use [disroot roles](https://git.disroot.org/org/Disroot-Ansible/dashboard) or any other roles or just set them up manually. Included defaults work with disroot ansible roles. 

Vagrantfile

@@ -8,7 +8,7 @@
 Vagrant.configure("2") do |config|
   #config.ssh.insert_key = false
   config.vm.define "lacre" do |lacre|
-    lacre.vm.box = "generic/debian11"
+    lacre.vm.box = "generic/debian12"
     lacre.vm.provider :libvirt do |libvirt|
       libvirt.memory = 256
     end

defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 
 # Main vars
-lacre_pything_version: '3.9'
+lacre_python_version: '3.11'
 lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
 lacre_version: 'main'
-lacre_app_dir: '/opt/gpg-lacre'
+lacre_app_dir: '/opt/lacre'
 lacre_username: 'lacre'
 lacre_group: 'lacre'
-lacre_homedir: '/var/lib/gpg-lacre'
+lacre_homedir: '/var/lib/lacre'
 lacre_backend_deploy: 'true'
 lacre_webgate_deploy: 'true'
 lacre_apt:
@@ -16,8 +16,10 @@ lacre_apt:
   - 'sudo'
   - 'python3-pip'
   - 'python3-dev'
+  - 'python3-full'
   - 'libssl-dev'
   - 'swig'
+  - 'virtualenv'
 lacre_pip_pkgs:
   - 'setuptools'
   - 'wheel'
@@ -25,12 +27,12 @@ lacre_pip_pkgs:
   - 'pyyaml'
 lacre_daemon: 'false'
 lacre_set_content_filter: 'true'
-lacre_content_filter: 'gpg-mailgate'
+lacre_content_filter: 'lacre'
 lacre_postfix_simplefilter: 'true'
 lacre_postfix_daemon: 'false'
 
 # Lacre config file
-lacre_config_file: '/etc/gpg-mailgate.conf'
+lacre_config_file: '/etc/lacre.conf'
 lacre_add_header: 'yes'
 lacre_enc_keymap_only: 'no'
 lacre_dec_keymap_only: 'no'
@@ -44,9 +46,9 @@ lacre_cert_path: '{{ lacre_homedir }}/smime'
 lacre_register_email: 'register@example.org'
 lacre_mail_templates: '{{ lacre_app_dir }}/register_templates'
 lacre_webpanel_url: 'http://example.org'
-lacre_notification_email: 'gpg-mailgate@example.org'
+lacre_notification_email: 'lacre@example.org'
 lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
-lacre_logfile: '/etc/gpg-lacre-logging.conf'
+lacre_logfile: '/etc/lacre-logging.conf'
 lacre_max_data_bytes: '33554432'
 lacre_log_headers: 'no'
 lacre_relay: '127.0.0.1'
@@ -55,17 +57,23 @@ lacre_enc_port: '25'
 lacre_starttls: 'no'
 
 ## Lacre database
-lacre_webgate_db_enabled: 'yes'
-lacre_webgate_db_backend: 'mysql'
-lacre_webgate_db_name: 'gpgmw'
-lacre_webgate_db_host: 'localhost'
-lacre_webgate_db_username: 'user'
-lacre_webgate_db_password: 'password'   
+lacre_db_enabled: 'yes'
+lacre_db_backend: 'mysql'
+lacre_db_name: 'lacre'
+lacre_db_host: 'localhost'
+lacre_db_username: 'user'
+lacre_db_password: 'password'   
+
+## Lacre pooling
+lacre_pooling_mode: 'optimistic'
+lacre_pooling_maxcon_age: '3600'
+lacre_pooling_poolsize: '5'
+lacre_pooling_max_overflow: '10'
 
 ## Lacre daemon
 lacre_daemon_host: '127.0.0.1'
 lacre_daemon_port: '10025'
-lacre_systemd_execstart: 'python -m lacre.daemon'
+lacre_systemd_execstart: '{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} -m lacre.daemon'
 lacre_systemd_restartsec: '3'
 
 # Lacre logger
@@ -103,9 +111,9 @@ lacre_webgate_dir: '/var/www/lacre-webgate'
 lacre_webgate_user: 'www-data'
 lacre_webgate_group: 'www-data'
 lacre_webgate_email_web: 'admin@example.com'
-lacre_webgate_email_from: 'gpg-mailgate-web@example.com' 
+lacre_webgate_email_from: 'lacre@example.com' 
 lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
-lacre_webgate_site_url: 'http://example.com/gpgmw' 
+lacre_webgate_site_url: 'http://example.com/lacre' 
 lacre_webgate_site_title: 'PGP key management'
 lacre_webgate_site_logo: 'img/logo.png'
 lacre_webgate_site_faqurl: 'https://lacre.io/faq' 
@@ -117,7 +125,7 @@ lacre_webgate_debug: 'enable'
 lacre_webgate_mail_smtp: 'false'
 lacre_webgate_smtp_host: 'localhost'
 lacre_webgate_smtp_port: '25'
-lacre_webgate_smtp_username: 'gpgmw'
+lacre_webgate_smtp_username: 'lacre'
 lacre_webgate_smtp_password: ''
 lacre_webgate_pgpverify: 'false'
 lacre_webgate_pgpverify_tmpdir: '/tmp'
@@ -196,7 +204,7 @@ mariadb_default_config:
       - character-set-server = utf8mb4
       - collation-server = utf8mb4_unicode_ci
       - skip_external_locking = True
-      - bind_address = {{ lacre_webgate_db_host }}
+      - bind_address = {{ lacre_db_host }}
       - key_buffer = 16M
       - max_allowed_packet = 16M
       - thread_stack = 192K
@@ -249,13 +257,13 @@ mariadb_default_config:
       - key_buffer = 16M
 
 mariadb_databases:
-  - name: '{{ lacre_webgate_db_name }}'
+  - name: '{{ lacre_db_name }}'
     collation: 'utf8mb4_unicode_ci'
     encoding: 'utf8mb4'
 
 mariadb_users:
-  - name: '{{ lacre_webgate_db_username }}'
-    host: '{{ lacre_webgate_db_host }}'
-    password: '{{ lacre_webgate_db_password }}'
-    priv: '{{ lacre_webgate_db_name }}.*:ALL'
+  - name: '{{ lacre_db_username }}'
+    host: '{{ lacre_db_host }}'
+    password: '{{ lacre_db_password }}'
+    priv: '{{ lacre_db_name }}.*:ALL'
 

handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: restart gpg-lacre
+- name: restart lacre
   systemd:
-    name: gpg-lacre
+    name: lacre
     state: restarted

tasks/configure.yml

@@ -2,7 +2,7 @@
 
 - name: '[LACRE] - Configure lacre'
   template:
-    src: 'etc/gpg-mailgate.conf.j2'
+    src: 'etc/lacre.conf.j2'
     dest: '{{ lacre_config_file }}'
     owner: '{{ lacre_username }}'
     group: '{{ lacre_group }}'
@@ -10,7 +10,7 @@
     
 - name: '[LACRE] - Configure lacre logger'
   template:
-    src: 'etc/gpg-lacre-logging.conf.j2'
+    src: 'etc/lacre-logging.conf.j2'
     dest: '{{ lacre_logfile }}'
     owner: '{{ lacre_username }}'
     group: '{{ lacre_group }}'

tasks/daemon.yml

@@ -2,8 +2,8 @@
 
 - name: '[Lacre Daemon] - Deploy systemd config'
   template:
-    src: etc/systemd/system/gpg-lacre.service.j2
-    dest: /etc/systemd/system/gpg-lacre.service
+    src: etc/systemd/system/lacre.service.j2
+    dest: /etc/systemd/system/lacre.service
     owner: root
     group: root
     mode: 0644
@@ -11,11 +11,11 @@
 
 - name: '[Lacre Daemon] - Enable systemd config'
   systemd:
-    name: gpg-lacre
+    name: lacre
     enabled: yes
     daemon_reload: yes
   notify:
-    restart gpg-lacre
+    restart lacre
 
 
 - name: '[LACRE] - Add lacre daemon to postfix'
@@ -24,7 +24,7 @@
     backup: yes
     marker: '# {mark} LACRE config block (Ansible)'
     block: |
-      gpg-lacre     unix    -       -       -       -       -       smtp
+      lacre     unix    -       -       -       -       -       smtp
         -o smtp_tls_security_level=none
 
       127.0.0.1:10025 inet    n       -       -       -       -       smtpd

tasks/install.yml

@@ -30,25 +30,27 @@
       
 - name: '[Install] - Create a symbolic link to python binary'
   file:
-    src: '/usr/bin/python3.9'
+    src: '/usr/bin/python{{ lacre_python_version }}'
     dest: '/usr/bin/python'
     state: 'link'
 
 - name: '[INSTALL] - Install lacre backend requirenments'
   pip:
     requirements: "{{ lacre_app_dir }}/requirements.txt"
+    virtualenv: '{{ lacre_homedir }}/venv'
+    virtualenv_site_packages: yes
 
 - name: '[Install] - Link GnuPG Lacre to global python modules'
   file:
     src: '{{ lacre_app_dir }}/GnuPG'
-    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG'
+    dest: '{{ lacre_homedir }}/venv/lib/python{{ lacre_python_version }}/site-packages/GnuPG'
     state: link
 
 
 - name: '[Install] - Link Lacre module to global python modules'
   file:
     src: '{{ lacre_app_dir }}/lacre'
-    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/lacre'
+    dest: '{{ lacre_homedir }}/venv/lib/python{{ lacre_python_version }}/site-packages/lacre'
     state: link
 
 - name: '[INSTALL] - Set cron file permission'
@@ -72,3 +74,17 @@
     user: "{{ lacre_username }}"
     job: '{{ lacre_app_dir }}/webgate-cron.py > /dev/null'
   when: lacre_webgate_cron == 'true'
+
+- name: Check if the database exists
+  shell:
+    cmd: mysql -h {{ lacre_db_host }} -u {{ lacre_db_username }} -p{{ lacre_db_password }} {{ lacre_db_name }} -se "SHOW TABLES;" | wc -l 
+  register: lacre_db_info
+  ignore_errors: yes
+
+- name: '[INSTALL] - Run dbschema'
+  shell:
+    cmd: '{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} -m {{ lacre_app_dir }}/lacre/admin.py db -i'
+  become: 'yes'
+  become_user: '{{ lacre_username }}'
+  when: lacre_db_info.stdout != '3'
+

tasks/main.yml

@@ -1,37 +1,37 @@
 ---
 
 - name: 'Create user'
-  include: 'user.yml'
+  include_tasks: 'user.yml'
   tags: 
     - 'backend'
   when: lacre_backend_deploy == 'true'
 
 - name: 'Clone / Update repository'
-  include: 'git.yml'
+  include_tasks: 'git.yml'
   tags: 
     - 'backend'
   when: lacre_backend_deploy == 'true'
 
-- name: 'Install Lacre'
-  include: 'install.yml'
-  tags:
-    - 'backend'
-  when: lacre_backend_deploy == 'true'
-
 - name: 'Configure Lacre'
-  include: 'configure.yml'
+  include_tasks: 'configure.yml'
   tags:
     - 'config'
     - 'configure'
     - 'backend'
   when: lacre_backend_deploy == 'true'
 
+- name: 'Install Lacre'
+  include_tasks: 'install.yml'
+  tags:
+    - 'backend'
+  when: lacre_backend_deploy == 'true'
+
 - name: 'Use simple filter'
-  include: 'simple_filter.yml'
+  include_tasks: 'simple_filter.yml'
   when: lacre_daemon == 'false'
 
 - name: 'Deploy Advanced filter'
-  include: 'daemon.yml'
+  include_tasks: 'daemon.yml'
   tags:
     - 'backend'
     - 'config'
@@ -39,7 +39,7 @@
   when: lacre_daemon == 'true'
 
 - name: 'Deploy Lacre Webgate'
-  include: 'webgate.yml'
+  include_tasks: 'webgate.yml'
   tags:
     - 'webgate'
   when: lacre_webgate_deploy == 'true'

tasks/simple_filter.yml

@@ -1,13 +1,22 @@
 ---
 
+- name: '[LACRE] - Add simple filter launcher script'
+  template:
+    src: templates/usr/local/bin/lacre-simple_filter.sh.j2 
+    dest: /usr/local/bin/lacre-simple_filter.sh
+    owner: '{{ lacre_username }}'
+    group: '{{ lacre_group }}'
+    mode: '0755'
+
 - name: '[LACRE] - Add lacre simple filter to postfix'
   blockinfile:
     dest: '/etc/postfix/master.cf'
     backup: yes
     marker: '# {mark} LACRE config block (Ansible)'
     block: |
-       gpg-mailgate    unix    -   n   n   -   -   pipe
-         flags= user=lacre argv={{ lacre_app_dir }}/gpg-mailgate.py ${recipient}
+       lacre    unix    -   n   n   -   -   pipe
+         flags= user={{ lacre_username }} 
+         argv=bash /usr/local/bin/lacre-simple_filter.sh
        
        127.0.0.1:10028 inet    n   -   n   -   10  smtpd
          -o content_filter=
@@ -20,10 +29,23 @@
          -o smtpd_authorized_xforward_hosts=127.0.0.0/8
   when: lacre_postfix_simplefilter == 'true'
 
+- name: '[LACRE] - Check if content_filter is set in postfix'
+  shell: "grep -q 'content_filter' /etc/postfix/main.cf"
+  register: check_filter
+  ignore_errors: true
+
+- name: '[LACRE] - Add content filter in postfix settings if not exists'
+  lineinfile:
+    path: '/etc/postfix/main.cf'
+    line: 'content_filter = {{ lacre_content_filter }}'
+    insertafter: EOF
+    state: present
+  when: lacre_set_content_filter == 'true' and check_filter.rc !=0
+
 - name: '[LACRE] - Replace content_filter setting in postfix'
   replace:
     path: '/etc/postfix/main.cf'
     regexp: 'content_filter = .*'
     replace: 'content_filter = {{ lacre_content_filter }}'
-  when: lacre_set_content_filter == 'true'
+  when: lacre_set_content_filter == 'true' and check_filter.rc == 0
 

tasks/webgate.yml

@@ -10,29 +10,15 @@
     dest: '{{ lacre_webgate_dir }}'
     force: 'yes'
     version: '{{ lacre_webgate_version }}'
-      #  become: 'yes'
-      #become_user: '{{ lacre_webgate_user }}'
+  become: 'yes'
+  become_user: '{{ lacre_webgate_user }}'
+
 - name: '[Lacre-webgate] - Make sure webgate is owned by lacre user'
   file:
     path: '{{ lacre_webgate_dir }}'
-    owner: '{{ lacre_username }}'
-    group: '{{ lacre_group }}'
-
-- name: '[Lacre-webgate] - Check if db schema is loaded'
-  shell:
-    cmd: mysql -h {{ lacre_webgate_db_host }} -u {{ lacre_webgate_db_username }} -p{{ lacre_webgate_db_password }} {{ lacre_webgate_db_name }} -se "SELECT EXISTS (SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA LIKE '{{ lacre_webgate_db_name }}' AND TABLE_TYPE LIKE 'BASE TABLE' AND TABLE_NAME = 'gpgmw_keys' );"
-  register: lacre_webgate_installed
-  ignore_errors: true
-
-- name: '[Lacre-webgate] - Import sql schema'
-  mysql_db:
-    state: import 
-    name: "{{ lacre_webgate_db_name }}"
-    login_host: "{{ lacre_webgate_db_host }}"
-    login_user: "{{ lacre_webgate_db_username }}"
-    login_password: "{{ lacre_webgate_db_password }}"
-    target: "{{ lacre_webgate_dir }}/schema.sql"
-  when: lacre_webgate_installed.stdout < "0"
+    owner: '{{ lacre_webgate_user }}'
+    group: '{{ lacre_webgate_group }}'
+    recurse: yes
 
 - name: '[Lacre-webgate] - Deploy config'
   template:

templates/etc/lacre.conf.j2

@@ -1,11 +1,11 @@
 [default]
-# Whether gpg-mailgate should add a header after it has processed an email
+# Whether lacre should add a header after it has processed an email
 # This may be useful for debugging purposes
 add_header = {{ lacre_add_header }}
 
 # Whether we should only encrypt emails if they are explicitly defined in
 # the key mappings below ([enc_keymap] section)
-# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
+# This means lacre won't automatically detect PGP recipients for encrypting
 enc_keymap_only = {{ lacre_enc_keymap_only }}
 
 # Convert encrypted text/plain email to MIME-attached encrypt style.
@@ -20,7 +20,7 @@ mime_conversion = {{ lacre_mime_conversion }}
 mail_case_insensitive = {{ lacre_mail_case_insensitive }}
 
 [gpg]
-# the directory where gpg-mailgate public keys are stored
+# the directory where lacre public keys are stored
 # (see INSTALL for details)
 keyhome = {{ lacre_keyhome }}
 
@@ -32,6 +32,7 @@ cert_path = {{ lacre_cert_path }}
 # settings for the register-handler
 register_email = {{ lacre_register_email }}
 mail_templates = {{ lacre_mail_templates }}
+
 # URL to webpanel. The server should be able to reach it
 webpanel_url = {{ lacre_webpanel_url }}
 
@@ -57,21 +58,21 @@ port = {{ lacre_daemon_port }}
 # Maximum size (in bytes) of message body, i.e. data provided after DATA
 # message.  Following value comes from aiosmtpd module's default for this
 # setting.
-max_data_bytes = {{ lacre_max_data_bytes }}33554432
+max_data_bytes = {{ lacre_max_data_bytes }}
 
 # Sometimes it may make sense to log additional information from mail headers.
 # This should never be PII, but information like encoding, content types, etc.
-log_headers = {{ lacre_log_headers }}no
+log_headers = {{ lacre_log_headers }}
 {% endif %}
 
 [relay]
 # the relay settings to use for Postfix
-# gpg-mailgate will submit email to this relay after it is done processing
+# lacre will submit email to this relay after it is done processing
 # unless you alter the default Postfix configuration, you won't have to modify this
 host = {{ lacre_relay }}
 port = {{ lacre_relay_port }}
 # This is the default port of postfix. It is used to send some
-# mails through the GPG-Mailgate so they are encrypted
+# mails through the lacre so they are encrypted
 enc_port = {{ lacre_enc_port }}
 
 # Set this option to yes to use TLS for SMTP Servers which require TLS.
@@ -89,15 +90,42 @@ starttls = {{ lacre_smtp_starttls }}
 
 [database]
 # edit the settings below if you want to read keys from a
-# gpg-mailgate-web database other than SQLite
-enabled = {{ lacre_webgate_db_enabled }}
-{% if lacre_webgate_db_backend == 'sqlite' %}
-url = sqlite://{{ lacre_webgate_db_name }}
+# lacre-webgate database other than SQLite
+enabled = {{ lacre_db_enabled }}
+{% if lacre_db_backend == 'sqlite' %}
+url = sqlite://{{ lacre_db_name }}
 {% endif %}
-{% if lacre_webgate_db_backend == 'mysql' %}
-url = mysql://{{ lacre_webgate_db_username }}:{{ lacre_webgate_db_password }}@{{ lacre_webgate_db_host }}/{{ lacre_webgate_db_name }}
+{% if lacre_db_backend == 'mysql' %}
+url = mysql://{{ lacre_db_username }}:{{ lacre_db_password }}@{{ lacre_db_host }}/{{ lacre_db_name }}
 {% endif %}
 
+# Pooling mode: pessimistic or optimistic (required parameter).
+#
+# - Pessimistic disconnect-handling: pre_ping.  Connection pool will try using
+#   connection before it executes a SQL query to find out if the connection is
+#   still alive.  If not, it'll just establish a new connection.
+#
+# - Optimistic distonnect-handling: just avoid using connections after some
+#   time.
+#
+pooling_mode = {{ lacre_pooling_mode }}
+
+# For other RDBMS backends, see:
+# https://docs.sqlalchemy.org/en/14/core/engines.html#database-urls
+
+# Number of seconds after which an idle connection is recycled.  This is
+# useful with MySQL servers.  This is only used with pooling_mode=optimistic.
+# For more information, see:
+# https://docs.sqlalchemy.org/en/14/core/engines.html#sqlalchemy.create_engine.params.pool_recycle
+max_connection_age = {{ lacre_pooling_maxcon_age }}
+
+# Number of connections stored in the pool.
+pool_size = {{ lacre_pooling_poolsize }}
+
+# If the pool size is not enough for current traffic, some connections can be
+# made and closed after use, to avoid pool growth and connection rejections.
+max_overflow = {{ lacre_pooling_max_overflow }}
+
 [enc_keymap]
 # You can find these by running the following command:
 #	gpg --list-keys --keyid-format long user@example.com

templates/etc/systemd/system/lacre.service.j2

@@ -7,7 +7,6 @@ Type=simple
 User={{ lacre_username }}
 Group={{ lacre_group }}
 WorkingDirectory={{ lacre_app_dir }}
-Environment=GPG_MAILGATE_CONFIG={{ lacre_config_file }}
 ExecStart={{ lacre_systemd_execstart }}
 Restart=always
 RestartSec={{ lacre_systemd_restartsec }}

templates/lacre-webgate/config.php.j2

@@ -77,16 +77,16 @@ $config['mail_smtp_password'] = '{{ lacre_smtp_password }}';
 //
 
 //database name (MySQL only); or see include/dbconnect.php
-$config['db_name'] = '{{ lacre_webgate_db_name }}';
+$config['db_name'] = '{{ lacre_db_name }}';
 
 //database host
-$config['db_host'] = '{{ lacre_webgate_db_host }}';
+$config['db_host'] = '{{ lacre_db_host }}';
 
 //database username
-$config['db_username'] = '{{ lacre_webgate_db_username }}';
+$config['db_username'] = '{{ lacre_db_username }}';
 
 //database password
-$config['db_password'] = '{{ lacre_webgate_db_password }}';
+$config['db_password'] = '{{ lacre_db_password }}';
 
 //
 // PGP VERIFICATION SETTINGS

templates/usr/local/bin/lacre-simple_filter.sh.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# A script to launch Lacre for Postfix's simple filter using python virtual environment. 
+source {{ lacre_homedir }}/venv/bin/activate 
+{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} {{ lacre_app_dir }}/lacre.py