added web frontend; py3 update

Playbooks/lacre.yml

@@ -2,10 +2,10 @@
 
 - hosts: lacre
   roles:
-    #    - role: mailserver
-    #  tags:
-    #    - postfix
-    - role: lacre
+    - mariadb
+    - nginx
+    - gpg-lacre
+    - php-fpm
 
   vars_files:
     - ../defaults/main.yml

defaults/main.yml

@@ -1,13 +1,14 @@
 ---
+lacre_pything_version: '3.9'
 lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
-lacre_version: 'master'
+lacre_version: 'php_update'
 lacre_app_dir: '/opt/gpg-lacre'
 lacre_username: 'lacre'
 lacre_group: 'lacre'
 lacre_homedir: '/var/gpgmailgate/'
 #lacre_
 lacre_apt:
-  - 'python-m2crypto'
+  - 'python3-m2crypto'
   - 'git'
   - 'gnupg'
 lacre_set_content_filter: 'true'
@@ -38,8 +39,161 @@ lacre_db_host: 'localhost'
 lacre_db_username: 'user'
 lacre_db_password: 'password'   
 
+#lacre webgate
+lacre_cron: 'true'
+lacre_webgate_deploy: 'true'
+lacre_webgate_apt:
+  - 'python3-markdown'
+  - 'python3-mysqldb'
+lacre_webgate_webroot: '/var/www/'
+lacre_webgate_user: 'www-data'
+lacre_webgate_group: 'www-data'
+lacre_webgate_email_web: 'admin@example.com'
+lacre_webgate_email_from: 'gpg-mailgate-web@example.com' 
+lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
+lacre_webgate_site_url: 'http://example.com/gpgmw' 
+lacre_webgate_site_title: 'PGP key management'
+lacre_webgate_language: 'english'
+lacre_webgate_debug: 'enable'
+lacre_webgate_mail_smtp: 'false'
+lacre_webgate_smtp_host: 'localhost'
+lacre_webgate_smtp_port: '25'
+lacre_webgate_smtp_username: 'gpgmw'
+lacre_webgate_smtp_password: ''
+lacre_webgate_pgpverify: 'false'
+lacre_webgate_pgpverify_tmpdir: '/tmp'
+lacre_webgate_pgpverify_allowblank: 'true'
+lacre_webgate_lock_time: '10'
+lacre_webgate_lock_retrycount: '3'
+lacre_webgate_lock_cooldown: '900'
+lacre_webgate_lock_reset: '300'
+lacre_webgate_locktime_max: '3600'
+
+
+
+
+
+
 #mailserver vars
 postfix_header_checks: 'false'
 postfix_body_checks: 'false'
 postfix_rbl_whitelist: 'false'
 postfix_postgrey_deploy: 'false'
+
+#php
+install_php: 'true'
+php_version: '7.4'
+php_pkgs:
+  - 'php{{ php_version }}-fpm'
+  - 'php{{ php_version }}-mysql'
+nginx_vhosts:
+   - name: 'example.org'
+     template: 'basephp'
+     proto: 'http'
+     listen: '80'
+     root: 'gpg-mailgate-web/public_html'
+     index: 'index.php'
+     use_access_log: 'true'
+     use_error_log: 'true'
+     nginx_error_log_level: 'warn'
+     upstream_params:
+       - 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
+       - 'fastcgi_index index.php;'
+       - 'include /etc/nginx/fastcgi_params;'
+       - 'fastcgi_pass unix:{{ pool_listen }};'
+     state: 'enable'
+     letsencrypt: 'false'
+
+nginx_default_vhost_ssl: 'example.org'
+nginx_default_vhost: 'example.org'
+
+#mariadb
+# MARIADB CONFIG
+mariadb_root_password: 'changeme'
+mariadb_default_config:
+  - name: 'client'
+    config:
+      - port = {{mariadb_client_port}}
+      - socket = /var/run/mysqld/mysqld.sock
+      - default-character-set = utf8mb4
+  - name: 'mysqld_safe'
+    config:
+      - safe_socket = /var/run/mysqld/mysqld.sock
+      - safe_nice = 0
+  - name: 'mysqld'
+    config:
+      - user = mysql
+      - pid_file = /var/run/mysqld/mysqld.pid
+      - socket = /var/run/mysqld/mysqld.sock
+      - port = 3306
+      - basedir = /usr
+      - datadir = "{{mariadb_datadir}}"
+      - tmpdir = /tmp
+      - init_connect ='SET collation_connection = utf8mb4_unicode_ci'
+      - init_connect ='SET NAMES utf8mb4'
+      - character-set-server = utf8mb4
+      - collation-server = utf8mb4_unicode_ci
+      - skip_external_locking = True
+      - bind_address = {{ lacre_db_host }}
+      - key_buffer = 16M
+      - max_allowed_packet = 16M
+      - thread_stack = 192K
+      - thread_cache_size = 16
+      - myisam_recover = BACKUP
+      - max_connections = 1000
+      - query_cache_limit = 1M
+      - query_cache_size = 16M
+      - general_log_file = /var/log/mysql/mysql.log
+      - general_log = 0
+      - slow_query_log = 1
+      - slow_query_log_file = /var/log/mysql/mysql-slow.log
+      - long_query_time = 1
+      - log_queries_not_using_indexes = False
+      - default_storage_engine = InnoDB
+      - innodb_buffer_pool_size = 1024M
+      - innodb_log_file_size = 128M
+      - innodb_log_buffer_size = 8M
+      - innodb_thread_concurrency = 64
+      - innodb_read_io_threads = 16
+      - innodb_write_io_threads = 16
+      - innodb_file_per_table = 1
+      - innodb_open_files = 400
+      - innodb_io_capacity = 600
+      - innodb_lock_wait_timeout = 60
+      - innodb_flush_method = O_DIRECT
+      - innodb_doublewrite = 0
+      - innodb_use_native_aio = 0
+      - innodb_large_prefix = on
+      - server_id = 1
+      - log_bin = /var/log/mysql/mysql-bin.log
+      - expire_logs_days = 2
+      - max_binlog_size = 10M
+      - binlog_format = row
+      - query_cache_type = 1
+      - query_cache_limit = 256K
+      - query_cache_min_res_unit = 2k
+      - query_cache_size = 300M
+      - tmp_table_size= 64M
+      - max_heap_table_size= 64M
+
+
+  - name: 'mysqldump'
+    config:
+      - quick
+     #- quotes-names
+      - max_allowed_packet = 16M
+  - name: 'isamchk'
+    config:
+      - key_buffer = 16M
+
+mariadb_databases:
+  - name: '{{ lacre_db_name }}'
+    collation: 'utf8mb4_unicode_ci'
+    encoding: 'utf8mb4'
+
+mariadb_users:
+  - name: '{{ lacre_db_username }}'
+    host: '{{ lacre_db_host }}'
+    password: '{{ lacre_db_password }}'
+    priv: '{{ lacre_db_name }}.*:ALL'
+

tasks/frontend.yml

@@ -0,0 +1,66 @@
+---
+
+- name: '[Webgate] - Install dependencies'
+  apt:
+    name: "{{ lacre_webgate_apt }}"
+
+- name: '[Webgate] - Copy files to webdir'
+  copy:
+    remote_src: true
+    src: "{{ lacre_app_dir }}/gpg-mailgate-web/public_html"
+    dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web"
+    owner: "{{ lacre_webgate_user }}"
+    group: "{{ lacre_webgate_group }}"
+
+- name: '[Webgate] - Import sql schema'
+  mysql_db:
+    state: import 
+    name: "{{ lacre_db_name }}"
+    login_host: "{{ lacre_db_host }}"
+    login_user: "{{ lacre_db_username }}"
+    login_password: "{{ lacre_db_password }}"
+    target: "{{ lacre_app_dir }}/gpg-mailgate-web/schema.sql"
+
+- name: 'Webgate] - Deploy config'
+  template:
+    src: 'config.php.j2'
+    dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web/public_html/config.php"
+    owner: "{{ lacre_webgate_user }}"
+    group: "{{ lacre_webgate_group }}"
+
+- name: '[Webgate] - Create email template dir'
+  file:
+    path: "{{ lacre_homedir }}/cron-templates"
+    state: directory
+    owner: "{{ lacre_username }}"
+    group: "{{ lacre_group }}"
+
+- name: '[Webgate] - Copy templates to template dir'
+  copy:
+    remote_src: true
+    src: "{{ lacre_app_dir }}/cron_templates"
+    dest: "{{ lacre_homedir }}/cron-templates"
+    owner: "{{ lacre_username }}"
+    group: "{{ lacre_group }}"
+
+- name: '[Webgate] - Deploy cron.py'
+  copy:
+    remote_src: true
+    src: "{{ lacre_app_dir }}/gpg-mailgate-web/cron.py"
+    dest: '/usr/local/bin/gpgmw-cron.py'
+    owner: "{{ lacre_username }}"
+    group: "{{ lacre_group }}"
+    mode: a+x
+
+- name: '[Webgate] - Set cron'
+  cron:
+      name: "Webgate cronjob"
+      state: present
+      minute: "*/3"
+      hour: "*"
+      day: "*"
+      month: "*"
+      weekday: "*"
+      user: "{{ lacre_username }}"
+      job: '/usr/local/bin/gpgmw-cron.py > /dev/null'
+  when: lacre_cron == 'true'

tasks/install.yml

@@ -29,6 +29,6 @@
 - name: '[Install] - Link GnuPG direcotry to global python modules'
   file:
     src: '{{ lacre_app_dir }}/GnuPG'
-    dest: '/usr/local/lib/python2.7/dist-packages/GnuPG'
+    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG'
     state: link
 

tasks/main.yml

@@ -12,3 +12,6 @@
 - name: 'Configure Lacre'
   include: configure.yml
 
+- name: 'Deploy frontend'
+  include: frontend.yml
+

templates/config.php.j2

@@ -0,0 +1,121 @@
+<?php
+/*
+
+	gpg-mailgate
+
+	This file is part of the gpg-mailgate source code.
+
+	gpg-mailgate is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	gpg-mailgate source code is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+//
+// GENERAL SITE SETTINGS
+//
+
+//web team contact
+// this email address will be displayed if there is a database error
+$config['email_web'] = '{{ lacre_webgate_email_web }}';
+
+//address to send emails from
+$config['email_from'] = '{{ lacre_webgate_email_from }}';
+
+//this will be used as the subject when a user requests to add a PGP key
+$config['email_subject_requestpgp'] = '{{ lacre_webgate_email_subject_requestpgp }}';
+
+//site URL, without trailing slash
+$config['site_url'] = '{{ lacre_webgate_site_url }}';
+
+
+//title of the website (displayed on home page)
+$config['site_title'] = '{{ lacre_webgate_site_title }}';
+
+//language file to use (see language subdirectory)
+$config['language'] = '{{ lacre_webgate_language }}';
+
+//whether debug mode should be enabled
+$config['debug'] = {{ lacre_webgate_debug }};
+
+//
+// MAIL SETTINGS
+//
+
+//whether to send mail through SMTP (instead of PHP mail function)
+$config['mail_smtp'] = {{ lacre_webgate_mail_smtp }};
+
+//SMTP settings, if mail_smtp is enabled
+//this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed
+$config['mail_smtp_host'] = '{{ lacre_webgate_smtp_host }}';
+$config['mail_smtp_port'] = {{ lacre_webgate_smtp_port }};
+$config['mail_smtp_username'] = '{{ lacre_webgate_smtp_username }}';
+$config['mail_smtp_password'] = '{{ lacre_webgate_smtp_password }}';
+
+//
+// DATABASE SETTINGS
+//
+
+//database name (MySQL only); or see include/dbconnect.php
+$config['db_name'] = '{{ lacre_db_name }}';
+
+//database host
+$config['db_host'] = '{{ lacre_db_host }}';
+
+//database username
+$config['db_username'] = '{{ lacre_db_username }}';
+
+//database password
+$config['db_password'] = '{{ lacre_db_password }}';
+
+//
+// PGP VERIFICATION SETTINGS
+//
+
+//whether to enable immediate verification of PGP keys
+// keys will always be verified with the email address in our cron job
+// but this will enable verification from the web interface before email confirmation
+//for this to work, Crypt_GPG from http://pear.php.net/Crypt_GPG must be installed
+// (as well as any of its dependencies), and pgpverify_tmpdir must be set
+$config['pgpverify_enable'] = {{ lacre_webgate_pgpverify }};
+
+//a temporary directory to use for PGP verification, without trailing slash
+// gpgmw will create subdirectories from here to use as temporary gpg home directories
+// these directories will (should) be deleted immediately after use
+$config['pgpverify_tmpdir'] = '{{ lacre_webgate_pgpverify_tmpdir }}';
+
+//whether to allow blank "keys"
+// this is useful to allow users to delete their key from the keystore
+// if they no longer want encryption
+$config['pgpverify_allowblank'] = {{ lacre_webgate_pgpverify_allowblank }};
+
+//
+// LOCK SETTINGS
+//
+
+//the time in seconds a user must wait before trying again; otherwise they get locked out (count not increased)
+$config['lock_time_initial'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
+
+//the number of tries a user has (that passes the lock_time_initial test) before being locked by overload (extended duration)
+$config['lock_count_overload'] = array('requestpgp' => {{ lacre_webgate_lock_retrycount }});
+
+//the time that overloads last
+$config['lock_time_overload'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
+
+//time after which locks no longer apply, assuming the lock isn't active
+$config['lock_time_reset'] = {{ lacre_webgate_lock_reset }};
+
+//max time to store locks in the database; this way we can clear old locks with one function
+$config['lock_time_max'] = {{ lacre_webgate_locktime_max }};
+
+?>
+