From a72adba7a92ad1d7b783cd73ba396f3dd2aabe12 Mon Sep 17 00:00:00 2001 From: muppeth Date: Mon, 21 Mar 2022 21:21:02 +0100 Subject: [PATCH] added web frontend; py3 update --- Playbooks/lacre.yml | 8 +- defaults/main.yml | 158 +++++++++++++++++++++++++++++++++++++++- tasks/frontend.yml | 66 +++++++++++++++++ tasks/install.yml | 2 +- tasks/main.yml | 3 + templates/config.php.j2 | 121 ++++++++++++++++++++++++++++++ 6 files changed, 351 insertions(+), 7 deletions(-) create mode 100644 tasks/frontend.yml create mode 100644 templates/config.php.j2 diff --git a/Playbooks/lacre.yml b/Playbooks/lacre.yml index b8f8d7b..ca87c87 100644 --- a/Playbooks/lacre.yml +++ b/Playbooks/lacre.yml @@ -2,10 +2,10 @@ - hosts: lacre roles: - # - role: mailserver - # tags: - # - postfix - - role: lacre + - mariadb + - nginx + - gpg-lacre + - php-fpm vars_files: - ../defaults/main.yml diff --git a/defaults/main.yml b/defaults/main.yml index 5587a6c..1589c1a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,13 +1,14 @@ --- +lacre_pything_version: '3.9' lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git' -lacre_version: 'master' +lacre_version: 'php_update' lacre_app_dir: '/opt/gpg-lacre' lacre_username: 'lacre' lacre_group: 'lacre' lacre_homedir: '/var/gpgmailgate/' #lacre_ lacre_apt: - - 'python-m2crypto' + - 'python3-m2crypto' - 'git' - 'gnupg' lacre_set_content_filter: 'true' @@ -38,8 +39,161 @@ lacre_db_host: 'localhost' lacre_db_username: 'user' lacre_db_password: 'password' +#lacre webgate +lacre_cron: 'true' +lacre_webgate_deploy: 'true' +lacre_webgate_apt: + - 'python3-markdown' + - 'python3-mysqldb' +lacre_webgate_webroot: '/var/www/' +lacre_webgate_user: 'www-data' +lacre_webgate_group: 'www-data' +lacre_webgate_email_web: 'admin@example.com' +lacre_webgate_email_from: 'gpg-mailgate-web@example.com' +lacre_webgate_email_subject_requestpgp: 'Confirm your email address' +lacre_webgate_site_url: 'http://example.com/gpgmw' +lacre_webgate_site_title: 'PGP key management' +lacre_webgate_language: 'english' +lacre_webgate_debug: 'enable' +lacre_webgate_mail_smtp: 'false' +lacre_webgate_smtp_host: 'localhost' +lacre_webgate_smtp_port: '25' +lacre_webgate_smtp_username: 'gpgmw' +lacre_webgate_smtp_password: '' +lacre_webgate_pgpverify: 'false' +lacre_webgate_pgpverify_tmpdir: '/tmp' +lacre_webgate_pgpverify_allowblank: 'true' +lacre_webgate_lock_time: '10' +lacre_webgate_lock_retrycount: '3' +lacre_webgate_lock_cooldown: '900' +lacre_webgate_lock_reset: '300' +lacre_webgate_locktime_max: '3600' + + + + + + #mailserver vars postfix_header_checks: 'false' postfix_body_checks: 'false' postfix_rbl_whitelist: 'false' postfix_postgrey_deploy: 'false' + +#php +install_php: 'true' +php_version: '7.4' +php_pkgs: + - 'php{{ php_version }}-fpm' + - 'php{{ php_version }}-mysql' +nginx_vhosts: + - name: 'example.org' + template: 'basephp' + proto: 'http' + listen: '80' + root: 'gpg-mailgate-web/public_html' + index: 'index.php' + use_access_log: 'true' + use_error_log: 'true' + nginx_error_log_level: 'warn' + upstream_params: + - 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' + - 'fastcgi_index index.php;' + - 'include /etc/nginx/fastcgi_params;' + - 'fastcgi_pass unix:{{ pool_listen }};' + state: 'enable' + letsencrypt: 'false' + +nginx_default_vhost_ssl: 'example.org' +nginx_default_vhost: 'example.org' + +#mariadb +# MARIADB CONFIG +mariadb_root_password: 'changeme' +mariadb_default_config: + - name: 'client' + config: + - port = {{mariadb_client_port}} + - socket = /var/run/mysqld/mysqld.sock + - default-character-set = utf8mb4 + - name: 'mysqld_safe' + config: + - safe_socket = /var/run/mysqld/mysqld.sock + - safe_nice = 0 + - name: 'mysqld' + config: + - user = mysql + - pid_file = /var/run/mysqld/mysqld.pid + - socket = /var/run/mysqld/mysqld.sock + - port = 3306 + - basedir = /usr + - datadir = "{{mariadb_datadir}}" + - tmpdir = /tmp + - init_connect ='SET collation_connection = utf8mb4_unicode_ci' + - init_connect ='SET NAMES utf8mb4' + - character-set-server = utf8mb4 + - collation-server = utf8mb4_unicode_ci + - skip_external_locking = True + - bind_address = {{ lacre_db_host }} + - key_buffer = 16M + - max_allowed_packet = 16M + - thread_stack = 192K + - thread_cache_size = 16 + - myisam_recover = BACKUP + - max_connections = 1000 + - query_cache_limit = 1M + - query_cache_size = 16M + - general_log_file = /var/log/mysql/mysql.log + - general_log = 0 + - slow_query_log = 1 + - slow_query_log_file = /var/log/mysql/mysql-slow.log + - long_query_time = 1 + - log_queries_not_using_indexes = False + - default_storage_engine = InnoDB + - innodb_buffer_pool_size = 1024M + - innodb_log_file_size = 128M + - innodb_log_buffer_size = 8M + - innodb_thread_concurrency = 64 + - innodb_read_io_threads = 16 + - innodb_write_io_threads = 16 + - innodb_file_per_table = 1 + - innodb_open_files = 400 + - innodb_io_capacity = 600 + - innodb_lock_wait_timeout = 60 + - innodb_flush_method = O_DIRECT + - innodb_doublewrite = 0 + - innodb_use_native_aio = 0 + - innodb_large_prefix = on + - server_id = 1 + - log_bin = /var/log/mysql/mysql-bin.log + - expire_logs_days = 2 + - max_binlog_size = 10M + - binlog_format = row + - query_cache_type = 1 + - query_cache_limit = 256K + - query_cache_min_res_unit = 2k + - query_cache_size = 300M + - tmp_table_size= 64M + - max_heap_table_size= 64M + + + - name: 'mysqldump' + config: + - quick + #- quotes-names + - max_allowed_packet = 16M + - name: 'isamchk' + config: + - key_buffer = 16M + +mariadb_databases: + - name: '{{ lacre_db_name }}' + collation: 'utf8mb4_unicode_ci' + encoding: 'utf8mb4' + +mariadb_users: + - name: '{{ lacre_db_username }}' + host: '{{ lacre_db_host }}' + password: '{{ lacre_db_password }}' + priv: '{{ lacre_db_name }}.*:ALL' + diff --git a/tasks/frontend.yml b/tasks/frontend.yml new file mode 100644 index 0000000..bb81742 --- /dev/null +++ b/tasks/frontend.yml @@ -0,0 +1,66 @@ +--- + +- name: '[Webgate] - Install dependencies' + apt: + name: "{{ lacre_webgate_apt }}" + +- name: '[Webgate] - Copy files to webdir' + copy: + remote_src: true + src: "{{ lacre_app_dir }}/gpg-mailgate-web/public_html" + dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web" + owner: "{{ lacre_webgate_user }}" + group: "{{ lacre_webgate_group }}" + +- name: '[Webgate] - Import sql schema' + mysql_db: + state: import + name: "{{ lacre_db_name }}" + login_host: "{{ lacre_db_host }}" + login_user: "{{ lacre_db_username }}" + login_password: "{{ lacre_db_password }}" + target: "{{ lacre_app_dir }}/gpg-mailgate-web/schema.sql" + +- name: 'Webgate] - Deploy config' + template: + src: 'config.php.j2' + dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web/public_html/config.php" + owner: "{{ lacre_webgate_user }}" + group: "{{ lacre_webgate_group }}" + +- name: '[Webgate] - Create email template dir' + file: + path: "{{ lacre_homedir }}/cron-templates" + state: directory + owner: "{{ lacre_username }}" + group: "{{ lacre_group }}" + +- name: '[Webgate] - Copy templates to template dir' + copy: + remote_src: true + src: "{{ lacre_app_dir }}/cron_templates" + dest: "{{ lacre_homedir }}/cron-templates" + owner: "{{ lacre_username }}" + group: "{{ lacre_group }}" + +- name: '[Webgate] - Deploy cron.py' + copy: + remote_src: true + src: "{{ lacre_app_dir }}/gpg-mailgate-web/cron.py" + dest: '/usr/local/bin/gpgmw-cron.py' + owner: "{{ lacre_username }}" + group: "{{ lacre_group }}" + mode: a+x + +- name: '[Webgate] - Set cron' + cron: + name: "Webgate cronjob" + state: present + minute: "*/3" + hour: "*" + day: "*" + month: "*" + weekday: "*" + user: "{{ lacre_username }}" + job: '/usr/local/bin/gpgmw-cron.py > /dev/null' + when: lacre_cron == 'true' diff --git a/tasks/install.yml b/tasks/install.yml index 08cc752..a19861f 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -29,6 +29,6 @@ - name: '[Install] - Link GnuPG direcotry to global python modules' file: src: '{{ lacre_app_dir }}/GnuPG' - dest: '/usr/local/lib/python2.7/dist-packages/GnuPG' + dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG' state: link diff --git a/tasks/main.yml b/tasks/main.yml index 73997cd..5983a4c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,3 +12,6 @@ - name: 'Configure Lacre' include: configure.yml +- name: 'Deploy frontend' + include: frontend.yml + diff --git a/templates/config.php.j2 b/templates/config.php.j2 new file mode 100644 index 0000000..ca35011 --- /dev/null +++ b/templates/config.php.j2 @@ -0,0 +1,121 @@ +. + +*/ + +// +// GENERAL SITE SETTINGS +// + +//web team contact +// this email address will be displayed if there is a database error +$config['email_web'] = '{{ lacre_webgate_email_web }}'; + +//address to send emails from +$config['email_from'] = '{{ lacre_webgate_email_from }}'; + +//this will be used as the subject when a user requests to add a PGP key +$config['email_subject_requestpgp'] = '{{ lacre_webgate_email_subject_requestpgp }}'; + +//site URL, without trailing slash +$config['site_url'] = '{{ lacre_webgate_site_url }}'; + + +//title of the website (displayed on home page) +$config['site_title'] = '{{ lacre_webgate_site_title }}'; + +//language file to use (see language subdirectory) +$config['language'] = '{{ lacre_webgate_language }}'; + +//whether debug mode should be enabled +$config['debug'] = {{ lacre_webgate_debug }}; + +// +// MAIL SETTINGS +// + +//whether to send mail through SMTP (instead of PHP mail function) +$config['mail_smtp'] = {{ lacre_webgate_mail_smtp }}; + +//SMTP settings, if mail_smtp is enabled +//this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed +$config['mail_smtp_host'] = '{{ lacre_webgate_smtp_host }}'; +$config['mail_smtp_port'] = {{ lacre_webgate_smtp_port }}; +$config['mail_smtp_username'] = '{{ lacre_webgate_smtp_username }}'; +$config['mail_smtp_password'] = '{{ lacre_webgate_smtp_password }}'; + +// +// DATABASE SETTINGS +// + +//database name (MySQL only); or see include/dbconnect.php +$config['db_name'] = '{{ lacre_db_name }}'; + +//database host +$config['db_host'] = '{{ lacre_db_host }}'; + +//database username +$config['db_username'] = '{{ lacre_db_username }}'; + +//database password +$config['db_password'] = '{{ lacre_db_password }}'; + +// +// PGP VERIFICATION SETTINGS +// + +//whether to enable immediate verification of PGP keys +// keys will always be verified with the email address in our cron job +// but this will enable verification from the web interface before email confirmation +//for this to work, Crypt_GPG from http://pear.php.net/Crypt_GPG must be installed +// (as well as any of its dependencies), and pgpverify_tmpdir must be set +$config['pgpverify_enable'] = {{ lacre_webgate_pgpverify }}; + +//a temporary directory to use for PGP verification, without trailing slash +// gpgmw will create subdirectories from here to use as temporary gpg home directories +// these directories will (should) be deleted immediately after use +$config['pgpverify_tmpdir'] = '{{ lacre_webgate_pgpverify_tmpdir }}'; + +//whether to allow blank "keys" +// this is useful to allow users to delete their key from the keystore +// if they no longer want encryption +$config['pgpverify_allowblank'] = {{ lacre_webgate_pgpverify_allowblank }}; + +// +// LOCK SETTINGS +// + +//the time in seconds a user must wait before trying again; otherwise they get locked out (count not increased) +$config['lock_time_initial'] = array('requestpgp' => {{ lacre_webgate_lock_time }}); + +//the number of tries a user has (that passes the lock_time_initial test) before being locked by overload (extended duration) +$config['lock_count_overload'] = array('requestpgp' => {{ lacre_webgate_lock_retrycount }}); + +//the time that overloads last +$config['lock_time_overload'] = array('requestpgp' => {{ lacre_webgate_lock_time }}); + +//time after which locks no longer apply, assuming the lock isn't active +$config['lock_time_reset'] = {{ lacre_webgate_lock_reset }}; + +//max time to store locks in the database; this way we can clear old locks with one function +$config['lock_time_max'] = {{ lacre_webgate_locktime_max }}; + +?> +