added web frontend; py3 update
This commit is contained in:
parent
ed0b8e16a5
commit
a72adba7a9
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
- hosts: lacre
|
- hosts: lacre
|
||||||
roles:
|
roles:
|
||||||
# - role: mailserver
|
- mariadb
|
||||||
# tags:
|
- nginx
|
||||||
# - postfix
|
- gpg-lacre
|
||||||
- role: lacre
|
- php-fpm
|
||||||
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- ../defaults/main.yml
|
- ../defaults/main.yml
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
---
|
---
|
||||||
|
lacre_pything_version: '3.9'
|
||||||
lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
|
lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
|
||||||
lacre_version: 'master'
|
lacre_version: 'php_update'
|
||||||
lacre_app_dir: '/opt/gpg-lacre'
|
lacre_app_dir: '/opt/gpg-lacre'
|
||||||
lacre_username: 'lacre'
|
lacre_username: 'lacre'
|
||||||
lacre_group: 'lacre'
|
lacre_group: 'lacre'
|
||||||
lacre_homedir: '/var/gpgmailgate/'
|
lacre_homedir: '/var/gpgmailgate/'
|
||||||
#lacre_
|
#lacre_
|
||||||
lacre_apt:
|
lacre_apt:
|
||||||
- 'python-m2crypto'
|
- 'python3-m2crypto'
|
||||||
- 'git'
|
- 'git'
|
||||||
- 'gnupg'
|
- 'gnupg'
|
||||||
lacre_set_content_filter: 'true'
|
lacre_set_content_filter: 'true'
|
||||||
|
@ -38,8 +39,161 @@ lacre_db_host: 'localhost'
|
||||||
lacre_db_username: 'user'
|
lacre_db_username: 'user'
|
||||||
lacre_db_password: 'password'
|
lacre_db_password: 'password'
|
||||||
|
|
||||||
|
#lacre webgate
|
||||||
|
lacre_cron: 'true'
|
||||||
|
lacre_webgate_deploy: 'true'
|
||||||
|
lacre_webgate_apt:
|
||||||
|
- 'python3-markdown'
|
||||||
|
- 'python3-mysqldb'
|
||||||
|
lacre_webgate_webroot: '/var/www/'
|
||||||
|
lacre_webgate_user: 'www-data'
|
||||||
|
lacre_webgate_group: 'www-data'
|
||||||
|
lacre_webgate_email_web: 'admin@example.com'
|
||||||
|
lacre_webgate_email_from: 'gpg-mailgate-web@example.com'
|
||||||
|
lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
|
||||||
|
lacre_webgate_site_url: 'http://example.com/gpgmw'
|
||||||
|
lacre_webgate_site_title: 'PGP key management'
|
||||||
|
lacre_webgate_language: 'english'
|
||||||
|
lacre_webgate_debug: 'enable'
|
||||||
|
lacre_webgate_mail_smtp: 'false'
|
||||||
|
lacre_webgate_smtp_host: 'localhost'
|
||||||
|
lacre_webgate_smtp_port: '25'
|
||||||
|
lacre_webgate_smtp_username: 'gpgmw'
|
||||||
|
lacre_webgate_smtp_password: ''
|
||||||
|
lacre_webgate_pgpverify: 'false'
|
||||||
|
lacre_webgate_pgpverify_tmpdir: '/tmp'
|
||||||
|
lacre_webgate_pgpverify_allowblank: 'true'
|
||||||
|
lacre_webgate_lock_time: '10'
|
||||||
|
lacre_webgate_lock_retrycount: '3'
|
||||||
|
lacre_webgate_lock_cooldown: '900'
|
||||||
|
lacre_webgate_lock_reset: '300'
|
||||||
|
lacre_webgate_locktime_max: '3600'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#mailserver vars
|
#mailserver vars
|
||||||
postfix_header_checks: 'false'
|
postfix_header_checks: 'false'
|
||||||
postfix_body_checks: 'false'
|
postfix_body_checks: 'false'
|
||||||
postfix_rbl_whitelist: 'false'
|
postfix_rbl_whitelist: 'false'
|
||||||
postfix_postgrey_deploy: 'false'
|
postfix_postgrey_deploy: 'false'
|
||||||
|
|
||||||
|
#php
|
||||||
|
install_php: 'true'
|
||||||
|
php_version: '7.4'
|
||||||
|
php_pkgs:
|
||||||
|
- 'php{{ php_version }}-fpm'
|
||||||
|
- 'php{{ php_version }}-mysql'
|
||||||
|
nginx_vhosts:
|
||||||
|
- name: 'example.org'
|
||||||
|
template: 'basephp'
|
||||||
|
proto: 'http'
|
||||||
|
listen: '80'
|
||||||
|
root: 'gpg-mailgate-web/public_html'
|
||||||
|
index: 'index.php'
|
||||||
|
use_access_log: 'true'
|
||||||
|
use_error_log: 'true'
|
||||||
|
nginx_error_log_level: 'warn'
|
||||||
|
upstream_params:
|
||||||
|
- 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
|
||||||
|
- 'fastcgi_index index.php;'
|
||||||
|
- 'include /etc/nginx/fastcgi_params;'
|
||||||
|
- 'fastcgi_pass unix:{{ pool_listen }};'
|
||||||
|
state: 'enable'
|
||||||
|
letsencrypt: 'false'
|
||||||
|
|
||||||
|
nginx_default_vhost_ssl: 'example.org'
|
||||||
|
nginx_default_vhost: 'example.org'
|
||||||
|
|
||||||
|
#mariadb
|
||||||
|
# MARIADB CONFIG
|
||||||
|
mariadb_root_password: 'changeme'
|
||||||
|
mariadb_default_config:
|
||||||
|
- name: 'client'
|
||||||
|
config:
|
||||||
|
- port = {{mariadb_client_port}}
|
||||||
|
- socket = /var/run/mysqld/mysqld.sock
|
||||||
|
- default-character-set = utf8mb4
|
||||||
|
- name: 'mysqld_safe'
|
||||||
|
config:
|
||||||
|
- safe_socket = /var/run/mysqld/mysqld.sock
|
||||||
|
- safe_nice = 0
|
||||||
|
- name: 'mysqld'
|
||||||
|
config:
|
||||||
|
- user = mysql
|
||||||
|
- pid_file = /var/run/mysqld/mysqld.pid
|
||||||
|
- socket = /var/run/mysqld/mysqld.sock
|
||||||
|
- port = 3306
|
||||||
|
- basedir = /usr
|
||||||
|
- datadir = "{{mariadb_datadir}}"
|
||||||
|
- tmpdir = /tmp
|
||||||
|
- init_connect ='SET collation_connection = utf8mb4_unicode_ci'
|
||||||
|
- init_connect ='SET NAMES utf8mb4'
|
||||||
|
- character-set-server = utf8mb4
|
||||||
|
- collation-server = utf8mb4_unicode_ci
|
||||||
|
- skip_external_locking = True
|
||||||
|
- bind_address = {{ lacre_db_host }}
|
||||||
|
- key_buffer = 16M
|
||||||
|
- max_allowed_packet = 16M
|
||||||
|
- thread_stack = 192K
|
||||||
|
- thread_cache_size = 16
|
||||||
|
- myisam_recover = BACKUP
|
||||||
|
- max_connections = 1000
|
||||||
|
- query_cache_limit = 1M
|
||||||
|
- query_cache_size = 16M
|
||||||
|
- general_log_file = /var/log/mysql/mysql.log
|
||||||
|
- general_log = 0
|
||||||
|
- slow_query_log = 1
|
||||||
|
- slow_query_log_file = /var/log/mysql/mysql-slow.log
|
||||||
|
- long_query_time = 1
|
||||||
|
- log_queries_not_using_indexes = False
|
||||||
|
- default_storage_engine = InnoDB
|
||||||
|
- innodb_buffer_pool_size = 1024M
|
||||||
|
- innodb_log_file_size = 128M
|
||||||
|
- innodb_log_buffer_size = 8M
|
||||||
|
- innodb_thread_concurrency = 64
|
||||||
|
- innodb_read_io_threads = 16
|
||||||
|
- innodb_write_io_threads = 16
|
||||||
|
- innodb_file_per_table = 1
|
||||||
|
- innodb_open_files = 400
|
||||||
|
- innodb_io_capacity = 600
|
||||||
|
- innodb_lock_wait_timeout = 60
|
||||||
|
- innodb_flush_method = O_DIRECT
|
||||||
|
- innodb_doublewrite = 0
|
||||||
|
- innodb_use_native_aio = 0
|
||||||
|
- innodb_large_prefix = on
|
||||||
|
- server_id = 1
|
||||||
|
- log_bin = /var/log/mysql/mysql-bin.log
|
||||||
|
- expire_logs_days = 2
|
||||||
|
- max_binlog_size = 10M
|
||||||
|
- binlog_format = row
|
||||||
|
- query_cache_type = 1
|
||||||
|
- query_cache_limit = 256K
|
||||||
|
- query_cache_min_res_unit = 2k
|
||||||
|
- query_cache_size = 300M
|
||||||
|
- tmp_table_size= 64M
|
||||||
|
- max_heap_table_size= 64M
|
||||||
|
|
||||||
|
|
||||||
|
- name: 'mysqldump'
|
||||||
|
config:
|
||||||
|
- quick
|
||||||
|
#- quotes-names
|
||||||
|
- max_allowed_packet = 16M
|
||||||
|
- name: 'isamchk'
|
||||||
|
config:
|
||||||
|
- key_buffer = 16M
|
||||||
|
|
||||||
|
mariadb_databases:
|
||||||
|
- name: '{{ lacre_db_name }}'
|
||||||
|
collation: 'utf8mb4_unicode_ci'
|
||||||
|
encoding: 'utf8mb4'
|
||||||
|
|
||||||
|
mariadb_users:
|
||||||
|
- name: '{{ lacre_db_username }}'
|
||||||
|
host: '{{ lacre_db_host }}'
|
||||||
|
password: '{{ lacre_db_password }}'
|
||||||
|
priv: '{{ lacre_db_name }}.*:ALL'
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,66 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: '[Webgate] - Install dependencies'
|
||||||
|
apt:
|
||||||
|
name: "{{ lacre_webgate_apt }}"
|
||||||
|
|
||||||
|
- name: '[Webgate] - Copy files to webdir'
|
||||||
|
copy:
|
||||||
|
remote_src: true
|
||||||
|
src: "{{ lacre_app_dir }}/gpg-mailgate-web/public_html"
|
||||||
|
dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web"
|
||||||
|
owner: "{{ lacre_webgate_user }}"
|
||||||
|
group: "{{ lacre_webgate_group }}"
|
||||||
|
|
||||||
|
- name: '[Webgate] - Import sql schema'
|
||||||
|
mysql_db:
|
||||||
|
state: import
|
||||||
|
name: "{{ lacre_db_name }}"
|
||||||
|
login_host: "{{ lacre_db_host }}"
|
||||||
|
login_user: "{{ lacre_db_username }}"
|
||||||
|
login_password: "{{ lacre_db_password }}"
|
||||||
|
target: "{{ lacre_app_dir }}/gpg-mailgate-web/schema.sql"
|
||||||
|
|
||||||
|
- name: 'Webgate] - Deploy config'
|
||||||
|
template:
|
||||||
|
src: 'config.php.j2'
|
||||||
|
dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web/public_html/config.php"
|
||||||
|
owner: "{{ lacre_webgate_user }}"
|
||||||
|
group: "{{ lacre_webgate_group }}"
|
||||||
|
|
||||||
|
- name: '[Webgate] - Create email template dir'
|
||||||
|
file:
|
||||||
|
path: "{{ lacre_homedir }}/cron-templates"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ lacre_username }}"
|
||||||
|
group: "{{ lacre_group }}"
|
||||||
|
|
||||||
|
- name: '[Webgate] - Copy templates to template dir'
|
||||||
|
copy:
|
||||||
|
remote_src: true
|
||||||
|
src: "{{ lacre_app_dir }}/cron_templates"
|
||||||
|
dest: "{{ lacre_homedir }}/cron-templates"
|
||||||
|
owner: "{{ lacre_username }}"
|
||||||
|
group: "{{ lacre_group }}"
|
||||||
|
|
||||||
|
- name: '[Webgate] - Deploy cron.py'
|
||||||
|
copy:
|
||||||
|
remote_src: true
|
||||||
|
src: "{{ lacre_app_dir }}/gpg-mailgate-web/cron.py"
|
||||||
|
dest: '/usr/local/bin/gpgmw-cron.py'
|
||||||
|
owner: "{{ lacre_username }}"
|
||||||
|
group: "{{ lacre_group }}"
|
||||||
|
mode: a+x
|
||||||
|
|
||||||
|
- name: '[Webgate] - Set cron'
|
||||||
|
cron:
|
||||||
|
name: "Webgate cronjob"
|
||||||
|
state: present
|
||||||
|
minute: "*/3"
|
||||||
|
hour: "*"
|
||||||
|
day: "*"
|
||||||
|
month: "*"
|
||||||
|
weekday: "*"
|
||||||
|
user: "{{ lacre_username }}"
|
||||||
|
job: '/usr/local/bin/gpgmw-cron.py > /dev/null'
|
||||||
|
when: lacre_cron == 'true'
|
|
@ -29,6 +29,6 @@
|
||||||
- name: '[Install] - Link GnuPG direcotry to global python modules'
|
- name: '[Install] - Link GnuPG direcotry to global python modules'
|
||||||
file:
|
file:
|
||||||
src: '{{ lacre_app_dir }}/GnuPG'
|
src: '{{ lacre_app_dir }}/GnuPG'
|
||||||
dest: '/usr/local/lib/python2.7/dist-packages/GnuPG'
|
dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG'
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
|
|
|
@ -12,3 +12,6 @@
|
||||||
- name: 'Configure Lacre'
|
- name: 'Configure Lacre'
|
||||||
include: configure.yml
|
include: configure.yml
|
||||||
|
|
||||||
|
- name: 'Deploy frontend'
|
||||||
|
include: frontend.yml
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,121 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
|
||||||
|
gpg-mailgate
|
||||||
|
|
||||||
|
This file is part of the gpg-mailgate source code.
|
||||||
|
|
||||||
|
gpg-mailgate is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
gpg-mailgate source code is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
//
|
||||||
|
// GENERAL SITE SETTINGS
|
||||||
|
//
|
||||||
|
|
||||||
|
//web team contact
|
||||||
|
// this email address will be displayed if there is a database error
|
||||||
|
$config['email_web'] = '{{ lacre_webgate_email_web }}';
|
||||||
|
|
||||||
|
//address to send emails from
|
||||||
|
$config['email_from'] = '{{ lacre_webgate_email_from }}';
|
||||||
|
|
||||||
|
//this will be used as the subject when a user requests to add a PGP key
|
||||||
|
$config['email_subject_requestpgp'] = '{{ lacre_webgate_email_subject_requestpgp }}';
|
||||||
|
|
||||||
|
//site URL, without trailing slash
|
||||||
|
$config['site_url'] = '{{ lacre_webgate_site_url }}';
|
||||||
|
|
||||||
|
|
||||||
|
//title of the website (displayed on home page)
|
||||||
|
$config['site_title'] = '{{ lacre_webgate_site_title }}';
|
||||||
|
|
||||||
|
//language file to use (see language subdirectory)
|
||||||
|
$config['language'] = '{{ lacre_webgate_language }}';
|
||||||
|
|
||||||
|
//whether debug mode should be enabled
|
||||||
|
$config['debug'] = {{ lacre_webgate_debug }};
|
||||||
|
|
||||||
|
//
|
||||||
|
// MAIL SETTINGS
|
||||||
|
//
|
||||||
|
|
||||||
|
//whether to send mail through SMTP (instead of PHP mail function)
|
||||||
|
$config['mail_smtp'] = {{ lacre_webgate_mail_smtp }};
|
||||||
|
|
||||||
|
//SMTP settings, if mail_smtp is enabled
|
||||||
|
//this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed
|
||||||
|
$config['mail_smtp_host'] = '{{ lacre_webgate_smtp_host }}';
|
||||||
|
$config['mail_smtp_port'] = {{ lacre_webgate_smtp_port }};
|
||||||
|
$config['mail_smtp_username'] = '{{ lacre_webgate_smtp_username }}';
|
||||||
|
$config['mail_smtp_password'] = '{{ lacre_webgate_smtp_password }}';
|
||||||
|
|
||||||
|
//
|
||||||
|
// DATABASE SETTINGS
|
||||||
|
//
|
||||||
|
|
||||||
|
//database name (MySQL only); or see include/dbconnect.php
|
||||||
|
$config['db_name'] = '{{ lacre_db_name }}';
|
||||||
|
|
||||||
|
//database host
|
||||||
|
$config['db_host'] = '{{ lacre_db_host }}';
|
||||||
|
|
||||||
|
//database username
|
||||||
|
$config['db_username'] = '{{ lacre_db_username }}';
|
||||||
|
|
||||||
|
//database password
|
||||||
|
$config['db_password'] = '{{ lacre_db_password }}';
|
||||||
|
|
||||||
|
//
|
||||||
|
// PGP VERIFICATION SETTINGS
|
||||||
|
//
|
||||||
|
|
||||||
|
//whether to enable immediate verification of PGP keys
|
||||||
|
// keys will always be verified with the email address in our cron job
|
||||||
|
// but this will enable verification from the web interface before email confirmation
|
||||||
|
//for this to work, Crypt_GPG from http://pear.php.net/Crypt_GPG must be installed
|
||||||
|
// (as well as any of its dependencies), and pgpverify_tmpdir must be set
|
||||||
|
$config['pgpverify_enable'] = {{ lacre_webgate_pgpverify }};
|
||||||
|
|
||||||
|
//a temporary directory to use for PGP verification, without trailing slash
|
||||||
|
// gpgmw will create subdirectories from here to use as temporary gpg home directories
|
||||||
|
// these directories will (should) be deleted immediately after use
|
||||||
|
$config['pgpverify_tmpdir'] = '{{ lacre_webgate_pgpverify_tmpdir }}';
|
||||||
|
|
||||||
|
//whether to allow blank "keys"
|
||||||
|
// this is useful to allow users to delete their key from the keystore
|
||||||
|
// if they no longer want encryption
|
||||||
|
$config['pgpverify_allowblank'] = {{ lacre_webgate_pgpverify_allowblank }};
|
||||||
|
|
||||||
|
//
|
||||||
|
// LOCK SETTINGS
|
||||||
|
//
|
||||||
|
|
||||||
|
//the time in seconds a user must wait before trying again; otherwise they get locked out (count not increased)
|
||||||
|
$config['lock_time_initial'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
|
||||||
|
|
||||||
|
//the number of tries a user has (that passes the lock_time_initial test) before being locked by overload (extended duration)
|
||||||
|
$config['lock_count_overload'] = array('requestpgp' => {{ lacre_webgate_lock_retrycount }});
|
||||||
|
|
||||||
|
//the time that overloads last
|
||||||
|
$config['lock_time_overload'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
|
||||||
|
|
||||||
|
//time after which locks no longer apply, assuming the lock isn't active
|
||||||
|
$config['lock_time_reset'] = {{ lacre_webgate_lock_reset }};
|
||||||
|
|
||||||
|
//max time to store locks in the database; this way we can clear old locks with one function
|
||||||
|
$config['lock_time_max'] = {{ lacre_webgate_locktime_max }};
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
Loading…
Reference in New Issue