added web frontend; py3 update

2022-03-21 21:21:02 +01:00 · 2022-03-21 21:21:02 +01:00 · a72adba7a9
parent ed0b8e16a5
commit a72adba7a9
6 changed files with 351 additions and 7 deletions
--- a/Playbooks/lacre.yml
+++ b/Playbooks/lacre.yml
@ -2,10 +2,10 @@
 - hosts: lacre
  roles:
-    #    - role: mailserver
+    - mariadb
-    #  tags:
+    - nginx
-    #    - postfix
+    - gpg-lacre
-    - role: lacre
+    - php-fpm
  vars_files:
    - ../defaults/main.yml
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,13 +1,14 @@
 ---
 lacre_pything_version: '3.9'
 lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
-lacre_version: 'master'
+lacre_version: 'php_update'
 lacre_app_dir: '/opt/gpg-lacre'
 lacre_username: 'lacre'
 lacre_group: 'lacre'
 lacre_homedir: '/var/gpgmailgate/'
 #lacre_
 lacre_apt:
-  - 'python-m2crypto'
+  - 'python3-m2crypto'
  - 'git'
  - 'gnupg'
 lacre_set_content_filter: 'true'
@ -38,8 +39,161 @@ lacre_db_host: 'localhost'
 lacre_db_username: 'user'
 lacre_db_password: 'password'   
 #lacre webgate
 lacre_cron: 'true'
 lacre_webgate_deploy: 'true'
 lacre_webgate_apt:
  - 'python3-markdown'
  - 'python3-mysqldb'
 lacre_webgate_webroot: '/var/www/'
 lacre_webgate_user: 'www-data'
 lacre_webgate_group: 'www-data'
 lacre_webgate_email_web: 'admin@example.com'
 lacre_webgate_email_from: 'gpg-mailgate-web@example.com' 
 lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
 lacre_webgate_site_url: 'http://example.com/gpgmw' 
 lacre_webgate_site_title: 'PGP key management'
 lacre_webgate_language: 'english'
 lacre_webgate_debug: 'enable'
 lacre_webgate_mail_smtp: 'false'
 lacre_webgate_smtp_host: 'localhost'
 lacre_webgate_smtp_port: '25'
 lacre_webgate_smtp_username: 'gpgmw'
 lacre_webgate_smtp_password: ''
 lacre_webgate_pgpverify: 'false'
 lacre_webgate_pgpverify_tmpdir: '/tmp'
 lacre_webgate_pgpverify_allowblank: 'true'
 lacre_webgate_lock_time: '10'
 lacre_webgate_lock_retrycount: '3'
 lacre_webgate_lock_cooldown: '900'
 lacre_webgate_lock_reset: '300'
 lacre_webgate_locktime_max: '3600'
 #mailserver vars
 postfix_header_checks: 'false'
 postfix_body_checks: 'false'
 postfix_rbl_whitelist: 'false'
 postfix_postgrey_deploy: 'false'
 #php
 install_php: 'true'
 php_version: '7.4'
 php_pkgs:
  - 'php{{ php_version }}-fpm'
  - 'php{{ php_version }}-mysql'
 nginx_vhosts:
   - name: 'example.org'
     template: 'basephp'
     proto: 'http'
     listen: '80'
     root: 'gpg-mailgate-web/public_html'
     index: 'index.php'
     use_access_log: 'true'
     use_error_log: 'true'
     nginx_error_log_level: 'warn'
     upstream_params:
       - 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
       - 'fastcgi_index index.php;'
       - 'include /etc/nginx/fastcgi_params;'
       - 'fastcgi_pass unix:{{ pool_listen }};'
     state: 'enable'
     letsencrypt: 'false'
 nginx_default_vhost_ssl: 'example.org'
 nginx_default_vhost: 'example.org'
 #mariadb
 # MARIADB CONFIG
 mariadb_root_password: 'changeme'
 mariadb_default_config:
  - name: 'client'
    config:
      - port = {{mariadb_client_port}}
      - socket = /var/run/mysqld/mysqld.sock
      - default-character-set = utf8mb4
  - name: 'mysqld_safe'
    config:
      - safe_socket = /var/run/mysqld/mysqld.sock
      - safe_nice = 0
  - name: 'mysqld'
    config:
      - user = mysql
      - pid_file = /var/run/mysqld/mysqld.pid
      - socket = /var/run/mysqld/mysqld.sock
      - port = 3306
      - basedir = /usr
      - datadir = "{{mariadb_datadir}}"
      - tmpdir = /tmp
      - init_connect ='SET collation_connection = utf8mb4_unicode_ci'
      - init_connect ='SET NAMES utf8mb4'
      - character-set-server = utf8mb4
      - collation-server = utf8mb4_unicode_ci
      - skip_external_locking = True
      - bind_address = {{ lacre_db_host }}
      - key_buffer = 16M
      - max_allowed_packet = 16M
      - thread_stack = 192K
      - thread_cache_size = 16
      - myisam_recover = BACKUP
      - max_connections = 1000
      - query_cache_limit = 1M
      - query_cache_size = 16M
      - general_log_file = /var/log/mysql/mysql.log
      - general_log = 0
      - slow_query_log = 1
      - slow_query_log_file = /var/log/mysql/mysql-slow.log
      - long_query_time = 1
      - log_queries_not_using_indexes = False
      - default_storage_engine = InnoDB
      - innodb_buffer_pool_size = 1024M
      - innodb_log_file_size = 128M
      - innodb_log_buffer_size = 8M
      - innodb_thread_concurrency = 64
      - innodb_read_io_threads = 16
      - innodb_write_io_threads = 16
      - innodb_file_per_table = 1
      - innodb_open_files = 400
      - innodb_io_capacity = 600
      - innodb_lock_wait_timeout = 60
      - innodb_flush_method = O_DIRECT
      - innodb_doublewrite = 0
      - innodb_use_native_aio = 0
      - innodb_large_prefix = on
      - server_id = 1
      - log_bin = /var/log/mysql/mysql-bin.log
      - expire_logs_days = 2
      - max_binlog_size = 10M
      - binlog_format = row
      - query_cache_type = 1
      - query_cache_limit = 256K
      - query_cache_min_res_unit = 2k
      - query_cache_size = 300M
      - tmp_table_size= 64M
      - max_heap_table_size= 64M
  - name: 'mysqldump'
    config:
      - quick
     #- quotes-names
      - max_allowed_packet = 16M
  - name: 'isamchk'
    config:
      - key_buffer = 16M
 mariadb_databases:
  - name: '{{ lacre_db_name }}'
    collation: 'utf8mb4_unicode_ci'
    encoding: 'utf8mb4'
 mariadb_users:
  - name: '{{ lacre_db_username }}'
    host: '{{ lacre_db_host }}'
    password: '{{ lacre_db_password }}'
    priv: '{{ lacre_db_name }}.*:ALL'
--- a/tasks/frontend.yml
+++ b/tasks/frontend.yml
@ -0,0 +1,66 @@
 ---
 - name: '[Webgate] - Install dependencies'
  apt:
    name: "{{ lacre_webgate_apt }}"
 - name: '[Webgate] - Copy files to webdir'
  copy:
    remote_src: true
    src: "{{ lacre_app_dir }}/gpg-mailgate-web/public_html"
    dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web"
    owner: "{{ lacre_webgate_user }}"
    group: "{{ lacre_webgate_group }}"
 - name: '[Webgate] - Import sql schema'
  mysql_db:
    state: import 
    name: "{{ lacre_db_name }}"
    login_host: "{{ lacre_db_host }}"
    login_user: "{{ lacre_db_username }}"
    login_password: "{{ lacre_db_password }}"
    target: "{{ lacre_app_dir }}/gpg-mailgate-web/schema.sql"
 - name: 'Webgate] - Deploy config'
  template:
    src: 'config.php.j2'
    dest: "{{ lacre_webgate_webroot }}/gpg-mailgate-web/public_html/config.php"
    owner: "{{ lacre_webgate_user }}"
    group: "{{ lacre_webgate_group }}"
 - name: '[Webgate] - Create email template dir'
  file:
    path: "{{ lacre_homedir }}/cron-templates"
    state: directory
    owner: "{{ lacre_username }}"
    group: "{{ lacre_group }}"
 - name: '[Webgate] - Copy templates to template dir'
  copy:
    remote_src: true
    src: "{{ lacre_app_dir }}/cron_templates"
    dest: "{{ lacre_homedir }}/cron-templates"
    owner: "{{ lacre_username }}"
    group: "{{ lacre_group }}"
 - name: '[Webgate] - Deploy cron.py'
  copy:
    remote_src: true
    src: "{{ lacre_app_dir }}/gpg-mailgate-web/cron.py"
    dest: '/usr/local/bin/gpgmw-cron.py'
    owner: "{{ lacre_username }}"
    group: "{{ lacre_group }}"
    mode: a+x
 - name: '[Webgate] - Set cron'
  cron:
      name: "Webgate cronjob"
      state: present
      minute: "*/3"
      hour: "*"
      day: "*"
      month: "*"
      weekday: "*"
      user: "{{ lacre_username }}"
      job: '/usr/local/bin/gpgmw-cron.py > /dev/null'
  when: lacre_cron == 'true'
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -29,6 +29,6 @@
 - name: '[Install] - Link GnuPG direcotry to global python modules'
  file:
    src: '{{ lacre_app_dir }}/GnuPG'
-    dest: '/usr/local/lib/python2.7/dist-packages/GnuPG'
+    dest: '/usr/local/lib/python{{ lacre_pything_version }}/dist-packages/GnuPG'
    state: link
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -12,3 +12,6 @@
 - name: 'Configure Lacre'
  include: configure.yml
 - name: 'Deploy frontend'
  include: frontend.yml
--- a/templates/config.php.j2
+++ b/templates/config.php.j2
@ -0,0 +1,121 @@
 <?php
 /*
 	gpg-mailgate
 	This file is part of the gpg-mailgate source code.
 	gpg-mailgate is free software: you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
 	the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
 	gpg-mailgate source code is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 	GNU General Public License for more details.
 	You should have received a copy of the GNU General Public License
 	along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
 */
 //
 // GENERAL SITE SETTINGS
 //
 //web team contact
 // this email address will be displayed if there is a database error
 $config['email_web'] = '{{ lacre_webgate_email_web }}';
 //address to send emails from
 $config['email_from'] = '{{ lacre_webgate_email_from }}';
 //this will be used as the subject when a user requests to add a PGP key
 $config['email_subject_requestpgp'] = '{{ lacre_webgate_email_subject_requestpgp }}';
 //site URL, without trailing slash
 $config['site_url'] = '{{ lacre_webgate_site_url }}';
 //title of the website (displayed on home page)
 $config['site_title'] = '{{ lacre_webgate_site_title }}';
 //language file to use (see language subdirectory)
 $config['language'] = '{{ lacre_webgate_language }}';
 //whether debug mode should be enabled
 $config['debug'] = {{ lacre_webgate_debug }};
 //
 // MAIL SETTINGS
 //
 //whether to send mail through SMTP (instead of PHP mail function)
 $config['mail_smtp'] = {{ lacre_webgate_mail_smtp }};
 //SMTP settings, if mail_smtp is enabled
 //this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed
 $config['mail_smtp_host'] = '{{ lacre_webgate_smtp_host }}';
 $config['mail_smtp_port'] = {{ lacre_webgate_smtp_port }};
 $config['mail_smtp_username'] = '{{ lacre_webgate_smtp_username }}';
 $config['mail_smtp_password'] = '{{ lacre_webgate_smtp_password }}';
 //
 // DATABASE SETTINGS
 //
 //database name (MySQL only); or see include/dbconnect.php
 $config['db_name'] = '{{ lacre_db_name }}';
 //database host
 $config['db_host'] = '{{ lacre_db_host }}';
 //database username
 $config['db_username'] = '{{ lacre_db_username }}';
 //database password
 $config['db_password'] = '{{ lacre_db_password }}';
 //
 // PGP VERIFICATION SETTINGS
 //
 //whether to enable immediate verification of PGP keys
 // keys will always be verified with the email address in our cron job
 // but this will enable verification from the web interface before email confirmation
 //for this to work, Crypt_GPG from http://pear.php.net/Crypt_GPG must be installed
 // (as well as any of its dependencies), and pgpverify_tmpdir must be set
 $config['pgpverify_enable'] = {{ lacre_webgate_pgpverify }};
 //a temporary directory to use for PGP verification, without trailing slash
 // gpgmw will create subdirectories from here to use as temporary gpg home directories
 // these directories will (should) be deleted immediately after use
 $config['pgpverify_tmpdir'] = '{{ lacre_webgate_pgpverify_tmpdir }}';
 //whether to allow blank "keys"
 // this is useful to allow users to delete their key from the keystore
 // if they no longer want encryption
 $config['pgpverify_allowblank'] = {{ lacre_webgate_pgpverify_allowblank }};
 //
 // LOCK SETTINGS
 //
 //the time in seconds a user must wait before trying again; otherwise they get locked out (count not increased)
 $config['lock_time_initial'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
 //the number of tries a user has (that passes the lock_time_initial test) before being locked by overload (extended duration)
 $config['lock_count_overload'] = array('requestpgp' => {{ lacre_webgate_lock_retrycount }});
 //the time that overloads last
 $config['lock_time_overload'] = array('requestpgp' => {{ lacre_webgate_lock_time }});
 //time after which locks no longer apply, assuming the lock isn't active
 $config['lock_time_reset'] = {{ lacre_webgate_lock_reset }};
 //max time to store locks in the database; this way we can clear old locks with one function
 $config['lock_time_max'] = {{ lacre_webgate_locktime_max }};
 ?>