added daemon deployment; update role

defaults/main.yml

@@ -13,8 +13,13 @@ lacre_apt:
   - 'python3-m2crypto'
   - 'git'
   - 'gnupg'
+lacre_daemon: 'false'
 lacre_set_content_filter: 'true'
+lacre_content_filter: 'gpg-mailgate'
+lacre_postfix_simplefilter: 'true'
+lacre_postfix_daemon: 'false'
 #config file
+lacre_config_file: '/etc/gpg-mailgate.conf'
 lacre_add_header: 'yes'
 lacre_enc_keymap_only: 'no'
 lacre_dec_keymap_only: 'no'
@@ -31,6 +36,8 @@ lacre_webpanel_url: 'http://example.org'
 lacre_notification_email: 'gpg-mailgate@example.org'
 lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
 lacre_logfile: '/etc/gpg-lacre-logging.conf'
+lacre_daemon_host: '127.0.0.1'
+lacre_daemon_port: '10025'
 lacre_relay: '127.0.0.1'
 lacre_port: '10028'
 lacre_enc_port: '25'
@@ -41,6 +48,8 @@ lacre_webgate_db_name: 'gpgmw'
 lacre_webgate_db_host: 'localhost'
 lacre_webgatedb_username: 'user'
 lacre_webgatedb_password: 'password'   
+lacre_systemd_execstart: 'python -m lacre.daemon'
+lacre_systemd_restartsec: '3'
 
 #lacre logger
 lacre_log_loggers_keys: 'root'

tasks/configure.yml

@@ -3,7 +3,7 @@
 - name: '[LACRE] - Configure lacre'
   template:
     src: 'etc/gpg-mailgate.conf.j2'
-    dest: '/etc/gpg-mailgate.conf'
+    dest: '{{ lacre_config_file }}'
     owner: '{{ lacre_username }}'
     group: '{{ lacre_group }}'
     mode: 0644
@@ -11,34 +11,9 @@
 - name: '[LACRE] - Configure lacre logger'
   template:
     src: 'etc/gpg-lacre-logging.conf.j2'
-    dest: '/etc/gpg-lacre-logging.conf'
+    dest: '{{ lacre_logfile }}'
     owner: '{{ lacre_username }}'
     group: '{{ lacre_group }}'
     mode: 0644
 
-- name: '[LACRE] - Add lacre config to postfix'
-  blockinfile:
-    dest: '/etc/postfix/master.cf'
-    backup: yes
-    marker: '# {mark} LACRE config block (Ansible)'
-    block: |
-       gpg-mailgate    unix    -   n   n   -   -   pipe
-         flags= user=lacre argv={{ lacre_app_dir }}/gpg-mailgate.py ${recipient}
-       
-       127.0.0.1:10028 inet    n   -   n   -   10  smtpd
-         -o content_filter=
-         -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-         -o smtpd_helo_restrictions=
-         -o smtpd_client_restrictions=
-         -o smtpd_sender_restrictions=
-         -o smtpd_recipient_restrictions=permit_mynetworks,reject
-         -o mynetworks=127.0.0.0/8
-         -o smtpd_authorized_xforward_hosts=127.0.0.0/8
-     
-- name: '[LACRE] - Replace content_filter setting in postfix'
-  replace:
-    path: '/etc/postfix/main.cf'
-    regexp: 'content_filter = .*'
-    replace: 'content_filter = gpg-mailgate'
-  when: lacre_set_content_filter == 'true'
 

tasks/daemon.yml

@@ -0,0 +1,57 @@
+---
+
+- name: '[Lacre Deamon] - Deploy systemd config'
+  template:
+    src: etc/systemd/system/gpg-lacre.service.j2
+    dest: /etc/systemd/system/gpg-lacre.service
+    owner: root
+    group: root
+    mode: 0644
+  register: lacre_systemd
+
+- name: '[Lacre Daemon] - Enable systemd config'
+  systemd:
+    name: gpg-lacre
+    enabled: yes
+    daemon_reload: yes
+  notify:
+    restart gpg-lacre
+
+
+- name: '[LACRE] - Add lacre daemon to postfix'
+  blockinfile:
+    dest: '/etc/postfix/master.cf'
+    backup: yes
+    marker: '# {mark} LACRE config block (Ansible)'
+    block: |
+      gpg-lacre     unix    -       -       -       -       -       smtp
+        -o smtp_tls_security_level=none
+
+      127.0.0.1:10025 inet    n       -       -       -       -       smtpd
+        -o content_filter=
+        -o smtpd_tls_security_level=none
+        -o local_recipient_maps=
+        -o relay_recipient_maps=
+        -o smtpd_restriction_classes=
+        -o smtpd_delay_reject=no
+        -o smtpd_client_restrictions=permit_mynetworks,reject
+        -o smtpd_helo_restrictions=
+        -o smtpd_sender_restrictions=
+        -o smtpd_recipient_restrictions=permit_mynetworks,reject
+        -o smtpd_data_restrictions=reject_unauth_pipelining
+        -o smtpd_end_of_data_restrictions=
+        -o mynetworks=127.0.0.0/8
+        -o smtpd_error_sleep_time=0
+        -o smtpd_soft_error_limit=1001
+        -o smtpd_hard_error_limit=1000
+        -o smtpd_client_connection_count_limit=0
+        -o smtpd_client_connection_rate_limit=0
+        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+  when: lacre_postfix_daemon == 'true'
+
+- name: '[LACRE] - Replace content_filter setting in postfix'
+  replace:
+    path: '/etc/postfix/main.cf'
+    regexp: 'content_filter = .*'
+    replace: 'content_filter = {{ lacre_content_filter }}'
+  when: lacre_set_content_filter == 'true'

tasks/main.yml

@@ -24,7 +24,22 @@
     - 'config'
     - 'configure'
     - 'backend'
-   when: lacre_backend_deploy == 'true'
+  when: lacre_backend_deploy == 'true'
+
+- name: 'Use simple filter'
+  include: simple_filter.yml
+  when: lacre_daemon == 'false'
+
+- name: 'Use advanced daemon'
+  include: daemon.yml
+  when: lacre_daemon == 'true'
+
+- name: 'Deploy Advanced filter'
+  include: 'daemon.yml'
+  tags:
+    - 'backend'
+    - 'config'
+    - 'daemon'
 
 - name: 'Deploy Lacre Webgate'
   include: webgate.yml

tasks/simple_filter.yml

@@ -0,0 +1,29 @@
+---
+
+- name: '[LACRE] - Add lacre simple filter to postfix'
+  blockinfile:
+    dest: '/etc/postfix/master.cf'
+    backup: yes
+    marker: '# {mark} LACRE config block (Ansible)'
+    block: |
+       gpg-mailgate    unix    -   n   n   -   -   pipe
+         flags= user=lacre argv={{ lacre_app_dir }}/gpg-mailgate.py ${recipient}
+       
+       127.0.0.1:10028 inet    n   -   n   -   10  smtpd
+         -o content_filter=
+         -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
+         -o smtpd_helo_restrictions=
+         -o smtpd_client_restrictions=
+         -o smtpd_sender_restrictions=
+         -o smtpd_recipient_restrictions=permit_mynetworks,reject
+         -o mynetworks=127.0.0.0/8
+         -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+  when: lacre_postfix_simplefilter == 'true'
+
+- name: '[LACRE] - Replace content_filter setting in postfix'
+  replace:
+    path: '/etc/postfix/main.cf'
+    regexp: 'content_filter = .*'
+    replace: 'content_filter = {{ lacre_content_filter }}'
+  when: lacre_set_content_filter == 'true'
+

tasks/webgate.yml

@@ -27,7 +27,7 @@
     login_user: "{{ lacre_webgate_db_username }}"
     login_password: "{{ lacre_webgate_db_password }}"
     target: "{{ lacre_webgate_dir }}/schema.sql"
-  when: lacre_webgate_installed.stdout != '3'
+  when: lacre_webgate_installed.stdout < "0"
 
 - name: '[Lacre-webgate] - Deploy config'
   template:

templates/etc/gpg-mailgate.conf.j2

@@ -69,6 +69,14 @@ mail_templates = {{ lacre_mail_templates }}
 # path to the logging configuration; see documentation for details:
 # https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
 config = {{ lacre_logfile }}
+ 
+[daemon]
+# Advanced Content Filter section.
+#
+# Advanced filters differ from Simple ones by providing a daemon that handles
+# requests, instead of starting a new process each time a message arrives.
+host = {{ lacre_daemon_host }}
+port = {{ lacre_daemon_port }}
 
 [relay]
 # the relay settings to use for Postfix

templates/etc/systemd/system/gpg-lacre.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=GPG Lacre mailgate daemon
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User={{ lacre_username }}
+Group={{ lacre_group }}
+WorkingDirectory={{ lacre_app_dir }}
+Environment=GPG_MAILGATE_CONFIG={{ lacre_config_file }}
+ExecStart={{ lacre_systemd_execstart }}
+Restart=always
+RestartSec={{ lacre_systemd_restartsec }}
+
+[Install]
+WantedBy=multi-user.target
+