1.2 #4
22
README.MD
22
README.MD
|
@ -1,8 +1,24 @@
|
||||||
# GPG - Lacre
|
# GPG - Lacre
|
||||||
This is a role that deploys GPG-Lacre with all needed dependencies and web frontends.
|
This is a role that deploys GPG-Lacre with all needed dependencies. Additionally takes care of installing a simply key upload web frontend.
|
||||||
For set of defaults variables check `defaults/main.yml` file. This role assumes that:
|
For set of defaults variables check `defaults/main.yml` file. This role assumes that:
|
||||||
- You are running Debian based OS
|
- You are running Debian based OS
|
||||||
- You run postfix
|
- You run postfix
|
||||||
|
|
||||||
**Warning**
|
### Lacre daemon or simple filter
|
||||||
Due to heavy development of lacre this role may be broken at times. Lacre is currently not recommended for production use. Please use for testing only.
|
Postfix offers two types of filters. Simple and advanced content filters. Depending on your use case you can choose between two. Set `lacre_daemon` to `false` for simple filter and `true` for advanced filter (aka daemon). Additionally refer to variable defaults for extra settings needed for either option. Also check [postfix documentation](http://www.postfix.org/FILTER_README.html#simple_filter) for more details on both filter features.
|
||||||
|
### Lacre Webgate
|
||||||
|
Lacre-webgate is a simple interface for uploading keys. You can decide whether to install it by setting variable `lacre_webgate_deploy`. Default is set to `true`. This frontend depends on php and an sql database. The role defaults to `mariadb`. For Mariadb following variables need to be set. Check following example:
|
||||||
|
|
||||||
|
```
|
||||||
|
lacre_webgate_db_enabled: 'yes'
|
||||||
|
lacre_webgate_db_backend: 'mysql'
|
||||||
|
lacre_webgate_db_name: 'gpgmw'
|
||||||
|
lacre_webgate_db_host: 'localhost'
|
||||||
|
lacre_webgate_db_username: 'user'
|
||||||
|
lacre_webgate_db_password: 'password'
|
||||||
|
```
|
||||||
|
The Lacre-webgate can be installed on remote host. You must make sure that mariadb is reachable from host running postfix+gpg-lacre as gpg-lacre needs to be able to pull uploaded keys. You can use this role to install Lacre-webgate on remote host by specifying `tag=webgate`. Make sure to set `lacre_webgate_deploy` to `false` on the `gpg-lacre/postfix` host.
|
||||||
|
|
||||||
|
### Dependency variables
|
||||||
|
Lacre depends on additional software such as postfix, php-fpm, mariadb, nginx. This software isn't covered by the role and you need to make sure to install and configure them according to your needs. You can use [disroot roles](https://git.disroot.org/org/Disroot-Ansible/dashboard) or any other roles or just set them up manually. Included defaults work with disroot ansible roles.
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
# Main vars
|
||||||
lacre_pything_version: '3.9'
|
lacre_pything_version: '3.9'
|
||||||
lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
|
lacre_repo: 'https://git.disroot.org/Disroot/gpg-lacre.git'
|
||||||
lacre_version: 'main'
|
lacre_version: 'main'
|
||||||
|
@ -8,13 +10,19 @@ lacre_group: 'lacre'
|
||||||
lacre_homedir: '/var/lib/gpg-lacre'
|
lacre_homedir: '/var/lib/gpg-lacre'
|
||||||
lacre_backend_deploy: 'true'
|
lacre_backend_deploy: 'true'
|
||||||
lacre_webgate_deploy: 'true'
|
lacre_webgate_deploy: 'true'
|
||||||
#lacre_
|
|
||||||
lacre_apt:
|
lacre_apt:
|
||||||
- 'python3-m2crypto'
|
- 'python3-m2crypto'
|
||||||
- 'git'
|
- 'git'
|
||||||
- 'gnupg'
|
- 'gnupg'
|
||||||
|
- 'sudo'
|
||||||
|
lacre_daemon: 'false'
|
||||||
lacre_set_content_filter: 'true'
|
lacre_set_content_filter: 'true'
|
||||||
#config file
|
lacre_content_filter: 'gpg-mailgate'
|
||||||
|
lacre_postfix_simplefilter: 'true'
|
||||||
|
lacre_postfix_daemon: 'false'
|
||||||
|
|
||||||
|
# Lacre config file
|
||||||
|
lacre_config_file: '/etc/gpg-mailgate.conf'
|
||||||
lacre_add_header: 'yes'
|
lacre_add_header: 'yes'
|
||||||
lacre_enc_keymap_only: 'no'
|
lacre_enc_keymap_only: 'no'
|
||||||
lacre_dec_keymap_only: 'no'
|
lacre_dec_keymap_only: 'no'
|
||||||
|
@ -31,18 +39,28 @@ lacre_webpanel_url: 'http://example.org'
|
||||||
lacre_notification_email: 'gpg-mailgate@example.org'
|
lacre_notification_email: 'gpg-mailgate@example.org'
|
||||||
lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
|
lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
|
||||||
lacre_logfile: '/etc/gpg-lacre-logging.conf'
|
lacre_logfile: '/etc/gpg-lacre-logging.conf'
|
||||||
|
lacre_max_data_bytes: '33554432'
|
||||||
|
lacre_log_headers: 'no'
|
||||||
lacre_relay: '127.0.0.1'
|
lacre_relay: '127.0.0.1'
|
||||||
lacre_port: '10028'
|
lacre_port: '10028'
|
||||||
lacre_enc_port: '25'
|
lacre_enc_port: '25'
|
||||||
lacre_starttls: 'no'
|
lacre_starttls: 'no'
|
||||||
|
|
||||||
|
## Lacre database
|
||||||
lacre_webgate_db_enabled: 'yes'
|
lacre_webgate_db_enabled: 'yes'
|
||||||
lacre_webgate_db_backend: 'mysql'
|
lacre_webgate_db_backend: 'mysql'
|
||||||
lacre_webgate_db_name: 'gpgmw'
|
lacre_webgate_db_name: 'gpgmw'
|
||||||
lacre_webgate_db_host: 'localhost'
|
lacre_webgate_db_host: 'localhost'
|
||||||
lacre_webgatedb_username: 'user'
|
lacre_webgate_db_username: 'user'
|
||||||
lacre_webgatedb_password: 'password'
|
lacre_webgate_db_password: 'password'
|
||||||
|
|
||||||
#lacre logger
|
## Lacre daemon
|
||||||
|
lacre_daemon_host: '127.0.0.1'
|
||||||
|
lacre_daemon_port: '10025'
|
||||||
|
lacre_systemd_execstart: 'python -m lacre.daemon'
|
||||||
|
lacre_systemd_restartsec: '3'
|
||||||
|
|
||||||
|
# Lacre logger
|
||||||
lacre_log_loggers_keys: 'root'
|
lacre_log_loggers_keys: 'root'
|
||||||
lacre_log_logger_level: 'NOTSET'
|
lacre_log_logger_level: 'NOTSET'
|
||||||
lacre_logger_handlers: 'syslog'
|
lacre_logger_handlers: 'syslog'
|
||||||
|
@ -58,9 +76,11 @@ lacre_log_postfix_format: '%(asctime)s %(module)s[%(process)d]: %(message)s'
|
||||||
lacre_log_postfix_datefmt: '%b %e %H:%M:%S'
|
lacre_log_postfix_datefmt: '%b %e %H:%M:%S'
|
||||||
lacre_log_postfix_style: '%'
|
lacre_log_postfix_style: '%'
|
||||||
lacre_log_postfix_validate: 'True'
|
lacre_log_postfix_validate: 'True'
|
||||||
#lacre webgate
|
|
||||||
|
# Lacre webgate
|
||||||
|
lacre_smtp_enabled: 'false'
|
||||||
lacre_smtp_username: 'no-reply'
|
lacre_smtp_username: 'no-reply'
|
||||||
lacre_smtp_password: 'chanfeme'
|
lacre_smtp_password: 'changeme'
|
||||||
lacre_smtp_host: 'example.lan'
|
lacre_smtp_host: 'example.lan'
|
||||||
lacre_smtp_port: '587'
|
lacre_smtp_port: '587'
|
||||||
lacre_smtp_starttls: 'true'
|
lacre_smtp_starttls: 'true'
|
||||||
|
@ -71,7 +91,7 @@ lacre_webgate_apt:
|
||||||
- 'python3-mysqldb'
|
- 'python3-mysqldb'
|
||||||
lacre_webgate_repo: 'https://git.disroot.org/Lacre/lacre-webgate.git'
|
lacre_webgate_repo: 'https://git.disroot.org/Lacre/lacre-webgate.git'
|
||||||
lacre_webgate_version: 'main'
|
lacre_webgate_version: 'main'
|
||||||
lacre_webgate_dir: '/var/www/lacre-web'
|
lacre_webgate_dir: '/var/www/lacre-webgate'
|
||||||
lacre_webgate_user: 'www-data'
|
lacre_webgate_user: 'www-data'
|
||||||
lacre_webgate_group: 'www-data'
|
lacre_webgate_group: 'www-data'
|
||||||
lacre_webgate_email_web: 'admin@example.com'
|
lacre_webgate_email_web: 'admin@example.com'
|
||||||
|
@ -79,9 +99,14 @@ lacre_webgate_email_from: 'gpg-mailgate-web@example.com'
|
||||||
lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
|
lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
|
||||||
lacre_webgate_site_url: 'http://example.com/gpgmw'
|
lacre_webgate_site_url: 'http://example.com/gpgmw'
|
||||||
lacre_webgate_site_title: 'PGP key management'
|
lacre_webgate_site_title: 'PGP key management'
|
||||||
|
lacre_webgate_site_logo: 'img/logo.png'
|
||||||
|
lacre_webgate_site_faqurl: 'https://lacre.io/faq'
|
||||||
|
lacre_webgate_site_howurl: 'https://learn.lacre.io'
|
||||||
|
lacre_webgate_site_contacturl: 'https://lacre.io/contact'
|
||||||
|
|
||||||
lacre_webgate_language: 'english'
|
lacre_webgate_language: 'english'
|
||||||
lacre_webgate_debug: 'enable'
|
lacre_webgate_debug: 'enable'
|
||||||
lacre_mail_smtp: 'false'
|
lacre_webgate_mail_smtp: 'false'
|
||||||
lacre_webgate_smtp_host: 'localhost'
|
lacre_webgate_smtp_host: 'localhost'
|
||||||
lacre_webgate_smtp_port: '25'
|
lacre_webgate_smtp_port: '25'
|
||||||
lacre_webgate_smtp_username: 'gpgmw'
|
lacre_webgate_smtp_username: 'gpgmw'
|
||||||
|
@ -95,15 +120,20 @@ lacre_webgate_lock_cooldown: '900'
|
||||||
lacre_webgate_lock_reset: '300'
|
lacre_webgate_lock_reset: '300'
|
||||||
lacre_webgate_locktime_max: '3600'
|
lacre_webgate_locktime_max: '3600'
|
||||||
|
|
||||||
#mailserver vars
|
# Lacre dependency variables. Not covered by the role itself and when used with dependent disroot roles (nginx, php-fpm, mariadb, mailserver)
|
||||||
|
|
||||||
|
# Mailserver vars (when used with disroot mailserver role)
|
||||||
postfix_header_checks: 'false'
|
postfix_header_checks: 'false'
|
||||||
postfix_body_checks: 'false'
|
postfix_body_checks: 'false'
|
||||||
postfix_rbl_whitelist: 'false'
|
postfix_rbl_whitelist: 'false'
|
||||||
postfix_postgrey_deploy: 'false'
|
postfix_postgrey_deploy: 'false'
|
||||||
|
|
||||||
#php
|
# php & nginx (when used with disroot php-fpm and nginx role)
|
||||||
install_php: 'true'
|
install_php: 'true'
|
||||||
php_version: '7.4'
|
php_version: '8.0'
|
||||||
|
php_etc_path: '/etc/php'
|
||||||
|
install_php: 'true'
|
||||||
|
pool_listen: '/var/run/php/php{{ php_version }}-fpm.sock'
|
||||||
php_pkgs:
|
php_pkgs:
|
||||||
- 'php{{ php_version }}-fpm'
|
- 'php{{ php_version }}-fpm'
|
||||||
- 'php{{ php_version }}-mysql'
|
- 'php{{ php_version }}-mysql'
|
||||||
|
@ -112,7 +142,7 @@ nginx_vhosts:
|
||||||
template: 'basephp'
|
template: 'basephp'
|
||||||
proto: 'http'
|
proto: 'http'
|
||||||
listen: '80'
|
listen: '80'
|
||||||
root: 'gpg-mailgate-web/public_html'
|
root: 'lacre-webgate/public_html'
|
||||||
index: 'index.php'
|
index: 'index.php'
|
||||||
use_access_log: 'true'
|
use_access_log: 'true'
|
||||||
use_error_log: 'true'
|
use_error_log: 'true'
|
||||||
|
@ -122,14 +152,17 @@ nginx_vhosts:
|
||||||
- 'fastcgi_index index.php;'
|
- 'fastcgi_index index.php;'
|
||||||
- 'include /etc/nginx/fastcgi_params;'
|
- 'include /etc/nginx/fastcgi_params;'
|
||||||
- 'fastcgi_pass unix:{{ pool_listen }};'
|
- 'fastcgi_pass unix:{{ pool_listen }};'
|
||||||
|
custom_locations:
|
||||||
|
- name: '/config\.*'
|
||||||
|
options:
|
||||||
|
- 'deny all;'
|
||||||
state: 'enable'
|
state: 'enable'
|
||||||
letsencrypt: 'false'
|
letsencrypt: 'false'
|
||||||
|
|
||||||
nginx_default_vhost_ssl: 'example.org'
|
nginx_default_vhost_ssl: 'example.org'
|
||||||
nginx_default_vhost: 'example.org'
|
nginx_default_vhost: 'example.org'
|
||||||
|
|
||||||
#mariadb
|
# Mariadb (when using disroot mariadb role)
|
||||||
# MARIADB CONFIG
|
|
||||||
mariadb_root_password: 'changeme'
|
mariadb_root_password: 'changeme'
|
||||||
mariadb_default_config:
|
mariadb_default_config:
|
||||||
- name: 'client'
|
- name: 'client'
|
||||||
|
@ -155,7 +188,7 @@ mariadb_default_config:
|
||||||
- character-set-server = utf8mb4
|
- character-set-server = utf8mb4
|
||||||
- collation-server = utf8mb4_unicode_ci
|
- collation-server = utf8mb4_unicode_ci
|
||||||
- skip_external_locking = True
|
- skip_external_locking = True
|
||||||
- bind_address = {{ lacre_db_host }}
|
- bind_address = {{ lacre_webgate_db_host }}
|
||||||
- key_buffer = 16M
|
- key_buffer = 16M
|
||||||
- max_allowed_packet = 16M
|
- max_allowed_packet = 16M
|
||||||
- thread_stack = 192K
|
- thread_stack = 192K
|
||||||
|
@ -208,13 +241,13 @@ mariadb_default_config:
|
||||||
- key_buffer = 16M
|
- key_buffer = 16M
|
||||||
|
|
||||||
mariadb_databases:
|
mariadb_databases:
|
||||||
- name: '{{ lacre_db_name }}'
|
- name: '{{ lacre_webgate_db_name }}'
|
||||||
collation: 'utf8mb4_unicode_ci'
|
collation: 'utf8mb4_unicode_ci'
|
||||||
encoding: 'utf8mb4'
|
encoding: 'utf8mb4'
|
||||||
|
|
||||||
mariadb_users:
|
mariadb_users:
|
||||||
- name: '{{ lacre_db_username }}'
|
- name: '{{ lacre_webgate_db_username }}'
|
||||||
host: '{{ lacre_db_host }}'
|
host: '{{ lacre_webgate_db_host }}'
|
||||||
password: '{{ lacre_db_password }}'
|
password: '{{ lacre_webgate_db_password }}'
|
||||||
priv: '{{ lacre_db_name }}.*:ALL'
|
priv: '{{ lacre_webgate_db_name }}.*:ALL'
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: restart gpg-lacre
|
||||||
|
systemd:
|
||||||
|
name: gpg-lacre
|
||||||
|
state: restarted
|
|
@ -3,7 +3,7 @@
|
||||||
- name: '[LACRE] - Configure lacre'
|
- name: '[LACRE] - Configure lacre'
|
||||||
template:
|
template:
|
||||||
src: 'etc/gpg-mailgate.conf.j2'
|
src: 'etc/gpg-mailgate.conf.j2'
|
||||||
dest: '/etc/gpg-mailgate.conf'
|
dest: '{{ lacre_config_file }}'
|
||||||
owner: '{{ lacre_username }}'
|
owner: '{{ lacre_username }}'
|
||||||
group: '{{ lacre_group }}'
|
group: '{{ lacre_group }}'
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -11,34 +11,9 @@
|
||||||
- name: '[LACRE] - Configure lacre logger'
|
- name: '[LACRE] - Configure lacre logger'
|
||||||
template:
|
template:
|
||||||
src: 'etc/gpg-lacre-logging.conf.j2'
|
src: 'etc/gpg-lacre-logging.conf.j2'
|
||||||
dest: '/etc/gpg-lacre-logging.conf'
|
dest: '{{ lacre_logfile }}'
|
||||||
owner: '{{ lacre_username }}'
|
owner: '{{ lacre_username }}'
|
||||||
group: '{{ lacre_group }}'
|
group: '{{ lacre_group }}'
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: '[LACRE] - Add lacre config to postfix'
|
|
||||||
blockinfile:
|
|
||||||
dest: '/etc/postfix/master.cf'
|
|
||||||
backup: yes
|
|
||||||
marker: '# {mark} LACRE config block (Ansible)'
|
|
||||||
block: |
|
|
||||||
gpg-mailgate unix - n n - - pipe
|
|
||||||
flags= user=lacre argv={{ lacre_app_dir }}/gpg-mailgate.py ${recipient}
|
|
||||||
|
|
||||||
127.0.0.1:10028 inet n - n - 10 smtpd
|
|
||||||
-o content_filter=
|
|
||||||
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
|
|
||||||
-o smtpd_helo_restrictions=
|
|
||||||
-o smtpd_client_restrictions=
|
|
||||||
-o smtpd_sender_restrictions=
|
|
||||||
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
|
||||||
-o mynetworks=127.0.0.0/8
|
|
||||||
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
|
|
||||||
|
|
||||||
- name: '[LACRE] - Replace content_filter setting in postfix'
|
|
||||||
replace:
|
|
||||||
path: '/etc/postfix/main.cf'
|
|
||||||
regexp: 'content_filter = .*'
|
|
||||||
replace: 'content_filter = gpg-mailgate'
|
|
||||||
when: lacre_set_content_filter == 'true'
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: '[Lacre Daemon] - Deploy systemd config'
|
||||||
|
template:
|
||||||
|
src: etc/systemd/system/gpg-lacre.service.j2
|
||||||
|
dest: /etc/systemd/system/gpg-lacre.service
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
register: lacre_systemd
|
||||||
|
|
||||||
|
- name: '[Lacre Daemon] - Enable systemd config'
|
||||||
|
systemd:
|
||||||
|
name: gpg-lacre
|
||||||
|
enabled: yes
|
||||||
|
daemon_reload: yes
|
||||||
|
notify:
|
||||||
|
restart gpg-lacre
|
||||||
|
|
||||||
|
|
||||||
|
- name: '[LACRE] - Add lacre daemon to postfix'
|
||||||
|
blockinfile:
|
||||||
|
dest: '/etc/postfix/master.cf'
|
||||||
|
backup: yes
|
||||||
|
marker: '# {mark} LACRE config block (Ansible)'
|
||||||
|
block: |
|
||||||
|
gpg-lacre unix - - - - - smtp
|
||||||
|
-o smtp_tls_security_level=none
|
||||||
|
|
||||||
|
127.0.0.1:10025 inet n - - - - smtpd
|
||||||
|
-o content_filter=
|
||||||
|
-o smtpd_tls_security_level=none
|
||||||
|
-o local_recipient_maps=
|
||||||
|
-o relay_recipient_maps=
|
||||||
|
-o smtpd_restriction_classes=
|
||||||
|
-o smtpd_delay_reject=no
|
||||||
|
-o smtpd_client_restrictions=permit_mynetworks,reject
|
||||||
|
-o smtpd_helo_restrictions=
|
||||||
|
-o smtpd_sender_restrictions=
|
||||||
|
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
||||||
|
-o smtpd_data_restrictions=reject_unauth_pipelining
|
||||||
|
-o smtpd_end_of_data_restrictions=
|
||||||
|
-o mynetworks=127.0.0.0/8
|
||||||
|
-o smtpd_error_sleep_time=0
|
||||||
|
-o smtpd_soft_error_limit=1001
|
||||||
|
-o smtpd_hard_error_limit=1000
|
||||||
|
-o smtpd_client_connection_count_limit=0
|
||||||
|
-o smtpd_client_connection_rate_limit=0
|
||||||
|
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
|
||||||
|
when: lacre_postfix_daemon == 'true'
|
||||||
|
|
||||||
|
- name: '[LACRE] - Replace content_filter setting in postfix'
|
||||||
|
replace:
|
||||||
|
path: '/etc/postfix/main.cf'
|
||||||
|
regexp: 'content_filter = .*'
|
||||||
|
replace: 'content_filter = {{ lacre_content_filter }}'
|
||||||
|
when: lacre_set_content_filter == 'true'
|
|
@ -7,4 +7,6 @@
|
||||||
force: yes
|
force: yes
|
||||||
update: yes
|
update: yes
|
||||||
version: "{{ lacre_version }}"
|
version: "{{ lacre_version }}"
|
||||||
|
become: 'yes'
|
||||||
|
become_user: "{{ lacre_username }}"
|
||||||
|
|
||||||
|
|
|
@ -1,33 +1,45 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: 'Clone / Update repository'
|
- name: 'Create user'
|
||||||
include: git.yml
|
include: 'user.yml'
|
||||||
tags:
|
tags:
|
||||||
- 'backend'
|
- 'backend'
|
||||||
when: lacre_backend_deploy == 'true'
|
when: lacre_backend_deploy == 'true'
|
||||||
|
|
||||||
- name: 'Create user'
|
- name: 'Clone / Update repository'
|
||||||
include: user.yml
|
include: 'git.yml'
|
||||||
tags:
|
tags:
|
||||||
- 'backend'
|
- 'backend'
|
||||||
when: lacre_backend_deploy == 'true'
|
when: lacre_backend_deploy == 'true'
|
||||||
|
|
||||||
- name: 'Install Lacre'
|
- name: 'Install Lacre'
|
||||||
include: install.yml
|
include: 'install.yml'
|
||||||
tags:
|
tags:
|
||||||
- 'backend'
|
- 'backend'
|
||||||
when: lacre_backend_deploy == 'true'
|
when: lacre_backend_deploy == 'true'
|
||||||
|
|
||||||
- name: 'Configure Lacre'
|
- name: 'Configure Lacre'
|
||||||
include: configure.yml
|
include: 'configure.yml'
|
||||||
tags:
|
tags:
|
||||||
- 'config'
|
- 'config'
|
||||||
- 'configure'
|
- 'configure'
|
||||||
- 'backend'
|
- 'backend'
|
||||||
when: lacre_backend_deploy == 'true'
|
when: lacre_backend_deploy == 'true'
|
||||||
|
|
||||||
|
- name: 'Use simple filter'
|
||||||
|
include: 'simple_filter.yml'
|
||||||
|
when: lacre_daemon == 'false'
|
||||||
|
|
||||||
|
- name: 'Deploy Advanced filter'
|
||||||
|
include: 'daemon.yml'
|
||||||
|
tags:
|
||||||
|
- 'backend'
|
||||||
|
- 'config'
|
||||||
|
- 'daemon'
|
||||||
|
when: lacre_daemon == 'true'
|
||||||
|
|
||||||
- name: 'Deploy Lacre Webgate'
|
- name: 'Deploy Lacre Webgate'
|
||||||
include: webgate.yml
|
include: 'webgate.yml'
|
||||||
tags:
|
tags:
|
||||||
- 'webgate'
|
- 'webgate'
|
||||||
when: lacre_webgate_deploy == 'true'
|
when: lacre_webgate_deploy == 'true'
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: '[LACRE] - Add lacre simple filter to postfix'
|
||||||
|
blockinfile:
|
||||||
|
dest: '/etc/postfix/master.cf'
|
||||||
|
backup: yes
|
||||||
|
marker: '# {mark} LACRE config block (Ansible)'
|
||||||
|
block: |
|
||||||
|
gpg-mailgate unix - n n - - pipe
|
||||||
|
flags= user=lacre argv={{ lacre_app_dir }}/gpg-mailgate.py ${recipient}
|
||||||
|
|
||||||
|
127.0.0.1:10028 inet n - n - 10 smtpd
|
||||||
|
-o content_filter=
|
||||||
|
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
|
||||||
|
-o smtpd_helo_restrictions=
|
||||||
|
-o smtpd_client_restrictions=
|
||||||
|
-o smtpd_sender_restrictions=
|
||||||
|
-o smtpd_recipient_restrictions=permit_mynetworks,reject
|
||||||
|
-o mynetworks=127.0.0.0/8
|
||||||
|
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
|
||||||
|
when: lacre_postfix_simplefilter == 'true'
|
||||||
|
|
||||||
|
- name: '[LACRE] - Replace content_filter setting in postfix'
|
||||||
|
replace:
|
||||||
|
path: '/etc/postfix/main.cf'
|
||||||
|
regexp: 'content_filter = .*'
|
||||||
|
replace: 'content_filter = {{ lacre_content_filter }}'
|
||||||
|
when: lacre_set_content_filter == 'true'
|
||||||
|
|
|
@ -27,11 +27,11 @@
|
||||||
login_user: "{{ lacre_webgate_db_username }}"
|
login_user: "{{ lacre_webgate_db_username }}"
|
||||||
login_password: "{{ lacre_webgate_db_password }}"
|
login_password: "{{ lacre_webgate_db_password }}"
|
||||||
target: "{{ lacre_webgate_dir }}/schema.sql"
|
target: "{{ lacre_webgate_dir }}/schema.sql"
|
||||||
when: lacre_webgate_installed.stdout != '3'
|
when: lacre_webgate_installed.stdout < "0"
|
||||||
|
|
||||||
- name: '[Lacre-webgate] - Deploy config'
|
- name: '[Lacre-webgate] - Deploy config'
|
||||||
template:
|
template:
|
||||||
src: 'lacre-web/config.php.j2'
|
src: 'lacre-webgate/config.php.j2'
|
||||||
dest: "{{ lacre_webgate_dir }}/public_html/config.php"
|
dest: "{{ lacre_webgate_dir }}/public_html/config.php"
|
||||||
owner: "{{ lacre_webgate_user }}"
|
owner: "{{ lacre_webgate_user }}"
|
||||||
group: "{{ lacre_webgate_group }}"
|
group: "{{ lacre_webgate_group }}"
|
||||||
|
|
|
@ -8,16 +8,6 @@ add_header = {{ lacre_add_header }}
|
||||||
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
|
# This means gpg-mailgate won't automatically detect PGP recipients for encrypting
|
||||||
enc_keymap_only = {{ lacre_enc_keymap_only }}
|
enc_keymap_only = {{ lacre_enc_keymap_only }}
|
||||||
|
|
||||||
# Whether we should only decrypt emails if they are explicitly defined in
|
|
||||||
# the key mappings below ([dec_keymap] section)
|
|
||||||
# This means gpg-mailgate won't automatically detect PGP recipients for decrypting
|
|
||||||
dec_keymap_only = {{ lacre_dec_keymap_only }}
|
|
||||||
|
|
||||||
# If dec_keymap_only is set to yes and recipients have private keys present for decrypting
|
|
||||||
# but are not on in the keymap, this can cause that mails for them will be
|
|
||||||
# encrypted. Set this to no if you want this behaviour.
|
|
||||||
failsave_dec = {{ lacre_failsave_dec }}
|
|
||||||
|
|
||||||
# Convert encrypted text/plain email to MIME-attached encrypt style.
|
# Convert encrypted text/plain email to MIME-attached encrypt style.
|
||||||
# (Default is to use older inline-style PGP encoding.)
|
# (Default is to use older inline-style PGP encoding.)
|
||||||
mime_conversion = {{ lacre_mime_conversion }}
|
mime_conversion = {{ lacre_mime_conversion }}
|
||||||
|
@ -29,20 +19,6 @@ mime_conversion = {{ lacre_mime_conversion }}
|
||||||
# recipients all ignore the RFC you could this to yes.
|
# recipients all ignore the RFC you could this to yes.
|
||||||
mail_case_insensitive = {{ lacre_mail_case_insensitive }}
|
mail_case_insensitive = {{ lacre_mail_case_insensitive }}
|
||||||
|
|
||||||
# This setting disables PGP/INLINE decryption completely. However,
|
|
||||||
# PGP/MIME encrypted mails will still be decrypted if possible. PGP/INLINE
|
|
||||||
# decryption has to be seen as experimental and could have some negative
|
|
||||||
# side effects. So if you want to take the risk set this to no.
|
|
||||||
no_inline_dec = {{ lacre_no_inline_dec }}
|
|
||||||
|
|
||||||
# Here you can define a regex for which the gateway should try to decrypt mails.
|
|
||||||
# It could be used to define that decryption should be used for a wider range of
|
|
||||||
# mail addresses e.g. a whole domain. No key is needed here. It is even active if
|
|
||||||
# dec_keymap is set to yes. If this feature should be disabled, don't leave it blank.
|
|
||||||
# Set it to None. For further regex information please have a look at
|
|
||||||
# https://docs.python.org/2/library/re.html
|
|
||||||
dec_regex = {{ lacre_dec_regex }}
|
|
||||||
|
|
||||||
[gpg]
|
[gpg]
|
||||||
# the directory where gpg-mailgate public keys are stored
|
# the directory where gpg-mailgate public keys are stored
|
||||||
# (see INSTALL for details)
|
# (see INSTALL for details)
|
||||||
|
@ -69,6 +45,24 @@ mail_templates = {{ lacre_mail_templates }}
|
||||||
# path to the logging configuration; see documentation for details:
|
# path to the logging configuration; see documentation for details:
|
||||||
# https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
|
# https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
|
||||||
config = {{ lacre_logfile }}
|
config = {{ lacre_logfile }}
|
||||||
|
{% if lacre_daemon == 'true' %}
|
||||||
|
[daemon]
|
||||||
|
# Advanced Content Filter section.
|
||||||
|
#
|
||||||
|
# Advanced filters differ from Simple ones by providing a daemon that handles
|
||||||
|
# requests, instead of starting a new process each time a message arrives.
|
||||||
|
host = {{ lacre_daemon_host }}
|
||||||
|
port = {{ lacre_daemon_port }}
|
||||||
|
|
||||||
|
# Maximum size (in bytes) of message body, i.e. data provided after DATA
|
||||||
|
# message. Following value comes from aiosmtpd module's default for this
|
||||||
|
# setting.
|
||||||
|
max_data_bytes = {{ lacre_max_data_bytes }}33554432
|
||||||
|
|
||||||
|
# Sometimes it may make sense to log additional information from mail headers.
|
||||||
|
# This should never be PII, but information like encoding, content types, etc.
|
||||||
|
log_headers = {{ lacre_log_headers }}no
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
[relay]
|
[relay]
|
||||||
# the relay settings to use for Postfix
|
# the relay settings to use for Postfix
|
||||||
|
@ -94,6 +88,8 @@ port = {{ lacre_smtp_port }}
|
||||||
starttls = {{ lacre_smtp_starttls }}
|
starttls = {{ lacre_smtp_starttls }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
|
# edit the settings below if you want to read keys from a
|
||||||
|
# gpg-mailgate-web database other than SQLite
|
||||||
enabled = {{ lacre_webgate_db_enabled }}
|
enabled = {{ lacre_webgate_db_enabled }}
|
||||||
{% if lacre_webgate_db_backend == 'sqlite' %}
|
{% if lacre_webgate_db_backend == 'sqlite' %}
|
||||||
url = sqlite://{{ lacre_webgate_db_name }}
|
url = sqlite://{{ lacre_webgate_db_name }}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
[Unit]
|
||||||
|
Description=GPG Lacre mailgate daemon
|
||||||
|
After=syslog.target network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User={{ lacre_username }}
|
||||||
|
Group={{ lacre_group }}
|
||||||
|
WorkingDirectory={{ lacre_app_dir }}
|
||||||
|
Environment=GPG_MAILGATE_CONFIG={{ lacre_config_file }}
|
||||||
|
ExecStart={{ lacre_systemd_execstart }}
|
||||||
|
Restart=always
|
||||||
|
RestartSec={{ lacre_systemd_restartsec }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -37,6 +37,17 @@ $config['email_subject_requestpgp'] = '{{ lacre_webgate_email_subject_requestpgp
|
||||||
//site URL, without trailing slash
|
//site URL, without trailing slash
|
||||||
$config['site_url'] = '{{ lacre_webgate_site_url }}';
|
$config['site_url'] = '{{ lacre_webgate_site_url }}';
|
||||||
|
|
||||||
|
//site logo
|
||||||
|
$config['site_logo'] = '{{ lacre_webgate_site_logo }}';
|
||||||
|
|
||||||
|
//link to FAQ page
|
||||||
|
$config['site_faqurl'] = '{{ lacre_webgate_site_faqurl }}';
|
||||||
|
|
||||||
|
//link to tutorial website
|
||||||
|
$config['site_howurl'] = '{{ lacre_webgate_site_howurl }}';
|
||||||
|
|
||||||
|
//link to contact page
|
||||||
|
$config['site_contacturl'] = '{{ lacre_webgate_site_contacturl }}';
|
||||||
|
|
||||||
//title of the website (displayed on home page)
|
//title of the website (displayed on home page)
|
||||||
$config['site_title'] = '{{ lacre_webgate_site_title }}';
|
$config['site_title'] = '{{ lacre_webgate_site_title }}';
|
||||||
|
@ -52,7 +63,7 @@ $config['debug'] = '{{ lacre_webgate_debug }}';
|
||||||
//
|
//
|
||||||
|
|
||||||
//whether to send mail through SMTP (instead of PHP mail function)
|
//whether to send mail through SMTP (instead of PHP mail function)
|
||||||
$config['mail_smtp'] = {{ lacre_mail_smtp }};
|
$config['mail_smtp'] = {{ lacre_webgate_mail_smtp }};
|
||||||
|
|
||||||
//SMTP settings, if mail_smtp is enabled
|
//SMTP settings, if mail_smtp is enabled
|
||||||
//this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed
|
//this requires Net_SMTP from http://pear.php.net/package/Net_SMTP/ to be installed
|
Loading…
Reference in New Issue