Disroot-Ansible/gpg-lacre
10
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Ready for open alpha testing #9

Merged
muppeth merged 3 commits from staging into main 2024-09-11 21:25:07 +02:00
Conversation 0 Commits 3 Files changed 13 +100 -89
13 changed files with 100 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.ansible-lint Normal file
View file

@ -0,0 +1,6 @@
skip_list:
- fqcn-builtins
- fqcn[action]
- fqcn[action-core]
- fqcn[canonical]
- name[casing]

3
Playbooks/lacre.yml
View file

@ -1,6 +1,7 @@
---
- hosts: lacre
- name: 'GPG Lacre playbook'
hosts: lacre
roles:
- mariadb
- nginx

71
defaults/main.yml
View file

@ -45,7 +45,6 @@ lacre_dec_regex: 'None'
lacre_keyhome: '{{ lacre_homedir }}/.gnupg'
lacre_cert_path: '{{ lacre_homedir }}/smime'
lacre_register_email: 'register@example.org'
lacre_mail_templates: '{{ lacre_app_dir }}/register_templates'
lacre_webpanel_url: 'http://example.org'
lacre_notification_email: 'lacre@example.org'
lacre_mail_templates: '{{ lacre_app_dir }}/cron_templates'
@ -63,13 +62,14 @@ lacre_db_backend: 'mysql'
lacre_db_name: 'lacre'
lacre_db_host: 'localhost'
lacre_db_username: 'user'
lacre_db_password: 'password'
lacre_db_password: 'password'
## Lacre pooling
lacre_pooling_mode: 'optimistic'
lacre_pooling_maxcon_age: '3600'
lacre_pooling_poolsize: '5'
lacre_pooling_max_overflow: '10'
lacre_max_queue_hours: '1'
## Lacre daemon
lacre_daemon_host: '127.0.0.1'
@ -96,13 +96,12 @@ lacre_log_postfix_validate: 'True'
# Lacre webgate
lacre_smtp_enabled: 'false'
lacre_smtp_username: 'no-reply'
lacre_smtp_username: 'no-reply'
lacre_smtp_password: 'changeme'
lacre_smtp_host: 'example.lan'
lacre_smtp_port: '587'
lacre_smtp_starttls: 'true'
lacre_smtp_host: 'example.lan'
lacre_smtp_port: '587'
lacre_smtp_starttls: 'true'
lacre_webgate_cron: 'true'
lacre_webgate_deploy: 'true'
lacre_webgate_apt:
- 'python3-markdown'
- 'python3-mysqldb'
@ -112,14 +111,14 @@ lacre_webgate_dir: '/var/www/lacre-webgate'
lacre_webgate_user: 'www-data'
lacre_webgate_group: 'www-data'
lacre_webgate_email_web: 'admin@example.com'
lacre_webgate_email_from: 'lacre@example.com'
lacre_webgate_email_from: 'lacre@example.com'
lacre_webgate_email_subject_requestpgp: 'Confirm your email address'
lacre_webgate_site_url: 'http://example.com/lacre'
lacre_webgate_site_url: 'http://example.com/lacre'
lacre_webgate_site_title: 'PGP key management'
lacre_webgate_site_logo: 'img/logo.png'
lacre_webgate_site_faqurl: 'https://lacre.io/faq'
lacre_webgate_site_faqurl: 'https://lacre.io/faq'
lacre_webgate_site_howurl: 'https://learn.lacre.io'
lacre_webgate_site_contacturl: 'https://lacre.io/contact'
lacre_webgate_site_contacturl: 'https://lacre.io/contact'
lacre_webgate_language: 'english'
lacre_webgate_debug: 'enable'
@ -149,32 +148,32 @@ postfix_postgrey_deploy: 'false'
install_php: 'true'
php_version: '8.0'
php_etc_path: '/etc/php'
install_php: 'true'
pool_listen: '/var/run/php/php{{ php_version }}-fpm.sock'
php_pkgs:
- 'php{{ php_version }}-fpm'
- 'php{{ php_version }}-mysql'
- 'php{{ php_version }}-mbstring'
nginx_vhosts:
- name: 'example.org'
template: 'basephp'
proto: 'http'
listen: '80'
root: 'lacre-webgate/public_html'
index: 'index.php'
use_access_log: 'true'
use_error_log: 'true'
nginx_error_log_level: 'warn'
upstream_params:
- 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
- 'fastcgi_index index.php;'
- 'include /etc/nginx/fastcgi_params;'
- 'fastcgi_pass unix:{{ pool_listen }};'
custom_locations:
- name: '/config\.*'
options:
- 'deny all;'
state: 'enable'
letsencrypt: 'false'
- name: 'example.org'
template: 'basephp'
proto: 'http'
listen: '80'
root: 'lacre-webgate/public_html'
index: 'index.php'
use_access_log: 'true'
use_error_log: 'true'
nginx_error_log_level: 'warn'
upstream_params:
- 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
- 'fastcgi_index index.php;'
- 'include /etc/nginx/fastcgi_params;'
- 'fastcgi_pass unix:{{ pool_listen }};'
custom_locations:
- name: '/config\.*'
options:
- 'deny all;'
state: 'enable'
letsencrypt: 'false'
nginx_default_vhost_ssl: 'example.org'
nginx_default_vhost: 'example.org'
@ -184,7 +183,7 @@ mariadb_root_password: 'changeme'
mariadb_default_config:
- name: 'client'
config:
- port = {{mariadb_client_port}}
- port = {{ mariadb_client_port }}
- socket = /var/run/mysqld/mysqld.sock
- default-character-set = utf8mb4
- name: 'mysqld_safe'
@ -198,7 +197,7 @@ mariadb_default_config:
- socket = /var/run/mysqld/mysqld.sock
- port = 3306
- basedir = /usr
- datadir = "{{mariadb_datadir}}"
- datadir = "{{ mariadb_datadir }}"
- tmpdir = /tmp
- init_connect ='SET collation_connection = utf8mb4_unicode_ci'
- init_connect ='SET NAMES utf8mb4'
@ -247,11 +246,10 @@ mariadb_default_config:
- tmp_table_size= 64M
- max_heap_table_size= 64M
- name: 'mysqldump'
config:
- quick
#- quotes-names
# - quotes-names
- max_allowed_packet = 16M
- name: 'isamchk'
config:
@ -267,4 +265,3 @@ mariadb_users:
host: '{{ lacre_db_host }}'
password: '{{ lacre_db_password }}'
priv: '{{ lacre_db_name }}.*:ALL'

2
handlers/main.yml
View file

@ -1,6 +1,6 @@
---
- name: restart lacre
- name: 'Restart lacre'
systemd:
name: lacre
state: restarted

10
tasks/configure.yml
View file

@ -6,14 +6,14 @@
dest: '{{ lacre_config_file }}'
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
mode: 0644
mode: '0644'
notify:
- 'Restart lacre'
- name: '[LACRE] - Configure lacre logger'
template:
src: 'etc/lacre-logging.conf.j2'
dest: '{{ lacre_logfile }}'
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
mode: 0644
mode: '0644'

10
tasks/daemon.yml
View file

@ -6,22 +6,22 @@
dest: /etc/systemd/system/lacre.service
owner: root
group: root
mode: 0644
mode: '0644'
register: lacre_systemd
- name: '[Lacre Daemon] - Enable systemd config'
systemd:
name: lacre
enabled: yes
daemon_reload: yes
enabled: true
daemon_reload: true
notify:
restart lacre
- 'Restart lacre'
- name: '[LACRE] - Add lacre daemon to postfix'
blockinfile:
dest: '/etc/postfix/master.cf'
backup: yes
backup: true
marker: '# {mark} LACRE config block (Ansible)'
block: |
lacre unix - - - - - smtp

7
tasks/git.yml
View file

@ -4,9 +4,8 @@
git:
repo: '{{ lacre_repo }}'
dest: '{{ lacre_app_dir }}'
force: yes
update: yes
force: true
update: true
version: "{{ lacre_version }}"
become: 'yes'
become: true
become_user: "{{ lacre_username }}"

35
tasks/install.yml
View file

@ -2,16 +2,16 @@
- name: '[APT] - Install dependencies'
apt:
name: "{{ lacre_apt }}"
update_cache: yes
name: '{{ lacre_apt }}'
update_cache: true
- name: '[Install] - Make sure Lacre home exists'
file:
path: '{{ lacre_homedir }}'
state: directory
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
- name: '[Install] - Make sure Lacre .gnupg dir exists'
file:
path: '{{ lacre_homedir }}/.gnupg'
@ -27,12 +27,12 @@
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
mode: '700'
- name: '[INSTALL] - Install lacre backend requirenments'
pip:
requirements: "{{ lacre_app_dir }}/requirements.txt"
virtualenv: '{{ lacre_homedir }}/venv'
virtualenv_site_packages: yes
virtualenv_site_packages: true
- name: '[Install] - Link GnuPG Lacre to virtualenv python modules'
file:
@ -60,25 +60,24 @@
cron:
name: "Lacre-webgate cronjob"
state: present
minute: "*/3"
hour: "*"
day: "*"
month: "*"
weekday: "*"
user: "{{ lacre_username }}"
minute: '*/3'
hour: '*'
day: '*'
month: '*'
weekday: '*'
user: '{{ lacre_username }}'
job: '{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} {{ lacre_app_dir }}/webgate-cron.py > /dev/null'
when: lacre_webgate_cron == 'true'
- name: Check if the database exists
shell:
cmd: mysql -h {{ lacre_db_host }} -u {{ lacre_db_username }} -p{{ lacre_db_password }} {{ lacre_db_name }} -se "SHOW TABLES;" | wc -l
command:
cmd: mysql -h {{ lacre_db_host }} -u {{ lacre_db_username }} -p{{ lacre_db_password }} {{ lacre_db_name }} -se "SHOW TABLES;" | wc -l
register: lacre_db_info
ignore_errors: yes
ignore_errors: true
- name: '[INSTALL] - Run dbschema'
shell:
command:
cmd: '{{ lacre_homedir }}/venv/bin/python{{ lacre_python_version }} {{ lacre_app_dir }}/lacre/admin.py db -i'
become: 'yes'
become: true
become_user: '{{ lacre_username }}'
when: lacre_db_info.stdout != '3'

5
tasks/main.yml
View file

@ -2,13 +2,13 @@
- name: 'Create user'
include_tasks: 'user.yml'
tags:
tags:
- 'backend'
when: lacre_backend_deploy == 'true'
- name: 'Clone / Update repository'
include_tasks: 'git.yml'
tags:
tags:
- 'backend'
when: lacre_backend_deploy == 'true'
@ -43,4 +43,3 @@
tags:
- 'webgate'
when: lacre_webgate_deploy == 'true'

12
tasks/simple_filter.yml
View file

@ -2,7 +2,7 @@
- name: '[LACRE] - Add simple filter launcher script'
template:
src: templates/usr/local/bin/lacre-simple_filter.sh.j2
src: templates/usr/local/bin/lacre-simple_filter.sh.j2
dest: /usr/local/bin/lacre-simple_filter.sh
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
@ -11,13 +11,13 @@
- name: '[LACRE] - Add lacre simple filter to postfix'
blockinfile:
dest: '/etc/postfix/master.cf'
backup: yes
backup: true
marker: '# {mark} LACRE config block (Ansible)'
block: |
lacre unix - n n - - pipe
flags= user={{ lacre_username }}
flags= user={{ lacre_username }}
argv=bash /usr/local/bin/lacre-simple_filter.sh
127.0.0.1:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
@ -30,7 +30,8 @@
when: lacre_postfix_simplefilter == 'true'
- name: '[LACRE] - Check if content_filter is set in postfix'
shell: "grep -q 'content_filter' /etc/postfix/main.cf"
command:
cmd: "grep -q 'content_filter' /etc/postfix/main.cf"
register: check_filter
ignore_errors: true
@ -48,4 +49,3 @@
regexp: 'content_filter = .*'
replace: 'content_filter = {{ lacre_content_filter }}'
when: lacre_set_content_filter == 'true' and check_filter.rc == 0

2
tasks/user.yml
View file

@ -18,4 +18,4 @@
owner: '{{ lacre_username }}'
group: '{{ lacre_group }}'
state: directory
recurse: yes
recurse: true

22
tasks/webgate.yml
View file

@ -2,15 +2,22 @@
- name: '[Lacre-webgate] - Install dependencies'
apt:
name: "{{ lacre_webgate_apt }}"
name: '{{ lacre_webgate_apt }}'
- name: '[Lacre-webgate] - Ensure direcotries permissions'
file:
path: '{{ lacre_webgate_dir }}'
state: directory
owner: '{{ lacre_webgate_user }}'
group: '{{ lacre_webgate_group }}'
- name: '[Lacre-webgate] - clone repository'
git:
repo: '{{ lacre_webgate_repo }}'
dest: '{{ lacre_webgate_dir }}'
force: 'yes'
force: true
version: '{{ lacre_webgate_version }}'
become: 'yes'
become: true
become_user: '{{ lacre_webgate_user }}'
- name: '[Lacre-webgate] - Make sure webgate is owned by lacre user'
@ -18,12 +25,11 @@
path: '{{ lacre_webgate_dir }}'
owner: '{{ lacre_webgate_user }}'
group: '{{ lacre_webgate_group }}'
recurse: yes
recurse: true
- name: '[Lacre-webgate] - Deploy config'
template:
src: 'lacre-webgate/config.php.j2'
dest: "{{ lacre_webgate_dir }}/public_html/config.php"
owner: "{{ lacre_webgate_user }}"
group: "{{ lacre_webgate_group }}"
dest: '{{ lacre_webgate_dir }}/public_html/config.php'
owner: '{{ lacre_webgate_user }}'
group: '{{ lacre_webgate_group }}'

4
templates/etc/lacre.conf.j2
View file

@ -126,6 +126,10 @@ pool_size = {{ lacre_pooling_poolsize }}
# made and closed after use, to avoid pool growth and connection rejections.
max_overflow = {{ lacre_pooling_max_overflow }}
# Number of hours we will wait for the user to confirm their email. Cron-job
# will delete items older than this number of hours. Default: 1h.
max_queue_hours = {{ lacre_max_queue_hours }}
[enc_keymap]
# You can find these by running the following command:
# gpg --list-keys --keyid-format long user@example.com