GPG - Lacre

This is a role that deploys GPG-Lacre with all needed dependencies. Additionally takes care of installing a simply key upload web frontend. For set of defaults variables check defaults/main.yml file. This role assumes that:

• You are running Debian based OS
• You run postfix

Lacre daemon or simple filter

Postfix offers two types of filters. Simple and advanced content filters. Depending on your use case you can choose between two. Set lacre_daemon to false for simple filter and true for advanced filter (aka daemon). Additionally refer to variable defaults for extra settings needed for either option. Also check postfix documentation for more details on both filter features.

Lacre Webgate

Lacre-webgate is a simple interface for uploading keys. You can decide whether to install it by setting variable lacre_webgate_deploy. Default is set to true. This frontend depends on php and an sql database. The role defaults to mariadb. For Mariadb following variables need to be set. Check following example:

lacre_webgate_db_enabled: 'yes'
lacre_webgate_db_backend: 'mysql'
lacre_webgate_db_name: 'gpgmw'
lacre_webgate_db_host: 'localhost'
lacre_webgate_db_username: 'user'
lacre_webgate_db_password: 'password'

The Lacre-webgate can be installed on remote host. You must make sure that mariadb is reachable from host running postfix+gpg-lacre as gpg-lacre needs to be able to pull uploaded keys. You can use this role to install Lacre-webgate on remote host by specifying tag=webgate. Make sure to set lacre_webgate_deploy to false on the gpg-lacre/postfix host.

Dependency variables

Lacre depends on additional software such as postfix, php-fpm, mariadb, nginx. This software isn't covered by the role and you need to make sure to install and configure them according to your needs. You can use disroot roles or any other roles or just set them up manually. Included defaults work with disroot ansible roles.