✨: introduce webapps playbook to handle web php applications

2025-02-13 17:52:49 +01:00
parent 978319d09d
commit 6f87eb99c6
10 changed files with 178 additions and 0 deletions
--- a/roles/roundcube/tasks/db.yml
+++ b/roles/roundcube/tasks/db.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Create roundcube db role
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_user:
+    name: "{{ roundcube_pg_role }}"
+    password: "{{ roundcube_pg_password }}"
+
+- name: Create roundcube db
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_db:
+    name: "{{ roundcube_pg_database }}"
+    owner: "{{ roundcube_pg_role }}"
--- a/roles/roundcube/tasks/main.yml
+++ b/roles/roundcube/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Init DB
+  ansible.builtin.include_tasks: db.yml
+
+- name: Install roundcube
+  ansible.builtin.include_tasks: roundcube.yml
+
+- name: Install roundcube carddav plugin
+  ansible.builtin.include_tasks: roundcube_carddav.yml
--- a/roles/roundcube/tasks/roundcube.yml
+++ b/roles/roundcube/tasks/roundcube.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Create application directory
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ roundcube_local_path }}"
+    owner: "root"
+    group: "www-data"
+    mode: "0o750"
+
+- name: Unzip roundcube
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ roundcube_url }}"
+    dest: "{{ roundcube_local_path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    exclude:
+      - "{{ roundcube_config_path }}"
+
+- name: Put roundcube configuration
+  ansible.builtin.template:
+    src: "config.inc.php.j2"
+    dest: "{{ roundcube_config_path }}"
+    owner: root
+    group: www-data
+    mode: "0o640"
+
+- name: Check writable dir
+  ansible.builtin.file:
+    state: directory
+    recurse: true
+    dest: "{{ roundcube_local_path }}/{{ item }}"
+    owner: root
+    group: www-data
+    mode: "g+w"
+  loop:
+    - "logs"
+    - "temp"
--- a/roles/roundcube/tasks/roundcube_carddav.yml
+++ b/roles/roundcube/tasks/roundcube_carddav.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Unzip carddav plugin
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ roundcube_carddav_url }}"
+    dest: "{{ roundcube_local_path }}/plugins"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+- name: Put carddav config file
+  ansible.builtin.template:
+    src: "carddav.config.inc.php.j2"
+    dest: "{{ roundcube_local_path }}/plugins/carddav/config.inc.php"
+    owner: root
+    group: www-data
+    mode: "0o640"
--- a/roles/roundcube/templates/carddav.config.inc.php.j2
+++ b/roles/roundcube/templates/carddav.config.inc.php.j2
@@ -0,0 +1,25 @@
+<?php
+
+$prefs['_GLOBAL']['fixed'] = true;
+$prefs['_GLOBAL']['loglevel'] = \Psr\Log\LogLevel::WARNING;
+$prefs['_GLOBAL']['loglevel_http'] = \Psr\Log\LogLevel::ERROR;
+$prefs['_GLOBAL']['default_addressbook'] = [
+    'preset'  => 'Personal',
+];
+
+$prefs['Personal'] = [
+    'accountname'         =>  'Nextcloud',
+    'username'     =>  '%u',
+    'password'     =>  '%p',
+    'discovery_url' =>  'https://{{ roundcube_carddav_discovery_url }}:443/remote.php/carddav/addressbooks/%u/',
+    'rediscover_time' => '24:00',
+    'hide' => false,
+    'preemptive_basic_auth' => false,
+    'ssl_noverify' => false,
+    'active'       =>  true,
+    'readonly'     =>  true,
+    'refresh_time' => '24:00',
+    'use_categories' => true,
+    'fixed'        =>  [],
+    'require_always_email' => false,
+];
--- a/roles/roundcube/templates/config.inc.php.j2
+++ b/roles/roundcube/templates/config.inc.php.j2
@@ -0,0 +1,26 @@
+<?php
+
+$config['imap_host'] = 'tls://imap.libertus.eu';
+$config['smtp_host'] = 'tls://smtp.libertus.eu';
+$config['smtp_log'] = true;
+$config['db_dsnw'] = 'pgsql://{{ roundcube_pg_role }}:{{ roundcube_pg_password }}@localhost/{{ roundcube_pg_database }}';
+$config['support_url'] = '';
+$config['auto_create_user'] = true;
+$config['log_dir'] = 'logs/';
+$config['temp_dir'] = 'temp/';
+$config['login_lc'] = false;
+$config['des_key'] = 'ec+yITr6hLz+&00O_9SPa%Je';
+$config['mail_domain'] = '%d';
+$config['plugins'] = ['carddav'];
+$config['message_sort_col'] = 'date';
+$config['list_cols'] = ['subject', 'from', 'date', 'size', 'flag', 'attachment'];
+$config['language'] = 'fr_FR';
+$config['date_formats'] = ['Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'];
+$config['date_long'] = 'd.m.Y H:i';
+$config['skin'] = 'default';
+$config['mail_pagesize'] = 40;
+$config['prefer_html'] = false;
+$config['mime_param_folding'] = 0;
+$config['display_next'] = false;
+$config['default_font'] = '';
+$config['message_cache_lifetime'] = '10d';
--- a/roles/roundcube/vars/main.yml
+++ b/roles/roundcube/vars/main.yml
@@ -0,0 +1,15 @@
+---
+
+roundcube_version: "1.6.10"
+roundcube_url: "https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/roundcubemail-{{ roundcube_version }}-complete.tar.gz"
+
+# calculate the roundcube access URL given the `web_hostname` list
+# only the first occurence is supported
+roundcube_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'roundcube') | map(attribute='host') | first }}"
+
+roundcube_local_path: "/srv/http/{{ roundcube_access_url }}"
+roundcube_config_path: "{{ roundcube_local_path }}/config/config.inc.php"
+
+roundcube_carddav_version: "5.1.0"
+roundcube_carddav_url: "https://github.com/mstilkerich/rcmcarddav/releases/download/v{{ roundcube_carddav_version }}/carddav-v{{ roundcube_carddav_version }}.tar.gz"
+roundcube_carddav_discovery_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}"