From a6251aad9f2b8a6063f2287c4b86439853d99d3e Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Thu, 6 Nov 2014 17:23:33 +0100 Subject: [PATCH 01/46] modification du dbpassword --- roles/mail/templates/config.inc.php | 2 +- roles/mail/templates/dbconfig.inc.php | 2 +- roles/mail/templates/dovecot-mysql.conf | 2 +- roles/mail/templates/mysql_relay_domains.cf | 2 +- roles/mail/templates/mysql_virtual_alias_maps.cf | 2 +- roles/mail/templates/mysql_virtual_mailbox_domains.cf | 2 +- roles/mail/templates/mysql_virtual_mailbox_maps.cf | 2 +- roles/mail/templates/root-postfix.sql | 4 ++-- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/roles/mail/templates/config.inc.php b/roles/mail/templates/config.inc.php index 3830b99..7aec1e8 100644 --- a/roles/mail/templates/config.inc.php +++ b/roles/mail/templates/config.inc.php @@ -33,7 +33,7 @@ $CONF['configured'] = true; // In order to setup Postfixadmin, you MUST specify a hashed password here. // To create the hash, visit setup.php in a browser and type a password into the field, // on submission it will be echoed out to you as a hashed value. -$CONF['setup_password'] = '{{ dbpassword }}'; +$CONF['setup_password'] = '{{ dbpassword.stdout }}'; } } diff --git a/roles/mail/templates/dbconfig.inc.php b/roles/mail/templates/dbconfig.inc.php index 48eb84f..db21bf5 100644 --- a/roles/mail/templates/dbconfig.inc.php +++ b/roles/mail/templates/dbconfig.inc.php @@ -11,7 +11,7 @@ ## above too. ## $dbuser='postfix'; -$dbpass='{{ dbpassword }}'; +$dbpass='{{ dbpassword.stdout }}'; } } $basepath=''; diff --git a/roles/mail/templates/dovecot-mysql.conf b/roles/mail/templates/dovecot-mysql.conf index 57987a5..6a66728 100644 --- a/roles/mail/templates/dovecot-mysql.conf +++ b/roles/mail/templates/dovecot-mysql.conf @@ -1,5 +1,5 @@ driver = mysql -connect = host=127.0.0.1 dbname=postfix user=postfix password={{ dbpassword }} +connect = host=127.0.0.1 dbname=postfix user=postfix password={{ dbpassword.stdout }} default_pass_scheme = MD5-CRYPT user_query = SELECT '/home/facteur/%d/%n' as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u' password_query = SELECT password FROM mailbox WHERE username = '%u' diff --git a/roles/mail/templates/mysql_relay_domains.cf b/roles/mail/templates/mysql_relay_domains.cf index ac6d328..fd1c781 100644 --- a/roles/mail/templates/mysql_relay_domains.cf +++ b/roles/mail/templates/mysql_relay_domains.cf @@ -1,5 +1,5 @@ hosts = 127.0.0.1 user = postfix -password = {{ dbpassword }} +password = {{ dbpassword.stdout }} dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1 diff --git a/roles/mail/templates/mysql_virtual_alias_maps.cf b/roles/mail/templates/mysql_virtual_alias_maps.cf index f293f72..ffafbea 100644 --- a/roles/mail/templates/mysql_virtual_alias_maps.cf +++ b/roles/mail/templates/mysql_virtual_alias_maps.cf @@ -1,5 +1,5 @@ hosts = 127.0.0.1 user = postfix -password = {{ dbpassword }} +password = {{ dbpassword.stdout }} dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = 1 diff --git a/roles/mail/templates/mysql_virtual_mailbox_domains.cf b/roles/mail/templates/mysql_virtual_mailbox_domains.cf index ab83de6..3e5204a 100644 --- a/roles/mail/templates/mysql_virtual_mailbox_domains.cf +++ b/roles/mail/templates/mysql_virtual_mailbox_domains.cf @@ -1,5 +1,5 @@ hosts = 127.0.0.1 user = postfix -password = {{ dbpassword }} +password = {{ dbpassword.stdout }} dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1 diff --git a/roles/mail/templates/mysql_virtual_mailbox_maps.cf b/roles/mail/templates/mysql_virtual_mailbox_maps.cf index 1ca310b..887bbd6 100644 --- a/roles/mail/templates/mysql_virtual_mailbox_maps.cf +++ b/roles/mail/templates/mysql_virtual_mailbox_maps.cf @@ -1,5 +1,5 @@ hosts = 127.0.0.1 user = postfix -password = {{ dbpassword }} +password = {{ dbpassword.stdout }} dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 diff --git a/roles/mail/templates/root-postfix.sql b/roles/mail/templates/root-postfix.sql index 00c8c91..b437195 100644 --- a/roles/mail/templates/root-postfix.sql +++ b/roles/mail/templates/root-postfix.sql @@ -1,4 +1,4 @@ CREATE DATABASE postfix; -GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; -GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; +GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout.stdout }}'; +GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout.stdout }}'; FLUSH PRIVILEGES; From 018935b89b52af6fa871437e6d1300b4f9cf1c3b Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:02:03 +0100 Subject: [PATCH 02/46] conversion configuration pour dovecot 2, sur debian 7 --- roles/mail/tasks/main.yml | 2 +- roles/mail/templates/dovecot.conf | 76 ++++++++++++++----------------- 2 files changed, 35 insertions(+), 43 deletions(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 75446d7..87db6b4 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -9,7 +9,7 @@ - name: Randomly generate a postfix database password shell: pwgen -y -B -s 80 1 - register: dbpassword + register: dbpassword.stdout - name: Install packages apt: pkg={{item}} state=installed update_cache=yes diff --git a/roles/mail/templates/dovecot.conf b/roles/mail/templates/dovecot.conf index 7b38fe8..d1d46c5 100644 --- a/roles/mail/templates/dovecot.conf +++ b/roles/mail/templates/dovecot.conf @@ -1,51 +1,43 @@ -## Dovecot configuration file - -protocols = imap imaps pop3 pop3s managesieve -log_timestamp = "%Y-%m-%d %H:%M:%S " -mail_privileged_group = mail - +# 2.1.7: /etc/dovecot/dovecot.conf +# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 ext4 +!include conf.d/*.conf disable_plaintext_auth = no +log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/facteur/%d/%n:INDEX=/home/facteur/%d/%n/indexes - -protocol imap { -} -protocol pop3 { -} -protocol managesieve { - listen = *:4190 - login_executable = /usr/lib/dovecot/managesieve-login - mail_executable = /usr/lib/dovecot/managesieve +mail_privileged_group = mail +passdb { + args = /etc/dovecot/dovecot-mysql.conf + driver = sql } -protocol lda { - postmaster_address = admin@{{ domain }} - mail_plugin_dir = /usr/lib/dovecot/modules/lda - auth_socket_path = /var/run/dovecot/auth-master - mail_plugins = sieve quota +plugin { + sieve = /home/facteur/%d/%n/.dovecot.sieve + sieve_dir = /home/facteur/%d/%n/sieve } -auth default { - userdb sql { - args = /etc/dovecot/dovecot-mysql.conf - } - passdb sql { - args = /etc/dovecot/dovecot-mysql.conf - } - socket listen { - master { - path = /var/run/dovecot/auth-master - mode = 0600 - user = facteur +protocols = imap pop3 sieve +service auth { + unix_listener /var/spool/postfix/private/auth { + group = postfix + mode = 0660 + user = postfix } - client { - path = /var/spool/postfix/private/auth - mode = 0660 - user = postfix - group = postfix + unix_listener auth-master { + mode = 0600 + user = facteur } - } } -dict { +service managesieve-login { + executable = /usr/lib/dovecot/managesieve-login } -plugin { - sieve_dir = /home/facteur/%d/%n/sieve - sieve = /home/facteur/%d/%n/.dovecot.sieve +service managesieve { + executable = /usr/lib/dovecot/managesieve +} +userdb { + args = /etc/dovecot/dovecot-mysql.conf + driver = sql +} +protocol lda { + auth_socket_path = /var/run/dovecot/auth-master + mail_plugin_dir = /usr/lib/dovecot/modules + mail_plugins = sieve quota + postmaster_address = admin@{{ domain }} } From 276e740ad285c15aea4fd63f7bdb0bee7a0a41b2 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:11:57 +0100 Subject: [PATCH 03/46] several customs on inputrc and bashrc --- mail.yml | 2 +- roles/common/files/root-.bashrc | 3 ++ roles/common/files/root-.inputrc | 66 ++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/mail.yml b/mail.yml index fda3c14..7953054 100644 --- a/mail.yml +++ b/mail.yml @@ -6,7 +6,7 @@ gather_facts: yes roles: - - mariadb +# - mariadb - mail # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/common/files/root-.bashrc b/roles/common/files/root-.bashrc index 791ad69..22bc560 100644 --- a/roles/common/files/root-.bashrc +++ b/roles/common/files/root-.bashrc @@ -1,4 +1,7 @@ ### THIS FILE IS DEPLOYED BY ANSIBLE +if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then + INPUTRC=/etc/inputrc +fi export LS_OPTIONS='--color=auto' eval "`dircolors`" diff --git a/roles/common/files/root-.inputrc b/roles/common/files/root-.inputrc index 21751b6..0f52b4d 100644 --- a/roles/common/files/root-.inputrc +++ b/roles/common/files/root-.inputrc @@ -1,3 +1,6 @@ +# /etc/inputrc - global inputrc for libreadline +# See readline(3readline) and `info rluserman' for more information. + ### THIS FILE IS DEPLOYED BY ANSIBLE # alternate mappings for "page up" and "page down" to search the history @@ -6,3 +9,66 @@ "\e[1;5C": forward-word # ctrl + right "\e[1;5D": backward-word # ctrl + left +# Be 8 bit clean. +set input-meta on +set output-meta on + +# To allow the use of 8bit-characters like the german umlauts, uncomment +# the line below. However this makes the meta key not work as a meta key, +# which is annoying to those which don't need to type in 8-bit characters. + +# set convert-meta off + +# try to enable the application keypad when it is called. Some systems +# need this to enable the arrow keys. +# set enable-keypad on + +# see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys + +# do not bell on tab-completion +# set bell-style none +# set bell-style visible + +# some defaults / modifications for the emacs mode +$if mode=emacs + +# allow the use of the Home/End keys +"\e[1~": beginning-of-line +"\e[4~": end-of-line + +# allow the use of the Delete/Insert keys +"\e[3~": delete-char +"\e[2~": quoted-insert + +# mappings for "page up" and "page down" to step to the beginning/end +# of the history +# "\e[5~": beginning-of-history +# "\e[6~": end-of-history + +# alternate mappings for "page up" and "page down" to search the history +# "\e[5~": history-search-backward +# "\e[6~": history-search-forward + +# mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving +"\e[1;5C": forward-word +"\e[1;5D": backward-word +"\e[5C": forward-word +"\e[5D": backward-word +"\e\e[C": forward-word +"\e\e[D": backward-word + +$if term=rxvt +"\e[8~": end-of-line +"\eOc": forward-word +"\eOd": backward-word +$endif + +# for non RH/Debian xterm, can't hurt for RH/Debian xterm +# "\eOH": beginning-of-line +# "\eOF": end-of-line + +# for freebsd console +# "\e[H": beginning-of-line +# "\e[F": end-of-line + +$endif From 66f5c4c70c35255fbfb97998cac0893121b359d9 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:17:33 +0100 Subject: [PATCH 04/46] typo sur register --- roles/mail/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 87db6b4..75446d7 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -9,7 +9,7 @@ - name: Randomly generate a postfix database password shell: pwgen -y -B -s 80 1 - register: dbpassword.stdout + register: dbpassword - name: Install packages apt: pkg={{item}} state=installed update_cache=yes From 408a6bc4772fa8ccc7b7a67e36a2c1ffe29677a5 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:18:39 +0100 Subject: [PATCH 05/46] typo sur register --- roles/mail/templates/root-postfix.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mail/templates/root-postfix.sql b/roles/mail/templates/root-postfix.sql index b437195..00c8c91 100644 --- a/roles/mail/templates/root-postfix.sql +++ b/roles/mail/templates/root-postfix.sql @@ -1,4 +1,4 @@ CREATE DATABASE postfix; -GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout.stdout }}'; -GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout.stdout }}'; +GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; +GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; FLUSH PRIVILEGES; From 5f39caa398a526f6c037186db87ddb620a05231b Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:22:03 +0100 Subject: [PATCH 06/46] drop de test, pour valider le playbook de bout en bout --- roles/mail/templates/root-postfix.sql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mail/templates/root-postfix.sql b/roles/mail/templates/root-postfix.sql index 00c8c91..ff4bafa 100644 --- a/roles/mail/templates/root-postfix.sql +++ b/roles/mail/templates/root-postfix.sql @@ -1,4 +1,6 @@ +DROP DATABASE IF EXISTS postfix; +DROP USER 'postfix'@'%'; CREATE DATABASE postfix; -GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; +GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; FLUSH PRIVILEGES; From b1d82c50006d8e2b1e398d440c8b9648b12278d3 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:28:41 +0100 Subject: [PATCH 07/46] end to end, part 1 --- roles/mail/handlers/main.yml | 3 +++ roles/mail/tasks/main.yml | 9 ++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml index 410c6a3..c0fd888 100644 --- a/roles/mail/handlers/main.yml +++ b/roles/mail/handlers/main.yml @@ -1,4 +1,7 @@ +- name: restart amavis + service: name=amavis state=restarted + - name: restart saslauthd service: name=saslauthd state=restarted diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 75446d7..13d767c 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -105,13 +105,12 @@ copy: src=etc-amavis-conf.d-50-user dest=/etc/amavis/conf.d/50-user - name: Virus repository - shell: mkdir /var/spool/virusmails - -- name: chown - shell: chown amavis:amavis /var/spool/virusmails - + file: path=/var/spool/virusmails state=directory owner=amavis group=amavis + - name: update SA shell: sa-update -D + notify: restart amavis + - name: Config SA copy: src=etc-default-spamassassin dest=/etc/default/spamassassin From 1202194c2e92be728f911c2225511f10e35a4f6f Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:38:14 +0100 Subject: [PATCH 08/46] ignore errors on update-sa -D since it failes at the second update on the same day --- roles/mail/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 13d767c..706a0aa 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -110,6 +110,7 @@ - name: update SA shell: sa-update -D notify: restart amavis + ignore_errors: yes - name: Config SA From 08b22ebd5383859d787744e700fbc4551abdfa17 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:39:38 +0100 Subject: [PATCH 09/46] temporary disabling dovecot_destination_recipient_limit --- roles/mail/templates/main.cf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mail/templates/main.cf b/roles/mail/templates/main.cf index 36151e3..11444d6 100644 --- a/roles/mail/templates/main.cf +++ b/roles/mail/templates/main.cf @@ -86,8 +86,8 @@ smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes # Indiquer à Postfix de livrer à un destinataire à la fois -# la réception d'un mail en provenance d'un expéditeur unique avec plusieurs destinataire ne fonctionnerais pas sans cette option -dovecot_destination_recipient_limit = 1 +## la réception d'un mail en provenance d'un expéditeur unique avec plusieurs destinataire ne fonctionnerais pas sans cette option +#dovecot_destination_recipient_limit = 1 content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings From 83dfdfce1098ba8149a40981fa5e63ede5543f4b Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 12:52:53 +0100 Subject: [PATCH 10/46] adding postfixadmin, to be continued ... --- roles/mail/tasks/main.yml | 4 ++++ roles/mail/vars/main.yml | 3 +++ 2 files changed, 7 insertions(+) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 706a0aa..921e652 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -121,5 +121,9 @@ template: src=etc-default-postgrey dest=/etc/default/postgrey notify: restart postgrey +- name: Install postfixadmin + apt: pkg={{item}} state=installed update_cache=no install_recommends=yes + with_items: "{{ postfixadmin }}" + ignore_errors: no # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/vars/main.yml b/roles/mail/vars/main.yml index 2ef7fc3..772e954 100644 --- a/roles/mail/vars/main.yml +++ b/roles/mail/vars/main.yml @@ -60,4 +60,7 @@ packages: files: - random +postfixadmin: + - postfixadmin + # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From 22b619aa5f713af3cf460b78941190d88d359398 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 13:22:21 +0100 Subject: [PATCH 11/46] ajout du bon dynmap --- roles/mail/templates/dynamicmaps.cf | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mail/templates/dynamicmaps.cf b/roles/mail/templates/dynamicmaps.cf index 1c48bdc..8aedda3 100644 --- a/roles/mail/templates/dynamicmaps.cf +++ b/roles/mail/templates/dynamicmaps.cf @@ -4,3 +4,4 @@ #==== ================================ ============= ============ tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open sqlite /usr/lib/postfix/dict_sqlite.so dict_sqlite_open +mysql /usr/lib/postfix/dict_mysql.so dict_mysql_open From 1cb80131e174d2425d81ce72559c448e3c71d694 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 13:31:41 +0100 Subject: [PATCH 12/46] config inc for postfixadmin --- roles/mail/tasks/main.yml | 6 + roles/mail/templates/config.inc.php | 453 +--------------------------- roles/mail/vars/main.yml | 18 ++ 3 files changed, 25 insertions(+), 452 deletions(-) mode change 100644 => 120000 roles/mail/templates/config.inc.php diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 921e652..9c3f863 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -126,4 +126,10 @@ with_items: "{{ postfixadmin }}" ignore_errors: no +- name: Update old postfixadmin with new one + shell: rsync -aP /etc/postfixadmin/postfixadmin-2.91/* /usr/share/postfixadmin/ + +- name: Chowning to the rightful user + shell: chown -R www-data. /usr/share/postfixadmin/ + notify: restart apache # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/templates/config.inc.php b/roles/mail/templates/config.inc.php deleted file mode 100644 index 7aec1e8..0000000 --- a/roles/mail/templates/config.inc.php +++ /dev/null @@ -1,452 +0,0 @@ - 'admin', - 'alias' => 'alias', - 'alias_domain' => 'alias_domain', - 'config' => 'config', - 'domain' => 'domain', - 'domain_admins' => 'domain_admins', - 'fetchmail' => 'fetchmail', - 'log' => 'log', - 'mailbox' => 'mailbox', - 'vacation' => 'vacation', - 'vacation_notification' => 'vacation_notification', - 'quota' => 'quota', - 'quota2' => 'quota2', -); - -// Site Admin -// Define the Site Admins email address below. -// This will be used to send emails from to create mailboxes. -$CONF['admin_email'] = 'postmaster@{{ domain }}'; - -// Mail Server -// Hostname (FQDN) of your mail server. -// This is used to send email to Postfix in order to create mailboxes. -$CONF['smtp_server'] = 'localhost'; -$CONF['smtp_port'] = '25'; - -// Encrypt -// In what way do you want the passwords to be crypted? -// md5crypt = internal postfix admin md5 -// md5 = md5 sum of the password -// system = whatever you have set as your PHP system default -// cleartext = clear text passwords (ouch!) -// mysql_encrypt = useful for PAM integration -// authlib = support for courier-authlib style passwords -// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 -$CONF['encrypt'] = 'md5crypt'; - -// In what flavor should courier-authlib style passwords be enrypted? -// md5 = {md5} + base64 encoded md5 hash -// md5raw = {md5raw} + plain encoded md5 hash -// SHA = {SHA} + base64-encoded sha1 hash -// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt -$CONF['authlib_default_flavor'] = 'md5raw'; - -// If you use the dovecot encryption method: where is the dovecotpw binary located? -$CONF['dovecotpw'] = "/usr/sbin/dovecotpw"; - -// Minimum length required for passwords. Postfixadmin will not -// allow users to set passwords which are shorter than this value. -$CONF['min_password_length'] = 5; - -// Generate Password -// Generate a random password for a mailbox or admin and display it. -// If you want to automagically generate paswords set this to 'YES'. -$CONF['generate_password'] = 'NO'; - -// Show Password -// Always show password after adding a mailbox or admin. -// If you want to always see what password was set set this to 'YES'. -$CONF['show_password'] = 'NO'; - -// Page Size -// Set the number of entries that you would like to see -// in one page. -$CONF['page_size'] = '10'; - -// Default Aliases -// The default aliases that need to be created for all domains. -$CONF['default_aliases'] = array ( - 'abuse' => 'abuse@{{ domain }}', - 'hostmaster' => 'hostmaster@{{ domain }}', - 'postmaster' => 'postmaster@{{ domain }}', - 'webmaster' => 'webmaster@{{ domain }}' -); - -// Mailboxes -// If you want to store the mailboxes per domain set this to 'YES'. -// Examples: -// YES: /usr/local/virtual/domain.tld/username@domain.tld -// NO: /usr/local/virtual/username@domain.tld -$CONF['domain_path'] = 'NO'; -// If you don't want to have the domain in your mailbox set this to 'NO'. -// Examples: -// YES: /usr/local/virtual/domain.tld/username@domain.tld -// NO: /usr/local/virtual/domain.tld/username -// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES. -$CONF['domain_in_mailbox'] = 'YES'; -// If you want to define your own function to generate a maildir path set this to the name of the function. -// Notes: -// - this configuration directive will override both domain_path and domain_in_mailbox -// - the maildir_name_hook() function example is present below, commented out -// - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings -$CONF['maildir_name_hook'] = 'NO'; - -/* - maildir_name_hook example function - - Called by create-mailbox.php if $CONF['maildir_name_hook'] == '' - - allows for customized maildir paths determined by a custom function - - the example below will prepend a single-character directory to the - beginning of the maildir, splitting domains more or less evenly over - 36 directories for improved filesystem performance with large numbers - of domains. - - Returns: maildir path - ie. I/example.com/user/ -*/ -/* -function maildir_name_hook($domain, $user) { - $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - - $dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars); - $dir = substr($chars, $dir_index, 1); - return sprintf("%s/%s/%s/", $dir, $domain, $user); -} -*/ - - -// Default Domain Values -// Specify your default values below. Quota in MB. -$CONF['aliases'] = '10'; -$CONF['mailboxes'] = '10'; -$CONF['maxquota'] = '10'; - -// Quota -// When you want to enforce quota for your mailbox users set this to 'YES'. -$CONF['quota'] = 'NO'; -// You can either use '1024000' or '1048576' -$CONF['quota_multiplier'] = '1024000'; - -// Transport -// If you want to define additional transport options for a domain set this to 'YES'. -// Read the transport file of the Postfix documentation. -$CONF['transport'] = 'NO'; -// Transport options -// If you want to define additional transport options put them in array below. -$CONF['transport_options'] = array ( - 'virtual', // for virtual accounts - 'local', // for system accounts - 'relay' // for backup mx -); -// Transport default -// You should define default transport. It must be in array above. -$CONF['transport_default'] = 'virtual'; - -// Virtual Vacation -// If you want to use virtual vacation for you mailbox users set this to 'YES'. -// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/) -$CONF['vacation'] = 'NO'; -// This is the autoreply domain that you will need to set in your Postfix -// transport maps to handle virtual vacations. It does not need to be a -// real domain (i.e. you don't need to setup DNS for it). -$CONF['vacation_domain'] = 'autoreply.{{ domain }}'; - -// Vacation Control -// If you want users to take control of vacation set this to 'YES'. -$CONF['vacation_control'] ='YES'; - -// Vacation Control for admins -// Set to 'YES' if your domain admins should be able to edit user vacation. -$CONF['vacation_control_admin'] = 'YES'; - -// Alias Control -// Postfix Admin inserts an alias in the alias table for every mailbox it creates. -// The reason for this is that when you want catch-all and normal mailboxes -// to work you need to have the mailbox replicated in the alias table. -// If you want to take control of these aliases as well set this to 'YES'. - -// Alias control for superadmins -$CONF['alias_control'] = 'NO'; - -// Alias Control for domain admins -$CONF['alias_control_admin'] = 'NO'; - -// Special Alias Control -// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases -// as defined in $CONF['default_aliases'] -$CONF['special_alias_control'] = 'NO'; - -// Alias Goto Field Limit -// Set the max number of entries that you would like to see -// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added. -// '0' means no limits. -$CONF['alias_goto_limit'] = '0'; - -// Alias Domains -// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes -// configuration easier if you need the same set of aliases on multiple domains, but -// also requires postfix to do more database queries. -// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration. -// Set to 'NO' to disable alias domains. -$CONF['alias_domain'] = 'YES'; - -// Backup -// If you don't want backup tab set this to 'NO'; -$CONF['backup'] = 'YES'; - -// Send Mail -// If you don't want sendmail tab set this to 'NO'; -$CONF['sendmail'] = 'YES'; - -// Logging -// If you don't want logging set this to 'NO'; -$CONF['logging'] = 'YES'; - -// Fetchmail -// If you don't want fetchmail tab set this to 'NO'; -$CONF['fetchmail'] = 'YES'; - -// fetchmail_extra_options allows users to specify any fetchmail options and any MDA -// (it will even accept 'rm -rf /' as MDA!) -// This should be set to NO, except if you *really* trust *all* your users. -$CONF['fetchmail_extra_options'] = 'NO'; - -// Header -$CONF['show_header_text'] = 'NO'; -$CONF['header_text'] = ':: Postfix Admin ::'; - -// link to display under 'Main' menu when logged in as a user. -$CONF['user_footer_link'] = "http://{{ domain }}/main"; - -// Footer -// Below information will be on all pages. -// If you don't want the footer information to appear set this to 'NO'. -$CONF['show_footer_text'] = 'YES'; -$CONF['footer_text'] = 'Return to {{ domain }}'; -$CONF['footer_link'] = 'http://{{ domain }}'; - -// Welcome Message -// This message is send to every newly created mailbox. -// Change the text between EOM. -$CONF['welcome_text'] = <<= 1.2, set this to yes. -// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer -$CONF['new_quota_table'] = 'NO'; - -// -// Normally, the TCP port number does not have to be specified. -// $CONF['create_mailbox_subdirs_hostport']=143; -// -// If you have trouble connecting to the IMAP-server, then specify -// a value for $CONF['create_mailbox_subdirs_hostoptions']. These -// are some examples to experiment with: -// $CONF['create_mailbox_subdirs_hostoptions']=array('notls'); -// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh'); -// See also the "Optional flags for names" table at -// http://www.php.net/manual/en/function.imap-open.php - - -// Theme Config -// Specify your own logo and CSS file -$CONF['theme_logo'] = 'images/logo-default.png'; -$CONF['theme_css'] = 'css/default.css'; - -// XMLRPC Interface. -// This should be only of use if you wish to use e.g the -// Postfixadmin-Squirrelmail package -// change to boolean true to enable xmlrpc -$CONF['xmlrpc_enabled'] = false; - - -// If you want to keep most settings at default values and/or want to ensure -// that future updates work without problems, you can use a separate config -// file (config.local.php) instead of editing this file and override some -// settings there. -if (file_exists(dirname(__FILE__) . '/config.local.php')) { - include(dirname(__FILE__) . '/config.local.php'); -} - -// -// END OF CONFIG FILE -// -/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ diff --git a/roles/mail/templates/config.inc.php b/roles/mail/templates/config.inc.php new file mode 120000 index 0000000..994cfda --- /dev/null +++ b/roles/mail/templates/config.inc.php @@ -0,0 +1 @@ +/etc/postfixadmin/config.inc.php \ No newline at end of file diff --git a/roles/mail/vars/main.yml b/roles/mail/vars/main.yml index 772e954..7521310 100644 --- a/roles/mail/vars/main.yml +++ b/roles/mail/vars/main.yml @@ -62,5 +62,23 @@ files: postfixadmin: - postfixadmin + - libc-client2007e + - postfixadmin + - dbconfig-common + - libapr1 + - libapache2-mod-php5 + - libaprutil1-ldap + - apache2-mpm-prefork + - apache2-utils + - apache2 + - apache2.2-common + - libaprutil1-dbd-sqlite3 + - mlock + - apache2.2-bin + - php5-imap + - wwwconfig-common + - libaprutil1 + - php5 + - rsync # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From 77b0388aac5f3a677ef964f1d3e41e031d44ea57 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 13:37:36 +0100 Subject: [PATCH 13/46] postfixadmin print help messagex --- roles/mail/tasks/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 9c3f863..25f537a 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -56,8 +56,6 @@ - name: Copy dovecot config files template: src=dovecot-mysql.conf dest=/etc/dovecot/ owner=root mode=655 -- name: Copy postfixadmin config files - template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 - name: Copy postfixadmin config files template: src=dbconfig.inc.php dest=/etc/postfixadmin/ owner=root mode=655 @@ -132,4 +130,10 @@ - name: Chowning to the rightful user shell: chown -R www-data. /usr/share/postfixadmin/ notify: restart apache + +- name: Copy postfixadmin config files + template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 + +- name: TODO + debug: msg="Now go to http://{{ domain }}/postfixadmin and follow the instructions documentation is here http://sourceforge.net/p/postfixadmin/wiki/Home/" # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From e029f02a829c3ac0bd1ed6801d430e6b7b3fedd8 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 13:51:48 +0100 Subject: [PATCH 14/46] config Ok, reste a identifier pourquoi mes mails n'identifient pas de transport dispo --- roles/mail/tasks/main.yml | 7 +++++++ roles/mail/templates/master.cf | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 25f537a..59c8038 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -102,6 +102,12 @@ - name: Config amavis copy: src=etc-amavis-conf.d-50-user dest=/etc/amavis/conf.d/50-user +- name: adding amavis to clamav group + shell: usermod amavis -a -G clamav + +- name: setting right perms to amavis homedir + shell: chmod g+rx /var/lib/amavis + - name: Virus repository file: path=/var/spool/virusmails state=directory owner=amavis group=amavis @@ -134,6 +140,7 @@ - name: Copy postfixadmin config files template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 + - name: TODO debug: msg="Now go to http://{{ domain }}/postfixadmin and follow the instructions documentation is here http://sourceforge.net/p/postfixadmin/wiki/Home/" # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/mail/templates/master.cf b/roles/mail/templates/master.cf index 3df29d8..899cc19 100644 --- a/roles/mail/templates/master.cf +++ b/roles/mail/templates/master.cf @@ -110,4 +110,6 @@ scalemail-backend unix - n n - 2 pipe mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} - +amavis unix - - - - 2 smtp + -o smtp_data_done_timeout=1200 + -o smtp_send_xforward_command=yes From 76ab8411c615f93624f8afbfb22f1991f7397cfc Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 14:23:05 +0100 Subject: [PATCH 15/46] handler apache --- roles/mail/handlers/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml index c0fd888..f520270 100644 --- a/roles/mail/handlers/main.yml +++ b/roles/mail/handlers/main.yml @@ -1,4 +1,7 @@ +- name: restart apache2 + service: name=apache2 state=restarted + - name: restart amavis service: name=amavis state=restarted From c281fc518ba11eb4447f59f79e0f095a79465a03 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 14:31:26 +0100 Subject: [PATCH 16/46] redact old passwd --- roles/mail/handlers/main.yml | 2 +- roles/mail/tasks/main.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml index f520270..748161b 100644 --- a/roles/mail/handlers/main.yml +++ b/roles/mail/handlers/main.yml @@ -1,5 +1,5 @@ -- name: restart apache2 +- name: restart apache service: name=apache2 state=restarted - name: restart amavis diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 59c8038..d0f58cf 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -139,6 +139,8 @@ - name: Copy postfixadmin config files template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 +- name: To usr share equally + template: src=config.inc.php dest=/usr/share/postfixadmin/ owner=www-data mode=655 - name: TODO From 350edcd321f6bce7f3d849b8d152d3fd68cd9fde Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:29:26 +0100 Subject: [PATCH 17/46] debug en cours --- roles/mail/tasks/main.yml | 2 ++ roles/mail/templates/master.cf | 30 ++++++++++++++++++++++++------ 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index d0f58cf..c5ee04c 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -104,6 +104,8 @@ - name: adding amavis to clamav group shell: usermod amavis -a -G clamav +- name: Vice versa + shell: usermod clamav -a -G amavis - name: setting right perms to amavis homedir shell: chmod g+rx /var/lib/amavis diff --git a/roles/mail/templates/master.cf b/roles/mail/templates/master.cf index 899cc19..7248b3d 100644 --- a/roles/mail/templates/master.cf +++ b/roles/mail/templates/master.cf @@ -13,16 +13,16 @@ smtp inet n - - - - smtpd #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy -#submission inet n - - - - smtpd +submission inet n - - - - smtpd # -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - - - - smtpd +smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd @@ -110,6 +110,24 @@ scalemail-backend unix - n n - 2 pipe mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} + +dovecot unix - n n - - pipe flags=DRhu user=facteur:facteur argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} + amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes + +127.0.0.1:10025 inet n - - - - smtpd + -o content_filter= + -o local_recipient_maps= + -o relay_recipient_maps= + -o smtpd_restriction_classes= + -o smtpd_client_restrictions= + -o smtpd_helo_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8 + -o strict_rfc821_envelopes=yes + -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks +# -o smtpd_bind_address=127.0.0.1 + From 8904aa646f430e5514d47d42976c11b5783247fd Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:30:48 +0100 Subject: [PATCH 18/46] debug en cours --- roles/mail/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index c5ee04c..54e7cfe 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -92,6 +92,8 @@ - name: Copy postfix config files template: src=root-postfix.sql dest=/etc/postfix/ owner=root mode=655 +- name: Copy postfix config files + template: src=smtpd.conf dest=/etc/postfix/sasl/smtpd.conf owner=root mode=655 - name: Create database for postfix shell: mysql < /etc/postfix/root-postfix.sql From 025390b6414814d79d1e0cdac37190dcebff375d Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:31:22 +0100 Subject: [PATCH 19/46] master.cf fonctionnel --- roles/mail/templates/master.cf | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/roles/mail/templates/master.cf b/roles/mail/templates/master.cf index 7248b3d..0e69bdf 100644 --- a/roles/mail/templates/master.cf +++ b/roles/mail/templates/master.cf @@ -1,3 +1,4 @@ + # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). @@ -9,18 +10,12 @@ # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd -#smtp inet n - - - 1 postscreen -#smtpd pass - - - - - smtpd -#dnsblog unix - - - - 0 dnsblog -#tlsproxy unix - - - - 0 tlsproxy -submission inet n - - - - smtpd -# -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt +#submission inet n - - - - smtpd +# -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -# -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject @@ -29,7 +24,7 @@ smtps inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - n 300 1 oqmgr +#qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce @@ -40,7 +35,9 @@ flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp +# When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp + -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error @@ -105,7 +102,7 @@ ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe +scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py @@ -129,5 +126,4 @@ amavis unix - - - - 2 smtp -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -# -o smtpd_bind_address=127.0.0.1 From 580e3497cc9dcd0c90eab3e53bf8bd3a4fc69cad Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:50:02 +0100 Subject: [PATCH 20/46] autogen certificates --- roles/mail/tasks/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 54e7cfe..faacb1d 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -56,7 +56,6 @@ - name: Copy dovecot config files template: src=dovecot-mysql.conf dest=/etc/dovecot/ owner=root mode=655 - - name: Copy postfixadmin config files template: src=dbconfig.inc.php dest=/etc/postfixadmin/ owner=root mode=655 @@ -92,8 +91,16 @@ - name: Copy postfix config files template: src=root-postfix.sql dest=/etc/postfix/ owner=root mode=655 + - name: Copy postfix config files template: src=smtpd.conf dest=/etc/postfix/sasl/smtpd.conf owner=root mode=655 + notify: restart postfix + +- name: Autosigned cert + command: openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=RA/L=Somewhere/O=Overtherainbow/CN={{ domain }}" -keyout /etc/ssl/mail.key -out /etc/ssl/mail.crt + +- name: ca_bundle + get_url: url=http://www.startssl.com/certs/ca-bundle.crt mode=0644 - name: Create database for postfix shell: mysql < /etc/postfix/root-postfix.sql @@ -120,7 +127,6 @@ notify: restart amavis ignore_errors: yes - - name: Config SA copy: src=etc-default-spamassassin dest=/etc/default/spamassassin notify: restart spamassassin @@ -143,10 +149,10 @@ - name: Copy postfixadmin config files template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 + - name: To usr share equally template: src=config.inc.php dest=/usr/share/postfixadmin/ owner=www-data mode=655 - - name: TODO debug: msg="Now go to http://{{ domain }}/postfixadmin and follow the instructions documentation is here http://sourceforge.net/p/postfixadmin/wiki/Home/" # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From 3210faa6df67e7a555d7d85b768ec908207aa6a6 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:53:39 +0100 Subject: [PATCH 21/46] some documentation --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index de1c6fe..f86bb77 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,33 @@ configz Yet another ansible's playbook repository +roles +====== + +* common + * provides common configuration +* mail + * provides a mail service for a given domain name and the vdomain capability for other domains. +* mariadb + * provides a mariadb lambda server peered on 127.0.0.1:3306 with root mysql password on ``~/.my.cnf`` + +example host file +===== + +```yaml + +--- +admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian +default_packages_debian: htop +description: machine test +ntp_server1: 0.pool.ntp.org +ntp_server2: 1.pool.ntp.org +disable_ipv6: true +domain: test.net +mariadb_version: 10.0 +mysql_root_password: changeme +mysql_host: localhost +# vim: set textwidth=0 ft=yaml: + +``` + From bdfc978e323bd1e17c941042d6994bcc69f189ad Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:54:58 +0100 Subject: [PATCH 22/46] reorganizing roles --- mail.yml | 3 ++- mariadb.yml | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 mariadb.yml diff --git a/mail.yml b/mail.yml index 7953054..bafd5b9 100644 --- a/mail.yml +++ b/mail.yml @@ -6,7 +6,8 @@ gather_facts: yes roles: -# - mariadb + - common + - mariadb - mail # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/mariadb.yml b/mariadb.yml new file mode 100644 index 0000000..7953054 --- /dev/null +++ b/mariadb.yml @@ -0,0 +1,12 @@ +--- + +- name: Deployer et configurer un serveur mail complet + hosts: all + user: root + gather_facts: yes + + roles: +# - mariadb + - mail + +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From d5b67ef06077cdbfe6d4828a169682856ff4145a Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 15:57:21 +0100 Subject: [PATCH 23/46] typo on mariadb role --- mariadb.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mariadb.yml b/mariadb.yml index 7953054..1c11433 100644 --- a/mariadb.yml +++ b/mariadb.yml @@ -1,12 +1,11 @@ --- -- name: Deployer et configurer un serveur mail complet +- name: Deployer et configurer mariadb hosts: all user: root gather_facts: yes roles: -# - mariadb - - mail + - mariadb # vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: From b41e5b2228ff48f81d48d393df93bd0411ece01a Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 19:19:28 +0100 Subject: [PATCH 24/46] moar explicit comments on 'names' --- roles/mail/tasks/main.yml | 52 +++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index faacb1d..368d9ff 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -2,7 +2,7 @@ fail: msg="Missing domain name for first Vdomain creation" when: domain is not defined -- name: Install packages +- name: Install pwgen apt: pkg={{item}} state=installed update_cache=yes with_items: "{{ firstpkg }}" ignore_errors: no @@ -11,7 +11,7 @@ shell: pwgen -y -B -s 80 1 register: dbpassword -- name: Install packages +- name: Install necessary packages for postfix standalone apt: pkg={{item}} state=installed update_cache=yes with_items: "{{ packages }}" ignore_errors: no @@ -21,7 +21,7 @@ - name: Creation of the right folder file: path=/etc/postfixadmin/ state=directory mode=0755 recurse=yes -- name: Untar the beast +- name: Untar the pfxadmin unarchive: src=/tmp/postfixadmin-2.91.tar.gz dest=/etc/postfixadmin/ - name: enable SASLAuthd on boot @@ -50,65 +50,65 @@ shell: adduser postfix sasl notify: restart dovecot -- name: Copy dovecot config files +- name: Copy dovecot config files - dovecot.conf template: src=dovecot.conf dest=/etc/dovecot/ owner=root mode=655 -- name: Copy dovecot config files +- name: Copy dovecot config files - dovecot-mysql.conf template: src=dovecot-mysql.conf dest=/etc/dovecot/ owner=root mode=655 -- name: Copy postfixadmin config files +- name: Copy postfixadmin config files - dbconfig.inc.php pfxadmin template: src=dbconfig.inc.php dest=/etc/postfixadmin/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - dynmaps template: src=dynamicmaps.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - main.cf template: src=main.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - master.cf template: src=master.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - relay_domains.cf template: src=mysql_relay_domains.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - valias_maps.cf template: src=mysql_virtual_alias_maps.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - vbox_domains.cf template: src=mysql_virtual_mailbox_domains.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files vbox_maps.cf template: src=mysql_virtual_mailbox_maps.cf dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - postfix-files template: src=postfix-files dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - postfix-scripts template: src=postfix-script dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - post-install template: src=post-install dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - database script template: src=root-postfix.sql dest=/etc/postfix/ owner=root mode=655 -- name: Copy postfix config files +- name: Copy postfix config files - smtpd.conf template: src=smtpd.conf dest=/etc/postfix/sasl/smtpd.conf owner=root mode=655 notify: restart postfix -- name: Autosigned cert +- name: Autosigned cert - openssl query command: openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=RA/L=Somewhere/O=Overtherainbow/CN={{ domain }}" -keyout /etc/ssl/mail.key -out /etc/ssl/mail.crt -- name: ca_bundle +- name: ca_bundle - gettint it from startssl get_url: url=http://www.startssl.com/certs/ca-bundle.crt mode=0644 - name: Create database for postfix shell: mysql < /etc/postfix/root-postfix.sql -- name: Config amavis +- name: Config amavis - content_filter_mode copy: src=etc-amavis-conf.d-15-content_filter_mode dest=/etc/amavis/conf.d/15-content_filter_mode -- name: Config amavis +- name: Config amavis - userfile copy: src=etc-amavis-conf.d-50-user dest=/etc/amavis/conf.d/50-user - name: adding amavis to clamav group @@ -122,12 +122,12 @@ - name: Virus repository file: path=/var/spool/virusmails state=directory owner=amavis group=amavis -- name: update SA +- name: update Spam-Assassin - will fail if playbook is played twice shell: sa-update -D notify: restart amavis ignore_errors: yes -- name: Config SA +- name: Config Spam-Assassin copy: src=etc-default-spamassassin dest=/etc/default/spamassassin notify: restart spamassassin @@ -135,7 +135,7 @@ template: src=etc-default-postgrey dest=/etc/default/postgrey notify: restart postgrey -- name: Install postfixadmin +- name: Install postfixadmin from debian repos apt: pkg={{item}} state=installed update_cache=no install_recommends=yes with_items: "{{ postfixadmin }}" ignore_errors: no @@ -150,7 +150,7 @@ - name: Copy postfixadmin config files template: src=config.inc.php dest=/etc/postfixadmin/ owner=root mode=655 -- name: To usr share equally +- name: Also to usr share template: src=config.inc.php dest=/usr/share/postfixadmin/ owner=www-data mode=655 - name: TODO From fabcc0da383289eb925d394d229720a49df124db Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 9 Nov 2014 19:22:38 +0100 Subject: [PATCH 25/46] moar doc --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f86bb77..85c2879 100644 --- a/README.md +++ b/README.md @@ -8,10 +8,13 @@ roles * common * provides common configuration + * https://github.com/nojhan/liquidprompt <3 * mail * provides a mail service for a given domain name and the vdomain capability for other domains. + * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out. + * **Note2** : If you already have a SQL server, **it wont erase the original config**, but it needs a ``~/.my.cnf``. * mariadb - * provides a mariadb lambda server peered on 127.0.0.1:3306 with root mysql password on ``~/.my.cnf`` + * provides a mariadb lambda server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf`` example host file ===== From 9033da5f1ac97580af3f67eaf39d52cefeae562a Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Mon, 10 Nov 2014 13:24:09 +0100 Subject: [PATCH 26/46] managesieve implementation --- roles/mail/templates/dovecot.conf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/mail/templates/dovecot.conf b/roles/mail/templates/dovecot.conf index d1d46c5..c64a9ff 100644 --- a/roles/mail/templates/dovecot.conf +++ b/roles/mail/templates/dovecot.conf @@ -29,7 +29,13 @@ service managesieve-login { executable = /usr/lib/dovecot/managesieve-login } service managesieve { - executable = /usr/lib/dovecot/managesieve + inet_listener sieve { + port = 4190 + } + process_min_avail = 0 + service_count = 1 + vsz_limit = 64 M + executable = /usr/lib/dovecot/managesieve-login } userdb { args = /etc/dovecot/dovecot-mysql.conf From bccd083066514dac560d1f1282265fc89b1e8962 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Mon, 10 Nov 2014 14:05:35 +0100 Subject: [PATCH 27/46] ownCloud + NGINX + DOC --- README.md | 19 +++-- owncloud.yml | 14 ++++ roles/nginx/files/etc-nginx-nginx.conf | 37 ++++++++++ .../files/etc-php5-fpm-pool.d-www-data.conf | 26 +++++++ roles/nginx/handlers/main.yml | 13 ++++ roles/nginx/tasks/main.yml | 23 ++++++ roles/nginx/vars/main.yml | 46 ++++++++++++ roles/owncloud/handlers/main.yml | 46 ++++++++++++ roles/owncloud/tasks/main.yml | 74 +++++++++++++++++++ .../etc-nginx-sites-enabled-owncloud.j2 | 73 ++++++++++++++++++ .../templates/etc-php5-fpm-pool.d-www.conf.j2 | 36 +++++++++ .../owncloud/templates/root-ownclouddb.sql.j2 | 5 ++ roles/owncloud/vars/main.yml | 17 +++++ 13 files changed, 423 insertions(+), 6 deletions(-) create mode 100644 owncloud.yml create mode 100644 roles/nginx/files/etc-nginx-nginx.conf create mode 100644 roles/nginx/files/etc-php5-fpm-pool.d-www-data.conf create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/tasks/main.yml create mode 100644 roles/nginx/vars/main.yml create mode 100644 roles/owncloud/handlers/main.yml create mode 100644 roles/owncloud/tasks/main.yml create mode 100644 roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 create mode 100644 roles/owncloud/templates/etc-php5-fpm-pool.d-www.conf.j2 create mode 100644 roles/owncloud/templates/root-ownclouddb.sql.j2 create mode 100644 roles/owncloud/vars/main.yml diff --git a/README.md b/README.md index 85c2879..92aa937 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,22 @@ Yet another ansible's playbook repository roles ====== -* common - * provides common configuration +* Common + * provides **common** configuration * https://github.com/nojhan/liquidprompt <3 -* mail - * provides a mail service for a given domain name and the vdomain capability for other domains. +* Mail + * provides a complete **mail** server for a given domain name and the vdomain capability for other domains. * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out. * **Note2** : If you already have a SQL server, **it wont erase the original config**, but it needs a ``~/.my.cnf``. -* mariadb - * provides a mariadb lambda server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf`` + * **TODO** : + * Razor/Pyzor + * Roundcube + * Simplify template copy + * Postgrey +* MariaDB + * provides a lambda **MariaDB** server peered on ``127.0.0.1:3306`` with ``root`` MySQL password on ``~/.my.cnf`` +* ownCloud + * provides a simple instance of **ownCloud**, with ``NGINX, PHP5-FPM, and MariaDB`` example host file ===== diff --git a/owncloud.yml b/owncloud.yml new file mode 100644 index 0000000..fe04334 --- /dev/null +++ b/owncloud.yml @@ -0,0 +1,14 @@ +--- + +- name: Deployer et configurer un serveur ownCloud sous NGINX + PHP5-FPM + MariaDB + hosts: all + user: root + gather_facts: yes + + + roles: + - common + - mariadb + - nginx + - owncloud + diff --git a/roles/nginx/files/etc-nginx-nginx.conf b/roles/nginx/files/etc-nginx-nginx.conf new file mode 100644 index 0000000..d4a0f76 --- /dev/null +++ b/roles/nginx/files/etc-nginx-nginx.conf @@ -0,0 +1,37 @@ +user www-data; +worker_processes 4; +worker_priority -10; +pid /var/run/nginx.pid; +worker_rlimit_nofile 65536; + +events { + worker_connections 4096; + use epoll; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 8; + types_hash_max_size 2048; + server_tokens off; + + keepalive_requests 100000; + open_file_cache max=200000 inactive=20s; + open_file_cache_valid 30s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + gzip on; + gzip_disable "msie6"; + + #include /etc/nginx/naxsi_core.rules; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/roles/nginx/files/etc-php5-fpm-pool.d-www-data.conf b/roles/nginx/files/etc-php5-fpm-pool.d-www-data.conf new file mode 100644 index 0000000..87d72dd --- /dev/null +++ b/roles/nginx/files/etc-php5-fpm-pool.d-www-data.conf @@ -0,0 +1,26 @@ +[www-data] +prefix = /var/tmp + +user = www-data +group = www-data + +listen = /var/run/php5-fpm-www-data.sock +listen.backlog = 1024 + +pm = ondemand +pm.max_children = 2 +pm.process_idle_timeout = 30s; +pm.max_requests = 800 +pm.status_path = /status + +request_terminate_timeout = 120s + +chdir = / + +security.limit_extensions = .php .php3 .php4 .php5 + +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp + +php_admin_value[memory_limit] = 128M diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..e8e59fa --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers du role nginx + +- name: reload nginx + service: name=nginx state=reloaded +- name: restart nginx + service: name=nginx state=restarted +- name: start nginx + service: name=nginx state=started +- name: stop nginx + service: name=nginx state=stopped +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: + diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..260f0f7 --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Install default packages Debian. + apt: pkg={{item}} state=installed install_recommends=no + with_items: + - nginx + - nginx-common + - nginx-full + - php5-fpm + +- name: Copy nginx.conf + tags: nginx + copy: src=etc-nginx-nginx.conf dest=/etc/nginx/nginx.conf + +- name: Copy php5/fpm/pool.d/www-data.conf + tags: nginx + copy: src=etc-php5-fpm-pool.d-www-data.conf dest=/etc/php5/fpm/pool.d/www-data.conf + +- name: Delete the www.conf template + tags: nginx + file: path=etc/php5/fpm/pool.d/www.conf state=absent + notify: restart nginx + +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml new file mode 100644 index 0000000..3366136 --- /dev/null +++ b/roles/nginx/vars/main.yml @@ -0,0 +1,46 @@ +--- + +packages: + - nginx + - php5-cli + - php5-mysql + - php5-fpm + - php-apc + - php5-mysql + - php5-curl + - libmime-lite-perl + +firewall_role_rules: + - "-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT" + +sysctls: + - name: net.ipv4.ip_local_port_range + value: "'1024 65000'" + - name: net.ipv4.tcp_tw_reuse + value: 1 + - name: net.ipv4.tcp_fin_timeout + value: 15 + - name: net.core.netdev_max_backlog + value: 4096 + - name: net.core.rmem_max + value: 16777216 + - name: net.core.somaxconn + value: 4096 + - name: net.core.wmem_max + value: 16777216 + - name: net.ipv4.tcp_max_syn_backlog + value: 20480 + - name: net.ipv4.tcp_max_tw_buckets + value: 400000 + - name: net.ipv4.tcp_no_metrics_save + value: 1 + - name: net.ipv4.tcp_rmem + value: "'4096 87380 16777216'" + - name: net.ipv4.tcp_syn_retries + value: 2 + - name: net.ipv4.tcp_synack_retries + value: 2 + - name: net.ipv4.tcp_wmem + value: "'4096 65536 16777216'" + +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/owncloud/handlers/main.yml b/roles/owncloud/handlers/main.yml new file mode 100644 index 0000000..a708d23 --- /dev/null +++ b/roles/owncloud/handlers/main.yml @@ -0,0 +1,46 @@ +--- +# handlers du role common + +- name: update aliases + command: newaliases + +- name: restart munin-node + service: name=munin-node state=restarted + +- name: restart hobbit-client + service: name=hobbit-client state=restarted + +- name: restart xymon-client + service: name=xymon-client state=restarted + +- name: restart gwm + service: name=gwm state=restarted + +- name: restart xend + service: name=xend state=restarted + +- name: update-grub + command: update-grub + +- name: restart collectd + service: name=collectd state=restarted + +- name: restart ntp + service: name=ntp state=restarted + +- name: restart xymon + service: name=xymon state=restarted + +- name: update mysql_relay_domains map + shell: postmap /etc/postfix/mysql_relay_domains.cf + +- name: restart postfix + service: name=postfix state=restarted + +- name: restart nginx + command: name=nginx state=restarted + +- name: restart php5-fpm + shell: /etc/init.d/php5-fpm restart +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: + diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml new file mode 100644 index 0000000..a809752 --- /dev/null +++ b/roles/owncloud/tasks/main.yml @@ -0,0 +1,74 @@ +--- + +- name: Install ownCloud dependencies + apt: pkg={{item}} state=installed update_cache=no + tags: owncloud + with_items: "{{ packages }}" + ignore_errors: no + +- name: unlink default vhost nginx + tags: owncloud + shell: unlink /etc/nginx/sites-enabled/default + ignore_errors: yes + +- name: Get ownCloud + tags: + - update + - owncloud + get_url: url=https://download.owncloud.org/community/owncloud-latest.tar.bz2 validate_certs=no dest=/root/owncloud-latest.tar.bz2 + +- name: Creation of the right folder + tags: owncloud + file: path=/etc/nginx/ssl/ state=directory recurse=yes + +- name: create self-signed SSL cert + command: openssl req -new -nodes -x509 -subj "/C=FR/ST=SomeWhere/L=OverTheRainBow/O=OwnCloud/CN=owncloud.{{ domain }}" -days 3650 -keyout /etc/nginx/ssl/owncloud.key -out /etc/nginx/ssl/owncloud.crt -extensions v3_ca creates=/etc/nginx/ssl/owncloud.crt + tags: owncloud + notify: restart nginx + +- name: Creation of the right folder + tags: owncloud + file: path=/var/www/owncloud/ state=directory recurse=yes + +- name: Untar + tags: + - update + - owncloud + shell: tar xvf /root/owncloud-latest.tar.bz2 -C /var/www/owncloud/ + ignore_errors: no + +- name: Chown + tags: + - update + - owncloud + shell: chown -R www-data. /var/www/ + +- name: Randomly generate an ownCloud database password + shell: pwgen -y -B -s 80 1 + tags: + - owncloud + register: dbpassword + + +- name: Config nginx + template: src=etc-nginx-sites-enabled-owncloud.j2 dest=/etc/nginx/sites-enabled/owncloud + tags: owncloud + notify: restart nginx + +- name: Config PHP5-fpm + template: src=etc-php5-fpm-pool.d-www.conf.j2 dest=/etc/php5/fpm/pool.d/www.conf + tags: owncloud + notify: restart php5-fpm + +- name: Import database template + tags: + - owncloud + template: src=root-ownclouddb.sql.j2 dest=/root/ownclouddb.sql + +- name: Import sql file for account and db creation + tags: + - owncloud + shell: mysql < /root/ownclouddb.sql + notify: restart php5-fpm + +#vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 b/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 new file mode 100644 index 0000000..afabc5b --- /dev/null +++ b/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 @@ -0,0 +1,73 @@ +server { + listen 80; + server_name owncloud.{{ domain }}; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name owncloud.{{ instance_name }}; + keepalive_timeout 70; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; + ssl_certificate /etc/nginx/ssl/owncloud.crt; + ssl_certificate_key /etc/nginx/ssl/owncloud.key; + root /var/www/owncloud/owncloud/; + error_log /var/log/owncloud.error.log; + access_log /var/log/owncloud.access.log; + + client_max_body_size 10G; + fastcgi_buffers 64 4K; + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } + + location / { + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ index.php; + error_log /var/log/owncloud.error.log; + access_log /var/log/owncloud.access.log; + } + + location ~ ^(.+?\.php)(/.*)?$ { + try_files $1 = 404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + fastcgi_param PATH_INFO $2; + fastcgi_param HTTPS on; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_param htaccessWorking true; + fastcgi_read_timeout 360; + fastcgi_pass unix:/var/run/php5-fpm-www-data.sock; + error_log /var/log/owncloud.fpm.error.log; + access_log /var/log/owncloud.fpm.access.log; + } + + # Optional: set long EXPIRES header on static assets + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + expires 30d; + # Optional: Don't log access to assets + access_log off; + } +} + diff --git a/roles/owncloud/templates/etc-php5-fpm-pool.d-www.conf.j2 b/roles/owncloud/templates/etc-php5-fpm-pool.d-www.conf.j2 new file mode 100644 index 0000000..5a0cd8b --- /dev/null +++ b/roles/owncloud/templates/etc-php5-fpm-pool.d-www.conf.j2 @@ -0,0 +1,36 @@ +[www-data] +prefix = /var/tmp + +user = www-data +group = www-data + +slowlog = /var/log/php-fpm/slowlog-site.log +listen = /var/run/php5-fpm-www-data.sock +listen.backlog = 1024 + +pm = dynamic +pm.start_servers = 4 +pm.min_spare_servers = 2 +pm.max_spare_servers = 6 +pm.max_children = 8 +pm.process_idle_timeout = 30s; +pm.max_requests = 800 +pm.status_path = /status +listen.backlog = -1 +listen.owner = www-data +listen.group = www-data +listen.mode = 0666 +request_terminate_timeout = 3600s +catch_workers_output=no +chdir = / +rlimit_core = unlimited + +security.limit_extensions = .php .php3 .php4 .php5 + +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp +env[HOSTNAME] = $HOSTNAME + +php_admin_value[memory_limit] = 1G + diff --git a/roles/owncloud/templates/root-ownclouddb.sql.j2 b/roles/owncloud/templates/root-ownclouddb.sql.j2 new file mode 100644 index 0000000..d5ad976 --- /dev/null +++ b/roles/owncloud/templates/root-ownclouddb.sql.j2 @@ -0,0 +1,5 @@ +CREATE USER 'owncloud'@'localhost' IDENTIFIED BY '{{ dbpassword.stdout }}'; +GRANT USAGE ON * . * TO 'owncloud'@'localhost' IDENTIFIED BY '{{ dbpassword.stdout }}' WITH MAX_QUERIES_PER_HOUR 0 +MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; +CREATE DATABASE IF NOT EXISTS `owncloud` ; +GRANT ALL PRIVILEGES ON `owncloud` . * TO 'owncloud'@'localhost'; diff --git a/roles/owncloud/vars/main.yml b/roles/owncloud/vars/main.yml new file mode 100644 index 0000000..70794b8 --- /dev/null +++ b/roles/owncloud/vars/main.yml @@ -0,0 +1,17 @@ +packages: + - php5 + - php5-gd + - php-xml-parser + - php5-intl + - php5-sqlite + - php5-mysql + - php5-pgsql + - smbclient + - php5-curl + - php5-mcrypt + - php5-fpm + - pwgen + - bzip2 + - php5-ldap +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: + From 94939e1dfe8ccddc24db836f63571f498cd398c8 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Mon, 10 Nov 2014 18:27:58 +0100 Subject: [PATCH 28/46] config OK --- roles/mail/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml index 368d9ff..989c63e 100644 --- a/roles/mail/tasks/main.yml +++ b/roles/mail/tasks/main.yml @@ -100,7 +100,7 @@ command: openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=RA/L=Somewhere/O=Overtherainbow/CN={{ domain }}" -keyout /etc/ssl/mail.key -out /etc/ssl/mail.crt - name: ca_bundle - gettint it from startssl - get_url: url=http://www.startssl.com/certs/ca-bundle.crt mode=0644 + get_url: url=http://www.startssl.com/certs/ca-bundle.crt dest=/etc/ssl/ca-bundle.crt mode=0644 - name: Create database for postfix shell: mysql < /etc/postfix/root-postfix.sql From e058eed1dbe386eda7f3b0494b45134cc72bfebb Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Tue, 11 Nov 2014 12:39:49 +0100 Subject: [PATCH 29/46] smtpd.conf missing on the original config file --- roles/mail/templates/smtpd.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/mail/templates/smtpd.conf diff --git a/roles/mail/templates/smtpd.conf b/roles/mail/templates/smtpd.conf new file mode 100644 index 0000000..33c1f23 --- /dev/null +++ b/roles/mail/templates/smtpd.conf @@ -0,0 +1,2 @@ +pwcheck_method: saslauthd +mech_list: PLAIN LOGIN From f2427dccff50e55a0c767e729b500f4749dbe894 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Tue, 11 Nov 2014 12:47:45 +0100 Subject: [PATCH 30/46] typo in owncloud template config --- roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 b/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 index afabc5b..0140d92 100644 --- a/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 +++ b/roles/owncloud/templates/etc-nginx-sites-enabled-owncloud.j2 @@ -6,7 +6,7 @@ server { server { listen 443 ssl; - server_name owncloud.{{ instance_name }}; + server_name owncloud.{{ domain }}; keepalive_timeout 70; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; From 8bfd5e1494e7696d491552bf31a279cfe16a11e0 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Tue, 11 Nov 2014 13:17:54 +0100 Subject: [PATCH 31/46] managesieve typo, here's what happens when you don't unit test your files ... --- roles/mail/templates/dovecot.conf | 6 +++--- roles/mail/templates/root-postfix.sql | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/mail/templates/dovecot.conf b/roles/mail/templates/dovecot.conf index c64a9ff..9892248 100644 --- a/roles/mail/templates/dovecot.conf +++ b/roles/mail/templates/dovecot.conf @@ -26,9 +26,6 @@ service auth { } } service managesieve-login { - executable = /usr/lib/dovecot/managesieve-login -} -service managesieve { inet_listener sieve { port = 4190 } @@ -37,6 +34,9 @@ service managesieve { vsz_limit = 64 M executable = /usr/lib/dovecot/managesieve-login } +service managesieve { + executable = /usr/lib/dovecot/managesieve +} userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql diff --git a/roles/mail/templates/root-postfix.sql b/roles/mail/templates/root-postfix.sql index ff4bafa..24642a4 100644 --- a/roles/mail/templates/root-postfix.sql +++ b/roles/mail/templates/root-postfix.sql @@ -1,5 +1,4 @@ DROP DATABASE IF EXISTS postfix; -DROP USER 'postfix'@'%'; CREATE DATABASE postfix; GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; From 0163c1bdb184b7626ebfd23637e6f40deeea50fb Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Thu, 13 Nov 2014 16:12:50 +0100 Subject: [PATCH 32/46] php.ini template --- roles/owncloud/tasks/main.yml | 4 + roles/owncloud/templates/php.ini.j2 | 1789 +++++++++++++++++++++++++++ 2 files changed, 1793 insertions(+) create mode 100644 roles/owncloud/templates/php.ini.j2 diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index a809752..51d2132 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -59,6 +59,10 @@ template: src=etc-php5-fpm-pool.d-www.conf.j2 dest=/etc/php5/fpm/pool.d/www.conf tags: owncloud notify: restart php5-fpm +- name: Config PHP5-fpm ini file + template: src=php.ini.j2 dest=/etc/php5/fpm/php.ini + tags: owncloud + notify: restart php5-fpm - name: Import database template tags: diff --git a/roles/owncloud/templates/php.ini.j2 b/roles/owncloud/templates/php.ini.j2 new file mode 100644 index 0000000..72f5287 --- /dev/null +++ b/roles/owncloud/templates/php.ini.j2 @@ -0,0 +1,1789 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it's +; much more verbose when it comes to errors. We recommending using the +; development version only in development environments as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is php.ini-production INI file. + +; This is php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; html_errors +; Default Value: On +; Development Value: On +; Production value: On + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the tags. +; http://php.net/asp-tags +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +; http://php.net/precision +precision = 14 + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; http://php.net/output-buffering +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +; http://php.net/output-handler +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; http://php.net/zlib.output-compression +zlib.output_compression = Off + +; http://php.net/zlib.output-compression-level +;zlib.output_compression_level = -1 + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +; http://php.net/zlib.output-handler +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; http://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instantiated. A warning appears if the specified function is +; not defined, or if the function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func = + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 17 + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/open-basedir +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-functions +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-classes +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 300 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; It's recommended that errors be logged on production servers rather than +; having the errors sent to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. But, it's strongly recommended that you +; leave this setting off on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: On +; http://php.net/html-errors +html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P,C,E & S) should +; be registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive are +; specified in the same manner as the variables_order directive, EXCEPT one. +; Leaving this value empty will cause PHP to use the value set in the +; variables_order directive. It does not mean it will leave the super globals +; array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to empty. +; http://php.net/default-charset +;default_charset = "UTF-8" + +; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is +; to disable this feature. If post reading is disabled through +; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. +; http://php.net/always-populate-raw-post-data +;always_populate_raw_post_data = On + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 2G + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. +; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +;date.timezone = + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +;iconv.input_encoding = ISO-8859-1 +;iconv.internal_encoding = ISO-8859-1 +;iconv.output_encoding = ISO-8859-1 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite] +; http://php.net/sqlite.assoc-case +;sqlite.assoc_case = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; http://php.net/smtp +SMTP = localhost +; http://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(), even in safe mode. +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQL] +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysql.allow_local_infile +mysql.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysql.allow-persistent +mysql.allow_persistent = On + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysql.cache_size +mysql.cache_size = 2000 + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysql.max-persistent +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/mysql.max-links +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysql.default-port +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysql.default-socket +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-host +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-user +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysql.default-password +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +; http://php.net/mysql.connect-timeout +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +; http://php.net/mysql.trace-mode +mysql.trace_mode = Off + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[Sybase-CT] +; Allow or prevent persistent links. +; http://php.net/sybct.allow-persistent +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/sybct.max-persistent +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/sybct.max-links +sybct.max_links = -1 + +; Minimum server message severity to display. +; http://php.net/sybct.min-server-severity +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +; http://php.net/sybct.min-client-severity +sybct.min_client_severity = 10 + +; Set per-context timeout +; http://php.net/sybct.timeout +;sybct.timeout= + +;sybct.packet_size + +; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. +; Default: one minute +;sybct.login_timeout= + +; The name of the host you claim to be connecting from, for display by sp_who. +; Default: none +;sybct.hostname= + +; Allows you to define how often deadlocks are to be retried. -1 means "forever". +; Default: 0 +;sybct.deadlock_retry_count= + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if you +; or your OS have problems with lots of files in one directory, and is +; a more efficient layout for servers that handle lots of sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/var/lib/php5" + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the end all be all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +;session.entropy_length = 32 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatibility mode with old versions of PHP 3.0. +mssql.compatability_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. -1 = library default +; msdlib defaults to 25 +; FreeTDS defaults to 4096 +;mssql.max_procs = -1 + +; Specify client character set. +; If empty or not set the client charset from freetds.conf is used +; This is only used when compiled with FreeTDS +;mssql.charset = "ISO-8859-1" + +[Assertion] +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Issue a PHP warning for each failed assertion. +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +; http://php.net/mbstring.internal-encoding +;mbstring.internal_encoding = EUC-JP + +; http input encoding. +; http://php.net/mbstring.http-input +;mbstring.http_input = auto + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +; http://php.net/mbstring.http-output +;mbstring.http_output = SJIS + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none; + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +; Local Variables: +; tab-width: 4 +; End: From a689c7094bdf6f2d5b2b5b84d107abc6b75e78c0 Mon Sep 17 00:00:00 2001 From: nanowish Date: Mon, 24 Nov 2014 20:28:09 +0100 Subject: [PATCH 33/46] NTP: define servers with a list instead of few variables --- etc/host_vars/localhost.example | 8 +++++--- roles/common/templates/etc-ntp.conf.j2 | 10 +++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/etc/host_vars/localhost.example b/etc/host_vars/localhost.example index acf40e6..8069dc0 100644 --- a/etc/host_vars/localhost.example +++ b/etc/host_vars/localhost.example @@ -1,9 +1,11 @@ ---- +--- admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian default_packages_debian: htop description: machine test -ntp_server1: 0.pool.ntp.org -ntp_server2: 1.pool.ntp.org +ntp_servers: + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org disable_ipv6: true domain: test.net mariadb_version: 10.0 diff --git a/roles/common/templates/etc-ntp.conf.j2 b/roles/common/templates/etc-ntp.conf.j2 index c4cc437..0a7b421 100644 --- a/roles/common/templates/etc-ntp.conf.j2 +++ b/roles/common/templates/etc-ntp.conf.j2 @@ -6,12 +6,12 @@ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable -server {{ ntp_server1 }} -server {{ ntp_server2 }} +{% for server in ntp_servers %} +server {{ server }} +restrict {{ server }} nomodify nopeer +restrict {{ server }} nomodify nopeer +{% endfor %} restrict default ignore restrict -6 default ignore restrict 127.0.0.1 restrict ::1 -restrict {{ ntp_server1 }} nomodify nopeer -restrict {{ ntp_server2 }} nomodify nopeer - From 09aec2781366ec2192ea79b7f361a0ea9bdbfea7 Mon Sep 17 00:00:00 2001 From: nanowish Date: Mon, 24 Nov 2014 20:49:12 +0100 Subject: [PATCH 34/46] Common: Use with_items for copy a few files NTP: fix vars check --- roles/common/tasks/main.yml | 52 ++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 30 deletions(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index b0b903a..0593770 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -8,30 +8,26 @@ tags: bootstrap raw: python -c "import apt" || DEBIAN_FRONTEND=noninteractive apt-get --force-yes -y install python-apt when: ansible_distribution == 'Debian' - + # Check mandatory variables -- name: Check vars +- name: Check vars fail: msg="Missing variable admin_ssh_keys" when: admin_ssh_keys is not defined -- name: Check vars +- name: Check vars fail: msg="Missing variable default_packages_debian" when: default_packages_debian is not defined -- name: Check vars +- name: Check vars fail: msg="Missing variable description" when: description is not defined -- name: Check vars - fail: msg="Missing variable ntp_server1" - when: ntp_server1 is not defined - -- name: Check vars - fail: msg="Missing variable ntp_server2" - when: ntp_server2 is not defined +- name: Check vars + fail: msg="Missing variable ntp_servers" + when: ntp_servers is not defined -- name: Check vars +- name: Check vars fail: msg="Missing variable disable_ipv6" when: disable_ipv6 is not defined @@ -46,7 +42,7 @@ - name: Install default packages Debian. apt: pkg={{item}} state=installed - with_items: "{{ default_packages_debian }}" + with_items: "{{ default_packages_debian }}" when: ansible_distribution == 'Debian' # Configure NTP @@ -57,21 +53,18 @@ # Basic Shell & vim configuration -- name: Custom .bashrc - tags: custom - copy: src=root-.bashrc dest=/root/.bashrc -- name: Custom .vimrc - tags: custom - copy: src=root-.vimrc dest=/root/.vimrc -- name: Custom .inputrc - tags: custom - copy: src=root-.inputrc dest=/root/.inputrc - name: Create .vim/colors tags: custom file: path=/root/.vim/colors state=directory -- name: Wombat vim colors theme is awesome + +- name: Custom .bashrc, .vimrc, .inputrc and Wombat vim colors theme tags: custom - copy: src=root-.vim-colors-wombat.vim dest=/root/.vim/colors/wombat.vim + copy: src={{ item.src }} dest={{ item.dest }} + with_items: + - { src: 'root-.bashrc', dest: '/root/.bashrc' } + - { src: 'root-.vimrc', dest: '/root/.vimrc' } + - { src: 'root-.inputrc', dest: '/root/.inputrc' } + - { src: 'root-.vim-colors-wombat.vim', dest: '/root/.vim/colors/wombat.vim' } # Set motd and README.root @@ -79,13 +72,12 @@ tags: custom template: src=etc-motd.j2 dest=/etc/motd -- name: Modify /root/.profile - tags: custom - copy: src=root-.profile dest=/root/.profile - when: initialize == 'True' -- name: Add basic README.root +- name: Modify /root/.profile, Add basic README.root tags: custom - copy: src=root-README.root dest=/root/README.root + copy: src={{ item.src }} dest={{ item.dest }} + with_items: + - { src: 'root-.profile', dest: '/root/.profile' } + - { src: 'root-README.root', dest: '/root/README.root' } when: initialize == 'True' # Env setup From 5313ab2864f20f653f43f6852cb0eb265d3bde14 Mon Sep 17 00:00:00 2001 From: nanowish Date: Thu, 27 Nov 2014 20:05:26 +0100 Subject: [PATCH 35/46] Common: fix ntp template Change timezone in /etc/timezone instead of debconf. Moving the host_vars directory in root directory in order to respect http://docs.ansible.com/playbooks_best_practices.html#directory-layout --- {etc/host_vars => host_vars}/localhost.example | 0 postint.yml.README | 11 +++++------ roles/common/handlers/main.yml | 5 ++++- roles/common/tasks/main.yml | 16 +++++++--------- roles/common/templates/etc-ntp.conf.j2 | 1 - 5 files changed, 16 insertions(+), 17 deletions(-) rename {etc/host_vars => host_vars}/localhost.example (100%) diff --git a/etc/host_vars/localhost.example b/host_vars/localhost.example similarity index 100% rename from etc/host_vars/localhost.example rename to host_vars/localhost.example diff --git a/postint.yml.README b/postint.yml.README index d1e9437..ccbd8f6 100644 --- a/postint.yml.README +++ b/postint.yml.README @@ -28,9 +28,9 @@ Après la description suivent des exemples de ces variables. - default_packages_debian : la liste des packages debian a installer par defaut - ansible_fqdn : le nom a donner au serveur - description : La description du serveur (s'affichera a la connexion) - - ntp_server1 : le premier serveur NTP a utiliser - - ntp_server2 : le deuxième serveur ntp a installer + - ntp_servers : liste de serveurs NTP à utiliser - disable_ipv6 : IPv6 doit il etre desactive ou non + - tzdata_timezone: Permet de définir une timezone personnalisée (Europe/Paris est définie par défaut) ### Exemples de variables ### fichier : /etc/ansible/group_vars/all : @@ -48,9 +48,8 @@ ansible_fqdn: serveur-debian.exemple.com description: Bienvenue sur ce serveur debian -ntp_server1: 0.fr.pool.ntp.org -ntp_server2: 1.fr.pool.ntp.org +ntp_servers: + - 0.fr.pool.ntp.org + - 1.fr.pool.ntp.org disable_ipv6: yes - - diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index 30bb051..6cb4216 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -40,5 +40,8 @@ - name: apt-update command: apt-get update -# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: +- name: update timezone + command: dpkg-reconfigure --frontend noninteractive tzdata + +# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 0593770..776eb24 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -10,7 +10,6 @@ when: ansible_distribution == 'Debian' # Check mandatory variables - - name: Check vars fail: msg="Missing variable admin_ssh_keys" when: admin_ssh_keys is not defined @@ -32,17 +31,16 @@ when: disable_ipv6 is not defined # SSH - - name: Deploy SSH keys tags: ssh_keys authorized_key: user=root key="{{item}}" - with_items: "{{admin_ssh_keys}}" + with_items: admin_ssh_keys # Packages - name: Install default packages Debian. apt: pkg={{item}} state=installed - with_items: "{{ default_packages_debian }}" + with_items: default_packages_debian when: ansible_distribution == 'Debian' # Configure NTP @@ -89,11 +87,11 @@ debconf: name=locales question='locales/locales_to_be_generated' value='fr_FR.UTF-8, UTF-8' vtype='multiselect' when: ansible_distribution == 'Debian' -- name: Set the timezone - tags: environ - debconf: name=tzdata question='tzdata/Zones/Etc' value='UTC' vtype='select' - debconf: name=tzdata question='tzdata/Areas' value='Europe' vtype='select' - debconf: name=tzdata question='tzdata/Zones/Europe' value='Paris' vtype='select' +- name: Set timezone + copy: content='{{ tzdata_timezone | default('Europe/Paris') }}' + dest=/etc/timezone owner=root group=root mode=0644 + notify: + - update timezone when: ansible_distribution == 'Debian' - name: Disable IPv6 (need reboot) diff --git a/roles/common/templates/etc-ntp.conf.j2 b/roles/common/templates/etc-ntp.conf.j2 index 0a7b421..3b2aca5 100644 --- a/roles/common/templates/etc-ntp.conf.j2 +++ b/roles/common/templates/etc-ntp.conf.j2 @@ -9,7 +9,6 @@ filegen clockstats file clockstats type day enable {% for server in ntp_servers %} server {{ server }} restrict {{ server }} nomodify nopeer -restrict {{ server }} nomodify nopeer {% endfor %} restrict default ignore restrict -6 default ignore From 5684d5b7127449ce3e2f1ae063e9319e8420a495 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 12:45:36 +0100 Subject: [PATCH 36/46] import from https://github.com/al3x/sovereign --- roles/ircbouncer/files/etc_init.d_znc | 139 ++++++++++++++++++ roles/ircbouncer/handlers/main.yml | 2 + roles/ircbouncer/tasks/main.yml | 1 + roles/ircbouncer/tasks/znc.yml | 65 ++++++++ .../templates/var_lib_znc_configs_znc.conf.j2 | 84 +++++++++++ roles/wallabag/handlers/main.yml | 6 + roles/wallabag/tasks/main.yml | 1 + roles/wallabag/tasks/wallabag.yml | 79 ++++++++++ .../etc_apache2_sites-available_wallabag.j2 | 31 ++++ ...r_www_wallabag_inc_poche_config.inc.php.j2 | 58 ++++++++ 10 files changed, 466 insertions(+) create mode 100644 roles/ircbouncer/files/etc_init.d_znc create mode 100644 roles/ircbouncer/handlers/main.yml create mode 100644 roles/ircbouncer/tasks/main.yml create mode 100644 roles/ircbouncer/tasks/znc.yml create mode 100644 roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2 create mode 100644 roles/wallabag/handlers/main.yml create mode 100644 roles/wallabag/tasks/main.yml create mode 100644 roles/wallabag/tasks/wallabag.yml create mode 100644 roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2 create mode 100644 roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2 diff --git a/roles/ircbouncer/files/etc_init.d_znc b/roles/ircbouncer/files/etc_init.d_znc new file mode 100644 index 0000000..8f262b2 --- /dev/null +++ b/roles/ircbouncer/files/etc_init.d_znc @@ -0,0 +1,139 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: znc +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ZNC IRC bouncer +# Description: ZNC is an IRC bouncer +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="ZNC daemon" +NAME=znc +DAEMON=/usr/local/bin/$NAME +DATADIR=/var/lib/znc +DAEMON_ARGS="--datadir=$DATADIR" +PIDDIR=/var/run/znc +PIDFILE=$PIDDIR/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +USER=znc +GROUP=znc + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + if [ ! -d $PIDDIR ] + then + mkdir $PIDDIR + fi + chown $USER:$GROUP $PIDDIR + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2 + exit 3 + ;; +esac + +: \ No newline at end of file diff --git a/roles/ircbouncer/handlers/main.yml b/roles/ircbouncer/handlers/main.yml new file mode 100644 index 0000000..d39db67 --- /dev/null +++ b/roles/ircbouncer/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart znc + service: name=znc state=restarted \ No newline at end of file diff --git a/roles/ircbouncer/tasks/main.yml b/roles/ircbouncer/tasks/main.yml new file mode 100644 index 0000000..4b2f51d --- /dev/null +++ b/roles/ircbouncer/tasks/main.yml @@ -0,0 +1 @@ +- include: znc.yml tags=znc \ No newline at end of file diff --git a/roles/ircbouncer/tasks/znc.yml b/roles/ircbouncer/tasks/znc.yml new file mode 100644 index 0000000..d44dfd2 --- /dev/null +++ b/roles/ircbouncer/tasks/znc.yml @@ -0,0 +1,65 @@ +# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon + +- name: Install znc dependencies + apt: pkg={{ item }} state=installed + with_items: + - automake + - build-essential + - checkinstall + - g++ + - libperl-dev + - libsasl2-dev + - libssl-dev + - libtool + - openssl + - pkg-config + - python3-dev + - swig + +- name: Download znc release + get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz + +- name: Decompress znc source + command: tar xzf /root/znc-{{ znc_version }}.tar.gz chdir=/root creates=/root/znc-{{ znc_version }}/configure + +- name: Build and install znc + shell: ./configure --enable-python && make && make install executable=/bin/bash chdir=/root/znc-{{ znc_version }} creates=/usr/local/bin/znc + notify: restart znc + +- name: Create znc group + group: name=znc state=present + +- name: Create znc user + user: name=znc state=present home=/var/lib/znc system=yes group=znc shell=/usr/sbin/nologin + +- name: Copy znc init file into place + copy: src=etc_init.d_znc dest=/etc/init.d/znc mode=0755 + +- name: Create a combined version of the private key with public cert and intermediate + root CAs + shell: cat /etc/ssl/private/wildcard_private.key /etc/ssl/certs/wildcard_combined.pem > + /var/lib/znc/znc.pem creates=/var/lib/znc/znc.pem + notify: restart znc + +- name: Ensure znc user and group can read cert + file: path=/var/lib/znc/znc.pem group=znc owner=znc mode=640 + notify: restart znc + +- name: Check for existing config file + command: cat /var/lib/znc/configs/znc.conf + register: znc_config + ignore_errors: True + changed_when: False # never report as "changed" + +- name: Create znc config directory + file: state=directory path=/var/lib/znc/configs group=znc owner=znc + +- name: Copy znc configuration file into place + template: src=var_lib_znc_configs_znc.conf.j2 dest=/var/lib/znc/configs/znc.conf owner=znc group=znc + when: znc_config.rc != 0 + notify: restart znc + +- name: Set firewall rule for znc + ufw: rule=allow port=6697 proto=tcp + +- name: Ensure znc is a system service + service: name=znc state=started enabled=true diff --git a/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2 b/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2 new file mode 100644 index 0000000..5583b1e --- /dev/null +++ b/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2 @@ -0,0 +1,84 @@ +// WARNING +// +// Do NOT edit this file while ZNC is running! +// Use webadmin or *controlpanel instead. +// +// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash. +// Also check http://en.znc.in/wiki/Configuration + +AnonIPLimit = 10 +ConnectDelay = 5 +LoadModule = webadmin +LoadModule = fail2ban +LoadModule = lastseen +LoadModule = partyline +MaxBufferSize = 500 +Motd = Connected to ZNC +PidFile = /var/run/znc/znc.pid +ProtectWebSessions = true +SSLCertFile = /var/lib/znc/znc.pem +ServerThrottle = 30 +Skin = _default_ +StatusPrefix = * +Version = 1.0 + + + AllowIRC = true + AllowWeb = false + IPv4 = true + IPv6 = true + Port = 6697 + SSL = true + + + + AllowIRC = false + AllowWeb = true + IPv4 = true + IPv6 = true + Port = 6643 + SSL = false + + + + Admin = true + Allow = * + AltNick = {{ irc_nick }}_ + AppendTimestamp = false + AutoClearChanBuffer = true + Buffer = 5000 + ChanModes = +stn + DenyLoadMod = false + DenySetBindHost = false + Ident = {{ irc_ident }} + JoinTries = 10 + LoadModule = controlpanel + LoadModule = perform + LoadModule = block_motd + LoadModule = clientnotify + MaxNetworks = 1 + MultiClients = true + Nick = {{ irc_nick }} + PrependTimestamp = true + QuitMsg = {{ irc_quitmsg }} + RealName = {{ irc_realname }} + TimestampFormat = [%H:%M:%S] + Timezone = {{ irc_timezone }} + + + Method = sha256 + Hash = {{ irc_password_hash }} + Salt = {{ irc_password_salt }} + + + + BindHost = 0.0.0.0 + FloodBurst = 4 + FloodRate = 1.00 + IRCConnectEnabled = true + LoadModule = kickrejoin + LoadModule = nickserv + LoadModule = savebuff + Server = chat.freenode.net +6697 + + diff --git a/roles/wallabag/handlers/main.yml b/roles/wallabag/handlers/main.yml new file mode 100644 index 0000000..9a51f87 --- /dev/null +++ b/roles/wallabag/handlers/main.yml @@ -0,0 +1,6 @@ +- name: import wallabag sql + shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1 + notify: remove install folder + +- name: remove install folder + file: path=/var/www/wallabag/install state=absent diff --git a/roles/wallabag/tasks/main.yml b/roles/wallabag/tasks/main.yml new file mode 100644 index 0000000..36ff87b --- /dev/null +++ b/roles/wallabag/tasks/main.yml @@ -0,0 +1 @@ +- include: wallabag.yml tags=wallabag \ No newline at end of file diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml new file mode 100644 index 0000000..1c2ded7 --- /dev/null +++ b/roles/wallabag/tasks/wallabag.yml @@ -0,0 +1,79 @@ +- name: Determine whether wallabag is configured + stat: path=/var/www/wallabag/inc/poche/config.inc.php + register: wallabag_config + +- name: Clone wallabag + git: repo=https://github.com/wallabag/wallabag.git + dest=/var/www/wallabag + version={{ wallabag_version }} + accept_hostkey=yes + +- name: Remove wallabag 'install' directory if its configuration file is there + file: name=/var/www/wallabag/install state=absent + when: wallabag_config.stat.exists == True + +- name: Install wallabag dependencies + apt: pkg={{ item }} state=present + with_items: + - php5 + - php5-curl + - php5-mcrypt + - php5-pgsql + - php5-tidy + +- name: Create database user for wallabag + postgresql_user: login_host=localhost + login_user={{ db_admin_username }} + login_password="{{ db_admin_password }}" + name={{ wallabag_db_username }} + password="{{ wallabag_db_password }}" + state=present + +- name: Create database for wallabag + postgresql_db: login_host=localhost + login_user={{ db_admin_username }} + login_password="{{ db_admin_password }}" + name={{ wallabag_db_database }} + state=present + owner={{ wallabag_db_username }} + notify: import wallabag sql + +- name: Build Composer + shell: curl -sS https://getcomposer.org/installer | php + chdir=/root + creates=/root/composer.phar + +- name: Initialize composer + command: php /root/composer.phar install + chdir=/var/www/wallabag + creates=/var/www/wallabag/vendor/autoload.php + +- name: Set wallabag permissions + file: owner=www-data + group=www-data + path=/var/www/wallabag + recurse=yes + state=directory + +- name: Create the configuration file + template: src=var_www_wallabag_inc_poche_config.inc.php.j2 + dest=/var/www/wallabag/inc/poche/config.inc.php + owner=www-data + group=www-data + +- name: Rename existing Apache wallabag virtualhost + command: mv /etc/apache2/sites-available/wallabag /etc/apache2/sites-available/wallabag.conf removes=/etc/apache2/sites-available/wallabag + +- name: Remove old sites-enabled/wallabag symlink (new one will be created by a2ensite) + command: rm /etc/apache2/sites-enabled/wallabag removes=/etc/apache2/sites-enabled/wallabag + +- name: Configure the Apache HTTP server for wallabag + template: src=etc_apache2_sites-available_wallabag.j2 + dest=/etc/apache2/sites-available/wallabag.conf + owner=root + group=root + +- name: Enable the wallabag site + command: a2ensite wallabag.conf + creates=/etc/apache2/sites-enabled/wallabag.conf + notify: restart apache diff --git a/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2 b/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2 new file mode 100644 index 0000000..5d04d18 --- /dev/null +++ b/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2 @@ -0,0 +1,31 @@ + + ServerName {{ wallabag_domain }} + + Redirect permanent / https://{{ wallabag_domain }}/ + + + + ServerName {{ wallabag_domain }} + + SSLEngine on + SSLProtocol ALL -SSLv2 -SSLv3 + SSLHonorCipherOrder On + SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS + SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt + SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key + SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem + Header add Strict-Transport-Security "max-age=15768000; includeSubdomains" + + DocumentRoot /var/www/wallabag + Options -Indexes + + ErrorLog /var/log/apache2/wallabag.info-error_log + CustomLog /var/log/apache2/wallabag.info-access_log common + + + AllowOverride All + Order allow,deny + allow from all + DirectoryIndex index.php + + diff --git a/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2 b/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2 new file mode 100644 index 0000000..aa60164 --- /dev/null +++ b/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2 @@ -0,0 +1,58 @@ + + * @copyright 2013 + * @license http://www.wtfpl.net/ see COPYING file + */ + +define ('SALT', '{{ wallabag_salt }}'); # put a strong string here +define ('LANG', 'en_EN.utf8'); + +define ('STORAGE', 'postgres'); # postgres, mysql or sqlite + +define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located + +# only for postgres & mysql +define ('STORAGE_SERVER', 'localhost'); +define ('STORAGE_DB', '{{ wallabag_db_database }}'); +define ('STORAGE_USER', '{{ wallabag_db_username }}'); +define ('STORAGE_PASSWORD', '{{ wallabag_db_password }}'); + +################################################################################# +# Do not trespass unless you know what you are doing +################################################################################# + +// Change this if not using the standart port for SSL - i.e you server is behind sslh +define ('SSL_PORT', 443); + +define ('MODE_DEMO', FALSE); +define ('DEBUG_POCHE', FALSE); +define ('DOWNLOAD_PICTURES', FALSE); +define ('CONVERT_LINKS_FOOTNOTES', FALSE); +define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); +define ('SHARE_TWITTER', TRUE); +define ('SHARE_MAIL', TRUE); +define ('SHARE_SHAARLI', FALSE); +define ('SHAARLI_URL', 'http://myshaarliurl.com'); +define ('FLATTR', TRUE); +define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url='); +define ('NOT_FLATTRABLE', '0'); +define ('FLATTRABLE', '1'); +define ('FLATTRED', '2'); +define ('ABS_PATH', 'assets/'); + +define ('DEFAULT_THEME', 'baggy'); + +define ('THEME', ROOT . '/themes'); +define ('LOCALE', ROOT . '/locale'); +define ('CACHE', ROOT . '/cache'); + +define ('PAGINATION', '10'); + +//limit for download of articles during import +define ('IMPORT_LIMIT', 5); +//delay between downloads (in sec) +define ('IMPORT_DELAY', 5); From 9c0a747537e5d212415a1d3a2841d4ebece03093 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 12:50:07 +0100 Subject: [PATCH 37/46] adding vars from https://github.com/al3x/sovereign --- host_vars/localhost.example | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/host_vars/localhost.example b/host_vars/localhost.example index 8069dc0..de5640d 100644 --- a/host_vars/localhost.example +++ b/host_vars/localhost.example @@ -1,14 +1,37 @@ --- admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian + default_packages_debian: htop + description: machine test + +# NTP ntp_servers: - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org disable_ipv6: true + +# Mail domain: test.net + +# MariaDB mariadb_version: 10.0 mysql_root_password: changeme mysql_host: localhost + +# ircbouncer +znc_version: 1.4 + irc_nick: (required) + irc_ident: (required) + irc_realname: (required) + irc_quitmsg: (required) + irc_password_hash: (required) + irc_password_salt: (required) + +# xmpp +prosody_admin: "{{ admin_email }}" +prosody_virtual_domain: "{{ domain }}" +prosody_accounts: (required) + # vim: set textwidth=0 ft=yaml: From cd1bf4857a36f19671af2e2bc78ebba018dba3b7 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 12:51:31 +0100 Subject: [PATCH 38/46] redocumentation --- README.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 92aa937..88da047 100644 --- a/README.md +++ b/README.md @@ -30,15 +30,40 @@ example host file --- admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian + default_packages_debian: htop + description: machine test -ntp_server1: 0.pool.ntp.org -ntp_server2: 1.pool.ntp.org + +# NTP +ntp_servers: + - 0.pool.ntp.org + - 1.pool.ntp.org + - 2.pool.ntp.org disable_ipv6: true + +# Mail domain: test.net + +# MariaDB mariadb_version: 10.0 mysql_root_password: changeme mysql_host: localhost + +# ircbouncer +znc_version: 1.4 + irc_nick: (required) + irc_ident: (required) + irc_realname: (required) + irc_quitmsg: (required) + irc_password_hash: (required) + irc_password_salt: (required) + +# xmpp +prosody_admin: "admin@test.net" +prosody_virtual_domain: "test.net" +prosody_accounts: admin@test.net + # vim: set textwidth=0 ft=yaml: ``` From 5f7c0c0dce097503f6475526343b6673a4140393 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 12:56:15 +0100 Subject: [PATCH 39/46] completion with wallabag vars and xmpp role from https://github.com/al3x/sovereign --- README.md | 7 + host_vars/localhost.example | 15 +- roles/prosody/handlers/main.yml | 2 + roles/prosody/tasks/main.yml | 4 + roles/prosody/tasks/prosody.yml | 29 ++++ roles/prosody/templates/prosody.cfg.lua.j2 | 175 +++++++++++++++++++++ 6 files changed, 229 insertions(+), 3 deletions(-) create mode 100644 roles/prosody/handlers/main.yml create mode 100644 roles/prosody/tasks/main.yml create mode 100644 roles/prosody/tasks/prosody.yml create mode 100755 roles/prosody/templates/prosody.cfg.lua.j2 diff --git a/README.md b/README.md index 88da047..b407067 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,13 @@ prosody_admin: "admin@test.net" prosody_virtual_domain: "test.net" prosody_accounts: admin@test.net +#Wallabag +wallabag_version: 1.7.1 +wallabag_domain: "read.{{ domain }}" +# wallabag_salt: (required) +wallabag_db_username: wallabag +# wallabag_db_password: (required) +wallabag_db_database: wallabag # vim: set textwidth=0 ft=yaml: ``` diff --git a/host_vars/localhost.example b/host_vars/localhost.example index de5640d..e81ba03 100644 --- a/host_vars/localhost.example +++ b/host_vars/localhost.example @@ -30,8 +30,17 @@ znc_version: 1.4 irc_password_salt: (required) # xmpp -prosody_admin: "{{ admin_email }}" -prosody_virtual_domain: "{{ domain }}" -prosody_accounts: (required) +prosody_admin: admin@test.net +prosody_virtual_domain: test.net +prosody_accounts: admin@test.net + +# wallabag +wallabag_version: 1.7.1 +wallabag_domain: "read.test.net" +wallabag_salt: (required) +wallabag_db_username: wallabag +wallabag_db_password: (required) +wallabag_db_database: wallabag + # vim: set textwidth=0 ft=yaml: diff --git a/roles/prosody/handlers/main.yml b/roles/prosody/handlers/main.yml new file mode 100644 index 0000000..6d9847e --- /dev/null +++ b/roles/prosody/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart prosody + command: /etc/init.d/prosody restart \ No newline at end of file diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml new file mode 100644 index 0000000..45672eb --- /dev/null +++ b/roles/prosody/tasks/main.yml @@ -0,0 +1,4 @@ +--- +# Provides the Prosody Jabber/XMPP server. + +- include: prosody.yml tags=prosody diff --git a/roles/prosody/tasks/prosody.yml b/roles/prosody/tasks/prosody.yml new file mode 100644 index 0000000..b2231b6 --- /dev/null +++ b/roles/prosody/tasks/prosody.yml @@ -0,0 +1,29 @@ +- name: Ensure repository key for Prosody is in place + apt_key: url=https://prosody.im/files/prosody-debian-packages.key state=present + +# Prosody supplies repo for sid, squeeze, wheezy, jessie, trusty, saucy, raring, quantal, precise and lucid +- name: Add Prosody Debian/Ubuntu repository + apt_repository: repo="deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main" + +- name: Install Prosody from official repository + apt: pkg=prosody update_cache=yes + +- name: Add prosody user to ssl-cert group + user: name=prosody groups=ssl-cert append=yes + +- name: Create Prosody data directory + file: state=directory path=/decrypted/prosody owner=prosody group=prosody + +- name: Configure Prosody + template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua group=root owner=root + notify: restart prosody + +- name: Create Prosody accounts + command: prosodyctl register {{ item.name }} {{ prosody_virtual_domain }} "{{ item.password }}" + with_items: prosody_accounts + +- name: Set firewall rules for Prosody + ufw: rule=allow port={{ item }} proto=tcp + with_items: + - 5222 # xmpp c2s + - 5269 # xmpp s2s diff --git a/roles/prosody/templates/prosody.cfg.lua.j2 b/roles/prosody/templates/prosody.cfg.lua.j2 new file mode 100755 index 0000000..43d6df5 --- /dev/null +++ b/roles/prosody/templates/prosody.cfg.lua.j2 @@ -0,0 +1,175 @@ +-- Prosody XMPP Server Configuration +-- +-- Information on configuring Prosody can be found on our +-- website at http://prosody.im/doc/configure +-- +-- Tip: You can check that the syntax of this file is correct +-- when you have finished by running: luac -p prosody.cfg.lua +-- If there are any errors, it will let you know what and where +-- they are, otherwise it will keep quiet. +-- +-- Good luck, and happy Jabbering! + + +---------- Server-wide settings ---------- +-- Settings in this section apply to the whole server and are the default settings +-- for any virtual hosts + +-- This is a (by default, empty) list of accounts that are admins +-- for the server. Note that you must create the accounts separately +-- (see http://prosody.im/doc/creating_accounts for info) +-- Example: admins = { "user1@example.com", "user2@example.net" } +admins = { "{{ prosody_admin }}" } + +-- Enable use of libevent for better performance under high load +-- For more information see: http://prosody.im/doc/libevent +--use_libevent = true; + +-- This is the list of modules Prosody will load on startup. +-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. +-- Documentation on modules can be found at: http://prosody.im/doc/modules +modules_enabled = { + + -- Generally required + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + + -- Not essential, but recommended + "private"; -- Private XML storage (for room bookmarks, etc.) + "vcard"; -- Allow users to set vCards + + -- These are commented by default as they have a performance impact + "privacy"; -- Support privacy lists + --"compression"; -- Stream compression (requires the lua-zlib package installed) + + -- Nice to have + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + -- "pep"; -- Enables users to publish their mood, activity, playing music and more + "register"; -- Allow users to register on this server using a client and change passwords + + -- Admin interfaces + "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands + --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 + + -- HTTP modules + --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" + --"http_files"; -- Serve static files from a directory over HTTP + + -- Other specific functionality + --"groups"; -- Shared roster support + --"announce"; -- Send announcement to all online users + --"welcome"; -- Welcome users who register accounts + --"watchregistrations"; -- Alert admins of registrations + --"motd"; -- Send a message to users when they log in + --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. +}; + +-- These modules are auto-loaded, but should you want +-- to disable them then uncomment them here: +modules_disabled = { + -- "offline"; -- Store offline messages + -- "c2s"; -- Handle client connections + -- "s2s"; -- Handle server-to-server connections +}; + +-- Disable account creation by default, for security +-- For more information see http://prosody.im/doc/creating_accounts +allow_registration = false; + +-- These are the SSL/TLS-related settings. If you don't want +-- to use SSL/TLS, you may comment or remove this +ssl = { + key = "/etc/ssl/private/wildcard_private.key"; + certificate = "/etc/ssl/certs/wildcard_public_cert.crt"; +} + +-- Force clients to use encrypted connections? This option will +-- prevent clients from authenticating unless they are using encryption. + +c2s_require_encryption = true + +-- Force certificate authentication for server-to-server connections? +-- This provides ideal security, but requires servers you communicate +-- with to support encryption AND present valid, trusted certificates. +-- NOTE: Your version of LuaSec must support certificate verification! +-- For more information see http://prosody.im/doc/s2s#security + +s2s_secure_auth = false + +-- Many servers don't support encryption or have invalid or self-signed +-- certificates. You can list domains here that will not be required to +-- authenticate using certificates. They will be authenticated using DNS. + +--s2s_insecure_domains = { "gmail.com" } + +-- Even if you leave s2s_secure_auth disabled, you can still require valid +-- certificates for some domains by specifying a list here. + +--s2s_secure_domains = { "jabber.org" } + +-- Required for init scripts and prosodyctl +pidfile = "/var/run/prosody/prosody.pid" + +-- Select the authentication backend to use. The 'internal' providers +-- use Prosody's configured data storage to store the authentication data. +-- To allow Prosody to offer secure authentication mechanisms to clients, the +-- default provider stores passwords in plaintext. If you do not trust your +-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed +-- for information about using the hashed backend. + +authentication = "internal_plain" + +-- Select the storage backend to use. By default Prosody uses flat files +-- in its configured data directory, but it also supports more backends +-- through modules. An "sql" backend is included by default, but requires +-- additional dependencies. See http://prosody.im/doc/storage for more info. + +--storage = "sql" -- Default is "internal" + +-- For the "sql" backend, you can uncomment *one* of the below to configure: +--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. +--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } +--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } + +-- Logging configuration +-- For advanced logging see http://prosody.im/doc/logging +log = { + info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging + error = "/var/log/prosody/prosody.err"; + "*syslog"; +} + +data_path = "/decrypted/prosody" + +----------- Virtual hosts ----------- +-- You need to add a VirtualHost entry for each domain you wish Prosody to serve. +-- Settings under each VirtualHost entry apply *only* to that host. + +VirtualHost "{{ prosody_virtual_domain }}" + +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see http://prosody.im/doc/components + +---Set up a MUC (multi-user chat) room server on conference.example.com: +--Component "conference.example.com" "muc" + +-- Set up a SOCKS5 bytestream proxy for server-proxied file tr3ansfers: +--Component "proxy.example.com" "proxy65" + +---Set up an external component (default component port is 5347) +-- +-- External components allow adding various services, such as gateways/ +-- transports to other networks like ICQ, MSN and Yahoo. For more info +-- see: http://prosody.im/doc/components#adding_an_external_component +-- +--Component "gateway.example.com" +-- component_secret = "password" From eedfe3031a7dfb07283337795e277e7515fadd91 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 12:59:20 +0100 Subject: [PATCH 40/46] changing wallabag version --- host_vars/localhost.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_vars/localhost.example b/host_vars/localhost.example index e81ba03..6daeebb 100644 --- a/host_vars/localhost.example +++ b/host_vars/localhost.example @@ -35,7 +35,7 @@ prosody_virtual_domain: test.net prosody_accounts: admin@test.net # wallabag -wallabag_version: 1.7.1 +wallabag_version: 1.8.1 wallabag_domain: "read.test.net" wallabag_salt: (required) wallabag_db_username: wallabag From 1c45708e94e70d7d53af776f1d68bf61e48a850b Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 13:12:31 +0100 Subject: [PATCH 41/46] modifications on the mysql algorithm to simplify it, TODO : remove the variables with the SQL password of wallabag --- roles/wallabag/tasks/wallabag.yml | 24 +++++++------------ roles/wallabag/templates/root-wallabag.sql.j2 | 5 ++++ 2 files changed, 14 insertions(+), 15 deletions(-) create mode 100644 roles/wallabag/templates/root-wallabag.sql.j2 diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml index 1c2ded7..c424b0a 100644 --- a/roles/wallabag/tasks/wallabag.yml +++ b/roles/wallabag/tasks/wallabag.yml @@ -21,22 +21,16 @@ - php5-pgsql - php5-tidy -- name: Create database user for wallabag - postgresql_user: login_host=localhost - login_user={{ db_admin_username }} - login_password="{{ db_admin_password }}" - name={{ wallabag_db_username }} - password="{{ wallabag_db_password }}" - state=present +#- name: Import database user template +# template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql +# +#- name: Import sql file for account and db creation +# shell: mysql < /root/wallabag.sql -- name: Create database for wallabag - postgresql_db: login_host=localhost - login_user={{ db_admin_username }} - login_password="{{ db_admin_password }}" - name={{ wallabag_db_database }} - state=present - owner={{ wallabag_db_username }} - notify: import wallabag sql + +- name: Import wallabag sql + shell: mysql {{ wallabag_db_database }} < /var/www/wallabag/install/mysql.sql + notify: remove install folder - name: Build Composer shell: curl -sS https://getcomposer.org/installer | php diff --git a/roles/wallabag/templates/root-wallabag.sql.j2 b/roles/wallabag/templates/root-wallabag.sql.j2 new file mode 100644 index 0000000..3091d88 --- /dev/null +++ b/roles/wallabag/templates/root-wallabag.sql.j2 @@ -0,0 +1,5 @@ +CREATE USER 'wallabag'@'localhost' IDENTIFIED BY '{{ wallabag_db_password }}'; +GRANT USAGE ON * . * TO 'wallabag'@'localhost' IDENTIFIED BY '{{ wallabag_db_password }}' WITH MAX_QUERIES_PER_HOUR 0 +MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; +CREATE DATABASE IF NOT EXISTS `wallabag` ; +GRANT ALL PRIVILEGES ON `wallabag` . * TO 'wallabag'@'localhost'; From 204bc601a9c4dc0b7d4acfb18156b6bbe273d05d Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 13:13:47 +0100 Subject: [PATCH 42/46] modifications on the mysql algorithm to simplify it, TODO : remove the variables with the SQL password of wallabag --- roles/wallabag/tasks/wallabag.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml index c424b0a..18903b3 100644 --- a/roles/wallabag/tasks/wallabag.yml +++ b/roles/wallabag/tasks/wallabag.yml @@ -21,11 +21,11 @@ - php5-pgsql - php5-tidy -#- name: Import database user template -# template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql -# -#- name: Import sql file for account and db creation -# shell: mysql < /root/wallabag.sql +- name: Import database user template + template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql + +- name: Import sql file for account and db creation + shell: mysql < /root/wallabag.sql - name: Import wallabag sql From ef6bab919c24246cbaa41414aea588a136237827 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 13:18:11 +0100 Subject: [PATCH 43/46] adding apache2 handler --- roles/wallabag/handlers/main.yml | 4 ++++ roles/wallabag/tasks/wallabag.yml | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/wallabag/handlers/main.yml b/roles/wallabag/handlers/main.yml index 9a51f87..144ad7a 100644 --- a/roles/wallabag/handlers/main.yml +++ b/roles/wallabag/handlers/main.yml @@ -1,6 +1,10 @@ - name: import wallabag sql shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1 notify: remove install folder +#' +- name: restart apache2 + service: name=apache2 state=restarted + - name: remove install folder file: path=/var/www/wallabag/install state=absent diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml index 18903b3..c424b0a 100644 --- a/roles/wallabag/tasks/wallabag.yml +++ b/roles/wallabag/tasks/wallabag.yml @@ -21,11 +21,11 @@ - php5-pgsql - php5-tidy -- name: Import database user template - template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql - -- name: Import sql file for account and db creation - shell: mysql < /root/wallabag.sql +#- name: Import database user template +# template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql +# +#- name: Import sql file for account and db creation +# shell: mysql < /root/wallabag.sql - name: Import wallabag sql From 6a6fb3ab129252e64ef23f85968588dec9cbdca6 Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 13:18:46 +0100 Subject: [PATCH 44/46] adding apache2 handler --- roles/wallabag/tasks/wallabag.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml index c424b0a..18903b3 100644 --- a/roles/wallabag/tasks/wallabag.yml +++ b/roles/wallabag/tasks/wallabag.yml @@ -21,11 +21,11 @@ - php5-pgsql - php5-tidy -#- name: Import database user template -# template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql -# -#- name: Import sql file for account and db creation -# shell: mysql < /root/wallabag.sql +- name: Import database user template + template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql + +- name: Import sql file for account and db creation + shell: mysql < /root/wallabag.sql - name: Import wallabag sql From 8f0e512d3063655beacbe479237a63e45c3486af Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Sun, 4 Jan 2015 14:28:42 +0100 Subject: [PATCH 45/46] doc README.md --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index b407067..458296e 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,18 @@ roles * Common * provides **common** configuration * https://github.com/nojhan/liquidprompt <3 +* Wallabag + * provides **Wallabag** configuration + * Imported with <3 from https://github.com/al3x/sovereign/ + * **Not yet READY** +* Prosody + * Provides XMPP (Jabber) server + * Imported with <3 from https://github.com/al3x/sovereign/ + * **Not yet READY** +* IRCBouncer + * Provides a ZNC Config + * Imported with <3 from https://github.com/al3x/sovereign/ + * **Not yet READY** * Mail * provides a complete **mail** server for a given domain name and the vdomain capability for other domains. * **Note** : This role starts in order : common, mariadb, and mail. If you don't want one of them, please comment out. From 133c65e13624996240304e11fe7b89d50b12bebb Mon Sep 17 00:00:00 2001 From: theonlydoo Date: Mon, 5 Jan 2015 13:03:10 +0100 Subject: [PATCH 46/46] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 458296e..e2704dd 100644 --- a/README.md +++ b/README.md @@ -77,11 +77,11 @@ prosody_virtual_domain: "test.net" prosody_accounts: admin@test.net #Wallabag -wallabag_version: 1.7.1 +wallabag_version: 1.8.1 wallabag_domain: "read.{{ domain }}" -# wallabag_salt: (required) +wallabag_salt: (required) wallabag_db_username: wallabag -# wallabag_db_password: (required) +wallabag_db_password: (required) wallabag_db_database: wallabag # vim: set textwidth=0 ft=yaml: