@ -1,12 +1,46 @@ | |||||
--- | |||||
--- | |||||
admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian | admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian | ||||
default_packages_debian: htop | default_packages_debian: htop | ||||
description: machine test | description: machine test | ||||
ntp_server1: 0.pool.ntp.org | |||||
ntp_server2: 1.pool.ntp.org | |||||
# NTP | |||||
ntp_servers: | |||||
- 0.pool.ntp.org | |||||
- 1.pool.ntp.org | |||||
- 2.pool.ntp.org | |||||
disable_ipv6: true | disable_ipv6: true | ||||
domain: test.net | domain: test.net | ||||
# MariaDB | |||||
mariadb_version: 10.0 | mariadb_version: 10.0 | ||||
mysql_root_password: changeme | mysql_root_password: changeme | ||||
mysql_host: localhost | mysql_host: localhost | ||||
# ircbouncer | |||||
znc_version: 1.4 | |||||
irc_nick: (required) | |||||
irc_ident: (required) | |||||
irc_realname: (required) | |||||
irc_quitmsg: (required) | |||||
irc_password_hash: (required) | |||||
irc_password_salt: (required) | |||||
# xmpp | |||||
prosody_admin: admin@test.net | |||||
prosody_virtual_domain: test.net | |||||
prosody_accounts: admin@test.net | |||||
# wallabag | |||||
wallabag_version: 1.8.1 | |||||
wallabag_domain: "read.test.net" | |||||
wallabag_salt: (required) | |||||
wallabag_db_username: wallabag | |||||
wallabag_db_password: (required) | |||||
wallabag_db_database: wallabag | |||||
# vim: set textwidth=0 ft=yaml: | # vim: set textwidth=0 ft=yaml: |
@ -0,0 +1,11 @@ | |||||
--- | |||||
- name: Deployer et configurer mariadb | |||||
hosts: all | |||||
user: root | |||||
gather_facts: yes | |||||
roles: | |||||
- mariadb | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: |
@ -0,0 +1,14 @@ | |||||
--- | |||||
- name: Deployer et configurer un serveur ownCloud sous NGINX + PHP5-FPM + MariaDB | |||||
hosts: all | |||||
user: root | |||||
gather_facts: yes | |||||
roles: | |||||
- common | |||||
- mariadb | |||||
- nginx | |||||
- owncloud | |||||
@ -0,0 +1,139 @@ | |||||
#! /bin/sh | |||||
### BEGIN INIT INFO | |||||
# Provides: znc | |||||
# Required-Start: $remote_fs $syslog | |||||
# Required-Stop: $remote_fs $syslog | |||||
# Default-Start: 2 3 4 5 | |||||
# Default-Stop: 0 1 6 | |||||
# Short-Description: ZNC IRC bouncer | |||||
# Description: ZNC is an IRC bouncer | |||||
### END INIT INFO | |||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin | |||||
DESC="ZNC daemon" | |||||
NAME=znc | |||||
DAEMON=/usr/local/bin/$NAME | |||||
DATADIR=/var/lib/znc | |||||
DAEMON_ARGS="--datadir=$DATADIR" | |||||
PIDDIR=/var/run/znc | |||||
PIDFILE=$PIDDIR/$NAME.pid | |||||
SCRIPTNAME=/etc/init.d/$NAME | |||||
USER=znc | |||||
GROUP=znc | |||||
# Exit if the package is not installed | |||||
[ -x "$DAEMON" ] || exit 0 | |||||
# Read configuration variable file if it is present | |||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME | |||||
# Load the VERBOSE setting and other rcS variables | |||||
. /lib/init/vars.sh | |||||
# Define LSB log_* functions. | |||||
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present | |||||
# and status_of_proc is working. | |||||
. /lib/lsb/init-functions | |||||
# | |||||
# Function that starts the daemon/service | |||||
# | |||||
do_start() | |||||
{ | |||||
# Return | |||||
# 0 if daemon has been started | |||||
# 1 if daemon was already running | |||||
# 2 if daemon could not be started | |||||
if [ ! -d $PIDDIR ] | |||||
then | |||||
mkdir $PIDDIR | |||||
fi | |||||
chown $USER:$GROUP $PIDDIR | |||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1 | |||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2 | |||||
} | |||||
# | |||||
# Function that stops the daemon/service | |||||
# | |||||
do_stop() | |||||
{ | |||||
# Return | |||||
# 0 if daemon has been stopped | |||||
# 1 if daemon was already stopped | |||||
# 2 if daemon could not be stopped | |||||
# other if a failure occurred | |||||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER | |||||
RETVAL="$?" | |||||
[ "$RETVAL" = 2 ] && return 2 | |||||
# Wait for children to finish too if this is a daemon that forks | |||||
# and if the daemon is only ever run from this initscript. | |||||
# If the above conditions are not satisfied then add some other code | |||||
# that waits for the process to drop all resources that could be | |||||
# needed by services started subsequently. A last resort is to | |||||
# sleep for some time. | |||||
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER | |||||
[ "$?" = 2 ] && return 2 | |||||
# Many daemons don't delete their pidfiles when they exit. | |||||
rm -f $PIDFILE | |||||
return "$RETVAL" | |||||
} | |||||
# | |||||
# Function that sends a SIGHUP to the daemon/service | |||||
# | |||||
do_reload() { | |||||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER | |||||
return 0 | |||||
} | |||||
case "$1" in | |||||
start) | |||||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" | |||||
do_start | |||||
case "$?" in | |||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |||||
esac | |||||
;; | |||||
stop) | |||||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" | |||||
do_stop | |||||
case "$?" in | |||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |||||
esac | |||||
;; | |||||
status) | |||||
status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? | |||||
;; | |||||
reload) | |||||
log_daemon_msg "Reloading $DESC" "$NAME" | |||||
do_reload | |||||
log_end_msg $? | |||||
;; | |||||
restart) | |||||
log_daemon_msg "Restarting $DESC" "$NAME" | |||||
do_stop | |||||
case "$?" in | |||||
0|1) | |||||
do_start | |||||
case "$?" in | |||||
0) log_end_msg 0 ;; | |||||
1) log_end_msg 1 ;; # Old process is still running | |||||
*) log_end_msg 1 ;; # Failed to start | |||||
esac | |||||
;; | |||||
*) | |||||
# Failed to stop | |||||
log_end_msg 1 | |||||
;; | |||||
esac | |||||
;; | |||||
*) | |||||
echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2 | |||||
exit 3 | |||||
;; | |||||
esac | |||||
: |
@ -0,0 +1,2 @@ | |||||
- name: restart znc | |||||
service: name=znc state=restarted |
@ -0,0 +1 @@ | |||||
- include: znc.yml tags=znc |
@ -0,0 +1,65 @@ | |||||
# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon | |||||
- name: Install znc dependencies | |||||
apt: pkg={{ item }} state=installed | |||||
with_items: | |||||
- automake | |||||
- build-essential | |||||
- checkinstall | |||||
- g++ | |||||
- libperl-dev | |||||
- libsasl2-dev | |||||
- libssl-dev | |||||
- libtool | |||||
- openssl | |||||
- pkg-config | |||||
- python3-dev | |||||
- swig | |||||
- name: Download znc release | |||||
get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz | |||||
- name: Decompress znc source | |||||
command: tar xzf /root/znc-{{ znc_version }}.tar.gz chdir=/root creates=/root/znc-{{ znc_version }}/configure | |||||
- name: Build and install znc | |||||
shell: ./configure --enable-python && make && make install executable=/bin/bash chdir=/root/znc-{{ znc_version }} creates=/usr/local/bin/znc | |||||
notify: restart znc | |||||
- name: Create znc group | |||||
group: name=znc state=present | |||||
- name: Create znc user | |||||
user: name=znc state=present home=/var/lib/znc system=yes group=znc shell=/usr/sbin/nologin | |||||
- name: Copy znc init file into place | |||||
copy: src=etc_init.d_znc dest=/etc/init.d/znc mode=0755 | |||||
- name: Create a combined version of the private key with public cert and intermediate + root CAs | |||||
shell: cat /etc/ssl/private/wildcard_private.key /etc/ssl/certs/wildcard_combined.pem > | |||||
/var/lib/znc/znc.pem creates=/var/lib/znc/znc.pem | |||||
notify: restart znc | |||||
- name: Ensure znc user and group can read cert | |||||
file: path=/var/lib/znc/znc.pem group=znc owner=znc mode=640 | |||||
notify: restart znc | |||||
- name: Check for existing config file | |||||
command: cat /var/lib/znc/configs/znc.conf | |||||
register: znc_config | |||||
ignore_errors: True | |||||
changed_when: False # never report as "changed" | |||||
- name: Create znc config directory | |||||
file: state=directory path=/var/lib/znc/configs group=znc owner=znc | |||||
- name: Copy znc configuration file into place | |||||
template: src=var_lib_znc_configs_znc.conf.j2 dest=/var/lib/znc/configs/znc.conf owner=znc group=znc | |||||
when: znc_config.rc != 0 | |||||
notify: restart znc | |||||
- name: Set firewall rule for znc | |||||
ufw: rule=allow port=6697 proto=tcp | |||||
- name: Ensure znc is a system service | |||||
service: name=znc state=started enabled=true |
@ -0,0 +1,84 @@ | |||||
// WARNING | |||||
// | |||||
// Do NOT edit this file while ZNC is running! | |||||
// Use webadmin or *controlpanel instead. | |||||
// | |||||
// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash. | |||||
// Also check http://en.znc.in/wiki/Configuration | |||||
AnonIPLimit = 10 | |||||
ConnectDelay = 5 | |||||
LoadModule = webadmin | |||||
LoadModule = fail2ban | |||||
LoadModule = lastseen | |||||
LoadModule = partyline | |||||
MaxBufferSize = 500 | |||||
Motd = Connected to ZNC | |||||
PidFile = /var/run/znc/znc.pid | |||||
ProtectWebSessions = true | |||||
SSLCertFile = /var/lib/znc/znc.pem | |||||
ServerThrottle = 30 | |||||
Skin = _default_ | |||||
StatusPrefix = * | |||||
Version = 1.0 | |||||
<Listener listener0> | |||||
AllowIRC = true | |||||
AllowWeb = false | |||||
IPv4 = true | |||||
IPv6 = true | |||||
Port = 6697 | |||||
SSL = true | |||||
</Listener> | |||||
<Listener listener1> | |||||
AllowIRC = false | |||||
AllowWeb = true | |||||
IPv4 = true | |||||
IPv6 = true | |||||
Port = 6643 | |||||
SSL = false | |||||
</Listener> | |||||
<User {{ irc_nick }}> | |||||
Admin = true | |||||
Allow = * | |||||
AltNick = {{ irc_nick }}_ | |||||
AppendTimestamp = false | |||||
AutoClearChanBuffer = true | |||||
Buffer = 5000 | |||||
ChanModes = +stn | |||||
DenyLoadMod = false | |||||
DenySetBindHost = false | |||||
Ident = {{ irc_ident }} | |||||
JoinTries = 10 | |||||
LoadModule = controlpanel | |||||
LoadModule = perform | |||||
LoadModule = block_motd | |||||
LoadModule = clientnotify | |||||
MaxNetworks = 1 | |||||
MultiClients = true | |||||
Nick = {{ irc_nick }} | |||||
PrependTimestamp = true | |||||
QuitMsg = {{ irc_quitmsg }} | |||||
RealName = {{ irc_realname }} | |||||
TimestampFormat = [%H:%M:%S] | |||||
Timezone = {{ irc_timezone }} | |||||
<Pass password> | |||||
Method = sha256 | |||||
Hash = {{ irc_password_hash }} | |||||
Salt = {{ irc_password_salt }} | |||||
</Pass> | |||||
<Network freenode> | |||||
BindHost = 0.0.0.0 | |||||
FloodBurst = 4 | |||||
FloodRate = 1.00 | |||||
IRCConnectEnabled = true | |||||
LoadModule = kickrejoin | |||||
LoadModule = nickserv | |||||
LoadModule = savebuff | |||||
Server = chat.freenode.net +6697 | |||||
</Network> | |||||
</User> |
@ -1,452 +0,0 @@ | |||||
<?php | |||||
/** | |||||
* Postfix Admin | |||||
* | |||||
* LICENSE | |||||
* This source file is subject to the GPL license that is bundled with | |||||
* this package in the file LICENSE.TXT. | |||||
* | |||||
* Further details on the project are available at : | |||||
* http://www.postfixadmin.com or http://postfixadmin.sf.net | |||||
* | |||||
* @version $Id: config.inc.php 935 2011-01-02 21:33:13Z christian_boltz $ | |||||
* @license GNU GPL v2 or later. | |||||
* | |||||
* File: config.inc.php | |||||
* Contains configuration options. | |||||
*/ | |||||
// This loads the automatic generated DB credentials from /etc/postfixadmin/dbconfig.inc.php | |||||
require_once('dbconfig.inc.php'); | |||||
if (!isset($dbserver) || empty($dbserver)) | |||||
$dbserver='localhost'; | |||||
/***************************************************************** | |||||
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |||||
* You have to set $CONF['configured'] = true; before the | |||||
* application will run! | |||||
* Doing this implies you have changed this file as required. | |||||
* i.e. configuring database etc; specifying setup.php password etc. | |||||
*/ | |||||
$CONF['configured'] = true; | |||||
// In order to setup Postfixadmin, you MUST specify a hashed password here. | |||||
// To create the hash, visit setup.php in a browser and type a password into the field, | |||||
// on submission it will be echoed out to you as a hashed value. | |||||
$CONF['setup_password'] = '{{ dbpassword }}'; | |||||
} | |||||
} | |||||
// Postfix Admin Path | |||||
// Set the location of your Postfix Admin installation here. | |||||
// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin | |||||
$CONF['postfix_admin_url'] = '/postfixadmin'; | |||||
// shouldn't need changing. | |||||
$CONF['postfix_admin_path'] = dirname(__FILE__); | |||||
// Language config | |||||
// Language files are located in './languages', change as required.. | |||||
$CONF['default_language'] = 'en'; | |||||
// Database Config | |||||
// mysql = MySQL 3.23 and 4.0, 4.1 or 5 | |||||
// mysqli = MySQL 4.1+ | |||||
// pgsql = PostgreSQL | |||||
$CONF['database_type'] = $dbtype; | |||||
$CONF['database_host'] = $dbserver; | |||||
$CONF['database_user'] = $dbuser; | |||||
$CONF['database_password'] = $dbpass; | |||||
$CONF['database_name'] = $dbname; | |||||
// If you need to specify a different port for a MYSQL database connection, use e.g. | |||||
// $CONF['database_host'] = '172.30.33.66:3308'; | |||||
// If you need to specify a different port for POSTGRESQL database connection | |||||
// uncomment and change the following | |||||
// $CONF['database_port'] = '5432'; | |||||
// Here, if you need, you can customize table names. | |||||
$CONF['database_prefix'] = ''; | |||||
$CONF['database_tables'] = array ( | |||||
'admin' => 'admin', | |||||
'alias' => 'alias', | |||||
'alias_domain' => 'alias_domain', | |||||
'config' => 'config', | |||||
'domain' => 'domain', | |||||
'domain_admins' => 'domain_admins', | |||||
'fetchmail' => 'fetchmail', | |||||
'log' => 'log', | |||||
'mailbox' => 'mailbox', | |||||
'vacation' => 'vacation', | |||||
'vacation_notification' => 'vacation_notification', | |||||
'quota' => 'quota', | |||||
'quota2' => 'quota2', | |||||
); | |||||
// Site Admin | |||||
// Define the Site Admins email address below. | |||||
// This will be used to send emails from to create mailboxes. | |||||
$CONF['admin_email'] = 'postmaster@{{ domain }}'; | |||||
// Mail Server | |||||
// Hostname (FQDN) of your mail server. | |||||
// This is used to send email to Postfix in order to create mailboxes. | |||||
$CONF['smtp_server'] = 'localhost'; | |||||
$CONF['smtp_port'] = '25'; | |||||
// Encrypt | |||||
// In what way do you want the passwords to be crypted? | |||||
// md5crypt = internal postfix admin md5 | |||||
// md5 = md5 sum of the password | |||||
// system = whatever you have set as your PHP system default | |||||
// cleartext = clear text passwords (ouch!) | |||||
// mysql_encrypt = useful for PAM integration | |||||
// authlib = support for courier-authlib style passwords | |||||
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 | |||||
$CONF['encrypt'] = 'md5crypt'; | |||||
// In what flavor should courier-authlib style passwords be enrypted? | |||||
// md5 = {md5} + base64 encoded md5 hash | |||||
// md5raw = {md5raw} + plain encoded md5 hash | |||||
// SHA = {SHA} + base64-encoded sha1 hash | |||||
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt | |||||
$CONF['authlib_default_flavor'] = 'md5raw'; | |||||
// If you use the dovecot encryption method: where is the dovecotpw binary located? | |||||
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw"; | |||||
// Minimum length required for passwords. Postfixadmin will not | |||||
// allow users to set passwords which are shorter than this value. | |||||
$CONF['min_password_length'] = 5; | |||||
// Generate Password | |||||
// Generate a random password for a mailbox or admin and display it. | |||||
// If you want to automagically generate paswords set this to 'YES'. | |||||
$CONF['generate_password'] = 'NO'; | |||||
// Show Password | |||||
// Always show password after adding a mailbox or admin. | |||||
// If you want to always see what password was set set this to 'YES'. | |||||
$CONF['show_password'] = 'NO'; | |||||
// Page Size | |||||
// Set the number of entries that you would like to see | |||||
// in one page. | |||||
$CONF['page_size'] = '10'; | |||||
// Default Aliases | |||||
// The default aliases that need to be created for all domains. | |||||
$CONF['default_aliases'] = array ( | |||||
'abuse' => 'abuse@{{ domain }}', | |||||
'hostmaster' => 'hostmaster@{{ domain }}', | |||||
'postmaster' => 'postmaster@{{ domain }}', | |||||
'webmaster' => 'webmaster@{{ domain }}' | |||||
); | |||||
// Mailboxes | |||||
// If you want to store the mailboxes per domain set this to 'YES'. | |||||
// Examples: | |||||
// YES: /usr/local/virtual/domain.tld/username@domain.tld | |||||
// NO: /usr/local/virtual/username@domain.tld | |||||
$CONF['domain_path'] = 'NO'; | |||||
// If you don't want to have the domain in your mailbox set this to 'NO'. | |||||
// Examples: | |||||
// YES: /usr/local/virtual/domain.tld/username@domain.tld | |||||
// NO: /usr/local/virtual/domain.tld/username | |||||
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES. | |||||
$CONF['domain_in_mailbox'] = 'YES'; | |||||
// If you want to define your own function to generate a maildir path set this to the name of the function. | |||||
// Notes: | |||||
// - this configuration directive will override both domain_path and domain_in_mailbox | |||||
// - the maildir_name_hook() function example is present below, commented out | |||||
// - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings | |||||
$CONF['maildir_name_hook'] = 'NO'; | |||||
/* | |||||
maildir_name_hook example function | |||||
Called by create-mailbox.php if $CONF['maildir_name_hook'] == '<name_of_the_function>' | |||||
- allows for customized maildir paths determined by a custom function | |||||
- the example below will prepend a single-character directory to the | |||||
beginning of the maildir, splitting domains more or less evenly over | |||||
36 directories for improved filesystem performance with large numbers | |||||
of domains. | |||||
Returns: maildir path | |||||
ie. I/example.com/user/ | |||||
*/ | |||||
/* | |||||
function maildir_name_hook($domain, $user) { | |||||
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; | |||||
$dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars); | |||||
$dir = substr($chars, $dir_index, 1); | |||||
return sprintf("%s/%s/%s/", $dir, $domain, $user); | |||||
} | |||||
*/ | |||||
// Default Domain Values | |||||
// Specify your default values below. Quota in MB. | |||||
$CONF['aliases'] = '10'; | |||||
$CONF['mailboxes'] = '10'; | |||||
$CONF['maxquota'] = '10'; | |||||
// Quota | |||||
// When you want to enforce quota for your mailbox users set this to 'YES'. | |||||
$CONF['quota'] = 'NO'; | |||||
// You can either use '1024000' or '1048576' | |||||
$CONF['quota_multiplier'] = '1024000'; | |||||
// Transport | |||||
// If you want to define additional transport options for a domain set this to 'YES'. | |||||
// Read the transport file of the Postfix documentation. | |||||
$CONF['transport'] = 'NO'; | |||||
// Transport options | |||||
// If you want to define additional transport options put them in array below. | |||||
$CONF['transport_options'] = array ( | |||||
'virtual', // for virtual accounts | |||||
'local', // for system accounts | |||||
'relay' // for backup mx | |||||
); | |||||
// Transport default | |||||
// You should define default transport. It must be in array above. | |||||
$CONF['transport_default'] = 'virtual'; | |||||
// Virtual Vacation | |||||
// If you want to use virtual vacation for you mailbox users set this to 'YES'. | |||||
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/) | |||||
$CONF['vacation'] = 'NO'; | |||||
// This is the autoreply domain that you will need to set in your Postfix | |||||
// transport maps to handle virtual vacations. It does not need to be a | |||||
// real domain (i.e. you don't need to setup DNS for it). | |||||
$CONF['vacation_domain'] = 'autoreply.{{ domain }}'; | |||||
// Vacation Control | |||||
// If you want users to take control of vacation set this to 'YES'. | |||||
$CONF['vacation_control'] ='YES'; | |||||
// Vacation Control for admins | |||||
// Set to 'YES' if your domain admins should be able to edit user vacation. | |||||
$CONF['vacation_control_admin'] = 'YES'; | |||||
// Alias Control | |||||
// Postfix Admin inserts an alias in the alias table for every mailbox it creates. | |||||
// The reason for this is that when you want catch-all and normal mailboxes | |||||
// to work you need to have the mailbox replicated in the alias table. | |||||
// If you want to take control of these aliases as well set this to 'YES'. | |||||
// Alias control for superadmins | |||||
$CONF['alias_control'] = 'NO'; | |||||
// Alias Control for domain admins | |||||
$CONF['alias_control_admin'] = 'NO'; | |||||
// Special Alias Control | |||||
// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases | |||||
// as defined in $CONF['default_aliases'] | |||||
$CONF['special_alias_control'] = 'NO'; | |||||
// Alias Goto Field Limit | |||||
// Set the max number of entries that you would like to see | |||||
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added. | |||||
// '0' means no limits. | |||||
$CONF['alias_goto_limit'] = '0'; | |||||
// Alias Domains | |||||
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes | |||||
// configuration easier if you need the same set of aliases on multiple domains, but | |||||
// also requires postfix to do more database queries. | |||||
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration. | |||||
// Set to 'NO' to disable alias domains. | |||||
$CONF['alias_domain'] = 'YES'; | |||||
// Backup | |||||
// If you don't want backup tab set this to 'NO'; | |||||
$CONF['backup'] = 'YES'; | |||||
// Send Mail | |||||
// If you don't want sendmail tab set this to 'NO'; | |||||
$CONF['sendmail'] = 'YES'; | |||||
// Logging | |||||
// If you don't want logging set this to 'NO'; | |||||
$CONF['logging'] = 'YES'; | |||||
// Fetchmail | |||||
// If you don't want fetchmail tab set this to 'NO'; | |||||
$CONF['fetchmail'] = 'YES'; | |||||
// fetchmail_extra_options allows users to specify any fetchmail options and any MDA | |||||
// (it will even accept 'rm -rf /' as MDA!) | |||||
// This should be set to NO, except if you *really* trust *all* your users. | |||||
$CONF['fetchmail_extra_options'] = 'NO'; | |||||
// Header | |||||
$CONF['show_header_text'] = 'NO'; | |||||
$CONF['header_text'] = ':: Postfix Admin ::'; | |||||
// link to display under 'Main' menu when logged in as a user. | |||||
$CONF['user_footer_link'] = "http://{{ domain }}/main"; | |||||
// Footer | |||||
// Below information will be on all pages. | |||||
// If you don't want the footer information to appear set this to 'NO'. | |||||
$CONF['show_footer_text'] = 'YES'; | |||||
$CONF['footer_text'] = 'Return to {{ domain }}'; | |||||
$CONF['footer_link'] = 'http://{{ domain }}'; | |||||
// Welcome Message | |||||
// This message is send to every newly created mailbox. | |||||
// Change the text between EOM. | |||||
$CONF['welcome_text'] = <<<EOM | |||||
Hi, | |||||
Welcome to your new account. | |||||
EOM; | |||||
// When creating mailboxes or aliases, check that the domain-part of the | |||||
// address is legal by performing a name server look-up. | |||||
$CONF['emailcheck_resolve_domain']='YES'; | |||||
// Optional: | |||||
// Analyze alias gotos and display a colored block in the first column | |||||
// indicating if an alias or mailbox appears to deliver to a non-existent | |||||
// account. Also, display indications, for POP/IMAP mailboxes and | |||||
// for custom destinations (such as mailboxes that forward to a UNIX shell | |||||
// account or mail that is sent to a MS exchange server, or any other | |||||
// domain or subdomain you use) | |||||
// See http://www.w3schools.com/html/html_colornames.asp for a list of | |||||
// color names available on most browsers | |||||
//set to YES to enable this feature | |||||
$CONF['show_status']='NO'; | |||||
//display a guide to what these colors mean | |||||
$CONF['show_status_key']='NO'; | |||||
// 'show_status_text' will be displayed with the background colors | |||||
// associated with each status, you can customize it here | |||||
$CONF['show_status_text']=' '; | |||||
// show_undeliverable is useful if most accounts are delivered to this | |||||
// postfix system. If many aliases and mailboxes are forwarded | |||||
// elsewhere, you will probably want to disable this. | |||||
$CONF['show_undeliverable']='NO'; | |||||
$CONF['show_undeliverable_color']='tomato'; | |||||
// mails to these domains will never be flagged as undeliverable | |||||
$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com"); | |||||
$CONF['show_popimap']='NO'; | |||||
$CONF['show_popimap_color']='darkgrey'; | |||||
// you can assign special colors to some domains. To do this, | |||||
// - add the domain to show_custom_domains | |||||
// - add the corresponding color to show_custom_colors | |||||
$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext"); | |||||
$CONF['show_custom_colors']=array("lightgreen","lightblue"); | |||||
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked. | |||||
// Example: $CONF['recipient_delimiter'] = "+"; | |||||
// Set to "" to disable this check. | |||||
$CONF['recipient_delimiter'] = ""; | |||||
// Optional: | |||||
// Script to run after creation of mailboxes. | |||||
// Note that this may fail if PHP is run in "safe mode", or if | |||||
// operating system features (such as SELinux) or limitations | |||||
// prevent the web-server from executing external scripts. | |||||
// Parameters: (1) username (2) domain (3) maildir (4) quota | |||||
// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh'; | |||||
// Optional: | |||||
// Script to run after alteration of mailboxes. | |||||
// Note that this may fail if PHP is run in "safe mode", or if | |||||
// operating system features (such as SELinux) or limitations | |||||
// prevent the web-server from executing external scripts. | |||||
// Parameters: (1) username (2) domain (3) maildir (4) quota | |||||
// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh'; | |||||
// Optional: | |||||
// Script to run after deletion of mailboxes. | |||||
// Note that this may fail if PHP is run in "safe mode", or if | |||||
// operating system features (such as SELinux) or limitations | |||||
// prevent the web-server from executing external scripts. | |||||
// Parameters: (1) username (2) domain | |||||
// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh'; | |||||
// Optional: | |||||
// Script to run after creation of domains. | |||||
// Note that this may fail if PHP is run in "safe mode", or if | |||||
// operating system features (such as SELinux) or limitations | |||||
// prevent the web-server from executing external scripts. | |||||
// Parameters: (1) domain | |||||
//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh'; | |||||
// Optional: | |||||
// Script to run after deletion of domains. | |||||
// Note that this may fail if PHP is run in "safe mode", or if | |||||
// operating system features (such as SELinux) or limitations | |||||
// prevent the web-server from executing external scripts. | |||||
// Parameters: (1) domain | |||||
// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh'; | |||||
// Optional: | |||||
// Sub-folders which should automatically be created for new users. | |||||
// The sub-folders will also be subscribed to automatically. | |||||
// Will only work with IMAP server which implement sub-folders. | |||||
// Will not work with POP3. | |||||
// If you define create_mailbox_subdirs, then the | |||||
// create_mailbox_subdirs_host must also be defined. | |||||
// | |||||
// $CONF['create_mailbox_subdirs']=array('Spam'); | |||||
// $CONF['create_mailbox_subdirs_host']='localhost'; | |||||
// | |||||
// Specify '' for Dovecot and 'INBOX.' for Courier. | |||||
$CONF['create_mailbox_subdirs_prefix']='INBOX.'; | |||||
// Optional: | |||||
// Show used quotas from Dovecot dictionary backend in virtual | |||||
// mailbox listing. | |||||
// See: DOCUMENTATION/DOVECOT.txt | |||||
// http://wiki.dovecot.org/Quota/Dict | |||||
// | |||||
$CONF['used_quotas'] = 'NO'; | |||||
// if you use dovecot >= 1.2, set this to yes. | |||||
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer | |||||
$CONF['new_quota_table'] = 'NO'; | |||||
// | |||||
// Normally, the TCP port number does not have to be specified. | |||||
// $CONF['create_mailbox_subdirs_hostport']=143; | |||||
// | |||||
// If you have trouble connecting to the IMAP-server, then specify | |||||
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These | |||||
// are some examples to experiment with: | |||||
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls'); | |||||
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh'); | |||||
// See also the "Optional flags for names" table at | |||||
// http://www.php.net/manual/en/function.imap-open.php | |||||
// Theme Config | |||||
// Specify your own logo and CSS file | |||||
$CONF['theme_logo'] = 'images/logo-default.png'; | |||||
$CONF['theme_css'] = 'css/default.css'; | |||||
// XMLRPC Interface. | |||||
// This should be only of use if you wish to use e.g the | |||||
// Postfixadmin-Squirrelmail package | |||||
// change to boolean true to enable xmlrpc | |||||
$CONF['xmlrpc_enabled'] = false; | |||||
// If you want to keep most settings at default values and/or want to ensure | |||||
// that future updates work without problems, you can use a separate config | |||||
// file (config.local.php) instead of editing this file and override some | |||||
// settings there. | |||||
if (file_exists(dirname(__FILE__) . '/config.local.php')) { | |||||
include(dirname(__FILE__) . '/config.local.php'); | |||||
} | |||||
// | |||||
// END OF CONFIG FILE | |||||
// | |||||
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */ |
@ -0,0 +1 @@ | |||||
/etc/postfixadmin/config.inc.php |
@ -1,5 +1,5 @@ | |||||
driver = mysql | driver = mysql | ||||
connect = host=127.0.0.1 dbname=postfix user=postfix password={{ dbpassword }} | |||||
connect = host=127.0.0.1 dbname=postfix user=postfix password={{ dbpassword.stdout }} | |||||
default_pass_scheme = MD5-CRYPT | default_pass_scheme = MD5-CRYPT | ||||
user_query = SELECT '/home/facteur/%d/%n' as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u' | user_query = SELECT '/home/facteur/%d/%n' as home, 3000 AS uid, 3000 AS gid FROM mailbox WHERE username = '%u' | ||||
password_query = SELECT password FROM mailbox WHERE username = '%u' | password_query = SELECT password FROM mailbox WHERE username = '%u' |
@ -1,51 +1,49 @@ | |||||
## Dovecot configuration file | |||||
protocols = imap imaps pop3 pop3s managesieve | |||||
log_timestamp = "%Y-%m-%d %H:%M:%S " | |||||
mail_privileged_group = mail | |||||
# 2.1.7: /etc/dovecot/dovecot.conf | |||||
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.7 ext4 | |||||
!include conf.d/*.conf | |||||
disable_plaintext_auth = no | disable_plaintext_auth = no | ||||
log_timestamp = "%Y-%m-%d %H:%M:%S " | |||||
mail_location = maildir:/home/facteur/%d/%n:INDEX=/home/facteur/%d/%n/indexes | mail_location = maildir:/home/facteur/%d/%n:INDEX=/home/facteur/%d/%n/indexes | ||||
protocol imap { | |||||
} | |||||
protocol pop3 { | |||||
} | |||||
protocol managesieve { | |||||
listen = *:4190 | |||||
login_executable = /usr/lib/dovecot/managesieve-login | |||||
mail_executable = /usr/lib/dovecot/managesieve | |||||
mail_privileged_group = mail | |||||
passdb { | |||||
args = /etc/dovecot/dovecot-mysql.conf | |||||
driver = sql | |||||
} | } | ||||
protocol lda { | |||||
postmaster_address = admin@{{ domain }} | |||||
mail_plugin_dir = /usr/lib/dovecot/modules/lda | |||||
auth_socket_path = /var/run/dovecot/auth-master | |||||
mail_plugins = sieve quota | |||||
plugin { | |||||
sieve = /home/facteur/%d/%n/.dovecot.sieve | |||||
sieve_dir = /home/facteur/%d/%n/sieve | |||||
} | } | ||||
auth default { | |||||
userdb sql { | |||||
args = /etc/dovecot/dovecot-mysql.conf | |||||
} | |||||
passdb sql { | |||||
args = /etc/dovecot/dovecot-mysql.conf | |||||
} | |||||
socket listen { | |||||
master { | |||||
path = /var/run/dovecot/auth-master | |||||
mode = 0600 | |||||
user = facteur | |||||
protocols = imap pop3 sieve | |||||
service auth { | |||||
unix_listener /var/spool/postfix/private/auth { | |||||
group = postfix | |||||
mode = 0660 | |||||
user = postfix | |||||
} | } | ||||
client { | |||||
path = /var/spool/postfix/private/auth | |||||
mode = 0660 | |||||
user = postfix | |||||
group = postfix | |||||
unix_listener auth-master { | |||||
mode = 0600 | |||||
user = facteur | |||||
} | } | ||||
} | |||||
} | } | ||||
dict { | |||||
service managesieve-login { | |||||
inet_listener sieve { | |||||
port = 4190 | |||||
} | |||||
process_min_avail = 0 | |||||
service_count = 1 | |||||
vsz_limit = 64 M | |||||
executable = /usr/lib/dovecot/managesieve-login | |||||
} | } | ||||
plugin { | |||||
sieve_dir = /home/facteur/%d/%n/sieve | |||||
sieve = /home/facteur/%d/%n/.dovecot.sieve | |||||
service managesieve { | |||||
executable = /usr/lib/dovecot/managesieve | |||||
} | |||||
userdb { | |||||
args = /etc/dovecot/dovecot-mysql.conf | |||||
driver = sql | |||||
} | |||||
protocol lda { | |||||
auth_socket_path = /var/run/dovecot/auth-master | |||||
mail_plugin_dir = /usr/lib/dovecot/modules | |||||
mail_plugins = sieve quota | |||||
postmaster_address = admin@{{ domain }} | |||||
} | } |
@ -1,5 +1,5 @@ | |||||
hosts = 127.0.0.1 | hosts = 127.0.0.1 | ||||
user = postfix | user = postfix | ||||
password = {{ dbpassword }} | |||||
password = {{ dbpassword.stdout }} | |||||
dbname = postfix | dbname = postfix | ||||
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 1 |
@ -1,5 +1,5 @@ | |||||
hosts = 127.0.0.1 | hosts = 127.0.0.1 | ||||
user = postfix | user = postfix | ||||
password = {{ dbpassword }} | |||||
password = {{ dbpassword.stdout }} | |||||
dbname = postfix | dbname = postfix | ||||
query = SELECT goto FROM alias WHERE address='%s' AND active = 1 | query = SELECT goto FROM alias WHERE address='%s' AND active = 1 |
@ -1,5 +1,5 @@ | |||||
hosts = 127.0.0.1 | hosts = 127.0.0.1 | ||||
user = postfix | user = postfix | ||||
password = {{ dbpassword }} | |||||
password = {{ dbpassword.stdout }} | |||||
dbname = postfix | dbname = postfix | ||||
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1 | query = SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1 |
@ -1,5 +1,5 @@ | |||||
hosts = 127.0.0.1 | hosts = 127.0.0.1 | ||||
user = postfix | user = postfix | ||||
password = {{ dbpassword }} | |||||
password = {{ dbpassword.stdout }} | |||||
dbname = postfix | dbname = postfix | ||||
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 | query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 |
@ -1,4 +1,5 @@ | |||||
DROP DATABASE IF EXISTS postfix; | |||||
CREATE DATABASE postfix; | CREATE DATABASE postfix; | ||||
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; | |||||
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; | |||||
GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; | GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '{{ dbpassword.stdout }}'; | ||||
FLUSH PRIVILEGES; | FLUSH PRIVILEGES; |
@ -0,0 +1,2 @@ | |||||
pwcheck_method: saslauthd | |||||
mech_list: PLAIN LOGIN |
@ -0,0 +1,37 @@ | |||||
user www-data; | |||||
worker_processes 4; | |||||
worker_priority -10; | |||||
pid /var/run/nginx.pid; | |||||
worker_rlimit_nofile 65536; | |||||
events { | |||||
worker_connections 4096; | |||||
use epoll; | |||||
} | |||||
http { | |||||
sendfile on; | |||||
tcp_nopush on; | |||||
tcp_nodelay on; | |||||
keepalive_timeout 8; | |||||
types_hash_max_size 2048; | |||||
server_tokens off; | |||||
keepalive_requests 100000; | |||||
open_file_cache max=200000 inactive=20s; | |||||
open_file_cache_valid 30s; | |||||
open_file_cache_min_uses 2; | |||||
open_file_cache_errors on; | |||||
include /etc/nginx/mime.types; | |||||
default_type application/octet-stream; | |||||
gzip on; | |||||
gzip_disable "msie6"; | |||||
#include /etc/nginx/naxsi_core.rules; | |||||
include /etc/nginx/conf.d/*.conf; | |||||
include /etc/nginx/sites-enabled/*; | |||||
} |
@ -0,0 +1,26 @@ | |||||
[www-data] | |||||
prefix = /var/tmp | |||||
user = www-data | |||||
group = www-data | |||||
listen = /var/run/php5-fpm-www-data.sock | |||||
listen.backlog = 1024 | |||||
pm = ondemand | |||||
pm.max_children = 2 | |||||
pm.process_idle_timeout = 30s; | |||||
pm.max_requests = 800 | |||||
pm.status_path = /status | |||||
request_terminate_timeout = 120s | |||||
chdir = / | |||||
security.limit_extensions = .php .php3 .php4 .php5 | |||||
env[TMP] = /tmp | |||||
env[TMPDIR] = /tmp | |||||
env[TEMP] = /tmp | |||||
php_admin_value[memory_limit] = 128M |
@ -0,0 +1,13 @@ | |||||
--- | |||||
# handlers du role nginx | |||||
- name: reload nginx | |||||
service: name=nginx state=reloaded | |||||
- name: restart nginx | |||||
service: name=nginx state=restarted | |||||
- name: start nginx | |||||
service: name=nginx state=started | |||||
- name: stop nginx | |||||
service: name=nginx state=stopped | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: | |||||
@ -0,0 +1,23 @@ | |||||
--- | |||||
- name: Install default packages Debian. | |||||
apt: pkg={{item}} state=installed install_recommends=no | |||||
with_items: | |||||
- nginx | |||||
- nginx-common | |||||
- nginx-full | |||||
- php5-fpm | |||||
- name: Copy nginx.conf | |||||
tags: nginx | |||||
copy: src=etc-nginx-nginx.conf dest=/etc/nginx/nginx.conf | |||||
- name: Copy php5/fpm/pool.d/www-data.conf | |||||
tags: nginx | |||||
copy: src=etc-php5-fpm-pool.d-www-data.conf dest=/etc/php5/fpm/pool.d/www-data.conf | |||||
- name: Delete the www.conf template | |||||
tags: nginx | |||||
file: path=etc/php5/fpm/pool.d/www.conf state=absent | |||||
notify: restart nginx | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: |
@ -0,0 +1,46 @@ | |||||
--- | |||||
packages: | |||||
- nginx | |||||
- php5-cli | |||||
- php5-mysql | |||||
- php5-fpm | |||||
- php-apc | |||||
- php5-mysql | |||||
- php5-curl | |||||
- libmime-lite-perl | |||||
firewall_role_rules: | |||||
- "-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT" | |||||
sysctls: | |||||
- name: net.ipv4.ip_local_port_range | |||||
value: "'1024 65000'" | |||||
- name: net.ipv4.tcp_tw_reuse | |||||
value: 1 | |||||
- name: net.ipv4.tcp_fin_timeout | |||||
value: 15 | |||||
- name: net.core.netdev_max_backlog | |||||
value: 4096 | |||||
- name: net.core.rmem_max | |||||
value: 16777216 | |||||
- name: net.core.somaxconn | |||||
value: 4096 | |||||
- name: net.core.wmem_max | |||||
value: 16777216 | |||||
- name: net.ipv4.tcp_max_syn_backlog | |||||
value: 20480 | |||||
- name: net.ipv4.tcp_max_tw_buckets | |||||
value: 400000 | |||||
- name: net.ipv4.tcp_no_metrics_save | |||||
value: 1 | |||||
- name: net.ipv4.tcp_rmem | |||||
value: "'4096 87380 16777216'" | |||||
- name: net.ipv4.tcp_syn_retries | |||||
value: 2 | |||||
- name: net.ipv4.tcp_synack_retries | |||||
value: 2 | |||||
- name: net.ipv4.tcp_wmem | |||||
value: "'4096 65536 16777216'" | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: |
@ -0,0 +1,46 @@ | |||||
--- | |||||
# handlers du role common | |||||
- name: update aliases | |||||
command: newaliases | |||||
- name: restart munin-node | |||||
service: name=munin-node state=restarted | |||||
- name: restart hobbit-client | |||||
service: name=hobbit-client state=restarted | |||||
- name: restart xymon-client | |||||
service: name=xymon-client state=restarted | |||||
- name: restart gwm | |||||
service: name=gwm state=restarted | |||||
- name: restart xend | |||||
service: name=xend state=restarted | |||||
- name: update-grub | |||||
command: update-grub | |||||
- name: restart collectd | |||||
service: name=collectd state=restarted | |||||
- name: restart ntp | |||||
service: name=ntp state=restarted | |||||
- name: restart xymon | |||||
service: name=xymon state=restarted | |||||
- name: update mysql_relay_domains map | |||||
shell: postmap /etc/postfix/mysql_relay_domains.cf | |||||
- name: restart postfix | |||||
service: name=postfix state=restarted | |||||
- name: restart nginx | |||||
command: name=nginx state=restarted | |||||
- name: restart php5-fpm | |||||
shell: /etc/init.d/php5-fpm restart | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: | |||||
@ -0,0 +1,78 @@ | |||||
--- | |||||
- name: Install ownCloud dependencies | |||||
apt: pkg={{item}} state=installed update_cache=no | |||||
tags: owncloud | |||||
with_items: "{{ packages }}" | |||||
ignore_errors: no | |||||
- name: unlink default vhost nginx | |||||
tags: owncloud | |||||
shell: unlink /etc/nginx/sites-enabled/default | |||||
ignore_errors: yes | |||||
- name: Get ownCloud | |||||
tags: | |||||
- update | |||||
- owncloud | |||||
get_url: url=https://download.owncloud.org/community/owncloud-latest.tar.bz2 validate_certs=no dest=/root/owncloud-latest.tar.bz2 | |||||
- name: Creation of the right folder | |||||
tags: owncloud | |||||
file: path=/etc/nginx/ssl/ state=directory recurse=yes | |||||
- name: create self-signed SSL cert | |||||
command: openssl req -new -nodes -x509 -subj "/C=FR/ST=SomeWhere/L=OverTheRainBow/O=OwnCloud/CN=owncloud.{{ domain }}" -days 3650 -keyout /etc/nginx/ssl/owncloud.key -out /etc/nginx/ssl/owncloud.crt -extensions v3_ca creates=/etc/nginx/ssl/owncloud.crt | |||||
tags: owncloud | |||||
notify: restart nginx | |||||
- name: Creation of the right folder | |||||
tags: owncloud | |||||
file: path=/var/www/owncloud/ state=directory recurse=yes | |||||
- name: Untar | |||||
tags: | |||||
- update | |||||
- owncloud | |||||
shell: tar xvf /root/owncloud-latest.tar.bz2 -C /var/www/owncloud/ | |||||
ignore_errors: no | |||||
- name: Chown | |||||
tags: | |||||
- update | |||||
- owncloud | |||||
shell: chown -R www-data. /var/www/ | |||||
- name: Randomly generate an ownCloud database password | |||||
shell: pwgen -y -B -s 80 1 | |||||
tags: | |||||
- owncloud | |||||
register: dbpassword | |||||
- name: Config nginx | |||||
template: src=etc-nginx-sites-enabled-owncloud.j2 dest=/etc/nginx/sites-enabled/owncloud | |||||
tags: owncloud | |||||
notify: restart nginx | |||||
- name: Config PHP5-fpm | |||||
template: src=etc-php5-fpm-pool.d-www.conf.j2 dest=/etc/php5/fpm/pool.d/www.conf | |||||
tags: owncloud | |||||
notify: restart php5-fpm | |||||
- name: Config PHP5-fpm ini file | |||||
template: src=php.ini.j2 dest=/etc/php5/fpm/php.ini | |||||
tags: owncloud | |||||
notify: restart php5-fpm | |||||
- name: Import database template | |||||
tags: | |||||
- owncloud | |||||
template: src=root-ownclouddb.sql.j2 dest=/root/ownclouddb.sql | |||||
- name: Import sql file for account and db creation | |||||
tags: | |||||
- owncloud | |||||
shell: mysql < /root/ownclouddb.sql | |||||
notify: restart php5-fpm | |||||
#vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: |
@ -0,0 +1,73 @@ | |||||
server { | |||||
listen 80; | |||||
server_name owncloud.{{ domain }}; | |||||
return 301 https://$server_name$request_uri; | |||||
} | |||||
server { | |||||
listen 443 ssl; | |||||
server_name owncloud.{{ domain }}; | |||||
keepalive_timeout 70; | |||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||||
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; | |||||
ssl_certificate /etc/nginx/ssl/owncloud.crt; | |||||
ssl_certificate_key /etc/nginx/ssl/owncloud.key; | |||||
root /var/www/owncloud/owncloud/; | |||||
error_log /var/log/owncloud.error.log; | |||||
access_log /var/log/owncloud.access.log; | |||||
client_max_body_size 10G; | |||||
fastcgi_buffers 64 4K; | |||||
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; | |||||
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; | |||||
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; | |||||
index index.php; | |||||
error_page 403 /core/templates/403.php; | |||||
error_page 404 /core/templates/404.php; | |||||
location = /robots.txt { | |||||
allow all; | |||||
log_not_found off; | |||||
access_log off; | |||||
} | |||||
location ~ ^/(data|config|\.ht|db_structure\.xml|README) { | |||||
deny all; | |||||
} | |||||
location / { | |||||
rewrite ^/.well-known/host-meta /public.php?service=host-meta last; | |||||
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; | |||||
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; | |||||
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; | |||||
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; | |||||
try_files $uri $uri/ index.php; | |||||
error_log /var/log/owncloud.error.log; | |||||
access_log /var/log/owncloud.access.log; | |||||
} | |||||
location ~ ^(.+?\.php)(/.*)?$ { | |||||
try_files $1 = 404; | |||||
include fastcgi_params; | |||||
fastcgi_param SCRIPT_FILENAME $document_root$1; | |||||
fastcgi_param PATH_INFO $2; | |||||
fastcgi_param HTTPS on; | |||||
fastcgi_connect_timeout 60; | |||||
fastcgi_send_timeout 180; | |||||
fastcgi_param htaccessWorking true; | |||||
fastcgi_read_timeout 360; | |||||
fastcgi_pass unix:/var/run/php5-fpm-www-data.sock; | |||||
error_log /var/log/owncloud.fpm.error.log; | |||||
access_log /var/log/owncloud.fpm.access.log; | |||||
} | |||||
# Optional: set long EXPIRES header on static assets | |||||
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { | |||||
expires 30d; | |||||
# Optional: Don't log access to assets | |||||
access_log off; | |||||
} | |||||
} | |||||
@ -0,0 +1,36 @@ | |||||
[www-data] | |||||
prefix = /var/tmp | |||||
user = www-data | |||||
group = www-data | |||||
slowlog = /var/log/php-fpm/slowlog-site.log | |||||
listen = /var/run/php5-fpm-www-data.sock | |||||
listen.backlog = 1024 | |||||
pm = dynamic | |||||
pm.start_servers = 4 | |||||
pm.min_spare_servers = 2 | |||||
pm.max_spare_servers = 6 | |||||
pm.max_children = 8 | |||||
pm.process_idle_timeout = 30s; | |||||
pm.max_requests = 800 | |||||
pm.status_path = /status | |||||
listen.backlog = -1 | |||||
listen.owner = www-data | |||||
listen.group = www-data | |||||
listen.mode = 0666 | |||||
request_terminate_timeout = 3600s | |||||
catch_workers_output=no | |||||
chdir = / | |||||
rlimit_core = unlimited | |||||
security.limit_extensions = .php .php3 .php4 .php5 | |||||
env[TMP] = /tmp | |||||
env[TMPDIR] = /tmp | |||||
env[TEMP] = /tmp | |||||
env[HOSTNAME] = $HOSTNAME | |||||
php_admin_value[memory_limit] = 1G | |||||
@ -0,0 +1,5 @@ | |||||
CREATE USER 'owncloud'@'localhost' IDENTIFIED BY '{{ dbpassword.stdout }}'; | |||||
GRANT USAGE ON * . * TO 'owncloud'@'localhost' IDENTIFIED BY '{{ dbpassword.stdout }}' WITH MAX_QUERIES_PER_HOUR 0 | |||||
MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; | |||||
CREATE DATABASE IF NOT EXISTS `owncloud` ; | |||||
GRANT ALL PRIVILEGES ON `owncloud` . * TO 'owncloud'@'localhost'; |
@ -0,0 +1,17 @@ | |||||
packages: | |||||
- php5 | |||||
- php5-gd | |||||
- php-xml-parser | |||||
- php5-intl | |||||
- php5-sqlite | |||||
- php5-mysql | |||||
- php5-pgsql | |||||
- smbclient | |||||
- php5-curl | |||||
- php5-mcrypt | |||||
- php5-fpm | |||||
- pwgen | |||||
- bzip2 | |||||
- php5-ldap | |||||
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab: | |||||
@ -0,0 +1,2 @@ | |||||
- name: restart prosody | |||||
command: /etc/init.d/prosody restart |
@ -0,0 +1,4 @@ | |||||
--- | |||||
# Provides the Prosody Jabber/XMPP server. | |||||
- include: prosody.yml tags=prosody |
@ -0,0 +1,29 @@ | |||||
- name: Ensure repository key for Prosody is in place | |||||
apt_key: url=https://prosody.im/files/prosody-debian-packages.key state=present | |||||
# Prosody supplies repo for sid, squeeze, wheezy, jessie, trusty, saucy, raring, quantal, precise and lucid | |||||
- name: Add Prosody Debian/Ubuntu repository | |||||
apt_repository: repo="deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main" | |||||
- name: Install Prosody from official repository | |||||
apt: pkg=prosody update_cache=yes | |||||
- name: Add prosody user to ssl-cert group | |||||
user: name=prosody groups=ssl-cert append=yes | |||||
- name: Create Prosody data directory | |||||
file: state=directory path=/decrypted/prosody owner=prosody group=prosody | |||||
- name: Configure Prosody | |||||
template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua group=root owner=root | |||||
notify: restart prosody | |||||
- name: Create Prosody accounts | |||||
command: prosodyctl register {{ item.name }} {{ prosody_virtual_domain }} "{{ item.password }}" | |||||
with_items: prosody_accounts | |||||
- name: Set firewall rules for Prosody | |||||
ufw: rule=allow port={{ item }} proto=tcp | |||||
with_items: | |||||
- 5222 # xmpp c2s | |||||
- 5269 # xmpp s2s |
@ -0,0 +1,175 @@ | |||||
-- Prosody XMPP Server Configuration | |||||
-- | |||||
-- Information on configuring Prosody can be found on our | |||||
-- website at http://prosody.im/doc/configure | |||||
-- | |||||
-- Tip: You can check that the syntax of this file is correct | |||||
-- when you have finished by running: luac -p prosody.cfg.lua | |||||
-- If there are any errors, it will let you know what and where | |||||
-- they are, otherwise it will keep quiet. | |||||
-- | |||||
-- Good luck, and happy Jabbering! | |||||
---------- Server-wide settings ---------- | |||||
-- Settings in this section apply to the whole server and are the default settings | |||||
-- for any virtual hosts | |||||
-- This is a (by default, empty) list of accounts that are admins | |||||
-- for the server. Note that you must create the accounts separately | |||||
-- (see http://prosody.im/doc/creating_accounts for info) | |||||
-- Example: admins = { "user1@example.com", "user2@example.net" } | |||||
admins = { "{{ prosody_admin }}" } | |||||
-- Enable use of libevent for better performance under high load | |||||
-- For more information see: http://prosody.im/doc/libevent | |||||
--use_libevent = true; | |||||
-- This is the list of modules Prosody will load on startup. | |||||
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. | |||||
-- Documentation on modules can be found at: http://prosody.im/doc/modules | |||||
modules_enabled = { | |||||
-- Generally required | |||||
"roster"; -- Allow users to have a roster. Recommended ;) | |||||
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. | |||||
"tls"; -- Add support for secure TLS on c2s/s2s connections | |||||
"dialback"; -- s2s dialback support | |||||
"disco"; -- Service discovery | |||||
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc. | |||||
-- Not essential, but recommended | |||||
"private"; -- Private XML storage (for room bookmarks, etc.) | |||||
"vcard"; -- Allow users to set vCards | |||||
-- These are commented by default as they have a performance impact | |||||
"privacy"; -- Support privacy lists | |||||
--"compression"; -- Stream compression (requires the lua-zlib package installed) | |||||
-- Nice to have | |||||
"version"; -- Replies to server version requests | |||||
"uptime"; -- Report how long server has been running | |||||
"time"; -- Let others know the time here on this server | |||||
"ping"; -- Replies to XMPP pings with pongs | |||||
-- "pep"; -- Enables users to publish their mood, activity, playing music and more | |||||
"register"; -- Allow users to register on this server using a client and change passwords | |||||
-- Admin interfaces | |||||
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands | |||||
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582 | |||||
-- HTTP modules | |||||
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" | |||||
--"http_files"; -- Serve static files from a directory over HTTP | |||||
-- Other specific functionality | |||||
--"groups"; -- Shared roster support | |||||
--"announce"; -- Send announcement to all online users | |||||
--"welcome"; -- Welcome users who register accounts | |||||
--"watchregistrations"; -- Alert admins of registrations | |||||
--"motd"; -- Send a message to users when they log in | |||||
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. | |||||
}; | |||||
-- These modules are auto-loaded, but should you want | |||||
-- to disable them then uncomment them here: | |||||
modules_disabled = { | |||||
-- "offline"; -- Store offline messages | |||||
-- "c2s"; -- Handle client connections | |||||
-- "s2s"; -- Handle server-to-server connections | |||||
}; | |||||
-- Disable account creation by default, for security | |||||
-- For more information see http://prosody.im/doc/creating_accounts | |||||
allow_registration = false; | |||||
-- These are the SSL/TLS-related settings. If you don't want | |||||
-- to use SSL/TLS, you may comment or remove this | |||||
ssl = { | |||||
key = "/etc/ssl/private/wildcard_private.key"; | |||||
certificate = "/etc/ssl/certs/wildcard_public_cert.crt"; | |||||
} | |||||
-- Force clients to use encrypted connections? This option will | |||||
-- prevent clients from authenticating unless they are using encryption. | |||||
c2s_require_encryption = true | |||||
-- Force certificate authentication for server-to-server connections? | |||||
-- This provides ideal security, but requires servers you communicate | |||||
-- with to support encryption AND present valid, trusted certificates. | |||||
-- NOTE: Your version of LuaSec must support certificate verification! | |||||
-- For more information see http://prosody.im/doc/s2s#security | |||||
s2s_secure_auth = false | |||||
-- Many servers don't support encryption or have invalid or self-signed | |||||
-- certificates. You can list domains here that will not be required to | |||||
-- authenticate using certificates. They will be authenticated using DNS. | |||||
--s2s_insecure_domains = { "gmail.com" } | |||||
-- Even if you leave s2s_secure_auth disabled, you can still require valid | |||||
-- certificates for some domains by specifying a list here. | |||||
--s2s_secure_domains = { "jabber.org" } | |||||
-- Required for init scripts and prosodyctl | |||||
pidfile = "/var/run/prosody/prosody.pid" | |||||
-- Select the authentication backend to use. The 'internal' providers | |||||
-- use Prosody's configured data storage to store the authentication data. | |||||
-- To allow Prosody to offer secure authentication mechanisms to clients, the | |||||
-- default provider stores passwords in plaintext. If you do not trust your | |||||
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed | |||||
-- for information about using the hashed backend. | |||||
authentication = "internal_plain" | |||||
-- Select the storage backend to use. By default Prosody uses flat files | |||||
-- in its configured data directory, but it also supports more backends | |||||
-- through modules. An "sql" backend is included by default, but requires | |||||
-- additional dependencies. See http://prosody.im/doc/storage for more info. | |||||
--storage = "sql" -- Default is "internal" | |||||
-- For the "sql" backend, you can uncomment *one* of the below to configure: | |||||
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. | |||||
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | |||||
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } | |||||
-- Logging configuration | |||||
-- For advanced logging see http://prosody.im/doc/logging | |||||
log = { | |||||
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging | |||||
error = "/var/log/prosody/prosody.err"; | |||||
"*syslog"; | |||||
} | |||||
data_path = "/decrypted/prosody" | |||||
----------- Virtual hosts ----------- | |||||
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve. | |||||
-- Settings under each VirtualHost entry apply *only* to that host. | |||||
VirtualHost "{{ prosody_virtual_domain }}" | |||||
------ Components ------ | |||||
-- You can specify components to add hosts that provide special services, | |||||
-- like multi-user conferences, and transports. | |||||
-- For more information on components, see http://prosody.im/doc/components | |||||
---Set up a MUC (multi-user chat) room server on conference.example.com: | |||||
--Component "conference.example.com" "muc" | |||||
-- Set up a SOCKS5 bytestream proxy for server-proxied file tr3ansfers: | |||||
--Component "proxy.example.com" "proxy65" | |||||
---Set up an external component (default component port is 5347) | |||||
-- | |||||
-- External components allow adding various services, such as gateways/ | |||||
-- transports to other networks like ICQ, MSN and Yahoo. For more info | |||||
-- see: http://prosody.im/doc/components#adding_an_external_component | |||||
-- | |||||
--Component "gateway.example.com" | |||||
-- component_secret = "password" |
@ -0,0 +1,10 @@ | |||||
- name: import wallabag sql | |||||
shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1 | |||||
notify: remove install folder | |||||
#' | |||||
- name: restart apache2 | |||||
service: name=apache2 state=restarted | |||||
- name: remove install folder | |||||
file: path=/var/www/wallabag/install state=absent |
@ -0,0 +1 @@ | |||||
- include: wallabag.yml tags=wallabag |
@ -0,0 +1,73 @@ | |||||
- name: Determine whether wallabag is configured | |||||
stat: path=/var/www/wallabag/inc/poche/config.inc.php | |||||
register: wallabag_config | |||||
- name: Clone wallabag | |||||
git: repo=https://github.com/wallabag/wallabag.git | |||||
dest=/var/www/wallabag | |||||
version={{ wallabag_version }} | |||||
accept_hostkey=yes | |||||
- name: Remove wallabag 'install' directory if its configuration file is there | |||||
file: name=/var/www/wallabag/install state=absent | |||||
when: wallabag_config.stat.exists == True | |||||
- name: Install wallabag dependencies | |||||
apt: pkg={{ item }} state=present | |||||
with_items: | |||||
- php5 | |||||
- php5-curl | |||||
- php5-mcrypt | |||||
- php5-pgsql | |||||
- php5-tidy | |||||
- name: Import database user template | |||||
template: src=root-wallabag.sql.j2 dest=/root/wallabag.sql | |||||
- name: Import sql file for account and db creation | |||||
shell: mysql < /root/wallabag.sql | |||||
- name: Import wallabag sql | |||||
shell: mysql {{ wallabag_db_database }} < /var/www/wallabag/install/mysql.sql | |||||
notify: remove install folder | |||||
- name: Build Composer | |||||
shell: curl -sS https://getcomposer.org/installer | php | |||||
chdir=/root | |||||
creates=/root/composer.phar | |||||
- name: Initialize composer | |||||
command: php /root/composer.phar install | |||||
chdir=/var/www/wallabag | |||||
creates=/var/www/wallabag/vendor/autoload.php | |||||
- name: Set wallabag permissions | |||||
file: owner=www-data | |||||
group=www-data | |||||
path=/var/www/wallabag | |||||
recurse=yes | |||||
state=directory | |||||
- name: Create the configuration file | |||||
template: src=var_www_wallabag_inc_poche_config.inc.php.j2 | |||||
dest=/var/www/wallabag/inc/poche/config.inc.php | |||||
owner=www-data | |||||
group=www-data | |||||
- name: Rename existing Apache wallabag virtualhost | |||||
command: mv /etc/apache2/sites-available/wallabag /etc/apache2/sites-available/wallabag.conf removes=/etc/apache2/sites-available/wallabag | |||||
- name: Remove old sites-enabled/wallabag symlink (new one will be created by a2ensite) | |||||
command: rm /etc/apache2/sites-enabled/wallabag removes=/etc/apache2/sites-enabled/wallabag | |||||
- name: Configure the Apache HTTP server for wallabag | |||||
template: src=etc_apache2_sites-available_wallabag.j2 | |||||
dest=/etc/apache2/sites-available/wallabag.conf | |||||
owner=root | |||||
group=root | |||||
- name: Enable the wallabag site | |||||
command: a2ensite wallabag.conf | |||||
creates=/etc/apache2/sites-enabled/wallabag.conf | |||||
notify: restart apache |
@ -0,0 +1,31 @@ | |||||
<VirtualHost *:80> | |||||
ServerName {{ wallabag_domain }} | |||||
Redirect permanent / https://{{ wallabag_domain }}/ | |||||
</VirtualHost> | |||||
<VirtualHost *:443> | |||||
ServerName {{ wallabag_domain }} | |||||
SSLEngine on | |||||
SSLProtocol ALL -SSLv2 -SSLv3 | |||||
SSLHonorCipherOrder On | |||||
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS | |||||
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt | |||||
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key | |||||
SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem | |||||
Header add Strict-Transport-Security "max-age=15768000; includeSubdomains" | |||||
DocumentRoot /var/www/wallabag | |||||
Options -Indexes | |||||
ErrorLog /var/log/apache2/wallabag.info-error_log | |||||
CustomLog /var/log/apache2/wallabag.info-access_log common | |||||
<Directory /var/www/wallabag> | |||||
AllowOverride All | |||||
Order allow,deny | |||||
allow from all | |||||
DirectoryIndex index.php | |||||
</Directory> | |||||
</VirtualHost> |
@ -0,0 +1,5 @@ | |||||
CREATE USER 'wallabag'@'localhost' IDENTIFIED BY '{{ wallabag_db_password }}'; | |||||
GRANT USAGE ON * . * TO 'wallabag'@'localhost' IDENTIFIED BY '{{ wallabag_db_password }}' WITH MAX_QUERIES_PER_HOUR 0 | |||||
MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; | |||||
CREATE DATABASE IF NOT EXISTS `wallabag` ; | |||||
GRANT ALL PRIVILEGES ON `wallabag` . * TO 'wallabag'@'localhost'; |
@ -0,0 +1,58 @@ | |||||
<?php | |||||
/** | |||||
* wallabag, self hostable application allowing you to not miss any content anymore | |||||
* | |||||
* @category wallabag | |||||
* @author Nicolas Lœuillet <nicolas@loeuillet.org> | |||||
* @copyright 2013 | |||||
* @license http://www.wtfpl.net/ see COPYING file | |||||
*/ | |||||
define ('SALT', '{{ wallabag_salt }}'); # put a strong string here | |||||
define ('LANG', 'en_EN.utf8'); | |||||
define ('STORAGE', 'postgres'); # postgres, mysql or sqlite | |||||
define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located | |||||
# only for postgres & mysql | |||||
define ('STORAGE_SERVER', 'localhost'); | |||||
define ('STORAGE_DB', '{{ wallabag_db_database }}'); | |||||
define ('STORAGE_USER', '{{ wallabag_db_username }}'); | |||||
define ('STORAGE_PASSWORD', '{{ wallabag_db_password }}'); | |||||
################################################################################# | |||||
# Do not trespass unless you know what you are doing | |||||
################################################################################# | |||||
// Change this if not using the standart port for SSL - i.e you server is behind sslh | |||||
define ('SSL_PORT', 443); | |||||
define ('MODE_DEMO', FALSE); | |||||
define ('DEBUG_POCHE', FALSE); | |||||
define ('DOWNLOAD_PICTURES', FALSE); | |||||
define ('CONVERT_LINKS_FOOTNOTES', FALSE); | |||||
define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); | |||||
define ('SHARE_TWITTER', TRUE); | |||||
define ('SHARE_MAIL', TRUE); | |||||
define ('SHARE_SHAARLI', FALSE); | |||||
define ('SHAARLI_URL', 'http://myshaarliurl.com'); | |||||
define ('FLATTR', TRUE); | |||||
define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url='); | |||||
define ('NOT_FLATTRABLE', '0'); | |||||
define ('FLATTRABLE', '1'); | |||||
define ('FLATTRED', '2'); | |||||
define ('ABS_PATH', 'assets/'); | |||||
define ('DEFAULT_THEME', 'baggy'); | |||||
define ('THEME', ROOT . '/themes'); | |||||
define ('LOCALE', ROOT . '/locale'); | |||||
define ('CACHE', ROOT . '/cache'); | |||||
define ('PAGINATION', '10'); | |||||
//limit for download of articles during import | |||||
define ('IMPORT_LIMIT', 5); | |||||
//delay between downloads (in sec) | |||||
define ('IMPORT_DELAY', 5); |