cybercinch/ansible-role-directadmin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Aaron Guise
2023-11-30 15:19:54 +13:00
commit 3c0ab7279f
25 changed files with 1205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
tasks/config/mail/apache.yml Normal file
View File

@@ -0,0 +1,47 @@
- name: Create Webmail V-Host
copy:
dest: /usr/local/directadmin/data/templates/custom/virtual_host2.conf.CUSTOM.4.post
content: |
</VirtualHost>
<VirtualHost |IP|:|PORT_80| |MULTI_IP|>
ServerName webmail.|DOMAIN|
ServerAdmin |ADMIN|
DocumentRoot /var/www/html/roundcube/
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
notify:
- "directadmin : Rewrite confs"
- name: Create Webmail V-Host (Secure)
copy:
dest: /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf.CUSTOM.4.post
content: |
</VirtualHost>
<VirtualHost |IP|:|PORT_443| |MULTI_IP|>
ServerName webmail.|DOMAIN|
ServerAdmin |ADMIN|
DocumentRoot /var/www/html/roundcube/
SSLEngine on
SSLCertificateFile |CERT|
SSLCertificateKeyFile |KEY|
|CAROOT|
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
notify:
- "directadmin : Rewrite confs"
- name: Include NGINX if running as proxy
include_tasks: nginx.yml

113
tasks/config/mail/dovecot.yml Normal file
View File

@@ -0,0 +1,113 @@
---
- name: Add imap_sieve to mail_plugins for dovecot
lineinfile:
path: /etc/dovecot/conf/imap_mail_plugins.conf
regex: "^mail_plugins = (?!.*imap_sieve)(.*)$"
line: "mail_plugins = \\1 imap_sieve"
backrefs: true
notify:
- "directadmin : Ensure Dovecot custom for custombuild is present"
- "directadmin : Persist mail plugins"
- "directadmin : Restart Dovecot"
- name: Configure plusaddressing for Dovecot
copy:
dest: /etc/dovecot/conf.d/subaddressing.conf
content: |
recipient_delimiter = +
lmtp_save_to_detail_mailbox = no
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
notify:
- "directadmin : Restart Dovecot"
- name: Configure imap_sieve for Dovecot
copy:
dest: /etc/dovecot/conf.d/99-imap-sieve.conf
content: |
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/usr/local/bin/dovecot-sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/usr/local/bin/dovecot-sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/local/bin/dovecot-sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
notify:
- "directadmin : Restart Dovecot"
- name: Ensure dovecot-sieve script directory is present
file:
path: /usr/local/bin/dovecot-sieve
state: directory
owner: mail
- name: Create report-spam script
copy:
dest: /usr/local/bin/dovecot-sieve/report-spam.sieve
content: |
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-spam.sh" [ "${username}" ];
notify:
- "directadmin : Compile and fix permissions report-spam script"
- name: Create report-ham script
copy:
dest: /usr/local/bin/dovecot-sieve/report-ham.sieve
content: |
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];
notify:
- "directadmin : Compile and fix permissions report-ham script"
- name: Create spam learning script
copy:
dest: /usr/local/bin/dovecot-sieve/sa-learn-spam.sh
content: |
#!/bin/bash
# you can also use tcp/ip here, consult spamc(1)
inputmail=`/usr/bin/cat`
ddomain=`/usr/bin/echo "${1}"| /usr/bin/cut -d'@' -f2`
dusername=`/usr/bin/egrep "^${ddomain}:" /etc/virtual/domainowners| /usr/bin/cut -d' ' -f2`
exec /usr/bin/spamc -u ${dusername} -L spam <<< "${inputmail}"
mode: "0755"
- name: Create ham learning script
copy:
dest: /usr/local/bin/dovecot-sieve/sa-learn-ham.sh
content: |
#!/bin/bash
# you can also use tcp/ip here, consult spamc(1)
inputmail=`/usr/bin/cat`
ddomain=`/usr/bin/echo "${1}"| /usr/bin/cut -d'@' -f2`
dusername=`/usr/bin/egrep "^${ddomain}:" /etc/virtual/domainowners| /usr/bin/cut -d' ' -f2`
exec /usr/bin/spamc -u ${dusername} -L ham <<< "${inputmail}"
mode: "0755"

21
tasks/config/mail/exim.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Ensure /etc/exim is present
file:
path: /etc/exim
state: directory
- name: Add plusaddressing to Exim
copy:
dest: /etc/exim/local_part_suffix.conf
content: |
local_part_suffix = +*
local_part_suffix_optional
notify:
- "directadmin : Restart Exim"
- name: Ensure Exim custom strings configured
template:
src: templates/exim/strings.conf.custom.j2
dest: /etc/exim.strings.conf.custom
notify:
- "directadmin : Restart Exim"

276
tasks/config/mail/nginx.yml Normal file
View File

@@ -0,0 +1,276 @@
- name: Ensure Custom SSL config for NGINX is created
copy:
dest: /etc/nginx/webapps.ssl.conf.custom
content: |
location ~ /(\.htaccess|\.htpasswd|\.user\.ini|\.env|\.git) {
deny all;
}
location ^~ /.well-known/acme-challenge {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/.well-known/acme-challenge/ {
access_log off;
set $my_server_addr $server_addr;
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
proxy_pass https://$my_server_addr:8081;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /.well-known/acme-challenge/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;
}
location ~ ^/.well-known/acme-challenge/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location ^~ /roundcube {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/roundcube/ {
access_log off;
set $my_server_addr $server_addr;
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
proxy_pass https://$my_server_addr:8081;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;
}
location ~ ^/roundcube/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location ^~ /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/ {
access_log off;
set $my_server_addr $server_addr;
if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
proxy_pass https://$my_server_addr:8081;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;
}
location ~ ^/phpMyAdmin/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location ~ ^/phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location ~ ^/pma {
rewrite ^/* /phpMyAdmin last;
}
location ~ ^/webmail {
rewrite ^/* /roundcube last;
}
- name: Create Webmail V-Host (Nginx)
copy:
dest: /usr/local/directadmin/data/templates/custom/nginx_server.conf
content: |
server
{
listen |IP|:|PORT_80|;
|MULTI_IP|
server_name webmail.|DOMAIN|;
root /var/www/html/roundcube;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/|DOMAIN|.log;
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
|*if HAVE_PHP1_FPM="1"|
# use fastcgi for all php files
location ~ \.php$
{
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/nginx_limits.conf;
if (-f $request_filename)
{
fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
}
}
|*endif|
|*if HAVE_NGINX_PROXY="1"|
location /
{
# access_log off;
proxy_pass http://127.0.0.1:|PORT_8080|;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nginx_static_files/
{
# access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/roundcube/;
internal;
}
|*endif|
# deny access to apache .htaccess files
location ~ /\.ht
{
deny all;
}
}
notify:
- "directadmin : Rewrite confs"
when: >
directadmin_webserver == 'nginx' or
directadmin_webserver == 'nginx_apache'
- name: Create Webmail V-Host (Secure - Nginx)
copy:
dest: /usr/local/directadmin/data/templates/custom/nginx_server_secure.conf
content: |
|CUSTOM1|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/opt/alt/php`PHP1_RELEASE`/usr/share/pear/:/dev/urandom:/var/tmp:/usr/local/lib/php/|
|?HOST_DOMAIN=`DOMAIN`|
|*if HOST_POINTER|
|?HOST_DOMAIN=`HOST_POINTER`|
|*endif|
server
{
|CUSTOM|
listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
|MULTI_IP|
server_name |HOST_DOMAIN| www.|HOST_DOMAIN| |SERVER_ALIASES|;
access_log /var/log/nginx/domains/|DOMAIN|.log;
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
root |DOCROOT|;
index index.php index.html index.htm;
ssl_certificate |CERT|;
ssl_certificate_key |KEY|;
|FORCE_SSL_REDIRECT|
|NGINX_PHP_CONF|
|*if HAVE_NGINX_PROXY="1"|
location /
{
|CUSTOM2|
|LOCATION_INSERT|
# access_log off;
proxy_buffering |PROXY_BUFFERING|;
proxy_pass https://|PROXY_IP|:|PORT_8081|;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Upgrade;
}
location /nginx_static_files/
{
# access_log /var/log/nginx/access_log_proxy;
alias |DOCROOT|/;
internal;
}
|*else|
|NGINX_REDIRECTS|
|PROTECTED_DIRECTORIES|
|HOTLINK_PROTECTION|
|EXTRA_LOCATIONS|
|*endif|
|CUSTOM3|
include /etc/nginx/webapps.ssl.conf.custom;
|CUSTOM4|
}
server
{
listen |IP|:|PORT_443| ssl|SPACE_HTTP2|;
|MULTI_IP|
server_name webmail.|DOMAIN|;
root /var/www/html/roundcube;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/|DOMAIN|.log;
access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
error_log /var/log/nginx/domains/|DOMAIN|.error.log;
ssl_certificate |CERT|;
ssl_certificate_key |KEY|;
|*if HAVE_PHP1_FPM="1"|
# use fastcgi for all php files
location ~ \.php$
{
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/nginx_limits.conf;
if (-f $request_filename)
{
fastcgi_pass unix:/usr/local/php|PHP1_RELEASE|/sockets/webapps.sock;
}
}
|*endif|
|*if HAVE_NGINX_PROXY="1"|
location /
{
# access_log off;
proxy_pass http://127.0.0.1:|PORT_8080|;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nginx_static_files/
{
# access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/roundcube/;
internal;
}
|*endif|
# deny access to apache .htaccess files
location ~ /\.ht
{
deny all;
}
}
notify:
- "directadmin : Rewrite confs"
when: >
directadmin_webserver == 'nginx' or
directadmin_webserver == 'nginx_apache'

16
tasks/config/mail/spamassassin.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: Enable Spamassassin learning
blockinfile:
path: /etc/systemd/system/spamassassin.service.d/override.conf
state: present
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
[Service]
ExecStart=
# Add "-l" flag to spamd
ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m 15 --ipv4 -l
create: true
backup: false
notify:
- "directadmin : Reload Systemd"
- "directadmin : Restart Spamassassin"