From 50f118b15501580a7faadf2ad3d5782b75c98b54 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 2 Oct 2023 00:22:34 +0200 Subject: [PATCH 001/181] use offlineimap instead of Dovecot's built-in sync feature --- tasks/dovecot.yml | 48 -------------------------- tasks/main.yml | 6 ++++ tasks/offlineimap.yml | 43 +++++++++++++++++++++++ tasks/packages.yml | 15 ++++++++ templates/offlineimap/offlineimaprc.j2 | 26 ++++++++++++++ 5 files changed, 90 insertions(+), 48 deletions(-) create mode 100644 tasks/offlineimap.yml create mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index e4e2b67..84cb521 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -113,51 +113,3 @@ daemon_reload: yes enabled: yes state: restarted -- name: Check if old IMAP account is already restored - command: cat /etc/dovecot/already_restored_imap_accounts.txt - register: already_restored_imap_accounts - ignore_errors: yes -- name: Restore old imap account - block: - - name: Overwrite IMAP with the old account's contents - command: 'doveadm -o imapc_features="rfc822.size fetch-headers" -o imapc_host={{ item.old_imap_mail.host }} -o imapc_ssl={{ item.old_imap_mail.ssl|default("imaps") }} -o imapc_ssl_verify={{ item.old_imap_mail.ssl_verify|default("yes") }} -o imapc_port={{ item.old_imap_mail.port|default(993)|string }} -o imapc_user={{ item.old_imap_mail.user }} -o imapc_password={{ item.old_imap_mail.password }} backup -Ru {{ item.name }}@{{ mailserver_domain }} imapc:' - when: "{{ item.old_imap_mail is defined and user.name not in already_restored_imap_accounts.stdout_lines }}" - loop: "{{ users }}" - no_log: yes - rescue: - - name: Restore old IMAP account - block: - - name: Try to restore from scratch - command: 'doveadm -o imapc_features="rfc822.size fetch-headers" -o imapc_host={{ item.old_imap_mail.host }} -o imapc_ssl={{ item.old_imap_mail.ssl|default("imaps") }} -o imapc_ssl_verify={{ item.old_imap_mail.ssl_verify|default("yes") }} -o imapc_port={{ item.old_imap_mail.port|default(993)|string }} -o imapc_user={{ item.old_imap_mail.user }} -o imapc_password={{ item.old_imap_mail.password }} backup -Ru {{ item.name }}@{{ mailserver_domain }} imapc:' - when: "{{ item.old_imap_mail is defined }}" - loop: "{{ users }}" - no_log: yes - rescue: - - name: Sync already restored account - command: 'doveadm -o imapc_features="rfc822.size fetch-headers" -o imapc_host={{ item.old_imap_mail.host }} -o imapc_ssl={{ item.old_imap_mail.ssl|default("imaps") }} -o imapc_ssl_verify={{ item.old_imap_mail.ssl_verify|default("yes") }} -o imapc_port={{ item.old_imap_mail.port|default(993)|string }} -o imapc_user={{ item.old_imap_mail.user }} -o imapc_password={{ item.old_imap_mail.password }} sync -1 -Ru {{ item.name }}@{{ mailserver_domain }} imapc:' - when: "{{ item.old_imap_mail is defined }}" - loop: "{{ users }}" - no_log: yes -- name: Record account as already restored - lineinfile: - line: "{{ item.name }}" - path: /etc/dovecot/already_restored_imap_accounts.txt - mode: u=rw,og=r - owner: root - group: root - state: present - backup: yes - create: yes - when: "{{ item.old_imap_mail is defined }}" - loop: "{{ users }}" - no_log: yes -- name: Sync old IMAP account - cron: - name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" - special_time: daily - job: 'doveadm -o imapc_features="rfc822.size fetch-headers" -o imapc_host={{ item.old_imap_mail.host }} -o imapc_ssl={{ item.old_imap_mail.ssl|default("imaps") }} -o imapc_ssl_verify={{ item.old_imap_mail.ssl_verify|default("yes") }} -o imapc_port={{ item.old_imap_mail.port|default(993)|string }} -o imapc_user={{ item.old_imap_mail.user }} -o imapc_password={{ item.old_imap_mail.password }} sync -1 -Ru {{ item.name }}@{{ mailserver_domain }} imapc:' - backup: yes - user: vmail - when: "{{ item.old_imap_mail is defined and (item.old_imap_mail.sync is defined and item.old_imap_mail.sync == 'yes') }}" - loop: "{{ users }}" - no_log: yes diff --git a/tasks/main.yml b/tasks/main.yml index 74df1c9..a685e25 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -46,6 +46,12 @@ import_tasks: postfix.yml - name: Configure Dovecot import_tasks: dovecot.yml +- name: Sync old IMAP account + import_tasks: offlineimap.yml + when: "{{ item.old_imap_mail is defined }}" + loop: "{{ users }}" + become: yes + become_user: "{{ item.name }}" - name: Set up DKIM import_tasks: dkim.yml - name: Set up DMARC diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml new file mode 100644 index 0000000..2d41e77 --- /dev/null +++ b/tasks/offlineimap.yml @@ -0,0 +1,43 @@ +--- +- name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' +- name: Generate config and sync old IMAP contents + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap +- name: Sync old IMAP account + cron: + name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" + special_time: daily + job: offlineimap + backup: yes + user: "{{ item.name }}" +- name: De-duplicate IMAP mail + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" + backup: yes + user: "{{ item.name }}" + no_log: yes diff --git a/tasks/packages.yml b/tasks/packages.yml index 14fab17..cbdd545 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -317,6 +317,7 @@ - python3-pyyaml - python3-jinja2 - qrencode + - python3-pip state: latest - name: Install Remi packages dnf: @@ -414,3 +415,17 @@ dest: /usr/local/bin/ remote_src: yes backup: yes +- name: Install Python packages + pip: + name: + - offlineimap + state: latest +- name: Download as-is executables + get_url: + url: "{{ item.url }}" + dest: "{{ item.dest }}" + mode: u=rwx,go=rx + force: yes + backup: yes + loop: + - { url: "https://github.com/quentinsf/IMAPdedup/raw/master/imapdedup.py", dest: "/usr/local/bin/imapdedup.py" } diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 new file mode 100644 index 0000000..acb998c --- /dev/null +++ b/templates/offlineimap/offlineimaprc.j2 @@ -0,0 +1,26 @@ +[general] +accounts = oldimap + +[Account oldimap] +localrepository = newimap +remoterepository = oldimap + +[Repository newimap] +type = IMAP +remotehost = {{ mailserver_domain }} +remoteuser = {{ item.name }}@{{ mailserver_domain }} +remotepass = {{ item.password }} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +[Repository oldimap] +type = IMAP +remotehost = {{ item.old_imap_mail.host }} +remoteuser = {{ item.old_imap_mail.user }} +remotepass = {{ item.old_imap_mail.password }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} + +{% else %} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +{% endif %} From fc4d2659692dc49517567bcb0ea764b0c6d4587f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 6 Oct 2023 04:54:38 +0200 Subject: [PATCH 002/181] fix undeliverable exceptions --- defaults/main.yml | 3 +-- tasks/dmarc.yml | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6be1fbb..7bc2f93 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,8 +3,7 @@ authorized_submit_users: - root - www-data - apache -undeliverable_exceptions: - - mailserver_domain +undeliverable_exceptions: "{{ [mailserver_domain] + custom_domains }}" dkim_selector: 20220222 public_dns: no reset: no diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index dd268f8..759c26b 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -24,6 +24,7 @@ - { key: "RequiredHeaders", value: "true", comment: false } - { key: "SPFIgnoreResults", value: "false", comment: false } - { key: "SPFSelfValidate", value: "true", comment: false } + - { key: "IgnoreMailFrom", value: "{{ undeliverable_exceptions | join(',') }}", comment: false } notify: Restart opendmarc - name: Set up DMARC TXT records include_tasks: add_dns_record.yml From f8de14ceb5d45718b7425e8248cb5d6f95952f14 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 14 Oct 2023 19:37:23 +0200 Subject: [PATCH 003/181] fix several bugs when installing from scratch --- defaults/main.yml | 48 ++++----- files/mariadb/powerdnsdb_schema.sql | 160 +--------------------------- handlers/main.yml | 12 +++ tasks/create_mariadb_schema.yml | 4 +- tasks/firewall.yml | 6 ++ tasks/local_dns_cache.yml | 44 +++++--- tasks/main.yml | 4 +- tasks/offlineimap.yml | 6 ++ tasks/os.yml | 16 +++ tasks/packages.yml | 30 +++--- tasks/pdns_recursor.yml | 4 +- tasks/ssl.yml | 6 +- tasks/wireguard.yml | 8 +- templates/dnsdist/dnsdist.conf.j2 | 4 +- templates/resolv.conf.j2 | 7 ++ tests/test.yml | 1 + 16 files changed, 136 insertions(+), 224 deletions(-) create mode 100644 templates/resolv.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 7bc2f93..debb6e8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -105,33 +105,33 @@ spamassassin_rules: - { type: "meta", key: "NO_DOMAIN_IN_TO", value: "!__DOMAIN_IN_TO" } - { type: "score", key: "NO_DOMAIN_IN_TO", value: "3.0" } default_dns_records: - - { type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } - - { name: "{{ mailserver_hostname }}", type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { name: "{{ mailserver_hostname }}", type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } - - { name: "ns", type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { name: "ns", type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } + - { type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } + - { name: "{{ mailserver_hostname }}", type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { name: "{{ mailserver_hostname }}", type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } + - { name: "ns", type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { name: "ns", type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } - { type: "MX", content: "1 {{ mailserver_hostname }}.{{ mailserver_domain }}" } - { type: "TXT", content: "v=spf1 mx ~all" } - { name: "mail", type: "MX", content: "1 {{ mailserver_hostname }}.{{ mailserver_domain }}" } - { name: "mail2", type: "MX", content: "5 {{ mailserver_hostname }}.{{ mailserver_domain }}" } - { name: "smtp", type: "MX", content: "10 {{ mailserver_hostname }}.{{ mailserver_domain }}" } - - { name: "mail", type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { name: "mail2", type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { name: "smtp", type: "A", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" } - - { name: "mail", type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } - - { name: "mail2", type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } - - { name: "smtp", type: "AAAA", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" } - - { type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}", append: yes } - - { name: "mail", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}", append: yes } - - { name: "mail2", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}", append: yes } - - { name: "smtp", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}", append: yes } - - { type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}", append: yes } - - { name: "mail", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}", append: yes } - - { name: "mail2", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}", append: yes } - - { name: "smtp", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}", append: yes } - - { name: "{{ mailserver_hostname }}", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}", append: yes } - - { name: "{{ mailserver_hostname }}", type: "PTR", content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}", append: yes } + - { name: "mail", type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { name: "mail2", type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { name: "smtp", type: "A", content: "{{ ansible_default_ipv4.address }}" } + - { name: "mail", type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } + - { name: "mail2", type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } + - { name: "smtp", type: "AAAA", content: "{{ ansible_default_ipv6.address }}" } + - { type: "PTR", content: "{{ ansible_default_ipv4.address }}", append: yes } + - { name: "mail", type: "PTR", content: "{{ ansible_default_ipv4.address }}", append: yes } + - { name: "mail2", type: "PTR", content: "{{ ansible_default_ipv4.address }}", append: yes } + - { name: "smtp", type: "PTR", content: "{{ ansible_default_ipv4.address }}", append: yes } + - { type: "PTR", content: "{{ ansible_default_ipv6.address }}", append: yes } + - { name: "mail", type: "PTR", content: "{{ ansible_default_ipv6.address }}", append: yes } + - { name: "mail2", type: "PTR", content: "{{ ansible_default_ipv6.address }}", append: yes } + - { name: "smtp", type: "PTR", content: "{{ ansible_default_ipv6.address }}", append: yes } + - { name: "{{ mailserver_hostname }}", type: "PTR", content: "{{ ansible_default_ipv4.address }}", append: yes } + - { name: "{{ mailserver_hostname }}", type: "PTR", content: "{{ ansible_default_ipv6.address }}", append: yes } httpd_pam_deny_users: - root wireguard: @@ -142,8 +142,8 @@ wireguard: nameservers: - 10.42.42.1 - fd00::10:42:1 - # # - "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - # # - "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" + # # - "{{ ansible_default_ipv4.address }}" + # # - "{{ ansible_default_ipv6.address }}" listen_port: 25472 allowed_ips: # - 0.0.0.0/5 diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index b545247..da68118 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -125,98 +125,6 @@ CREATE TABLE `comments` ( ) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; --- --- Table structure for table `records_zone_templ` --- - -DROP TABLE IF EXISTS `cryptokeys`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `cryptokeys` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - flags INT NOT NULL, - active BOOL, - published BOOL DEFAULT 1, - content TEXT, - PRIMARY KEY(id), - KEY `domainidindex` (`domain_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `supermasters` --- - -DROP TABLE IF EXISTS `supermasters`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `supermasters` ( - ip VARCHAR(64) NOT NULL, - nameserver VARCHAR(255) NOT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, - PRIMARY KEY (ip, nameserver) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - -DROP TABLE IF EXISTS `domainmetadata`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `domainmetadata` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - kind VARCHAR(32), - content TEXT, - PRIMARY KEY (id), - KEY `domainmetadata_idx` (`domain_id`,`kind`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - -DROP TABLE IF EXISTS `tsigkeys`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `tsigkeys` ( - id INT AUTO_INCREMENT, - name VARCHAR(255), - algorithm VARCHAR(50), - secret VARCHAR(255), - PRIMARY KEY (id), - UNIQUE KEY `namealgoindex` (`name`,`algorithm`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - -DROP TABLE IF EXISTS `domains`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE domains ( - id INT AUTO_INCREMENT, - name VARCHAR(255) NOT NULL, - master VARCHAR(128) DEFAULT NULL, - last_check INT DEFAULT NULL, - type VARCHAR(8) NOT NULL, - notified_serial INT UNSIGNED DEFAULT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, - options VARCHAR(64000) DEFAULT NULL, - catalog VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (id), - UNIQUE KEY `name_index` (`name`), - KEY `catalog_idx` (`catalog`) -) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `migrations` --- - -DROP TABLE IF EXISTS `migrations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `migrations` ( - `version` varchar(255) NOT NULL, - `apply_time` int(11) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - -- -- Table structure for table `perm_items` -- @@ -237,74 +145,10 @@ CREATE TABLE `perm_items` ( ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; - -CREATE TABLE domainmetadata ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - kind VARCHAR(32), - content TEXT, - PRIMARY KEY (id) -) Engine=InnoDB CHARACTER SET 'latin1'; - -DROP TABLE IF EXISTS `zone_templ`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `zone_templ` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(128) NOT NULL, - `descr` varchar(1024) NOT NULL, - `owner` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `zone_templ_records` --- - -DROP TABLE IF EXISTS `zone_templ_records`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `zone_templ_records` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `zone_templ_id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `type` varchar(6) NOT NULL, - `content` varchar(255) NOT NULL, - `ttl` int(11) NOT NULL, - `prio` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - -- --- Table structure for table `zones` +-- Table structure for table `records` -- -DROP TABLE IF EXISTS `zones`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `zones` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `domain_id` int(11) NOT NULL, - `owner` int(11) NOT NULL, - `comment` varchar(1024) DEFAULT NULL, - `zone_templ_id` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; - -/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; -/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; -/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; - --- Dump completed on 2022-04-11 22:49:18 - DROP TABLE IF EXISTS `records`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; @@ -444,7 +288,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +-- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; diff --git a/handlers/main.yml b/handlers/main.yml index e8a6eb9..f6028a9 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -119,6 +119,18 @@ daemon_reload: yes enabled: yes state: restarted +- name: Default to localhost in resolv.conf + copy: + dest: /etc/resolv.conf + content: | + nameserver 127.0.0.1 + nameserver ::1 + search {{ ([mailserver_domain] + custom_domains)|join(' ') }} + backup: true + force: true + owner: root + group: root + mode: 0644 - name: Restart systemd-resolved systemd: name: systemd-resolved diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index 73f65ac..c4e335a 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -19,7 +19,7 @@ state: import login_user: root login_password: "{{ mysql_root_password }}" - target: "{{ '/tmp/ansible-mailserver-install.' ~ mariadb_database ~ '_schema.sql' }}" - no_log: yes + target: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" + # no_log: yes when: "mariadb_database_exists.changed or (mariadb_state is defined and mariadb_state == 'import')" register: mariadb_schema_created diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 02af2a4..f8bc0a4 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -1,4 +1,10 @@ --- +- name: Ensure firewall is enabled + systemd: + name: firewalld + daemon_reload: yes + enabled: yes + state: started - name: "Open Firewall for {{ port }}" block: - name: "Open firewall for numeric port {{ port }}" diff --git a/tasks/local_dns_cache.yml b/tasks/local_dns_cache.yml index 22cd483..ea2674d 100644 --- a/tasks/local_dns_cache.yml +++ b/tasks/local_dns_cache.yml @@ -1,20 +1,34 @@ --- - name: Configure local DNS cache - nmcli: - conn_name: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['interface'] }}" - ip4: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - ip6: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" - dns4: - - 127.0.0.1 - - 8.8.8.8 - - 1.1.1.1 - dns6: - - ::1 - - 2001:4860:4860::8888 - - 2606:4700:4700::1111 - state: present - type: ethernet - notify: Restart NetworkManager + block: + - name: Configure /etc/resolv.conf + template: + src: resolv.conf.j2 + dest: /etc/resolv.conf + owner: root + group: root + mode: 0644 + backup: yes + notify: + - Default to localhost in resolv.conf + - Restart NetworkManager + rescue: + - name: Configure local DNS cache + nmcli: + conn_name: "{{ ansible_default_ipv4.interface }}" + ip4: "{{ ansible_default_ipv4.address }}" + ip6: "{{ ansible_default_ipv6.address }}" + dns4: + - 127.0.0.1 + - 8.8.8.8 + - 1.1.1.1 + dns6: + - ::1 + - 2001:4860:4860::8888 + - 2606:4700:4700::1111 + state: present + type: ethernet + notify: Restart NetworkManager - name: Create resolved.conf.d directory file: path: /etc/systemd/resolved.conf.d diff --git a/tasks/main.yml b/tasks/main.yml index a685e25..56212c3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -47,11 +47,9 @@ - name: Configure Dovecot import_tasks: dovecot.yml - name: Sync old IMAP account - import_tasks: offlineimap.yml + include_tasks: offlineimap.yml when: "{{ item.old_imap_mail is defined }}" loop: "{{ users }}" - become: yes - become_user: "{{ item.name }}" - name: Set up DKIM import_tasks: dkim.yml - name: Set up DMARC diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 2d41e77..75db9b7 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -3,6 +3,8 @@ set_fact: old_imap_fingerprint: '' - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ item.name }}" block: - name: Create offlineimap config template: @@ -27,6 +29,8 @@ - name: Sync old IMAP for the first time (this might tale a while...) command: offlineimap - name: Sync old IMAP account + become: yes + become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily @@ -34,6 +38,8 @@ backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail + become: yes + become_user: "{{ item.name }}" cron: name: De-duplicate IMAP mail special_time: daily diff --git a/tasks/os.yml b/tasks/os.yml index 39a6864..9dfee63 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -4,6 +4,22 @@ register: getenforce - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" +- name: Enable IPv6 + when: ansible_default_ipv6.address is not defined + block: + - name: Enable IPv6 via sysctl + sysctl: + name: "{{ item }}" + value: 0 + state: present + sysctl_set: true + loop: + - "net.ipv6.conf.all.disable_ipv6" + - "net.ipv6.conf.{{ ansible_default_ipv4.interface }}.disable_ipv6" + - name: Reboot to pick up changes + reboot: + reboot_timeout: 600 + msg: "Reboot initiated by Ansible to enable IPv6" - name: Install requiremets block: - name: Install packages diff --git a/tasks/packages.yml b/tasks/packages.yml index cbdd545..262eee0 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -124,7 +124,12 @@ - name: Reset the PHP DNF module command: dnf module reset php -y - name: Enable DNF modules - command: dnf module enable php:remi-7.4 389-directory-server:stable/default go-toolset -y + command: dnf module enable php:remi-7.4 go-toolset -y +- name: Enable the COPR repositories + command: "dnf copr enable -y {{ item }}" + loop: + - "@389ds/389-directory-server" + - "eclipseo/golang-ng custom-1-x86_64" - name: Install packages package: name: @@ -306,7 +311,7 @@ - mod_authnz_pam - mod_authnz_external - pwauth - - kmod-wireguard + # - kmod-wireguard - wireguard-tools - bindfs - golang @@ -318,6 +323,7 @@ - python3-jinja2 - qrencode - python3-pip + - golang-github-acme-lego state: latest - name: Install Remi packages dnf: @@ -405,16 +411,16 @@ pear: name: pear.horde.org/Horde_ActiveSync state: latest -- name: Install go package - command: "go install {{ item }}" - loop: - - github.com/go-acme/lego/v4/cmd/lego@latest -- name: Copy GO binaries to /usr/local/bin - copy: - src: "{{ ansible_env.HOME }}/go/bin/" - dest: /usr/local/bin/ - remote_src: yes - backup: yes +# - name: Install go packages +# command: "go install {{ item }}" +# loop: +# - github.com/go-acme/lego/v4/cmd/lego@latest +# - name: Copy GO binaries to /usr/local/bin +# copy: +# src: "{{ ansible_env.HOME }}/go/bin/" +# dest: /usr/local/bin/ +# remote_src: yes +# backup: yes - name: Install Python packages pip: name: diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index 5c442b6..11d1e51 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -40,8 +40,8 @@ path: /etc/hosts backup: yes loop: - - "{{ wireguard.ipv4_pool|split('/')|first|regex_replace('\\.0$', '\.1') }}" - - "{{ wireguard.ipv6_pool|split('/')|first|regex_replace('\:0$', '\:1') }}" + - "{{ wireguard.ipv4_pool|split('/')|first|regex_replace('\\.0$', '.1') }}" + - "{{ wireguard.ipv6_pool|split('/')|first|regex_replace('\\:0$', ':1') }}" when: wireguard is defined notify: Restart pdns-recursor - name: Configure PowerDNS recursor to forward custom domains diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 6dfe7af..052a69f 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -109,7 +109,8 @@ - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Generate LetsEncrypt certificates - command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" + # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" + command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" environment: EXEC_PROPAGATION_TIMEOUT: 4242 PDNS_API_URL: http://127.0.0.1:8081/ @@ -164,5 +165,6 @@ name: certificate-auto-renewal special_time: monthly # job: certbot renew --quiet && systemctl reload postfix dovecot httpd - job: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem renew --days 90 --must-staple --renew-hook=\"/usr/bin/systemctl reload httpd postfix dovecot\"" + # job: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem renew --days 90 --must-staple --renew-hook=\"/usr/bin/systemctl reload httpd postfix dovecot\"" + job: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem renew --days 90 --must-staple --renew-hook=\"/usr/bin/systemctl reload httpd postfix dovecot\"" backup: yes diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index f122990..564e1b4 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -187,7 +187,7 @@ name: "@" ttl: "3600" type: A - content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + content: "{{ ansible_default_ipv4.address }}" - name: Add DynDNS root AAAA record import_tasks: add_dns_record.yml vars: @@ -196,7 +196,7 @@ name: "@" ttl: "3600" type: AAAA - content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" + content: "{{ ansible_default_ipv6.address }}" - name: Add DynDNS A records include_tasks: add_dns_record.yml vars: @@ -227,7 +227,7 @@ name: "@" ttl: "3600" type: A - content: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + content: "{{ ansible_default_ipv4.address }}" - name: Add VPN root AAAA record import_tasks: add_dns_record.yml vars: @@ -236,7 +236,7 @@ name: "@" ttl: "3600" type: AAAA - content: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}" + content: "{{ ansible_default_ipv6.address }}" - name: Add VPN A records include_tasks: add_dns_record.yml vars: diff --git a/templates/dnsdist/dnsdist.conf.j2 b/templates/dnsdist/dnsdist.conf.j2 index 84c555a..4197a07 100644 --- a/templates/dnsdist/dnsdist.conf.j2 +++ b/templates/dnsdist/dnsdist.conf.j2 @@ -1,8 +1,8 @@ setLocal('127.0.0.1:53') addLocal('::1') -addLocal('{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}') +addLocal('{{ ansible_default_ipv4.address }}') -{# addLocal('{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}') #} +{# addLocal('{{ ansible_default_ipv6.address }}') #} {% if wireguard is defined %} addLocal('{{ wireguard.ipv4_pool.split('/')|first|regex_replace('.0$','.1') }}') diff --git a/templates/resolv.conf.j2 b/templates/resolv.conf.j2 new file mode 100644 index 0000000..bc0acda --- /dev/null +++ b/templates/resolv.conf.j2 @@ -0,0 +1,7 @@ +nameserver 127.0.0.1 +nameserver 8.8.8.8 +#nameserver 1.1.1.1 +nameserver ::1 +#nameserver 2001:4860:4860::8888 +#nameserver 2606:4700:4700::1111 +search {{ ([mailserver_domain] + custom_domains)|join(' ') }} diff --git a/tests/test.yml b/tests/test.yml index 17abb03..75f6348 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,6 @@ --- - hosts: all remote_user: root + gather_facts: true roles: - ansible-mailserver From ac391fc19563b20acb1dc9475c9e1cfc6826b30f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 00:13:21 +0200 Subject: [PATCH 004/181] restart pdns anyway --- tasks/pdns.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/tasks/pdns.yml b/tasks/pdns.yml index 794d9e4..2ad3caf 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -4,7 +4,6 @@ vars: mariadb_database: powerdnsdb mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" - register: powerdns_db_state when: 'public_dns == "yes"' - name: Set up PowerDNS DB privileges mysql_user: @@ -23,7 +22,6 @@ # db: powerdnsdb # user: powerdns # password: "{{ powerdns_db_password }}" -# when: powerdns_db_state.changed - name: Configure PowerDNS authoritative server lineinfile: path: /etc/pdns/pdns.conf @@ -60,4 +58,3 @@ daemon_reload: yes enabled: yes state: restarted - when: powerdns_db_state.changed From 28e6628c158b53c50d2dc2601c1255f8db8e1904 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 02:19:23 +0200 Subject: [PATCH 005/181] fix sql --- tasks/dns_records.yml | 6 ++++-- tasks/poweradmin.yml | 12 ++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index 8880606..ad52117 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -56,7 +56,9 @@ register: zone_records loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - name: Correct SOA record for all domains - command: 'pdnsutil replace-rrset {{ item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ item }} {{ zone_records.stdout_lines|length }} 10800 3600 604800 3600"' - loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" + command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines|length }} 10800 3600 604800 3600"' + loop: "{{ zone_records.results }}" + loop_control: + loop_var: zone_record - name: Rectify all zones command: pdnsutil rectify-all-zones diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 420cb0e..3c26958 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -52,9 +52,9 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) @@ -72,9 +72,9 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) From 60d994b006d8c9e016ed3f91ec3ad01effce36d9 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 03:28:38 +0200 Subject: [PATCH 006/181] fix DB schema --- files/mariadb/powerdnsdb_schema.sql | 194 +++++++++++++++------------- tasks/poweradmin.yml | 12 +- 2 files changed, 107 insertions(+), 99 deletions(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index da68118..09f20e8 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -1,8 +1,8 @@ --- MySQL dump 10.19 Distrib 10.3.28-MariaDB, for Linux (x86_64) +-- MySQL dump 10.19 Distrib 10.3.39-MariaDB, for Linux (x86_64) -- -- Host: localhost Database: powerdnsdb -- ------------------------------------------------------ --- Server version 10.3.28-MariaDB +-- Server version 10.3.39-MariaDB /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; @@ -23,17 +23,17 @@ DROP TABLE IF EXISTS `comments`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `comments` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - name VARCHAR(255) NOT NULL, - type VARCHAR(10) NOT NULL, - modified_at INT NOT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, - comment TEXT CHARACTER SET 'utf8' NOT NULL, - PRIMARY KEY (id), + `id` int(11) NOT NULL AUTO_INCREMENT, + `domain_id` int(11) NOT NULL, + `name` varchar(255) NOT NULL, + `type` varchar(10) NOT NULL, + `modified_at` int(11) NOT NULL, + `account` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, + `comment` text CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + PRIMARY KEY (`id`), KEY `comments_name_type_idx` (`name`,`type`), KEY `comments_order_idx` (`domain_id`,`modified_at`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -44,15 +44,15 @@ DROP TABLE IF EXISTS `cryptokeys`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `cryptokeys` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - flags INT NOT NULL, - active BOOL, - published BOOL DEFAULT 1, - content TEXT, - PRIMARY KEY(id), + `id` int(11) NOT NULL AUTO_INCREMENT, + `domain_id` int(11) NOT NULL, + `flags` int(11) NOT NULL, + `active` tinyint(1) DEFAULT NULL, + `published` tinyint(1) DEFAULT 1, + `content` text DEFAULT NULL, + PRIMARY KEY (`id`), KEY `domainidindex` (`domain_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -63,13 +63,13 @@ DROP TABLE IF EXISTS `domainmetadata`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `domainmetadata` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - kind VARCHAR(32), - content TEXT, - PRIMARY KEY (id), + `id` int(11) NOT NULL AUTO_INCREMENT, + `domain_id` int(11) NOT NULL, + `kind` varchar(32) DEFAULT NULL, + `content` text DEFAULT NULL, + PRIMARY KEY (`id`), KEY `domainmetadata_idx` (`domain_id`,`kind`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=887 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -79,20 +79,20 @@ CREATE TABLE `domainmetadata` ( DROP TABLE IF EXISTS `domains`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE domains ( - id INT AUTO_INCREMENT, - name VARCHAR(255) NOT NULL, - master VARCHAR(128) DEFAULT NULL, - last_check INT DEFAULT NULL, - type VARCHAR(8) NOT NULL, - notified_serial INT UNSIGNED DEFAULT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, - options VARCHAR(64000) DEFAULT NULL, - catalog VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (id), +CREATE TABLE `domains` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `master` varchar(128) DEFAULT NULL, + `last_check` int(11) DEFAULT NULL, + `type` varchar(8) NOT NULL, + `notified_serial` int(10) unsigned DEFAULT NULL, + `account` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL, + `options` varchar(64000) DEFAULT NULL, + `catalog` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), UNIQUE KEY `name_index` (`name`), KEY `catalog_idx` (`catalog`) -) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -105,44 +105,52 @@ DROP TABLE IF EXISTS `migrations`; CREATE TABLE `migrations` ( `version` varchar(255) NOT NULL, `apply_time` int(11) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -DROP TABLE IF EXISTS `comments`; +-- +-- Table structure for table `perm_items` +-- + +DROP TABLE IF EXISTS `perm_items`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE `comments` ( - id INT AUTO_INCREMENT, - domain_id INT NOT NULL, - name VARCHAR(255) NOT NULL, - type VARCHAR(10) NOT NULL, - modified_at INT NOT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, - comment TEXT CHARACTER SET 'utf8' NOT NULL, - PRIMARY KEY (id), - KEY `comments_name_type_idx` (`name`,`type`), - KEY `comments_order_idx` (`domain_id`,`modified_at`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +CREATE TABLE `perm_items` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(64) NOT NULL, + `descr` varchar(1024) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=63 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- --- Table structure for table `perm_items` +-- Table structure for table `perm_templ` -- -DROP TABLE IF EXISTS `perm_items`; +DROP TABLE IF EXISTS `perm_templ`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; -CREATE TABLE `perm_items` ( +CREATE TABLE `perm_templ` ( `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL, - `master` varchar(128) DEFAULT NULL, - `last_check` int(11) DEFAULT NULL, - `type` varchar(6) NOT NULL, - `notified_serial` int(10) unsigned DEFAULT NULL, - `account` varchar(40) CHARACTER SET utf8 DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `name_index` (`name`) -) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; + `name` varchar(128) NOT NULL, + `descr` varchar(1024) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `perm_templ_items` +-- + +DROP TABLE IF EXISTS `perm_templ_items`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `perm_templ_items` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `templ_id` int(11) NOT NULL, + `perm_id` int(11) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -153,21 +161,21 @@ DROP TABLE IF EXISTS `records`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `records` ( - id BIGINT AUTO_INCREMENT, - domain_id INT DEFAULT NULL, - name VARCHAR(255) DEFAULT NULL, - type VARCHAR(10) DEFAULT NULL, - content VARCHAR(64000) DEFAULT NULL, - ttl INT DEFAULT NULL, - prio INT DEFAULT NULL, - disabled TINYINT(1) DEFAULT 0, - ordername VARCHAR(255) BINARY DEFAULT NULL, - auth TINYINT(1) DEFAULT 1, - PRIMARY KEY (id), + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `domain_id` int(11) DEFAULT NULL, + `name` varchar(255) DEFAULT NULL, + `type` varchar(10) DEFAULT NULL, + `content` varchar(64000) DEFAULT NULL, + `ttl` int(11) DEFAULT NULL, + `prio` int(11) DEFAULT NULL, + `disabled` tinyint(1) DEFAULT 0, + `ordername` varchar(255) CHARACTER SET latin1 COLLATE latin1_bin DEFAULT NULL, + `auth` tinyint(1) DEFAULT 1, + PRIMARY KEY (`id`), KEY `nametype_index` (`name`,`type`), KEY `domain_id` (`domain_id`), KEY `ordername` (`ordername`) -) ENGINE=InnoDB AUTO_INCREMENT=50 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=1216 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -181,7 +189,7 @@ CREATE TABLE `records_zone_templ` ( `domain_id` int(11) NOT NULL, `record_id` int(11) NOT NULL, `zone_templ_id` int(11) NOT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -192,11 +200,11 @@ DROP TABLE IF EXISTS `supermasters`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `supermasters` ( - ip VARCHAR(64) NOT NULL, - nameserver VARCHAR(255) NOT NULL, - account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, - PRIMARY KEY (ip, nameserver) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; + `ip` varchar(64) NOT NULL, + `nameserver` varchar(255) NOT NULL, + `account` varchar(40) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, + PRIMARY KEY (`ip`,`nameserver`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -207,13 +215,13 @@ DROP TABLE IF EXISTS `tsigkeys`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `tsigkeys` ( - id INT AUTO_INCREMENT, - name VARCHAR(255), - algorithm VARCHAR(50), - secret VARCHAR(255), - PRIMARY KEY (id), + `id` int(11) NOT NULL AUTO_INCREMENT, + `name` varchar(255) DEFAULT NULL, + `algorithm` varchar(50) DEFAULT NULL, + `secret` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), UNIQUE KEY `namealgoindex` (`name`,`algorithm`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -234,7 +242,7 @@ CREATE TABLE `users` ( `active` int(1) NOT NULL, `use_ldap` int(1) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -250,7 +258,7 @@ CREATE TABLE `zone_templ` ( `descr` varchar(1024) NOT NULL, `owner` int(11) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -269,7 +277,7 @@ CREATE TABLE `zone_templ_records` ( `ttl` int(11) NOT NULL, `prio` int(11) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -286,9 +294,9 @@ CREATE TABLE `zones` ( `comment` varchar(1024) DEFAULT NULL, `zone_templ_id` int(11) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; @@ -298,4 +306,4 @@ CREATE TABLE `zones` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2022-04-11 22:49:18 +-- Dump completed on 2023-10-15 3:26:34 diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 3c26958..2e6714a 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -52,9 +52,9 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) @@ -72,9 +72,9 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `description`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) From 21fd53fcf2d92554c875d2bff58abf421f2b050d Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 03:51:30 +0200 Subject: [PATCH 007/181] fix sql --- tasks/poweradmin.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 2e6714a..86bd088 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -61,7 +61,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, domain_id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" + - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" # no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords @@ -81,7 +81,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, domain_id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" + - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" # no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords From 53c51db3f13dc76ab85eb4f9f8ba5e07f7e3ee4f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 04:07:37 +0200 Subject: [PATCH 008/181] fix typo --- tasks/poweradmin.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 86bd088..85777e0 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -61,7 +61,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" + - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" # no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords @@ -81,7 +81,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zonr_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" + - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" # no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords From 1ee3042c3265eb05dd08eaf9ab58ee8ba6458f05 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 04:32:49 +0200 Subject: [PATCH 009/181] make sure DynDNS .htaccess is in place --- files/poweradmin/htaccess.dist | 5 +++++ tasks/poweradmin.yml | 23 ++++++++++++++++------- 2 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 files/poweradmin/htaccess.dist diff --git a/files/poweradmin/htaccess.dist b/files/poweradmin/htaccess.dist new file mode 100644 index 0000000..761531c --- /dev/null +++ b/files/poweradmin/htaccess.dist @@ -0,0 +1,5 @@ + + RewriteEngine On + RewriteRule ^update$ /dynamic_update.php + RewriteRule ^nic/update$ /dynamic_update.php + diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 85777e0..a18ae68 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -91,14 +91,23 @@ register: htaccess_exists when: 'public_dns == "yes"' - name: Set up DynDNS .htaccess - copy: - src: /var/www/poweradmin/install/htaccess.dist - dest: /var/www/poweradmin/.htaccess - remote_src: yes - owner: apache - group: apache - mode: ug=rw,o=r when: 'public_dns == "yes" and not htaccess_exists.stat.exists' + block: + - name: Set up DynDNS .htaccess from installer files + copy: + src: /var/www/poweradmin/install/htaccess.dist + dest: /var/www/poweradmin/.htaccess + remote_src: yes + owner: apache + group: apache + mode: ug=rw,o=r + - name: Set up DynDNS .htaccess from repository + copy: + src: poweradmin/htaccess.dist + dest: /var/www/poweradmin/.htaccess + owner: apache + group: apache + mode: ug=rw,o=r - name: Render PowerAdmin config template: src: poweradmin/config.inc.php.j2 From c448dafc6dcb7951babc4d926028b6cf470e65b9 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 04:49:08 +0200 Subject: [PATCH 010/181] add missing rescue block --- tasks/poweradmin.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index a18ae68..c518eab 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -101,6 +101,7 @@ owner: apache group: apache mode: ug=rw,o=r + rescue: - name: Set up DynDNS .htaccess from repository copy: src: poweradmin/htaccess.dist From 22ceb204c678e73a137efbc973432849c8c89a79 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 10:57:23 +0200 Subject: [PATCH 011/181] fix certificate symlinks --- tasks/ssl.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 052a69f..e503882 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -115,14 +115,16 @@ EXEC_PROPAGATION_TIMEOUT: 4242 PDNS_API_URL: http://127.0.0.1:8081/ PDNS_API_KEY: "{{ powerdns_api_key }}" -- name: Create symlink to the Let's Encrypt content +- name: Create symlink to the full certificate chain file: - path: "/etc/letsencrypt/live/{{ mailserver_domain }}/{{ item }}.pem" - src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.{{ 'pem' if item == 'fullchain' else 'key' }}" + path: "/etc/letsencrypt/live/{{ mailserver_domain }}/fullchain.pem" + src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.pem" + state: link +- name: Create symlink to the private key + file: + path: "/etc/letsencrypt/live/{{ mailserver_domain }}/cert.key" + src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.key" state: link - loop: - - privkey - - fullchain - name: Allow Apache to reach letsencrypt keys acl: path: "{{ item.path }}" From 119355513d77caf5bf9be3bc62515c83fd9432e5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 11:32:30 +0200 Subject: [PATCH 012/181] fix certificate symlink --- tasks/ssl.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index e503882..7377b7c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -116,6 +116,11 @@ PDNS_API_URL: http://127.0.0.1:8081/ PDNS_API_KEY: "{{ powerdns_api_key }}" - name: Create symlink to the full certificate chain + file: + path: "/etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem" + src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.crt" + state: link +- name: Create symlink to the main certificate file: path: "/etc/letsencrypt/live/{{ mailserver_domain }}/fullchain.pem" src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.pem" From 759dbc7e1d4324f356541b755d71af610c63b794 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 12:04:07 +0200 Subject: [PATCH 013/181] shell instead of command --- tasks/offlineimap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 75db9b7..49434fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -17,7 +17,7 @@ command: offlineimap rescue: - name: Fetch old IMAPS fingerprint - command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" register: old_imap_fingerprint - name: Create offlineimap config template: From d4a3ee315cc137ecf0122da67cdda8eafbbfc919 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 13:12:24 +0200 Subject: [PATCH 014/181] fix user home reference --- tasks/offlineimap.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 49434fc..3ade8f6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -9,7 +9,7 @@ - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" + dest: "/home/{{ item.name }}/.offlineimaprc" owner: "{{ item.name }}" backup: yes no_log: yes @@ -22,7 +22,7 @@ - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" + dest: "/home/{{ item.name }}/.offlineimaprc" owner: "{{ item.name }}" backup: yes no_log: yes From 1e8077234bfa6644b5174fca86e5f801e1f4d89e Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 14:08:42 +0200 Subject: [PATCH 015/181] correct fingerprint variable --- templates/offlineimap/offlineimaprc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index acb998c..7239e94 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -17,7 +17,7 @@ type = IMAP remotehost = {{ item.old_imap_mail.host }} remoteuser = {{ item.old_imap_mail.user }} remotepass = {{ item.old_imap_mail.password }} -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} From d6a05b01f026482a64213f18eac3e56d4186bfe1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:53:56 +0200 Subject: [PATCH 016/181] fix offlineimap package --- tasks/offlineimap.yml | 6 +++--- tasks/packages.yml | 3 ++- tasks/ssl.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 4 ++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 3ade8f6..5e5c1b6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -14,7 +14,7 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" @@ -27,14 +27,14 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap - name: Sync old IMAP account become: yes become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily - job: offlineimap + job: /usr/local/bin/offlineimap backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail diff --git a/tasks/packages.yml b/tasks/packages.yml index 262eee0..56388a6 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -424,7 +424,8 @@ - name: Install Python packages pip: name: - - offlineimap + - imaplib2 + - "git+https://github.com/OfflineIMAP/offlineimap3" state: latest - name: Download as-is executables get_url: diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 7377b7c..87c534a 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,6 +108,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } +# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 7239e94..82de6fb 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -10,7 +10,7 @@ type = IMAP remotehost = {{ mailserver_domain }} remoteuser = {{ item.name }}@{{ mailserver_domain }} remotepass = {{ item.password }} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP @@ -21,6 +21,6 @@ remotepass = {{ item.old_imap_mail.password }} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt {% endif %} From 90333e8edb20b7cd11c436782a2be01b12f66852 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:55:50 +0200 Subject: [PATCH 017/181] fix name translation --- templates/offlineimap/offlineimaprc.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 82de6fb..ef7207d 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -17,6 +17,9 @@ type = IMAP remotehost = {{ item.old_imap_mail.host }} remoteuser = {{ item.old_imap_mail.user }} remotepass = {{ item.old_imap_mail.password }} +# The below will put all folders as sub-folders of the 'local' INBOX, +# assuming that your path separator on 'local' is a dot. +nametrans = lambda x: 'INBOX.' + x {% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} From c655ab3b45b3ad182c9c62c79bb97e1a4a738403 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 18:23:38 +0200 Subject: [PATCH 018/181] fix stdout parsing --- templates/offlineimap/offlineimaprc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index ef7207d..917b188 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -21,7 +21,7 @@ remotepass = {{ item.old_imap_mail.password }} # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x {% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} +cert_fingerprint = {{ old_imap_fingerprint.stdout | split('Fingerprint=') | last }} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt From 4f2125e2411564ab28e7f17646659c14f86d7dbf Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:21:36 +0200 Subject: [PATCH 019/181] tag specific tasks --- tasks/backups.yml | 1 + tasks/main.yml | 35 ++++++++- tasks/offlineimap.yml | 101 ++++++++++++++----------- tasks/os.yml | 13 ++++ tasks/packages.yml | 58 +++++++++++++- tasks/pdns_recursor.yml | 1 + tasks/ssl.yml | 1 - templates/offlineimap/offlineimaprc.j2 | 4 +- 8 files changed, 164 insertions(+), 50 deletions(-) diff --git a/tasks/backups.yml b/tasks/backups.yml index 236237d..50adf62 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -111,6 +111,7 @@ - pdns - wg_vpn - name: Restore backups + tags: restore when: mariadb_backup_path is defined or ldap_backup_path is defined or opendkim_backup_path is defined or opendmarc_backup_path is defined or vsftpd_backup_path is defined or ssl_backup_path is defined or horde_backup_path is defined or dovecot_backup_path is defined or postfix_backup_path is defined or pdns_backup_path is defined or wg_vpn_backup_path is defined block: - name: Prepare MariaDB backup diff --git a/tasks/main.yml b/tasks/main.yml index 56212c3..385ee61 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,56 +11,87 @@ mariabackup_password: "{{ mariabackup_password | default(lookup('password', '/tmp/ansible-mailserver-install.mariabackup_password chars=ascii_letters,digits')) }}" horde_secret_key: "{{ horde_secret_key | default(lookup('password', '/tmp/ansible-mailserver-install.horde_secret_key chars=ascii_letters,digits')) }}" no_log: yes + tags: always - name: Fill authorized submit user list set_fact: authorized_submit_users: "{{ authorized_submit_users + [ item.name ] }}" loop: "{{ users }}" no_log: yes + tags: always - name: Configure OS import_tasks: os.yml + tags: os - name: Configure MariaDB import_tasks: mariadb.yml + tags: mariadb - name: Configure DNS import_tasks: dns.yml + tags: + - always + - dns - name: Configure PostfixAdmin import_tasks: postfixadmin.yml + tags: postfixadmin - name: Set up SSL import_tasks: ssl.yml + tags: ssl - name: Configure LDAP import_tasks: ldap.yml + tags: ldap - name: Set up Horde import_tasks: horde.yml + tags: horde - name: Set up ElasticSearch import_tasks: elasticsearch.yml + tags: elasticsearch - name: Set up FTP import_tasks: ftp.yml + tags: ftp - name: Configure Apache import_tasks: httpd.yml + tags: + - httpd - name: Set up SPAMAssassin import_tasks: spamassassin.yml + tags: spamassassin - name: Configure Antivirus import_tasks: antivirus.yml + tags: antivirus - name: Configure Redis import_tasks: redis.yml + tags: redis - name: Configure Postfix import_tasks: postfix.yml + tags: postfix - name: Configure Dovecot import_tasks: dovecot.yml + tags: dovecot - name: Sync old IMAP account include_tasks: offlineimap.yml - when: "{{ item.old_imap_mail is defined }}" - loop: "{{ users }}" + loop: users + loop_control: + loop_var: current_user + tags: imapsync - name: Set up DKIM import_tasks: dkim.yml + tags: + - always + - dkim - name: Set up DMARC import_tasks: dmarc.yml + tags: dmarc - name: Set up MongoDB import_tasks: mongodb.yml + tags: mongodb - name: Set up WebDav import_tasks: webdav.yml + tags: webdav - name: Set up WireGuard import_tasks: wireguard.yml + tags: wireguard - name: Set up backups import_tasks: backups.yml + tags: backup - name: Configure fail2ban import_tasks: fail2ban.yml + tags: fail2ban diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 5e5c1b6..e6760fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,49 +1,62 @@ --- -- name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' -- name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ item.name }}" +- name: Sync from old IMAP account + when: "{{ current_user.old_imap_mail is defined }}" block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ item.name }}/.offlineimaprc" - owner: "{{ item.name }}" + - name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' + - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ current_user.name }}" + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "/home/{{ current_user.name }}/.offlineimaprc" + owner: "{{ current_user.name }}" + backup: yes + # no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: /usr/local/bin/offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - debug: + msg: "{{ debug_item }}" + loop: + - "{{ old_imap_fingerprint }}" + - "{{ old_imap_fingerprint.stdout }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') | last }}" + loop_control: + loop_var: debug_item + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "/home/{{ current_user.name }}/.offlineimaprc" + owner: "{{ current_user.name }}" + backup: yes + # no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: /usr/local/bin/offlineimap + - name: Sync old IMAP account + become: yes + become_user: "{{ current_user.name }}" + cron: + name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" + special_time: daily + job: /usr/local/bin/offlineimap backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ item.name }}/.offlineimaprc" - owner: "{{ item.name }}" + user: "{{ current_user.name }}" + - name: De-duplicate IMAP mail + become: yes + become_user: "{{ current_user.name }}" + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" backup: yes + user: "{{ current_user.name }}" no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap -- name: Sync old IMAP account - become: yes - become_user: "{{ item.name }}" - cron: - name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ item.name }}" -- name: De-duplicate IMAP mail - become: yes - become_user: "{{ item.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" - backup: yes - user: "{{ item.name }}" - no_log: yes diff --git a/tasks/os.yml b/tasks/os.yml index 9dfee63..87a8a3d 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -2,6 +2,7 @@ - name: Check SELinux status shell: getenforce register: getenforce + tags: always - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" - name: Enable IPv6 @@ -67,10 +68,21 @@ register: user_info no_log: yes notify: Warn on passwords + tags: + - all + - ftp + - httpd + - poweradmin + - wireguard + - dns + - horde + - ldap + - postfixadmin - name: Enable ip_conntrack modprobe: name: ip_conntrack state: present + tags: wireguard - name: Set up cron mailto cron: backup: yes @@ -87,6 +99,7 @@ state: present create: yes backup: yes + tags: ssl # - name: Create Podman Compose service # copy: # dest: '/etc/systemd/system/podman-compose@.service' diff --git a/tasks/packages.yml b/tasks/packages.yml index 56388a6..0ee6ba0 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,9 +1,36 @@ --- +- name: Set up UEK repository (for wireguard support) + tags: wireguard + blockinfile: + path: /etc/yum.repos.d/uek-ol8.repo + marker: "# {mark} ANSIBLE MANAGED BLOCK Unbreakable Enterprise Kernel Release 7 for Oracle Linux repository" + block: | + [ol8_UEKR7] + name=Latest Unbreakable Enterprise Kernel Release 7 for Oracle Linux $releasever ($basearch) + baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/UEKR7/$basearch/ + gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 + gpgcheck=1 + enabled=1 + + [ol8_baseos_latest] + name=Oracle Linux 8 BaseOS Latest ($basearch) + baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/$basearch/ + gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 + gpgcheck=1 + enabled=0 + mode: u=rw,og=r + owner: root + group: root + state: present + backup: yes + create: yes - name: Set up Remi repository + tags: horde dnf: name: "https://rpms.remirepo.net/enterprise/remi-release-{{ hostvars[inventory_hostname].ansible_distribution_major_version }}.rpm" disable_gpg_check: yes - name: Set up ElasticSearch repository + tags: elasticsearch blockinfile: path: /etc/yum.repos.d/elastic.repo marker: "# {mark} ANSIBLE MANAGED BLOCK ElasticSearch 8.x repository" @@ -39,6 +66,7 @@ backup: yes create: yes - name: Set up PowerDNS repository + tags: dns blockinfile: path: /etc/yum.repos.d/powerdns.repo marker: "# {mark} ANSIBLE MANAGED BLOCK PowerDNS repository" @@ -124,9 +152,13 @@ - name: Reset the PHP DNF module command: dnf module reset php -y - name: Enable DNF modules + tags: horde command: dnf module enable php:remi-7.4 go-toolset -y - name: Enable the COPR repositories command: "dnf copr enable -y {{ item }}" + tags: + - ldap + - dns loop: - "@389ds/389-directory-server" - "eclipseo/golang-ng custom-1-x86_64" @@ -311,7 +343,6 @@ - mod_authnz_pam - mod_authnz_external - pwauth - # - kmod-wireguard - wireguard-tools - bindfs - golang @@ -326,6 +357,7 @@ - golang-github-acme-lego state: latest - name: Install Remi packages + tags: horde dnf: name: - php-channel-horde @@ -407,7 +439,28 @@ - getmail enablerepo: epel-el7 state: latest +- name: Enable WireGuard kernel module + tags: wireguard + block: + - name: Load the WireGuard kernel module + modprobe: + name: wireguard + rescue: + - name: Install UEK packages + dnf: + name: + - kmod-wireguard + enablerepo: ol8_baseos_latest + state: latest + - name: Reboot to pick up changes + reboot: + reboot_timeout: 600 + msg: "Reboot initiated by Ansible to enable WireGuard" + - name: Load the WireGuard kernel module + modprobe: + name: wireguard - name: Install PEAR packages + tags: horde pear: name: pear.horde.org/Horde_ActiveSync state: latest @@ -415,6 +468,7 @@ # command: "go install {{ item }}" # loop: # - github.com/go-acme/lego/v4/cmd/lego@latest +# tags: ssl # - name: Copy GO binaries to /usr/local/bin # copy: # src: "{{ ansible_env.HOME }}/go/bin/" @@ -422,12 +476,14 @@ # remote_src: yes # backup: yes - name: Install Python packages + tags: imapsync pip: name: - imaplib2 - "git+https://github.com/OfflineIMAP/offlineimap3" state: latest - name: Download as-is executables + tags: imapsync get_url: url: "{{ item.url }}" dest: "{{ item.dest }}" diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index 11d1e51..546585d 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -35,6 +35,7 @@ when: 'public_dns == "yes"' notify: Restart pdns-recursor - name: Add VPN addresses to hosts file + tags: wireguard lineinfile: line: "{{ item }} postfixadmin.vpn.{{ mailserver_domain }} poweradmin.vpn.{{ mailserver_domain }}" path: /etc/hosts diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 87c534a..7377b7c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,7 +108,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } -# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 917b188..43d6dc3 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -20,8 +20,8 @@ remotepass = {{ item.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | split('Fingerprint=') | last }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt From 7df8d91f08e0ce219347d289c30eb3a0a28de101 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:40:29 +0200 Subject: [PATCH 020/181] fix task dependencies --- tasks/main.yml | 10 +++------- tasks/offlineimap.yml | 1 + tasks/packages.yml | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 385ee61..b74ef6f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,9 +26,7 @@ tags: mariadb - name: Configure DNS import_tasks: dns.yml - tags: - - always - - dns + tags: dns - name: Configure PostfixAdmin import_tasks: postfixadmin.yml tags: postfixadmin @@ -49,8 +47,7 @@ tags: ftp - name: Configure Apache import_tasks: httpd.yml - tags: - - httpd + tags: httpd - name: Set up SPAMAssassin import_tasks: spamassassin.yml tags: spamassassin @@ -68,10 +65,9 @@ tags: dovecot - name: Sync old IMAP account include_tasks: offlineimap.yml - loop: users + loop: "{{ users }}" loop_control: loop_var: current_user - tags: imapsync - name: Set up DKIM import_tasks: dkim.yml tags: diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index e6760fc..d4652e6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,5 +1,6 @@ --- - name: Sync from old IMAP account + tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint diff --git a/tasks/packages.yml b/tasks/packages.yml index 0ee6ba0..882deb4 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,5 +1,5 @@ --- -- name: Set up UEK repository (for wireguard support) +- name: Set up UEK repository tags: wireguard blockinfile: path: /etc/yum.repos.d/uek-ol8.repo From 64f4d41031611649ae249207a3ff18c2f8348f68 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:41:54 +0200 Subject: [PATCH 021/181] fix task dependencies --- tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index b74ef6f..389a8fc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -70,9 +70,7 @@ loop_var: current_user - name: Set up DKIM import_tasks: dkim.yml - tags: - - always - - dkim + tags: dkim - name: Set up DMARC import_tasks: dmarc.yml tags: dmarc From ee72d34156c9a1d815481f2e52086f42e295d71b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:45:22 +0200 Subject: [PATCH 022/181] fix task dependencies --- tasks/main.yml | 1 + tasks/offlineimap.yml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 389a8fc..984f988 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -68,6 +68,7 @@ loop: "{{ users }}" loop_control: loop_var: current_user + tags: imapsync - name: Set up DKIM import_tasks: dkim.yml tags: dkim diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index d4652e6..e6760fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,6 +1,5 @@ --- - name: Sync from old IMAP account - tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint From f50de5e06d26d6e45ee26fc64abb7b473ea78eda Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:48:42 +0200 Subject: [PATCH 023/181] fix task dependencies --- tasks/webdav.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/webdav.yml b/tasks/webdav.yml index a8df494..39f3f45 100644 --- a/tasks/webdav.yml +++ b/tasks/webdav.yml @@ -1,5 +1,6 @@ --- - name: Create WebDAV directory + tags: wireguard file: path: /var/www/html/webdav state: directory @@ -7,6 +8,7 @@ group: apache mode: u=rwX,og=rX - name: Ensure WebDav certificate directory exists + tags: ssl file: path: /var/www/html/webdav/.certificates owner: apache @@ -15,6 +17,7 @@ become: true become_user: apache - name: BindFS mount SSL certificates to WebDav + tags: ssl mount: path: /var/www/html/webdav/.certificates src: /etc/letsencrypt/certificates @@ -22,6 +25,7 @@ state: mounted fstype: fuse.bindfs - name: Set up SELinux rules for WebDAV + tags: wireguard when: "{{ getenforce.stdout != 'Disabled' }}" block: - name: Set SELinux context on WebDAV directory From 1b32807f6804bfdb53c08b7975260412202553af Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:56:58 +0200 Subject: [PATCH 024/181] fix template variable reference --- tasks/main.yml | 2 ++ tasks/offlineimap.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 12 ++++++------ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 984f988..3e6984b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -68,6 +68,8 @@ loop: "{{ users }}" loop_control: loop_var: current_user + vars: + current_user: "{{ current_user }}" tags: imapsync - name: Set up DKIM import_tasks: dkim.yml diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index e6760fc..d4652e6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,5 +1,6 @@ --- - name: Sync from old IMAP account + tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 43d6dc3..f02cbe9 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -8,19 +8,19 @@ remoterepository = oldimap [Repository newimap] type = IMAP remotehost = {{ mailserver_domain }} -remoteuser = {{ item.name }}@{{ mailserver_domain }} -remotepass = {{ item.password }} +remoteuser = {{ current_user.name }}@{{ mailserver_domain }} +remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP -remotehost = {{ item.old_imap_mail.host }} -remoteuser = {{ item.old_imap_mail.user }} -remotepass = {{ item.old_imap_mail.password }} +remotehost = {{ current_user.old_imap_mail.host }} +remoteuser = {{ current_user.old_imap_mail.user }} +remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +{% if (not current_user.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} {% else %} From b8c8848323afec251aa74472010eaba8aae1f4e1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:58:15 +0200 Subject: [PATCH 025/181] clean up debug symbols --- tasks/create_mariadb_schema.yml | 2 +- tasks/offlineimap.yml | 14 ++------------ tasks/poweradmin.yml | 4 ++-- 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index c4e335a..f5a129c 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -20,6 +20,6 @@ login_user: root login_password: "{{ mysql_root_password }}" target: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" - # no_log: yes + no_log: yes when: "mariadb_database_exists.changed or (mariadb_state is defined and mariadb_state == 'import')" register: mariadb_schema_created diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index d4652e6..6cacaed 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -16,30 +16,20 @@ dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes - # no_log: yes + no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" register: old_imap_fingerprint - - debug: - msg: "{{ debug_item }}" - loop: - - "{{ old_imap_fingerprint }}" - - "{{ old_imap_fingerprint.stdout }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') | last }}" - loop_control: - loop_var: debug_item - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes - # no_log: yes + no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap - name: Sync old IMAP account diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index c518eab..f339da3 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -62,7 +62,7 @@ - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" - # no_log: yes + no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords rescue: @@ -82,7 +82,7 @@ - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" - # no_log: yes + no_log: yes when: 'public_dns == "yes"' notify: Warn on passwords - name: Check if DynDNS .htaccess exists From b2a137c1c785c40fa8060afffaf508a676e1d2c5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 23:38:11 +0200 Subject: [PATCH 026/181] fix template logic --- tasks/offlineimap.yml | 2 ++ templates/offlineimap/offlineimaprc.j2 | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 6cacaed..27ce162 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -29,6 +29,8 @@ dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes + vars: + old_imap_fingerprint: "{{ old_imap_fingerprint }}" no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index f02cbe9..41b2667 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -20,10 +20,14 @@ remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not current_user.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +{% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} +# old IMAP certifcates are not verified +{% if old_imap_fingerprint is defined %} +# so the SSL fingerprint of the OLD IMAP server is accepted below +{% if (old_imap_fingerprint.stdout | regex_search('Fingerprint\=')) | length > 0 %} cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} - +{% endif %} +{% endif %} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt - {% endif %} From 87890bd6181ac638d787cc41f79c3afbb6585841 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:49:46 +0200 Subject: [PATCH 027/181] imapsync instead of offlineimap --- tasks/imapsync.yml | 24 +++++++++++ tasks/main.yml | 3 +- tasks/offlineimap.yml | 55 -------------------------- tasks/packages.yml | 2 + templates/offlineimap/offlineimaprc.j2 | 5 ++- 5 files changed, 32 insertions(+), 57 deletions(-) create mode 100644 tasks/imapsync.yml delete mode 100644 tasks/offlineimap.yml diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml new file mode 100644 index 0000000..bd63c20 --- /dev/null +++ b/tasks/imapsync.yml @@ -0,0 +1,24 @@ +--- +- name: Sync old IMAP for the first time (this might tale a while...) + command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }}} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + no_log: yes +- name: Sync old IMAP account + become: yes + become_user: "{{ current_user.name }}" + cron: + name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" + special_time: daily + job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + backup: yes + user: "{{ current_user.name }}" + no_log: yes +- name: De-duplicate IMAP mail + become: yes + become_user: "{{ current_user.name }}" + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" + backup: yes + user: "{{ current_user.name }}" + no_log: yes diff --git a/tasks/main.yml b/tasks/main.yml index 3e6984b..dda54e7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -64,7 +64,8 @@ import_tasks: dovecot.yml tags: dovecot - name: Sync old IMAP account - include_tasks: offlineimap.yml + include_tasks: imapsync.yml + when: "{{ current_user.old_imap_mail is defined }}" loop: "{{ users }}" loop_control: loop_var: current_user diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml deleted file mode 100644 index 27ce162..0000000 --- a/tasks/offlineimap.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Sync from old IMAP account - tags: imapsync - when: "{{ current_user.old_imap_mail is defined }}" - block: - - name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' - - name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ current_user.name }}" - block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ current_user.name }}/.offlineimaprc" - owner: "{{ current_user.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ current_user.name }}/.offlineimaprc" - owner: "{{ current_user.name }}" - backup: yes - vars: - old_imap_fingerprint: "{{ old_imap_fingerprint }}" - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - - name: Sync old IMAP account - become: yes - become_user: "{{ current_user.name }}" - cron: - name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ current_user.name }}" - - name: De-duplicate IMAP mail - become: yes - become_user: "{{ current_user.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" - backup: yes - user: "{{ current_user.name }}" - no_log: yes diff --git a/tasks/packages.yml b/tasks/packages.yml index 882deb4..4580632 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -355,6 +355,8 @@ - qrencode - python3-pip - golang-github-acme-lego + - perl-Proc-ProcessTable + - imapsync state: latest - name: Install Remi packages tags: horde diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 41b2667..10fd7e8 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -11,6 +11,8 @@ remotehost = {{ mailserver_domain }} remoteuser = {{ current_user.name }}@{{ mailserver_domain }} remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt +nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder +folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) [Repository oldimap] type = IMAP @@ -19,7 +21,8 @@ remoteuser = {{ current_user.old_imap_mail.user }} remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. -nametrans = lambda x: 'INBOX.' + x +# top-level folders ['Drafts', 'Junk', 'Sent', 'Spam', 'Trash'] are excluded +nametrans = lambda folder: 'INBOX.' + folder if folder not in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else folder {% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} # old IMAP certifcates are not verified {% if old_imap_fingerprint is defined %} From 75cfa943ffd0a8c36769bcc4566b779d10dffcd3 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:51:08 +0200 Subject: [PATCH 028/181] cleanup --- tasks/packages.yml | 7 ----- templates/offlineimap/offlineimaprc.j2 | 36 -------------------------- 2 files changed, 43 deletions(-) delete mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/tasks/packages.yml b/tasks/packages.yml index 4580632..a270634 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -477,13 +477,6 @@ # dest: /usr/local/bin/ # remote_src: yes # backup: yes -- name: Install Python packages - tags: imapsync - pip: - name: - - imaplib2 - - "git+https://github.com/OfflineIMAP/offlineimap3" - state: latest - name: Download as-is executables tags: imapsync get_url: diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 deleted file mode 100644 index 10fd7e8..0000000 --- a/templates/offlineimap/offlineimaprc.j2 +++ /dev/null @@ -1,36 +0,0 @@ -[general] -accounts = oldimap - -[Account oldimap] -localrepository = newimap -remoterepository = oldimap - -[Repository newimap] -type = IMAP -remotehost = {{ mailserver_domain }} -remoteuser = {{ current_user.name }}@{{ mailserver_domain }} -remotepass = {{ current_user.password }} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder -folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) - -[Repository oldimap] -type = IMAP -remotehost = {{ current_user.old_imap_mail.host }} -remoteuser = {{ current_user.old_imap_mail.user }} -remotepass = {{ current_user.old_imap_mail.password }} -# The below will put all folders as sub-folders of the 'local' INBOX, -# assuming that your path separator on 'local' is a dot. -# top-level folders ['Drafts', 'Junk', 'Sent', 'Spam', 'Trash'] are excluded -nametrans = lambda folder: 'INBOX.' + folder if folder not in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else folder -{% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} -# old IMAP certifcates are not verified -{% if old_imap_fingerprint is defined %} -# so the SSL fingerprint of the OLD IMAP server is accepted below -{% if (old_imap_fingerprint.stdout | regex_search('Fingerprint\=')) | length > 0 %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} -{% endif %} -{% endif %} -{% else %} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -{% endif %} From e6d78d7304aafa99f8ba353a4d47b61e148b852b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:54:25 +0200 Subject: [PATCH 029/181] the loop needs to be inside the called task file for some reason --- tasks/imapsync.yml | 49 ++++++++++++++++++++++++---------------------- tasks/main.yml | 1 - 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index bd63c20..563dcac 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -1,24 +1,27 @@ --- -- name: Sync old IMAP for the first time (this might tale a while...) - command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }}} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" - no_log: yes -- name: Sync old IMAP account - become: yes - become_user: "{{ current_user.name }}" - cron: - name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" - special_time: daily - job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" - backup: yes - user: "{{ current_user.name }}" - no_log: yes -- name: De-duplicate IMAP mail - become: yes - become_user: "{{ current_user.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" - backup: yes - user: "{{ current_user.name }}" - no_log: yes +- name: Sync old IMAP account to the current mailbox + when: "{{ current_user.old_imap_mail is defined }}" + block: + - name: Sync old IMAP for the first time (this might tale a while...) + command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }}} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + no_log: yes + - name: Sync old IMAP account + become: yes + become_user: "{{ current_user.name }}" + cron: + name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" + special_time: daily + job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + backup: yes + user: "{{ current_user.name }}" + no_log: yes + - name: De-duplicate IMAP mail + become: yes + become_user: "{{ current_user.name }}" + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" + backup: yes + user: "{{ current_user.name }}" + no_log: yes diff --git a/tasks/main.yml b/tasks/main.yml index dda54e7..922231d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -65,7 +65,6 @@ tags: dovecot - name: Sync old IMAP account include_tasks: imapsync.yml - when: "{{ current_user.old_imap_mail is defined }}" loop: "{{ users }}" loop_control: loop_var: current_user From 8b6f224a7caec5c3d3fccb6062c1cd76c0179f33 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:59:38 +0200 Subject: [PATCH 030/181] add tag inside the task file, too --- tasks/imapsync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 563dcac..e478aa6 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -1,6 +1,7 @@ --- - name: Sync old IMAP account to the current mailbox when: "{{ current_user.old_imap_mail is defined }}" + tags: imapsync block: - name: Sync old IMAP for the first time (this might tale a while...) command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }}} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" From 023bdc3d79ab1c4fdf348c10127bbcdd25067222 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 01:03:33 +0200 Subject: [PATCH 031/181] fix typo --- tasks/imapsync.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index e478aa6..59b5907 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -4,7 +4,7 @@ tags: imapsync block: - name: Sync old IMAP for the first time (this might tale a while...) - command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }}} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" no_log: yes - name: Sync old IMAP account become: yes @@ -12,7 +12,7 @@ cron: name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" special_time: daily - job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 {{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" backup: yes user: "{{ current_user.name }}" no_log: yes @@ -22,7 +22,7 @@ cron: name: De-duplicate IMAP mail special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" + job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" backup: yes user: "{{ current_user.name }}" no_log: yes From b179c14e4199cad50cde12fbd785768e49c9ec8b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 01:13:45 +0200 Subject: [PATCH 032/181] move passwords to environment variables --- tasks/imapsync.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 59b5907..3f01d49 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -4,8 +4,22 @@ tags: imapsync block: - name: Sync old IMAP for the first time (this might tale a while...) - command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + environment: + IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" + IMAPSYNC_PASSWORD2: "{{ current_user.password }}" no_log: yes + - name: Set up password environment variables + cron: + backup: yes + env: yes + name: "{{ IMAPSYNC_PASSWORD ~ (((imapsync_password_index | int) + 1) | string) }}" + job: "{{ item }}" + loop: + - "{{ current_user.old_imap_mail.password }}" + - "{{ current_user.password }}" + loop_control: + index_var: imapsync_password_index - name: Sync old IMAP account become: yes become_user: "{{ current_user.name }}" From 8cf61c3984f24afde88340416abd2cb793fe4efb Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 01:15:18 +0200 Subject: [PATCH 033/181] move passwords to environment variables --- tasks/imapsync.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 3f01d49..516ea07 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -9,7 +9,9 @@ IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" IMAPSYNC_PASSWORD2: "{{ current_user.password }}" no_log: yes - - name: Set up password environment variables + - name: Set up password environment variables for cron jobs + become: yes + become_user: "{{ current_user.name }}" cron: backup: yes env: yes @@ -36,7 +38,7 @@ cron: name: De-duplicate IMAP mail special_time: daily - job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" + job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w $IMAPSYNC_PASSWORD2 INBOX" backup: yes user: "{{ current_user.name }}" no_log: yes From f62d0b576698e465a43c08ea0b7176e0b44d51af Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 01:21:42 +0200 Subject: [PATCH 034/181] hide passwords --- tasks/imapsync.yml | 4 +--- tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 516ea07..ae5882e 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -1,5 +1,6 @@ --- - name: Sync old IMAP account to the current mailbox + no_log: yes when: "{{ current_user.old_imap_mail is defined }}" tags: imapsync block: @@ -8,7 +9,6 @@ environment: IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" IMAPSYNC_PASSWORD2: "{{ current_user.password }}" - no_log: yes - name: Set up password environment variables for cron jobs become: yes become_user: "{{ current_user.name }}" @@ -31,7 +31,6 @@ job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" backup: yes user: "{{ current_user.name }}" - no_log: yes - name: De-duplicate IMAP mail become: yes become_user: "{{ current_user.name }}" @@ -41,4 +40,3 @@ job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w $IMAPSYNC_PASSWORD2 INBOX" backup: yes user: "{{ current_user.name }}" - no_log: yes diff --git a/tasks/main.yml b/tasks/main.yml index 922231d..1b18fb4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -70,6 +70,7 @@ loop_var: current_user vars: current_user: "{{ current_user }}" + no_log: yes tags: imapsync - name: Set up DKIM import_tasks: dkim.yml From db1c12f9432616c3da36ae0b753a51815c7161c9 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 08:34:47 +0200 Subject: [PATCH 035/181] hide passwords --- tasks/imapsync.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index ae5882e..7bb2625 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -15,7 +15,7 @@ cron: backup: yes env: yes - name: "{{ IMAPSYNC_PASSWORD ~ (((imapsync_password_index | int) + 1) | string) }}" + name: "IMAPSYNC_PASSWORD{{ imapsync_password_index + 1 }}" job: "{{ item }}" loop: - "{{ current_user.old_imap_mail.password }}" @@ -28,7 +28,7 @@ cron: name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" special_time: daily - job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --password1 {{ current_user.old_imap_mail.password }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --password2 {{ current_user.password }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" backup: yes user: "{{ current_user.name }}" - name: De-duplicate IMAP mail From 1cba0d482815a0f92138ba3e6849f33de92fb584 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 12:07:21 +0200 Subject: [PATCH 036/181] fix VPN config permissions --- tasks/httpd.yml | 2 +- tasks/wireguard.yml | 30 +++++++++++++++++++++--------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 860a751..249a3c0 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -113,7 +113,7 @@ mount: path: "~{{ item.name }}/public_html/.certificates" src: /etc/letsencrypt/certificates - opts: "map=root/{{ item.name }}:@root/@apache,perms=u=rwX:g=rwX," + opts: "map=root/{{ item.name }}:@root/@apache,perms=u=rwX:g=rwX" state: mounted fstype: fuse.bindfs loop: "{{ users }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 564e1b4..4d5f672 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -150,23 +150,35 @@ become_user: "{{ wg_configs[item]['owner'] }}" loop: "{{ wg_configs.keys() }}" when: item != "server" -- name: Allow access to VPN configs +- name: Create user VPN config dirs file: - src: "{{ wireguard.config_dir }}/clients/{{ item }}" - dest: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}" + path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}" + state: directory owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" - state: link - become: true - become_user: "{{ wg_configs[item]['owner'] }}" + loop: "{{ wg_configs.keys() }}" + when: item != "server" +- name: Allow access to VPN configs + mount: + src: "{{ wireguard.config_dir }}/clients/{{ item }}" + path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}" + opts: "force-user={{ wg_configs[item]['owner'] }},force-group={{ wg_configs[item]['owner'] }},perms=u=rwX:g=rwX" + state: mounted + fstype: fuse.bindfs + no_log: true loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Generate QR codes - shell: "cat {{ wireguard.config_dir }}/clients/{{ item }}/wg0.conf | qrencode -o {{ wireguard.config_dir }}/clients/{{ item }}/wg0.png" + shell: "cat {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.conf | qrencode -o {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" + loop: "{{ wg_configs.keys() }}" + when: item != "server" +- name: Allow access to QR codes + file: + path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" + owner: "{{ wg_configs[item]['owner'] }}" + group: "{{ wg_configs[item]['owner'] }}" loop: "{{ wg_configs.keys() }}" when: item != "server" - become: yes - become_user: "{{ wg_configs[item]['owner'] }}" - name: Add DynDNS NS records include_tasks: add_dns_record.yml vars: From 4550d7141bab90f01d8baac994032d599026450c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:38:28 +0200 Subject: [PATCH 037/181] update empty horde schema to 5.2.23-1 --- files/mariadb/horde_schema.sql | 363 ++++++++++++++++++++++----------- 1 file changed, 247 insertions(+), 116 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index ad1dda9..f8dbc05 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1,8 +1,8 @@ --- MySQL dump 10.19 Distrib 10.3.28-MariaDB, for Linux (x86_64) +-- MySQL dump 10.19 Distrib 10.3.39-MariaDB, for Linux (x86_64) -- -- Host: localhost Database: horde -- ------------------------------------------------------ --- Server version 10.3.28-MariaDB +-- Server version 10.3.39-MariaDB /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; @@ -24,7 +24,7 @@ DROP TABLE IF EXISTS `content_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `content_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -36,7 +36,7 @@ DROP TABLE IF EXISTS `gollem_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `gollem_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -62,7 +62,7 @@ CREATE TABLE `gollem_shares` ( KEY `index_gollem_shares_on_perm_creator` (`perm_creator`), KEY `index_gollem_shares_on_perm_default` (`perm_default`), KEY `index_gollem_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -81,7 +81,7 @@ CREATE TABLE `gollem_shares_groups` ( KEY `index_gollem_shares_groups_on_share_id` (`share_id`), KEY `index_gollem_shares_groups_on_group_uid` (`group_uid`), KEY `index_gollem_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -100,7 +100,7 @@ CREATE TABLE `gollem_shares_users` ( KEY `index_gollem_shares_users_on_share_id` (`share_id`), KEY `index_gollem_shares_users_on_user_uid` (`user_uid`), KEY `index_gollem_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -144,7 +144,7 @@ CREATE TABLE `gollem_sharesng` ( KEY `index_gollem_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_gollem_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_gollem_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -167,7 +167,7 @@ CREATE TABLE `gollem_sharesng_groups` ( KEY `index_gollem_sharesng_groups_on_perm_4` (`perm_4`), KEY `index_gollem_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_gollem_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -190,7 +190,138 @@ CREATE TABLE `gollem_sharesng_users` ( KEY `index_gollem_sharesng_users_on_perm_4` (`perm_4`), KEY `index_gollem_sharesng_users_on_perm_8` (`perm_8`), KEY `index_gollem_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_cache` +-- + +DROP TABLE IF EXISTS `horde_activesync_cache`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_cache` ( + `cache_devid` varchar(255) DEFAULT NULL, + `cache_user` varchar(255) DEFAULT NULL, + `cache_data` mediumtext DEFAULT NULL, + KEY `index_horde_activesync_cache_on_cache_devid` (`cache_devid`), + KEY `index_horde_activesync_cache_on_cache_user` (`cache_user`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_device` +-- + +DROP TABLE IF EXISTS `horde_activesync_device`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_device` ( + `device_id` varchar(255) NOT NULL, + `device_type` varchar(255) NOT NULL, + `device_agent` varchar(255) NOT NULL, + `device_supported` text DEFAULT NULL, + `device_rwstatus` int(11) DEFAULT NULL, + `device_properties` text DEFAULT NULL, + PRIMARY KEY (`device_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_device_users` +-- + +DROP TABLE IF EXISTS `horde_activesync_device_users`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_device_users` ( + `device_id` varchar(255) NOT NULL, + `device_user` varchar(255) NOT NULL, + `device_policykey` bigint(20) DEFAULT 0, + KEY `index_horde_activesync_device_users_on_device_user` (`device_user`), + KEY `index_horde_activesync_device_users_on_device_id` (`device_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_mailmap` +-- + +DROP TABLE IF EXISTS `horde_activesync_mailmap`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_mailmap` ( + `message_uid` int(11) NOT NULL DEFAULT 0, + `sync_key` varchar(255) NOT NULL, + `sync_devid` varchar(255) NOT NULL, + `sync_folderid` varchar(255) NOT NULL, + `sync_user` varchar(255) DEFAULT NULL, + `sync_read` tinyint(1) DEFAULT NULL, + `sync_deleted` tinyint(1) DEFAULT NULL, + `sync_flagged` tinyint(1) DEFAULT NULL, + `sync_changed` tinyint(1) DEFAULT NULL, + `sync_category` varchar(255) DEFAULT NULL, + `sync_draft` tinyint(1) DEFAULT NULL, + KEY `index_horde_activesync_mailmap_on_message_uid` (`message_uid`), + KEY `index_horde_activesync_mailmap_on_sync_devid` (`sync_devid`), + KEY `index_horde_activesync_mailmap_on_sync_folderid` (`sync_folderid`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_map` +-- + +DROP TABLE IF EXISTS `horde_activesync_map`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_map` ( + `message_uid` varchar(255) NOT NULL, + `sync_modtime` int(11) DEFAULT NULL, + `sync_key` varchar(255) NOT NULL, + `sync_devid` varchar(255) NOT NULL, + `sync_folderid` varchar(255) NOT NULL, + `sync_user` varchar(255) DEFAULT NULL, + `sync_clientid` varchar(255) DEFAULT NULL, + `sync_deleted` tinyint(1) DEFAULT NULL, + KEY `index_horde_activesync_map_on_sync_devid` (`sync_devid`), + KEY `index_horde_activesync_map_on_message_uid` (`message_uid`), + KEY `index_horde_activesync_map_on_sync_user` (`sync_user`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_schema_info` +-- + +DROP TABLE IF EXISTS `horde_activesync_schema_info`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_schema_info` ( + `version` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `horde_activesync_state` +-- + +DROP TABLE IF EXISTS `horde_activesync_state`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `horde_activesync_state` ( + `sync_mod` int(11) DEFAULT NULL, + `sync_key` varchar(255) NOT NULL, + `sync_data` longblob DEFAULT NULL, + `sync_devid` varchar(255) DEFAULT NULL, + `sync_folderid` varchar(255) DEFAULT NULL, + `sync_user` varchar(255) DEFAULT NULL, + `sync_pending` mediumtext DEFAULT NULL, + `sync_timestamp` int(11) DEFAULT NULL, + PRIMARY KEY (`sync_key`), + KEY `index_horde_activesync_state_on_sync_folderid` (`sync_folderid`), + KEY `index_horde_activesync_state_on_sync_devid` (`sync_devid`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -202,7 +333,7 @@ DROP TABLE IF EXISTS `horde_alarm_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_alarm_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -233,7 +364,7 @@ CREATE TABLE `horde_alarms` ( KEY `index_horde_alarms_on_alarm_end` (`alarm_end`), KEY `index_horde_alarms_on_alarm_snooze` (`alarm_snooze`), KEY `index_horde_alarms_on_alarm_dismissed` (`alarm_dismissed`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -245,7 +376,7 @@ DROP TABLE IF EXISTS `horde_auth_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_auth_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -261,7 +392,7 @@ CREATE TABLE `horde_cache` ( `cache_expiration` bigint(20) NOT NULL, `cache_data` longblob DEFAULT NULL, PRIMARY KEY (`cache_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -273,7 +404,7 @@ DROP TABLE IF EXISTS `horde_cache_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_cache_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -285,7 +416,7 @@ DROP TABLE IF EXISTS `horde_core_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_core_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -302,7 +433,7 @@ CREATE TABLE `horde_dav_collections` ( UNIQUE KEY `index_horde_dav_collections_on_id_external` (`id_external`), KEY `index_horde_dav_collections_on_id_interface` (`id_interface`), KEY `index_horde_dav_collections_on_id_internal` (`id_internal`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -320,7 +451,7 @@ CREATE TABLE `horde_dav_objects` ( UNIQUE KEY `index_horde_dav_objects_on_id_external_and_id_collection` (`id_external`,`id_collection`), KEY `index_horde_dav_objects_on_id_collection` (`id_collection`), KEY `index_horde_dav_objects_on_id_external` (`id_external`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -332,7 +463,7 @@ DROP TABLE IF EXISTS `horde_dav_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_dav_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -344,7 +475,7 @@ DROP TABLE IF EXISTS `horde_group_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_group_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -361,7 +492,7 @@ CREATE TABLE `horde_groups` ( `group_email` varchar(255) DEFAULT NULL, PRIMARY KEY (`group_uid`), UNIQUE KEY `index_horde_groups_on_group_name` (`group_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -376,7 +507,7 @@ CREATE TABLE `horde_groups_members` ( `user_uid` varchar(255) NOT NULL, KEY `index_horde_groups_members_on_group_uid` (`group_uid`), KEY `index_horde_groups_members_on_user_uid` (`user_uid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -400,7 +531,7 @@ CREATE TABLE `horde_histories` ( KEY `index_horde_histories_on_history_ts` (`history_ts`), KEY `index_horde_histories_on_history_modseq` (`history_modseq`), KEY `index_horde_histories_on_object_uid` (`object_uid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -414,7 +545,7 @@ CREATE TABLE `horde_histories_modseq` ( `history_modseq` int(10) unsigned NOT NULL AUTO_INCREMENT, `history_modseqempty` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`history_modseq`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -426,7 +557,7 @@ DROP TABLE IF EXISTS `horde_history_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_history_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -445,7 +576,7 @@ CREATE TABLE `horde_imap_client_data` ( `username` varchar(255) NOT NULL, PRIMARY KEY (`messageid`), KEY `index_horde_imap_client_data_on_hostspec_and_mailbox_and_port_an` (`hostspec`,`mailbox`,`port`,`username`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -460,7 +591,7 @@ CREATE TABLE `horde_imap_client_message` ( `msguid` varchar(255) NOT NULL, `messageid` bigint(20) NOT NULL, KEY `index_horde_imap_client_message_on_msguid_and_messageid` (`msguid`,`messageid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -475,7 +606,7 @@ CREATE TABLE `horde_imap_client_metadata` ( `field` varchar(255) NOT NULL, `messageid` bigint(20) NOT NULL, KEY `index_horde_imap_client_metadata_on_messageid` (`messageid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -487,7 +618,7 @@ DROP TABLE IF EXISTS `horde_imap_client_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_imap_client_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -499,7 +630,7 @@ DROP TABLE IF EXISTS `horde_lock_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_lock_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -519,7 +650,7 @@ CREATE TABLE `horde_locks` ( `lock_expiry_timestamp` bigint(20) NOT NULL, `lock_type` smallint(5) unsigned NOT NULL, PRIMARY KEY (`lock_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -540,7 +671,7 @@ CREATE TABLE `horde_metar_airports` ( `longitude` float DEFAULT 0, `elevation` float DEFAULT 0, PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -562,7 +693,7 @@ CREATE TABLE `horde_muvfs` ( PRIMARY KEY (`vfs_id`), KEY `index_horde_muvfs_on_vfs_path` (`vfs_path`), KEY `index_horde_muvfs_on_vfs_name` (`vfs_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -579,7 +710,7 @@ CREATE TABLE `horde_perms` ( `perm_data` text DEFAULT NULL, PRIMARY KEY (`perm_id`), UNIQUE KEY `index_horde_perms_on_perm_name` (`perm_name`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -591,7 +722,7 @@ DROP TABLE IF EXISTS `horde_perms_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_perms_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -609,7 +740,7 @@ CREATE TABLE `horde_prefs` ( PRIMARY KEY (`pref_uid`,`pref_scope`,`pref_name`), KEY `index_horde_prefs_on_pref_uid` (`pref_uid`), KEY `index_horde_prefs_on_pref_scope` (`pref_scope`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -621,7 +752,7 @@ DROP TABLE IF EXISTS `horde_prefs_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_prefs_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -633,7 +764,7 @@ DROP TABLE IF EXISTS `horde_queue_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_queue_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -648,7 +779,7 @@ CREATE TABLE `horde_queue_tasks` ( `task_queue` varchar(255) NOT NULL, `task_fields` text NOT NULL, PRIMARY KEY (`task_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -660,7 +791,7 @@ DROP TABLE IF EXISTS `horde_service_weather_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_service_weather_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -676,7 +807,7 @@ CREATE TABLE `horde_sessionhandler` ( `session_data` longblob DEFAULT NULL, PRIMARY KEY (`session_id`), KEY `index_horde_sessionhandler_on_session_lastmodified` (`session_lastmodified`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -688,7 +819,7 @@ DROP TABLE IF EXISTS `horde_sessionhandler_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_sessionhandler_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -704,7 +835,7 @@ CREATE TABLE `horde_signups` ( `signup_host` varchar(255) NOT NULL, `signup_data` text NOT NULL, PRIMARY KEY (`user_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -723,7 +854,7 @@ CREATE TABLE `horde_syncml_anchors` ( KEY `index_horde_syncml_anchors_on_syncml_syncpartner` (`syncml_syncpartner`), KEY `index_horde_syncml_anchors_on_syncml_db` (`syncml_db`), KEY `index_horde_syncml_anchors_on_syncml_uid` (`syncml_uid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -745,7 +876,7 @@ CREATE TABLE `horde_syncml_map` ( KEY `index_horde_syncml_map_on_syncml_uid` (`syncml_uid`), KEY `index_horde_syncml_map_on_syncml_cuid` (`syncml_cuid`), KEY `index_horde_syncml_map_on_syncml_suid` (`syncml_suid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -757,7 +888,7 @@ DROP TABLE IF EXISTS `horde_syncml_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_syncml_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -769,7 +900,7 @@ DROP TABLE IF EXISTS `horde_token_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_token_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -784,7 +915,7 @@ CREATE TABLE `horde_tokens` ( `token_id` varchar(32) NOT NULL, `token_timestamp` bigint(20) NOT NULL, PRIMARY KEY (`token_address`,`token_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -800,7 +931,7 @@ CREATE TABLE `horde_users` ( `user_soft_expiration_date` int(11) DEFAULT NULL, `user_hard_expiration_date` int(11) DEFAULT NULL, PRIMARY KEY (`user_uid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -821,7 +952,7 @@ CREATE TABLE `horde_vfs` ( PRIMARY KEY (`vfs_id`), KEY `index_horde_vfs_on_vfs_path` (`vfs_path`), KEY `index_horde_vfs_on_vfs_name` (`vfs_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -833,7 +964,7 @@ DROP TABLE IF EXISTS `horde_vfs_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `horde_vfs_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -845,7 +976,7 @@ DROP TABLE IF EXISTS `imp_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `imp_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -867,7 +998,7 @@ CREATE TABLE `imp_sentmail` ( KEY `index_imp_sentmail_on_sentmail_ts` (`sentmail_ts`), KEY `index_imp_sentmail_on_sentmail_who` (`sentmail_who`), KEY `index_imp_sentmail_on_sentmail_success` (`sentmail_success`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -881,7 +1012,7 @@ CREATE TABLE `ingo_forwards` ( `forward_owner` varchar(255) NOT NULL, `forward_addresses` text DEFAULT NULL, `forward_keep` int(11) NOT NULL DEFAULT 0 -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -896,7 +1027,7 @@ CREATE TABLE `ingo_lists` ( `list_blacklist` int(11) DEFAULT 0, `list_address` varchar(255) NOT NULL, KEY `index_ingo_lists_on_list_owner_and_list_blacklist` (`list_owner`,`list_blacklist`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -920,7 +1051,7 @@ CREATE TABLE `ingo_rules` ( `rule_order` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`rule_id`), KEY `index_ingo_rules_on_rule_owner` (`rule_owner`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -932,7 +1063,7 @@ DROP TABLE IF EXISTS `ingo_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `ingo_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -959,7 +1090,7 @@ CREATE TABLE `ingo_shares` ( KEY `index_ingo_shares_on_perm_creator` (`perm_creator`), KEY `index_ingo_shares_on_perm_default` (`perm_default`), KEY `index_ingo_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -978,7 +1109,7 @@ CREATE TABLE `ingo_shares_groups` ( KEY `index_ingo_shares_groups_on_share_id` (`share_id`), KEY `index_ingo_shares_groups_on_group_uid` (`group_uid`), KEY `index_ingo_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -997,7 +1128,7 @@ CREATE TABLE `ingo_shares_users` ( KEY `index_ingo_shares_users_on_share_id` (`share_id`), KEY `index_ingo_shares_users_on_user_uid` (`user_uid`), KEY `index_ingo_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1042,7 +1173,7 @@ CREATE TABLE `ingo_sharesng` ( KEY `index_ingo_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_ingo_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_ingo_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1065,7 +1196,7 @@ CREATE TABLE `ingo_sharesng_groups` ( KEY `index_ingo_sharesng_groups_on_perm_4` (`perm_4`), KEY `index_ingo_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_ingo_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1088,7 +1219,7 @@ CREATE TABLE `ingo_sharesng_users` ( KEY `index_ingo_sharesng_users_on_perm_4` (`perm_4`), KEY `index_ingo_sharesng_users_on_perm_8` (`perm_8`), KEY `index_ingo_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1103,7 +1234,7 @@ CREATE TABLE `ingo_spam` ( `spam_level` int(11) DEFAULT 5, `spam_folder` varchar(255) DEFAULT NULL, PRIMARY KEY (`spam_owner`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1124,7 +1255,7 @@ CREATE TABLE `ingo_vacations` ( `vacation_excludes` text DEFAULT NULL, `vacation_ignorelists` int(11) DEFAULT 1, PRIMARY KEY (`vacation_owner`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1167,7 +1298,7 @@ CREATE TABLE `kronolith_events` ( KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), KEY `index_kronolith_events_on_event_uid` (`event_uid`), KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1183,7 +1314,7 @@ CREATE TABLE `kronolith_events_geo` ( `event_lon` varchar(32) NOT NULL, `event_zoom` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`event_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1198,7 +1329,7 @@ CREATE TABLE `kronolith_events_mysqlgeo` ( `event_coordinates` point NOT NULL, `event_zoom` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`event_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1220,7 +1351,7 @@ CREATE TABLE `kronolith_resources` ( PRIMARY KEY (`resource_id`), KEY `index_kronolith_resources_on_resource_calendar` (`resource_calendar`), KEY `index_kronolith_resources_on_resource_type` (`resource_type`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1232,7 +1363,7 @@ DROP TABLE IF EXISTS `kronolith_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `kronolith_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1260,7 +1391,7 @@ CREATE TABLE `kronolith_shares` ( KEY `index_kronolith_shares_on_perm_creator` (`perm_creator`), KEY `index_kronolith_shares_on_perm_default` (`perm_default`), KEY `index_kronolith_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1279,7 +1410,7 @@ CREATE TABLE `kronolith_shares_groups` ( KEY `index_kronolith_shares_groups_on_share_id` (`share_id`), KEY `index_kronolith_shares_groups_on_group_uid` (`group_uid`), KEY `index_kronolith_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1298,7 +1429,7 @@ CREATE TABLE `kronolith_shares_users` ( KEY `index_kronolith_shares_users_on_share_id` (`share_id`), KEY `index_kronolith_shares_users_on_user_uid` (`user_uid`), KEY `index_kronolith_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1350,7 +1481,7 @@ CREATE TABLE `kronolith_sharesng` ( KEY `index_kronolith_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_kronolith_sharesng_on_perm_guest_16` (`perm_guest_16`), KEY `index_kronolith_sharesng_on_perm_guest_1024` (`perm_guest_1024`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1375,7 +1506,7 @@ CREATE TABLE `kronolith_sharesng_groups` ( KEY `index_kronolith_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_kronolith_sharesng_groups_on_perm_16` (`perm_16`), KEY `index_kronolith_sharesng_groups_on_perm_1024` (`perm_1024`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1400,7 +1531,7 @@ CREATE TABLE `kronolith_sharesng_users` ( KEY `index_kronolith_sharesng_users_on_perm_8` (`perm_8`), KEY `index_kronolith_sharesng_users_on_perm_16` (`perm_16`), KEY `index_kronolith_sharesng_users_on_perm_1024` (`perm_1024`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1418,7 +1549,7 @@ CREATE TABLE `kronolith_storage` ( PRIMARY KEY (`id`), KEY `index_kronolith_storage_on_vfb_owner` (`vfb_owner`), KEY `index_kronolith_storage_on_vfb_email` (`vfb_email`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1438,7 +1569,7 @@ CREATE TABLE `mnemo_memos` ( PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), KEY `index_mnemo_memos_on_memo_uid` (`memo_uid`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1450,7 +1581,7 @@ DROP TABLE IF EXISTS `mnemo_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `mnemo_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1477,7 +1608,7 @@ CREATE TABLE `mnemo_shares` ( KEY `index_mnemo_shares_on_perm_creator` (`perm_creator`), KEY `index_mnemo_shares_on_perm_default` (`perm_default`), KEY `index_mnemo_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1496,7 +1627,7 @@ CREATE TABLE `mnemo_shares_groups` ( KEY `index_mnemo_shares_groups_on_share_id` (`share_id`), KEY `index_mnemo_shares_groups_on_group_uid` (`group_uid`), KEY `index_mnemo_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1515,7 +1646,7 @@ CREATE TABLE `mnemo_shares_users` ( KEY `index_mnemo_shares_users_on_share_id` (`share_id`), KEY `index_mnemo_shares_users_on_user_uid` (`user_uid`), KEY `index_mnemo_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1560,7 +1691,7 @@ CREATE TABLE `mnemo_sharesng` ( KEY `index_mnemo_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_mnemo_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_mnemo_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1583,7 +1714,7 @@ CREATE TABLE `mnemo_sharesng_groups` ( KEY `index_mnemo_sharesng_groups_on_perm_4` (`perm_4`), KEY `index_mnemo_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_mnemo_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1606,7 +1737,7 @@ CREATE TABLE `mnemo_sharesng_users` ( KEY `index_mnemo_sharesng_users_on_perm_4` (`perm_4`), KEY `index_mnemo_sharesng_users_on_perm_8` (`perm_8`), KEY `index_mnemo_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1618,7 +1749,7 @@ DROP TABLE IF EXISTS `nag_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `nag_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1648,7 +1779,7 @@ CREATE TABLE `nag_shares` ( KEY `index_nag_shares_on_perm_creator` (`perm_creator`), KEY `index_nag_shares_on_perm_default` (`perm_default`), KEY `index_nag_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1665,7 +1796,7 @@ CREATE TABLE `nag_shares_groups` ( KEY `index_nag_shares_groups_on_share_id` (`share_id`), KEY `index_nag_shares_groups_on_group_uid` (`group_uid`), KEY `index_nag_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1682,7 +1813,7 @@ CREATE TABLE `nag_shares_users` ( KEY `index_nag_shares_users_on_share_id` (`share_id`), KEY `index_nag_shares_users_on_user_uid` (`user_uid`), KEY `index_nag_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1730,7 +1861,7 @@ CREATE TABLE `nag_sharesng` ( KEY `index_nag_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_nag_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_nag_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1753,7 +1884,7 @@ CREATE TABLE `nag_sharesng_groups` ( KEY `index_nag_sharesng_groups_on_perm_4` (`perm_4`), KEY `index_nag_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_nag_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1776,7 +1907,7 @@ CREATE TABLE `nag_sharesng_users` ( KEY `index_nag_sharesng_users_on_perm_4` (`perm_4`), KEY `index_nag_sharesng_users_on_perm_8` (`perm_8`), KEY `index_nag_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1815,7 +1946,7 @@ CREATE TABLE `nag_tasks` ( KEY `index_nag_tasks_on_task_owner` (`task_owner`), KEY `index_nag_tasks_on_task_uid` (`task_uid`), KEY `index_nag_tasks_on_task_start` (`task_start`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1831,7 +1962,7 @@ CREATE TABLE `rampage_objects` ( `type_id` int(10) unsigned NOT NULL, PRIMARY KEY (`object_id`), UNIQUE KEY `rampage_objects_type_object_name` (`type_id`,`object_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1845,7 +1976,7 @@ CREATE TABLE `rampage_tag_stats` ( `tag_id` int(10) unsigned NOT NULL, `count` int(10) unsigned DEFAULT NULL, PRIMARY KEY (`tag_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1864,7 +1995,7 @@ CREATE TABLE `rampage_tagged` ( KEY `rampage_tagged_object_id` (`object_id`), KEY `rampage_tagged_tag_id` (`tag_id`), KEY `rampage_tagged_created` (`created`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1879,7 +2010,7 @@ CREATE TABLE `rampage_tags` ( `tag_name` varchar(255) NOT NULL, PRIMARY KEY (`tag_id`), UNIQUE KEY `rampage_tags_tag_name` (`tag_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1894,7 +2025,7 @@ CREATE TABLE `rampage_types` ( `type_name` varchar(255) NOT NULL, PRIMARY KEY (`type_id`), UNIQUE KEY `rampage_objects_type_name` (`type_name`) -) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1910,7 +2041,7 @@ CREATE TABLE `rampage_user_tag_stats` ( `count` int(10) unsigned DEFAULT NULL, PRIMARY KEY (`user_id`,`tag_id`), KEY `rampage_user_tag_stats_tag_id` (`tag_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1925,7 +2056,7 @@ CREATE TABLE `rampage_users` ( `user_name` varchar(255) NOT NULL, PRIMARY KEY (`user_id`), UNIQUE KEY `rampage_users_user_name` (`user_name`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1948,7 +2079,7 @@ CREATE TABLE `trean_bookmarks` ( PRIMARY KEY (`bookmark_id`), KEY `index_trean_bookmarks_on_bookmark_clicks` (`bookmark_clicks`), KEY `index_trean_bookmarks_on_user_id` (`user_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1960,7 +2091,7 @@ DROP TABLE IF EXISTS `trean_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `trean_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2046,7 +2177,7 @@ CREATE TABLE `turba_objects` ( KEY `index_turba_objects_on_object_email` (`object_email`), KEY `index_turba_objects_on_object_firstname` (`object_firstname`), KEY `index_turba_objects_on_object_lastname` (`object_lastname`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2058,7 +2189,7 @@ DROP TABLE IF EXISTS `turba_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `turba_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2086,7 +2217,7 @@ CREATE TABLE `turba_shares` ( KEY `index_turba_shares_on_perm_creator` (`perm_creator`), KEY `index_turba_shares_on_perm_default` (`perm_default`), KEY `index_turba_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2105,7 +2236,7 @@ CREATE TABLE `turba_shares_groups` ( KEY `index_turba_shares_groups_on_share_id` (`share_id`), KEY `index_turba_shares_groups_on_group_uid` (`group_uid`), KEY `index_turba_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2124,7 +2255,7 @@ CREATE TABLE `turba_shares_users` ( KEY `index_turba_shares_users_on_share_id` (`share_id`), KEY `index_turba_shares_users_on_user_uid` (`user_uid`), KEY `index_turba_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2170,7 +2301,7 @@ CREATE TABLE `turba_sharesng` ( KEY `index_turba_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_turba_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_turba_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2193,7 +2324,7 @@ CREATE TABLE `turba_sharesng_groups` ( KEY `index_turba_sharesng_groups_on_perm_4` (`perm_4`), KEY `index_turba_sharesng_groups_on_perm_8` (`perm_8`), KEY `index_turba_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2216,7 +2347,7 @@ CREATE TABLE `turba_sharesng_users` ( KEY `index_turba_sharesng_users_on_perm_4` (`perm_4`), KEY `index_turba_sharesng_users_on_perm_8` (`perm_8`), KEY `index_turba_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2234,7 +2365,7 @@ CREATE TABLE `wicked_attachment_history` ( `change_log` text DEFAULT NULL, `attachment_version` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`page_id`,`attachment_name`,`attachment_version`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2253,7 +2384,7 @@ CREATE TABLE `wicked_attachments` ( `change_log` text DEFAULT NULL, `attachment_version` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`page_id`,`attachment_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2273,7 +2404,7 @@ CREATE TABLE `wicked_history` ( `page_version` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`page_id`,`page_version`), KEY `index_wicked_history_on_page_name` (`page_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2294,7 +2425,7 @@ CREATE TABLE `wicked_pages` ( `page_version` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`page_id`), UNIQUE KEY `index_wicked_pages_on_page_name` (`page_name`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2306,7 +2437,7 @@ DROP TABLE IF EXISTS `wicked_schema_info`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `wicked_schema_info` ( `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -2318,4 +2449,4 @@ CREATE TABLE `wicked_schema_info` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2022-03-07 20:03:15 +-- Dump completed on 2023-10-18 21:31:50 From 2813601f3fc81a7fc5e6e877c408f86dc6ee1c0f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:46:15 +0200 Subject: [PATCH 038/181] add version info --- files/mariadb/horde_schema.sql | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index f8dbc05..b72a7ea 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -302,6 +302,16 @@ CREATE TABLE `horde_activesync_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_schema_info` +-- + +LOCK TABLES `horde_activesync_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_activesync_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_activesync_schema_info` VALUES (23); +/*!40000 ALTER TABLE `horde_activesync_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_state` -- From fc3428f77563ff42ef7ed2f62b0d81277e7f1bc1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:55:53 +0200 Subject: [PATCH 039/181] don't import if not necessary --- files/mariadb/horde_schema.sql | 273 +++------------------------------ tasks/horde.yml | 1 + 2 files changed, 23 insertions(+), 251 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index b72a7ea..d772a9d 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -27,172 +27,6 @@ CREATE TABLE `content_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- --- Table structure for table `gollem_schema_info` --- - -DROP TABLE IF EXISTS `gollem_schema_info`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_schema_info` ( - `version` int(11) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_shares` --- - -DROP TABLE IF EXISTS `gollem_shares`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_shares` ( - `share_id` int(10) unsigned NOT NULL AUTO_INCREMENT, - `share_name` varchar(255) NOT NULL, - `share_owner` varchar(255) NOT NULL, - `share_flags` int(11) NOT NULL DEFAULT 0, - `share_parents` varchar(4000) DEFAULT NULL, - `perm_creator` int(11) NOT NULL DEFAULT 0, - `perm_default` int(11) NOT NULL DEFAULT 0, - `perm_guest` int(11) NOT NULL DEFAULT 0, - `attribute_name` varchar(255) NOT NULL, - PRIMARY KEY (`share_id`), - KEY `index_gollem_shares_on_share_name` (`share_name`), - KEY `index_gollem_shares_on_share_owner` (`share_owner`), - KEY `index_gollem_shares_on_perm_creator` (`perm_creator`), - KEY `index_gollem_shares_on_perm_default` (`perm_default`), - KEY `index_gollem_shares_on_perm_guest` (`perm_guest`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_shares_groups` --- - -DROP TABLE IF EXISTS `gollem_shares_groups`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_shares_groups` ( - `id` int(10) unsigned NOT NULL AUTO_INCREMENT, - `share_id` int(11) NOT NULL, - `group_uid` varchar(255) NOT NULL, - `perm` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `index_gollem_shares_groups_on_share_id` (`share_id`), - KEY `index_gollem_shares_groups_on_group_uid` (`group_uid`), - KEY `index_gollem_shares_groups_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_shares_users` --- - -DROP TABLE IF EXISTS `gollem_shares_users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_shares_users` ( - `id` int(10) unsigned NOT NULL AUTO_INCREMENT, - `share_id` int(11) NOT NULL, - `user_uid` varchar(255) NOT NULL, - `perm` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `index_gollem_shares_users_on_share_id` (`share_id`), - KEY `index_gollem_shares_users_on_user_uid` (`user_uid`), - KEY `index_gollem_shares_users_on_perm` (`perm`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_sharesng` --- - -DROP TABLE IF EXISTS `gollem_sharesng`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_sharesng` ( - `share_id` int(10) unsigned NOT NULL AUTO_INCREMENT, - `share_name` varchar(255) NOT NULL, - `share_owner` varchar(255) DEFAULT NULL, - `share_flags` int(11) NOT NULL DEFAULT 0, - `share_parents` varchar(4000) DEFAULT NULL, - `perm_creator_2` tinyint(1) NOT NULL DEFAULT 0, - `perm_creator_4` tinyint(1) NOT NULL DEFAULT 0, - `perm_creator_8` tinyint(1) NOT NULL DEFAULT 0, - `perm_creator_16` tinyint(1) NOT NULL DEFAULT 0, - `perm_default_2` tinyint(1) NOT NULL DEFAULT 0, - `perm_default_4` tinyint(1) NOT NULL DEFAULT 0, - `perm_default_8` tinyint(1) NOT NULL DEFAULT 0, - `perm_default_16` tinyint(1) NOT NULL DEFAULT 0, - `perm_guest_2` tinyint(1) NOT NULL DEFAULT 0, - `perm_guest_4` tinyint(1) NOT NULL DEFAULT 0, - `perm_guest_8` tinyint(1) NOT NULL DEFAULT 0, - `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, - `attribute_name` varchar(255) NOT NULL, - PRIMARY KEY (`share_id`), - KEY `index_gollem_sharesng_on_share_name` (`share_name`), - KEY `index_gollem_sharesng_on_share_owner` (`share_owner`), - KEY `index_gollem_sharesng_on_perm_creator_2` (`perm_creator_2`), - KEY `index_gollem_sharesng_on_perm_creator_4` (`perm_creator_4`), - KEY `index_gollem_sharesng_on_perm_creator_8` (`perm_creator_8`), - KEY `index_gollem_sharesng_on_perm_creator_16` (`perm_creator_16`), - KEY `index_gollem_sharesng_on_perm_default_2` (`perm_default_2`), - KEY `index_gollem_sharesng_on_perm_default_4` (`perm_default_4`), - KEY `index_gollem_sharesng_on_perm_default_8` (`perm_default_8`), - KEY `index_gollem_sharesng_on_perm_default_16` (`perm_default_16`), - KEY `index_gollem_sharesng_on_perm_guest_2` (`perm_guest_2`), - KEY `index_gollem_sharesng_on_perm_guest_4` (`perm_guest_4`), - KEY `index_gollem_sharesng_on_perm_guest_8` (`perm_guest_8`), - KEY `index_gollem_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_sharesng_groups` --- - -DROP TABLE IF EXISTS `gollem_sharesng_groups`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_sharesng_groups` ( - `share_id` int(11) NOT NULL, - `group_uid` varchar(255) NOT NULL, - `perm_2` tinyint(1) NOT NULL DEFAULT 0, - `perm_4` tinyint(1) NOT NULL DEFAULT 0, - `perm_8` tinyint(1) NOT NULL DEFAULT 0, - `perm_16` tinyint(1) NOT NULL DEFAULT 0, - KEY `index_gollem_sharesng_groups_on_share_id` (`share_id`), - KEY `index_gollem_sharesng_groups_on_group_uid` (`group_uid`), - KEY `index_gollem_sharesng_groups_on_perm_2` (`perm_2`), - KEY `index_gollem_sharesng_groups_on_perm_4` (`perm_4`), - KEY `index_gollem_sharesng_groups_on_perm_8` (`perm_8`), - KEY `index_gollem_sharesng_groups_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `gollem_sharesng_users` --- - -DROP TABLE IF EXISTS `gollem_sharesng_users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `gollem_sharesng_users` ( - `share_id` int(11) NOT NULL, - `user_uid` varchar(255) NOT NULL, - `perm_2` tinyint(1) NOT NULL DEFAULT 0, - `perm_4` tinyint(1) NOT NULL DEFAULT 0, - `perm_8` tinyint(1) NOT NULL DEFAULT 0, - `perm_16` tinyint(1) NOT NULL DEFAULT 0, - KEY `index_gollem_sharesng_users_on_share_id` (`share_id`), - KEY `index_gollem_sharesng_users_on_user_uid` (`user_uid`), - KEY `index_gollem_sharesng_users_on_perm_2` (`perm_2`), - KEY `index_gollem_sharesng_users_on_perm_4` (`perm_4`), - KEY `index_gollem_sharesng_users_on_perm_8` (`perm_8`), - KEY `index_gollem_sharesng_users_on_perm_16` (`perm_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - -- -- Table structure for table `horde_activesync_cache` -- @@ -302,16 +136,6 @@ CREATE TABLE `horde_activesync_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- --- Dumping data for table `horde_activesync_schema_info` --- - -LOCK TABLES `horde_activesync_schema_info` WRITE; -/*!40000 ALTER TABLE `horde_activesync_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_activesync_schema_info` VALUES (23); -/*!40000 ALTER TABLE `horde_activesync_schema_info` ENABLE KEYS */; -UNLOCK TABLES; - -- -- Table structure for table `horde_activesync_state` -- @@ -720,7 +544,7 @@ CREATE TABLE `horde_perms` ( `perm_data` text DEFAULT NULL, PRIMARY KEY (`perm_id`), UNIQUE KEY `index_horde_perms_on_perm_name` (`perm_name`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1287,6 +1111,7 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, + `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1303,11 +1128,9 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, - `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`), - KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1322,22 +1145,6 @@ CREATE TABLE `kronolith_events_geo` ( `event_id` varchar(32) NOT NULL, `event_lat` varchar(32) NOT NULL, `event_lon` varchar(32) NOT NULL, - `event_zoom` int(11) NOT NULL DEFAULT 0, - PRIMARY KEY (`event_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `kronolith_events_mysqlgeo` --- - -DROP TABLE IF EXISTS `kronolith_events_mysqlgeo`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `kronolith_events_mysqlgeo` ( - `event_id` varchar(32) NOT NULL, - `event_coordinates` point NOT NULL, - `event_zoom` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`event_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1394,7 +1201,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1472,7 +1279,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -1491,7 +1298,7 @@ CREATE TABLE `kronolith_sharesng` ( KEY `index_kronolith_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_kronolith_sharesng_on_perm_guest_16` (`perm_guest_16`), KEY `index_kronolith_sharesng_on_perm_guest_1024` (`perm_guest_1024`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1573,8 +1380,9 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(255) NOT NULL, + `memo_desc` varchar(64) NOT NULL, `memo_body` text DEFAULT NULL, + `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -1611,7 +1419,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -1685,7 +1493,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -1701,7 +1509,7 @@ CREATE TABLE `mnemo_sharesng` ( KEY `index_mnemo_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_mnemo_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_mnemo_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1780,9 +1588,7 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -1853,9 +1659,7 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` text DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -1871,7 +1675,7 @@ CREATE TABLE `nag_sharesng` ( KEY `index_nag_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_nag_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_nag_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1940,6 +1744,7 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, + `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2035,7 +1840,7 @@ CREATE TABLE `rampage_types` ( `type_name` varchar(255) NOT NULL, PRIMARY KEY (`type_id`), UNIQUE KEY `rampage_objects_type_name` (`type_name`) -) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2066,41 +1871,6 @@ CREATE TABLE `rampage_users` ( `user_name` varchar(255) NOT NULL, PRIMARY KEY (`user_id`), UNIQUE KEY `rampage_users_user_name` (`user_name`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `trean_bookmarks` --- - -DROP TABLE IF EXISTS `trean_bookmarks`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `trean_bookmarks` ( - `bookmark_id` int(10) unsigned NOT NULL AUTO_INCREMENT, - `bookmark_url` varchar(1024) DEFAULT NULL, - `bookmark_title` varchar(255) DEFAULT NULL, - `bookmark_description` varchar(1024) DEFAULT NULL, - `bookmark_clicks` int(10) unsigned DEFAULT 0, - `bookmark_http_status` varchar(5) DEFAULT NULL, - `bookmark_dt` datetime DEFAULT NULL, - `user_id` int(10) unsigned NOT NULL, - `favicon_url` varchar(255) DEFAULT NULL, - PRIMARY KEY (`bookmark_id`), - KEY `index_trean_bookmarks_on_bookmark_clicks` (`bookmark_clicks`), - KEY `index_trean_bookmarks_on_user_id` (`user_id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `trean_schema_info` --- - -DROP TABLE IF EXISTS `trean_schema_info`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `trean_schema_info` ( - `version` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -2151,6 +1921,7 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, + `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2220,7 +1991,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -2295,7 +2066,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), @@ -2311,7 +2082,7 @@ CREATE TABLE `turba_sharesng` ( KEY `index_turba_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_turba_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_turba_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2435,7 +2206,7 @@ CREATE TABLE `wicked_pages` ( `page_version` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`page_id`), UNIQUE KEY `index_wicked_pages_on_page_name` (`page_name`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2459,4 +2230,4 @@ CREATE TABLE `wicked_schema_info` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-10-18 21:31:50 +-- Dump completed on 2023-10-18 21:52:27 diff --git a/tasks/horde.yml b/tasks/horde.yml index 1604105..6544147 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -52,6 +52,7 @@ import_tasks: create_mariadb_schema.yml vars: mariadb_database: horde + mariadb_state: present - name: Set up Horde DB privileges mysql_user: name: hordeuser From 71b82b9f1c953fdeaf91a52d35fb7d2fd710b4d6 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:18:00 +0200 Subject: [PATCH 040/181] add version info --- files/mariadb/horde_schema.sql | 261 +++++++++++++++++++++++++++++++++ 1 file changed, 261 insertions(+) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index d772a9d..173365d 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -27,6 +27,16 @@ CREATE TABLE `content_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `content_schema_info` +-- + +LOCK TABLES `content_schema_info` WRITE; +/*!40000 ALTER TABLE `content_schema_info` DISABLE KEYS */; +REPLACE INTO `content_schema_info` VALUES (2); +/*!40000 ALTER TABLE `content_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_cache` -- @@ -136,6 +146,16 @@ CREATE TABLE `horde_activesync_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_schema_info` +-- + +LOCK TABLES `horde_activesync_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_activesync_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_activesync_schema_info` VALUES (23); +/*!40000 ALTER TABLE `horde_activesync_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_state` -- @@ -170,6 +190,16 @@ CREATE TABLE `horde_alarm_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_alarm_schema_info` +-- + +LOCK TABLES `horde_alarm_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_alarm_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_alarm_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_alarm_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_alarms` -- @@ -213,6 +243,16 @@ CREATE TABLE `horde_auth_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_auth_schema_info` +-- + +LOCK TABLES `horde_auth_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_auth_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_auth_schema_info` VALUES (1); +/*!40000 ALTER TABLE `horde_auth_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_cache` -- @@ -241,6 +281,16 @@ CREATE TABLE `horde_cache_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_cache_schema_info` +-- + +LOCK TABLES `horde_cache_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_cache_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_cache_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_cache_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_core_schema_info` -- @@ -253,6 +303,16 @@ CREATE TABLE `horde_core_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_core_schema_info` +-- + +LOCK TABLES `horde_core_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_core_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_core_schema_info` VALUES (1); +/*!40000 ALTER TABLE `horde_core_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_dav_collections` -- @@ -300,6 +360,16 @@ CREATE TABLE `horde_dav_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_dav_schema_info` +-- + +LOCK TABLES `horde_dav_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_dav_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_dav_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_dav_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_group_schema_info` -- @@ -312,6 +382,16 @@ CREATE TABLE `horde_group_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_group_schema_info` +-- + +LOCK TABLES `horde_group_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_group_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_group_schema_info` VALUES (3); +/*!40000 ALTER TABLE `horde_group_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_groups` -- @@ -394,6 +474,16 @@ CREATE TABLE `horde_history_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_history_schema_info` +-- + +LOCK TABLES `horde_history_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_history_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_history_schema_info` VALUES (6); +/*!40000 ALTER TABLE `horde_history_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_imap_client_data` -- @@ -455,6 +545,16 @@ CREATE TABLE `horde_imap_client_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_imap_client_schema_info` +-- + +LOCK TABLES `horde_imap_client_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_imap_client_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_imap_client_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_imap_client_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_lock_schema_info` -- @@ -467,6 +567,16 @@ CREATE TABLE `horde_lock_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_lock_schema_info` +-- + +LOCK TABLES `horde_lock_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_lock_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_lock_schema_info` VALUES (3); +/*!40000 ALTER TABLE `horde_lock_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_locks` -- @@ -559,6 +669,16 @@ CREATE TABLE `horde_perms_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_perms_schema_info` +-- + +LOCK TABLES `horde_perms_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_perms_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_perms_schema_info` VALUES (3); +/*!40000 ALTER TABLE `horde_perms_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_prefs` -- @@ -589,6 +709,16 @@ CREATE TABLE `horde_prefs_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_prefs_schema_info` +-- + +LOCK TABLES `horde_prefs_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_prefs_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_prefs_schema_info` VALUES (3); +/*!40000 ALTER TABLE `horde_prefs_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_queue_schema_info` -- @@ -601,6 +731,16 @@ CREATE TABLE `horde_queue_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_queue_schema_info` +-- + +LOCK TABLES `horde_queue_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_queue_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_queue_schema_info` VALUES (1); +/*!40000 ALTER TABLE `horde_queue_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_queue_tasks` -- @@ -628,6 +768,16 @@ CREATE TABLE `horde_service_weather_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_service_weather_schema_info` +-- + +LOCK TABLES `horde_service_weather_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_service_weather_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_service_weather_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_service_weather_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_sessionhandler` -- @@ -656,6 +806,16 @@ CREATE TABLE `horde_sessionhandler_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_sessionhandler_schema_info` +-- + +LOCK TABLES `horde_sessionhandler_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_sessionhandler_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_sessionhandler_schema_info` VALUES (2); +/*!40000 ALTER TABLE `horde_sessionhandler_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_signups` -- @@ -725,6 +885,16 @@ CREATE TABLE `horde_syncml_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_syncml_schema_info` +-- + +LOCK TABLES `horde_syncml_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_syncml_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_syncml_schema_info` VALUES (1); +/*!40000 ALTER TABLE `horde_syncml_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_token_schema_info` -- @@ -737,6 +907,16 @@ CREATE TABLE `horde_token_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_token_schema_info` +-- + +LOCK TABLES `horde_token_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_token_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_token_schema_info` VALUES (1); +/*!40000 ALTER TABLE `horde_token_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_tokens` -- @@ -801,6 +981,16 @@ CREATE TABLE `horde_vfs_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_vfs_schema_info` +-- + +LOCK TABLES `horde_vfs_schema_info` WRITE; +/*!40000 ALTER TABLE `horde_vfs_schema_info` DISABLE KEYS */; +REPLACE INTO `horde_vfs_schema_info` VALUES (4); +/*!40000 ALTER TABLE `horde_vfs_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `imp_schema_info` -- @@ -813,6 +1003,16 @@ CREATE TABLE `imp_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `imp_schema_info` +-- + +LOCK TABLES `imp_schema_info` WRITE; +/*!40000 ALTER TABLE `imp_schema_info` DISABLE KEYS */; +REPLACE INTO `imp_schema_info` VALUES (3); +/*!40000 ALTER TABLE `imp_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `imp_sentmail` -- @@ -900,6 +1100,16 @@ CREATE TABLE `ingo_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_schema_info` +-- + +LOCK TABLES `ingo_schema_info` WRITE; +/*!40000 ALTER TABLE `ingo_schema_info` DISABLE KEYS */; +REPLACE INTO `ingo_schema_info` VALUES (7); +/*!40000 ALTER TABLE `ingo_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_shares` -- @@ -1183,6 +1393,16 @@ CREATE TABLE `kronolith_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_schema_info` +-- + +LOCK TABLES `kronolith_schema_info` WRITE; +/*!40000 ALTER TABLE `kronolith_schema_info` DISABLE KEYS */; +REPLACE INTO `kronolith_schema_info` VALUES (17); +/*!40000 ALTER TABLE `kronolith_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_shares` -- @@ -1402,6 +1622,16 @@ CREATE TABLE `mnemo_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_schema_info` +-- + +LOCK TABLES `mnemo_schema_info` WRITE; +/*!40000 ALTER TABLE `mnemo_schema_info` DISABLE KEYS */; +REPLACE INTO `mnemo_schema_info` VALUES (5); +/*!40000 ALTER TABLE `mnemo_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_shares` -- @@ -1570,6 +1800,16 @@ CREATE TABLE `nag_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_schema_info` +-- + +LOCK TABLES `nag_schema_info` WRITE; +/*!40000 ALTER TABLE `nag_schema_info` DISABLE KEYS */; +REPLACE INTO `nag_schema_info` VALUES (9); +/*!40000 ALTER TABLE `nag_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_shares` -- @@ -1973,6 +2213,16 @@ CREATE TABLE `turba_schema_info` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_schema_info` +-- + +LOCK TABLES `turba_schema_info` WRITE; +/*!40000 ALTER TABLE `turba_schema_info` DISABLE KEYS */; +REPLACE INTO `turba_schema_info` VALUES (9); +/*!40000 ALTER TABLE `turba_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_shares` -- @@ -2220,6 +2470,17 @@ CREATE TABLE `wicked_schema_info` ( `version` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `wicked_schema_info` +-- + +LOCK TABLES `wicked_schema_info` WRITE; +/*!40000 ALTER TABLE `wicked_schema_info` DISABLE KEYS */; +REPLACE INTO `wicked_schema_info` VALUES (6); +/*!40000 ALTER TABLE `wicked_schema_info` ENABLE KEYS */; +UNLOCK TABLES; + /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; From 00ab53d2daf0272c9d2be1a72aeae0dc76fcd8f4 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:19:11 +0200 Subject: [PATCH 041/181] use fresh database as "schema" --- files/mariadb/horde_schema.sql | 759 ++++++++++++++++++++++++++++++++- 1 file changed, 757 insertions(+), 2 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 173365d..49fcd0c 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -53,6 +53,15 @@ CREATE TABLE `horde_activesync_cache` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_cache` +-- + +LOCK TABLES `horde_activesync_cache` WRITE; +/*!40000 ALTER TABLE `horde_activesync_cache` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_cache` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_device` -- @@ -71,6 +80,15 @@ CREATE TABLE `horde_activesync_device` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_device` +-- + +LOCK TABLES `horde_activesync_device` WRITE; +/*!40000 ALTER TABLE `horde_activesync_device` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_device` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_device_users` -- @@ -87,6 +105,15 @@ CREATE TABLE `horde_activesync_device_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_device_users` +-- + +LOCK TABLES `horde_activesync_device_users` WRITE; +/*!40000 ALTER TABLE `horde_activesync_device_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_device_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_mailmap` -- @@ -112,6 +139,15 @@ CREATE TABLE `horde_activesync_mailmap` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_mailmap` +-- + +LOCK TABLES `horde_activesync_mailmap` WRITE; +/*!40000 ALTER TABLE `horde_activesync_mailmap` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_mailmap` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_map` -- @@ -134,6 +170,15 @@ CREATE TABLE `horde_activesync_map` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_map` +-- + +LOCK TABLES `horde_activesync_map` WRITE; +/*!40000 ALTER TABLE `horde_activesync_map` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_map` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_activesync_schema_info` -- @@ -178,6 +223,15 @@ CREATE TABLE `horde_activesync_state` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_activesync_state` +-- + +LOCK TABLES `horde_activesync_state` WRITE; +/*!40000 ALTER TABLE `horde_activesync_state` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_activesync_state` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_alarm_schema_info` -- @@ -231,6 +285,15 @@ CREATE TABLE `horde_alarms` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_alarms` +-- + +LOCK TABLES `horde_alarms` WRITE; +/*!40000 ALTER TABLE `horde_alarms` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_alarms` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_auth_schema_info` -- @@ -269,6 +332,15 @@ CREATE TABLE `horde_cache` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_cache` +-- + +LOCK TABLES `horde_cache` WRITE; +/*!40000 ALTER TABLE `horde_cache` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_cache` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_cache_schema_info` -- @@ -330,6 +402,15 @@ CREATE TABLE `horde_dav_collections` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_dav_collections` +-- + +LOCK TABLES `horde_dav_collections` WRITE; +/*!40000 ALTER TABLE `horde_dav_collections` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_dav_collections` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_dav_objects` -- @@ -348,6 +429,15 @@ CREATE TABLE `horde_dav_objects` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_dav_objects` +-- + +LOCK TABLES `horde_dav_objects` WRITE; +/*!40000 ALTER TABLE `horde_dav_objects` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_dav_objects` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_dav_schema_info` -- @@ -409,6 +499,15 @@ CREATE TABLE `horde_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_groups` +-- + +LOCK TABLES `horde_groups` WRITE; +/*!40000 ALTER TABLE `horde_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_groups_members` -- @@ -424,6 +523,15 @@ CREATE TABLE `horde_groups_members` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_groups_members` +-- + +LOCK TABLES `horde_groups_members` WRITE; +/*!40000 ALTER TABLE `horde_groups_members` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_groups_members` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_histories` -- @@ -448,6 +556,15 @@ CREATE TABLE `horde_histories` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_histories` +-- + +LOCK TABLES `horde_histories` WRITE; +/*!40000 ALTER TABLE `horde_histories` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_histories` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_histories_modseq` -- @@ -462,6 +579,15 @@ CREATE TABLE `horde_histories_modseq` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_histories_modseq` +-- + +LOCK TABLES `horde_histories_modseq` WRITE; +/*!40000 ALTER TABLE `horde_histories_modseq` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_histories_modseq` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_history_schema_info` -- @@ -503,6 +629,15 @@ CREATE TABLE `horde_imap_client_data` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_imap_client_data` +-- + +LOCK TABLES `horde_imap_client_data` WRITE; +/*!40000 ALTER TABLE `horde_imap_client_data` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_imap_client_data` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_imap_client_message` -- @@ -518,6 +653,15 @@ CREATE TABLE `horde_imap_client_message` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_imap_client_message` +-- + +LOCK TABLES `horde_imap_client_message` WRITE; +/*!40000 ALTER TABLE `horde_imap_client_message` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_imap_client_message` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_imap_client_metadata` -- @@ -533,6 +677,15 @@ CREATE TABLE `horde_imap_client_metadata` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_imap_client_metadata` +-- + +LOCK TABLES `horde_imap_client_metadata` WRITE; +/*!40000 ALTER TABLE `horde_imap_client_metadata` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_imap_client_metadata` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_imap_client_schema_info` -- @@ -597,6 +750,15 @@ CREATE TABLE `horde_locks` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_locks` +-- + +LOCK TABLES `horde_locks` WRITE; +/*!40000 ALTER TABLE `horde_locks` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_locks` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_metar_airports` -- @@ -618,6 +780,15 @@ CREATE TABLE `horde_metar_airports` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_metar_airports` +-- + +LOCK TABLES `horde_metar_airports` WRITE; +/*!40000 ALTER TABLE `horde_metar_airports` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_metar_airports` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_muvfs` -- @@ -640,6 +811,15 @@ CREATE TABLE `horde_muvfs` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_muvfs` +-- + +LOCK TABLES `horde_muvfs` WRITE; +/*!40000 ALTER TABLE `horde_muvfs` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_muvfs` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_perms` -- @@ -657,6 +837,15 @@ CREATE TABLE `horde_perms` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_perms` +-- + +LOCK TABLES `horde_perms` WRITE; +/*!40000 ALTER TABLE `horde_perms` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_perms` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_perms_schema_info` -- @@ -697,6 +886,15 @@ CREATE TABLE `horde_prefs` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_prefs` +-- + +LOCK TABLES `horde_prefs` WRITE; +/*!40000 ALTER TABLE `horde_prefs` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_prefs` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_prefs_schema_info` -- @@ -756,6 +954,15 @@ CREATE TABLE `horde_queue_tasks` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_queue_tasks` +-- + +LOCK TABLES `horde_queue_tasks` WRITE; +/*!40000 ALTER TABLE `horde_queue_tasks` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_queue_tasks` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_service_weather_schema_info` -- @@ -794,6 +1001,15 @@ CREATE TABLE `horde_sessionhandler` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_sessionhandler` +-- + +LOCK TABLES `horde_sessionhandler` WRITE; +/*!40000 ALTER TABLE `horde_sessionhandler` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_sessionhandler` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_sessionhandler_schema_info` -- @@ -832,6 +1048,15 @@ CREATE TABLE `horde_signups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_signups` +-- + +LOCK TABLES `horde_signups` WRITE; +/*!40000 ALTER TABLE `horde_signups` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_signups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_syncml_anchors` -- @@ -851,6 +1076,15 @@ CREATE TABLE `horde_syncml_anchors` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_syncml_anchors` +-- + +LOCK TABLES `horde_syncml_anchors` WRITE; +/*!40000 ALTER TABLE `horde_syncml_anchors` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_syncml_anchors` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_syncml_map` -- @@ -873,6 +1107,15 @@ CREATE TABLE `horde_syncml_map` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_syncml_map` +-- + +LOCK TABLES `horde_syncml_map` WRITE; +/*!40000 ALTER TABLE `horde_syncml_map` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_syncml_map` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_syncml_schema_info` -- @@ -932,6 +1175,15 @@ CREATE TABLE `horde_tokens` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_tokens` +-- + +LOCK TABLES `horde_tokens` WRITE; +/*!40000 ALTER TABLE `horde_tokens` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_tokens` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_users` -- @@ -948,6 +1200,15 @@ CREATE TABLE `horde_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_users` +-- + +LOCK TABLES `horde_users` WRITE; +/*!40000 ALTER TABLE `horde_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_vfs` -- @@ -969,6 +1230,15 @@ CREATE TABLE `horde_vfs` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `horde_vfs` +-- + +LOCK TABLES `horde_vfs` WRITE; +/*!40000 ALTER TABLE `horde_vfs` DISABLE KEYS */; +/*!40000 ALTER TABLE `horde_vfs` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `horde_vfs_schema_info` -- @@ -1035,6 +1305,15 @@ CREATE TABLE `imp_sentmail` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `imp_sentmail` +-- + +LOCK TABLES `imp_sentmail` WRITE; +/*!40000 ALTER TABLE `imp_sentmail` DISABLE KEYS */; +/*!40000 ALTER TABLE `imp_sentmail` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_forwards` -- @@ -1049,6 +1328,15 @@ CREATE TABLE `ingo_forwards` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_forwards` +-- + +LOCK TABLES `ingo_forwards` WRITE; +/*!40000 ALTER TABLE `ingo_forwards` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_forwards` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_lists` -- @@ -1064,6 +1352,15 @@ CREATE TABLE `ingo_lists` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_lists` +-- + +LOCK TABLES `ingo_lists` WRITE; +/*!40000 ALTER TABLE `ingo_lists` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_lists` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_rules` -- @@ -1088,6 +1385,15 @@ CREATE TABLE `ingo_rules` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_rules` +-- + +LOCK TABLES `ingo_rules` WRITE; +/*!40000 ALTER TABLE `ingo_rules` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_rules` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_schema_info` -- @@ -1137,6 +1443,15 @@ CREATE TABLE `ingo_shares` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_shares` +-- + +LOCK TABLES `ingo_shares` WRITE; +/*!40000 ALTER TABLE `ingo_shares` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_shares` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_shares_groups` -- @@ -1156,6 +1471,15 @@ CREATE TABLE `ingo_shares_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_shares_groups` +-- + +LOCK TABLES `ingo_shares_groups` WRITE; +/*!40000 ALTER TABLE `ingo_shares_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_shares_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_shares_users` -- @@ -1175,6 +1499,15 @@ CREATE TABLE `ingo_shares_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_shares_users` +-- + +LOCK TABLES `ingo_shares_users` WRITE; +/*!40000 ALTER TABLE `ingo_shares_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_shares_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_sharesng` -- @@ -1220,6 +1553,15 @@ CREATE TABLE `ingo_sharesng` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_sharesng` +-- + +LOCK TABLES `ingo_sharesng` WRITE; +/*!40000 ALTER TABLE `ingo_sharesng` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_sharesng` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_sharesng_groups` -- @@ -1243,6 +1585,15 @@ CREATE TABLE `ingo_sharesng_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_sharesng_groups` +-- + +LOCK TABLES `ingo_sharesng_groups` WRITE; +/*!40000 ALTER TABLE `ingo_sharesng_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_sharesng_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_sharesng_users` -- @@ -1266,6 +1617,15 @@ CREATE TABLE `ingo_sharesng_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_sharesng_users` +-- + +LOCK TABLES `ingo_sharesng_users` WRITE; +/*!40000 ALTER TABLE `ingo_sharesng_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_sharesng_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_spam` -- @@ -1281,6 +1641,15 @@ CREATE TABLE `ingo_spam` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_spam` +-- + +LOCK TABLES `ingo_spam` WRITE; +/*!40000 ALTER TABLE `ingo_spam` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_spam` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `ingo_vacations` -- @@ -1302,6 +1671,15 @@ CREATE TABLE `ingo_vacations` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `ingo_vacations` +-- + +LOCK TABLES `ingo_vacations` WRITE; +/*!40000 ALTER TABLE `ingo_vacations` DISABLE KEYS */; +/*!40000 ALTER TABLE `ingo_vacations` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_events` -- @@ -1344,6 +1722,15 @@ CREATE TABLE `kronolith_events` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_events` +-- + +LOCK TABLES `kronolith_events` WRITE; +/*!40000 ALTER TABLE `kronolith_events` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_events` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_events_geo` -- @@ -1359,6 +1746,15 @@ CREATE TABLE `kronolith_events_geo` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_events_geo` +-- + +LOCK TABLES `kronolith_events_geo` WRITE; +/*!40000 ALTER TABLE `kronolith_events_geo` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_events_geo` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_resources` -- @@ -1381,6 +1777,15 @@ CREATE TABLE `kronolith_resources` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_resources` +-- + +LOCK TABLES `kronolith_resources` WRITE; +/*!40000 ALTER TABLE `kronolith_resources` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_resources` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_schema_info` -- @@ -1431,6 +1836,15 @@ CREATE TABLE `kronolith_shares` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_shares` +-- + +LOCK TABLES `kronolith_shares` WRITE; +/*!40000 ALTER TABLE `kronolith_shares` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_shares` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_shares_groups` -- @@ -1450,6 +1864,15 @@ CREATE TABLE `kronolith_shares_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_shares_groups` +-- + +LOCK TABLES `kronolith_shares_groups` WRITE; +/*!40000 ALTER TABLE `kronolith_shares_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_shares_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_shares_users` -- @@ -1469,6 +1892,15 @@ CREATE TABLE `kronolith_shares_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_shares_users` +-- + +LOCK TABLES `kronolith_shares_users` WRITE; +/*!40000 ALTER TABLE `kronolith_shares_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_shares_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_sharesng` -- @@ -1521,6 +1953,15 @@ CREATE TABLE `kronolith_sharesng` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_sharesng` +-- + +LOCK TABLES `kronolith_sharesng` WRITE; +/*!40000 ALTER TABLE `kronolith_sharesng` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_sharesng` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_sharesng_groups` -- @@ -1546,6 +1987,15 @@ CREATE TABLE `kronolith_sharesng_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_sharesng_groups` +-- + +LOCK TABLES `kronolith_sharesng_groups` WRITE; +/*!40000 ALTER TABLE `kronolith_sharesng_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_sharesng_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_sharesng_users` -- @@ -1571,6 +2021,15 @@ CREATE TABLE `kronolith_sharesng_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_sharesng_users` +-- + +LOCK TABLES `kronolith_sharesng_users` WRITE; +/*!40000 ALTER TABLE `kronolith_sharesng_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_sharesng_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_storage` -- @@ -1589,6 +2048,15 @@ CREATE TABLE `kronolith_storage` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `kronolith_storage` +-- + +LOCK TABLES `kronolith_storage` WRITE; +/*!40000 ALTER TABLE `kronolith_storage` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_storage` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_memos` -- @@ -1610,6 +2078,15 @@ CREATE TABLE `mnemo_memos` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_memos` +-- + +LOCK TABLES `mnemo_memos` WRITE; +/*!40000 ALTER TABLE `mnemo_memos` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_memos` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_schema_info` -- @@ -1659,6 +2136,15 @@ CREATE TABLE `mnemo_shares` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_shares` +-- + +LOCK TABLES `mnemo_shares` WRITE; +/*!40000 ALTER TABLE `mnemo_shares` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_shares` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_shares_groups` -- @@ -1678,6 +2164,15 @@ CREATE TABLE `mnemo_shares_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_shares_groups` +-- + +LOCK TABLES `mnemo_shares_groups` WRITE; +/*!40000 ALTER TABLE `mnemo_shares_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_shares_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_shares_users` -- @@ -1697,6 +2192,15 @@ CREATE TABLE `mnemo_shares_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_shares_users` +-- + +LOCK TABLES `mnemo_shares_users` WRITE; +/*!40000 ALTER TABLE `mnemo_shares_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_shares_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_sharesng` -- @@ -1742,6 +2246,15 @@ CREATE TABLE `mnemo_sharesng` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_sharesng` +-- + +LOCK TABLES `mnemo_sharesng` WRITE; +/*!40000 ALTER TABLE `mnemo_sharesng` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_sharesng` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_sharesng_groups` -- @@ -1765,6 +2278,15 @@ CREATE TABLE `mnemo_sharesng_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_sharesng_groups` +-- + +LOCK TABLES `mnemo_sharesng_groups` WRITE; +/*!40000 ALTER TABLE `mnemo_sharesng_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_sharesng_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `mnemo_sharesng_users` -- @@ -1788,6 +2310,15 @@ CREATE TABLE `mnemo_sharesng_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `mnemo_sharesng_users` +-- + +LOCK TABLES `mnemo_sharesng_users` WRITE; +/*!40000 ALTER TABLE `mnemo_sharesng_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `mnemo_sharesng_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_schema_info` -- @@ -1838,6 +2369,15 @@ CREATE TABLE `nag_shares` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_shares` +-- + +LOCK TABLES `nag_shares` WRITE; +/*!40000 ALTER TABLE `nag_shares` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_shares` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_shares_groups` -- @@ -1855,6 +2395,15 @@ CREATE TABLE `nag_shares_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_shares_groups` +-- + +LOCK TABLES `nag_shares_groups` WRITE; +/*!40000 ALTER TABLE `nag_shares_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_shares_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_shares_users` -- @@ -1872,6 +2421,15 @@ CREATE TABLE `nag_shares_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_shares_users` +-- + +LOCK TABLES `nag_shares_users` WRITE; +/*!40000 ALTER TABLE `nag_shares_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_shares_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_sharesng` -- @@ -1918,6 +2476,15 @@ CREATE TABLE `nag_sharesng` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_sharesng` +-- + +LOCK TABLES `nag_sharesng` WRITE; +/*!40000 ALTER TABLE `nag_sharesng` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_sharesng` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_sharesng_groups` -- @@ -1941,6 +2508,15 @@ CREATE TABLE `nag_sharesng_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_sharesng_groups` +-- + +LOCK TABLES `nag_sharesng_groups` WRITE; +/*!40000 ALTER TABLE `nag_sharesng_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_sharesng_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_sharesng_users` -- @@ -1964,6 +2540,15 @@ CREATE TABLE `nag_sharesng_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_sharesng_users` +-- + +LOCK TABLES `nag_sharesng_users` WRITE; +/*!40000 ALTER TABLE `nag_sharesng_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_sharesng_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `nag_tasks` -- @@ -2004,6 +2589,15 @@ CREATE TABLE `nag_tasks` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `nag_tasks` +-- + +LOCK TABLES `nag_tasks` WRITE; +/*!40000 ALTER TABLE `nag_tasks` DISABLE KEYS */; +/*!40000 ALTER TABLE `nag_tasks` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_objects` -- @@ -2020,6 +2614,15 @@ CREATE TABLE `rampage_objects` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_objects` +-- + +LOCK TABLES `rampage_objects` WRITE; +/*!40000 ALTER TABLE `rampage_objects` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_objects` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_tag_stats` -- @@ -2034,6 +2637,15 @@ CREATE TABLE `rampage_tag_stats` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_tag_stats` +-- + +LOCK TABLES `rampage_tag_stats` WRITE; +/*!40000 ALTER TABLE `rampage_tag_stats` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_tag_stats` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_tagged` -- @@ -2053,6 +2665,15 @@ CREATE TABLE `rampage_tagged` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_tagged` +-- + +LOCK TABLES `rampage_tagged` WRITE; +/*!40000 ALTER TABLE `rampage_tagged` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_tagged` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_tags` -- @@ -2068,6 +2689,15 @@ CREATE TABLE `rampage_tags` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_tags` +-- + +LOCK TABLES `rampage_tags` WRITE; +/*!40000 ALTER TABLE `rampage_tags` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_tags` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_types` -- @@ -2083,6 +2713,15 @@ CREATE TABLE `rampage_types` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_types` +-- + +LOCK TABLES `rampage_types` WRITE; +/*!40000 ALTER TABLE `rampage_types` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_types` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_user_tag_stats` -- @@ -2099,6 +2738,15 @@ CREATE TABLE `rampage_user_tag_stats` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_user_tag_stats` +-- + +LOCK TABLES `rampage_user_tag_stats` WRITE; +/*!40000 ALTER TABLE `rampage_user_tag_stats` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_user_tag_stats` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `rampage_users` -- @@ -2114,6 +2762,15 @@ CREATE TABLE `rampage_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `rampage_users` +-- + +LOCK TABLES `rampage_users` WRITE; +/*!40000 ALTER TABLE `rampage_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `rampage_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_objects` -- @@ -2201,6 +2858,15 @@ CREATE TABLE `turba_objects` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_objects` +-- + +LOCK TABLES `turba_objects` WRITE; +/*!40000 ALTER TABLE `turba_objects` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_objects` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_schema_info` -- @@ -2251,6 +2917,15 @@ CREATE TABLE `turba_shares` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_shares` +-- + +LOCK TABLES `turba_shares` WRITE; +/*!40000 ALTER TABLE `turba_shares` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_shares` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_shares_groups` -- @@ -2270,6 +2945,15 @@ CREATE TABLE `turba_shares_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_shares_groups` +-- + +LOCK TABLES `turba_shares_groups` WRITE; +/*!40000 ALTER TABLE `turba_shares_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_shares_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_shares_users` -- @@ -2289,6 +2973,15 @@ CREATE TABLE `turba_shares_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_shares_users` +-- + +LOCK TABLES `turba_shares_users` WRITE; +/*!40000 ALTER TABLE `turba_shares_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_shares_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_sharesng` -- @@ -2335,6 +3028,15 @@ CREATE TABLE `turba_sharesng` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_sharesng` +-- + +LOCK TABLES `turba_sharesng` WRITE; +/*!40000 ALTER TABLE `turba_sharesng` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_sharesng` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_sharesng_groups` -- @@ -2358,6 +3060,15 @@ CREATE TABLE `turba_sharesng_groups` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_sharesng_groups` +-- + +LOCK TABLES `turba_sharesng_groups` WRITE; +/*!40000 ALTER TABLE `turba_sharesng_groups` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_sharesng_groups` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `turba_sharesng_users` -- @@ -2381,6 +3092,15 @@ CREATE TABLE `turba_sharesng_users` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `turba_sharesng_users` +-- + +LOCK TABLES `turba_sharesng_users` WRITE; +/*!40000 ALTER TABLE `turba_sharesng_users` DISABLE KEYS */; +/*!40000 ALTER TABLE `turba_sharesng_users` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `wicked_attachment_history` -- @@ -2399,6 +3119,15 @@ CREATE TABLE `wicked_attachment_history` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `wicked_attachment_history` +-- + +LOCK TABLES `wicked_attachment_history` WRITE; +/*!40000 ALTER TABLE `wicked_attachment_history` DISABLE KEYS */; +/*!40000 ALTER TABLE `wicked_attachment_history` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `wicked_attachments` -- @@ -2418,6 +3147,15 @@ CREATE TABLE `wicked_attachments` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `wicked_attachments` +-- + +LOCK TABLES `wicked_attachments` WRITE; +/*!40000 ALTER TABLE `wicked_attachments` DISABLE KEYS */; +/*!40000 ALTER TABLE `wicked_attachments` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `wicked_history` -- @@ -2438,6 +3176,15 @@ CREATE TABLE `wicked_history` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `wicked_history` +-- + +LOCK TABLES `wicked_history` WRITE; +/*!40000 ALTER TABLE `wicked_history` DISABLE KEYS */; +/*!40000 ALTER TABLE `wicked_history` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `wicked_pages` -- @@ -2459,6 +3206,15 @@ CREATE TABLE `wicked_pages` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; +-- +-- Dumping data for table `wicked_pages` +-- + +LOCK TABLES `wicked_pages` WRITE; +/*!40000 ALTER TABLE `wicked_pages` DISABLE KEYS */; +/*!40000 ALTER TABLE `wicked_pages` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `wicked_schema_info` -- @@ -2480,7 +3236,6 @@ LOCK TABLES `wicked_schema_info` WRITE; REPLACE INTO `wicked_schema_info` VALUES (6); /*!40000 ALTER TABLE `wicked_schema_info` ENABLE KEYS */; UNLOCK TABLES; - /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; @@ -2491,4 +3246,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-10-18 21:52:27 +-- Dump completed on 2023-10-18 21:52:32 From 92cc589deae24e2226dede88d2cd112637972af3 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:25:58 +0200 Subject: [PATCH 042/181] proper replace --- files/mariadb/horde_schema.sql | 54 +++++++++++++++++----------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 49fcd0c..0972688 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -33,7 +33,7 @@ CREATE TABLE `content_schema_info` ( LOCK TABLES `content_schema_info` WRITE; /*!40000 ALTER TABLE `content_schema_info` DISABLE KEYS */; -REPLACE INTO `content_schema_info` VALUES (2); +REPLACE INTO `content_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `content_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -197,7 +197,7 @@ CREATE TABLE `horde_activesync_schema_info` ( LOCK TABLES `horde_activesync_schema_info` WRITE; /*!40000 ALTER TABLE `horde_activesync_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_activesync_schema_info` VALUES (23); +REPLACE INTO `horde_activesync_schema_info` (`version`) VALUES (23); /*!40000 ALTER TABLE `horde_activesync_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -250,7 +250,7 @@ CREATE TABLE `horde_alarm_schema_info` ( LOCK TABLES `horde_alarm_schema_info` WRITE; /*!40000 ALTER TABLE `horde_alarm_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_alarm_schema_info` VALUES (2); +REPLACE INTO `horde_alarm_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_alarm_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -312,7 +312,7 @@ CREATE TABLE `horde_auth_schema_info` ( LOCK TABLES `horde_auth_schema_info` WRITE; /*!40000 ALTER TABLE `horde_auth_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_auth_schema_info` VALUES (1); +REPLACE INTO `horde_auth_schema_info` (`version`) VALUES (1); /*!40000 ALTER TABLE `horde_auth_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -359,7 +359,7 @@ CREATE TABLE `horde_cache_schema_info` ( LOCK TABLES `horde_cache_schema_info` WRITE; /*!40000 ALTER TABLE `horde_cache_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_cache_schema_info` VALUES (2); +REPLACE INTO `horde_cache_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_cache_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -381,7 +381,7 @@ CREATE TABLE `horde_core_schema_info` ( LOCK TABLES `horde_core_schema_info` WRITE; /*!40000 ALTER TABLE `horde_core_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_core_schema_info` VALUES (1); +REPLACE INTO `horde_core_schema_info` (`version`) VALUES (1); /*!40000 ALTER TABLE `horde_core_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -456,7 +456,7 @@ CREATE TABLE `horde_dav_schema_info` ( LOCK TABLES `horde_dav_schema_info` WRITE; /*!40000 ALTER TABLE `horde_dav_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_dav_schema_info` VALUES (2); +REPLACE INTO `horde_dav_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_dav_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -478,7 +478,7 @@ CREATE TABLE `horde_group_schema_info` ( LOCK TABLES `horde_group_schema_info` WRITE; /*!40000 ALTER TABLE `horde_group_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_group_schema_info` VALUES (3); +REPLACE INTO `horde_group_schema_info` (`version`) VALUES (3); /*!40000 ALTER TABLE `horde_group_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -606,7 +606,7 @@ CREATE TABLE `horde_history_schema_info` ( LOCK TABLES `horde_history_schema_info` WRITE; /*!40000 ALTER TABLE `horde_history_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_history_schema_info` VALUES (6); +REPLACE INTO `horde_history_schema_info` (`version`) VALUES (6); /*!40000 ALTER TABLE `horde_history_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -704,7 +704,7 @@ CREATE TABLE `horde_imap_client_schema_info` ( LOCK TABLES `horde_imap_client_schema_info` WRITE; /*!40000 ALTER TABLE `horde_imap_client_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_imap_client_schema_info` VALUES (2); +REPLACE INTO `horde_imap_client_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_imap_client_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -726,7 +726,7 @@ CREATE TABLE `horde_lock_schema_info` ( LOCK TABLES `horde_lock_schema_info` WRITE; /*!40000 ALTER TABLE `horde_lock_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_lock_schema_info` VALUES (3); +REPLACE INTO `horde_lock_schema_info` (`version`) VALUES (3); /*!40000 ALTER TABLE `horde_lock_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -864,7 +864,7 @@ CREATE TABLE `horde_perms_schema_info` ( LOCK TABLES `horde_perms_schema_info` WRITE; /*!40000 ALTER TABLE `horde_perms_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_perms_schema_info` VALUES (3); +REPLACE INTO `horde_perms_schema_info` (`version`) VALUES (3); /*!40000 ALTER TABLE `horde_perms_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -913,7 +913,7 @@ CREATE TABLE `horde_prefs_schema_info` ( LOCK TABLES `horde_prefs_schema_info` WRITE; /*!40000 ALTER TABLE `horde_prefs_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_prefs_schema_info` VALUES (3); +REPLACE INTO `horde_prefs_schema_info` (`version`) VALUES (3); /*!40000 ALTER TABLE `horde_prefs_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -935,7 +935,7 @@ CREATE TABLE `horde_queue_schema_info` ( LOCK TABLES `horde_queue_schema_info` WRITE; /*!40000 ALTER TABLE `horde_queue_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_queue_schema_info` VALUES (1); +REPLACE INTO `horde_queue_schema_info` (`version`) VALUES (1); /*!40000 ALTER TABLE `horde_queue_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -981,7 +981,7 @@ CREATE TABLE `horde_service_weather_schema_info` ( LOCK TABLES `horde_service_weather_schema_info` WRITE; /*!40000 ALTER TABLE `horde_service_weather_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_service_weather_schema_info` VALUES (2); +REPLACE INTO `horde_service_weather_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_service_weather_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1028,7 +1028,7 @@ CREATE TABLE `horde_sessionhandler_schema_info` ( LOCK TABLES `horde_sessionhandler_schema_info` WRITE; /*!40000 ALTER TABLE `horde_sessionhandler_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_sessionhandler_schema_info` VALUES (2); +REPLACE INTO `horde_sessionhandler_schema_info` (`version`) VALUES (2); /*!40000 ALTER TABLE `horde_sessionhandler_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1134,7 +1134,7 @@ CREATE TABLE `horde_syncml_schema_info` ( LOCK TABLES `horde_syncml_schema_info` WRITE; /*!40000 ALTER TABLE `horde_syncml_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_syncml_schema_info` VALUES (1); +REPLACE INTO `horde_syncml_schema_info` (`version`) VALUES (1); /*!40000 ALTER TABLE `horde_syncml_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1156,7 +1156,7 @@ CREATE TABLE `horde_token_schema_info` ( LOCK TABLES `horde_token_schema_info` WRITE; /*!40000 ALTER TABLE `horde_token_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_token_schema_info` VALUES (1); +REPLACE INTO `horde_token_schema_info` (`version`) VALUES (1); /*!40000 ALTER TABLE `horde_token_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1257,7 +1257,7 @@ CREATE TABLE `horde_vfs_schema_info` ( LOCK TABLES `horde_vfs_schema_info` WRITE; /*!40000 ALTER TABLE `horde_vfs_schema_info` DISABLE KEYS */; -REPLACE INTO `horde_vfs_schema_info` VALUES (4); +REPLACE INTO `horde_vfs_schema_info` (`version`) VALUES (4); /*!40000 ALTER TABLE `horde_vfs_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1279,7 +1279,7 @@ CREATE TABLE `imp_schema_info` ( LOCK TABLES `imp_schema_info` WRITE; /*!40000 ALTER TABLE `imp_schema_info` DISABLE KEYS */; -REPLACE INTO `imp_schema_info` VALUES (3); +REPLACE INTO `imp_schema_info` (`version`) VALUES (3); /*!40000 ALTER TABLE `imp_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1412,7 +1412,7 @@ CREATE TABLE `ingo_schema_info` ( LOCK TABLES `ingo_schema_info` WRITE; /*!40000 ALTER TABLE `ingo_schema_info` DISABLE KEYS */; -REPLACE INTO `ingo_schema_info` VALUES (7); +REPLACE INTO `ingo_schema_info` (`version`) VALUES (7); /*!40000 ALTER TABLE `ingo_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1804,7 +1804,7 @@ CREATE TABLE `kronolith_schema_info` ( LOCK TABLES `kronolith_schema_info` WRITE; /*!40000 ALTER TABLE `kronolith_schema_info` DISABLE KEYS */; -REPLACE INTO `kronolith_schema_info` VALUES (17); +REPLACE INTO `kronolith_schema_info` (`version`) VALUES (17); /*!40000 ALTER TABLE `kronolith_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2105,7 +2105,7 @@ CREATE TABLE `mnemo_schema_info` ( LOCK TABLES `mnemo_schema_info` WRITE; /*!40000 ALTER TABLE `mnemo_schema_info` DISABLE KEYS */; -REPLACE INTO `mnemo_schema_info` VALUES (5); +REPLACE INTO `mnemo_schema_info` (`version`) VALUES (5); /*!40000 ALTER TABLE `mnemo_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2337,7 +2337,7 @@ CREATE TABLE `nag_schema_info` ( LOCK TABLES `nag_schema_info` WRITE; /*!40000 ALTER TABLE `nag_schema_info` DISABLE KEYS */; -REPLACE INTO `nag_schema_info` VALUES (9); +REPLACE INTO `nag_schema_info` (`version`) VALUES (9); /*!40000 ALTER TABLE `nag_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2885,7 +2885,7 @@ CREATE TABLE `turba_schema_info` ( LOCK TABLES `turba_schema_info` WRITE; /*!40000 ALTER TABLE `turba_schema_info` DISABLE KEYS */; -REPLACE INTO `turba_schema_info` VALUES (9); +REPLACE INTO `turba_schema_info` (`version`) VALUES (9); /*!40000 ALTER TABLE `turba_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -3233,7 +3233,7 @@ CREATE TABLE `wicked_schema_info` ( LOCK TABLES `wicked_schema_info` WRITE; /*!40000 ALTER TABLE `wicked_schema_info` DISABLE KEYS */; -REPLACE INTO `wicked_schema_info` VALUES (6); +REPLACE INTO `wicked_schema_info` (`version`) VALUES (6); /*!40000 ALTER TABLE `wicked_schema_info` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -3246,4 +3246,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-10-18 21:52:32 +-- Dump completed on 2023-10-18 22:25:24 From 793fa758b251398b6cdc2e153d52a003ebe95fdf Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:31:15 +0200 Subject: [PATCH 043/181] update schemas --- files/mariadb/horde_schema.sql | 76 +++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 25 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 0972688..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,7 +1699,6 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, - `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1716,9 +1715,11 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, + `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`), + KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1755,6 +1756,30 @@ LOCK TABLES `kronolith_events_geo` WRITE; /*!40000 ALTER TABLE `kronolith_events_geo` ENABLE KEYS */; UNLOCK TABLES; +-- +-- Table structure for table `kronolith_events_mysqlgeo` +-- + +DROP TABLE IF EXISTS `kronolith_events_mysqlgeo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `kronolith_events_mysqlgeo` ( + `event_id` varchar(32) NOT NULL, + `event_coordinates` point NOT NULL, + `event_zoom` int(11) NOT NULL DEFAULT 0, + PRIMARY KEY (`event_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `kronolith_events_mysqlgeo` +-- + +LOCK TABLES `kronolith_events_mysqlgeo` WRITE; +/*!40000 ALTER TABLE `kronolith_events_mysqlgeo` DISABLE KEYS */; +/*!40000 ALTER TABLE `kronolith_events_mysqlgeo` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `kronolith_resources` -- @@ -1804,7 +1829,7 @@ CREATE TABLE `kronolith_schema_info` ( LOCK TABLES `kronolith_schema_info` WRITE; /*!40000 ALTER TABLE `kronolith_schema_info` DISABLE KEYS */; -REPLACE INTO `kronolith_schema_info` (`version`) VALUES (17); +REPLACE INTO `kronolith_schema_info` (`version`) VALUES (23); /*!40000 ALTER TABLE `kronolith_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -1826,7 +1851,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1931,7 +1956,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -1950,7 +1975,7 @@ CREATE TABLE `kronolith_sharesng` ( KEY `index_kronolith_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_kronolith_sharesng_on_perm_guest_16` (`perm_guest_16`), KEY `index_kronolith_sharesng_on_perm_guest_1024` (`perm_guest_1024`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2068,9 +2093,8 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(64) NOT NULL, + `memo_desc` varchar(255) NOT NULL, `memo_body` text DEFAULT NULL, - `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2105,7 +2129,7 @@ CREATE TABLE `mnemo_schema_info` ( LOCK TABLES `mnemo_schema_info` WRITE; /*!40000 ALTER TABLE `mnemo_schema_info` DISABLE KEYS */; -REPLACE INTO `mnemo_schema_info` (`version`) VALUES (5); +REPLACE INTO `mnemo_schema_info` (`version`) VALUES (8); /*!40000 ALTER TABLE `mnemo_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2126,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2227,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2243,7 +2267,7 @@ CREATE TABLE `mnemo_sharesng` ( KEY `index_mnemo_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_mnemo_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_mnemo_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2337,7 +2361,7 @@ CREATE TABLE `nag_schema_info` ( LOCK TABLES `nag_schema_info` WRITE; /*!40000 ALTER TABLE `nag_schema_info` DISABLE KEYS */; -REPLACE INTO `nag_schema_info` (`version`) VALUES (9); +REPLACE INTO `nag_schema_info` (`version`) VALUES (14); /*!40000 ALTER TABLE `nag_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2359,7 +2383,9 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2457,7 +2483,9 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2473,7 +2501,7 @@ CREATE TABLE `nag_sharesng` ( KEY `index_nag_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_nag_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_nag_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2569,7 +2597,6 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, - `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2710,7 +2737,7 @@ CREATE TABLE `rampage_types` ( `type_name` varchar(255) NOT NULL, PRIMARY KEY (`type_id`), UNIQUE KEY `rampage_objects_type_name` (`type_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2759,7 +2786,7 @@ CREATE TABLE `rampage_users` ( `user_name` varchar(255) NOT NULL, PRIMARY KEY (`user_id`), UNIQUE KEY `rampage_users_user_name` (`user_name`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -2818,7 +2845,6 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, - `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2885,7 +2911,7 @@ CREATE TABLE `turba_schema_info` ( LOCK TABLES `turba_schema_info` WRITE; /*!40000 ALTER TABLE `turba_schema_info` DISABLE KEYS */; -REPLACE INTO `turba_schema_info` (`version`) VALUES (9); +REPLACE INTO `turba_schema_info` (`version`) VALUES (11); /*!40000 ALTER TABLE `turba_schema_info` ENABLE KEYS */; UNLOCK TABLES; @@ -2907,7 +2933,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3009,7 +3035,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), @@ -3025,7 +3051,7 @@ CREATE TABLE `turba_sharesng` ( KEY `index_turba_sharesng_on_perm_guest_4` (`perm_guest_4`), KEY `index_turba_sharesng_on_perm_guest_8` (`perm_guest_8`), KEY `index_turba_sharesng_on_perm_guest_16` (`perm_guest_16`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -3246,4 +3272,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-10-18 22:25:24 +-- Dump completed on 2023-10-18 22:26:49 From 40131d50d28800a2431deee062481bc21ff7f8a8 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:41:33 +0200 Subject: [PATCH 044/181] enable activesync --- files/mariadb/horde_schema.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 20bf248..8924929 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -843,6 +843,7 @@ CREATE TABLE `horde_perms` ( LOCK TABLES `horde_perms` WRITE; /*!40000 ALTER TABLE `horde_perms` DISABLE KEYS */; +REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); /*!40000 ALTER TABLE `horde_perms` ENABLE KEYS */; UNLOCK TABLES; From 7cc19e7bfb2ec662c58e8cf195263947dc3e14d9 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:43:24 +0200 Subject: [PATCH 045/181] update schema --- tasks/horde.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/horde.yml b/tasks/horde.yml index 6544147..6f8b429 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -52,7 +52,7 @@ import_tasks: create_mariadb_schema.yml vars: mariadb_database: horde - mariadb_state: present + # mariadb_state: present - name: Set up Horde DB privileges mysql_user: name: hordeuser From 14c0b4529aea06a7081eaf8c7ff86fa8857b389f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 23:12:04 +0200 Subject: [PATCH 046/181] reset only if requested --- tasks/horde.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/horde.yml b/tasks/horde.yml index 6f8b429..29877e3 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -52,7 +52,7 @@ import_tasks: create_mariadb_schema.yml vars: mariadb_database: horde - # mariadb_state: present + mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" - name: Set up Horde DB privileges mysql_user: name: hordeuser From 0b947ae304701f285d4fc18c2f14d59541d9235c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 23:29:22 +0200 Subject: [PATCH 047/181] clean up --- files/fail2ban/dnsmasq.conf | 21 --------------------- files/systemd/podman-compose@.service | 14 -------------- handlers/main.yml | 6 ------ meta/main.yml | 1 - tasks/fail2ban.yml | 25 +++++++------------------ tasks/os.yml | 6 ------ tasks/packages.yml | 4 ---- 7 files changed, 7 insertions(+), 70 deletions(-) delete mode 100644 files/fail2ban/dnsmasq.conf delete mode 100644 files/systemd/podman-compose@.service diff --git a/files/fail2ban/dnsmasq.conf b/files/fail2ban/dnsmasq.conf deleted file mode 100644 index 45bb444..0000000 --- a/files/fail2ban/dnsmasq.conf +++ /dev/null @@ -1,21 +0,0 @@ -# Fail2Ban configuration file -# -# script from www.marek.tokyo -# - -[INCLUDES] - -# Read common prefixes. If any customizations available -- read them from -# common.local -before = common.conf -after = dnsmasq.local - -[Definition] - -_daemon = dnsmasq -# log example from /var/log/pihole.log -#Feb 26 04:41:28 dnsmasq[1887]: query[A] 21cl93vlx5n9p.aikoaiko.net from 67.21.36.3 -#(?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? -failregex = .*query\[A\].*from - .*query\[ANY\].*from -ignoreregex = diff --git a/files/systemd/podman-compose@.service b/files/systemd/podman-compose@.service deleted file mode 100644 index 7f23336..0000000 --- a/files/systemd/podman-compose@.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=%i service with podman compose -Requires=podman.service dnsdist.service -After=podman.service dnsdist.service - -[Service] -Type=oneshot -RemainAfterExit=true -WorkingDirectory=/etc/podman/compose/%i -ExecStart=/usr/bin/podman-compose up -d --remove-orphans -ExecStop=/usr/bin/podman-compose down - -[Install] -WantedBy=multi-user.target diff --git a/handlers/main.yml b/handlers/main.yml index f6028a9..60e5527 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -113,12 +113,6 @@ daemon_reload: yes enabled: yes state: restarted -- name: Restart subspace - systemd: - name: podman-compose@subspace - daemon_reload: yes - enabled: yes - state: restarted - name: Default to localhost in resolv.conf copy: dest: /etc/resolv.conf diff --git a/meta/main.yml b/meta/main.yml index b47b112..1595f1a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -56,4 +56,3 @@ collections: - community.general - community.dns - community.mysql - - community.docker diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml index 1a5dd9c..0d64fc7 100644 --- a/tasks/fail2ban.yml +++ b/tasks/fail2ban.yml @@ -5,7 +5,6 @@ dest: "/etc/fail2ban/filter.d/{{ item }}" loop: - postfixadmin.conf - # - dnsmasq.conf notify: Restart fail2ban - name: Enable fail2ban jails blockinfile: @@ -90,24 +89,14 @@ # [slapd] # enabled = true - [postfixadmin] - enabled = true - port = http,https - filter = postfixadmin - logpath = /var/log/php-fpm/www-error.log - findtime = 60 - maxretry = 3 - bantime = 120 - - # [dnsmasq] - # enabled = true - # port = 53 - # action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] - # %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] - # logpath = /var/log/messages + # [postfixadmin] + # enabled = true + # port = http,https + # filter = postfixadmin + # logpath = /var/log/php-fpm/www-error.log # findtime = 60 - # maxretry = 42 - # bantime = 3600 + # maxretry = 3 + # bantime = 120 mode: u=rw,og=r owner: root group: root diff --git a/tasks/os.yml b/tasks/os.yml index 87a8a3d..6b17fc6 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -100,9 +100,3 @@ create: yes backup: yes tags: ssl -# - name: Create Podman Compose service -# copy: -# dest: '/etc/systemd/system/podman-compose@.service' -# src: 'systemd/podman-compose@.service' -# backup: yes -# notify: Restart subspace diff --git a/tasks/packages.yml b/tasks/packages.yml index a270634..5c05562 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -346,10 +346,6 @@ - wireguard-tools - bindfs - golang - - podman-docker - - podman-compose - - python3-docker - - python3-dockerpty - python3-pyyaml - python3-jinja2 - qrencode From 45215d5afac8bb8ef7f3551de9205bb2576ad21a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 19 Oct 2023 02:21:59 +0200 Subject: [PATCH 048/181] enable ActiveSync outside of schema init --- files/mariadb/horde_schema.sql | 1 - tasks/horde.yml | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 8924929..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -843,7 +843,6 @@ CREATE TABLE `horde_perms` ( LOCK TABLES `horde_perms` WRITE; /*!40000 ALTER TABLE `horde_perms` DISABLE KEYS */; -REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); /*!40000 ALTER TABLE `horde_perms` ENABLE KEYS */; UNLOCK TABLES; diff --git a/tasks/horde.yml b/tasks/horde.yml index 29877e3..a80da05 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -64,6 +64,14 @@ no_log: yes - name: Generate Horde DB schema command: horde-db-migrate +- name: Enable ActiveSync + mysql_query: + login_db: horde + login_user: hordeuser + login_password: '{{ horde_db_password }}' + query: + - REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); + no_log: yes - name: Fetch themes unarchive: src: http://eph.dk/horde-addons/5.2/combined-1.0.0.zip From 1d39134ce23afd3e87e793bdf173f3e41b6835af Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 21 Oct 2023 12:10:46 +0200 Subject: [PATCH 049/181] install PHP 8.1 --- tasks/packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/packages.yml b/tasks/packages.yml index 5c05562..72eca0f 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -353,6 +353,7 @@ - golang-github-acme-lego - perl-Proc-ProcessTable - imapsync + - php81 state: latest - name: Install Remi packages tags: horde From 093b10524dc33c8f242df4eb59dc6fd60b19413b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 00:18:12 +0200 Subject: [PATCH 050/181] sort out dependencies --- handlers/main.yml | 7 +- tasks/dns.yml | 3 + tasks/horde.yml | 3 + tasks/main.yml | 13 ++- tasks/os.yml | 4 + tasks/packages.yml | 225 ++++++++++++++++++++++++++++--------------- tasks/poweradmin.yml | 32 ++++++ tasks/wireguard.yml | 29 ++++++ 8 files changed, 238 insertions(+), 78 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 60e5527..7d7daca 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -85,10 +85,15 @@ state: restarted - name: Restart php-fpm systemd: - name: php-fpm + name: "{{ php_fpm_service }}" daemon_reload: yes enabled: yes state: restarted + loop: + - php74-php-fpm + - php81-php-fpm + loop_control: + loop_var: php_fpm_service - name: Restart postfix systemd: name: postfix diff --git a/tasks/dns.yml b/tasks/dns.yml index 39e37cf..8f0b7fd 100644 --- a/tasks/dns.yml +++ b/tasks/dns.yml @@ -36,3 +36,6 @@ when: 'public_dns == "yes"' - name: Configure PowerAdmin import_tasks: poweradmin.yml + tags: + - dyndns + - poweradmin diff --git a/tasks/horde.yml b/tasks/horde.yml index a80da05..9cae0c3 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -13,12 +13,15 @@ - { file: '/etc/php.ini', key: 'upload_max_filesize', value: '50M' } - { file: '/etc/opt/remi/php56/php.ini', key: 'upload_max_filesize', value: '50M' } - { file: '/etc/opt/remi/php74/php.ini', key: 'upload_max_filesize', value: '50M' } + - { file: '/etc/opt/remi/php81/php.ini', key: 'upload_max_filesize', value: '50M' } - { file: '/etc/php.ini', key: 'post_max_size', value: '50M' } - { file: '/etc/opt/remi/php56/php.ini', key: 'post_max_size', value: '50M' } - { file: '/etc/opt/remi/php74/php.ini', key: 'post_max_size', value: '50M' } + - { file: '/etc/opt/remi/php81/php.ini', key: 'post_max_size', value: '50M' } - { file: '/etc/php.ini', key: 'max_execution_time', value: '300' } - { file: '/etc/opt/remi/php56/php.ini', key: 'max_execution_time', value: '300' } - { file: '/etc/opt/remi/php74/php.ini', key: 'max_execution_time', value: '300' } + - { file: '/etc/opt/remi/php81/php.ini', key: 'max_execution_time', value: '300' } notify: Restart php-fpm - name: Upload complex Horde configs copy: diff --git a/tasks/main.yml b/tasks/main.yml index 1b18fb4..5550add 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,7 @@ --- # tasks file for ansible-mailserver +- name: Gather facts + setup: - name: Generate passwords if they don't exist yet set_fact: postfixadmin_db_password: "{{ postfixadmin_db_password | default(lookup('password', '/tmp/ansible-mailserver-install.postfixadmin_db_password chars=ascii_letters,digits')) }}" @@ -26,7 +28,10 @@ tags: mariadb - name: Configure DNS import_tasks: dns.yml - tags: dns + tags: + - dns + - poweradmin + - dyndns - name: Configure PostfixAdmin import_tasks: postfixadmin.yml tags: postfixadmin @@ -86,7 +91,11 @@ tags: webdav - name: Set up WireGuard import_tasks: wireguard.yml - tags: wireguard + tags: + - wireguard + - dyndns + - poweradmin + - postfixadmin - name: Set up backups import_tasks: backups.yml tags: backup diff --git a/tasks/os.yml b/tasks/os.yml index 6b17fc6..8019d76 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -17,10 +17,14 @@ loop: - "net.ipv6.conf.all.disable_ipv6" - "net.ipv6.conf.{{ ansible_default_ipv4.interface }}.disable_ipv6" + register: ipv6_enable - name: Reboot to pick up changes + when: ipv6_enable.changed reboot: reboot_timeout: 600 msg: "Reboot initiated by Ansible to enable IPv6" + - name: Gather facts + setup: - name: Install requiremets block: - name: Install packages diff --git a/tasks/packages.yml b/tasks/packages.yml index 72eca0f..fd83b2b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,4 +1,13 @@ --- +- name: Install EL repositories + tags: + - always + package: + name: + - yum-utils + - epel-release + - elrepo-release + state: latest - name: Set up UEK repository tags: wireguard blockinfile: @@ -131,29 +140,27 @@ state: present backup: yes create: yes -# - name: Set up MongoDB repository -# blockinfile: -# path: /etc/yum.repos.d/mongodb-org-5.0.repo -# marker: "# {mark} ANSIBLE MANAGED BLOCK MongoDB 5.0 repository" -# block: | -# [mongodb-org-5.0] -# name=MongoDB 5.0 Repository -# baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/$basearch/ -# gpgcheck=0 -# enabled=1 -# mode: u=rw,og=r -# owner: root -# group: root -# state: present -# backup: yes -# create: yes +- name: Set up MongoDB repository + tags: mongodb + blockinfile: + path: /etc/yum.repos.d/mongodb-org-5.0.repo + marker: "# {mark} ANSIBLE MANAGED BLOCK MongoDB 5.0 repository" + block: | + [mongodb-org-5.0] + name=MongoDB 5.0 Repository + baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/$basearch/ + gpgcheck=0 + enabled=1 + mode: u=rw,og=r + owner: root + group: root + state: present + backup: yes + create: yes - name: Enable PowerTools command: dnf config-manager --set-enable powertools -- name: Reset the PHP DNF module - command: dnf module reset php -y -- name: Enable DNF modules - tags: horde - command: dnf module enable php:remi-7.4 go-toolset -y +- name: Enable the go-toolset DNF module + command: dnf module enable go-toolset -y - name: Enable the COPR repositories command: "dnf copr enable -y {{ item }}" tags: @@ -163,12 +170,12 @@ - "@389ds/389-directory-server" - "eclipseo/golang-ng custom-1-x86_64" - name: Install packages + tags: + - always package: name: - postfix - mailx - - epel-release - - elrepo-release - certbot - httpd - python3-certbot-apache @@ -178,25 +185,11 @@ - python3-mysqlclient - wget - tar - - php-fpm - - php-imap - - php-mbstring - - php-mysqlnd - - php-gd - - php-opcache - - php-json - - php-curl - - php-zip - - php-xml - - php-bz2 - - php-intl - - php-gmp - binutils - rpm-build - setools-console - policycoreutils-python3 - policycoreutils-devel - - php-cli - postfix-mysql - dovecot-mysql - pypolicyd-spf @@ -212,19 +205,9 @@ - spamassassin - spamass-milter - dovecot-pigeonhole - - php-devel - - php74-php-devel - - php-pear - - php56-php-channel-horde - - php56-php-horde-horde-lz4 - ImageMagick - - php-pecl-imagick - - php56-php-pecl-imagick - aspell - memcached - - php56-php-pecl-memcache - - php-pecl-memcache - - php-pecl-http - mod_ssl - php-bcmath - php56-php-bcmath @@ -233,29 +216,15 @@ - gettext-common-devel - gettext-devel - gettext-libs - - php56-php-xml - - php56-php-pecl-dom-varimport - - php-pecl-mysql - - php-pecl-mysql-xdevapi - - php56-php-mysqlnd - openldap - openldap-clients - openldap-devel - - php56-php-ldap - - phpldapadmin - - php56-php-mbstring - gd - gd-devel - - php56-php-gd - tidy - libtidy - libtidy-devel - - php-tidy - - php56-php-tidy - - php-pecl-crypto - - php56-php-pecl-crypto - intltool - - php56-php-intl - curl - libcurl - libcurl-devel @@ -279,10 +248,6 @@ - GeoIP - GeoIP-GeoLite-data - GeoIP-GeoLite-data-extra - - php-pecl-geoip - - php56-php-pecl-geoip - - php-pecl-pam - - php74-php-pecl-pam - libgweather - libgweather-devel - cyrus-sasl-ldap @@ -293,7 +258,7 @@ - sssd-ldap - 389-ds-base - fortune-mod - # - mongodb-org + - mongodb-org - fail2ban-all - fail2ban-firewalld - fail2ban-selinux @@ -322,12 +287,6 @@ - clamav-update - iptables-services - conntrack-tools - - php - - php-ldap - - php-mysql - - php-odbc - - php-mcrypt - - php-mhash - pdns - pdns-backend-mysql - pdns-recursor @@ -353,12 +312,115 @@ - golang-github-acme-lego - perl-Proc-ProcessTable - imapsync - - php81 + - php56-php-channel-horde + - php56-php-horde-horde-lz4 + - php56-php-xml + - php56-php-pecl-dom-varimport + - php56-php-mysqlnd + - php56-php-ldap + - php56-php-mbstring + - php56-php-gd + - php56-php-tidy + - php56-php-pecl-crypto + - php56-php-intl + - php56-php-pecl-geoip + - php56-php-pecl-imagick + - php56-php-pecl-memcache state: latest -- name: Install Remi packages +- name: Reset the PHP DNF module + command: dnf module reset php -y + tags: + - wireguard + - dyndns +- name: Enable the php:remi-8.1 DNF module + tags: + - wireguard + - dyndns + command: dnf module enable php:remi-8.1 -y +- name: Install PHP 8.1 packages + tags: + - wireguard + - dyndns + package: + name: + - php81-php-fpm + - phpldapadmin + - php81-php-tidy + - php81-php + - php81-php-ldap + - php81-php-mysql + - php81-php-odbc + - php81-php-mcrypt + - php81-php-mhash + - php81-php-devel + - php81-php-imap + - php81-php-mbstring + - php81-php-mysqlnd + - php81-php-gd + - php81-php-opcache + - php81-php-json + - php81-php-curl + - php81-php-zip + - php81-php-xml + - php81-php-bz2 + - php81-php-intl + - php81-php-gmp + - php81-php-cli + state: latest + register: php81_packages +- name: Restart php81-php-fpm + when: php81_packages.changed + tags: + - wireguard + - dyndns + systemd: + name: php81-php-fpm + daemon_reload: yes + enabled: yes + state: restarted +- name: Reset the PHP DNF module + command: dnf module reset php -y + tags: + - always +- name: Enable the php:remi-7.4 DNF module + tags: horde + command: dnf module enable php:remi-7.4 -y +- name: Install PHP 7.4 packages tags: horde dnf: name: + - phpunit7 + - php74-php-fpm + - php74-php-pear + - php74-php-tidy + - php74-php + - php74-php-ldap + - php74-php-mysql + - php74-php-odbc + - php74-php-mcrypt + - php74-php-mhash + - php74-php-pecl-mysql + - php74-php-pecl-mysql-xdevapi + - php74-php-pecl-crypto + - php74-php-pecl-geoip + - php74-php-pecl-pam + - php74-php-pecl-imagick + - php74-php-pecl-memcache + - php74-php-pecl-http + - php74-php-devel + - php74-php-imap + - php74-php-mbstring + - php74-php-mysqlnd + - php74-php-gd + - php74-php-opcache + - php74-php-json + - php74-php-curl + - php74-php-zip + - php74-php-xml + - php74-php-bz2 + - php74-php-intl + - php74-php-gmp + - php74-php-cli - php-channel-horde - php-horde-Horde-Alarm - php-horde-Horde-Argv @@ -423,13 +485,22 @@ - php-horde-imp - php-horde-kronolith - php-horde-turba - # - php-horde-Horde-Mongo + - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked - php-pear-Text-Figlet enablerepo: remi state: latest + register: php74_packages +- name: Restart php74-php-fpm + when: php74_packages.changed + tags: horde + systemd: + name: php74-php-fpm + daemon_reload: yes + enabled: yes + state: restarted - name: Install EL7 packages dnf: name: @@ -484,3 +555,7 @@ backup: yes loop: - { url: "https://github.com/quentinsf/IMAPdedup/raw/master/imapdedup.py", dest: "/usr/local/bin/imapdedup.py" } +- name: Reset the PHP DNF module + command: dnf module reset php -y + tags: + - always diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index f339da3..38e136f 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -1,5 +1,8 @@ --- - name: Get latest PowerAdmin version + tags: + - dyndns + - poweradmin block: - name: Get URL for latest release uri: @@ -10,17 +13,26 @@ poweradmin_version: "{{ poweradmin_download_site.url | replace('https://github.com/poweradmin/poweradmin/releases/tag/v','') }}" when: 'public_dns == "yes"' - name: Unpack PowerAdmin + tags: + - dyndns + - poweradmin unarchive: src: "https://github.com/poweradmin/poweradmin/archive/v{{ poweradmin_version }}.tar.gz" dest: /var/www/ remote_src: yes when: 'public_dns == "yes"' - name: Rename PowerAdmin directory + tags: + - dyndns + - poweradmin command: "mv /var/www/poweradmin-{{ poweradmin_version }} /var/www/poweradmin" args: creates: /var/www/poweradmin when: 'public_dns == "yes"' - name: Set up PowerAdmin permissions + tags: + - dyndns + - poweradmin file: path: /var/www/poweradmin state: directory @@ -29,11 +41,17 @@ recurse: yes when: 'public_dns == "yes"' - name: Generate PowerAdmin session key + tags: + - dyndns + - poweradmin set_fact: poweradmin_session_key: "{{ poweradmin_session_key | default(lookup('password', '/tmp/ansible-mailserver-install.poweradmin_session_key chars=ascii_lowercase,ascii_uppercase,digits,@,#,$,%,^,*,(,),_,-,! length=46')) }}" no_log: yes when: 'public_dns == "yes"' - name: "Add PowerAdmin user" + tags: + - dyndns + - poweradmin mysql_user: name: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' @@ -45,6 +63,9 @@ when: 'public_dns == "yes"' notify: Warn on passwords - name: Fill PowerDNS DB with PowerAdmin data + tags: + - dyndns + - poweradmin block: - name: Fill PowerDNS DB with PowerAdmin data using Blowfish 2y ident mysql_query: @@ -86,11 +107,17 @@ when: 'public_dns == "yes"' notify: Warn on passwords - name: Check if DynDNS .htaccess exists + tags: + - dyndns + - poweradmin stat: path: /var/www/poweradmin/.htaccess register: htaccess_exists when: 'public_dns == "yes"' - name: Set up DynDNS .htaccess + tags: + - dyndns + - poweradmin when: 'public_dns == "yes" and not htaccess_exists.stat.exists' block: - name: Set up DynDNS .htaccess from installer files @@ -110,6 +137,9 @@ group: apache mode: ug=rw,o=r - name: Render PowerAdmin config + tags: + - dyndns + - poweradmin template: src: poweradmin/config.inc.php.j2 dest: /var/www/poweradmin/inc/config.inc.php @@ -120,6 +150,8 @@ no_log: yes when: 'public_dns == "yes"' - name: Remove install directory + tags: + - poweradmin file: path: /var/www/poweradmin/install/ state: absent diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 4d5f672..6dc54a8 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -180,6 +180,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add DynDNS NS records + tags: + - wireguard + - poweradmin include_tasks: add_dns_record.yml vars: record: @@ -192,6 +195,9 @@ - dyndns - vpn - name: Add DynDNS root A record + tags: + - wireguard + - poweradmin import_tasks: add_dns_record.yml vars: record: @@ -201,6 +207,9 @@ type: A content: "{{ ansible_default_ipv4.address }}" - name: Add DynDNS root AAAA record + tags: + - wireguard + - poweradmin import_tasks: add_dns_record.yml vars: record: @@ -210,6 +219,9 @@ type: AAAA content: "{{ ansible_default_ipv6.address }}" - name: Add DynDNS A records + tags: + - wireguard + - poweradmin include_tasks: add_dns_record.yml vars: record: @@ -221,6 +233,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add DynDNS AAAA records + tags: + - wireguard + - poweradmin include_tasks: add_dns_record.yml vars: record: @@ -272,6 +287,10 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add admin VPN A records + tags: + - wireguard + - poweradmin + - postfixadmin include_tasks: add_dns_record.yml vars: record: @@ -284,6 +303,10 @@ - postfixadmin - poweradmin - name: Add admin VPN AAAA records + tags: + - wireguard + - poweradmin + - postfixadmin include_tasks: add_dns_record.yml vars: record: @@ -296,6 +319,9 @@ - postfixadmin - poweradmin - name: Generate BASH DynDNS clients + tags: + - wireguard + - poweradmin template: src: dyndns/dynamic_dns_client.sh.j2 dest: "{{ wireguard.config_dir }}/clients/{{ item }}/dynamic_dns_client.sh" @@ -306,6 +332,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Generate Python DynDNS clients + tags: + - wireguard + - poweradmin template: src: dyndns/dynamic_dns_client.py.j2 dest: "{{ wireguard.config_dir }}/clients/{{ item }}/dynamic_dns_client.py" From 93bb27a61bef90e67e8b0bf78f226746a7a8308a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 00:56:22 +0200 Subject: [PATCH 051/181] add more tags for easier maintenance --- tasks/httpd.yml | 34 ++++++++++++++++++++++++++++++++++ tasks/main.yml | 9 ++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 249a3c0..57386b5 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -1,5 +1,12 @@ --- - name: Open firewall + tags: + - dyndns + - horde + - postfixadmin + - poweradmin + - wireguard + - webdav include_tasks: firewall.yml vars: port: "{{ item }}" @@ -26,6 +33,13 @@ ./httpd.sh ausearch -m AVC -ts recent | audit2allow -R - name: Render web config templates + tags: + - dyndns + - horde + - postfixadmin + - poweradmin + - wireguard + - webdav template: src: "{{ item.src }}" dest: "{{ item.dest }}" @@ -54,6 +68,7 @@ - { src: "httpd/wildcard-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/000-wildcard.{{ mailserver_domain }}-le-ssl.conf" } notify: Restart httpd - name: Deploy SSL config + tags: ssl copy: src: httpd/options-ssl-apache.conf dest: /etc/letsencrypt/options-ssl-apache.conf @@ -63,6 +78,7 @@ group: root notify: Restart httpd - name: Deploy Horde default config + tags: horde copy: src: httpd/php-horde-horde.conf dest: /etc/httpd/conf.d/php-horde-horde.conf @@ -72,6 +88,10 @@ group: root notify: Restart httpd - name: Serve user ~/public_html directories + tags: + - webdav + - ftp + - wireguard copy: src: httpd/userdir.conf dest: /etc/httpd/conf.d/userdir.conf @@ -81,6 +101,10 @@ group: root notify: Restart httpd - name: Set home directory permissions + tags: + - webdav + - ftp + - wireguard file: path: "~{{ item.name }}" state: directory @@ -90,6 +114,10 @@ loop: "{{ users }}" no_log: true - name: Set public_html directory permissions + tags: + - webdav + - ftp + - wireguard file: path: "~{{ item.name }}/public_html" state: directory @@ -100,6 +128,7 @@ loop: "{{ users }}" no_log: true - name: Ensure user certificate directories exist + tags: wireguard file: path: "~{{ item.name }}/{{ item.name }}/public_html/.vpn" owner: "{{ item.name }}" @@ -110,6 +139,7 @@ loop: "{{ users }}" no_log: true - name: BindFS mount SSL certificates to user public_html + tags: ssl mount: path: "~{{ item.name }}/public_html/.certificates" src: /etc/letsencrypt/certificates @@ -119,6 +149,7 @@ loop: "{{ users }}" no_log: true - name: Set postfixadmin ACLs + tags: postfixadmin acl: path: /var/www/postfixadmin/templates_c entity: apache @@ -137,6 +168,7 @@ backup: yes notify: Restart httpd - name: Create PAM module for HTTPD auth + tags: webdav copy: src: pam/httpd-auth dest: /etc/pam.d/httpd-auth @@ -157,12 +189,14 @@ loop: "{{ httpd_pam_deny_users }}" notify: Restart httpd - name: Allow Apache read /etc/shadow + tags: webdav file: path: /etc/shadow state: file group: apache mode: ug=r - name: Enable HTTPD PAM auth + tags: webdav copy: src: httpd/55-authnz_pam.conf dest: /etc/httpd/conf.modules.d/55-authnz_pam.conf diff --git a/tasks/main.yml b/tasks/main.yml index 5550add..6e9f5a9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -52,7 +52,14 @@ tags: ftp - name: Configure Apache import_tasks: httpd.yml - tags: httpd + tags: + - httpd + - dyndns + - horde + - postfixadmin + - poweradmin + - wireguard + - webdav - name: Set up SPAMAssassin import_tasks: spamassassin.yml tags: spamassassin From c47d1515ae00b6dc9f16ae2b706521417e692d3a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 14:28:35 +0200 Subject: [PATCH 052/181] add perl-CGI for imapsync --- tasks/packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/packages.yml b/tasks/packages.yml index fd83b2b..eb6e26b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -311,6 +311,7 @@ - python3-pip - golang-github-acme-lego - perl-Proc-ProcessTable + - perl-CGI - imapsync - php56-php-channel-horde - php56-php-horde-horde-lz4 From fe7937cb195a2ddd7ff07d71ea735dc072a1f220 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 16:09:48 +0200 Subject: [PATCH 053/181] only install what we explicitly need --- tasks/packages.yml | 85 ++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 49 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index eb6e26b..8e5eb71 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -345,28 +345,14 @@ package: name: - php81-php-fpm - - phpldapadmin - - php81-php-tidy - - php81-php - - php81-php-ldap + - php81-php-intl + - php-gettext-gettext + - php81-php-pecl-crypto + - php81-php-pdo - php81-php-mysql - - php81-php-odbc - - php81-php-mcrypt - - php81-php-mhash - - php81-php-devel - - php81-php-imap - - php81-php-mbstring - php81-php-mysqlnd - - php81-php-gd - - php81-php-opcache - - php81-php-json - - php81-php-curl - - php81-php-zip - - php81-php-xml - - php81-php-bz2 - - php81-php-intl - - php81-php-gmp - - php81-php-cli + - php81-php-pecl-mysql-xdevapi + - php81-php-ldap state: latest register: php81_packages - name: Restart php81-php-fpm @@ -390,38 +376,39 @@ tags: horde dnf: name: + - phpldapadmin - phpunit7 - php74-php-fpm - php74-php-pear - - php74-php-tidy - - php74-php - - php74-php-ldap - - php74-php-mysql - - php74-php-odbc - - php74-php-mcrypt - - php74-php-mhash - - php74-php-pecl-mysql - - php74-php-pecl-mysql-xdevapi - - php74-php-pecl-crypto - - php74-php-pecl-geoip - - php74-php-pecl-pam - - php74-php-pecl-imagick - - php74-php-pecl-memcache - - php74-php-pecl-http - - php74-php-devel - - php74-php-imap - - php74-php-mbstring - - php74-php-mysqlnd - - php74-php-gd - - php74-php-opcache - - php74-php-json - - php74-php-curl - - php74-php-zip - - php74-php-xml - - php74-php-bz2 - - php74-php-intl - - php74-php-gmp - - php74-php-cli + # - php74-php-tidy + # - php74-php + # - php74-php-ldap + # - php74-php-mysql + # - php74-php-odbc + # - php74-php-mcrypt + # - php74-php-mhash + # - php74-php-pecl-mysql + # - php74-php-pecl-mysql-xdevapi + # - php74-php-pecl-crypto + # - php74-php-pecl-geoip + # - php74-php-pecl-pam + # - php74-php-pecl-imagick + # - php74-php-pecl-memcache + # - php74-php-pecl-http + # - php74-php-devel + # - php74-php-imap + # - php74-php-mbstring + # - php74-php-mysqlnd + # - php74-php-gd + # - php74-php-opcache + # - php74-php-json + # - php74-php-curl + # - php74-php-zip + # - php74-php-xml + # - php74-php-bz2 + # - php74-php-intl + # - php74-php-gmp + # - php74-php-cli - php-channel-horde - php-horde-Horde-Alarm - php-horde-Horde-Argv From b65bc1d541305408cf6ffdc51e2ec0c38e7ac46b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 17:30:42 +0200 Subject: [PATCH 054/181] enable COPR only if not enabled yet --- tasks/packages.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 8e5eb71..eb493a3 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -161,7 +161,11 @@ command: dnf config-manager --set-enable powertools - name: Enable the go-toolset DNF module command: dnf module enable go-toolset -y +- name: Query DNF repo list + command: dnf repolist + register: dnf_repolist - name: Enable the COPR repositories + when: "{{ ('copr:copr.fedorainfracloud.org:' ~ (item | split(' ') | first | replace('@', 'group_') | replace('/', ':'))) not in dnf_repolist.stdout }}" command: "dnf copr enable -y {{ item }}" tags: - ldap @@ -327,6 +331,7 @@ - php56-php-pecl-geoip - php56-php-pecl-imagick - php56-php-pecl-memcache + # - php-gettext-gettext state: latest - name: Reset the PHP DNF module command: dnf module reset php -y @@ -346,7 +351,6 @@ name: - php81-php-fpm - php81-php-intl - - php-gettext-gettext - php81-php-pecl-crypto - php81-php-pdo - php81-php-mysql From 4b185d9dbd34b8ed1dac39b8e85bc0acd14a1cd4 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:24:13 +0200 Subject: [PATCH 055/181] try horde from Cheese repo --- tasks/packages.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index eb493a3..9cc4b66 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -36,7 +36,12 @@ - name: Set up Remi repository tags: horde dnf: - name: "https://rpms.remirepo.net/enterprise/remi-release-{{ hostvars[inventory_hostname].ansible_distribution_major_version }}.rpm" + name: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" + disable_gpg_check: yes +- name: Set up Cheese repository + tags: horde + dnf: + name: "http://www.nosuchhost.net/~cheese/fedora/packages/epel-{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/cheese-release-8-1.el8.noarch.rpm" disable_gpg_check: yes - name: Set up ElasticSearch repository tags: elasticsearch @@ -373,17 +378,17 @@ command: dnf module reset php -y tags: - always -- name: Enable the php:remi-7.4 DNF module - tags: horde - command: dnf module enable php:remi-7.4 -y +# - name: Enable the php:remi-7.4 DNF module +# tags: horde +# command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - phpldapadmin - phpunit7 - - php74-php-fpm - - php74-php-pear + # - php74-php-fpm + # - php74-php-pear # - php74-php-tidy # - php74-php # - php74-php-ldap @@ -482,7 +487,8 @@ - php-horde-mnemo - php-horde-wicked - php-pear-Text-Figlet - enablerepo: remi + # enablerepo: remi + enablerepo: cheese state: latest register: php74_packages - name: Restart php74-php-fpm From db35ef20fbbdabfc5b36cc1f94627355940d9015 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:47:51 +0200 Subject: [PATCH 056/181] enable RPM Fusion --- tasks/packages.yml | 191 +++++++++++++++++++++++---------------------- 1 file changed, 99 insertions(+), 92 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 9cc4b66..f70d39c 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -38,6 +38,13 @@ dnf: name: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" disable_gpg_check: yes +- name: Enable RPM Fusion + tags: horde + dnf: + name: + - "https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" + - "https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" + disable_gpg_check: yes - name: Set up Cheese repository tags: horde dnf: @@ -385,108 +392,108 @@ tags: horde dnf: name: - - phpldapadmin - - phpunit7 + # - phpldapadmin + # - phpunit7 # - php74-php-fpm # - php74-php-pear - # - php74-php-tidy - # - php74-php - # - php74-php-ldap - # - php74-php-mysql - # - php74-php-odbc - # - php74-php-mcrypt - # - php74-php-mhash - # - php74-php-pecl-mysql - # - php74-php-pecl-mysql-xdevapi - # - php74-php-pecl-crypto - # - php74-php-pecl-geoip - # - php74-php-pecl-pam - # - php74-php-pecl-imagick - # - php74-php-pecl-memcache - # - php74-php-pecl-http - # - php74-php-devel - # - php74-php-imap - # - php74-php-mbstring - # - php74-php-mysqlnd - # - php74-php-gd - # - php74-php-opcache - # - php74-php-json - # - php74-php-curl - # - php74-php-zip - # - php74-php-xml - # - php74-php-bz2 - # - php74-php-intl - # - php74-php-gmp - # - php74-php-cli - - php-channel-horde - - php-horde-Horde-Alarm - - php-horde-Horde-Argv - - php-horde-Horde-Auth - - php-horde-Horde-Autoloader - - php-horde-Horde-Browser - - php-horde-Horde-Cache - - php-horde-Horde-Cli - - php-horde-Horde-Compress - - php-horde-Horde-Core - - php-horde-Horde-Crypt - - php-horde-Horde-Dav - - php-horde-Horde-Db - - php-horde-Horde-Editor - - php-horde-Horde-ElasticSearch - - php-horde-Horde-Http - - php-horde-Horde-Image - - php-horde-Horde-Imap-Client - - php-horde-Horde-Ldap - - php-horde-Horde-ListHeaders - - php-horde-Horde-Log - - php-horde-Horde-Mail - - php-horde-Horde-Mail-Autoconfig - - php-horde-Horde-Memcache - - php-horde-Horde-Mime - - php-horde-Horde-Mime-Viewer - - php-horde-Horde-Notification - - php-horde-Horde-Oauth - - php-horde-Horde-Pdf - - php-horde-Horde-Perms - - php-horde-Horde-Prefs - - php-horde-Horde-Role - - php-horde-Horde-Routes - - php-horde-Horde-Rpc - - php-horde-Horde-Service-Weather - - php-horde-Horde-Smtp - - php-horde-Horde-Socket-Client - - php-horde-Horde-SyncMl - - php-horde-Horde-Template - - php-horde-Horde-Test - - php-horde-Horde-Text-Filter - - php-horde-Horde-Text-Filter-Csstidy - - php-horde-Horde-Text-Flowed - - php-horde-Horde-Tree - - php-horde-Horde-Url - - php-horde-Horde-Util - - php-horde-Horde-View - - php-horde-Horde-Xml-Element + # # - php74-php-tidy + # # - php74-php + # # - php74-php-ldap + # # - php74-php-mysql + # # - php74-php-odbc + # # - php74-php-mcrypt + # # - php74-php-mhash + # # - php74-php-pecl-mysql + # # - php74-php-pecl-mysql-xdevapi + # # - php74-php-pecl-crypto + # # - php74-php-pecl-geoip + # # - php74-php-pecl-pam + # # - php74-php-pecl-imagick + # # - php74-php-pecl-memcache + # # - php74-php-pecl-http + # # - php74-php-devel + # # - php74-php-imap + # # - php74-php-mbstring + # # - php74-php-mysqlnd + # # - php74-php-gd + # # - php74-php-opcache + # # - php74-php-json + # # - php74-php-curl + # # - php74-php-zip + # # - php74-php-xml + # # - php74-php-bz2 + # # - php74-php-intl + # # - php74-php-gmp + # # - php74-php-cli + # - php-channel-horde + # - php-horde-Horde-Alarm + # - php-horde-Horde-Argv + # - php-horde-Horde-Auth + # - php-horde-Horde-Autoloader + # - php-horde-Horde-Browser + # - php-horde-Horde-Cache + # - php-horde-Horde-Cli + # - php-horde-Horde-Compress + # - php-horde-Horde-Core + # - php-horde-Horde-Crypt + # - php-horde-Horde-Dav + # - php-horde-Horde-Db + # - php-horde-Horde-Editor + # - php-horde-Horde-ElasticSearch + # - php-horde-Horde-Http + # - php-horde-Horde-Image + # - php-horde-Horde-Imap-Client + # - php-horde-Horde-Ldap + # - php-horde-Horde-ListHeaders + # - php-horde-Horde-Log + # - php-horde-Horde-Mail + # - php-horde-Horde-Mail-Autoconfig + # - php-horde-Horde-Memcache + # - php-horde-Horde-Mime + # - php-horde-Horde-Mime-Viewer + # - php-horde-Horde-Notification + # - php-horde-Horde-Oauth + # - php-horde-Horde-Pdf + # - php-horde-Horde-Perms + # - php-horde-Horde-Prefs + # - php-horde-Horde-Role + # - php-horde-Horde-Routes + # - php-horde-Horde-Rpc + # - php-horde-Horde-Service-Weather + # - php-horde-Horde-Smtp + # - php-horde-Horde-Socket-Client + # - php-horde-Horde-SyncMl + # - php-horde-Horde-Template + # - php-horde-Horde-Test + # - php-horde-Horde-Text-Filter + # - php-horde-Horde-Text-Filter-Csstidy + # - php-horde-Horde-Text-Flowed + # - php-horde-Horde-Tree + # - php-horde-Horde-Url + # - php-horde-Horde-Util + # - php-horde-Horde-View + # - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - - php-horde-Horde-Compress-Fast - - php-horde-Horde-Crypt-Blowfish - - php-horde-Horde-Icalendar - - php-horde-Horde-Itip - - php-horde-Horde-Mapi - - php-horde-Horde-OpenXchange - - php-horde-Horde-Secret - - php-horde-Horde-Service-Gravatar - - php-horde-Horde-Text-Diff - - php-horde-Horde-Timezone - - php-horde-Horde-Vfs + # - php-horde-Horde-Compress-Fast + # - php-horde-Horde-Crypt-Blowfish + # - php-horde-Horde-Icalendar + # - php-horde-Horde-Itip + # - php-horde-Horde-Mapi + # - php-horde-Horde-OpenXchange + # - php-horde-Horde-Secret + # - php-horde-Horde-Service-Gravatar + # - php-horde-Horde-Text-Diff + # - php-horde-Horde-Timezone + # - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - - php-horde-Horde-Mongo + # - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked - - php-pear-Text-Figlet + # - php-pear-Text-Figlet # enablerepo: remi enablerepo: cheese state: latest From c4b7649351879b11c7cf66be1817f9573aacb52e Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:10:55 +0200 Subject: [PATCH 057/181] back to Remi, use an older version of PowerAdmin --- tasks/packages.yml | 324 +++++++++++++++++++++---------------------- tasks/poweradmin.yml | 11 +- 2 files changed, 168 insertions(+), 167 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index f70d39c..3d9352c 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -38,18 +38,18 @@ dnf: name: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" disable_gpg_check: yes -- name: Enable RPM Fusion - tags: horde - dnf: - name: - - "https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" - - "https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" - disable_gpg_check: yes -- name: Set up Cheese repository - tags: horde - dnf: - name: "http://www.nosuchhost.net/~cheese/fedora/packages/epel-{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/cheese-release-8-1.el8.noarch.rpm" - disable_gpg_check: yes +# - name: Enable RPM Fusion +# tags: horde +# dnf: +# name: +# - "https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" +# - "https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" +# disable_gpg_check: yes +# - name: Set up Cheese repository +# tags: horde +# dnf: +# name: "http://www.nosuchhost.net/~cheese/fedora/packages/epel-{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/cheese-release-8-1.el8.noarch.rpm" +# disable_gpg_check: yes - name: Set up ElasticSearch repository tags: elasticsearch blockinfile: @@ -226,7 +226,6 @@ - memcached - mod_ssl - php-bcmath - - php56-php-bcmath - libmemcached - gettext - gettext-common-devel @@ -329,173 +328,174 @@ - perl-Proc-ProcessTable - perl-CGI - imapsync - - php56-php-channel-horde - - php56-php-horde-horde-lz4 - - php56-php-xml - - php56-php-pecl-dom-varimport - - php56-php-mysqlnd - - php56-php-ldap - - php56-php-mbstring - - php56-php-gd - - php56-php-tidy - - php56-php-pecl-crypto - - php56-php-intl - - php56-php-pecl-geoip - - php56-php-pecl-imagick - - php56-php-pecl-memcache + # - php56-php-bcmath + # - php56-php-channel-horde + # - php56-php-horde-horde-lz4 + # - php56-php-xml + # - php56-php-pecl-dom-varimport + # - php56-php-mysqlnd + # - php56-php-ldap + # - php56-php-mbstring + # - php56-php-gd + # - php56-php-tidy + # - php56-php-pecl-crypto + # - php56-php-intl + # - php56-php-pecl-geoip + # - php56-php-pecl-imagick + # - php56-php-pecl-memcache # - php-gettext-gettext state: latest -- name: Reset the PHP DNF module - command: dnf module reset php -y - tags: - - wireguard - - dyndns -- name: Enable the php:remi-8.1 DNF module - tags: - - wireguard - - dyndns - command: dnf module enable php:remi-8.1 -y -- name: Install PHP 8.1 packages - tags: - - wireguard - - dyndns - package: - name: - - php81-php-fpm - - php81-php-intl - - php81-php-pecl-crypto - - php81-php-pdo - - php81-php-mysql - - php81-php-mysqlnd - - php81-php-pecl-mysql-xdevapi - - php81-php-ldap - state: latest - register: php81_packages -- name: Restart php81-php-fpm - when: php81_packages.changed - tags: - - wireguard - - dyndns - systemd: - name: php81-php-fpm - daemon_reload: yes - enabled: yes - state: restarted +# - name: Reset the PHP DNF module +# command: dnf module reset php -y +# tags: +# - wireguard +# - dyndns +# - name: Enable the php:remi-8.1 DNF module +# tags: +# - wireguard +# - dyndns +# command: dnf module enable php:remi-8.1 -y +# - name: Install PHP 8.1 packages +# tags: +# - wireguard +# - dyndns +# package: +# name: +# - php81-php-fpm +# - php81-php-intl +# - php81-php-pecl-crypto +# - php81-php-pdo +# - php81-php-mysql +# - php81-php-mysqlnd +# - php81-php-pecl-mysql-xdevapi +# - php81-php-ldap +# state: latest +# register: php81_packages +# - name: Restart php81-php-fpm +# when: php81_packages.changed +# tags: +# - wireguard +# - dyndns +# systemd: +# name: php81-php-fpm +# daemon_reload: yes +# enabled: yes +# state: restarted - name: Reset the PHP DNF module command: dnf module reset php -y tags: - always -# - name: Enable the php:remi-7.4 DNF module -# tags: horde -# command: dnf module enable php:remi-7.4 -y +- name: Enable the php:remi-7.4 DNF module + tags: horde + command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - # - phpldapadmin - # - phpunit7 - # - php74-php-fpm - # - php74-php-pear - # # - php74-php-tidy - # # - php74-php - # # - php74-php-ldap - # # - php74-php-mysql - # # - php74-php-odbc - # # - php74-php-mcrypt - # # - php74-php-mhash - # # - php74-php-pecl-mysql - # # - php74-php-pecl-mysql-xdevapi - # # - php74-php-pecl-crypto - # # - php74-php-pecl-geoip - # # - php74-php-pecl-pam - # # - php74-php-pecl-imagick - # # - php74-php-pecl-memcache - # # - php74-php-pecl-http - # # - php74-php-devel - # # - php74-php-imap - # # - php74-php-mbstring - # # - php74-php-mysqlnd - # # - php74-php-gd - # # - php74-php-opcache - # # - php74-php-json - # # - php74-php-curl - # # - php74-php-zip - # # - php74-php-xml - # # - php74-php-bz2 - # # - php74-php-intl - # # - php74-php-gmp - # # - php74-php-cli - # - php-channel-horde - # - php-horde-Horde-Alarm - # - php-horde-Horde-Argv - # - php-horde-Horde-Auth - # - php-horde-Horde-Autoloader - # - php-horde-Horde-Browser - # - php-horde-Horde-Cache - # - php-horde-Horde-Cli - # - php-horde-Horde-Compress - # - php-horde-Horde-Core - # - php-horde-Horde-Crypt - # - php-horde-Horde-Dav - # - php-horde-Horde-Db - # - php-horde-Horde-Editor - # - php-horde-Horde-ElasticSearch - # - php-horde-Horde-Http - # - php-horde-Horde-Image - # - php-horde-Horde-Imap-Client - # - php-horde-Horde-Ldap - # - php-horde-Horde-ListHeaders - # - php-horde-Horde-Log - # - php-horde-Horde-Mail - # - php-horde-Horde-Mail-Autoconfig - # - php-horde-Horde-Memcache - # - php-horde-Horde-Mime - # - php-horde-Horde-Mime-Viewer - # - php-horde-Horde-Notification - # - php-horde-Horde-Oauth - # - php-horde-Horde-Pdf - # - php-horde-Horde-Perms - # - php-horde-Horde-Prefs - # - php-horde-Horde-Role - # - php-horde-Horde-Routes - # - php-horde-Horde-Rpc - # - php-horde-Horde-Service-Weather - # - php-horde-Horde-Smtp - # - php-horde-Horde-Socket-Client - # - php-horde-Horde-SyncMl - # - php-horde-Horde-Template - # - php-horde-Horde-Test - # - php-horde-Horde-Text-Filter - # - php-horde-Horde-Text-Filter-Csstidy - # - php-horde-Horde-Text-Flowed - # - php-horde-Horde-Tree - # - php-horde-Horde-Url - # - php-horde-Horde-Util - # - php-horde-Horde-View - # - php-horde-Horde-Xml-Element + - phpldapadmin + - phpunit7 + - php74-php-fpm + - php74-php-pear + - php74-php-tidy + - php74-php + - php74-php-ldap + - php74-php-mysql + - php74-php-odbc + - php74-php-mcrypt + - php74-php-mhash + - php74-php-pecl-mysql + - php74-php-pecl-mysql-xdevapi + - php74-php-pecl-crypto + - php74-php-pecl-geoip + - php74-php-pecl-pam + - php74-php-pecl-imagick + - php74-php-pecl-memcache + - php74-php-pecl-http + - php74-php-devel + - php74-php-imap + - php74-php-mbstring + - php74-php-mysqlnd + - php74-php-gd + - php74-php-opcache + - php74-php-json + - php74-php-curl + - php74-php-zip + - php74-php-xml + - php74-php-bz2 + - php74-php-intl + - php74-php-gmp + - php74-php-cli + - php-channel-horde + - php-horde-Horde-Alarm + - php-horde-Horde-Argv + - php-horde-Horde-Auth + - php-horde-Horde-Autoloader + - php-horde-Horde-Browser + - php-horde-Horde-Cache + - php-horde-Horde-Cli + - php-horde-Horde-Compress + - php-horde-Horde-Core + - php-horde-Horde-Crypt + - php-horde-Horde-Dav + - php-horde-Horde-Db + - php-horde-Horde-Editor + - php-horde-Horde-ElasticSearch + - php-horde-Horde-Http + - php-horde-Horde-Image + - php-horde-Horde-Imap-Client + - php-horde-Horde-Ldap + - php-horde-Horde-ListHeaders + - php-horde-Horde-Log + - php-horde-Horde-Mail + - php-horde-Horde-Mail-Autoconfig + - php-horde-Horde-Memcache + - php-horde-Horde-Mime + - php-horde-Horde-Mime-Viewer + - php-horde-Horde-Notification + - php-horde-Horde-Oauth + - php-horde-Horde-Pdf + - php-horde-Horde-Perms + - php-horde-Horde-Prefs + - php-horde-Horde-Role + - php-horde-Horde-Routes + - php-horde-Horde-Rpc + - php-horde-Horde-Service-Weather + - php-horde-Horde-Smtp + - php-horde-Horde-Socket-Client + - php-horde-Horde-SyncMl + - php-horde-Horde-Template + - php-horde-Horde-Test + - php-horde-Horde-Text-Filter + - php-horde-Horde-Text-Filter-Csstidy + - php-horde-Horde-Text-Flowed + - php-horde-Horde-Tree + - php-horde-Horde-Url + - php-horde-Horde-Util + - php-horde-Horde-View + - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - # - php-horde-Horde-Compress-Fast - # - php-horde-Horde-Crypt-Blowfish - # - php-horde-Horde-Icalendar - # - php-horde-Horde-Itip - # - php-horde-Horde-Mapi - # - php-horde-Horde-OpenXchange - # - php-horde-Horde-Secret - # - php-horde-Horde-Service-Gravatar - # - php-horde-Horde-Text-Diff - # - php-horde-Horde-Timezone - # - php-horde-Horde-Vfs + - php-horde-Horde-Compress-Fast + - php-horde-Horde-Crypt-Blowfish + - php-horde-Horde-Icalendar + - php-horde-Horde-Itip + - php-horde-Horde-Mapi + - php-horde-Horde-OpenXchange + - php-horde-Horde-Secret + - php-horde-Horde-Service-Gravatar + - php-horde-Horde-Text-Diff + - php-horde-Horde-Timezone + - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - # - php-horde-Horde-Mongo + - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked - # - php-pear-Text-Figlet - # enablerepo: remi - enablerepo: cheese + - php-pear-Text-Figlet + enablerepo: remi + # enablerepo: cheese state: latest register: php74_packages - name: Restart php74-php-fpm diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 38e136f..b520fc4 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -4,13 +4,14 @@ - dyndns - poweradmin block: - - name: Get URL for latest release - uri: - url: https://github.com/poweradmin/poweradmin/releases/latest - register: poweradmin_download_site + # - name: Get URL for latest release + # uri: + # url: https://github.com/poweradmin/poweradmin/releases/latest + # register: poweradmin_download_site - name: Parse version set_fact: - poweradmin_version: "{{ poweradmin_download_site.url | replace('https://github.com/poweradmin/poweradmin/releases/tag/v','') }}" + # poweradmin_version: "{{ poweradmin_download_site.url | replace('https://github.com/poweradmin/poweradmin/releases/tag/v','') }}" + poweradmin_version: 3.4.2 # enforcing PowerAdmin with a verion which supports PHP 7 to avoid package clash with other packages when: 'public_dns == "yes"' - name: Unpack PowerAdmin tags: From c0875f6c6ed3d8894088c9451ff09c37996367ba Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:19:33 +0200 Subject: [PATCH 058/181] use releasever, where possible --- tasks/packages.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 3d9352c..0457ca5 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -16,15 +16,15 @@ block: | [ol8_UEKR7] name=Latest Unbreakable Enterprise Kernel Release 7 for Oracle Linux $releasever ($basearch) - baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/UEKR7/$basearch/ - gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 + baseurl=https://yum.oracle.com/repo/OracleLinux/OL$releasever/UEKR7/$basearch/ + gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol$releasever gpgcheck=1 enabled=1 [ol8_baseos_latest] name=Oracle Linux 8 BaseOS Latest ($basearch) - baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/$basearch/ - gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 + baseurl=https://yum.oracle.com/repo/OracleLinux/OL$releasever/baseos/latest/$basearch/ + gpgkey=https://yum.oracle.com/RPM-GPG-KEY-oracle-ol$releasever gpgcheck=1 enabled=0 mode: u=rw,og=r @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/8.x/yum + baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From a60454f0f7f081d38a02b30882809aaa022fb5bc Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:21:14 +0200 Subject: [PATCH 059/181] fix ElasticSearch version --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 0457ca5..5568388 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum + baseurl=https://artifacts.elastic.co/packages/8.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From 4efe88b08d08a7b68ec9c9399b989526c8135ec0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:25:14 +0200 Subject: [PATCH 060/181] use latest-and-greatest PowerDNS --- tasks/packages.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 5568388..141ff99 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -92,54 +92,54 @@ path: /etc/yum.repos.d/powerdns.repo marker: "# {mark} ANSIBLE MANAGED BLOCK PowerDNS repository" block: | - [powerdns-auth-47] - name=PowerDNS repository for PowerDNS Authoritative Server – 4.7 branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-47 + [powerdns-auth-master] + name=PowerDNS repository for PowerDNS Authoritative Server – master branch + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=1 priority=90 includepkg=pdns* - [powerdns-auth-47-debuginfo] - name=PowerDNS repository for PowerDNS Authoritative Server – 4.7 branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-47/debug + [powerdns-auth-master-debuginfo] + name=PowerDNS repository for PowerDNS Authoritative Server – master branch debug symbols + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=0 priority=90 includepkg=pdns* - [powerdns-recursor-47] - name=PowerDNS repository for PowerDNS recursor – 4.7 branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-47 + [powerdns-recursor-master] + name=PowerDNS repository for PowerDNS recursor – master branch + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=1 priority=90 includepkg=pdns* - [powerdns-recursor-47-debuginfo] - name=PowerDNS repository for PowerDNS recursor – 4.7 branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-47/debug + [powerdns-recursor-master-debuginfo] + name=PowerDNS repository for PowerDNS recursor – master branch debug symbols + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master/debug gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=0 priority=90 includepkg=pdns* - [dnsdist-auth-17] - name=PowerDNS repository for DNSDist – 1.7 branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-17 + [dnsdist-auth-master] + name=PowerDNS repository for DNSDist – master branch + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=1 priority=90 includepkg=dnsdist* - [dnsdist-auth-17-debuginfo] - name=PowerDNS repository for DNSDist – 1.7 branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-17/debug + [dnsdist-auth-master-debuginfo] + name=PowerDNS repository for DNSDist – master branch debug symbols + baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master/debug gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc gpgcheck=1 enabled=0 From c365335ad0b4c6fc376007500be446fefe05fe91 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:26:55 +0200 Subject: [PATCH 061/181] fully disable php81 --- handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 7d7daca..25c5ba6 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -91,7 +91,7 @@ state: restarted loop: - php74-php-fpm - - php81-php-fpm + # - php81-php-fpm loop_control: loop_var: php_fpm_service - name: Restart postfix From 16ad90845f257eaba6c8b8a4aab0718710811416 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:30:04 +0200 Subject: [PATCH 062/181] fix PowerDNS repo keys --- tasks/packages.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 141ff99..59ae13a 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -95,7 +95,7 @@ [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server – master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 priority=90 @@ -104,7 +104,7 @@ [powerdns-auth-master-debuginfo] name=PowerDNS repository for PowerDNS Authoritative Server – master branch debug symbols baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 priority=90 @@ -113,7 +113,7 @@ [powerdns-recursor-master] name=PowerDNS repository for PowerDNS recursor – master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 priority=90 @@ -122,7 +122,7 @@ [powerdns-recursor-master-debuginfo] name=PowerDNS repository for PowerDNS recursor – master branch debug symbols baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master/debug - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 priority=90 @@ -131,7 +131,7 @@ [dnsdist-auth-master] name=PowerDNS repository for DNSDist – master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 priority=90 @@ -140,7 +140,7 @@ [dnsdist-auth-master-debuginfo] name=PowerDNS repository for DNSDist – master branch debug symbols baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master/debug - gpgkey=https://repo.powerdns.com/FD380FBB-pub.asc + gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 priority=90 From 13981d68fdbba53376322dd3b9273104d5527b3f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:32:35 +0200 Subject: [PATCH 063/181] use PowerDNS EL repos --- tasks/packages.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 59ae13a..afd3115 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -94,7 +94,7 @@ block: | [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server – master branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/auth-master gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 @@ -103,7 +103,7 @@ [powerdns-auth-master-debuginfo] name=PowerDNS repository for PowerDNS Authoritative Server – master branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/auth-master/debug gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 @@ -112,7 +112,7 @@ [powerdns-recursor-master] name=PowerDNS repository for PowerDNS recursor – master branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/rec-master gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 @@ -121,7 +121,7 @@ [powerdns-recursor-master-debuginfo] name=PowerDNS repository for PowerDNS recursor – master branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/rec-master/debug + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/rec-master/debug gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 @@ -130,7 +130,7 @@ [dnsdist-auth-master] name=PowerDNS repository for DNSDist – master branch - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/dnsdist-master gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=1 @@ -139,7 +139,7 @@ [dnsdist-auth-master-debuginfo] name=PowerDNS repository for DNSDist – master branch debug symbols - baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/dnsdist-master/debug + baseurl=http://repo.powerdns.com/el/$basearch/$releasever/dnsdist-master/debug gpgkey=https://repo.powerdns.com/CBC8B383-pub.asc gpgcheck=1 enabled=0 From 5742ecce297712773202853bbb29229259d4616c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:53:00 +0200 Subject: [PATCH 064/181] fix tags to query repolist --- tasks/packages.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/packages.yml b/tasks/packages.yml index afd3115..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -174,6 +174,9 @@ - name: Enable the go-toolset DNF module command: dnf module enable go-toolset -y - name: Query DNF repo list + tags: + - ldap + - dns command: dnf repolist register: dnf_repolist - name: Enable the COPR repositories From 503c8e76ea1738a394dba61a4f8d94f1f4f7d3e4 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:56:36 +0200 Subject: [PATCH 065/181] disable not-in-use PHP versions --- tasks/horde.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/horde.yml b/tasks/horde.yml index 9cae0c3..3b6e525 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -11,17 +11,17 @@ backup: yes loop: - { file: '/etc/php.ini', key: 'upload_max_filesize', value: '50M' } - - { file: '/etc/opt/remi/php56/php.ini', key: 'upload_max_filesize', value: '50M' } + # - { file: '/etc/opt/remi/php56/php.ini', key: 'upload_max_filesize', value: '50M' } - { file: '/etc/opt/remi/php74/php.ini', key: 'upload_max_filesize', value: '50M' } - - { file: '/etc/opt/remi/php81/php.ini', key: 'upload_max_filesize', value: '50M' } + # - { file: '/etc/opt/remi/php81/php.ini', key: 'upload_max_filesize', value: '50M' } - { file: '/etc/php.ini', key: 'post_max_size', value: '50M' } - - { file: '/etc/opt/remi/php56/php.ini', key: 'post_max_size', value: '50M' } + # - { file: '/etc/opt/remi/php56/php.ini', key: 'post_max_size', value: '50M' } - { file: '/etc/opt/remi/php74/php.ini', key: 'post_max_size', value: '50M' } - - { file: '/etc/opt/remi/php81/php.ini', key: 'post_max_size', value: '50M' } + # - { file: '/etc/opt/remi/php81/php.ini', key: 'post_max_size', value: '50M' } - { file: '/etc/php.ini', key: 'max_execution_time', value: '300' } - - { file: '/etc/opt/remi/php56/php.ini', key: 'max_execution_time', value: '300' } + # - { file: '/etc/opt/remi/php56/php.ini', key: 'max_execution_time', value: '300' } - { file: '/etc/opt/remi/php74/php.ini', key: 'max_execution_time', value: '300' } - - { file: '/etc/opt/remi/php81/php.ini', key: 'max_execution_time', value: '300' } + # - { file: '/etc/opt/remi/php81/php.ini', key: 'max_execution_time', value: '300' } notify: Restart php-fpm - name: Upload complex Horde configs copy: From 21d760b43440de9a58bfd280b4de10b0a041d534 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 25 Oct 2023 22:53:31 +0200 Subject: [PATCH 066/181] fix user ID --- tasks/poweradmin.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index b520fc4..1128550 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -74,7 +74,7 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) @@ -82,7 +82,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" no_log: yes when: 'public_dns == "yes"' @@ -94,7 +94,7 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.'); + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) @@ -102,7 +102,7 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" no_log: yes when: 'public_dns == "yes"' From aa599afcbb08adf219ceccc68ad5939a6eb1173c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 26 Oct 2023 22:52:20 +0200 Subject: [PATCH 067/181] recursive dedup --- tasks/imapsync.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 7bb2625..53a359a 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -37,6 +37,6 @@ cron: name: De-duplicate IMAP mail special_time: daily - job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w $IMAPSYNC_PASSWORD2 INBOX" + job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w $IMAPSYNC_PASSWORD2 -c -r -m INBOX" backup: yes user: "{{ current_user.name }}" From 3fd65db0600c7f083ee037997d032b1430bf0f32 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 26 Oct 2023 22:58:34 +0200 Subject: [PATCH 068/181] cron mail notification --- tasks/imapsync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 53a359a..d80a0c2 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -9,6 +9,7 @@ environment: IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" IMAPSYNC_PASSWORD2: "{{ current_user.password }}" + MAILTO: "{{ current_user.name }}+cron@{{ mailserver_domain }}" - name: Set up password environment variables for cron jobs become: yes become_user: "{{ current_user.name }}" From e76b7ea5728085f89684994cf70441de458f51b8 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 26 Oct 2023 23:16:46 +0200 Subject: [PATCH 069/181] move IMAPDedup password to .cron_secrets file --- tasks/imapsync.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index d80a0c2..607b536 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -32,12 +32,22 @@ job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" backup: yes user: "{{ current_user.name }}" + - name: "Save {{ current_user.old_imap_mail.user }}'s password in a file" + lineinfile: + path: '~{{ current_user.name }}/.cron_secrets' + line: 'IMAP_PASSWORD="{{ current_user.password }}"' + owner: '{{ current_user.name }}' + group: '{{ current_user.name }}' + mode: ug=rw,o= + create: true + regexp: '^IMAP_PASSWORD=' + validate: 'grep ^IMAP_PASSWORD="{{ current_user.password }}"$ %s' - name: De-duplicate IMAP mail become: yes become_user: "{{ current_user.name }}" cron: name: De-duplicate IMAP mail special_time: daily - job: "/usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w $IMAPSYNC_PASSWORD2 -c -r -m INBOX" + job: "/usr/bin/bash -c 'export IMAP_PASSWORD=\"$(grep ^IMAP_PASSWORD= ~{{ current_user.name }}/.cron_secrets|cut -d= -f2)\"; /usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w ${IMAP_PASSWORD} -c -r -m INBOX'" backup: yes user: "{{ current_user.name }}" From 81f67f6ea25278aa3830281a78cc5e0e029d5986 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 26 Oct 2023 23:37:03 +0200 Subject: [PATCH 070/181] fill the perm_templ table --- tasks/imapsync.yml | 2 +- tasks/poweradmin.yml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 607b536..5e264e4 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -35,7 +35,7 @@ - name: "Save {{ current_user.old_imap_mail.user }}'s password in a file" lineinfile: path: '~{{ current_user.name }}/.cron_secrets' - line: 'IMAP_PASSWORD="{{ current_user.password }}"' + line: 'IMAP_PASSWORD={{ current_user.password }}' owner: '{{ current_user.name }}' group: '{{ current_user.name }}' mode: ug=rw,o= diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 1128550..201d9ea 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -74,6 +74,8 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') @@ -94,6 +96,8 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') From aa62e9c2fa310ebb7931943a2d708d6bc8a0289c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 26 Oct 2023 23:45:39 +0200 Subject: [PATCH 071/181] fix lineinfile pattern match --- tasks/pdns_recursor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index 546585d..e62c991 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -19,7 +19,7 @@ lineinfile: path: /etc/pdns-recursor/recursor.conf line: "{{ item.key }}={{ item.value }}" - regex: "^{{ item.key }}" + regex: "^{{ item.key }}=" state: present owner: pdns-recursor group: pdns-recursor From 3ef72c66d6127fe3c973b38c829f6487530fd4d0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 00:02:28 +0200 Subject: [PATCH 072/181] rectify all zones after each DNS record --- tasks/add_dns_record.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index c679a7f..082c01d 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -18,3 +18,5 @@ rescue: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl|default("3600") }} IN {{ record.type }} {{ record.content }}' command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl|default('3600') }} '{{ record_content }}'" +- name: Rectify all zones + command: pdnsutil rectify-all-zones From 2b8176f8066fde5300e973a66f33f1c0df4acec5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 00:19:36 +0200 Subject: [PATCH 073/181] fix tags --- tasks/wireguard.yml | 58 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 6dc54a8..d69c176 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -181,7 +181,7 @@ when: item != "server" - name: Add DynDNS NS records tags: - - wireguard + - dyndns - poweradmin include_tasks: add_dns_record.yml vars: @@ -196,7 +196,7 @@ - vpn - name: Add DynDNS root A record tags: - - wireguard + - dyndns - poweradmin import_tasks: add_dns_record.yml vars: @@ -208,7 +208,7 @@ content: "{{ ansible_default_ipv4.address }}" - name: Add DynDNS root AAAA record tags: - - wireguard + - dyndns - poweradmin import_tasks: add_dns_record.yml vars: @@ -220,7 +220,7 @@ content: "{{ ansible_default_ipv6.address }}" - name: Add DynDNS A records tags: - - wireguard + - dyndns - poweradmin include_tasks: add_dns_record.yml vars: @@ -234,7 +234,7 @@ when: item != "server" - name: Add DynDNS AAAA records tags: - - wireguard + - dyndns - poweradmin include_tasks: add_dns_record.yml vars: @@ -247,6 +247,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add VPN root A record + tags: + - wireguard + - poweradmin import_tasks: add_dns_record.yml vars: record: @@ -256,6 +259,9 @@ type: A content: "{{ ansible_default_ipv4.address }}" - name: Add VPN root AAAA record + tags: + - wireguard + - poweradmin import_tasks: add_dns_record.yml vars: record: @@ -265,6 +271,9 @@ type: AAAA content: "{{ ansible_default_ipv6.address }}" - name: Add VPN A records + tags: + - wireguard + - poweradmin include_tasks: add_dns_record.yml vars: record: @@ -276,6 +285,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add VPN AAAA records + tags: + - wireguard + - poweradmin include_tasks: add_dns_record.yml vars: record: @@ -318,10 +330,37 @@ loop: - postfixadmin - poweradmin -- name: Generate BASH DynDNS clients +- name: Configure PowerDNS recursor to forward VPN domains tags: - wireguard - poweradmin + - postfixadmin + lineinfile: + path: /etc/pdns-recursor/recursor.conf + line: "forward-zones+=vpn.{{ mailserver_domain }}=127.0.0.1:5301" + regex: "^forward-zones+=vpn.{{ mailserver_domain }}=" + state: present + backup: yes + no_log: yes + when: 'public_dns == "yes"' + notify: Restart pdns-recursor +- name: Configure PowerDNS recursor to forward DynDNS domains + tags: + - dyndns + - poweradmin + lineinfile: + path: /etc/pdns-recursor/recursor.conf + line: "forward-zones+=dyndns.{{ mailserver_domain }}=127.0.0.1:5300" + regex: "^forward-zones+=dyndns.{{ mailserver_domain }}=" + state: present + backup: yes + no_log: yes + when: 'public_dns == "yes"' + notify: Restart pdns-recursor +- name: Generate BASH DynDNS clients + tags: + - dyndns + - poweradmin template: src: dyndns/dynamic_dns_client.sh.j2 dest: "{{ wireguard.config_dir }}/clients/{{ item }}/dynamic_dns_client.sh" @@ -333,7 +372,7 @@ when: item != "server" - name: Generate Python DynDNS clients tags: - - wireguard + - dyndns - poweradmin template: src: dyndns/dynamic_dns_client.py.j2 @@ -345,17 +384,20 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Deploy WireGuard SystemD config path watcher + tags: wireguard copy: src: systemd/wg_vpn.path dest: /etc/systemd/system/wg_vpn.path notify: Restart WireGuard - name: Deploy WireGuard config loader SystemD service + tags: wireguard template: src: systemd/wg_vpn.service.j2 dest: /etc/systemd/system/wg_vpn.service backup: yes notify: Restart WireGuard - name: Deploy WireGuard routing helper scripts + tags: wireguard template: src: wireguard/{{ item }}.j2 dest: /etc/wireguard/helper/{{ item }} @@ -366,11 +408,13 @@ - remove-nat-routing.sh notify: Restart WireGuard - name: Enable WireGuard config watch + tags: wireguard systemd: name: wg_vpn.path daemon_reload: yes enabled: yes - name: Load WireGuard config loader + tags: wireguard systemd: name: wg_vpn.service daemon_reload: yes From 73eefc00bb5ba6acaaddf31566f2c3e9e320ca73 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 00:27:55 +0200 Subject: [PATCH 074/181] Enable Python linting --- .github/workflows/pylint.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/pylint.yml diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml new file mode 100644 index 0000000..383e65c --- /dev/null +++ b/.github/workflows/pylint.yml @@ -0,0 +1,23 @@ +name: Pylint + +on: [push] + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ["3.8", "3.9", "3.10"] + steps: + - uses: actions/checkout@v3 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v3 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pylint + - name: Analysing the code with pylint + run: | + pylint $(git ls-files '*.py') From c1df6e91144fae4b2b165bb148cbac301b90b405 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 2 Oct 2023 00:22:34 +0200 Subject: [PATCH 075/181] use offlineimap instead of Dovecot's built-in sync feature --- tasks/offlineimap.yml | 43 ++++++++++++++++++++++++++ templates/offlineimap/offlineimaprc.j2 | 26 ++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 tasks/offlineimap.yml create mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml new file mode 100644 index 0000000..2d41e77 --- /dev/null +++ b/tasks/offlineimap.yml @@ -0,0 +1,43 @@ +--- +- name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' +- name: Generate config and sync old IMAP contents + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap +- name: Sync old IMAP account + cron: + name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" + special_time: daily + job: offlineimap + backup: yes + user: "{{ item.name }}" +- name: De-duplicate IMAP mail + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" + backup: yes + user: "{{ item.name }}" + no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 new file mode 100644 index 0000000..acb998c --- /dev/null +++ b/templates/offlineimap/offlineimaprc.j2 @@ -0,0 +1,26 @@ +[general] +accounts = oldimap + +[Account oldimap] +localrepository = newimap +remoterepository = oldimap + +[Repository newimap] +type = IMAP +remotehost = {{ mailserver_domain }} +remoteuser = {{ item.name }}@{{ mailserver_domain }} +remotepass = {{ item.password }} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +[Repository oldimap] +type = IMAP +remotehost = {{ item.old_imap_mail.host }} +remoteuser = {{ item.old_imap_mail.user }} +remotepass = {{ item.old_imap_mail.password }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} + +{% else %} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +{% endif %} From b6d2ab2ad746d9d8e9683c06c3cd01be0692fed5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 14 Oct 2023 19:37:23 +0200 Subject: [PATCH 076/181] fix several bugs when installing from scratch --- files/mariadb/powerdnsdb_schema.sql | 2 +- tasks/offlineimap.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 09f20e8..861323a 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +-- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 2d41e77..75db9b7 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -3,6 +3,8 @@ set_fact: old_imap_fingerprint: '' - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ item.name }}" block: - name: Create offlineimap config template: @@ -27,6 +29,8 @@ - name: Sync old IMAP for the first time (this might tale a while...) command: offlineimap - name: Sync old IMAP account + become: yes + become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily @@ -34,6 +38,8 @@ backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail + become: yes + become_user: "{{ item.name }}" cron: name: De-duplicate IMAP mail special_time: daily From 78526a56b6ac16aa589ea1689385008a2a054006 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 03:28:38 +0200 Subject: [PATCH 077/181] fix DB schema --- files/mariadb/powerdnsdb_schema.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 861323a..09f20e8 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; From 055875a627924fa61892dff502f518ba5e978dd4 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:53:56 +0200 Subject: [PATCH 078/181] fix offlineimap package --- tasks/offlineimap.yml | 6 +++--- tasks/ssl.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 75db9b7..6e5d4de 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -14,7 +14,7 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" @@ -27,14 +27,14 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap - name: Sync old IMAP account become: yes become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily - job: offlineimap + job: /usr/local/bin/offlineimap backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 7377b7c..87c534a 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,6 +108,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } +# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index acb998c..7bc49ef 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -10,7 +10,7 @@ type = IMAP remotehost = {{ mailserver_domain }} remoteuser = {{ item.name }}@{{ mailserver_domain }} remotepass = {{ item.password }} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP @@ -21,6 +21,6 @@ remotepass = {{ item.old_imap_mail.password }} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt {% endif %} From 5d127affc7ff7c2421df301a04ee220dfa807407 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:21:36 +0200 Subject: [PATCH 079/181] tag specific tasks --- tasks/ssl.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 87c534a..7377b7c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,7 +108,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } -# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" From a70353b3062f7be5fb53e18c4508d56ec7164d26 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:56:58 +0200 Subject: [PATCH 080/181] fix template variable reference --- templates/offlineimap/offlineimaprc.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 7bc49ef..8bf19cf 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -8,8 +8,8 @@ remoterepository = oldimap [Repository newimap] type = IMAP remotehost = {{ mailserver_domain }} -remoteuser = {{ item.name }}@{{ mailserver_domain }} -remotepass = {{ item.password }} +remoteuser = {{ current_user.name }}@{{ mailserver_domain }} +remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] From 90c4ddcebe53b9d12a41786ae72d15d34ad335db Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:49:46 +0200 Subject: [PATCH 081/181] imapsync instead of offlineimap --- tasks/offlineimap.yml | 49 -------------------------- templates/offlineimap/offlineimaprc.j2 | 2 ++ 2 files changed, 2 insertions(+), 49 deletions(-) delete mode 100644 tasks/offlineimap.yml diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml deleted file mode 100644 index 6e5d4de..0000000 --- a/tasks/offlineimap.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' -- name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ item.name }}" - block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" - owner: "{{ item.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" - owner: "{{ item.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap -- name: Sync old IMAP account - become: yes - become_user: "{{ item.name }}" - cron: - name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ item.name }}" -- name: De-duplicate IMAP mail - become: yes - become_user: "{{ item.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" - backup: yes - user: "{{ item.name }}" - no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 8bf19cf..d3b32a9 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -11,6 +11,8 @@ remotehost = {{ mailserver_domain }} remoteuser = {{ current_user.name }}@{{ mailserver_domain }} remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt +nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder +folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) [Repository oldimap] type = IMAP From 87073050d39654078c812c00e0e96112d0ee9900 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:51:08 +0200 Subject: [PATCH 082/181] cleanup --- templates/offlineimap/offlineimaprc.j2 | 28 -------------------------- 1 file changed, 28 deletions(-) delete mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 deleted file mode 100644 index d3b32a9..0000000 --- a/templates/offlineimap/offlineimaprc.j2 +++ /dev/null @@ -1,28 +0,0 @@ -[general] -accounts = oldimap - -[Account oldimap] -localrepository = newimap -remoterepository = oldimap - -[Repository newimap] -type = IMAP -remotehost = {{ mailserver_domain }} -remoteuser = {{ current_user.name }}@{{ mailserver_domain }} -remotepass = {{ current_user.password }} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder -folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) - -[Repository oldimap] -type = IMAP -remotehost = {{ item.old_imap_mail.host }} -remoteuser = {{ item.old_imap_mail.user }} -remotepass = {{ item.old_imap_mail.password }} -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} - -{% else %} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt - -{% endif %} From 9d5f97ab17e2f40a2e2e5aa6ab69beed78c442c2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:55:53 +0200 Subject: [PATCH 083/181] don't import if not necessary --- files/mariadb/horde_schema.sql | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 20bf248..1b7b5d9 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,6 +1699,7 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, + `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1715,11 +1716,9 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, - `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`), - KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1851,7 +1850,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1956,7 +1955,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2093,8 +2092,9 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(255) NOT NULL, + `memo_desc` varchar(64) NOT NULL, `memo_body` text DEFAULT NULL, + `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,9 +2383,7 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2483,9 +2481,7 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` text DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2597,6 +2593,7 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, + `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2845,6 +2842,7 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, + `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2933,7 +2931,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3035,7 +3033,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 8527bbcda5be4e032732a52c33023ad223a5ae7f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:31:15 +0200 Subject: [PATCH 084/181] update schemas --- files/mariadb/horde_schema.sql | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 1b7b5d9..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,7 +1699,6 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, - `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1716,9 +1715,11 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, + `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`), + KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1850,7 +1851,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1955,7 +1956,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2092,9 +2093,8 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(64) NOT NULL, + `memo_desc` varchar(255) NOT NULL, `memo_body` text DEFAULT NULL, - `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,7 +2383,9 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2481,7 +2483,9 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2593,7 +2597,6 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, - `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2842,7 +2845,6 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, - `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2931,7 +2933,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3033,7 +3035,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 46ccc3d2b8c0605715db1eb2ad4b466a5fb96029 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 16:09:48 +0200 Subject: [PATCH 085/181] only install what we explicitly need --- tasks/packages.yml | 58 +++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..a634c59 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -399,35 +399,35 @@ - phpunit7 - php74-php-fpm - php74-php-pear - - php74-php-tidy - - php74-php - - php74-php-ldap - - php74-php-mysql - - php74-php-odbc - - php74-php-mcrypt - - php74-php-mhash - - php74-php-pecl-mysql - - php74-php-pecl-mysql-xdevapi - - php74-php-pecl-crypto - - php74-php-pecl-geoip - - php74-php-pecl-pam - - php74-php-pecl-imagick - - php74-php-pecl-memcache - - php74-php-pecl-http - - php74-php-devel - - php74-php-imap - - php74-php-mbstring - - php74-php-mysqlnd - - php74-php-gd - - php74-php-opcache - - php74-php-json - - php74-php-curl - - php74-php-zip - - php74-php-xml - - php74-php-bz2 - - php74-php-intl - - php74-php-gmp - - php74-php-cli + # - php74-php-tidy + # - php74-php + # - php74-php-ldap + # - php74-php-mysql + # - php74-php-odbc + # - php74-php-mcrypt + # - php74-php-mhash + # - php74-php-pecl-mysql + # - php74-php-pecl-mysql-xdevapi + # - php74-php-pecl-crypto + # - php74-php-pecl-geoip + # - php74-php-pecl-pam + # - php74-php-pecl-imagick + # - php74-php-pecl-memcache + # - php74-php-pecl-http + # - php74-php-devel + # - php74-php-imap + # - php74-php-mbstring + # - php74-php-mysqlnd + # - php74-php-gd + # - php74-php-opcache + # - php74-php-json + # - php74-php-curl + # - php74-php-zip + # - php74-php-xml + # - php74-php-bz2 + # - php74-php-intl + # - php74-php-gmp + # - php74-php-cli - php-channel-horde - php-horde-Horde-Alarm - php-horde-Horde-Argv From 49b3a5182e2c387571c89dfe6ea176b08361cef2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:24:13 +0200 Subject: [PATCH 086/181] try horde from Cheese repo --- tasks/packages.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index a634c59..16f5620 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,17 +388,17 @@ command: dnf module reset php -y tags: - always -- name: Enable the php:remi-7.4 DNF module - tags: horde - command: dnf module enable php:remi-7.4 -y +# - name: Enable the php:remi-7.4 DNF module +# tags: horde +# command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - phpldapadmin - phpunit7 - - php74-php-fpm - - php74-php-pear + # - php74-php-fpm + # - php74-php-pear # - php74-php-tidy # - php74-php # - php74-php-ldap From e756080e990ba6cf742a15bfda7b348d6ff19efe Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:47:51 +0200 Subject: [PATCH 087/181] enable RPM Fusion --- tasks/packages.yml | 182 ++++++++++++++++++++++----------------------- 1 file changed, 91 insertions(+), 91 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 16f5620..960ba7a 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -395,104 +395,104 @@ tags: horde dnf: name: - - phpldapadmin - - phpunit7 + # - phpldapadmin + # - phpunit7 # - php74-php-fpm # - php74-php-pear - # - php74-php-tidy - # - php74-php - # - php74-php-ldap - # - php74-php-mysql - # - php74-php-odbc - # - php74-php-mcrypt - # - php74-php-mhash - # - php74-php-pecl-mysql - # - php74-php-pecl-mysql-xdevapi - # - php74-php-pecl-crypto - # - php74-php-pecl-geoip - # - php74-php-pecl-pam - # - php74-php-pecl-imagick - # - php74-php-pecl-memcache - # - php74-php-pecl-http - # - php74-php-devel - # - php74-php-imap - # - php74-php-mbstring - # - php74-php-mysqlnd - # - php74-php-gd - # - php74-php-opcache - # - php74-php-json - # - php74-php-curl - # - php74-php-zip - # - php74-php-xml - # - php74-php-bz2 - # - php74-php-intl - # - php74-php-gmp - # - php74-php-cli - - php-channel-horde - - php-horde-Horde-Alarm - - php-horde-Horde-Argv - - php-horde-Horde-Auth - - php-horde-Horde-Autoloader - - php-horde-Horde-Browser - - php-horde-Horde-Cache - - php-horde-Horde-Cli - - php-horde-Horde-Compress - - php-horde-Horde-Core - - php-horde-Horde-Crypt - - php-horde-Horde-Dav - - php-horde-Horde-Db - - php-horde-Horde-Editor - - php-horde-Horde-ElasticSearch - - php-horde-Horde-Http - - php-horde-Horde-Image - - php-horde-Horde-Imap-Client - - php-horde-Horde-Ldap - - php-horde-Horde-ListHeaders - - php-horde-Horde-Log - - php-horde-Horde-Mail - - php-horde-Horde-Mail-Autoconfig - - php-horde-Horde-Memcache - - php-horde-Horde-Mime - - php-horde-Horde-Mime-Viewer - - php-horde-Horde-Notification - - php-horde-Horde-Oauth - - php-horde-Horde-Pdf - - php-horde-Horde-Perms - - php-horde-Horde-Prefs - - php-horde-Horde-Role - - php-horde-Horde-Routes - - php-horde-Horde-Rpc - - php-horde-Horde-Service-Weather - - php-horde-Horde-Smtp - - php-horde-Horde-Socket-Client - - php-horde-Horde-SyncMl - - php-horde-Horde-Template - - php-horde-Horde-Test - - php-horde-Horde-Text-Filter - - php-horde-Horde-Text-Filter-Csstidy - - php-horde-Horde-Text-Flowed - - php-horde-Horde-Tree - - php-horde-Horde-Url - - php-horde-Horde-Util - - php-horde-Horde-View - - php-horde-Horde-Xml-Element + # # - php74-php-tidy + # # - php74-php + # # - php74-php-ldap + # # - php74-php-mysql + # # - php74-php-odbc + # # - php74-php-mcrypt + # # - php74-php-mhash + # # - php74-php-pecl-mysql + # # - php74-php-pecl-mysql-xdevapi + # # - php74-php-pecl-crypto + # # - php74-php-pecl-geoip + # # - php74-php-pecl-pam + # # - php74-php-pecl-imagick + # # - php74-php-pecl-memcache + # # - php74-php-pecl-http + # # - php74-php-devel + # # - php74-php-imap + # # - php74-php-mbstring + # # - php74-php-mysqlnd + # # - php74-php-gd + # # - php74-php-opcache + # # - php74-php-json + # # - php74-php-curl + # # - php74-php-zip + # # - php74-php-xml + # # - php74-php-bz2 + # # - php74-php-intl + # # - php74-php-gmp + # # - php74-php-cli + # - php-channel-horde + # - php-horde-Horde-Alarm + # - php-horde-Horde-Argv + # - php-horde-Horde-Auth + # - php-horde-Horde-Autoloader + # - php-horde-Horde-Browser + # - php-horde-Horde-Cache + # - php-horde-Horde-Cli + # - php-horde-Horde-Compress + # - php-horde-Horde-Core + # - php-horde-Horde-Crypt + # - php-horde-Horde-Dav + # - php-horde-Horde-Db + # - php-horde-Horde-Editor + # - php-horde-Horde-ElasticSearch + # - php-horde-Horde-Http + # - php-horde-Horde-Image + # - php-horde-Horde-Imap-Client + # - php-horde-Horde-Ldap + # - php-horde-Horde-ListHeaders + # - php-horde-Horde-Log + # - php-horde-Horde-Mail + # - php-horde-Horde-Mail-Autoconfig + # - php-horde-Horde-Memcache + # - php-horde-Horde-Mime + # - php-horde-Horde-Mime-Viewer + # - php-horde-Horde-Notification + # - php-horde-Horde-Oauth + # - php-horde-Horde-Pdf + # - php-horde-Horde-Perms + # - php-horde-Horde-Prefs + # - php-horde-Horde-Role + # - php-horde-Horde-Routes + # - php-horde-Horde-Rpc + # - php-horde-Horde-Service-Weather + # - php-horde-Horde-Smtp + # - php-horde-Horde-Socket-Client + # - php-horde-Horde-SyncMl + # - php-horde-Horde-Template + # - php-horde-Horde-Test + # - php-horde-Horde-Text-Filter + # - php-horde-Horde-Text-Filter-Csstidy + # - php-horde-Horde-Text-Flowed + # - php-horde-Horde-Tree + # - php-horde-Horde-Url + # - php-horde-Horde-Util + # - php-horde-Horde-View + # - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - - php-horde-Horde-Compress-Fast - - php-horde-Horde-Crypt-Blowfish - - php-horde-Horde-Icalendar - - php-horde-Horde-Itip - - php-horde-Horde-Mapi - - php-horde-Horde-OpenXchange - - php-horde-Horde-Secret - - php-horde-Horde-Service-Gravatar - - php-horde-Horde-Text-Diff - - php-horde-Horde-Timezone - - php-horde-Horde-Vfs + # - php-horde-Horde-Compress-Fast + # - php-horde-Horde-Crypt-Blowfish + # - php-horde-Horde-Icalendar + # - php-horde-Horde-Itip + # - php-horde-Horde-Mapi + # - php-horde-Horde-OpenXchange + # - php-horde-Horde-Secret + # - php-horde-Horde-Service-Gravatar + # - php-horde-Horde-Text-Diff + # - php-horde-Horde-Timezone + # - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - - php-horde-Horde-Mongo + # - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 5f9d738abf099034051578f77b3d3efa9d938303 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:10:55 +0200 Subject: [PATCH 088/181] back to Remi, use an older version of PowerAdmin --- tasks/packages.yml | 192 ++++++++++++++++++++++----------------------- 1 file changed, 96 insertions(+), 96 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 960ba7a..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,111 +388,111 @@ command: dnf module reset php -y tags: - always -# - name: Enable the php:remi-7.4 DNF module -# tags: horde -# command: dnf module enable php:remi-7.4 -y +- name: Enable the php:remi-7.4 DNF module + tags: horde + command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - # - phpldapadmin - # - phpunit7 - # - php74-php-fpm - # - php74-php-pear - # # - php74-php-tidy - # # - php74-php - # # - php74-php-ldap - # # - php74-php-mysql - # # - php74-php-odbc - # # - php74-php-mcrypt - # # - php74-php-mhash - # # - php74-php-pecl-mysql - # # - php74-php-pecl-mysql-xdevapi - # # - php74-php-pecl-crypto - # # - php74-php-pecl-geoip - # # - php74-php-pecl-pam - # # - php74-php-pecl-imagick - # # - php74-php-pecl-memcache - # # - php74-php-pecl-http - # # - php74-php-devel - # # - php74-php-imap - # # - php74-php-mbstring - # # - php74-php-mysqlnd - # # - php74-php-gd - # # - php74-php-opcache - # # - php74-php-json - # # - php74-php-curl - # # - php74-php-zip - # # - php74-php-xml - # # - php74-php-bz2 - # # - php74-php-intl - # # - php74-php-gmp - # # - php74-php-cli - # - php-channel-horde - # - php-horde-Horde-Alarm - # - php-horde-Horde-Argv - # - php-horde-Horde-Auth - # - php-horde-Horde-Autoloader - # - php-horde-Horde-Browser - # - php-horde-Horde-Cache - # - php-horde-Horde-Cli - # - php-horde-Horde-Compress - # - php-horde-Horde-Core - # - php-horde-Horde-Crypt - # - php-horde-Horde-Dav - # - php-horde-Horde-Db - # - php-horde-Horde-Editor - # - php-horde-Horde-ElasticSearch - # - php-horde-Horde-Http - # - php-horde-Horde-Image - # - php-horde-Horde-Imap-Client - # - php-horde-Horde-Ldap - # - php-horde-Horde-ListHeaders - # - php-horde-Horde-Log - # - php-horde-Horde-Mail - # - php-horde-Horde-Mail-Autoconfig - # - php-horde-Horde-Memcache - # - php-horde-Horde-Mime - # - php-horde-Horde-Mime-Viewer - # - php-horde-Horde-Notification - # - php-horde-Horde-Oauth - # - php-horde-Horde-Pdf - # - php-horde-Horde-Perms - # - php-horde-Horde-Prefs - # - php-horde-Horde-Role - # - php-horde-Horde-Routes - # - php-horde-Horde-Rpc - # - php-horde-Horde-Service-Weather - # - php-horde-Horde-Smtp - # - php-horde-Horde-Socket-Client - # - php-horde-Horde-SyncMl - # - php-horde-Horde-Template - # - php-horde-Horde-Test - # - php-horde-Horde-Text-Filter - # - php-horde-Horde-Text-Filter-Csstidy - # - php-horde-Horde-Text-Flowed - # - php-horde-Horde-Tree - # - php-horde-Horde-Url - # - php-horde-Horde-Util - # - php-horde-Horde-View - # - php-horde-Horde-Xml-Element + - phpldapadmin + - phpunit7 + - php74-php-fpm + - php74-php-pear + - php74-php-tidy + - php74-php + - php74-php-ldap + - php74-php-mysql + - php74-php-odbc + - php74-php-mcrypt + - php74-php-mhash + - php74-php-pecl-mysql + - php74-php-pecl-mysql-xdevapi + - php74-php-pecl-crypto + - php74-php-pecl-geoip + - php74-php-pecl-pam + - php74-php-pecl-imagick + - php74-php-pecl-memcache + - php74-php-pecl-http + - php74-php-devel + - php74-php-imap + - php74-php-mbstring + - php74-php-mysqlnd + - php74-php-gd + - php74-php-opcache + - php74-php-json + - php74-php-curl + - php74-php-zip + - php74-php-xml + - php74-php-bz2 + - php74-php-intl + - php74-php-gmp + - php74-php-cli + - php-channel-horde + - php-horde-Horde-Alarm + - php-horde-Horde-Argv + - php-horde-Horde-Auth + - php-horde-Horde-Autoloader + - php-horde-Horde-Browser + - php-horde-Horde-Cache + - php-horde-Horde-Cli + - php-horde-Horde-Compress + - php-horde-Horde-Core + - php-horde-Horde-Crypt + - php-horde-Horde-Dav + - php-horde-Horde-Db + - php-horde-Horde-Editor + - php-horde-Horde-ElasticSearch + - php-horde-Horde-Http + - php-horde-Horde-Image + - php-horde-Horde-Imap-Client + - php-horde-Horde-Ldap + - php-horde-Horde-ListHeaders + - php-horde-Horde-Log + - php-horde-Horde-Mail + - php-horde-Horde-Mail-Autoconfig + - php-horde-Horde-Memcache + - php-horde-Horde-Mime + - php-horde-Horde-Mime-Viewer + - php-horde-Horde-Notification + - php-horde-Horde-Oauth + - php-horde-Horde-Pdf + - php-horde-Horde-Perms + - php-horde-Horde-Prefs + - php-horde-Horde-Role + - php-horde-Horde-Routes + - php-horde-Horde-Rpc + - php-horde-Horde-Service-Weather + - php-horde-Horde-Smtp + - php-horde-Horde-Socket-Client + - php-horde-Horde-SyncMl + - php-horde-Horde-Template + - php-horde-Horde-Test + - php-horde-Horde-Text-Filter + - php-horde-Horde-Text-Filter-Csstidy + - php-horde-Horde-Text-Flowed + - php-horde-Horde-Tree + - php-horde-Horde-Url + - php-horde-Horde-Util + - php-horde-Horde-View + - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - # - php-horde-Horde-Compress-Fast - # - php-horde-Horde-Crypt-Blowfish - # - php-horde-Horde-Icalendar - # - php-horde-Horde-Itip - # - php-horde-Horde-Mapi - # - php-horde-Horde-OpenXchange - # - php-horde-Horde-Secret - # - php-horde-Horde-Service-Gravatar - # - php-horde-Horde-Text-Diff - # - php-horde-Horde-Timezone - # - php-horde-Horde-Vfs + - php-horde-Horde-Compress-Fast + - php-horde-Horde-Crypt-Blowfish + - php-horde-Horde-Icalendar + - php-horde-Horde-Itip + - php-horde-Horde-Mapi + - php-horde-Horde-OpenXchange + - php-horde-Horde-Secret + - php-horde-Horde-Service-Gravatar + - php-horde-Horde-Text-Diff + - php-horde-Horde-Timezone + - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - # - php-horde-Horde-Mongo + - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 932fbc973a76628998cfceb54a0e445d4bde4124 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:19:33 +0200 Subject: [PATCH 089/181] use releasever, where possible --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..f488c6b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/8.x/yum + baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From 6e342c979cf974be0f7dd6b384ebeb5da61808a8 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 2 Oct 2023 00:22:34 +0200 Subject: [PATCH 090/181] use offlineimap instead of Dovecot's built-in sync feature --- tasks/offlineimap.yml | 43 ++++++++++++++++++++++++++ templates/offlineimap/offlineimaprc.j2 | 26 ++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 tasks/offlineimap.yml create mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml new file mode 100644 index 0000000..2d41e77 --- /dev/null +++ b/tasks/offlineimap.yml @@ -0,0 +1,43 @@ +--- +- name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' +- name: Generate config and sync old IMAP contents + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap +- name: Sync old IMAP account + cron: + name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" + special_time: daily + job: offlineimap + backup: yes + user: "{{ item.name }}" +- name: De-duplicate IMAP mail + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" + backup: yes + user: "{{ item.name }}" + no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 new file mode 100644 index 0000000..acb998c --- /dev/null +++ b/templates/offlineimap/offlineimaprc.j2 @@ -0,0 +1,26 @@ +[general] +accounts = oldimap + +[Account oldimap] +localrepository = newimap +remoterepository = oldimap + +[Repository newimap] +type = IMAP +remotehost = {{ mailserver_domain }} +remoteuser = {{ item.name }}@{{ mailserver_domain }} +remotepass = {{ item.password }} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +[Repository oldimap] +type = IMAP +remotehost = {{ item.old_imap_mail.host }} +remoteuser = {{ item.old_imap_mail.user }} +remotepass = {{ item.old_imap_mail.password }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} + +{% else %} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +{% endif %} From a9a60211752eb800a9f962d2a277034f29469683 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 14 Oct 2023 19:37:23 +0200 Subject: [PATCH 091/181] fix several bugs when installing from scratch --- files/mariadb/powerdnsdb_schema.sql | 2 +- tasks/offlineimap.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 09f20e8..861323a 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +-- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 2d41e77..75db9b7 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -3,6 +3,8 @@ set_fact: old_imap_fingerprint: '' - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ item.name }}" block: - name: Create offlineimap config template: @@ -27,6 +29,8 @@ - name: Sync old IMAP for the first time (this might tale a while...) command: offlineimap - name: Sync old IMAP account + become: yes + become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily @@ -34,6 +38,8 @@ backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail + become: yes + become_user: "{{ item.name }}" cron: name: De-duplicate IMAP mail special_time: daily From a59c62f62e8b0e31c5d93925f5d42ed9cfb335fc Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 03:28:38 +0200 Subject: [PATCH 092/181] fix DB schema --- files/mariadb/powerdnsdb_schema.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 861323a..09f20e8 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; From 2b0456e64c5a30f008f5a7ca99bc2d0663d1bce9 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 12:04:07 +0200 Subject: [PATCH 093/181] shell instead of command --- tasks/offlineimap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 75db9b7..49434fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -17,7 +17,7 @@ command: offlineimap rescue: - name: Fetch old IMAPS fingerprint - command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" register: old_imap_fingerprint - name: Create offlineimap config template: From 052aa587cc31573dadfd6687d991d7d20c5e6f6b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 13:12:24 +0200 Subject: [PATCH 094/181] fix user home reference --- tasks/offlineimap.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 49434fc..3ade8f6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -9,7 +9,7 @@ - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" + dest: "/home/{{ item.name }}/.offlineimaprc" owner: "{{ item.name }}" backup: yes no_log: yes @@ -22,7 +22,7 @@ - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" + dest: "/home/{{ item.name }}/.offlineimaprc" owner: "{{ item.name }}" backup: yes no_log: yes From ebc93dbe0f48108e2ba96f181b998d86ef47263a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 14:08:42 +0200 Subject: [PATCH 095/181] correct fingerprint variable --- templates/offlineimap/offlineimaprc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index acb998c..7239e94 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -17,7 +17,7 @@ type = IMAP remotehost = {{ item.old_imap_mail.host }} remoteuser = {{ item.old_imap_mail.user }} remotepass = {{ item.old_imap_mail.password }} -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} From a52bd8deb54968f22402ee9894b7146ff637b9e2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:53:56 +0200 Subject: [PATCH 096/181] fix offlineimap package --- tasks/offlineimap.yml | 6 +++--- tasks/ssl.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 3ade8f6..5e5c1b6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -14,7 +14,7 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" @@ -27,14 +27,14 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap - name: Sync old IMAP account become: yes become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily - job: offlineimap + job: /usr/local/bin/offlineimap backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 7377b7c..87c534a 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,6 +108,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } +# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 7239e94..82de6fb 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -10,7 +10,7 @@ type = IMAP remotehost = {{ mailserver_domain }} remoteuser = {{ item.name }}@{{ mailserver_domain }} remotepass = {{ item.password }} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP @@ -21,6 +21,6 @@ remotepass = {{ item.old_imap_mail.password }} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt {% endif %} From abed1eb75774ea02069e92bf950c45b4c3940697 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:55:50 +0200 Subject: [PATCH 097/181] fix name translation --- templates/offlineimap/offlineimaprc.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 82de6fb..ef7207d 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -17,6 +17,9 @@ type = IMAP remotehost = {{ item.old_imap_mail.host }} remoteuser = {{ item.old_imap_mail.user }} remotepass = {{ item.old_imap_mail.password }} +# The below will put all folders as sub-folders of the 'local' INBOX, +# assuming that your path separator on 'local' is a dot. +nametrans = lambda x: 'INBOX.' + x {% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} From c6d5e1d013ab680864a8c49d4546768f309e23c5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 18:23:38 +0200 Subject: [PATCH 098/181] fix stdout parsing --- templates/offlineimap/offlineimaprc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index ef7207d..917b188 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -21,7 +21,7 @@ remotepass = {{ item.old_imap_mail.password }} # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x {% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} +cert_fingerprint = {{ old_imap_fingerprint.stdout | split('Fingerprint=') | last }} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt From 48dabd6a776e986f8a114b763f87ce17835ff925 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:21:36 +0200 Subject: [PATCH 099/181] tag specific tasks --- tasks/offlineimap.yml | 101 ++++++++++++++----------- tasks/ssl.yml | 1 - templates/offlineimap/offlineimaprc.j2 | 4 +- 3 files changed, 59 insertions(+), 47 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 5e5c1b6..e6760fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,49 +1,62 @@ --- -- name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' -- name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ item.name }}" +- name: Sync from old IMAP account + when: "{{ current_user.old_imap_mail is defined }}" block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ item.name }}/.offlineimaprc" - owner: "{{ item.name }}" + - name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' + - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ current_user.name }}" + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "/home/{{ current_user.name }}/.offlineimaprc" + owner: "{{ current_user.name }}" + backup: yes + # no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: /usr/local/bin/offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - debug: + msg: "{{ debug_item }}" + loop: + - "{{ old_imap_fingerprint }}" + - "{{ old_imap_fingerprint.stdout }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') }}" + - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') | last }}" + loop_control: + loop_var: debug_item + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "/home/{{ current_user.name }}/.offlineimaprc" + owner: "{{ current_user.name }}" + backup: yes + # no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: /usr/local/bin/offlineimap + - name: Sync old IMAP account + become: yes + become_user: "{{ current_user.name }}" + cron: + name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" + special_time: daily + job: /usr/local/bin/offlineimap backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - shell: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ item.name }}/.offlineimaprc" - owner: "{{ item.name }}" + user: "{{ current_user.name }}" + - name: De-duplicate IMAP mail + become: yes + become_user: "{{ current_user.name }}" + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" backup: yes + user: "{{ current_user.name }}" no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap -- name: Sync old IMAP account - become: yes - become_user: "{{ item.name }}" - cron: - name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ item.name }}" -- name: De-duplicate IMAP mail - become: yes - become_user: "{{ item.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" - backup: yes - user: "{{ item.name }}" - no_log: yes diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 87c534a..7377b7c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,7 +108,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } -# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 917b188..43d6dc3 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -20,8 +20,8 @@ remotepass = {{ item.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint.stdout) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | split('Fingerprint=') | last }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt From 522539b866609838dce210ebcc6936fdfdecdb82 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:40:29 +0200 Subject: [PATCH 100/181] fix task dependencies --- tasks/offlineimap.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index e6760fc..d4652e6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,5 +1,6 @@ --- - name: Sync from old IMAP account + tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint From 23ed6a4b6a10d955caf55cbebdb9a76e66795352 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:45:22 +0200 Subject: [PATCH 101/181] fix task dependencies --- tasks/offlineimap.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index d4652e6..e6760fc 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,6 +1,5 @@ --- - name: Sync from old IMAP account - tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint From 5db71037af9255ac1389cf647c4e16f3bb6d507b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:56:58 +0200 Subject: [PATCH 102/181] fix template variable reference --- tasks/offlineimap.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index e6760fc..d4652e6 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -1,5 +1,6 @@ --- - name: Sync from old IMAP account + tags: imapsync when: "{{ current_user.old_imap_mail is defined }}" block: - name: Empty old IMAP fingerprint diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 43d6dc3..f02cbe9 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -8,19 +8,19 @@ remoterepository = oldimap [Repository newimap] type = IMAP remotehost = {{ mailserver_domain }} -remoteuser = {{ item.name }}@{{ mailserver_domain }} -remotepass = {{ item.password }} +remoteuser = {{ current_user.name }}@{{ mailserver_domain }} +remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP -remotehost = {{ item.old_imap_mail.host }} -remoteuser = {{ item.old_imap_mail.user }} -remotepass = {{ item.old_imap_mail.password }} +remotehost = {{ current_user.old_imap_mail.host }} +remoteuser = {{ current_user.old_imap_mail.user }} +remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +{% if (not current_user.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} {% else %} From e8a9966d4c4df06b57c77b667015ca9e26bba87e Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:58:15 +0200 Subject: [PATCH 103/181] clean up debug symbols --- tasks/offlineimap.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index d4652e6..6cacaed 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -16,30 +16,20 @@ dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes - # no_log: yes + no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" register: old_imap_fingerprint - - debug: - msg: "{{ debug_item }}" - loop: - - "{{ old_imap_fingerprint }}" - - "{{ old_imap_fingerprint.stdout }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') }}" - - "{{ old_imap_fingerprint.stdout | regex_search('Fingerprint\\=.*') | split('Fingerprint=') | last }}" - loop_control: - loop_var: debug_item - name: Create offlineimap config template: src: offlineimap/offlineimaprc.j2 dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes - # no_log: yes + no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap - name: Sync old IMAP account From e7761b84d03bc2ddeff01494d4e2ddf212df7a72 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 23:38:11 +0200 Subject: [PATCH 104/181] fix template logic --- tasks/offlineimap.yml | 2 ++ templates/offlineimap/offlineimaprc.j2 | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 6cacaed..27ce162 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -29,6 +29,8 @@ dest: "/home/{{ current_user.name }}/.offlineimaprc" owner: "{{ current_user.name }}" backup: yes + vars: + old_imap_fingerprint: "{{ old_imap_fingerprint }}" no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) command: /usr/local/bin/offlineimap diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index f02cbe9..41b2667 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -20,10 +20,14 @@ remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. nametrans = lambda x: 'INBOX.' + x -{% if (not current_user.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and ((old_imap_fingerprint.stdout | regex_search('Fingerprint=')) | length > 0)) %} +{% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} +# old IMAP certifcates are not verified +{% if old_imap_fingerprint is defined %} +# so the SSL fingerprint of the OLD IMAP server is accepted below +{% if (old_imap_fingerprint.stdout | regex_search('Fingerprint\=')) | length > 0 %} cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} - +{% endif %} +{% endif %} {% else %} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt - {% endif %} From b35933fcd0f313d9bef4082d433df82391f98d9b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:49:46 +0200 Subject: [PATCH 105/181] imapsync instead of offlineimap --- tasks/offlineimap.yml | 55 -------------------------- templates/offlineimap/offlineimaprc.j2 | 5 ++- 2 files changed, 4 insertions(+), 56 deletions(-) delete mode 100644 tasks/offlineimap.yml diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml deleted file mode 100644 index 27ce162..0000000 --- a/tasks/offlineimap.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Sync from old IMAP account - tags: imapsync - when: "{{ current_user.old_imap_mail is defined }}" - block: - - name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' - - name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ current_user.name }}" - block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ current_user.name }}/.offlineimaprc" - owner: "{{ current_user.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - shell: "openssl s_client -connect {{ current_user.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "/home/{{ current_user.name }}/.offlineimaprc" - owner: "{{ current_user.name }}" - backup: yes - vars: - old_imap_fingerprint: "{{ old_imap_fingerprint }}" - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - - name: Sync old IMAP account - become: yes - become_user: "{{ current_user.name }}" - cron: - name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ current_user.name }}" - - name: De-duplicate IMAP mail - become: yes - become_user: "{{ current_user.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w {{ current_user.password }} INBOX" - backup: yes - user: "{{ current_user.name }}" - no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 41b2667..10fd7e8 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -11,6 +11,8 @@ remotehost = {{ mailserver_domain }} remoteuser = {{ current_user.name }}@{{ mailserver_domain }} remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt +nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder +folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) [Repository oldimap] type = IMAP @@ -19,7 +21,8 @@ remoteuser = {{ current_user.old_imap_mail.user }} remotepass = {{ current_user.old_imap_mail.password }} # The below will put all folders as sub-folders of the 'local' INBOX, # assuming that your path separator on 'local' is a dot. -nametrans = lambda x: 'INBOX.' + x +# top-level folders ['Drafts', 'Junk', 'Sent', 'Spam', 'Trash'] are excluded +nametrans = lambda folder: 'INBOX.' + folder if folder not in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else folder {% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} # old IMAP certifcates are not verified {% if old_imap_fingerprint is defined %} From 4369d8d8035406ba6ffd39bd7ac7e3c8261fea6f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:51:08 +0200 Subject: [PATCH 106/181] cleanup --- templates/offlineimap/offlineimaprc.j2 | 36 -------------------------- 1 file changed, 36 deletions(-) delete mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 deleted file mode 100644 index 10fd7e8..0000000 --- a/templates/offlineimap/offlineimaprc.j2 +++ /dev/null @@ -1,36 +0,0 @@ -[general] -accounts = oldimap - -[Account oldimap] -localrepository = newimap -remoterepository = oldimap - -[Repository newimap] -type = IMAP -remotehost = {{ mailserver_domain }} -remoteuser = {{ current_user.name }}@{{ mailserver_domain }} -remotepass = {{ current_user.password }} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder -folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) - -[Repository oldimap] -type = IMAP -remotehost = {{ current_user.old_imap_mail.host }} -remoteuser = {{ current_user.old_imap_mail.user }} -remotepass = {{ current_user.old_imap_mail.password }} -# The below will put all folders as sub-folders of the 'local' INBOX, -# assuming that your path separator on 'local' is a dot. -# top-level folders ['Drafts', 'Junk', 'Sent', 'Spam', 'Trash'] are excluded -nametrans = lambda folder: 'INBOX.' + folder if folder not in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else folder -{% if (not current_user.old_imap_mail.ssl_verify) or ((current_user.old_imap_mail.ssl_verify | lower) == 'no') or ((current_user.old_imap_mail.ssl_verify | lower) == 'false') or (current_user.old_imap_mail.ssl_verify == 0) %} -# old IMAP certifcates are not verified -{% if old_imap_fingerprint is defined %} -# so the SSL fingerprint of the OLD IMAP server is accepted below -{% if (old_imap_fingerprint.stdout | regex_search('Fingerprint\=')) | length > 0 %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | regex_search('Fingerprint\=.*') | split('Fingerprint=') | last }} -{% endif %} -{% endif %} -{% else %} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -{% endif %} From def9ff4278d23a15436d6e302cffdac556c430a0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:55:53 +0200 Subject: [PATCH 107/181] don't import if not necessary --- files/mariadb/horde_schema.sql | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 20bf248..1b7b5d9 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,6 +1699,7 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, + `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1715,11 +1716,9 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, - `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`), - KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1851,7 +1850,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1956,7 +1955,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2093,8 +2092,9 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(255) NOT NULL, + `memo_desc` varchar(64) NOT NULL, `memo_body` text DEFAULT NULL, + `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,9 +2383,7 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2483,9 +2481,7 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` text DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2597,6 +2593,7 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, + `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2845,6 +2842,7 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, + `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2933,7 +2931,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3035,7 +3033,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 5d6bc47bb777679b34f5b9eb8daee5f6d0054a6a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:31:15 +0200 Subject: [PATCH 108/181] update schemas --- files/mariadb/horde_schema.sql | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 1b7b5d9..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,7 +1699,6 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, - `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1716,9 +1715,11 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, + `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`), + KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1850,7 +1851,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1955,7 +1956,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2092,9 +2093,8 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(64) NOT NULL, + `memo_desc` varchar(255) NOT NULL, `memo_body` text DEFAULT NULL, - `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,7 +2383,9 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2481,7 +2483,9 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2593,7 +2597,6 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, - `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2842,7 +2845,6 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, - `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2931,7 +2933,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3033,7 +3035,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 8df8e23a6ea781f87a15f732f27ff05992232dc3 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:41:33 +0200 Subject: [PATCH 109/181] enable activesync --- files/mariadb/horde_schema.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 20bf248..8924929 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -843,6 +843,7 @@ CREATE TABLE `horde_perms` ( LOCK TABLES `horde_perms` WRITE; /*!40000 ALTER TABLE `horde_perms` DISABLE KEYS */; +REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); /*!40000 ALTER TABLE `horde_perms` ENABLE KEYS */; UNLOCK TABLES; From f6012693c9ef48b11e70bdc6c48f63f8ecf62f51 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Thu, 19 Oct 2023 02:21:59 +0200 Subject: [PATCH 110/181] enable ActiveSync outside of schema init --- files/mariadb/horde_schema.sql | 1 - 1 file changed, 1 deletion(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 8924929..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -843,7 +843,6 @@ CREATE TABLE `horde_perms` ( LOCK TABLES `horde_perms` WRITE; /*!40000 ALTER TABLE `horde_perms` DISABLE KEYS */; -REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); /*!40000 ALTER TABLE `horde_perms` ENABLE KEYS */; UNLOCK TABLES; From d5403f4ebbe5256a9dd7778a17af9882be277524 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 16:09:48 +0200 Subject: [PATCH 111/181] only install what we explicitly need --- tasks/packages.yml | 58 +++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..a634c59 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -399,35 +399,35 @@ - phpunit7 - php74-php-fpm - php74-php-pear - - php74-php-tidy - - php74-php - - php74-php-ldap - - php74-php-mysql - - php74-php-odbc - - php74-php-mcrypt - - php74-php-mhash - - php74-php-pecl-mysql - - php74-php-pecl-mysql-xdevapi - - php74-php-pecl-crypto - - php74-php-pecl-geoip - - php74-php-pecl-pam - - php74-php-pecl-imagick - - php74-php-pecl-memcache - - php74-php-pecl-http - - php74-php-devel - - php74-php-imap - - php74-php-mbstring - - php74-php-mysqlnd - - php74-php-gd - - php74-php-opcache - - php74-php-json - - php74-php-curl - - php74-php-zip - - php74-php-xml - - php74-php-bz2 - - php74-php-intl - - php74-php-gmp - - php74-php-cli + # - php74-php-tidy + # - php74-php + # - php74-php-ldap + # - php74-php-mysql + # - php74-php-odbc + # - php74-php-mcrypt + # - php74-php-mhash + # - php74-php-pecl-mysql + # - php74-php-pecl-mysql-xdevapi + # - php74-php-pecl-crypto + # - php74-php-pecl-geoip + # - php74-php-pecl-pam + # - php74-php-pecl-imagick + # - php74-php-pecl-memcache + # - php74-php-pecl-http + # - php74-php-devel + # - php74-php-imap + # - php74-php-mbstring + # - php74-php-mysqlnd + # - php74-php-gd + # - php74-php-opcache + # - php74-php-json + # - php74-php-curl + # - php74-php-zip + # - php74-php-xml + # - php74-php-bz2 + # - php74-php-intl + # - php74-php-gmp + # - php74-php-cli - php-channel-horde - php-horde-Horde-Alarm - php-horde-Horde-Argv From 1f437bc19986ba6a23d8f45fe9caca71cd8850e0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:24:13 +0200 Subject: [PATCH 112/181] try horde from Cheese repo --- tasks/packages.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index a634c59..16f5620 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,17 +388,17 @@ command: dnf module reset php -y tags: - always -- name: Enable the php:remi-7.4 DNF module - tags: horde - command: dnf module enable php:remi-7.4 -y +# - name: Enable the php:remi-7.4 DNF module +# tags: horde +# command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - phpldapadmin - phpunit7 - - php74-php-fpm - - php74-php-pear + # - php74-php-fpm + # - php74-php-pear # - php74-php-tidy # - php74-php # - php74-php-ldap From 259583c90c7670510e570c45acbd574971840444 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:47:51 +0200 Subject: [PATCH 113/181] enable RPM Fusion --- tasks/packages.yml | 182 ++++++++++++++++++++++----------------------- 1 file changed, 91 insertions(+), 91 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 16f5620..960ba7a 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -395,104 +395,104 @@ tags: horde dnf: name: - - phpldapadmin - - phpunit7 + # - phpldapadmin + # - phpunit7 # - php74-php-fpm # - php74-php-pear - # - php74-php-tidy - # - php74-php - # - php74-php-ldap - # - php74-php-mysql - # - php74-php-odbc - # - php74-php-mcrypt - # - php74-php-mhash - # - php74-php-pecl-mysql - # - php74-php-pecl-mysql-xdevapi - # - php74-php-pecl-crypto - # - php74-php-pecl-geoip - # - php74-php-pecl-pam - # - php74-php-pecl-imagick - # - php74-php-pecl-memcache - # - php74-php-pecl-http - # - php74-php-devel - # - php74-php-imap - # - php74-php-mbstring - # - php74-php-mysqlnd - # - php74-php-gd - # - php74-php-opcache - # - php74-php-json - # - php74-php-curl - # - php74-php-zip - # - php74-php-xml - # - php74-php-bz2 - # - php74-php-intl - # - php74-php-gmp - # - php74-php-cli - - php-channel-horde - - php-horde-Horde-Alarm - - php-horde-Horde-Argv - - php-horde-Horde-Auth - - php-horde-Horde-Autoloader - - php-horde-Horde-Browser - - php-horde-Horde-Cache - - php-horde-Horde-Cli - - php-horde-Horde-Compress - - php-horde-Horde-Core - - php-horde-Horde-Crypt - - php-horde-Horde-Dav - - php-horde-Horde-Db - - php-horde-Horde-Editor - - php-horde-Horde-ElasticSearch - - php-horde-Horde-Http - - php-horde-Horde-Image - - php-horde-Horde-Imap-Client - - php-horde-Horde-Ldap - - php-horde-Horde-ListHeaders - - php-horde-Horde-Log - - php-horde-Horde-Mail - - php-horde-Horde-Mail-Autoconfig - - php-horde-Horde-Memcache - - php-horde-Horde-Mime - - php-horde-Horde-Mime-Viewer - - php-horde-Horde-Notification - - php-horde-Horde-Oauth - - php-horde-Horde-Pdf - - php-horde-Horde-Perms - - php-horde-Horde-Prefs - - php-horde-Horde-Role - - php-horde-Horde-Routes - - php-horde-Horde-Rpc - - php-horde-Horde-Service-Weather - - php-horde-Horde-Smtp - - php-horde-Horde-Socket-Client - - php-horde-Horde-SyncMl - - php-horde-Horde-Template - - php-horde-Horde-Test - - php-horde-Horde-Text-Filter - - php-horde-Horde-Text-Filter-Csstidy - - php-horde-Horde-Text-Flowed - - php-horde-Horde-Tree - - php-horde-Horde-Url - - php-horde-Horde-Util - - php-horde-Horde-View - - php-horde-Horde-Xml-Element + # # - php74-php-tidy + # # - php74-php + # # - php74-php-ldap + # # - php74-php-mysql + # # - php74-php-odbc + # # - php74-php-mcrypt + # # - php74-php-mhash + # # - php74-php-pecl-mysql + # # - php74-php-pecl-mysql-xdevapi + # # - php74-php-pecl-crypto + # # - php74-php-pecl-geoip + # # - php74-php-pecl-pam + # # - php74-php-pecl-imagick + # # - php74-php-pecl-memcache + # # - php74-php-pecl-http + # # - php74-php-devel + # # - php74-php-imap + # # - php74-php-mbstring + # # - php74-php-mysqlnd + # # - php74-php-gd + # # - php74-php-opcache + # # - php74-php-json + # # - php74-php-curl + # # - php74-php-zip + # # - php74-php-xml + # # - php74-php-bz2 + # # - php74-php-intl + # # - php74-php-gmp + # # - php74-php-cli + # - php-channel-horde + # - php-horde-Horde-Alarm + # - php-horde-Horde-Argv + # - php-horde-Horde-Auth + # - php-horde-Horde-Autoloader + # - php-horde-Horde-Browser + # - php-horde-Horde-Cache + # - php-horde-Horde-Cli + # - php-horde-Horde-Compress + # - php-horde-Horde-Core + # - php-horde-Horde-Crypt + # - php-horde-Horde-Dav + # - php-horde-Horde-Db + # - php-horde-Horde-Editor + # - php-horde-Horde-ElasticSearch + # - php-horde-Horde-Http + # - php-horde-Horde-Image + # - php-horde-Horde-Imap-Client + # - php-horde-Horde-Ldap + # - php-horde-Horde-ListHeaders + # - php-horde-Horde-Log + # - php-horde-Horde-Mail + # - php-horde-Horde-Mail-Autoconfig + # - php-horde-Horde-Memcache + # - php-horde-Horde-Mime + # - php-horde-Horde-Mime-Viewer + # - php-horde-Horde-Notification + # - php-horde-Horde-Oauth + # - php-horde-Horde-Pdf + # - php-horde-Horde-Perms + # - php-horde-Horde-Prefs + # - php-horde-Horde-Role + # - php-horde-Horde-Routes + # - php-horde-Horde-Rpc + # - php-horde-Horde-Service-Weather + # - php-horde-Horde-Smtp + # - php-horde-Horde-Socket-Client + # - php-horde-Horde-SyncMl + # - php-horde-Horde-Template + # - php-horde-Horde-Test + # - php-horde-Horde-Text-Filter + # - php-horde-Horde-Text-Filter-Csstidy + # - php-horde-Horde-Text-Flowed + # - php-horde-Horde-Tree + # - php-horde-Horde-Url + # - php-horde-Horde-Util + # - php-horde-Horde-View + # - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - - php-horde-Horde-Compress-Fast - - php-horde-Horde-Crypt-Blowfish - - php-horde-Horde-Icalendar - - php-horde-Horde-Itip - - php-horde-Horde-Mapi - - php-horde-Horde-OpenXchange - - php-horde-Horde-Secret - - php-horde-Horde-Service-Gravatar - - php-horde-Horde-Text-Diff - - php-horde-Horde-Timezone - - php-horde-Horde-Vfs + # - php-horde-Horde-Compress-Fast + # - php-horde-Horde-Crypt-Blowfish + # - php-horde-Horde-Icalendar + # - php-horde-Horde-Itip + # - php-horde-Horde-Mapi + # - php-horde-Horde-OpenXchange + # - php-horde-Horde-Secret + # - php-horde-Horde-Service-Gravatar + # - php-horde-Horde-Text-Diff + # - php-horde-Horde-Timezone + # - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - - php-horde-Horde-Mongo + # - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 73986cb43becf8a482adb6de3a4a1b40fe232bd1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:10:55 +0200 Subject: [PATCH 114/181] back to Remi, use an older version of PowerAdmin --- tasks/packages.yml | 192 ++++++++++++++++++++++----------------------- 1 file changed, 96 insertions(+), 96 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 960ba7a..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,111 +388,111 @@ command: dnf module reset php -y tags: - always -# - name: Enable the php:remi-7.4 DNF module -# tags: horde -# command: dnf module enable php:remi-7.4 -y +- name: Enable the php:remi-7.4 DNF module + tags: horde + command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - # - phpldapadmin - # - phpunit7 - # - php74-php-fpm - # - php74-php-pear - # # - php74-php-tidy - # # - php74-php - # # - php74-php-ldap - # # - php74-php-mysql - # # - php74-php-odbc - # # - php74-php-mcrypt - # # - php74-php-mhash - # # - php74-php-pecl-mysql - # # - php74-php-pecl-mysql-xdevapi - # # - php74-php-pecl-crypto - # # - php74-php-pecl-geoip - # # - php74-php-pecl-pam - # # - php74-php-pecl-imagick - # # - php74-php-pecl-memcache - # # - php74-php-pecl-http - # # - php74-php-devel - # # - php74-php-imap - # # - php74-php-mbstring - # # - php74-php-mysqlnd - # # - php74-php-gd - # # - php74-php-opcache - # # - php74-php-json - # # - php74-php-curl - # # - php74-php-zip - # # - php74-php-xml - # # - php74-php-bz2 - # # - php74-php-intl - # # - php74-php-gmp - # # - php74-php-cli - # - php-channel-horde - # - php-horde-Horde-Alarm - # - php-horde-Horde-Argv - # - php-horde-Horde-Auth - # - php-horde-Horde-Autoloader - # - php-horde-Horde-Browser - # - php-horde-Horde-Cache - # - php-horde-Horde-Cli - # - php-horde-Horde-Compress - # - php-horde-Horde-Core - # - php-horde-Horde-Crypt - # - php-horde-Horde-Dav - # - php-horde-Horde-Db - # - php-horde-Horde-Editor - # - php-horde-Horde-ElasticSearch - # - php-horde-Horde-Http - # - php-horde-Horde-Image - # - php-horde-Horde-Imap-Client - # - php-horde-Horde-Ldap - # - php-horde-Horde-ListHeaders - # - php-horde-Horde-Log - # - php-horde-Horde-Mail - # - php-horde-Horde-Mail-Autoconfig - # - php-horde-Horde-Memcache - # - php-horde-Horde-Mime - # - php-horde-Horde-Mime-Viewer - # - php-horde-Horde-Notification - # - php-horde-Horde-Oauth - # - php-horde-Horde-Pdf - # - php-horde-Horde-Perms - # - php-horde-Horde-Prefs - # - php-horde-Horde-Role - # - php-horde-Horde-Routes - # - php-horde-Horde-Rpc - # - php-horde-Horde-Service-Weather - # - php-horde-Horde-Smtp - # - php-horde-Horde-Socket-Client - # - php-horde-Horde-SyncMl - # - php-horde-Horde-Template - # - php-horde-Horde-Test - # - php-horde-Horde-Text-Filter - # - php-horde-Horde-Text-Filter-Csstidy - # - php-horde-Horde-Text-Flowed - # - php-horde-Horde-Tree - # - php-horde-Horde-Url - # - php-horde-Horde-Util - # - php-horde-Horde-View - # - php-horde-Horde-Xml-Element + - phpldapadmin + - phpunit7 + - php74-php-fpm + - php74-php-pear + - php74-php-tidy + - php74-php + - php74-php-ldap + - php74-php-mysql + - php74-php-odbc + - php74-php-mcrypt + - php74-php-mhash + - php74-php-pecl-mysql + - php74-php-pecl-mysql-xdevapi + - php74-php-pecl-crypto + - php74-php-pecl-geoip + - php74-php-pecl-pam + - php74-php-pecl-imagick + - php74-php-pecl-memcache + - php74-php-pecl-http + - php74-php-devel + - php74-php-imap + - php74-php-mbstring + - php74-php-mysqlnd + - php74-php-gd + - php74-php-opcache + - php74-php-json + - php74-php-curl + - php74-php-zip + - php74-php-xml + - php74-php-bz2 + - php74-php-intl + - php74-php-gmp + - php74-php-cli + - php-channel-horde + - php-horde-Horde-Alarm + - php-horde-Horde-Argv + - php-horde-Horde-Auth + - php-horde-Horde-Autoloader + - php-horde-Horde-Browser + - php-horde-Horde-Cache + - php-horde-Horde-Cli + - php-horde-Horde-Compress + - php-horde-Horde-Core + - php-horde-Horde-Crypt + - php-horde-Horde-Dav + - php-horde-Horde-Db + - php-horde-Horde-Editor + - php-horde-Horde-ElasticSearch + - php-horde-Horde-Http + - php-horde-Horde-Image + - php-horde-Horde-Imap-Client + - php-horde-Horde-Ldap + - php-horde-Horde-ListHeaders + - php-horde-Horde-Log + - php-horde-Horde-Mail + - php-horde-Horde-Mail-Autoconfig + - php-horde-Horde-Memcache + - php-horde-Horde-Mime + - php-horde-Horde-Mime-Viewer + - php-horde-Horde-Notification + - php-horde-Horde-Oauth + - php-horde-Horde-Pdf + - php-horde-Horde-Perms + - php-horde-Horde-Prefs + - php-horde-Horde-Role + - php-horde-Horde-Routes + - php-horde-Horde-Rpc + - php-horde-Horde-Service-Weather + - php-horde-Horde-Smtp + - php-horde-Horde-Socket-Client + - php-horde-Horde-SyncMl + - php-horde-Horde-Template + - php-horde-Horde-Test + - php-horde-Horde-Text-Filter + - php-horde-Horde-Text-Filter-Csstidy + - php-horde-Horde-Text-Flowed + - php-horde-Horde-Tree + - php-horde-Horde-Url + - php-horde-Horde-Util + - php-horde-Horde-View + - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - # - php-horde-Horde-Compress-Fast - # - php-horde-Horde-Crypt-Blowfish - # - php-horde-Horde-Icalendar - # - php-horde-Horde-Itip - # - php-horde-Horde-Mapi - # - php-horde-Horde-OpenXchange - # - php-horde-Horde-Secret - # - php-horde-Horde-Service-Gravatar - # - php-horde-Horde-Text-Diff - # - php-horde-Horde-Timezone - # - php-horde-Horde-Vfs + - php-horde-Horde-Compress-Fast + - php-horde-Horde-Crypt-Blowfish + - php-horde-Horde-Icalendar + - php-horde-Horde-Itip + - php-horde-Horde-Mapi + - php-horde-Horde-OpenXchange + - php-horde-Horde-Secret + - php-horde-Horde-Service-Gravatar + - php-horde-Horde-Text-Diff + - php-horde-Horde-Timezone + - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - # - php-horde-Horde-Mongo + - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 07bf555c8010a4bae2bcc8e50006b4b42e1cbd17 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:19:33 +0200 Subject: [PATCH 115/181] use releasever, where possible --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..f488c6b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/8.x/yum + baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From dafc4a0f47b9e15e7b328b1c9712b6c802567e4d Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:21:14 +0200 Subject: [PATCH 116/181] fix ElasticSearch version --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index f488c6b..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum + baseurl=https://artifacts.elastic.co/packages/8.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From 4bd562225c773fb907ffa431b8c97c8ccbbde0ba Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 2 Oct 2023 00:22:34 +0200 Subject: [PATCH 117/181] use offlineimap instead of Dovecot's built-in sync feature --- tasks/offlineimap.yml | 43 ++++++++++++++++++++++++++ templates/offlineimap/offlineimaprc.j2 | 26 ++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 tasks/offlineimap.yml create mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml new file mode 100644 index 0000000..2d41e77 --- /dev/null +++ b/tasks/offlineimap.yml @@ -0,0 +1,43 @@ +--- +- name: Empty old IMAP fingerprint + set_fact: + old_imap_fingerprint: '' +- name: Generate config and sync old IMAP contents + block: + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap + rescue: + - name: Fetch old IMAPS fingerprint + command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" + register: old_imap_fingerprint + - name: Create offlineimap config + template: + src: offlineimap/offlineimaprc.j2 + dest: "{{ ansible_env.HOME }}/.offlineimaprc" + owner: "{{ item.name }}" + backup: yes + no_log: yes + - name: Sync old IMAP for the first time (this might tale a while...) + command: offlineimap +- name: Sync old IMAP account + cron: + name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" + special_time: daily + job: offlineimap + backup: yes + user: "{{ item.name }}" +- name: De-duplicate IMAP mail + cron: + name: De-duplicate IMAP mail + special_time: daily + job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" + backup: yes + user: "{{ item.name }}" + no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 new file mode 100644 index 0000000..acb998c --- /dev/null +++ b/templates/offlineimap/offlineimaprc.j2 @@ -0,0 +1,26 @@ +[general] +accounts = oldimap + +[Account oldimap] +localrepository = newimap +remoterepository = oldimap + +[Repository newimap] +type = IMAP +remotehost = {{ mailserver_domain }} +remoteuser = {{ item.name }}@{{ mailserver_domain }} +remotepass = {{ item.password }} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +[Repository oldimap] +type = IMAP +remotehost = {{ item.old_imap_mail.host }} +remoteuser = {{ item.old_imap_mail.user }} +remotepass = {{ item.old_imap_mail.password }} +{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} +cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} + +{% else %} +sslcacertfile = /etc/ssl/certs/ca-certificates.crt + +{% endif %} From ef7aa824bdcb7564f4de33c8982f7212ca60a767 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 14 Oct 2023 19:37:23 +0200 Subject: [PATCH 118/181] fix several bugs when installing from scratch --- files/mariadb/powerdnsdb_schema.sql | 2 +- tasks/offlineimap.yml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 09f20e8..861323a 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +-- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 2d41e77..75db9b7 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -3,6 +3,8 @@ set_fact: old_imap_fingerprint: '' - name: Generate config and sync old IMAP contents + become: yes + become_user: "{{ item.name }}" block: - name: Create offlineimap config template: @@ -27,6 +29,8 @@ - name: Sync old IMAP for the first time (this might tale a while...) command: offlineimap - name: Sync old IMAP account + become: yes + become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily @@ -34,6 +38,8 @@ backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail + become: yes + become_user: "{{ item.name }}" cron: name: De-duplicate IMAP mail special_time: daily From 3bea509f932e94f206cccfa94a6130b92eb86b3a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 03:28:38 +0200 Subject: [PATCH 119/181] fix DB schema --- files/mariadb/powerdnsdb_schema.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/mariadb/powerdnsdb_schema.sql b/files/mariadb/powerdnsdb_schema.sql index 861323a..09f20e8 100644 --- a/files/mariadb/powerdnsdb_schema.sql +++ b/files/mariadb/powerdnsdb_schema.sql @@ -296,7 +296,7 @@ CREATE TABLE `zones` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci; /*!40101 SET character_set_client = @saved_cs_client */; --- /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; From 5b284ac3861b37f01546bb148798f79d38a75f2d Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 15:53:56 +0200 Subject: [PATCH 120/181] fix offlineimap package --- tasks/offlineimap.yml | 6 +++--- tasks/ssl.yml | 1 + templates/offlineimap/offlineimaprc.j2 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml index 75db9b7..6e5d4de 100644 --- a/tasks/offlineimap.yml +++ b/tasks/offlineimap.yml @@ -14,7 +14,7 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap rescue: - name: Fetch old IMAPS fingerprint command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" @@ -27,14 +27,14 @@ backup: yes no_log: yes - name: Sync old IMAP for the first time (this might tale a while...) - command: offlineimap + command: /usr/local/bin/offlineimap - name: Sync old IMAP account become: yes become_user: "{{ item.name }}" cron: name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" special_time: daily - job: offlineimap + job: /usr/local/bin/offlineimap backup: yes user: "{{ item.name }}" - name: De-duplicate IMAP mail diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 7377b7c..87c534a 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,6 +108,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } +# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index acb998c..7bc49ef 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -10,7 +10,7 @@ type = IMAP remotehost = {{ mailserver_domain }} remoteuser = {{ item.name }}@{{ mailserver_domain }} remotepass = {{ item.password }} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] type = IMAP @@ -21,6 +21,6 @@ remotepass = {{ item.old_imap_mail.password }} cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} {% else %} -sslcacertfile = /etc/ssl/certs/ca-certificates.crt +sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt {% endif %} From 507dfc325eae23eb5af60365a9ad070eaa3c1444 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:21:36 +0200 Subject: [PATCH 121/181] tag specific tasks --- tasks/ssl.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 87c534a..7377b7c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -108,7 +108,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } -# TODO: uncomment the below task - it's commented while live testing the production server - name: Generate LetsEncrypt certificates # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" From 551fbe9b6734dbadd6a202a2341e132f17ddcb56 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 15 Oct 2023 22:56:58 +0200 Subject: [PATCH 122/181] fix template variable reference --- templates/offlineimap/offlineimaprc.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 7bc49ef..8bf19cf 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -8,8 +8,8 @@ remoterepository = oldimap [Repository newimap] type = IMAP remotehost = {{ mailserver_domain }} -remoteuser = {{ item.name }}@{{ mailserver_domain }} -remotepass = {{ item.password }} +remoteuser = {{ current_user.name }}@{{ mailserver_domain }} +remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt [Repository oldimap] From 7fdae75d859405b35f5c6aa7c6c24dded5c7cb59 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:49:46 +0200 Subject: [PATCH 123/181] imapsync instead of offlineimap --- tasks/offlineimap.yml | 49 -------------------------- templates/offlineimap/offlineimaprc.j2 | 2 ++ 2 files changed, 2 insertions(+), 49 deletions(-) delete mode 100644 tasks/offlineimap.yml diff --git a/tasks/offlineimap.yml b/tasks/offlineimap.yml deleted file mode 100644 index 6e5d4de..0000000 --- a/tasks/offlineimap.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Empty old IMAP fingerprint - set_fact: - old_imap_fingerprint: '' -- name: Generate config and sync old IMAP contents - become: yes - become_user: "{{ item.name }}" - block: - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" - owner: "{{ item.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap - rescue: - - name: Fetch old IMAPS fingerprint - command: "openssl s_client -connect {{ item.old_imap_mail.host }}:993 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin" - register: old_imap_fingerprint - - name: Create offlineimap config - template: - src: offlineimap/offlineimaprc.j2 - dest: "{{ ansible_env.HOME }}/.offlineimaprc" - owner: "{{ item.name }}" - backup: yes - no_log: yes - - name: Sync old IMAP for the first time (this might tale a while...) - command: /usr/local/bin/offlineimap -- name: Sync old IMAP account - become: yes - become_user: "{{ item.name }}" - cron: - name: "Sync old IMAP account {{ item.old_imap_mail.user }} at {{ item.old_imap_mail.host }} for {{ item.name }}" - special_time: daily - job: /usr/local/bin/offlineimap - backup: yes - user: "{{ item.name }}" -- name: De-duplicate IMAP mail - become: yes - become_user: "{{ item.name }}" - cron: - name: De-duplicate IMAP mail - special_time: daily - job: "/usr/local/bin/imapdedup.py -s {{ mailserver_domain }} -u {{ item.name }}@{{ mailserver_domain }} -w {{ item.password }} INBOX" - backup: yes - user: "{{ item.name }}" - no_log: yes diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 index 8bf19cf..d3b32a9 100644 --- a/templates/offlineimap/offlineimaprc.j2 +++ b/templates/offlineimap/offlineimaprc.j2 @@ -11,6 +11,8 @@ remotehost = {{ mailserver_domain }} remoteuser = {{ current_user.name }}@{{ mailserver_domain }} remotepass = {{ current_user.password }} sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt +nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder +folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) [Repository oldimap] type = IMAP From 430f2eec0399938b0c2f2967afd08394cda4cf79 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Mon, 16 Oct 2023 00:51:08 +0200 Subject: [PATCH 124/181] cleanup --- templates/offlineimap/offlineimaprc.j2 | 28 -------------------------- 1 file changed, 28 deletions(-) delete mode 100644 templates/offlineimap/offlineimaprc.j2 diff --git a/templates/offlineimap/offlineimaprc.j2 b/templates/offlineimap/offlineimaprc.j2 deleted file mode 100644 index d3b32a9..0000000 --- a/templates/offlineimap/offlineimaprc.j2 +++ /dev/null @@ -1,28 +0,0 @@ -[general] -accounts = oldimap - -[Account oldimap] -localrepository = newimap -remoterepository = oldimap - -[Repository newimap] -type = IMAP -remotehost = {{ mailserver_domain }} -remoteuser = {{ current_user.name }}@{{ mailserver_domain }} -remotepass = {{ current_user.password }} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt -nametrans = lambda folder: folder if folder in re.search('(.*\.Junk$|.*\.Sent$|.*\.Spam$|.*\.Trash$)', folder) else 'INBOX.' + folder -folderfilter = lambda folder: not re.search('(^Trash$|Del)', folder) - -[Repository oldimap] -type = IMAP -remotehost = {{ item.old_imap_mail.host }} -remoteuser = {{ item.old_imap_mail.user }} -remotepass = {{ item.old_imap_mail.password }} -{% if (not item.old_imap_mail.ssl_verify) and (old_imap_fingerprint is defined and 'Fingerprint=' in old_imap_fingerprint) %} -cert_fingerprint = {{ old_imap_fingerprint.stdout | trim | split('Fingerprint=') | last }} - -{% else %} -sslcacertfile = /etc/ssl/certs/ca-bundle.trust.crt - -{% endif %} From 079f48672d545a765a8bae9db227e8709a218cbe Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 21:55:53 +0200 Subject: [PATCH 125/181] don't import if not necessary --- files/mariadb/horde_schema.sql | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 20bf248..1b7b5d9 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,6 +1699,7 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, + `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1715,11 +1716,9 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, - `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`), - KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1851,7 +1850,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1956,7 +1955,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2093,8 +2092,9 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(255) NOT NULL, + `memo_desc` varchar(64) NOT NULL, `memo_body` text DEFAULT NULL, + `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,9 +2383,7 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2483,9 +2481,7 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, - `attribute_issmart` int(11) DEFAULT 0, - `attribute_search` text DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2597,6 +2593,7 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, + `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2845,6 +2842,7 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, + `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2933,7 +2931,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3035,7 +3033,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` varchar(4000) DEFAULT NULL, + `share_parents` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 1ce2580eeb7a6daae15d85b90885d935b75cff3a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Wed, 18 Oct 2023 22:31:15 +0200 Subject: [PATCH 126/181] update schemas --- files/mariadb/horde_schema.sql | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/files/mariadb/horde_schema.sql b/files/mariadb/horde_schema.sql index 1b7b5d9..20bf248 100644 --- a/files/mariadb/horde_schema.sql +++ b/files/mariadb/horde_schema.sql @@ -1699,7 +1699,6 @@ CREATE TABLE `kronolith_events` ( `event_keywords` text DEFAULT NULL, `event_exceptions` text DEFAULT NULL, `event_title` varchar(255) DEFAULT NULL, - `event_category` varchar(80) DEFAULT NULL, `event_recurtype` int(11) DEFAULT 0, `event_recurinterval` int(11) DEFAULT NULL, `event_recurdays` int(11) DEFAULT NULL, @@ -1716,9 +1715,11 @@ CREATE TABLE `kronolith_events` ( `event_baseid` varchar(255) DEFAULT '', `event_exceptionoriginaldate` datetime DEFAULT NULL, `event_resources` text DEFAULT NULL, + `event_timezone` varchar(50) DEFAULT NULL, PRIMARY KEY (`event_id`), KEY `index_kronolith_events_on_calendar_id` (`calendar_id`), - KEY `index_kronolith_events_on_event_uid` (`event_uid`) + KEY `index_kronolith_events_on_event_uid` (`event_uid`), + KEY `index_kronolith_events_on_event_baseid` (`event_baseid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1850,7 +1851,7 @@ CREATE TABLE `kronolith_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_shares_on_share_name` (`share_name`), KEY `index_kronolith_shares_on_share_owner` (`share_owner`), @@ -1955,7 +1956,7 @@ CREATE TABLE `kronolith_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_kronolith_sharesng_on_share_name` (`share_name`), KEY `index_kronolith_sharesng_on_share_owner` (`share_owner`), @@ -2092,9 +2093,8 @@ CREATE TABLE `mnemo_memos` ( `memo_owner` varchar(255) NOT NULL, `memo_id` varchar(32) NOT NULL, `memo_uid` varchar(255) NOT NULL, - `memo_desc` varchar(64) NOT NULL, + `memo_desc` varchar(255) NOT NULL, `memo_body` text DEFAULT NULL, - `memo_category` varchar(80) DEFAULT NULL, `memo_private` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`memo_owner`,`memo_id`), KEY `index_mnemo_memos_on_memo_owner` (`memo_owner`), @@ -2150,7 +2150,7 @@ CREATE TABLE `mnemo_shares` ( `perm_guest` int(11) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_shares_on_share_name` (`share_name`), KEY `index_mnemo_shares_on_share_owner` (`share_owner`), @@ -2251,7 +2251,7 @@ CREATE TABLE `mnemo_sharesng` ( `perm_guest_16` tinyint(1) NOT NULL DEFAULT 0, `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_mnemo_sharesng_on_share_name` (`share_name`), KEY `index_mnemo_sharesng_on_share_owner` (`share_owner`), @@ -2383,7 +2383,9 @@ CREATE TABLE `nag_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_shares_on_share_name` (`share_name`), KEY `index_nag_shares_on_share_owner` (`share_owner`), @@ -2481,7 +2483,9 @@ CREATE TABLE `nag_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_color` varchar(7) DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, + `attribute_issmart` int(11) DEFAULT 0, + `attribute_search` text DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_nag_sharesng_on_share_name` (`share_name`), KEY `index_nag_sharesng_on_share_owner` (`share_owner`), @@ -2593,7 +2597,6 @@ CREATE TABLE `nag_tasks` ( `task_due` int(11) DEFAULT NULL, `task_priority` int(11) NOT NULL DEFAULT 0, `task_estimate` float DEFAULT NULL, - `task_category` varchar(80) DEFAULT NULL, `task_completed` int(1) NOT NULL DEFAULT 0, `task_completed_date` int(11) DEFAULT NULL, `task_alarm` int(11) NOT NULL DEFAULT 0, @@ -2842,7 +2845,6 @@ CREATE TABLE `turba_objects` ( `object_logo` longblob DEFAULT NULL, `object_logotype` varchar(10) DEFAULT NULL, `object_company` varchar(255) DEFAULT NULL, - `object_category` varchar(80) DEFAULT NULL, `object_notes` text DEFAULT NULL, `object_url` varchar(255) DEFAULT NULL, `object_freebusyurl` varchar(255) DEFAULT NULL, @@ -2931,7 +2933,7 @@ CREATE TABLE `turba_shares` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_shares_on_share_name` (`share_name`), KEY `index_turba_shares_on_share_owner` (`share_owner`), @@ -3033,7 +3035,7 @@ CREATE TABLE `turba_sharesng` ( `attribute_name` varchar(255) NOT NULL, `attribute_desc` varchar(255) DEFAULT NULL, `attribute_params` text DEFAULT NULL, - `share_parents` text DEFAULT NULL, + `share_parents` varchar(4000) DEFAULT NULL, PRIMARY KEY (`share_id`), KEY `index_turba_sharesng_on_share_name` (`share_name`), KEY `index_turba_sharesng_on_share_owner` (`share_owner`), From 8755c630d9394ea9e51cb3f7c58736ec3e9b2181 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sun, 22 Oct 2023 16:09:48 +0200 Subject: [PATCH 127/181] only install what we explicitly need --- tasks/packages.yml | 58 +++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..a634c59 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -399,35 +399,35 @@ - phpunit7 - php74-php-fpm - php74-php-pear - - php74-php-tidy - - php74-php - - php74-php-ldap - - php74-php-mysql - - php74-php-odbc - - php74-php-mcrypt - - php74-php-mhash - - php74-php-pecl-mysql - - php74-php-pecl-mysql-xdevapi - - php74-php-pecl-crypto - - php74-php-pecl-geoip - - php74-php-pecl-pam - - php74-php-pecl-imagick - - php74-php-pecl-memcache - - php74-php-pecl-http - - php74-php-devel - - php74-php-imap - - php74-php-mbstring - - php74-php-mysqlnd - - php74-php-gd - - php74-php-opcache - - php74-php-json - - php74-php-curl - - php74-php-zip - - php74-php-xml - - php74-php-bz2 - - php74-php-intl - - php74-php-gmp - - php74-php-cli + # - php74-php-tidy + # - php74-php + # - php74-php-ldap + # - php74-php-mysql + # - php74-php-odbc + # - php74-php-mcrypt + # - php74-php-mhash + # - php74-php-pecl-mysql + # - php74-php-pecl-mysql-xdevapi + # - php74-php-pecl-crypto + # - php74-php-pecl-geoip + # - php74-php-pecl-pam + # - php74-php-pecl-imagick + # - php74-php-pecl-memcache + # - php74-php-pecl-http + # - php74-php-devel + # - php74-php-imap + # - php74-php-mbstring + # - php74-php-mysqlnd + # - php74-php-gd + # - php74-php-opcache + # - php74-php-json + # - php74-php-curl + # - php74-php-zip + # - php74-php-xml + # - php74-php-bz2 + # - php74-php-intl + # - php74-php-gmp + # - php74-php-cli - php-channel-horde - php-horde-Horde-Alarm - php-horde-Horde-Argv From 06ae040f1d1a5de32e01ec55689cef34575ecb81 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:24:13 +0200 Subject: [PATCH 128/181] try horde from Cheese repo --- tasks/packages.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index a634c59..16f5620 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,17 +388,17 @@ command: dnf module reset php -y tags: - always -- name: Enable the php:remi-7.4 DNF module - tags: horde - command: dnf module enable php:remi-7.4 -y +# - name: Enable the php:remi-7.4 DNF module +# tags: horde +# command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - phpldapadmin - phpunit7 - - php74-php-fpm - - php74-php-pear + # - php74-php-fpm + # - php74-php-pear # - php74-php-tidy # - php74-php # - php74-php-ldap From 4af5374f6e08f413cf8606eb2b70bcb0d9cc9a25 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 21:47:51 +0200 Subject: [PATCH 129/181] enable RPM Fusion --- tasks/packages.yml | 182 ++++++++++++++++++++++----------------------- 1 file changed, 91 insertions(+), 91 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 16f5620..960ba7a 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -395,104 +395,104 @@ tags: horde dnf: name: - - phpldapadmin - - phpunit7 + # - phpldapadmin + # - phpunit7 # - php74-php-fpm # - php74-php-pear - # - php74-php-tidy - # - php74-php - # - php74-php-ldap - # - php74-php-mysql - # - php74-php-odbc - # - php74-php-mcrypt - # - php74-php-mhash - # - php74-php-pecl-mysql - # - php74-php-pecl-mysql-xdevapi - # - php74-php-pecl-crypto - # - php74-php-pecl-geoip - # - php74-php-pecl-pam - # - php74-php-pecl-imagick - # - php74-php-pecl-memcache - # - php74-php-pecl-http - # - php74-php-devel - # - php74-php-imap - # - php74-php-mbstring - # - php74-php-mysqlnd - # - php74-php-gd - # - php74-php-opcache - # - php74-php-json - # - php74-php-curl - # - php74-php-zip - # - php74-php-xml - # - php74-php-bz2 - # - php74-php-intl - # - php74-php-gmp - # - php74-php-cli - - php-channel-horde - - php-horde-Horde-Alarm - - php-horde-Horde-Argv - - php-horde-Horde-Auth - - php-horde-Horde-Autoloader - - php-horde-Horde-Browser - - php-horde-Horde-Cache - - php-horde-Horde-Cli - - php-horde-Horde-Compress - - php-horde-Horde-Core - - php-horde-Horde-Crypt - - php-horde-Horde-Dav - - php-horde-Horde-Db - - php-horde-Horde-Editor - - php-horde-Horde-ElasticSearch - - php-horde-Horde-Http - - php-horde-Horde-Image - - php-horde-Horde-Imap-Client - - php-horde-Horde-Ldap - - php-horde-Horde-ListHeaders - - php-horde-Horde-Log - - php-horde-Horde-Mail - - php-horde-Horde-Mail-Autoconfig - - php-horde-Horde-Memcache - - php-horde-Horde-Mime - - php-horde-Horde-Mime-Viewer - - php-horde-Horde-Notification - - php-horde-Horde-Oauth - - php-horde-Horde-Pdf - - php-horde-Horde-Perms - - php-horde-Horde-Prefs - - php-horde-Horde-Role - - php-horde-Horde-Routes - - php-horde-Horde-Rpc - - php-horde-Horde-Service-Weather - - php-horde-Horde-Smtp - - php-horde-Horde-Socket-Client - - php-horde-Horde-SyncMl - - php-horde-Horde-Template - - php-horde-Horde-Test - - php-horde-Horde-Text-Filter - - php-horde-Horde-Text-Filter-Csstidy - - php-horde-Horde-Text-Flowed - - php-horde-Horde-Tree - - php-horde-Horde-Url - - php-horde-Horde-Util - - php-horde-Horde-View - - php-horde-Horde-Xml-Element + # # - php74-php-tidy + # # - php74-php + # # - php74-php-ldap + # # - php74-php-mysql + # # - php74-php-odbc + # # - php74-php-mcrypt + # # - php74-php-mhash + # # - php74-php-pecl-mysql + # # - php74-php-pecl-mysql-xdevapi + # # - php74-php-pecl-crypto + # # - php74-php-pecl-geoip + # # - php74-php-pecl-pam + # # - php74-php-pecl-imagick + # # - php74-php-pecl-memcache + # # - php74-php-pecl-http + # # - php74-php-devel + # # - php74-php-imap + # # - php74-php-mbstring + # # - php74-php-mysqlnd + # # - php74-php-gd + # # - php74-php-opcache + # # - php74-php-json + # # - php74-php-curl + # # - php74-php-zip + # # - php74-php-xml + # # - php74-php-bz2 + # # - php74-php-intl + # # - php74-php-gmp + # # - php74-php-cli + # - php-channel-horde + # - php-horde-Horde-Alarm + # - php-horde-Horde-Argv + # - php-horde-Horde-Auth + # - php-horde-Horde-Autoloader + # - php-horde-Horde-Browser + # - php-horde-Horde-Cache + # - php-horde-Horde-Cli + # - php-horde-Horde-Compress + # - php-horde-Horde-Core + # - php-horde-Horde-Crypt + # - php-horde-Horde-Dav + # - php-horde-Horde-Db + # - php-horde-Horde-Editor + # - php-horde-Horde-ElasticSearch + # - php-horde-Horde-Http + # - php-horde-Horde-Image + # - php-horde-Horde-Imap-Client + # - php-horde-Horde-Ldap + # - php-horde-Horde-ListHeaders + # - php-horde-Horde-Log + # - php-horde-Horde-Mail + # - php-horde-Horde-Mail-Autoconfig + # - php-horde-Horde-Memcache + # - php-horde-Horde-Mime + # - php-horde-Horde-Mime-Viewer + # - php-horde-Horde-Notification + # - php-horde-Horde-Oauth + # - php-horde-Horde-Pdf + # - php-horde-Horde-Perms + # - php-horde-Horde-Prefs + # - php-horde-Horde-Role + # - php-horde-Horde-Routes + # - php-horde-Horde-Rpc + # - php-horde-Horde-Service-Weather + # - php-horde-Horde-Smtp + # - php-horde-Horde-Socket-Client + # - php-horde-Horde-SyncMl + # - php-horde-Horde-Template + # - php-horde-Horde-Test + # - php-horde-Horde-Text-Filter + # - php-horde-Horde-Text-Filter-Csstidy + # - php-horde-Horde-Text-Flowed + # - php-horde-Horde-Tree + # - php-horde-Horde-Url + # - php-horde-Horde-Util + # - php-horde-Horde-View + # - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - - php-horde-Horde-Compress-Fast - - php-horde-Horde-Crypt-Blowfish - - php-horde-Horde-Icalendar - - php-horde-Horde-Itip - - php-horde-Horde-Mapi - - php-horde-Horde-OpenXchange - - php-horde-Horde-Secret - - php-horde-Horde-Service-Gravatar - - php-horde-Horde-Text-Diff - - php-horde-Horde-Timezone - - php-horde-Horde-Vfs + # - php-horde-Horde-Compress-Fast + # - php-horde-Horde-Crypt-Blowfish + # - php-horde-Horde-Icalendar + # - php-horde-Horde-Itip + # - php-horde-Horde-Mapi + # - php-horde-Horde-OpenXchange + # - php-horde-Horde-Secret + # - php-horde-Horde-Service-Gravatar + # - php-horde-Horde-Text-Diff + # - php-horde-Horde-Timezone + # - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - - php-horde-Horde-Mongo + # - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 00e372872fc0d878d9b3bb02ce1cdbf63eb8f584 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:10:55 +0200 Subject: [PATCH 130/181] back to Remi, use an older version of PowerAdmin --- tasks/packages.yml | 192 ++++++++++++++++++++++----------------------- 1 file changed, 96 insertions(+), 96 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 960ba7a..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -388,111 +388,111 @@ command: dnf module reset php -y tags: - always -# - name: Enable the php:remi-7.4 DNF module -# tags: horde -# command: dnf module enable php:remi-7.4 -y +- name: Enable the php:remi-7.4 DNF module + tags: horde + command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: name: - # - phpldapadmin - # - phpunit7 - # - php74-php-fpm - # - php74-php-pear - # # - php74-php-tidy - # # - php74-php - # # - php74-php-ldap - # # - php74-php-mysql - # # - php74-php-odbc - # # - php74-php-mcrypt - # # - php74-php-mhash - # # - php74-php-pecl-mysql - # # - php74-php-pecl-mysql-xdevapi - # # - php74-php-pecl-crypto - # # - php74-php-pecl-geoip - # # - php74-php-pecl-pam - # # - php74-php-pecl-imagick - # # - php74-php-pecl-memcache - # # - php74-php-pecl-http - # # - php74-php-devel - # # - php74-php-imap - # # - php74-php-mbstring - # # - php74-php-mysqlnd - # # - php74-php-gd - # # - php74-php-opcache - # # - php74-php-json - # # - php74-php-curl - # # - php74-php-zip - # # - php74-php-xml - # # - php74-php-bz2 - # # - php74-php-intl - # # - php74-php-gmp - # # - php74-php-cli - # - php-channel-horde - # - php-horde-Horde-Alarm - # - php-horde-Horde-Argv - # - php-horde-Horde-Auth - # - php-horde-Horde-Autoloader - # - php-horde-Horde-Browser - # - php-horde-Horde-Cache - # - php-horde-Horde-Cli - # - php-horde-Horde-Compress - # - php-horde-Horde-Core - # - php-horde-Horde-Crypt - # - php-horde-Horde-Dav - # - php-horde-Horde-Db - # - php-horde-Horde-Editor - # - php-horde-Horde-ElasticSearch - # - php-horde-Horde-Http - # - php-horde-Horde-Image - # - php-horde-Horde-Imap-Client - # - php-horde-Horde-Ldap - # - php-horde-Horde-ListHeaders - # - php-horde-Horde-Log - # - php-horde-Horde-Mail - # - php-horde-Horde-Mail-Autoconfig - # - php-horde-Horde-Memcache - # - php-horde-Horde-Mime - # - php-horde-Horde-Mime-Viewer - # - php-horde-Horde-Notification - # - php-horde-Horde-Oauth - # - php-horde-Horde-Pdf - # - php-horde-Horde-Perms - # - php-horde-Horde-Prefs - # - php-horde-Horde-Role - # - php-horde-Horde-Routes - # - php-horde-Horde-Rpc - # - php-horde-Horde-Service-Weather - # - php-horde-Horde-Smtp - # - php-horde-Horde-Socket-Client - # - php-horde-Horde-SyncMl - # - php-horde-Horde-Template - # - php-horde-Horde-Test - # - php-horde-Horde-Text-Filter - # - php-horde-Horde-Text-Filter-Csstidy - # - php-horde-Horde-Text-Flowed - # - php-horde-Horde-Tree - # - php-horde-Horde-Url - # - php-horde-Horde-Util - # - php-horde-Horde-View - # - php-horde-Horde-Xml-Element + - phpldapadmin + - phpunit7 + - php74-php-fpm + - php74-php-pear + - php74-php-tidy + - php74-php + - php74-php-ldap + - php74-php-mysql + - php74-php-odbc + - php74-php-mcrypt + - php74-php-mhash + - php74-php-pecl-mysql + - php74-php-pecl-mysql-xdevapi + - php74-php-pecl-crypto + - php74-php-pecl-geoip + - php74-php-pecl-pam + - php74-php-pecl-imagick + - php74-php-pecl-memcache + - php74-php-pecl-http + - php74-php-devel + - php74-php-imap + - php74-php-mbstring + - php74-php-mysqlnd + - php74-php-gd + - php74-php-opcache + - php74-php-json + - php74-php-curl + - php74-php-zip + - php74-php-xml + - php74-php-bz2 + - php74-php-intl + - php74-php-gmp + - php74-php-cli + - php-channel-horde + - php-horde-Horde-Alarm + - php-horde-Horde-Argv + - php-horde-Horde-Auth + - php-horde-Horde-Autoloader + - php-horde-Horde-Browser + - php-horde-Horde-Cache + - php-horde-Horde-Cli + - php-horde-Horde-Compress + - php-horde-Horde-Core + - php-horde-Horde-Crypt + - php-horde-Horde-Dav + - php-horde-Horde-Db + - php-horde-Horde-Editor + - php-horde-Horde-ElasticSearch + - php-horde-Horde-Http + - php-horde-Horde-Image + - php-horde-Horde-Imap-Client + - php-horde-Horde-Ldap + - php-horde-Horde-ListHeaders + - php-horde-Horde-Log + - php-horde-Horde-Mail + - php-horde-Horde-Mail-Autoconfig + - php-horde-Horde-Memcache + - php-horde-Horde-Mime + - php-horde-Horde-Mime-Viewer + - php-horde-Horde-Notification + - php-horde-Horde-Oauth + - php-horde-Horde-Pdf + - php-horde-Horde-Perms + - php-horde-Horde-Prefs + - php-horde-Horde-Role + - php-horde-Horde-Routes + - php-horde-Horde-Rpc + - php-horde-Horde-Service-Weather + - php-horde-Horde-Smtp + - php-horde-Horde-Socket-Client + - php-horde-Horde-SyncMl + - php-horde-Horde-Template + - php-horde-Horde-Test + - php-horde-Horde-Text-Filter + - php-horde-Horde-Text-Filter-Csstidy + - php-horde-Horde-Text-Flowed + - php-horde-Horde-Tree + - php-horde-Horde-Url + - php-horde-Horde-Util + - php-horde-Horde-View + - php-horde-Horde-Xml-Element - php-horde-horde - php-horde-passwd - # - php-horde-Horde-Compress-Fast - # - php-horde-Horde-Crypt-Blowfish - # - php-horde-Horde-Icalendar - # - php-horde-Horde-Itip - # - php-horde-Horde-Mapi - # - php-horde-Horde-OpenXchange - # - php-horde-Horde-Secret - # - php-horde-Horde-Service-Gravatar - # - php-horde-Horde-Text-Diff - # - php-horde-Horde-Timezone - # - php-horde-Horde-Vfs + - php-horde-Horde-Compress-Fast + - php-horde-Horde-Crypt-Blowfish + - php-horde-Horde-Icalendar + - php-horde-Horde-Itip + - php-horde-Horde-Mapi + - php-horde-Horde-OpenXchange + - php-horde-Horde-Secret + - php-horde-Horde-Service-Gravatar + - php-horde-Horde-Text-Diff + - php-horde-Horde-Timezone + - php-horde-Horde-Vfs - php-horde-imp - php-horde-kronolith - php-horde-turba - # - php-horde-Horde-Mongo + - php-horde-Horde-Mongo - php-horde-ingo - php-horde-mnemo - php-horde-wicked From 0197063fa3116286efbca2096a7cad7046185e62 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Tue, 24 Oct 2023 22:19:33 +0200 Subject: [PATCH 131/181] use releasever, where possible --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..f488c6b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/8.x/yum + baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From b2a0a70549b8574c4b5c8fe93a348c76c6ad755c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:15:10 +0200 Subject: [PATCH 132/181] Lint Ansible files --- .github/workflows/ansible-lint.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/ansible-lint.yml diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..6de7ae4 --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,13 @@ +# .github/workflows/ansible-lint.yml +name: ansible-lint +on: + pull_request: + branches: ["main", "stable", "release/v*"] +jobs: + build: + name: Ansible Lint # Naming the build is important to use it as a status check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main # or version tag instead of 'main' From 40de0558b644dc1e825829c1c67c06f3dca12fda Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:17:49 +0200 Subject: [PATCH 133/181] fix ElasticSearch version --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index f488c6b..d216b78 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -58,7 +58,7 @@ block: | [elasticsearch] name=Elasticsearch repository for 8.x packages - baseurl=https://artifacts.elastic.co/packages/$releasever.x/yum + baseurl=https://artifacts.elastic.co/packages/8.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 From 6f1e682796df52e19000458ba0844ed41574477e Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:23:57 +0200 Subject: [PATCH 134/181] lint Python only if Python files changed --- .github/workflows/pylint.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 383e65c..e59569b 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -1,6 +1,9 @@ name: Pylint -on: [push] +on: + push: + paths: + - **/*.py jobs: build: From 28b5db4c17ad4872e82d26d50fb6180292992b5d Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:30:55 +0200 Subject: [PATCH 135/181] fix path match --- .github/workflows/pylint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index e59569b..85cba18 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -3,7 +3,7 @@ name: Pylint on: push: paths: - - **/*.py + - '**.py' jobs: build: From 3b2394822771b166311f53b6498fdaabf3c948af Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:32:53 +0200 Subject: [PATCH 136/181] add role name --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 1595f1a..755ff6b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,6 +2,7 @@ galaxy_info: author: Akos Balla description: Mail server suite on RPM-based distros + role_name: ansible-mailserver company: balla.cloud # If the issue tracker for your role is not on github, uncomment the From 566742d689c7e7010c350b335c6c6df106516ab5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:34:18 +0200 Subject: [PATCH 137/181] add namespace --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 755ff6b..43e70d4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,6 +3,7 @@ galaxy_info: author: Akos Balla description: Mail server suite on RPM-based distros role_name: ansible-mailserver + namespace: balla.cloud company: balla.cloud # If the issue tracker for your role is not on github, uncomment the From c6823ea1ecb8a896279a49020c50abd2bd468eca Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:39:17 +0200 Subject: [PATCH 138/181] add shellcheck --- .github/workflows/shellcheck.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/shellcheck.yml diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 0000000..a86c685 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,13 @@ +name: GitHub Workflow +on: + push: + branches: + - main +jobs: + shellcheck: + name: Shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run ShellCheck + uses: cfy9/shellcheck-action@main From 88232faf72776495229063667c299b548b7f7252 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:42:27 +0200 Subject: [PATCH 139/181] fix namespace --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 43e70d4..d28937e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ galaxy_info: author: Akos Balla description: Mail server suite on RPM-based distros role_name: ansible-mailserver - namespace: balla.cloud + namespace: balla_cloud company: balla.cloud # If the issue tracker for your role is not on github, uncomment the From d3030bb2c503080c13c336f541d6b8e465a28609 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:48:24 +0200 Subject: [PATCH 140/181] use Super Linter --- .github/workflows/ansible-lint.yml | 13 ------ .github/workflows/devskim.yml | 34 ---------------- .github/workflows/linter.yml | 65 ++++++++++++++++++++++++++++++ .github/workflows/pylint.yml | 26 ------------ .github/workflows/shellcheck.yml | 13 ------ 5 files changed, 65 insertions(+), 86 deletions(-) delete mode 100644 .github/workflows/ansible-lint.yml delete mode 100644 .github/workflows/devskim.yml create mode 100644 .github/workflows/linter.yml delete mode 100644 .github/workflows/pylint.yml delete mode 100644 .github/workflows/shellcheck.yml diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml deleted file mode 100644 index 6de7ae4..0000000 --- a/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,13 +0,0 @@ -# .github/workflows/ansible-lint.yml -name: ansible-lint -on: - pull_request: - branches: ["main", "stable", "release/v*"] -jobs: - build: - name: Ansible Lint # Naming the build is important to use it as a status check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Run ansible-lint - uses: ansible/ansible-lint@main # or version tag instead of 'main' diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml deleted file mode 100644 index 9acd113..0000000 --- a/.github/workflows/devskim.yml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: DevSkim - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - schedule: - - cron: '43 10 * * 6' - -jobs: - lint: - name: DevSkim - runs-on: ubuntu-20.04 - permissions: - actions: read - contents: read - security-events: write - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Run DevSkim scanner - uses: microsoft/DevSkim-Action@v1 - - - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: devskim-results.sarif diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml new file mode 100644 index 0000000..f6281ed --- /dev/null +++ b/.github/workflows/linter.yml @@ -0,0 +1,65 @@ +--- +################################# +################################# +## Super Linter GitHub Actions ## +################################# +################################# +name: Lint Code Base + +# +# Documentation: +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions +# + +############################# +# Start the job on all push # +############################# +on: + push: + branches-ignore: [master, main] + # Remove the line above to run when pushing to master + pull_request: + branches: [master, main] + +############### +# Set the Job # +############### +jobs: + build: + # Name the Job + name: Lint Code Base + # Set the agent to run on + runs-on: ubuntu-latest + + ############################################ + # Grant status permission for MULTI_STATUS # + ############################################ + permissions: + contents: read + packages: read + statuses: write + + ################## + # Load all steps # + ################## + steps: + ########################## + # Checkout the code base # + ########################## + - name: Checkout Code + uses: actions/checkout@v3 + with: + # Full git history is needed to get a proper + # list of changed files within `super-linter` + fetch-depth: 0 + + ################################ + # Run Linter against code base # + ################################ + - name: Lint Code Base + uses: super-linter/super-linter@v5 + env: + VALIDATE_ALL_CODEBASE: false + # Change to 'master' if your main branch differs + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml deleted file mode 100644 index 85cba18..0000000 --- a/.github/workflows/pylint.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Pylint - -on: - push: - paths: - - '**.py' - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: ["3.8", "3.9", "3.10"] - steps: - - uses: actions/checkout@v3 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 - with: - python-version: ${{ matrix.python-version }} - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install pylint - - name: Analysing the code with pylint - run: | - pylint $(git ls-files '*.py') diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml deleted file mode 100644 index a86c685..0000000 --- a/.github/workflows/shellcheck.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: GitHub Workflow -on: - push: - branches: - - main -jobs: - shellcheck: - name: Shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Run ShellCheck - uses: cfy9/shellcheck-action@main From c45f6ac5ca25700cb444d028e8db122333c51a33 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 01:50:18 +0200 Subject: [PATCH 141/181] use underscore --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index d28937e..ce90599 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,7 +2,7 @@ galaxy_info: author: Akos Balla description: Mail server suite on RPM-based distros - role_name: ansible-mailserver + role_name: ansible_mailserver namespace: balla_cloud company: balla.cloud From dfcf6a8d30a8a9b7fac6459af0191a1228339017 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 18:56:45 +0200 Subject: [PATCH 142/181] tag cron mails with cron --- tasks/os.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/os.yml b/tasks/os.yml index 8019d76..a8f5533 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -92,7 +92,7 @@ backup: yes env: yes name: MAILTO - job: "{{ mailserver_admin_user }}@{{ mailserver_domain }}" + job: "hostmaster+cron@{{ mailserver_domain }}" - name: Add GO path to PATH lineinfile: path: /etc/profile.d/gopath.sh From 2d4717ce17f12712863554b371d2a7c80f7812a2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:10:26 +0200 Subject: [PATCH 143/181] set ANSIBLE_DIRECTORY --- .github/workflows/linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f6281ed..f47a9bc 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -63,3 +63,4 @@ jobs: # Change to 'master' if your main branch differs DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ANSIBLE_DIRECTORY: . From 3632fd5f7131295b35ef56940a878fd2d7cc4ea0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:15:55 +0200 Subject: [PATCH 144/181] symlink role to tests --- tests/roles/ansible-mailserver | 1 + 1 file changed, 1 insertion(+) create mode 120000 tests/roles/ansible-mailserver diff --git a/tests/roles/ansible-mailserver b/tests/roles/ansible-mailserver new file mode 120000 index 0000000..945c9b4 --- /dev/null +++ b/tests/roles/ansible-mailserver @@ -0,0 +1 @@ +. \ No newline at end of file From 7c26d1577aa045d63aad72a04c4a4e86cbdef936 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:18:04 +0200 Subject: [PATCH 145/181] fix role symlink --- tests/roles/ansble-mailserver | 1 + tests/roles/ansible-mailserver | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) create mode 120000 tests/roles/ansble-mailserver delete mode 120000 tests/roles/ansible-mailserver diff --git a/tests/roles/ansble-mailserver b/tests/roles/ansble-mailserver new file mode 120000 index 0000000..c25bddb --- /dev/null +++ b/tests/roles/ansble-mailserver @@ -0,0 +1 @@ +../.. \ No newline at end of file diff --git a/tests/roles/ansible-mailserver b/tests/roles/ansible-mailserver deleted file mode 120000 index 945c9b4..0000000 --- a/tests/roles/ansible-mailserver +++ /dev/null @@ -1 +0,0 @@ -. \ No newline at end of file From dc9dca9006c7f843249357cd70160913f828c191 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:22:02 +0200 Subject: [PATCH 146/181] fix typo --- tests/roles/{ansble-mailserver => ansible-mailserver} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tests/roles/{ansble-mailserver => ansible-mailserver} (100%) diff --git a/tests/roles/ansble-mailserver b/tests/roles/ansible-mailserver similarity index 100% rename from tests/roles/ansble-mailserver rename to tests/roles/ansible-mailserver From 4d64985d7a369b1fd71b72c1366ab128038a663d Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:25:01 +0200 Subject: [PATCH 147/181] switch systemd to ansible.builtin.systemd_service --- handlers/main.yml | 44 ++++++++++++------------ tasks/antivirus.yml | 2 +- tasks/backups.yml | 8 ++--- tasks/dmarc.yml | 2 +- tasks/dns.yml | 6 ++-- tasks/dovecot.yml | 2 +- tasks/elasticsearch.yml | 2 +- tasks/firewall.yml | 2 +- tasks/local_dns_cache.yml | 2 +- tasks/mariadb.yml | 6 ++-- tasks/packages.yml | 4 +-- tasks/pdns.yml | 2 +- tasks/propagate_dkim_txt_records.yml | 2 +- tasks/propagate_ssl_txt_records.yml | 2 +- tasks/redis.yml | 2 +- tasks/restore_service_tarball_backup.yml | 4 +-- tasks/spamassassin.yml | 2 +- tasks/wireguard.yml | 4 +-- 18 files changed, 49 insertions(+), 49 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 25c5ba6..2703cea 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,90 +1,90 @@ --- - name: Restart amavisd - systemd: + ansible.builtin.systemd_service: name: amavisd daemon_reload: yes enabled: yes state: restarted - name: Restart clamav-freshclam - systemd: + ansible.builtin.systemd_service: name: clamav-freshclam daemon_reload: yes enabled: yes state: restarted - name: "Restart dirsrv@{{ mailserver_hostname }}" - systemd: + ansible.builtin.systemd_service: name: "dirsrv@{{ mailserver_hostname }}" daemon_reload: yes enabled: yes state: restarted - name: Restart dnsdist - systemd: + ansible.builtin.systemd_service: name: dnsdist daemon_reload: yes enabled: yes state: restarted - name: Restart dovecot - systemd: + ansible.builtin.systemd_service: name: dovecot daemon_reload: yes enabled: yes state: restarted - name: Restart fail2ban - systemd: + ansible.builtin.systemd_service: name: fail2ban daemon_reload: yes enabled: yes state: restarted - name: Restart firewalld - systemd: + ansible.builtin.systemd_service: name: firewalld daemon_reload: yes enabled: yes state: restarted - name: Restart httpd - systemd: + ansible.builtin.systemd_service: name: httpd daemon_reload: yes enabled: yes state: restarted - name: Restart mongod - systemd: + ansible.builtin.systemd_service: name: mongod daemon_reload: yes enabled: yes state: restarted - name: Restart NetworkManager - systemd: + ansible.builtin.systemd_service: name: NetworkManager daemon_reload: yes enabled: yes state: restarted - name: Restart opendkim - systemd: + ansible.builtin.systemd_service: name: opendkim daemon_reload: yes enabled: yes state: restarted - name: Restart opendmarc - systemd: + ansible.builtin.systemd_service: name: opendmarc daemon_reload: yes enabled: yes state: restarted - name: Restart pdns - systemd: + ansible.builtin.systemd_service: name: pdns daemon_reload: yes enabled: yes state: restarted - name: Restart pdns-recursor - systemd: + ansible.builtin.systemd_service: name: pdns-recursor daemon_reload: yes enabled: yes state: restarted - name: Restart php-fpm - systemd: + ansible.builtin.systemd_service: name: "{{ php_fpm_service }}" daemon_reload: yes enabled: yes @@ -95,25 +95,25 @@ loop_control: loop_var: php_fpm_service - name: Restart postfix - systemd: + ansible.builtin.systemd_service: name: postfix daemon_reload: yes enabled: yes state: restarted - name: Restart postgrey - systemd: + ansible.builtin.systemd_service: name: postgrey daemon_reload: yes enabled: yes state: restarted - name: Restart spamassassin - systemd: + ansible.builtin.systemd_service: name: spamassassin daemon_reload: yes enabled: yes state: restarted - name: Restart spamass-milter - systemd: + ansible.builtin.systemd_service: name: spamass-milter daemon_reload: yes enabled: yes @@ -131,19 +131,19 @@ group: root mode: 0644 - name: Restart systemd-resolved - systemd: + ansible.builtin.systemd_service: name: systemd-resolved daemon_reload: yes enabled: yes state: restarted - name: Restart vsftpd - systemd: + ansible.builtin.systemd_service: name: vsftpd daemon_reload: yes enabled: yes state: restarted - name: Restart WireGuard - systemd: + ansible.builtin.systemd_service: name: "wg_vpn.{{ systemd_unit_type }}" daemon_reload: yes state: started diff --git a/tasks/antivirus.yml b/tasks/antivirus.yml index 2387938..d1ab976 100644 --- a/tasks/antivirus.yml +++ b/tasks/antivirus.yml @@ -23,7 +23,7 @@ failed_when: "{{ sa_update.rc >= 4 }}" notify: Restart spamassassin - name: Enable systemd services - systemd: + ansible.builtin.systemd_service: name: "{{ item }}" daemon_reload: yes enabled: yes diff --git a/tasks/backups.yml b/tasks/backups.yml index 50adf62..3bcb93a 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -75,7 +75,7 @@ - pdns - wg_vpn - name: Ensure systemd is aware of the backup services - systemd: + ansible.builtin.systemd_service: name: "{{ item }}-backup" daemon_reload: yes enabled: no @@ -93,7 +93,7 @@ - pdns - wg_vpn - name: Enable the backup timers - systemd: + ansible.builtin.systemd_service: name: "{{ item }}-backup.timer" daemon_reload: yes enabled: yes @@ -119,7 +119,7 @@ command: "mariabackup --prepare --target-dir={{ mariadb_backup_path }}" - name: Stop MariaDB when: mariadb_backup_path is defined - systemd: + ansible.builtin.systemd_service: name: mariadb state: stopped - name: Erase data directory @@ -148,7 +148,7 @@ recurse: yes - name: Start MariaDB when: mariadb_backup_path is defined - systemd: + ansible.builtin.systemd_service: name: mariadb state: started - name: Stop LDAP server diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index 759c26b..7aa9673 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -38,7 +38,7 @@ when: 'public_dns == "yes"' loop: "{{ [mailserver_domain] + custom_domains }}" - name: Reload PowerDNS config - systemd: + ansible.builtin.systemd_service: name: pdns daemon_reload: yes enabled: yes diff --git a/tasks/dns.yml b/tasks/dns.yml index 8f0b7fd..5000eca 100644 --- a/tasks/dns.yml +++ b/tasks/dns.yml @@ -15,20 +15,20 @@ - name: Configure DNSDist import_tasks: dnsdist.yml - name: Make sure PowerDNS is running - systemd: + ansible.builtin.systemd_service: name: pdns daemon_reload: yes enabled: yes state: started when: 'public_dns == "yes"' - name: Make sure PowerDNS recursor is running - systemd: + ansible.builtin.systemd_service: name: pdns-recursor daemon_reload: yes enabled: yes state: started - name: Make sure DNSDist is running - systemd: + ansible.builtin.systemd_service: name: dnsdist daemon_reload: yes enabled: yes diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 84cb521..b40db50 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -108,7 +108,7 @@ - { comment: true, line: "!include auth-system.conf.ext"} notify: Restart dovecot - name: Make sure Dovecot is running - systemd: + ansible.builtin.systemd_service: name: dovecot daemon_reload: yes enabled: yes diff --git a/tasks/elasticsearch.yml b/tasks/elasticsearch.yml index b4221a3..73700f1 100644 --- a/tasks/elasticsearch.yml +++ b/tasks/elasticsearch.yml @@ -1,6 +1,6 @@ --- - name: Make sure ElasticSearch is running - systemd: + ansible.builtin.systemd_service: name: elasticsearch daemon_reload: yes enabled: yes diff --git a/tasks/firewall.yml b/tasks/firewall.yml index f8bc0a4..6f97290 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -1,6 +1,6 @@ --- - name: Ensure firewall is enabled - systemd: + ansible.builtin.systemd_service: name: firewalld daemon_reload: yes enabled: yes diff --git a/tasks/local_dns_cache.yml b/tasks/local_dns_cache.yml index ea2674d..975aa21 100644 --- a/tasks/local_dns_cache.yml +++ b/tasks/local_dns_cache.yml @@ -56,7 +56,7 @@ create: yes notify: Restart systemd-resolved - name: Make sure resolved is running - systemd: + ansible.builtin.systemd_service: name: systemd-resolved daemon_reload: yes enabled: yes diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index a023fcf..b771d20 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -1,6 +1,6 @@ --- - name: Make sure MariaDB is running - systemd: + ansible.builtin.systemd_service: name: mariadb daemon_reload: yes enabled: yes @@ -27,7 +27,7 @@ rescue: - name: Stop MariaDB when: reset == "yes" or forgotten_mariadb_root_password - systemd: + ansible.builtin.systemd_service: name: mariadb daemon-reload: yes enabled: yes @@ -61,7 +61,7 @@ command: "kill {{ mariadb_pid.stdout }}" - name: Make sure MariaDB is running when: reset == "yes" or forgotten_mariadb_root_password - systemd: + ansible.builtin.systemd_service: name: mariadb daemon_reload: yes enabled: yes diff --git a/tasks/packages.yml b/tasks/packages.yml index d216b78..ea6ea72 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -379,7 +379,7 @@ # tags: # - wireguard # - dyndns -# systemd: +# ansible.builtin.systemd_service: # name: php81-php-fpm # daemon_reload: yes # enabled: yes @@ -504,7 +504,7 @@ - name: Restart php74-php-fpm when: php74_packages.changed tags: horde - systemd: + ansible.builtin.systemd_service: name: php74-php-fpm daemon_reload: yes enabled: yes diff --git a/tasks/pdns.yml b/tasks/pdns.yml index 2ad3caf..e613c3c 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -53,7 +53,7 @@ when: 'public_dns == "yes"' notify: Restart pdns - name: Restart pdns - systemd: + ansible.builtin.systemd_service: name: pdns daemon_reload: yes enabled: yes diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 72b547b..68d94b5 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -17,7 +17,7 @@ content: "{{ desired_dkim_record }}" when: 'public_dns == "yes"' - name: Reload PowerDNS config - systemd: + ansible.builtin.systemd_service: name: "{{ item }}" daemon_reload: yes enabled: yes diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 526b465..2b9107f 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -11,7 +11,7 @@ append: yes when: 'public_dns == "yes"' - name: Reload PowerDNS config - systemd: + ansible.builtin.systemd_service: name: pdns daemon_reload: yes enabled: yes diff --git a/tasks/redis.yml b/tasks/redis.yml index 5ed36e1..9829372 100644 --- a/tasks/redis.yml +++ b/tasks/redis.yml @@ -1,6 +1,6 @@ --- - name: Make sure Redis is running - systemd: + ansible.builtin.systemd_service: name: redis daemon_reload: yes enabled: yes diff --git a/tasks/restore_service_tarball_backup.yml b/tasks/restore_service_tarball_backup.yml index 69ad013..b938c3c 100644 --- a/tasks/restore_service_tarball_backup.yml +++ b/tasks/restore_service_tarball_backup.yml @@ -1,6 +1,6 @@ --- - name: "Stop {{ service }}" - systemd: + ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes enabled: yes @@ -12,7 +12,7 @@ dest: / remote_src: yes - name: "Start {{ service }}" - systemd: + ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes enabled: yes diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index 71ee4cb..cbc5b0c 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -62,7 +62,7 @@ args: creates: /var/mail/SpamToJunk.svbin - name: Enable SpamAssassin update service - systemd: + ansible.builtin.systemd_service: name: sa-update.timer daemon_reload: yes enabled: yes diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index d69c176..5faf9e7 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -409,13 +409,13 @@ notify: Restart WireGuard - name: Enable WireGuard config watch tags: wireguard - systemd: + ansible.builtin.systemd_service: name: wg_vpn.path daemon_reload: yes enabled: yes - name: Load WireGuard config loader tags: wireguard - systemd: + ansible.builtin.systemd_service: name: wg_vpn.service daemon_reload: yes enabled: no From 3066adc62f95d5413eb1d36752c5ba009e7690bc Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:32:21 +0200 Subject: [PATCH 148/181] fix Jinja2 spacing --- defaults/main.yml | 20 ++++++++++---------- handlers/main.yml | 2 +- tasks/add_dns_record.yml | 18 +++++++++--------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index debb6e8..48b4dc0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,16 +42,16 @@ spamassassin_rules: value: > /(hi|hello|dear) ( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} - {%- for user in users|default([]) %} + {%- for user in users | default([]) %} {%- set mail_users = mail_users.append( user['name'] ) %} {%- endfor %} - {{- mail_users|join('|') -}} + {{- mail_users | join('|') -}} )@( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains|default([]) %} + {%- for domain in custom_domains | default([]) %} {%- set domains = domains.append( domain ) %} {%- endfor %} - {{- domains|join('|') -}} + {{- domains | join('|') -}} )/i - { type: "describe", key: "BE_POLITE", value: "This email doesn't use a proper name for the recipient" } - { type: "score", key: "BE_POLITE", value: "5.0" } @@ -79,16 +79,16 @@ spamassassin_rules: value: > Subject =~ /( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} - {%- for user in users|default([]) %} + {%- for user in users | default([]) %} {%- set mail_users = mail_users.append( user['name'] ) %} {%- endfor %} - {{- mail_users|join('|') -}} + {{- mail_users | join('|') -}} )@( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains|default([]) %} + {%- for domain in custom_domains | default([]) %} {%- set domains = domains.append( domain ) %} {%- endfor %} - {{- domains|join('|') -}} + {{- domains | join('|') -}} )/i - { type: "describe", key: "SUBJECT_SPAM", value: "Subject contains my email address."} - { type: "score", key: "SUBJECT_SPAM", value: "4.0" } @@ -97,10 +97,10 @@ spamassassin_rules: value: > To =~ /( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains|default([]) %} + {%- for domain in custom_domains | default([]) %} {%- set domains = domains.append( domain ) %} {%- endfor %} - {{- domains|join('|') -}} + {{- domains | join('|') -}} )/ - { type: "meta", key: "NO_DOMAIN_IN_TO", value: "!__DOMAIN_IN_TO" } - { type: "score", key: "NO_DOMAIN_IN_TO", value: "3.0" } diff --git a/handlers/main.yml b/handlers/main.yml index 2703cea..2e75944 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -124,7 +124,7 @@ content: | nameserver 127.0.0.1 nameserver ::1 - search {{ ([mailserver_domain] + custom_domains)|join(' ') }} + search {{ ([mailserver_domain] + custom_domains) | join(' ') }} backup: true force: true owner: root diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index 082c01d..d32a18e 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -3,20 +3,20 @@ set_fact: record_content: '"{{ record.content }}"' - name: Add DNS record - when: "{{ (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type)|split(',')) }}" + when: "{{ (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) }}" block: - - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl|default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl|default('3600') }} '{{ record.content }}'" + - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl|default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl|default('3600') }} '{{ record_content }}'" + - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Update or add DNS record when: record.append is not defined or not record.append block: - - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl|default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl|default('3600') }} '{{ record.content }}'" + - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl|default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl|default('3600') }} '{{ record_content }}'" + - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Rectify all zones command: pdnsutil rectify-all-zones From dc9b23356b1c18c06b14cf642321421712d138fd Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:34:21 +0200 Subject: [PATCH 149/181] use ansible.posix.sysctl instead of sysctl --- tasks/os.yml | 2 +- tasks/pdns_recursor.yml | 2 +- tasks/wireguard.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/os.yml b/tasks/os.yml index a8f5533..fc8aa1f 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -9,7 +9,7 @@ when: ansible_default_ipv6.address is not defined block: - name: Enable IPv6 via sysctl - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: 0 state: present diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index e62c991..08fc260 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -57,7 +57,7 @@ when: 'public_dns == "yes"' notify: Restart pdns-recursor - name: Set IPv6 route size - sysctl: + ansible.posix.sysctl: name: net.ipv6.route.max_size value: 16384 state: present # not required. choices: present;absent. Whether the entry should be present or absent in the sysctl file. diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 5faf9e7..4be781c 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -21,7 +21,7 @@ - iptable_nat - ip6table_nat - name: Set sysctl variables - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: 1 state: present # not required. choices: present;absent. Whether the entry should be present or absent in the sysctl file. From 1ac98f6bffdcb0277e48fd8914f2ded55bed0e21 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:35:40 +0200 Subject: [PATCH 150/181] define ansible.posix dependency --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index ce90599..75b44f2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -54,6 +54,7 @@ dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. collections: + - ansible.posix - community.crypto - community.general - community.dns From 3a2f1a042e6a3b0bf2a2f8d0a8862debc18d7675 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:48:22 +0200 Subject: [PATCH 151/181] define ansible.posix version --- meta/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 75b44f2..aefd725 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -54,7 +54,8 @@ dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. collections: - - ansible.posix + - name: ansible.posix + version: 1.5.4 - community.crypto - community.general - community.dns From 4b5a62fccc037ef6a18c3c3420e68f9b09b39e1e Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:49:40 +0200 Subject: [PATCH 152/181] remove duplicate line --- tasks/propagate_dkim_txt_records.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 68d94b5..cd41af1 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -57,5 +57,4 @@ - name: "{{ dkim_selector }}._domainkey.{{ domain_item }}" values: "{{ desired_dkim_record }}" mode: equals - always_ask_default_resolver: no when: desired_dkim_record != current_dkim_record From 0515b101ad36126316eddaddc52717058db705c8 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 19:53:42 +0200 Subject: [PATCH 153/181] set up requirements --- collections/requirements.yml | 4 ++++ meta/main.yml | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 collections/requirements.yml diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000..5a88281 --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,4 @@ +--- +collections: + - name: ansible.posix + version: 1.5.4 diff --git a/meta/main.yml b/meta/main.yml index aefd725..75b44f2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -54,8 +54,7 @@ dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. collections: - - name: ansible.posix - version: 1.5.4 + - ansible.posix - community.crypto - community.general - community.dns From 489480d940f53f5dab962c432387b0a488f1e762 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:06:15 +0200 Subject: [PATCH 154/181] exclude some devskim alerts --- .github/workflows/devskim.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index a7477ad..dbaae64 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -27,6 +27,8 @@ jobs: - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 + with: + exclude-rules: DS126858,DS137138,DS162092,DS169125,DS169126 - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 From 0cd3b99406b0bf3fc4e89d688c58f2c6b29cbfe2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:08:35 +0200 Subject: [PATCH 155/181] modprobe dependencies --- collections/requirements.yml | 2 ++ meta/main.yml | 2 +- tasks/os.yml | 2 +- tasks/packages.yml | 4 ++-- tasks/wireguard.yml | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 5a88281..8a51ac2 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -2,3 +2,5 @@ collections: - name: ansible.posix version: 1.5.4 + - name: community.general + version: 7.5.0 diff --git a/meta/main.yml b/meta/main.yml index 75b44f2..aebe4ad 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -55,7 +55,7 @@ dependencies: [] # if you add dependencies to this list. collections: - ansible.posix - - community.crypto - community.general + - community.crypto - community.dns - community.mysql diff --git a/tasks/os.yml b/tasks/os.yml index fc8aa1f..3c9e551 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -83,7 +83,7 @@ - ldap - postfixadmin - name: Enable ip_conntrack - modprobe: + community.general.modprobe: name: ip_conntrack state: present tags: wireguard diff --git a/tasks/packages.yml b/tasks/packages.yml index ea6ea72..5fee9ff 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -521,7 +521,7 @@ tags: wireguard block: - name: Load the WireGuard kernel module - modprobe: + community.general.modprobe: name: wireguard rescue: - name: Install UEK packages @@ -535,7 +535,7 @@ reboot_timeout: 600 msg: "Reboot initiated by Ansible to enable WireGuard" - name: Load the WireGuard kernel module - modprobe: + community.general.modprobe: name: wireguard - name: Install PEAR packages tags: horde diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 4be781c..0aca529 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -4,7 +4,7 @@ vars: port: "{{ wireguard.listen_port }}/udp" - name: Load kernel modules - modprobe: + community.general.modprobe: name: "{{ item }}" loop: - wireguard From f8bb88ea87051d03bb5ba31334bf252ede14b5c1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:28:30 +0200 Subject: [PATCH 156/181] community.mysql.mysql_user --- collections/requirements.yml | 2 ++ tasks/horde.yml | 2 +- tasks/mariadb.yml | 18 +++++++++--------- tasks/pdns.yml | 2 +- tasks/postfixadmin.yml | 2 +- tasks/poweradmin.yml | 2 +- 6 files changed, 15 insertions(+), 13 deletions(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 8a51ac2..034bc4b 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -4,3 +4,5 @@ collections: version: 1.5.4 - name: community.general version: 7.5.0 + - name: community.mysql + version: 3.7.2 diff --git a/tasks/horde.yml b/tasks/horde.yml index 3b6e525..339e198 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -57,7 +57,7 @@ mariadb_database: horde mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" - name: Set up Horde DB privileges - mysql_user: + community.mysql.mysql_user: name: hordeuser password: '{{ horde_db_password }}' priv: 'horde.*:ALL' diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index b771d20..ba03fae 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -8,7 +8,7 @@ - name: Set MariaDB root password block: - name: Set the MariaDB root password - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: localhost @@ -17,7 +17,7 @@ - name: Make sure MySQL root password is right block: - name: Ensure the MariaDB root password - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: localhost @@ -67,7 +67,7 @@ enabled: yes state: restarted - name: Delete anonymous MySQL server user for ansible_fqdn - mysql_user: + community.mysql.mysql_user: user: "" host: "{{ ansible_fqdn }}" state: absent @@ -75,14 +75,14 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Delete anonymous MySQL server user for localhost - mysql_user: + community.mysql.mysql_user: user: "" state: absent login_user: root login_password: "{{ mysql_root_password }}" no_log: yes - name: Secure the MySQL root user for IPV6 localhost (::1) - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: "::1" @@ -90,7 +90,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Secure the MySQL root user for IPV4 localhost (127.0.0.1) - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: 127.0.0.1 @@ -98,7 +98,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Secure the MySQL root user for localhost domain (localhost) - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: localhost @@ -106,7 +106,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Secure the MySQL root user for server_hostname domain - mysql_user: + community.mysql.mysql_user: user: root password: "{{ mysql_root_password }}" host: "{{ ansible_fqdn }}" @@ -121,7 +121,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Set up MariaBackup DB privileges - mysql_user: + community.mysql.mysql_user: name: mariabackup password: '{{ mariabackup_password }}' priv: '*.*:RELOAD,PROCESS,LOCK TABLES,REPLICATION CLIENT' diff --git a/tasks/pdns.yml b/tasks/pdns.yml index e613c3c..2442010 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -6,7 +6,7 @@ mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" when: 'public_dns == "yes"' - name: Set up PowerDNS DB privileges - mysql_user: + community.mysql.mysql_user: name: powerdns password: '{{ powerdns_db_password }}' priv: 'powerdnsdb.*:ALL' diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 7173659..540d9d1 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -30,7 +30,7 @@ mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" register: postfixadmin_db_state - name: Set up postfixadmin DB privileges - mysql_user: + community.mysql.mysql_user: name: postfixadmin password: '{{ postfixadmin_db_password }}' priv: 'postfixadmin.*:ALL' diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 201d9ea..cffd6fa 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -53,7 +53,7 @@ tags: - dyndns - poweradmin - mysql_user: + community.mysql.mysql_user: name: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' priv: 'powerdnsdb.*:SELECT,INSERT,UPDATE,DELETE' From c47d3d0184fd39b995242114ad67751fe0a1c3a2 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:37:23 +0200 Subject: [PATCH 157/181] community.crypto dependency --- collections/requirements.yml | 2 ++ tasks/ssl.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/collections/requirements.yml b/collections/requirements.yml index 034bc4b..987543a 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -6,3 +6,5 @@ collections: version: 7.5.0 - name: community.mysql version: 3.7.2 + - name: community.crypto + version: 2.15.1 diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 7377b7c..21fb6cd 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -142,7 +142,7 @@ - { path: "/etc/letsencrypt/live", entity: "apache", etype: "user", permissions: "rx"} - { path: "/etc/letsencrypt/archive", entity: "apache", etype: "user", permissions: "rx"} - name: Generate OpenSSL DHParam - openssl_dhparam: + community.crypto.openssl_dhparam: path: /etc/letsencrypt/dh.pem size: 4096 mode: u=rw,og=r From 6aa45a5609679ea36b02ad29fbd102910edb8056 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:42:25 +0200 Subject: [PATCH 158/181] use FQCNs --- handlers/main.yml | 4 ++-- tasks/autorestart.yml | 2 +- tasks/create_mariadb_schema.yml | 2 +- tasks/dovecot.yml | 2 +- tasks/fail2ban.yml | 2 +- tasks/horde.yml | 2 +- tasks/httpd.yml | 12 ++++++------ tasks/packages.yml | 2 +- tasks/pdns_recursor.yml | 2 +- tasks/postfix.yml | 2 +- tasks/poweradmin.yml | 4 ++-- tasks/propagate_dkim_txt_records.yml | 2 +- tasks/propagate_ssl_txt_records.yml | 2 +- tasks/read_wireguard_config.yml | 2 +- tasks/spamassassin.yml | 2 +- tasks/wireguard.yml | 2 +- 16 files changed, 23 insertions(+), 23 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 2e75944..5cf9520 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -119,7 +119,7 @@ enabled: yes state: restarted - name: Default to localhost in resolv.conf - copy: + ansible.builtin.copy: dest: /etc/resolv.conf content: | nameserver 127.0.0.1 @@ -153,5 +153,5 @@ loop_control: loop_var: systemd_unit_type - name: Warn on passwords - debug: + ansible.builtin.debug: msg: "!!!WARNING!!! All web UI admin passwords are set to the same as your admin user's password. For your own safety, change them before going live" diff --git a/tasks/autorestart.yml b/tasks/autorestart.yml index 06ec81e..faa54b9 100644 --- a/tasks/autorestart.yml +++ b/tasks/autorestart.yml @@ -7,7 +7,7 @@ owner: root group: root - name: "Deploy restart files for {{ service }}" - copy: + ansible.builtin.copy: src: systemd/restart.conf dest: "/etc/systemd/system/{{ service }}.service.d/restart.conf" mode: u=rw,og=r diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index f5a129c..6331b00 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -1,6 +1,6 @@ --- - name: "Upload {{ mariadb_database }} DB schema" - copy: + ansible.builtin.copy: src: "mariadb/{{ mariadb_database }}_schema.sql" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index b40db50..65696ed 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -64,7 +64,7 @@ groups: mail,apache append: yes - name: Upload complex Dovecot configs - copy: + ansible.builtin.copy: dest: "/etc/dovecot/conf.d/{{ item }}" src: "dovecot/{{ item }}" mode: u=rw,og=r diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml index 0d64fc7..4954ab4 100644 --- a/tasks/fail2ban.yml +++ b/tasks/fail2ban.yml @@ -1,6 +1,6 @@ --- - name: Create custom fail2ban filters - copy: + ansible.builtin.copy: src: "fail2ban/{{ item }}" dest: "/etc/fail2ban/filter.d/{{ item }}" loop: diff --git a/tasks/horde.yml b/tasks/horde.yml index 339e198..1c781cf 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -24,7 +24,7 @@ # - { file: '/etc/opt/remi/php81/php.ini', key: 'max_execution_time', value: '300' } notify: Restart php-fpm - name: Upload complex Horde configs - copy: + ansible.builtin.copy: dest: "/etc/horde/{{ item }}/conf.php" src: "horde/{{ item }}/conf.php" mode: u=rw diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 57386b5..97ab3bc 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -69,7 +69,7 @@ notify: Restart httpd - name: Deploy SSL config tags: ssl - copy: + ansible.builtin.copy: src: httpd/options-ssl-apache.conf dest: /etc/letsencrypt/options-ssl-apache.conf mode: u=rw,og=r @@ -79,7 +79,7 @@ notify: Restart httpd - name: Deploy Horde default config tags: horde - copy: + ansible.builtin.copy: src: httpd/php-horde-horde.conf dest: /etc/httpd/conf.d/php-horde-horde.conf mode: u=rw,og=r @@ -92,7 +92,7 @@ - webdav - ftp - wireguard - copy: + ansible.builtin.copy: src: httpd/userdir.conf dest: /etc/httpd/conf.d/userdir.conf mode: u=rw,og=r @@ -162,14 +162,14 @@ path: /etc/systemd/system/httpd.service.d state: directory - name: Increase startup timeout - copy: + ansible.builtin.copy: src: systemd/httpd.timeout.conf dest: /etc/systemd/system/httpd.service.d/timeout.conf backup: yes notify: Restart httpd - name: Create PAM module for HTTPD auth tags: webdav - copy: + ansible.builtin.copy: src: pam/httpd-auth dest: /etc/pam.d/httpd-auth owner: root @@ -197,7 +197,7 @@ mode: ug=r - name: Enable HTTPD PAM auth tags: webdav - copy: + ansible.builtin.copy: src: httpd/55-authnz_pam.conf dest: /etc/httpd/conf.modules.d/55-authnz_pam.conf mode: u=rw,og=r diff --git a/tasks/packages.yml b/tasks/packages.yml index 5fee9ff..fd4f55c 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -548,7 +548,7 @@ # - github.com/go-acme/lego/v4/cmd/lego@latest # tags: ssl # - name: Copy GO binaries to /usr/local/bin -# copy: +# ansible.builtin.copy: # src: "{{ ansible_env.HOME }}/go/bin/" # dest: /usr/local/bin/ # remote_src: yes diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index 08fc260..ea81c81 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -8,7 +8,7 @@ backup: yes when: 'public_dns == "yes"' # - name: Create LUA config -# copy: +# ansible.builtin.copy: # content: 'rpzFile("/etc/pdns-recursor/pdns-recursor.rpz", {defpol=Policy.NoAction})' # dest: /etc/pdns-recursor/recursorconf.lua # owner: pdns-recursor diff --git a/tasks/postfix.yml b/tasks/postfix.yml index c550f91..a690a47 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -36,7 +36,7 @@ vars: service: postfix - name: Deploy Postfix master config - copy: + ansible.builtin.copy: src: postfix/master.cf dest: /etc/postfix/master.cf mode: u=rw,og=r diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index cffd6fa..a01c6fc 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -126,7 +126,7 @@ when: 'public_dns == "yes" and not htaccess_exists.stat.exists' block: - name: Set up DynDNS .htaccess from installer files - copy: + ansible.builtin.copy: src: /var/www/poweradmin/install/htaccess.dist dest: /var/www/poweradmin/.htaccess remote_src: yes @@ -135,7 +135,7 @@ mode: ug=rw,o=r rescue: - name: Set up DynDNS .htaccess from repository - copy: + ansible.builtin.copy: src: poweradmin/htaccess.dist dest: /var/www/poweradmin/.htaccess owner: apache diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index cd41af1..ec82d9e 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -35,7 +35,7 @@ - 5301 - 53 - name: "Warn user to set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record with the DKIM keys" - debug: + ansible.builtin.debug: msg: - "" - "Please, set up the following TXT record with your DNS provider if not done yet:" diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 2b9107f..e2efad3 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -18,7 +18,7 @@ state: restarted when: 'public_dns == "yes"' - name: "Warn user to set up TXT records with the Let's Encrypt challenge for {{ challenge_item.key }}" - debug: + ansible.builtin.debug: msg: - "" - "Please, set up the following TXT record with your DNS provider if not done yet:" diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml index eadc8ae..fa7f2dd 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/read_wireguard_config.yml @@ -13,7 +13,7 @@ - name: Gather WiregGuard config lines set_fact: wireguard_config_lines: "{{ wg_config_content.content|b64decode|split('\n') }}" - - debug: + - ansible.builtin.debug: var: wg_config_lines - name: Gather WireGuard config sections include_tasks: gather_wireguard_config_sections.yml diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index cbc5b0c..9032aa7 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -49,7 +49,7 @@ loop: "{{ spamassassin_rules }}" notify: Restart spamassassin - name: Upload sieve config - copy: + ansible.builtin.copy: dest: /var/mail/SpamToJunk.sieve src: spamassassin/SpamToJunk.sieve mode: u=rw,og=r diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 0aca529..0e6fc7a 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -385,7 +385,7 @@ when: item != "server" - name: Deploy WireGuard SystemD config path watcher tags: wireguard - copy: + ansible.builtin.copy: src: systemd/wg_vpn.path dest: /etc/systemd/system/wg_vpn.path notify: Restart WireGuard From aa512f4a88c4c941589ca14beaac880dac2a061a Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:44:31 +0200 Subject: [PATCH 159/181] use FQCNs --- meta/main.yml | 2 +- tasks/add_dns_record.yml | 2 +- tasks/define_vpn_clients.yml | 2 +- tasks/delete_dns_record.yml | 2 +- tasks/gather_wireguard_config_sections.yml | 18 +++++++++--------- tasks/generate_wireguard_keys.yml | 10 +++++----- tasks/main.yml | 4 ++-- tasks/postfixadmin.yml | 2 +- tasks/poweradmin.yml | 4 ++-- tasks/propagate_dkim_txt_records.yml | 2 +- tasks/read_wireguard_config.yml | 2 +- tasks/ssl.yml | 2 +- tasks/wireguard.yml | 8 ++++---- 13 files changed, 30 insertions(+), 30 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index aebe4ad..78a8079 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -19,7 +19,7 @@ galaxy_info: # - CC-BY-4.0 license: GPL-3.0-only - min_ansible_version: 2.9 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index d32a18e..17b71a6 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -1,6 +1,6 @@ --- - name: 'Quote and escape record content "{{ record.content }}"' - set_fact: + ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: Add DNS record when: "{{ (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) }}" diff --git a/tasks/define_vpn_clients.yml b/tasks/define_vpn_clients.yml index 4b96bfb..fbd2f71 100644 --- a/tasks/define_vpn_clients.yml +++ b/tasks/define_vpn_clients.yml @@ -1,6 +1,6 @@ --- - name: Fill array of WireGuard clients - set_fact: + ansible.builtin.set_fact: next_ip_segment: "{{ next_ip_segment | int + 1 }}" wg_clients: "{{ wg_clients|default([]) + [vpn_client|combine({'name': vpn_client.name, 'owner': vpn_config_owner, 'cidr': current_ipv4 ~ ', ' ~ current_ipv6})] }}" loop: "{{ vpn_config_data }}" diff --git a/tasks/delete_dns_record.yml b/tasks/delete_dns_record.yml index c52c794..47b8d5f 100644 --- a/tasks/delete_dns_record.yml +++ b/tasks/delete_dns_record.yml @@ -1,6 +1,6 @@ --- - name: 'Quote and escape record content "{{ record.content }}"' - set_fact: + ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" diff --git a/tasks/gather_wireguard_config_sections.yml b/tasks/gather_wireguard_config_sections.yml index a7ffc6d..941291d 100644 --- a/tasks/gather_wireguard_config_sections.yml +++ b/tasks/gather_wireguard_config_sections.yml @@ -1,38 +1,38 @@ --- - name: Set server config when: '{{ "[Interface]" == wireguard_config_line }}' - set_fact: + ansible.builtin.set_fact: current_wireguard_section: server - name: Set server private key when: current_wireguard_section == 'server' and 'PrivateKey' in wireguard_config_line - set_fact: + ansible.builtin.set_fact: wg_server_private_key: "{{ wireguard_config_line|split(' ')|last }}" - name: Set client config when: '{{ "[Peer]" == wireguard_config_line }}' - set_fact: + ansible.builtin.set_fact: current_wireguard_section: client wg_client_count: "{{ wg_client_count|default(0)|int + 1 }}" - name: Set client name when: current_wireguard_section == 'client' and 'owned by' in wireguard_config_line - set_fact: + ansible.builtin.set_fact: wg_client_name: "{{ (wireguard_config_line|split(' '))[2] }}" - name: Set client owner when: current_wireguard_section == 'client' and 'owned by' in wireguard_config_line - set_fact: + ansible.builtin.set_fact: wg_client_owner: "{{ wireguard_config_line|split(' ')|last }}" - name: Set client pre-shared key when: current_wireguard_section == 'client' and 'PresharedKey' in wireguard_config_line - set_fact: + ansible.builtin.set_fact: wg_server_psk: "{{ wireguard_config_line|split(' ')|last }}" - name: Set wireguard config server section when: current_wireguard_section == 'server' and wg_server_private_key is defined and "[Peer]" == wireguard_config_line - set_fact: + ansible.builtin.set_fact: wg_server: '{{ wg_server|default({})|combine({"privatekey": wg_server_private_key}) }}' - name: Set wireguard config client section when: '{{ "[Peer]" == wireguard_config_line }}' - set_fact: + ansible.builtin.set_fact: last_wg_client: '{{ wg_client_count|default(0) }}' - name: Set wireguard config client section when: current_wireguard_section == 'client' and (wg_client_count < last_wg_client or ansible_loop.last) and wg_client_name is defined and wg_client_owner is defined and wg_client_psk is defined - set_fact: + ansible.builtin.set_fact: wg_clients: '{{ wg_clients|default([]) + {"name": wg_client_name, "owner": wg_client_owner, "psk": wg_server_psk} }}' diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index a514ddd..04692c9 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -4,7 +4,7 @@ when: wg_privatekey is not defined or wg_privatekey == "" register: wg_privatekey_output - name: "Fetch private key for {{ wg_name }} from config" - set_fact: + ansible.builtin.set_fact: wg_privatekey_output: stdout: "{{ wg_privatekey }}" when: wg_privatekey is defined and wg_privatekey != "" @@ -15,7 +15,7 @@ when: wg_publickey is not defined or wg_publickey == "" register: wg_publickey_output - name: "Fetch public key from config for {{ wg_name }}" - set_fact: + ansible.builtin.set_fact: wg_publickey_output: stdout: "{{ wg_publickey }}" when: wg_publickey is defined and wg_publickey != "" @@ -24,13 +24,13 @@ when: wg_psk is not defined or wg_psk == "" register: wg_psk_output - name: "Fetch pre-shared key for {{ wg_name }} from config" - set_fact: + ansible.builtin.set_fact: wg_psk_output: stdout: "{{ wg_psk }}" when: wg_psk is defined and wg_psk != "" - name: "Generate JSON config for {{ wg_name }}" - set_fact: + ansible.builtin.set_fact: wg_configs_json: '{"{{ wg_name }}": {"privatekey": "{{ wg_privatekey_output.stdout }}", "publickey": "{{ wg_publickey_output.stdout }}", "psk": "{{ wg_psk_output.stdout }}", "owner": "{{ wg_owner }}", "cidr": "{{ wg_cidr }}"}}' - name: "Add {{ wg_name }} to the WireGuard config array" - set_fact: + ansible.builtin.set_fact: wg_configs: "{{ wg_configs|default({})|combine(wg_configs_json) }}" diff --git a/tasks/main.yml b/tasks/main.yml index 6e9f5a9..7886246 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,7 +3,7 @@ - name: Gather facts setup: - name: Generate passwords if they don't exist yet - set_fact: + ansible.builtin.set_fact: postfixadmin_db_password: "{{ postfixadmin_db_password | default(lookup('password', '/tmp/ansible-mailserver-install.postfixadmin_db_password chars=ascii_letters,digits')) }}" horde_db_password: "{{ horde_db_password | default(lookup('password', '/tmp/ansible-mailserver-install.horde_db_password chars=ascii_letters,digits')) }}" powerdns_db_password: "{{ powerdns_db_password | default(lookup('password', '/tmp/ansible-mailserver-install.powerdns_db_password chars=ascii_letters,digits')) }}" @@ -15,7 +15,7 @@ no_log: yes tags: always - name: Fill authorized submit user list - set_fact: + ansible.builtin.set_fact: authorized_submit_users: "{{ authorized_submit_users + [ item.name ] }}" loop: "{{ users }}" no_log: yes diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 540d9d1..3064a57 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -6,7 +6,7 @@ url: https://github.com/postfixadmin/postfixadmin/releases/latest register: postfixadmin_download_site - name: Parse version - set_fact: + ansible.builtin.set_fact: postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-','') }}" - name: Unpack postfixadmin unarchive: diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index a01c6fc..0e9c81c 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -9,7 +9,7 @@ # url: https://github.com/poweradmin/poweradmin/releases/latest # register: poweradmin_download_site - name: Parse version - set_fact: + ansible.builtin.set_fact: # poweradmin_version: "{{ poweradmin_download_site.url | replace('https://github.com/poweradmin/poweradmin/releases/tag/v','') }}" poweradmin_version: 3.4.2 # enforcing PowerAdmin with a verion which supports PHP 7 to avoid package clash with other packages when: 'public_dns == "yes"' @@ -45,7 +45,7 @@ tags: - dyndns - poweradmin - set_fact: + ansible.builtin.set_fact: poweradmin_session_key: "{{ poweradmin_session_key | default(lookup('password', '/tmp/ansible-mailserver-install.poweradmin_session_key chars=ascii_lowercase,ascii_uppercase,digits,@,#,$,%,^,*,(,),_,-,! length=46')) }}" no_log: yes when: 'public_dns == "yes"' diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index ec82d9e..5de3e59 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -3,7 +3,7 @@ command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" register: dkim_keys - name: "Parse DKIM keys for {{ domain_item }}" - set_fact: + ansible.builtin.set_fact: desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml index fa7f2dd..0e29729 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/read_wireguard_config.yml @@ -11,7 +11,7 @@ src: "{{ wg_config_file }}" register: wg_config_content - name: Gather WiregGuard config lines - set_fact: + ansible.builtin.set_fact: wireguard_config_lines: "{{ wg_config_content.content|b64decode|split('\n') }}" - ansible.builtin.debug: var: wg_config_lines diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 21fb6cd..6932df3 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,6 +1,6 @@ --- - name: Determine ACME directory - set_fact: + ansible.builtin.set_fact: acme_directory: "https://acme-{{ 'staging-' if production is not defined or not production else '' }}v02.api.letsencrypt.org/directory" - name: Create Certbot config directories file: diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 0e6fc7a..7ae4830 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -56,17 +56,17 @@ vars: wg_config_file: "{{ wireguard.config_dir }}/{{ wireguard.interface }}.conf" - name: Define read server values - set_fact: + ansible.builtin.set_fact: wg_server: privatekey: "{{ wg_interface.PrivateKey|default('') }}" publickey: "{{ wg_peer.PublicKey|default('') }}" psk: "{{ wg_peer.PresharedKey|default('') }}" cidr: "{{ wg_interface.AllowedIPs|default('') }}" - name: Set WireGuard server config - set_fact: + ansible.builtin.set_fact: wg_server: "{{ wg_server|default({})|combine(wireguard.server|default({}), recursive=True) }}" - name: Set the next client's last IP segment - set_fact: + ansible.builtin.set_fact: next_ip_segment: 2 - name: Generate WireGuard server keys import_tasks: generate_wireguard_keys.yml @@ -136,7 +136,7 @@ loop_var: wg_client when: wg_client != "server" - name: Collect user home directories - set_fact: + ansible.builtin.set_fact: user_home: "{{ user_home | default({}) | combine({item['name']: item['home']} )}}" when: item.name is defined loop: "{{ user_info.results }}" From fc66848a503b838d5c2f36a39dc055d80d51757f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 20:46:41 +0200 Subject: [PATCH 160/181] use FQCNs --- tasks/add_dns_record.yml | 12 ++++++------ tasks/antivirus.yml | 4 ++-- tasks/backups.yml | 10 +++++----- tasks/delete_dns_record.yml | 2 +- tasks/dkim.yml | 2 +- tasks/dns_records.yml | 16 ++++++++-------- tasks/generate_wireguard_keys.yml | 6 +++--- tasks/horde.yml | 2 +- tasks/imapsync.yml | 2 +- tasks/ldap.yml | 20 ++++++++++---------- tasks/mariadb.yml | 4 ++-- tasks/os.yml | 2 +- tasks/packages.yml | 20 ++++++++++---------- tasks/postfix.yml | 10 +++++----- tasks/postfixadmin.yml | 4 ++-- tasks/poweradmin.yml | 2 +- tasks/propagate_dkim_txt_records.yml | 2 +- tasks/spamassassin.yml | 8 ++++---- tasks/ssl.yml | 4 ++-- tasks/webdav.yml | 2 +- 20 files changed, 67 insertions(+), 67 deletions(-) diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index 17b71a6..6b711d7 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -3,20 +3,20 @@ ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: Add DNS record - when: "{{ (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) }}" + when: (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) block: - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" + ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" + ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Update or add DNS record when: record.append is not defined or not record.append block: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" + ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' - command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" + ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Rectify all zones - command: pdnsutil rectify-all-zones + ansible.builtin.command: pdnsutil rectify-all-zones diff --git a/tasks/antivirus.yml b/tasks/antivirus.yml index d1ab976..7e08c89 100644 --- a/tasks/antivirus.yml +++ b/tasks/antivirus.yml @@ -15,10 +15,10 @@ backup: yes notify: Restart amavisd - name: Refresh ClamAV database - command: freshclam + ansible.builtin.command: freshclam notify: Restart clamav-freshclam - name: Update SPAMAssassin's signatures - command: sa-update -D + ansible.builtin.command: sa-update -D register: sa_update failed_when: "{{ sa_update.rc >= 4 }}" notify: Restart spamassassin diff --git a/tasks/backups.yml b/tasks/backups.yml index 3bcb93a..e238cbe 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -116,7 +116,7 @@ block: - name: Prepare MariaDB backup when: mariadb_backup_path is defined - command: "mariabackup --prepare --target-dir={{ mariadb_backup_path }}" + ansible.builtin.command: "mariabackup --prepare --target-dir={{ mariadb_backup_path }}" - name: Stop MariaDB when: mariadb_backup_path is defined ansible.builtin.systemd_service: @@ -137,7 +137,7 @@ mode: u=rwx,go=rx - name: Restore MariaDB backup when: mariadb_backup_path is defined - command: "mariabackup --copy-back --target-dir={{ mariadb_backup_path }}" + ansible.builtin.command: "mariabackup --copy-back --target-dir={{ mariadb_backup_path }}" - name: Ensure data directory permissions when: mariadb_backup_path is defined file: @@ -153,7 +153,7 @@ state: started - name: Stop LDAP server when: ldap_backup_path is defined - command: "dsctl {{ mailserver_hostname }} stop" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} stop" - name: Prepare LDAP backup when: ldap_backup_path is defined unarchive: @@ -164,10 +164,10 @@ register: ldap_backup_files - name: Restore LDAP backup when: ldap_backup_path is defined - command: "dsctl {{ mailserver_hostname }} bak2db /{{ ldap_backup_files.files[0] }}" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} bak2db /{{ ldap_backup_files.files[0] }}" - name: Start LDAP server when: ldap_backup_path is defined - command: "dsctl {{ mailserver_hostname }} start" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" - name: Restore service tarball backups include_tasks: restore_service_tarball_backup.yml vars: diff --git a/tasks/delete_dns_record.yml b/tasks/delete_dns_record.yml index 47b8d5f..c4b28a1 100644 --- a/tasks/delete_dns_record.yml +++ b/tasks/delete_dns_record.yml @@ -3,4 +3,4 @@ ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' - command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" + ansible.builtin.command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" diff --git a/tasks/dkim.yml b/tasks/dkim.yml index 5d03dbc..023c76d 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -70,7 +70,7 @@ recurse: yes loop: "{{ [''] + [mailserver_domain] + custom_domains }}" - name: Create OpenDKIM keys - command: "opendkim-genkey -b 2048 -d {{ item }} -D /etc/opendkim/keys/{{ item }} -s {{ dkim_selector }} -v" + ansible.builtin.command: "opendkim-genkey -b 2048 -d {{ item }} -D /etc/opendkim/keys/{{ item }} -s {{ dkim_selector }} -v" args: creates: "/etc/opendkim/keys/{{ item }}/{{ dkim_selector }}.private" loop: "{{ [mailserver_domain] + custom_domains }}" diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index ad52117..471c8a5 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -1,6 +1,6 @@ --- - name: Fetch already existing DNS zones - command: "pdnsutil list-all-zones" + ansible.builtin.command: "pdnsutil list-all-zones" become: yes become_user: pdns when: 'public_dns == "yes"' @@ -8,20 +8,20 @@ - name: Create zones block: - name: Create DNS zones - command: "pdnsutil create-zone {{ item }} ns.{{ mailserver_domain }}" + ansible.builtin.command: "pdnsutil create-zone {{ item }} ns.{{ mailserver_domain }}" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: 'public_dns == "yes"' rescue: - name: Create DNS zones - command: "pdnsutil --force create-zone {{ item }} ns.{{ mailserver_domain }}" + ansible.builtin.command: "pdnsutil --force create-zone {{ item }} ns.{{ mailserver_domain }}" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: 'reset and public_dns == "yes"' - name: Make sure local zones are master zones - command: "pdnsutil set-kind {{ item }} primary" + ansible.builtin.command: "pdnsutil set-kind {{ item }} primary" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" @@ -39,7 +39,7 @@ loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] }}" when: '{{ public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) }}' - name: Set up DNSSEC - command: "pdnsutil secure-zone {{ item }}" + ansible.builtin.command: "pdnsutil secure-zone {{ item }}" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains }}" @@ -52,13 +52,13 @@ loop: "{{ enable_dnssec.results }}" when: '{{ (item.rc != 0) and ("already secure, remove keys with pdnsutil remove-zone-key if needed" not in item.stderr) }}' - name: Count DNS records - command: 'pdnsutil list-zone {{ item }}' + ansible.builtin.command: 'pdnsutil list-zone {{ item }}' register: zone_records loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - name: Correct SOA record for all domains - command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines|length }} 10800 3600 604800 3600"' + ansible.builtin.command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines|length }} 10800 3600 604800 3600"' loop: "{{ zone_records.results }}" loop_control: loop_var: zone_record - name: Rectify all zones - command: pdnsutil rectify-all-zones + ansible.builtin.command: pdnsutil rectify-all-zones diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index 04692c9..cc3373a 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -1,6 +1,6 @@ --- - name: "Generate private key for {{ wg_name }}" - command: wg genkey + ansible.builtin.command: wg genkey when: wg_privatekey is not defined or wg_privatekey == "" register: wg_privatekey_output - name: "Fetch private key for {{ wg_name }} from config" @@ -9,7 +9,7 @@ stdout: "{{ wg_privatekey }}" when: wg_privatekey is defined and wg_privatekey != "" - name: "Generate public key for {{ wg_name }}" - command: wg pubkey + ansible.builtin.command: wg pubkey args: stdin: "{{ wg_privatekey_output.stdout }}" when: wg_publickey is not defined or wg_publickey == "" @@ -20,7 +20,7 @@ stdout: "{{ wg_publickey }}" when: wg_publickey is defined and wg_publickey != "" - name: "Generate pre-shared key for {{ wg_name }}" - command: wg genpsk + ansible.builtin.command: wg genpsk when: wg_psk is not defined or wg_psk == "" register: wg_psk_output - name: "Fetch pre-shared key for {{ wg_name }} from config" diff --git a/tasks/horde.yml b/tasks/horde.yml index 1c781cf..4d31901 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -66,7 +66,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Generate Horde DB schema - command: horde-db-migrate + ansible.builtin.command: horde-db-migrate - name: Enable ActiveSync mysql_query: login_db: horde diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 5e264e4..ca1f48f 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -5,7 +5,7 @@ tags: imapsync block: - name: Sync old IMAP for the first time (this might tale a while...) - command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" + ansible.builtin.command: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" environment: IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" IMAPSYNC_PASSWORD2: "{{ current_user.password }}" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index 58d256e..368179d 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -32,17 +32,17 @@ - name: Apply LDAP server configuration block: - name: Configure LDAP server - command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf + ansible.builtin.command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf register: dscreate_status rescue: - name: Start LDAP server - command: "dsctl {{ mailserver_hostname }} start" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" when: reset == "yes" - name: Create backup before taking destructive actions - command: "dsconf {{ mailserver_hostname }} backup create" + ansible.builtin.command: "dsconf {{ mailserver_hostname }} backup create" when: reset == "yes" - name: List LDAP server backups - command: "dsctl {{ mailserver_hostname }} backups" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} backups" register: ldap_backups when: reset == "yes" - name: Create backup directory @@ -65,21 +65,21 @@ force_archive: yes when: reset == "yes" - name: Uninstall LDAP server - command: "dsctl {{ mailserver_hostname }} remove --do-it" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} remove --do-it" when: reset == "yes" - name: Configure LDAP server - command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf + ansible.builtin.command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf when: reset == "yes" register: dscreate_status - name: Start LDAP server - command: "dsctl {{ mailserver_hostname }} start" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" - name: Import TLS certificate for LDAP - command: "dsctl {{ mailserver_hostname }} tls import-server-key-cert /etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem /etc/letsencrypt/certificates/{{ mailserver_domain }}.key" + ansible.builtin.command: "dsctl {{ mailserver_hostname }} tls import-server-key-cert /etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem /etc/letsencrypt/certificates/{{ mailserver_domain }}.key" - name: Enable LDAP plugins - command: "dsconf {{ mailserver_hostname }} plugin {{ item }} enable" + ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin {{ item }} enable" loop: - memberof - automember - name: Configure the memberof plugin to search all entries - command: "dsconf {{ mailserver_hostname }} plugin memberof set --scope dc={{ mailserver_domain.split('.')|join(',dc=') }}" + ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin memberof set --scope dc={{ mailserver_domain.split('.')|join(',dc=') }}" when: "dscreate_status is defined and dscreate_status.rc is defined and dscreate_status.rc == 0" diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index ba03fae..685d15f 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -54,11 +54,11 @@ no_log: yes - name: Read MariaDB PID when: reset == "yes" or forgotten_mariadb_root_password - command: cat /var/run/mariadb/mariadb.pid + ansible.builtin.command: cat /var/run/mariadb/mariadb.pid register: mariadb_pid - name: Stop MariaDB when: reset == "yes" or forgotten_mariadb_root_password - command: "kill {{ mariadb_pid.stdout }}" + ansible.builtin.command: "kill {{ mariadb_pid.stdout }}" - name: Make sure MariaDB is running when: reset == "yes" or forgotten_mariadb_root_password ansible.builtin.systemd_service: diff --git a/tasks/os.yml b/tasks/os.yml index 3c9e551..3a11150 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -4,7 +4,7 @@ register: getenforce tags: always - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" - command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" + ansible.builtin.command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" - name: Enable IPv6 when: ansible_default_ipv6.address is not defined block: diff --git a/tasks/packages.yml b/tasks/packages.yml index fd4f55c..7ff893d 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -170,18 +170,18 @@ backup: yes create: yes - name: Enable PowerTools - command: dnf config-manager --set-enable powertools + ansible.builtin.command: dnf config-manager --set-enable powertools - name: Enable the go-toolset DNF module - command: dnf module enable go-toolset -y + ansible.builtin.command: dnf module enable go-toolset -y - name: Query DNF repo list tags: - ldap - dns - command: dnf repolist + ansible.builtin.command: dnf repolist register: dnf_repolist - name: Enable the COPR repositories when: "{{ ('copr:copr.fedorainfracloud.org:' ~ (item | split(' ') | first | replace('@', 'group_') | replace('/', ':'))) not in dnf_repolist.stdout }}" - command: "dnf copr enable -y {{ item }}" + ansible.builtin.command: "dnf copr enable -y {{ item }}" tags: - ldap - dns @@ -349,7 +349,7 @@ # - php-gettext-gettext state: latest # - name: Reset the PHP DNF module -# command: dnf module reset php -y +# ansible.builtin.command: dnf module reset php -y # tags: # - wireguard # - dyndns @@ -357,7 +357,7 @@ # tags: # - wireguard # - dyndns -# command: dnf module enable php:remi-8.1 -y +# ansible.builtin.command: dnf module enable php:remi-8.1 -y # - name: Install PHP 8.1 packages # tags: # - wireguard @@ -385,12 +385,12 @@ # enabled: yes # state: restarted - name: Reset the PHP DNF module - command: dnf module reset php -y + ansible.builtin.command: dnf module reset php -y tags: - always - name: Enable the php:remi-7.4 DNF module tags: horde - command: dnf module enable php:remi-7.4 -y + ansible.builtin.command: dnf module enable php:remi-7.4 -y - name: Install PHP 7.4 packages tags: horde dnf: @@ -543,7 +543,7 @@ name: pear.horde.org/Horde_ActiveSync state: latest # - name: Install go packages -# command: "go install {{ item }}" +# ansible.builtin.command: "go install {{ item }}" # loop: # - github.com/go-acme/lego/v4/cmd/lego@latest # tags: ssl @@ -564,6 +564,6 @@ loop: - { url: "https://github.com/quentinsf/IMAPdedup/raw/master/imapdedup.py", dest: "/usr/local/bin/imapdedup.py" } - name: Reset the PHP DNF module - command: dnf module reset php -y + ansible.builtin.command: dnf module reset php -y tags: - always diff --git a/tasks/postfix.yml b/tasks/postfix.yml index a690a47..e219571 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -30,7 +30,7 @@ create_home: no shell: /bin/false - name: Apply mail aliases - command: newaliases + ansible.builtin.command: newaliases - name: Set up automatic restart of services import_tasks: autorestart.yml vars: @@ -45,7 +45,7 @@ group: root notify: Restart postfix - name: Configure postfix - command: 'postconf -e "{{ item }}"' + ansible.builtin.command: 'postconf -e "{{ item }}"' loop: - "inet_interfaces = all" - "myhostname = {{ mailserver_hostname }}.{{ mailserver_domain }}" @@ -200,7 +200,7 @@ loop: "{{ helo_access }}" notify: Restart postfix - name: Generate HELO access database - command: postmap /etc/postfix/helo_access + ansible.builtin.command: postmap /etc/postfix/helo_access when: helo_access is defined - name: Set up RBL whitelist block: @@ -218,7 +218,7 @@ loop: "{{ rbl_override }}" notify: Restart postfix - name: Generate RBL database - command: postmap /etc/postfix/rbl_override + ansible.builtin.command: postmap /etc/postfix/rbl_override when: rbl_override is defined - name: Set Postgrey whitelist lineinfile: @@ -243,7 +243,7 @@ backup: yes notify: Restart postgrey - name: Clean postfix destination - command: 'postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost"' + ansible.builtin.command: 'postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost"' - name: Create directory for virtuals file: path: /var/vmail/ diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 3064a57..ffea685 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -14,7 +14,7 @@ dest: /var/www/ remote_src: yes - name: Rename postfixadmin directory - command: "mv /var/www/postfixadmin-postfixadmin-{{ postfixadmin_version }} /var/www/postfixadmin" + ansible.builtin.command: "mv /var/www/postfixadmin-postfixadmin-{{ postfixadmin_version }} /var/www/postfixadmin" args: creates: /var/www/postfixadmin - name: Set up postfixadmin permissions @@ -49,7 +49,7 @@ no_log: yes notify: Warn on passwords - name: Generate PostfixAdmin PHP password - command: php -r 'echo password_hash("{{ postfixadmin_db_password }}", PASSWORD_DEFAULT);' + ansible.builtin.command: php -r 'echo password_hash("{{ postfixadmin_db_password }}", PASSWORD_DEFAULT);' register: postfixadmin_setup_password no_log: yes - name: Create PostfixAdmin directories diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 0e9c81c..6323de2 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -26,7 +26,7 @@ tags: - dyndns - poweradmin - command: "mv /var/www/poweradmin-{{ poweradmin_version }} /var/www/poweradmin" + ansible.builtin.command: "mv /var/www/poweradmin-{{ poweradmin_version }} /var/www/poweradmin" args: creates: /var/www/poweradmin when: 'public_dns == "yes"' diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 5de3e59..3fa1484 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -1,6 +1,6 @@ --- - name: "Read DKIM keys for {{ domain_item }}" - command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" + ansible.builtin.command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" register: dkim_keys - name: "Parse DKIM keys for {{ domain_item }}" ansible.builtin.set_fact: diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index 9032aa7..2f095b5 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -4,11 +4,11 @@ path: /var/lib/razor/ state: directory - name: Create Razor account - command: razor-admin -create -home=/var/lib/razor + ansible.builtin.command: razor-admin -create -home=/var/lib/razor - name: Discover Razor account - command: razor-admin -discover -home=/var/lib/razor + ansible.builtin.command: razor-admin -discover -home=/var/lib/razor - name: Register Razor account - command: razor-admin -register -home=/var/lib/razor + ansible.builtin.command: razor-admin -register -home=/var/lib/razor - name: Configure SPAMAssassin options lineinfile: regexp: 'SPAMDOPTIONS' @@ -58,7 +58,7 @@ group: root notify: Restart spamassassin - name: Enable sieve config - command: sievec /var/mail/SpamToJunk.sieve + ansible.builtin.command: sievec /var/mail/SpamToJunk.sieve args: creates: /var/mail/SpamToJunk.svbin - name: Enable SpamAssassin update service diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 6932df3..f54b5bb 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -109,8 +109,8 @@ - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Generate LetsEncrypt certificates - # command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" - command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" + # ansible.builtin.command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" + ansible.builtin.command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" environment: EXEC_PROPAGATION_TIMEOUT: 4242 PDNS_API_URL: http://127.0.0.1:8081/ diff --git a/tasks/webdav.yml b/tasks/webdav.yml index 39f3f45..e02f2fc 100644 --- a/tasks/webdav.yml +++ b/tasks/webdav.yml @@ -34,4 +34,4 @@ setype: httpd_sys_rw_content_t state: present - name: Apply SELinux file context on WebDAV directory - command: restorecon -irv /var/www/html/webdav + ansible.builtin.command: restorecon -irv /var/www/html/webdav From 90d316884eace6ffff91797dd5c0c594b1809179 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:02:28 +0200 Subject: [PATCH 161/181] satisfy linter --- tasks/add_dns_record.yml | 3 ++ tasks/autorestart.yml | 2 ++ tasks/create_mariadb_schema.yml | 3 ++ tasks/delete_dns_record.yml | 2 ++ tasks/fill_mariadb_data.yml | 2 ++ tasks/firewall.yml | 1 + tasks/generate_wireguard_keys.yml | 8 +++++ tasks/os.yml | 1 + tasks/propagate_dkim_txt_records.yml | 5 +++ tasks/propagate_ssl_txt_records.yml | 2 ++ tasks/restore_service_tarball_backup.yml | 3 ++ tasks/wireguard.yml | 40 ++++++++++++------------ 12 files changed, 52 insertions(+), 20 deletions(-) diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index 6b711d7..2424897 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -1,9 +1,11 @@ --- - name: 'Quote and escape record content "{{ record.content }}"' + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: Add DNS record when: (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) + # noqa name[template] we need to be informative, even if we deviate from the standards block: - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" @@ -12,6 +14,7 @@ ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Update or add DNS record when: record.append is not defined or not record.append + # noqa name[template] we need to be informative, even if we deviate from the standards block: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" diff --git a/tasks/autorestart.yml b/tasks/autorestart.yml index faa54b9..fba15d6 100644 --- a/tasks/autorestart.yml +++ b/tasks/autorestart.yml @@ -1,5 +1,6 @@ --- - name: "Create restart directories for {{ service }}" + # noqa name[template] we need to be informative, even if we deviate from the standards file: state: directory path: "/etc/systemd/system/{{ service }}.service.d" @@ -7,6 +8,7 @@ owner: root group: root - name: "Deploy restart files for {{ service }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.copy: src: systemd/restart.conf dest: "/etc/systemd/system/{{ service }}.service.d/restart.conf" diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index 6331b00..b90399f 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -1,10 +1,12 @@ --- - name: "Upload {{ mariadb_database }} DB schema" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.copy: src: "mariadb/{{ mariadb_database }}_schema.sql" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" - name: "Check if {{ mariadb_database }} DB exists" + # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database }}" state: present @@ -14,6 +16,7 @@ register: mariadb_database_exists - name: "Create {{ mariadb_database }} DB schema" + # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database }}" state: import diff --git a/tasks/delete_dns_record.yml b/tasks/delete_dns_record.yml index c4b28a1..3ab800c 100644 --- a/tasks/delete_dns_record.yml +++ b/tasks/delete_dns_record.yml @@ -1,6 +1,8 @@ --- - name: 'Quote and escape record content "{{ record.content }}"' + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" diff --git a/tasks/fill_mariadb_data.yml b/tasks/fill_mariadb_data.yml index ed53c16..e5c1b94 100644 --- a/tasks/fill_mariadb_data.yml +++ b/tasks/fill_mariadb_data.yml @@ -1,5 +1,6 @@ --- - name: "Render {{ mariadb_database.db }} data" + # noqa name[template] we need to be informative, even if we deviate from the standards template: src: "mariadb/{{ mariadb_database.db }}.sql.j2" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database.db }}_data.sql" @@ -8,6 +9,7 @@ group: root backup: yes - name: "Fill {{ mariadb_database.db }} DB" + # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database.db }}" state: import diff --git a/tasks/firewall.yml b/tasks/firewall.yml index 6f97290..c437c44 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -6,6 +6,7 @@ enabled: yes state: started - name: "Open Firewall for {{ port }}" + # noqa name[template] we need to be informative, even if we deviate from the standards block: - name: "Open firewall for numeric port {{ port }}" firewalld: diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index cc3373a..dc8481d 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -1,36 +1,44 @@ --- - name: "Generate private key for {{ wg_name }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg genkey when: wg_privatekey is not defined or wg_privatekey == "" register: wg_privatekey_output - name: "Fetch private key for {{ wg_name }} from config" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_privatekey_output: stdout: "{{ wg_privatekey }}" when: wg_privatekey is defined and wg_privatekey != "" - name: "Generate public key for {{ wg_name }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg pubkey args: stdin: "{{ wg_privatekey_output.stdout }}" when: wg_publickey is not defined or wg_publickey == "" register: wg_publickey_output - name: "Fetch public key from config for {{ wg_name }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_publickey_output: stdout: "{{ wg_publickey }}" when: wg_publickey is defined and wg_publickey != "" - name: "Generate pre-shared key for {{ wg_name }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg genpsk when: wg_psk is not defined or wg_psk == "" register: wg_psk_output - name: "Fetch pre-shared key for {{ wg_name }} from config" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_psk_output: stdout: "{{ wg_psk }}" when: wg_psk is defined and wg_psk != "" - name: "Generate JSON config for {{ wg_name }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_configs_json: '{"{{ wg_name }}": {"privatekey": "{{ wg_privatekey_output.stdout }}", "publickey": "{{ wg_publickey_output.stdout }}", "psk": "{{ wg_psk_output.stdout }}", "owner": "{{ wg_owner }}", "cidr": "{{ wg_cidr }}"}}' - name: "Add {{ wg_name }} to the WireGuard config array" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_configs: "{{ wg_configs|default({})|combine(wg_configs_json) }}" diff --git a/tasks/os.yml b/tasks/os.yml index 3a11150..1ac6b3d 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -4,6 +4,7 @@ register: getenforce tags: always - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" - name: Enable IPv6 when: ansible_default_ipv6.address is not defined diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 3fa1484..64ed283 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -1,12 +1,15 @@ --- - name: "Read DKIM keys for {{ domain_item }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" register: dkim_keys - name: "Parse DKIM keys for {{ domain_item }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" + # noqa name[template] we need to be informative, even if we deviate from the standards import_tasks: add_dns_record.yml vars: record: @@ -35,6 +38,7 @@ - 5301 - 53 - name: "Warn user to set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record with the DKIM keys" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.debug: msg: - "" @@ -48,6 +52,7 @@ - "" when: desired_dkim_record != current_dkim_record - name: "Wait for {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record to get propagated" + # noqa name[template] we need to be informative, even if we deviate from the standards community.dns.wait_for_txt: always_ask_default_resolver: no max_sleep: 42 diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index e2efad3..7ebd39c 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -1,5 +1,6 @@ --- - name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" + # noqa name[template] we need to be informative, even if we deviate from the standards import_tasks: add_dns_record.yml vars: record: @@ -18,6 +19,7 @@ state: restarted when: 'public_dns == "yes"' - name: "Warn user to set up TXT records with the Let's Encrypt challenge for {{ challenge_item.key }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.debug: msg: - "" diff --git a/tasks/restore_service_tarball_backup.yml b/tasks/restore_service_tarball_backup.yml index b938c3c..f9332de 100644 --- a/tasks/restore_service_tarball_backup.yml +++ b/tasks/restore_service_tarball_backup.yml @@ -1,17 +1,20 @@ --- - name: "Stop {{ service }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes enabled: yes state: stopped - name: "Restore {{ service }} backup" + # noqa name[template] we need to be informative, even if we deviate from the standards when: service_backup_path is defined unarchive: src: "{{ service_backup_path }}" dest: / remote_src: yes - name: "Start {{ service }}" + # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 7ae4830..c0ffd00 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -58,13 +58,13 @@ - name: Define read server values ansible.builtin.set_fact: wg_server: - privatekey: "{{ wg_interface.PrivateKey|default('') }}" - publickey: "{{ wg_peer.PublicKey|default('') }}" - psk: "{{ wg_peer.PresharedKey|default('') }}" - cidr: "{{ wg_interface.AllowedIPs|default('') }}" + privatekey: "{{ wg_interface.PrivateKey | default('') }}" + publickey: "{{ wg_peer.PublicKey | default('') }}" + psk: "{{ wg_peer.PresharedKey | default('') }}" + cidr: "{{ wg_interface.AllowedIPs | default('') }}" - name: Set WireGuard server config ansible.builtin.set_fact: - wg_server: "{{ wg_server|default({})|combine(wireguard.server|default({}), recursive=True) }}" + wg_server: "{{ wg_server | default({}) | combine(wireguard.server | default({}), recursive=True) }}" - name: Set the next client's last IP segment ansible.builtin.set_fact: next_ip_segment: 2 @@ -72,16 +72,16 @@ import_tasks: generate_wireguard_keys.yml vars: wg_name: "server" - wg_privatekey: "{{ wg_server.privatekey|default('') }}" - wg_publickey: "{{ wg_server.publickey|default('') }}" + wg_privatekey: "{{ wg_server.privatekey | default('') }}" + wg_publickey: "{{ wg_server.publickey | default('') }}" wg_owner: root - wg_cidr: "{{ wireguard.ipv4_pool.split('/')|first|replace('.0','.1') ~ ', ' ~ wireguard.ipv6_pool.split('/')|first|replace(':0',':1') }}" + wg_cidr: "{{ wireguard.ipv4_pool.split('/') | first | replace('.0','.1') ~ ', ' ~ wireguard.ipv6_pool.split('/') | first | replace(':0',':1') }}" - name: Define read client values include_tasks: define_vpn_clients.yml vars: - current_ipv4: "{{ wireguard.ipv4_pool.split('/')|first|regex_replace('.0$','.' ~ next_ip_segment) }}" - current_ipv6: "{{ wireguard.ipv6_pool.split('/')|first|regex_replace(':0$',':' ~ next_ip_segment) }}" - vpn_config_data: "{{ vpn_user.vpn|default([{'name': vpn_user.name, 'cidr': current_ipv4 ~ ', ' ~ current_ipv6 }]) }}" + current_ipv4: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$','.' ~ next_ip_segment) }}" + current_ipv6: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$',':' ~ next_ip_segment) }}" + vpn_config_data: "{{ vpn_user.vpn | default([{'name': vpn_user.name, 'cidr': current_ipv4 ~ ', ' ~ current_ipv6 }]) }}" vpn_config_owner: "{{ vpn_user.name }}" loop: "{{ users }}" loop_control: @@ -90,9 +90,9 @@ include_tasks: generate_wireguard_keys.yml vars: wg_name: "{{ item.name }}" - wg_privatekey: "{{ item.privatekey|default('') }}" - wg_publickey: "{{ item.publickey|default('') }}" - wg_psk: "{{ item.psk|default('') }}" + wg_privatekey: "{{ item.privatekey | default('') }}" + wg_publickey: "{{ item.publickey | default('') }}" + wg_psk: "{{ item.psk | default('') }}" wg_owner: "{{ item.owner }}" wg_cidr: "{{ item.cidr }}" loop: "{{ wg_clients }}" @@ -229,7 +229,7 @@ name: "{{ item }}" ttl: "3600" type: A - content: "{{ wg_configs[item]['cidr'].split(', ')|first }}" + content: "{{ wg_configs[item]['cidr'].split(', ') | first }}" loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add DynDNS AAAA records @@ -243,7 +243,7 @@ name: "{{ item }}" ttl: "3600" type: AAAA - content: "{{ wg_configs[item]['cidr'].split(', ')|last }}" + content: "{{ wg_configs[item]['cidr'].split(', ') | last }}" loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add VPN root A record @@ -281,7 +281,7 @@ name: "{{ item }}" ttl: "3600" type: A - content: "{{ (wg_configs[item]['cidr'].split(', ')|first).split('/')|first }}" + content: "{{ (wg_configs[item]['cidr'].split(', ') | first).split('/') | first }}" loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add VPN AAAA records @@ -295,7 +295,7 @@ name: "{{ item }}" ttl: "3600" type: AAAA - content: "{{ (wg_configs[item]['cidr'].split(', ')|last).split('/')|first }}" + content: "{{ (wg_configs[item]['cidr'].split(', ') | last).split('/') | first }}" loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add admin VPN A records @@ -310,7 +310,7 @@ name: "{{ item }}" ttl: "3600" type: A - content: "{{ wireguard.ipv4_pool.split('/')|first|regex_replace('.0$','.1') }}" + content: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$','.1') }}" loop: - postfixadmin - poweradmin @@ -326,7 +326,7 @@ name: "{{ item }}" ttl: "3600" type: AAAA - content: "{{ wireguard.ipv6_pool.split('/')|first|regex_replace(':0$',':1') }}" + content: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$',':1') }}" loop: - postfixadmin - poweradmin From d68a2677c477a7e44c2f296ff1bfde32d0c4948c Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:04:38 +0200 Subject: [PATCH 162/181] fix Jinja2 spacing --- tasks/dmarc.yml | 4 ++-- tasks/dns_records.yml | 2 +- tasks/fill_default_dns_records.yml | 4 ++-- tasks/gather_wireguard_config_sections.yml | 16 ++++++++-------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index 7aa9673..84559c8 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -14,10 +14,10 @@ - key: "TrustedAuthservIDs" value: > {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains|default([]) %} + {%- for domain in custom_domains | default([]) %} {%- set domains = domains.append( domain ) %} {%- endfor %} - {{- domains|join(',') -}} + {{- domains | join(',') -}} comment: false - { key: "IgnoreAuthenticatedClients", value: "true", comment: false } - { key: "RejectFailures", value: "true", comment: false } diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index 471c8a5..319fe5e 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -56,7 +56,7 @@ register: zone_records loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - name: Correct SOA record for all domains - ansible.builtin.command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines|length }} 10800 3600 604800 3600"' + ansible.builtin.command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines | length }} 10800 3600 604800 3600"' loop: "{{ zone_records.results }}" loop_control: loop_var: zone_record diff --git a/tasks/fill_default_dns_records.yml b/tasks/fill_default_dns_records.yml index a136f98..b0506be 100644 --- a/tasks/fill_default_dns_records.yml +++ b/tasks/fill_default_dns_records.yml @@ -5,8 +5,8 @@ empty_apostrophes: "''" record: zone: "{{ dns_zone }}" - name: "{{ dns_record.name|default(empty_apostrophes) }}" - ttl: "{{ dns_record.ttl|default('3600') }}" + name: "{{ dns_record.name | default(empty_apostrophes) }}" + ttl: "{{ dns_record.ttl | default('3600') }}" type: "{{ dns_record.type }}" content: "{{ dns_record.content }}" loop: "{{ default_dns_records }}" diff --git a/tasks/gather_wireguard_config_sections.yml b/tasks/gather_wireguard_config_sections.yml index 941291d..b72d28a 100644 --- a/tasks/gather_wireguard_config_sections.yml +++ b/tasks/gather_wireguard_config_sections.yml @@ -6,33 +6,33 @@ - name: Set server private key when: current_wireguard_section == 'server' and 'PrivateKey' in wireguard_config_line ansible.builtin.set_fact: - wg_server_private_key: "{{ wireguard_config_line|split(' ')|last }}" + wg_server_private_key: "{{ wireguard_config_line | split(' ') | last }}" - name: Set client config when: '{{ "[Peer]" == wireguard_config_line }}' ansible.builtin.set_fact: current_wireguard_section: client - wg_client_count: "{{ wg_client_count|default(0)|int + 1 }}" + wg_client_count: "{{ wg_client_count | default(0) | int + 1 }}" - name: Set client name when: current_wireguard_section == 'client' and 'owned by' in wireguard_config_line ansible.builtin.set_fact: - wg_client_name: "{{ (wireguard_config_line|split(' '))[2] }}" + wg_client_name: "{{ (wireguard_config_line | split(' '))[2] }}" - name: Set client owner when: current_wireguard_section == 'client' and 'owned by' in wireguard_config_line ansible.builtin.set_fact: - wg_client_owner: "{{ wireguard_config_line|split(' ')|last }}" + wg_client_owner: "{{ wireguard_config_line | split(' ') | last }}" - name: Set client pre-shared key when: current_wireguard_section == 'client' and 'PresharedKey' in wireguard_config_line ansible.builtin.set_fact: - wg_server_psk: "{{ wireguard_config_line|split(' ')|last }}" + wg_server_psk: "{{ wireguard_config_line | split(' ') | last }}" - name: Set wireguard config server section when: current_wireguard_section == 'server' and wg_server_private_key is defined and "[Peer]" == wireguard_config_line ansible.builtin.set_fact: - wg_server: '{{ wg_server|default({})|combine({"privatekey": wg_server_private_key}) }}' + wg_server: '{{ wg_server | default({}) | combine({"privatekey": wg_server_private_key}) }}' - name: Set wireguard config client section when: '{{ "[Peer]" == wireguard_config_line }}' ansible.builtin.set_fact: - last_wg_client: '{{ wg_client_count|default(0) }}' + last_wg_client: '{{ wg_client_count | default(0) }}' - name: Set wireguard config client section when: current_wireguard_section == 'client' and (wg_client_count < last_wg_client or ansible_loop.last) and wg_client_name is defined and wg_client_owner is defined and wg_client_psk is defined ansible.builtin.set_fact: - wg_clients: '{{ wg_clients|default([]) + {"name": wg_client_name, "owner": wg_client_owner, "psk": wg_server_psk} }}' + wg_clients: '{{ wg_clients | default([]) + {"name": wg_client_name, "owner": wg_client_owner, "psk": wg_server_psk} }}' From 4ce85f06fc69c08228128047d27e7332a5fc75bf Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:12:25 +0200 Subject: [PATCH 163/181] fix noqa comments --- tasks/add_dns_record.yml | 13 +++++-------- tasks/autorestart.yml | 6 ++---- tasks/create_mariadb_schema.yml | 9 +++------ tasks/delete_dns_record.yml | 6 ++---- tasks/fill_mariadb_data.yml | 6 ++---- tasks/firewall.yml | 3 +-- tasks/generate_wireguard_keys.yml | 24 ++++++++---------------- tasks/os.yml | 3 +-- tasks/propagate_dkim_txt_records.yml | 15 +++++---------- tasks/propagate_ssl_txt_records.yml | 6 ++---- tasks/restore_service_tarball_backup.yml | 9 +++------ 11 files changed, 34 insertions(+), 66 deletions(-) diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index 2424897..dedb1e3 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -1,25 +1,22 @@ --- -- name: 'Quote and escape record content "{{ record.content }}"' - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: 'Quote and escape record content "{{ record.content }}"' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: record_content: '"{{ record.content }}"' - name: Add DNS record when: (record.append is defined and record.append) and (record.content not in lookup('community.general.dig', record.name ~ '.' ~ record.zone ~ './' ~ record.type) | split(',')) - # noqa name[template] we need to be informative, even if we deviate from the standards block: - - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Update or add DNS record when: record.append is not defined or not record.append - # noqa name[template] we need to be informative, even if we deviate from the standards block: - - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" rescue: - - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' + - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" - name: Rectify all zones ansible.builtin.command: pdnsutil rectify-all-zones diff --git a/tasks/autorestart.yml b/tasks/autorestart.yml index fba15d6..db04edb 100644 --- a/tasks/autorestart.yml +++ b/tasks/autorestart.yml @@ -1,14 +1,12 @@ --- -- name: "Create restart directories for {{ service }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Create restart directories for {{ service }}" # noqa name[template] we need to be informative, even if we deviate from the standards file: state: directory path: "/etc/systemd/system/{{ service }}.service.d" mode: u=rwX,og=rX owner: root group: root -- name: "Deploy restart files for {{ service }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Deploy restart files for {{ service }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.copy: src: systemd/restart.conf dest: "/etc/systemd/system/{{ service }}.service.d/restart.conf" diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index b90399f..17d7887 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -1,12 +1,10 @@ --- -- name: "Upload {{ mariadb_database }} DB schema" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Upload {{ mariadb_database }} DB schema" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.copy: src: "mariadb/{{ mariadb_database }}_schema.sql" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" -- name: "Check if {{ mariadb_database }} DB exists" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Check if {{ mariadb_database }} DB exists" # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database }}" state: present @@ -15,8 +13,7 @@ no_log: yes register: mariadb_database_exists -- name: "Create {{ mariadb_database }} DB schema" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Create {{ mariadb_database }} DB schema" # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database }}" state: import diff --git a/tasks/delete_dns_record.yml b/tasks/delete_dns_record.yml index 3ab800c..506e5c5 100644 --- a/tasks/delete_dns_record.yml +++ b/tasks/delete_dns_record.yml @@ -1,8 +1,6 @@ --- -- name: 'Quote and escape record content "{{ record.content }}"' - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: 'Quote and escape record content "{{ record.content }}"' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: record_content: '"{{ record.content }}"' -- name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" diff --git a/tasks/fill_mariadb_data.yml b/tasks/fill_mariadb_data.yml index e5c1b94..db88122 100644 --- a/tasks/fill_mariadb_data.yml +++ b/tasks/fill_mariadb_data.yml @@ -1,6 +1,5 @@ --- -- name: "Render {{ mariadb_database.db }} data" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Render {{ mariadb_database.db }} data" # noqa name[template] we need to be informative, even if we deviate from the standards template: src: "mariadb/{{ mariadb_database.db }}.sql.j2" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database.db }}_data.sql" @@ -8,8 +7,7 @@ owner: root group: root backup: yes -- name: "Fill {{ mariadb_database.db }} DB" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Fill {{ mariadb_database.db }} DB" # noqa name[template] we need to be informative, even if we deviate from the standards mysql_db: name: "{{ mariadb_database.db }}" state: import diff --git a/tasks/firewall.yml b/tasks/firewall.yml index c437c44..fd8ac1a 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -5,8 +5,7 @@ daemon_reload: yes enabled: yes state: started -- name: "Open Firewall for {{ port }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Open Firewall for {{ port }}" # noqa name[template] we need to be informative, even if we deviate from the standards block: - name: "Open firewall for numeric port {{ port }}" firewalld: diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index dc8481d..e9e40b4 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -1,44 +1,36 @@ --- -- name: "Generate private key for {{ wg_name }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Generate private key for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg genkey when: wg_privatekey is not defined or wg_privatekey == "" register: wg_privatekey_output -- name: "Fetch private key for {{ wg_name }} from config" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Fetch private key for {{ wg_name }} from config" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_privatekey_output: stdout: "{{ wg_privatekey }}" when: wg_privatekey is defined and wg_privatekey != "" -- name: "Generate public key for {{ wg_name }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Generate public key for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg pubkey args: stdin: "{{ wg_privatekey_output.stdout }}" when: wg_publickey is not defined or wg_publickey == "" register: wg_publickey_output -- name: "Fetch public key from config for {{ wg_name }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Fetch public key from config for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_publickey_output: stdout: "{{ wg_publickey }}" when: wg_publickey is defined and wg_publickey != "" -- name: "Generate pre-shared key for {{ wg_name }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Generate pre-shared key for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: wg genpsk when: wg_psk is not defined or wg_psk == "" register: wg_psk_output -- name: "Fetch pre-shared key for {{ wg_name }} from config" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Fetch pre-shared key for {{ wg_name }} from config" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_psk_output: stdout: "{{ wg_psk }}" when: wg_psk is defined and wg_psk != "" -- name: "Generate JSON config for {{ wg_name }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Generate JSON config for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_configs_json: '{"{{ wg_name }}": {"privatekey": "{{ wg_privatekey_output.stdout }}", "publickey": "{{ wg_publickey_output.stdout }}", "psk": "{{ wg_psk_output.stdout }}", "owner": "{{ wg_owner }}", "cidr": "{{ wg_cidr }}"}}' -- name: "Add {{ wg_name }} to the WireGuard config array" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Add {{ wg_name }} to the WireGuard config array" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_configs: "{{ wg_configs|default({})|combine(wg_configs_json) }}" diff --git a/tasks/os.yml b/tasks/os.yml index 1ac6b3d..681f6c9 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -3,8 +3,7 @@ shell: getenforce register: getenforce tags: always -- name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" - name: Enable IPv6 when: ansible_default_ipv6.address is not defined diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 64ed283..6141bc1 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -1,15 +1,12 @@ --- -- name: "Read DKIM keys for {{ domain_item }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Read DKIM keys for {{ domain_item }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" register: dkim_keys -- name: "Parse DKIM keys for {{ domain_item }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Parse DKIM keys for {{ domain_item }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" -- name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards import_tasks: add_dns_record.yml vars: record: @@ -37,8 +34,7 @@ - 5300 - 5301 - 53 -- name: "Warn user to set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record with the DKIM keys" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Warn user to set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record with the DKIM keys" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.debug: msg: - "" @@ -51,8 +47,7 @@ - "value: {{ desired_dkim_record }}" - "" when: desired_dkim_record != current_dkim_record -- name: "Wait for {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record to get propagated" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Wait for {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record to get propagated" # noqa name[template] we need to be informative, even if we deviate from the standards community.dns.wait_for_txt: always_ask_default_resolver: no max_sleep: 42 diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 7ebd39c..68f1569 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -1,6 +1,5 @@ --- -- name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards import_tasks: add_dns_record.yml vars: record: @@ -18,8 +17,7 @@ enabled: yes state: restarted when: 'public_dns == "yes"' -- name: "Warn user to set up TXT records with the Let's Encrypt challenge for {{ challenge_item.key }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Warn user to set up TXT records with the Let's Encrypt challenge for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.debug: msg: - "" diff --git a/tasks/restore_service_tarball_backup.yml b/tasks/restore_service_tarball_backup.yml index f9332de..736abb8 100644 --- a/tasks/restore_service_tarball_backup.yml +++ b/tasks/restore_service_tarball_backup.yml @@ -1,20 +1,17 @@ --- -- name: "Stop {{ service }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Stop {{ service }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes enabled: yes state: stopped -- name: "Restore {{ service }} backup" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Restore {{ service }} backup" # noqa name[template] we need to be informative, even if we deviate from the standards when: service_backup_path is defined unarchive: src: "{{ service_backup_path }}" dest: / remote_src: yes -- name: "Start {{ service }}" - # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Start {{ service }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.systemd_service: name: "{{ service }}" daemon_reload: yes From 86127d288fedaa02c23029063e68437c05f2ef28 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:32:43 +0200 Subject: [PATCH 164/181] set some ansible.builtin. FQCNs --- tasks/autorestart.yml | 2 +- tasks/backups.yml | 14 +++++++------- tasks/dkim.yml | 12 ++++++------ tasks/dmarc.yml | 2 +- tasks/dovecot.yml | 10 +++++----- tasks/fail2ban.yml | 2 +- tasks/ftp.yml | 8 ++++---- tasks/horde.yml | 4 ++-- tasks/httpd.yml | 14 +++++++------- tasks/imapsync.yml | 2 +- tasks/ldap.yml | 4 ++-- tasks/local_dns_cache.yml | 6 +++--- tasks/mongodb.yml | 2 +- tasks/os.yml | 4 ++-- tasks/packages.yml | 10 +++++----- tasks/pdns.yml | 2 +- tasks/pdns_recursor.yml | 8 ++++---- tasks/postfix.yml | 26 +++++++++++++------------- tasks/postfixadmin.yml | 12 ++++++------ tasks/poweradmin.yml | 6 +++--- tasks/spamassassin.yml | 8 ++++---- tasks/ssl.yml | 10 +++++----- tasks/webdav.yml | 4 ++-- tasks/wireguard.yml | 26 +++++++++++++------------- 24 files changed, 99 insertions(+), 99 deletions(-) diff --git a/tasks/autorestart.yml b/tasks/autorestart.yml index db04edb..18189b0 100644 --- a/tasks/autorestart.yml +++ b/tasks/autorestart.yml @@ -1,6 +1,6 @@ --- - name: "Create restart directories for {{ service }}" # noqa name[template] we need to be informative, even if we deviate from the standards - file: + ansible.builtin.file: state: directory path: "/etc/systemd/system/{{ service }}.service.d" mode: u=rwX,og=rX diff --git a/tasks/backups.yml b/tasks/backups.yml index e238cbe..ee96407 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -1,6 +1,6 @@ --- - name: Create backup directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory recurse: yes @@ -26,7 +26,7 @@ state: mounted fstype: fuse.bindfs - name: Create systemd tarball backup services - template: + ansible.builtin.template: src: "systemd/tarball-backup.service.j2" dest: "/etc/systemd/system/{{ item.name }}-backup.service" mode: u=rw,og=r @@ -43,7 +43,7 @@ - { name: "pdns", paths: ["/etc/pdns", "/etc/pdns-recursor", "/etc/dnsdist"], service: True } - { name: "wg_vpn", paths: ["/etc/wireguard"], service: True } - name: Create systemd backup services - template: + ansible.builtin.template: src: "systemd/{{ item }}-backup.service.j2" dest: "/etc/systemd/system/{{ item }}-backup.service" mode: u=rw,og=r @@ -55,7 +55,7 @@ - ldap - vsftpd - name: Create systemd backup timers - template: + ansible.builtin.template: src: "systemd/backup.timer.j2" dest: "/etc/systemd/system/{{ item }}-backup.timer" mode: u=rw,og=r @@ -124,12 +124,12 @@ state: stopped - name: Erase data directory when: mariadb_backup_path is defined - file: + ansible.builtin.file: path: /var/lib/mysql state: absent - name: Create data directory when: mariadb_backup_path is defined - file: + ansible.builtin.file: path: /var/lib/mysql state: directory owner: mysql @@ -140,7 +140,7 @@ ansible.builtin.command: "mariabackup --copy-back --target-dir={{ mariadb_backup_path }}" - name: Ensure data directory permissions when: mariadb_backup_path is defined - file: + ansible.builtin.file: path: /var/lib/mysql state: directory owner: mysql diff --git a/tasks/dkim.yml b/tasks/dkim.yml index 023c76d..f948188 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -4,7 +4,7 @@ # vars: # port: 8891/tcp - name: Configure OpenDKIM - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item.key }}' line: "{{ '#' if item.comment }}{{ item.key }}\t{{ item.value }}" path: /etc/opendkim.conf @@ -25,7 +25,7 @@ - { key: "RequireSafeKeys", value: "false", comment: false} notify: Restart opendkim - name: Configure OpenDKIM key table - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item }}' line: "{{ dkim_selector }}._domainkey.{{ item }} {{ item }}:{{ dkim_selector }}:/etc/opendkim/keys/{{ item }}/{{ dkim_selector }}.private" path: /etc/opendkim/KeyTable @@ -37,7 +37,7 @@ loop: "{{ [mailserver_domain] + custom_domains }}" notify: Restart opendkim - name: Configure OpenDKIM trusted hosts - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item }}' line: "*.{{ item }}" path: /etc/opendkim/TrustedHosts @@ -49,7 +49,7 @@ loop: "{{ [mailserver_domain] + custom_domains }}" notify: Restart opendkim - name: Configure OpenDKIM signing table - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item }}' line: "*@{{ item }} {{ dkim_selector }}._domainkey.{{ item }}" path: /etc/opendkim/SigningTable @@ -61,7 +61,7 @@ loop: "{{ [mailserver_domain] + custom_domains }}" notify: Restart opendkim - name: Create OpenDKIM key directories - file: + ansible.builtin.file: state: directory path: "/etc/opendkim/keys/{{ item }}" mode: u=rwX,og-rwX @@ -76,7 +76,7 @@ loop: "{{ [mailserver_domain] + custom_domains }}" notify: Restart opendkim - name: Ensure OpenDKIM key directory permissions - file: + ansible.builtin.file: state: directory path: /etc/opendkim owner: opendkim diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index 84559c8..56ea69a 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -1,6 +1,6 @@ --- - name: Configure OpenDMARC - lineinfile: + ansible.builtin.lineinfile: regexp: '\b{{ item.key }}\b' line: "{{ '#' if item.comment }}{{ item.key }} {{ item.value }}" path: /etc/opendmarc.conf diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 65696ed..1f7c653 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -13,7 +13,7 @@ vars: service: dovecot - name: Configure Dovecot protocols - lineinfile: + ansible.builtin.lineinfile: path: /etc/dovecot/dovecot.conf regexp: '^protocols =' line: 'protocols = imap pop3 lmtp' @@ -24,7 +24,7 @@ backup: yes notify: Restart dovecot - name: Configure Dovecot Authentication Mechanism - lineinfile: + ansible.builtin.lineinfile: path: /etc/dovecot/conf.d/10-auth.conf regexp: '^{{ item.key }} = ' line: '{{ item.key }} = {{ item.value }}' @@ -41,7 +41,7 @@ - { key: "auth_mechanisms", value: "plain login" } notify: Restart dovecot - name: Configure Dovecot SSL - lineinfile: + ansible.builtin.lineinfile: path: /etc/dovecot/conf.d/10-ssl.conf regexp: '^{{ item.key }} = ' line: '{{ item.key }} = {{ item.value }}' @@ -81,7 +81,7 @@ - 90-sieve.conf notify: Restart dovecot - name: Render Dovecot config templates - template: + ansible.builtin.template: src: "dovecot/{{ item }}.j2" dest: "/etc/dovecot/{{ item }}" mode: u=rw,og=r @@ -94,7 +94,7 @@ - report-spam.sieve notify: Restart dovecot - name: Configure Dovecot auth extensions - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item.line }}' line: "{{ '#' if item.comment }}{{ item.line }}" path: /etc/dovecot/conf.d/10-auth.conf diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml index 4954ab4..507fdff 100644 --- a/tasks/fail2ban.yml +++ b/tasks/fail2ban.yml @@ -7,7 +7,7 @@ - postfixadmin.conf notify: Restart fail2ban - name: Enable fail2ban jails - blockinfile: + ansible.builtin.blockinfile: path: /etc/fail2ban/jail.d/ansible-mailserver.local marker: "# {mark} ANSIBLE MANAGED BLOCK ansible-mailserver fail2ban jails" block: | diff --git a/tasks/ftp.yml b/tasks/ftp.yml index fee5b84..c91f139 100644 --- a/tasks/ftp.yml +++ b/tasks/ftp.yml @@ -7,7 +7,7 @@ - 989-990/tcp - 40000-50000/tcp - name: Configure VSFTPD - lineinfile: + ansible.builtin.lineinfile: line: "{{ item.key }}={{ item.value }}" regexp: '^{{ item.key }}=' path: /etc/vsftpd/vsftpd.conf @@ -54,7 +54,7 @@ - { key: "dual_log_enable", value: "YES"} notify: Restart vsftpd - name: Set up VSFTPD user list - lineinfile: + ansible.builtin.lineinfile: line: "{{ item.name }}" path: /etc/vsftpd/vsftpd.userlist mode: u=rw @@ -73,7 +73,7 @@ state: yes persistent: yes - name: Create user FTP roots - file: + ansible.builtin.file: path: "/home/{{ item.name }}/ftp" state: directory recurse: yes @@ -83,7 +83,7 @@ loop: "{{ users }}" no_log: yes - name: Create user FTP directories - file: + ansible.builtin.file: path: "/home/{{ item.name }}/ftp/files" state: directory recurse: yes diff --git a/tasks/horde.yml b/tasks/horde.yml index 4d31901..af69033 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -1,6 +1,6 @@ --- - name: Increase upload size and execution time - lineinfile: + ansible.builtin.lineinfile: path: '{{ item.file }}' regexp: '^{{ item.key }} =' line: '{{ item.key }} = {{ item.value }}' @@ -41,7 +41,7 @@ - turba - wicked - name: Render Horde config templates - template: + ansible.builtin.template: src: "horde/{{ item.app }}/conf.php.j2" dest: "/etc/horde/{{ item.app }}/conf.php" mode: "{{ item.mode }}" diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 97ab3bc..8001fb1 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -40,7 +40,7 @@ - poweradmin - wireguard - webdav - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: u=rw,og=r @@ -105,7 +105,7 @@ - webdav - ftp - wireguard - file: + ansible.builtin.file: path: "~{{ item.name }}" state: directory owner: "{{ item.name }}" @@ -118,7 +118,7 @@ - webdav - ftp - wireguard - file: + ansible.builtin.file: path: "~{{ item.name }}/public_html" state: directory owner: "{{ item.name }}" @@ -129,7 +129,7 @@ no_log: true - name: Ensure user certificate directories exist tags: wireguard - file: + ansible.builtin.file: path: "~{{ item.name }}/{{ item.name }}/public_html/.vpn" owner: "{{ item.name }}" group: "{{ item.name }}" @@ -158,7 +158,7 @@ state: present recursive: yes - name: Create HTTPD SystemD drop-in directory - file: + ansible.builtin.file: path: /etc/systemd/system/httpd.service.d state: directory - name: Increase startup timeout @@ -178,7 +178,7 @@ backup: yes notify: Restart httpd - name: Deny blacklisted users from PAM authentication - lineinfile: + ansible.builtin.lineinfile: path: /etc/httpd/conf.d/denyusers line: "{{ item }}" owner: apache @@ -190,7 +190,7 @@ notify: Restart httpd - name: Allow Apache read /etc/shadow tags: webdav - file: + ansible.builtin.file: path: /etc/shadow state: file group: apache diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index ca1f48f..9bda0b7 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -33,7 +33,7 @@ backup: yes user: "{{ current_user.name }}" - name: "Save {{ current_user.old_imap_mail.user }}'s password in a file" - lineinfile: + ansible.builtin.lineinfile: path: '~{{ current_user.name }}/.cron_secrets' line: 'IMAP_PASSWORD={{ current_user.password }}' owner: '{{ current_user.name }}' diff --git a/tasks/ldap.yml b/tasks/ldap.yml index 368179d..e6dfbf9 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -21,7 +21,7 @@ # home: /var/lib/openldap # shell: /usr/sbin/nologin - name: Render dscreate config template - template: + ansible.builtin.template: src: "ldap/389.dscreate.conf.j2" dest: "/tmp/ansible-mailserver-install.dscreate.conf" mode: u=rw @@ -46,7 +46,7 @@ register: ldap_backups when: reset == "yes" - name: Create backup directory - file: + ansible.builtin.file: path: "/backup/{{ item }}" state: directory recurse: yes diff --git a/tasks/local_dns_cache.yml b/tasks/local_dns_cache.yml index 975aa21..5a2d390 100644 --- a/tasks/local_dns_cache.yml +++ b/tasks/local_dns_cache.yml @@ -2,7 +2,7 @@ - name: Configure local DNS cache block: - name: Configure /etc/resolv.conf - template: + ansible.builtin.template: src: resolv.conf.j2 dest: /etc/resolv.conf owner: root @@ -30,14 +30,14 @@ type: ethernet notify: Restart NetworkManager - name: Create resolved.conf.d directory - file: + ansible.builtin.file: path: /etc/systemd/resolved.conf.d state: directory owner: root group: root mode: u=rwX,og=rX - name: Enable local DNS caching - blockinfile: + ansible.builtin.blockinfile: path: /etc/systemd/resolved.conf.d/LocalDNSCache.conf marker: "# {mark} ANSIBLE MANAGED BLOCK Local DNS cache" block: | diff --git a/tasks/mongodb.yml b/tasks/mongodb.yml index 196113b..32b277a 100644 --- a/tasks/mongodb.yml +++ b/tasks/mongodb.yml @@ -1,6 +1,6 @@ --- - name: Configure limits - lineinfile: + ansible.builtin.lineinfile: regexp: '^mongod ' line: 'mongod soft nproc 32000' path: /etc/security/limits.d/2-nproc.conf diff --git a/tasks/os.yml b/tasks/os.yml index 681f6c9..42670af 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -52,7 +52,7 @@ - name: Install packages import_tasks: packages.yml - name: Set up OS mail aliases - lineinfile: + ansible.builtin.lineinfile: path: /etc/aliases regexp: '^root: *{{ mailserver_admin_user }}' line: 'root: {{ mailserver_admin_user }}' @@ -94,7 +94,7 @@ name: MAILTO job: "hostmaster+cron@{{ mailserver_domain }}" - name: Add GO path to PATH - lineinfile: + ansible.builtin.lineinfile: path: /etc/profile.d/gopath.sh line: 'export PATH=$PATH:$(go env GOPATH)/bin' mode: u=rw,og=r diff --git a/tasks/packages.yml b/tasks/packages.yml index 7ff893d..7043e1b 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -10,7 +10,7 @@ state: latest - name: Set up UEK repository tags: wireguard - blockinfile: + ansible.builtin.blockinfile: path: /etc/yum.repos.d/uek-ol8.repo marker: "# {mark} ANSIBLE MANAGED BLOCK Unbreakable Enterprise Kernel Release 7 for Oracle Linux repository" block: | @@ -52,7 +52,7 @@ # disable_gpg_check: yes - name: Set up ElasticSearch repository tags: elasticsearch - blockinfile: + ansible.builtin.blockinfile: path: /etc/yum.repos.d/elastic.repo marker: "# {mark} ANSIBLE MANAGED BLOCK ElasticSearch 8.x repository" block: | @@ -71,7 +71,7 @@ backup: yes create: yes - name: Set up Extra Packages for Enterprise Linux 7 repository - blockinfile: + ansible.builtin.blockinfile: path: /etc/yum.repos.d/epel-el7.repo marker: "# {mark} ANSIBLE MANAGED BLOCK Extra Packages for Enterprise Linux 7 repository" block: | @@ -88,7 +88,7 @@ create: yes - name: Set up PowerDNS repository tags: dns - blockinfile: + ansible.builtin.blockinfile: path: /etc/yum.repos.d/powerdns.repo marker: "# {mark} ANSIBLE MANAGED BLOCK PowerDNS repository" block: | @@ -154,7 +154,7 @@ create: yes - name: Set up MongoDB repository tags: mongodb - blockinfile: + ansible.builtin.blockinfile: path: /etc/yum.repos.d/mongodb-org-5.0.repo marker: "# {mark} ANSIBLE MANAGED BLOCK MongoDB 5.0 repository" block: | diff --git a/tasks/pdns.yml b/tasks/pdns.yml index 2442010..4ab0ee9 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -23,7 +23,7 @@ # user: powerdns # password: "{{ powerdns_db_password }}" - name: Configure PowerDNS authoritative server - lineinfile: + ansible.builtin.lineinfile: path: /etc/pdns/pdns.conf line: "{{ item.key }}={{ item.value }}" regex: "^{{ item.key }}=" diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index ea81c81..bad707c 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -1,6 +1,6 @@ --- - name: Render RPZ file for local addresses - template: + ansible.builtin.template: src: pdns-recursor/basic.rpz.j2 dest: /etc/pdns-recursor/pdns-recursor.rpz owner: pdns-recursor @@ -16,7 +16,7 @@ # backup: yes # when: 'public_dns == "yes"' - name: Configure PowerDNS recursor - lineinfile: + ansible.builtin.lineinfile: path: /etc/pdns-recursor/recursor.conf line: "{{ item.key }}={{ item.value }}" regex: "^{{ item.key }}=" @@ -36,7 +36,7 @@ notify: Restart pdns-recursor - name: Add VPN addresses to hosts file tags: wireguard - lineinfile: + ansible.builtin.lineinfile: line: "{{ item }} postfixadmin.vpn.{{ mailserver_domain }} poweradmin.vpn.{{ mailserver_domain }}" path: /etc/hosts backup: yes @@ -46,7 +46,7 @@ when: wireguard is defined notify: Restart pdns-recursor - name: Configure PowerDNS recursor to forward custom domains - lineinfile: + ansible.builtin.lineinfile: path: /etc/pdns-recursor/recursor.conf line: "forward-zones+={{ item }}=127.0.0.1:5300" regex: "^forward-zones+={{ item }}=" diff --git a/tasks/postfix.yml b/tasks/postfix.yml index e219571..f401605 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -60,7 +60,7 @@ - "smtp_tls_loglevel = 1" notify: Restart postfix - name: Configure main.cf - lineinfile: + ansible.builtin.lineinfile: regexp: '^{{ item.key }} = ' line: '{{ item.key }} = {{ item.value }}' path: /etc/postfix/main.cf @@ -82,7 +82,7 @@ - { key: "propagate_unmatched_extensions", value: "" } notify: Restart postfix - name: Render Postfix SQL templates - template: + ansible.builtin.template: src: "postfix/sql/{{ item }}.j2" dest: "/etc/postfix/sql/{{ item }}" mode: u=rw,og=r @@ -98,7 +98,7 @@ - mysql_virtual_alias_domain_catchall_maps.cf notify: Restart postfix - name: Configure virtual domains - blockinfile: + ansible.builtin.blockinfile: path: /etc/postfix/main.cf marker: "# {mark} ANSIBLE MANAGED BLOCK virtual domains" block: | @@ -117,7 +117,7 @@ virtual_gid_maps = static:2000 notify: Restart postfix - name: Configure SMTP recipient restrictions - blockinfile: + ansible.builtin.blockinfile: path: /etc/postfix/main.cf marker: "# {mark} ANSIBLE MANAGED BLOCK SMTP recipient restrictions" block: | @@ -137,7 +137,7 @@ # reject_rbl_client zen.spamhaus.org notify: Restart postfix - name: Configure Milter - blockinfile: + ansible.builtin.blockinfile: path: /etc/postfix/main.cf marker: "# {mark} ANSIBLE MANAGED BLOCK Milter" block: | @@ -149,7 +149,7 @@ backup: yes notify: Restart postfix - name: Start SPF policy daemon with Postfix - blockinfile: + ansible.builtin.blockinfile: path: /etc/postfix/master.cf marker: "# {mark} ANSIBLE MANAGED BLOCK SPF policy" block: | @@ -158,7 +158,7 @@ backup: yes notify: Restart postfix - name: Configure sender restrictions - blockinfile: + ansible.builtin.blockinfile: path: /etc/postfix/main.cf marker: "# {mark} ANSIBLE MANAGED BLOCK sender restrictions" block: | @@ -170,7 +170,7 @@ reject_unknown_client_hostname notify: Restart postfix - name: Configure HELO/EHLO restrictions - blockinfile: + ansible.builtin.blockinfile: marker: "# {mark} ANSIBLE MANAGED BLOCK HELO/EHLO restrictions" path: /etc/postfix/main.cf block: | @@ -187,7 +187,7 @@ - name: Set up HELO access whitelist block: - name: Create HELO access whitelist - lineinfile: + ansible.builtin.lineinfile: regexp: "\b{{ item.key }}\b" line: '{{ item.key }} {{ item.value }}' path: /etc/postfix/helo_access @@ -205,7 +205,7 @@ - name: Set up RBL whitelist block: - name: Create RBL whitelist - lineinfile: + ansible.builtin.lineinfile: regexp: "\b{{ item.key }}\b" line: '{{ item.key }} {{ item.value }}' path: /etc/postfix/rbl_override @@ -221,7 +221,7 @@ ansible.builtin.command: postmap /etc/postfix/rbl_override when: rbl_override is defined - name: Set Postgrey whitelist - lineinfile: + ansible.builtin.lineinfile: line: '{{ item }}' path: /etc/postfix/postgrey_whitelist_clients mode: u=rw,og=r @@ -232,7 +232,7 @@ loop: "{{ postgrey_whitelist_clients }}" notify: Restart postgrey - name: Set POSTGREY_DELAY to 1 - lineinfile: + ansible.builtin.lineinfile: regex: '^POSTGREY_DELAY=' line: 'POSTGREY_DELAY="--delay=1"' path: /etc/sysconfig/postgrey @@ -245,7 +245,7 @@ - name: Clean postfix destination ansible.builtin.command: 'postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost"' - name: Create directory for virtuals - file: + ansible.builtin.file: path: /var/vmail/ state: directory mode: u=rwX,og=rX diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index ffea685..c0c5716 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -18,7 +18,7 @@ args: creates: /var/www/postfixadmin - name: Set up postfixadmin permissions - file: + ansible.builtin.file: path: /var/www/postfixadmin/templates_c state: directory setype: httpd_sys_rw_content_t @@ -27,7 +27,7 @@ import_tasks: create_mariadb_schema.yml vars: mariadb_database: postfixadmin - mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" + mariadb_state: "{{ ('import' if reset == 'yes') | default('present') }}" register: postfixadmin_db_state - name: Set up postfixadmin DB privileges community.mysql.mysql_user: @@ -53,7 +53,7 @@ register: postfixadmin_setup_password no_log: yes - name: Create PostfixAdmin directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: u=rwX,og=rX @@ -65,7 +65,7 @@ - /etc/mail/postfixadmin - /var/lock/fetchmail - name: Render PostfixAdmin config template - template: + ansible.builtin.template: src: postfixadmin/config.local.php.j2 dest: /var/www/postfixadmin/config.local.php mode: u=rw,og=r @@ -73,7 +73,7 @@ group: root backup: yes - name: Render PostfixAdmin fetchmail config template - template: + ansible.builtin.template: src: postfixadmin/fetchmail.conf.j2 dest: /etc/mail/postfixadmin/fetchmail.conf mode: u=rw,og=r @@ -81,7 +81,7 @@ group: root backup: yes - name: Make sure log file exists for fail2ban to work - file: + ansible.builtin.file: path: /var/log/php-fpm/www-error.log state: touch owner: apache diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 6323de2..e1102ad 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -34,7 +34,7 @@ tags: - dyndns - poweradmin - file: + ansible.builtin.file: path: /var/www/poweradmin state: directory owner: apache @@ -145,7 +145,7 @@ tags: - dyndns - poweradmin - template: + ansible.builtin.template: src: poweradmin/config.inc.php.j2 dest: /var/www/poweradmin/inc/config.inc.php mode: ug=rw,o=r @@ -157,7 +157,7 @@ - name: Remove install directory tags: - poweradmin - file: + ansible.builtin.file: path: /var/www/poweradmin/install/ state: absent when: 'public_dns == "yes"' diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index 2f095b5..34f1893 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -1,6 +1,6 @@ --- - name: Create razor home directory - file: + ansible.builtin.file: path: /var/lib/razor/ state: directory - name: Create Razor account @@ -10,7 +10,7 @@ - name: Register Razor account ansible.builtin.command: razor-admin -register -home=/var/lib/razor - name: Configure SPAMAssassin options - lineinfile: + ansible.builtin.lineinfile: regexp: 'SPAMDOPTIONS' line: SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/' --razor-log-file='sys-syslog' --virtual-config-dir=/var/vmail/%d/%l/spamassassin --username=vmail" path: /etc/sysconfig/spamassassin @@ -21,7 +21,7 @@ backup: yes notify: Restart spamassassin - name: Configure SPAMAssassin milter flags - lineinfile: + ansible.builtin.lineinfile: regexp: 'EXTRA_FLAGS' line: 'EXTRA_FLAGS=" -e {{ mailserver_domain }} -u sa-milt -m -r 8 -R SPAM_ARE_NOT_ALLOWED_HERE -i 127.0.0.1 -g sa-milt -- --max-size=52428800"' path: /etc/sysconfig/spamass-milter @@ -37,7 +37,7 @@ groups: sa-milt append: yes - name: Configure SPAMAssassin rules - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item.type }} {{ item.key }}' line: '{{ item.type }} {{ item.key }} {{ item.value }}' path: /etc/mail/spamassassin/local.cf diff --git a/tasks/ssl.yml b/tasks/ssl.yml index f54b5bb..4ca14cb 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -3,7 +3,7 @@ ansible.builtin.set_fact: acme_directory: "https://acme-{{ 'staging-' if production is not defined or not production else '' }}v02.api.letsencrypt.org/directory" - name: Create Certbot config directories - file: + ansible.builtin.file: state: directory path: "/etc/letsencrypt/{{ item.path }}" owner: root @@ -96,7 +96,7 @@ # with_dict: "{{ letsencrypt_challenge.challenge_data }}" # when: letsencrypt_challenge.challenge_data is defined and public_dns == "yes" - name: Ensure LEGO environment variables for root - lineinfile: + ansible.builtin.lineinfile: path: "{{ ansible_env.HOME }}/.profile" regexp: "{{ item.key }}" line: "{{ item.key }}={{ item.value }}" @@ -116,17 +116,17 @@ PDNS_API_URL: http://127.0.0.1:8081/ PDNS_API_KEY: "{{ powerdns_api_key }}" - name: Create symlink to the full certificate chain - file: + ansible.builtin.file: path: "/etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem" src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.crt" state: link - name: Create symlink to the main certificate - file: + ansible.builtin.file: path: "/etc/letsencrypt/live/{{ mailserver_domain }}/fullchain.pem" src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.pem" state: link - name: Create symlink to the private key - file: + ansible.builtin.file: path: "/etc/letsencrypt/live/{{ mailserver_domain }}/cert.key" src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.key" state: link diff --git a/tasks/webdav.yml b/tasks/webdav.yml index e02f2fc..52065dc 100644 --- a/tasks/webdav.yml +++ b/tasks/webdav.yml @@ -1,7 +1,7 @@ --- - name: Create WebDAV directory tags: wireguard - file: + ansible.builtin.file: path: /var/www/html/webdav state: directory owner: apache @@ -9,7 +9,7 @@ mode: u=rwX,og=rX - name: Ensure WebDav certificate directory exists tags: ssl - file: + ansible.builtin.file: path: /var/www/html/webdav/.certificates owner: apache group: apache diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index c0ffd00..3c042c2 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -11,7 +11,7 @@ - iptable_nat - ip6table_nat - name: Load kernel modules at boot - lineinfile: + ansible.builtin.lineinfile: path: "/etc/modules-load.d/{{ item }}.conf" line: "{{ item }}" create: yes @@ -32,7 +32,7 @@ - "net.ipv4.ip_forward" - "net.ipv6.conf.all.forwarding" - name: Create WireGuard config directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory loop: @@ -109,7 +109,7 @@ backup: yes notify: Restart WireGuard - name: Create client config dirs - file: + ansible.builtin.file: state: directory name: "{{ wireguard.config_dir }}/clients/{{ item }}" owner: "{{ wg_configs[item]['owner'] }}" @@ -117,7 +117,7 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Generate client configs - template: + ansible.builtin.template: src: wireguard/client.conf.j2 dest: "{{ wireguard.config_dir }}/clients/{{ wg_client }}/wg0.conf" owner: "{{ wg_configs[wg_client]['owner'] }}" @@ -141,7 +141,7 @@ when: item.name is defined loop: "{{ user_info.results }}" - name: Ensure user VPN config directories exist - file: + ansible.builtin.file: path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn" owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" @@ -151,7 +151,7 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Create user VPN config dirs - file: + ansible.builtin.file: path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}" state: directory owner: "{{ wg_configs[item]['owner'] }}" @@ -173,7 +173,7 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Allow access to QR codes - file: + ansible.builtin.file: path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" @@ -335,7 +335,7 @@ - wireguard - poweradmin - postfixadmin - lineinfile: + ansible.builtin.lineinfile: path: /etc/pdns-recursor/recursor.conf line: "forward-zones+=vpn.{{ mailserver_domain }}=127.0.0.1:5301" regex: "^forward-zones+=vpn.{{ mailserver_domain }}=" @@ -348,7 +348,7 @@ tags: - dyndns - poweradmin - lineinfile: + ansible.builtin.lineinfile: path: /etc/pdns-recursor/recursor.conf line: "forward-zones+=dyndns.{{ mailserver_domain }}=127.0.0.1:5300" regex: "^forward-zones+=dyndns.{{ mailserver_domain }}=" @@ -361,7 +361,7 @@ tags: - dyndns - poweradmin - template: + ansible.builtin.template: src: dyndns/dynamic_dns_client.sh.j2 dest: "{{ wireguard.config_dir }}/clients/{{ item }}/dynamic_dns_client.sh" owner: "{{ wg_configs[item]['owner'] }}" @@ -374,7 +374,7 @@ tags: - dyndns - poweradmin - template: + ansible.builtin.template: src: dyndns/dynamic_dns_client.py.j2 dest: "{{ wireguard.config_dir }}/clients/{{ item }}/dynamic_dns_client.py" owner: "{{ wg_configs[item]['owner'] }}" @@ -391,14 +391,14 @@ notify: Restart WireGuard - name: Deploy WireGuard config loader SystemD service tags: wireguard - template: + ansible.builtin.template: src: systemd/wg_vpn.service.j2 dest: /etc/systemd/system/wg_vpn.service backup: yes notify: Restart WireGuard - name: Deploy WireGuard routing helper scripts tags: wireguard - template: + ansible.builtin.template: src: wireguard/{{ item }}.j2 dest: /etc/wireguard/helper/{{ item }} mode: ug=rwx,o=x From 5787a12f6efec039a7bd98e4cc7b9adbd1ade05f Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:43:27 +0200 Subject: [PATCH 165/181] satisfy linter --- defaults/main.yml | 3 +++ tasks/antivirus.yml | 4 ++-- tasks/dmarc.yml | 1 + tasks/generate_wireguard_keys.yml | 2 +- tasks/ldap.yml | 6 +++--- tasks/main.yml | 2 +- tasks/os.yml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 48b4dc0..4eea415 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -39,6 +39,7 @@ spamassassin_rules: - { type: "score", key: "CUSTOM_DMARC_FAIL", value: "3.0"} - type: "body" key: "BE_POLITE" + # noqa jinja[spacing] some pipes here are for regex purposes and not for Jinja2 value: > /(hi|hello|dear) ( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} @@ -76,6 +77,7 @@ spamassassin_rules: - { type: "allow_user_rules", key: "1", value: "# Allow user rules"} - type: "header" key: "SUBJECT_SPAM" + # noqa jinja[spacing] some pipes here are as plain text and not for Jinja2 value: > Subject =~ /( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} @@ -94,6 +96,7 @@ spamassassin_rules: - { type: "score", key: "SUBJECT_SPAM", value: "4.0" } - type: "header" key: "__DOMAIN_IN_TO" + # noqa jinja[spacing] some pipes here are as plain text and not for Jinja2 value: > To =~ /( {%- set domains = [mailserver_domain] %} diff --git a/tasks/antivirus.yml b/tasks/antivirus.yml index 7e08c89..2311d0f 100644 --- a/tasks/antivirus.yml +++ b/tasks/antivirus.yml @@ -1,12 +1,12 @@ --- - name: Set SELinux booleans - when: "{{ getenforce.stdout != 'Disabled' }}" + when: getenforce.stdout != 'Disabled' seboolean: name: antivirus_can_scan_system state: yes persistent: yes - name: Render AMAVISD config - template: + ansible.builtin.template: src: amavisd/amavisd.conf.j2 dest: /etc/amavisd/amavisd.conf mode: u=rw,og=r diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index 56ea69a..d5c923d 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -12,6 +12,7 @@ loop: - { key: "AuthservID", value: "OpenDMARC", comment: false } - key: "TrustedAuthservIDs" + # noqa jinja[spacing] brackets here are as an empty list value: > {%- set domains = [mailserver_domain] %} {%- for domain in custom_domains | default([]) %} diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index e9e40b4..3bea29d 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -33,4 +33,4 @@ wg_configs_json: '{"{{ wg_name }}": {"privatekey": "{{ wg_privatekey_output.stdout }}", "publickey": "{{ wg_publickey_output.stdout }}", "psk": "{{ wg_psk_output.stdout }}", "owner": "{{ wg_owner }}", "cidr": "{{ wg_cidr }}"}}' - name: "Add {{ wg_name }} to the WireGuard config array" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: - wg_configs: "{{ wg_configs|default({})|combine(wg_configs_json) }}" + wg_configs: "{{ wg_configs | default({}) | combine(wg_configs_json) }}" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index e6dfbf9..bb855c9 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -59,8 +59,8 @@ - ldap - name: Save last LDAP backup archive: - path: "{{ (ldap_backups.stdout_lines|last).split(' ')[1] }}" - dest: "/backup/ldap/LDAP_backup.{{ (ldap_backups.stdout_lines|last).split(' ')[1].split('/')|last }}.tar.bz2" + path: "{{ (ldap_backups.stdout_lines | last).split(' ')[1] }}" + dest: "/backup/ldap/LDAP_backup.{{ (ldap_backups.stdout_lines | last).split(' ')[1].split('/') | last }}.tar.bz2" format: bz2 force_archive: yes when: reset == "yes" @@ -81,5 +81,5 @@ - memberof - automember - name: Configure the memberof plugin to search all entries - ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin memberof set --scope dc={{ mailserver_domain.split('.')|join(',dc=') }}" + ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin memberof set --scope dc={{ mailserver_domain.split('.') | join(',dc=') }}" when: "dscreate_status is defined and dscreate_status.rc is defined and dscreate_status.rc == 0" diff --git a/tasks/main.yml b/tasks/main.yml index 7886246..ff55a70 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -16,7 +16,7 @@ tags: always - name: Fill authorized submit user list ansible.builtin.set_fact: - authorized_submit_users: "{{ authorized_submit_users + [ item.name ] }}" + authorized_submit_users: "{{ authorized_submit_users + [item.name] }}" loop: "{{ users }}" no_log: yes tags: always diff --git a/tasks/os.yml b/tasks/os.yml index 42670af..9a80cfc 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -3,7 +3,7 @@ shell: getenforce register: getenforce tags: always -- name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain}}" # noqa name[template] we need to be informative, even if we deviate from the standards +- name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" - name: Enable IPv6 when: ansible_default_ipv6.address is not defined From f2dee1591212704cc43ef5ee98fa1f79140dcbdc Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:48:58 +0200 Subject: [PATCH 166/181] satisfy linter --- tasks/backups.yml | 6 +++--- tasks/create_default_cname_records.yml | 2 +- tasks/dkim.yml | 4 ++-- tasks/dmarc.yml | 2 +- tasks/dns_records.yml | 4 ++-- tasks/dovecot.yml | 4 ++-- tasks/fill_default_dns_records.yml | 2 +- tasks/ftp.yml | 2 +- tasks/horde.yml | 2 +- tasks/httpd.yml | 2 +- tasks/ldap.yml | 2 +- tasks/main.yml | 2 +- tasks/os.yml | 2 +- tasks/postfix.yml | 10 +++++----- tasks/postfixadmin.yml | 2 +- tasks/poweradmin.yml | 2 +- tasks/read_wireguard_config.yml | 2 +- tasks/restore_service_tarball_backup.yml | 2 +- tasks/spamassassin.yml | 2 +- tasks/ssl.yml | 2 +- tasks/wireguard.yml | 20 ++++++++++---------- 21 files changed, 39 insertions(+), 39 deletions(-) diff --git a/tasks/backups.yml b/tasks/backups.yml index ee96407..ecd2cc5 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -156,7 +156,7 @@ ansible.builtin.command: "dsctl {{ mailserver_hostname }} stop" - name: Prepare LDAP backup when: ldap_backup_path is defined - unarchive: + ansible.builtin.unarchive: src: "{{ ldap_backup_path }}" dest: / list_files: yes @@ -169,7 +169,7 @@ when: ldap_backup_path is defined ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" - name: Restore service tarball backups - include_tasks: restore_service_tarball_backup.yml + ansible.builtin.include_tasks: restore_service_tarball_backup.yml vars: service: "{{ item }}" service_backup_path: "{{ vars[item ~ '_backup_path'] }}" @@ -184,7 +184,7 @@ - wg_vpn - name: Restore non-service tarball backups when: "{{ vars[item ~ '_backup_path'] is defined }}" - unarchive: + ansible.builtin.unarchive: src: "{{ vars[item ~ '_backup_path'] }}" dest: / remote_src: yes diff --git a/tasks/create_default_cname_records.yml b/tasks/create_default_cname_records.yml index e033d8a..de8eb7e 100644 --- a/tasks/create_default_cname_records.yml +++ b/tasks/create_default_cname_records.yml @@ -1,6 +1,6 @@ --- - name: Fill default CNAME records - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "{{ dns_zone }}" diff --git a/tasks/dkim.yml b/tasks/dkim.yml index f948188..2b54294 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -83,12 +83,12 @@ group: opendkim recurse: yes - name: Add Postfix user to the OpenDKIM group - user: + ansible.builtin.user: name: postfix groups: opendkim append: yes - name: Check DKIM TXT records - include_tasks: propagate_dkim_txt_records.yml + ansible.builtin.include_tasks: propagate_dkim_txt_records.yml vars: current_domain: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains }}" diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index d5c923d..75f5296 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -28,7 +28,7 @@ - { key: "IgnoreMailFrom", value: "{{ undeliverable_exceptions | join(',') }}", comment: false } notify: Restart opendmarc - name: Set up DMARC TXT records - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "{{ item }}" diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index 319fe5e..5b8969d 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -27,13 +27,13 @@ loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: 'public_dns == "yes"' - name: Fill DNS zone - include_tasks: fill_default_dns_records.yml + ansible.builtin.include_tasks: fill_default_dns_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains }}" when: '{{ public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) }}' - name: Create default CNAME records - include_tasks: create_default_cname_records.yml + ansible.builtin.include_tasks: create_default_cname_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] }}" diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 1f7c653..2f47bc5 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -1,6 +1,6 @@ --- - name: Open firewall - include_tasks: firewall.yml + ansible.builtin.include_tasks: firewall.yml vars: port: "{{ item }}" loop: @@ -59,7 +59,7 @@ - { key: "ssl_prefer_server_ciphers", value: "yes" } notify: Restart dovecot - name: Add Dovecot user to the mail and apache groups - user: + ansible.builtin.user: name: dovecot groups: mail,apache append: yes diff --git a/tasks/fill_default_dns_records.yml b/tasks/fill_default_dns_records.yml index b0506be..a610b24 100644 --- a/tasks/fill_default_dns_records.yml +++ b/tasks/fill_default_dns_records.yml @@ -1,6 +1,6 @@ --- - name: Fill default DNS records - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: empty_apostrophes: "''" record: diff --git a/tasks/ftp.yml b/tasks/ftp.yml index c91f139..eef457b 100644 --- a/tasks/ftp.yml +++ b/tasks/ftp.yml @@ -1,6 +1,6 @@ --- - name: Open firewall - include_tasks: firewall.yml + ansible.builtin.include_tasks: firewall.yml vars: port: "{{ item }}" loop: diff --git a/tasks/horde.yml b/tasks/horde.yml index af69033..1bb641b 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -76,7 +76,7 @@ - REPLACE INTO `horde_perms` (`perm_id`, `perm_name`, `perm_parents`, `perm_data`) VALUES (3,'wicked',NULL,'a:2:{s:4:\"type\";s:6:\"matrix\";s:7:\"default\";i:14;}'),(4,'wicked:pages',':3','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(5,'wicked:pages:AllPages',':3:4','a:1:{s:4:\"type\";s:6:\"matrix\";}'),(6,'horde',NULL,'a:1:{s:4:\"type\";s:6:\"matrix\";}'),(7,'horde:activesync',':6','a:2:{s:4:\"type\";s:7:\"boolean\";s:7:\"default\";b:1;}'),(8,'horde:activesync:provisioning',':6:7','a:3:{s:4:\"type\";s:4:\"enum\";s:6:\"params\";a:1:{i:0;a:4:{i:0;s:0:\"\";s:4:\"true\";s:6:\"Enable\";s:5:\"allow\";s:31:\"Allow non-provisionable devices\";s:5:\"false\";s:25:\"Disable (not recommended)\";}}s:7:\"default\";s:5:\"allow\";}'); no_log: yes - name: Fetch themes - unarchive: + ansible.builtin.unarchive: src: http://eph.dk/horde-addons/5.2/combined-1.0.0.zip dest: /tmp remote_src: yes diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 8001fb1..77624fd 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -7,7 +7,7 @@ - poweradmin - wireguard - webdav - include_tasks: firewall.yml + ansible.builtin.include_tasks: firewall.yml vars: port: "{{ item }}" loop: diff --git a/tasks/ldap.yml b/tasks/ldap.yml index bb855c9..3bd3021 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -12,7 +12,7 @@ # system: yes # gid: 55 # - name: Add ldap user -# user: +# ansible.builtin.user: # name: ldap # group: ldap # create_home: yes diff --git a/tasks/main.yml b/tasks/main.yml index ff55a70..edb64b9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -76,7 +76,7 @@ import_tasks: dovecot.yml tags: dovecot - name: Sync old IMAP account - include_tasks: imapsync.yml + ansible.builtin.include_tasks: imapsync.yml loop: "{{ users }}" loop_control: loop_var: current_user diff --git a/tasks/os.yml b/tasks/os.yml index 9a80cfc..5b9ea38 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -62,7 +62,7 @@ state: present backup: yes - name: Create OS users - user: + ansible.builtin.user: name: "{{ item.name }}" password: "{{ item.password | password_hash('sha512')| default(lookup('password', '/tmp/ansible-mailserver-install.' + item.name + '_password chars=ascii_letters,digits,punctuation')) }}" groups: "{{ 'wheel' if item.name == mailserver_admin_user }}" diff --git a/tasks/postfix.yml b/tasks/postfix.yml index f401605..6beef3c 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -1,18 +1,18 @@ --- - name: Add vmail group - group: + ansible.builtin.group: name: vmail system: yes gid: 2000 - name: Add vmail user - user: + ansible.builtin.user: name: vmail group: vmail create_home: no system: yes uid: 2000 - name: Open firewall - include_tasks: firewall.yml + ansible.builtin.include_tasks: firewall.yml vars: port: "{{ item }}" loop: @@ -20,11 +20,11 @@ - smtp-submission - smtps - name: Create policyd-spf group - group: + ansible.builtin.group: name: policyd-spf state: present - name: Create policyd-spf user - user: + ansible.builtin.user: name: policyd-spf group: policyd-spf create_home: no diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index c0c5716..e945bea 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -9,7 +9,7 @@ ansible.builtin.set_fact: postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-','') }}" - name: Unpack postfixadmin - unarchive: + ansible.builtin.unarchive: src: "https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-{{ postfixadmin_version }}.tar.gz" dest: /var/www/ remote_src: yes diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index e1102ad..487e01a 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -17,7 +17,7 @@ tags: - dyndns - poweradmin - unarchive: + ansible.builtin.unarchive: src: "https://github.com/poweradmin/poweradmin/archive/v{{ poweradmin_version }}.tar.gz" dest: /var/www/ remote_src: yes diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml index 0e29729..9d401e7 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/read_wireguard_config.yml @@ -16,7 +16,7 @@ - ansible.builtin.debug: var: wg_config_lines - name: Gather WireGuard config sections - include_tasks: gather_wireguard_config_sections.yml + ansible.builtin.include_tasks: gather_wireguard_config_sections.yml vars: wireguard_config_line: "{{ item }}" loop: "{{ wireguard_config_lines }}" diff --git a/tasks/restore_service_tarball_backup.yml b/tasks/restore_service_tarball_backup.yml index 736abb8..0dc5f45 100644 --- a/tasks/restore_service_tarball_backup.yml +++ b/tasks/restore_service_tarball_backup.yml @@ -7,7 +7,7 @@ state: stopped - name: "Restore {{ service }} backup" # noqa name[template] we need to be informative, even if we deviate from the standards when: service_backup_path is defined - unarchive: + ansible.builtin.unarchive: src: "{{ service_backup_path }}" dest: / remote_src: yes diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index 34f1893..9a45cf9 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -32,7 +32,7 @@ backup: yes notify: Restart spamass-milter - name: Add Postfix user to the sa-milt group - user: + ansible.builtin.user: name: postfix groups: sa-milt append: yes diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 4ca14cb..5f1f27e 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -82,7 +82,7 @@ # data: "{{ letsencrypt_challenge }}" # when: letsencrypt_challenge.changed is true # - name: Clean up Let's Encrypt TXT records -# include_tasks: delete_dns_record.yml +# ansible.builtin.include_tasks: delete_dns_record.yml # vars: # record: # zone: "{{ challenge_item.key|replace('*.', '') }}" diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 3c042c2..3fcf37d 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -77,7 +77,7 @@ wg_owner: root wg_cidr: "{{ wireguard.ipv4_pool.split('/') | first | replace('.0','.1') ~ ', ' ~ wireguard.ipv6_pool.split('/') | first | replace(':0',':1') }}" - name: Define read client values - include_tasks: define_vpn_clients.yml + ansible.builtin.include_tasks: define_vpn_clients.yml vars: current_ipv4: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$','.' ~ next_ip_segment) }}" current_ipv6: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$',':' ~ next_ip_segment) }}" @@ -87,7 +87,7 @@ loop_control: loop_var: vpn_user - name: Generate WireGuard client keys - include_tasks: generate_wireguard_keys.yml + ansible.builtin.include_tasks: generate_wireguard_keys.yml vars: wg_name: "{{ item.name }}" wg_privatekey: "{{ item.privatekey | default('') }}" @@ -128,7 +128,7 @@ loop_var: wg_client when: wg_client != "server" - name: Collect user info - user: + ansible.builtin.user: name: "{{ wg_configs[wg_client]['owner'] }}" register: user_info loop: "{{ wg_configs.keys() }}" @@ -183,7 +183,7 @@ tags: - dyndns - poweradmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "{{ mailserver_domain }}" @@ -222,7 +222,7 @@ tags: - dyndns - poweradmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -236,7 +236,7 @@ tags: - dyndns - poweradmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -274,7 +274,7 @@ tags: - wireguard - poweradmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -288,7 +288,7 @@ tags: - wireguard - poweradmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -303,7 +303,7 @@ - wireguard - poweradmin - postfixadmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -319,7 +319,7 @@ - wireguard - poweradmin - postfixadmin - include_tasks: add_dns_record.yml + ansible.builtin.include_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" From c9798e55752c0b86ac60c14b62c49006e9b76aaa Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:51:43 +0200 Subject: [PATCH 167/181] satisfy linter --- tasks/backups.yml | 2 +- tasks/create_mariadb_schema.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/backups.yml b/tasks/backups.yml index ecd2cc5..abd721d 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -173,7 +173,7 @@ vars: service: "{{ item }}" service_backup_path: "{{ vars[item ~ '_backup_path'] }}" - when: "{{ vars[item ~ '_backup_path'] is defined }}" + when: vars[item ~ '_backup_path'] is defined loop: - opendkim - opendmarc diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index 17d7887..eea5ecb 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -1,5 +1,6 @@ --- - name: "Upload {{ mariadb_database }} DB schema" # noqa name[template] we need to be informative, even if we deviate from the standards + # noqa risky-file-permissions this is a temporary file and wil be discarded at the first reboot, no need to secure it ansible.builtin.copy: src: "mariadb/{{ mariadb_database }}_schema.sql" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" From d431fe831073d8f5c571047e0cc927c0a13a8b73 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 21:59:13 +0200 Subject: [PATCH 168/181] port is port --- tasks/dkim.yml | 2 +- tasks/dmarc.yml | 4 +-- tasks/dns.yml | 16 +++++----- tasks/dovecot.yml | 4 +-- tasks/ftp.yml | 2 +- tasks/horde.yml | 2 +- tasks/httpd.yml | 2 +- tasks/ldap.yml | 4 +-- tasks/main.yml | 44 ++++++++++++++-------------- tasks/os.yml | 4 +-- tasks/pdns.yml | 4 +-- tasks/postfix.yml | 4 +-- tasks/postfixadmin.yml | 4 +-- tasks/propagate_dkim_txt_records.yml | 6 ++-- tasks/propagate_ssl_txt_records.yml | 2 +- tasks/ssl.yml | 2 +- tasks/wireguard.yml | 16 +++++----- 17 files changed, 61 insertions(+), 61 deletions(-) diff --git a/tasks/dkim.yml b/tasks/dkim.yml index 2b54294..aec32e1 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -1,6 +1,6 @@ --- # - name: Open firewall -# import_tasks: firewall.yml +# ansible.builtin.import_tasks:: firewall.yml # vars: # port: 8891/tcp - name: Configure OpenDKIM diff --git a/tasks/dmarc.yml b/tasks/dmarc.yml index 75f5296..4d89a7f 100644 --- a/tasks/dmarc.yml +++ b/tasks/dmarc.yml @@ -46,5 +46,5 @@ state: restarted when: 'public_dns == "yes"' - name: Wait for DNS to listen - wait_for: - port: 53 + ansible.builtin.wait_for: + port: 53 # noqa var-naming[no-reserved] we refer to a port here, so I call it a port diff --git a/tasks/dns.yml b/tasks/dns.yml index 5000eca..062a46c 100644 --- a/tasks/dns.yml +++ b/tasks/dns.yml @@ -1,19 +1,19 @@ --- - name: Open firewall - import_tasks: firewall.yml + ansible.builtin.import_tasks:: firewall.yml vars: - port: dns + port: dns # noqa var-naming[no-reserved] we refer to a port here, so I call it a port when: 'public_dns == "yes"' - name: Configure local DNS cache - import_tasks: local_dns_cache.yml + ansible.builtin.import_tasks:: local_dns_cache.yml - name: Configure PowerDNS - import_tasks: pdns.yml + ansible.builtin.import_tasks:: pdns.yml - name: Set up DNS records - import_tasks: dns_records.yml + ansible.builtin.import_tasks:: dns_records.yml - name: Configure PowerDNS recursor - import_tasks: pdns_recursor.yml + ansible.builtin.import_tasks:: pdns_recursor.yml - name: Configure DNSDist - import_tasks: dnsdist.yml + ansible.builtin.import_tasks:: dnsdist.yml - name: Make sure PowerDNS is running ansible.builtin.systemd_service: name: pdns @@ -35,7 +35,7 @@ state: started when: 'public_dns == "yes"' - name: Configure PowerAdmin - import_tasks: poweradmin.yml + ansible.builtin.import_tasks:: poweradmin.yml tags: - dyndns - poweradmin diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 2f47bc5..3b2cc9b 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -2,14 +2,14 @@ - name: Open firewall ansible.builtin.include_tasks: firewall.yml vars: - port: "{{ item }}" + port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: - imap - imaps - pop3 - pop3s - name: Automatically restart services - import_tasks: autorestart.yml + ansible.builtin.import_tasks:: autorestart.yml vars: service: dovecot - name: Configure Dovecot protocols diff --git a/tasks/ftp.yml b/tasks/ftp.yml index eef457b..76e2342 100644 --- a/tasks/ftp.yml +++ b/tasks/ftp.yml @@ -2,7 +2,7 @@ - name: Open firewall ansible.builtin.include_tasks: firewall.yml vars: - port: "{{ item }}" + port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: - 989-990/tcp - 40000-50000/tcp diff --git a/tasks/horde.yml b/tasks/horde.yml index 1bb641b..3e85178 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -52,7 +52,7 @@ - { app: '', mode: 'ug=rw' } # - { app: 'kronolith', mode: 'u=rw' } - name: Create horde DB schema - import_tasks: create_mariadb_schema.yml + ansible.builtin.import_tasks:: create_mariadb_schema.yml vars: mariadb_database: horde mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 77624fd..c581aa0 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -9,7 +9,7 @@ - webdav ansible.builtin.include_tasks: firewall.yml vars: - port: "{{ item }}" + port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: - http - https diff --git a/tasks/ldap.yml b/tasks/ldap.yml index 3bd3021..ae5e667 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -1,8 +1,8 @@ --- # - name: Open firewall -# import_tasks: firewall.yml +# ansible.builtin.import_tasks:: firewall.yml # vars: -# port: "{{ item }}" +# port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port # loop: # - ldap # - ldaps diff --git a/tasks/main.yml b/tasks/main.yml index edb64b9..07cf597 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -21,37 +21,37 @@ no_log: yes tags: always - name: Configure OS - import_tasks: os.yml + ansible.builtin.import_tasks:: os.yml tags: os - name: Configure MariaDB - import_tasks: mariadb.yml + ansible.builtin.import_tasks:: mariadb.yml tags: mariadb - name: Configure DNS - import_tasks: dns.yml + ansible.builtin.import_tasks:: dns.yml tags: - dns - poweradmin - dyndns - name: Configure PostfixAdmin - import_tasks: postfixadmin.yml + ansible.builtin.import_tasks:: postfixadmin.yml tags: postfixadmin - name: Set up SSL - import_tasks: ssl.yml + ansible.builtin.import_tasks:: ssl.yml tags: ssl - name: Configure LDAP - import_tasks: ldap.yml + ansible.builtin.import_tasks:: ldap.yml tags: ldap - name: Set up Horde - import_tasks: horde.yml + ansible.builtin.import_tasks:: horde.yml tags: horde - name: Set up ElasticSearch - import_tasks: elasticsearch.yml + ansible.builtin.import_tasks:: elasticsearch.yml tags: elasticsearch - name: Set up FTP - import_tasks: ftp.yml + ansible.builtin.import_tasks:: ftp.yml tags: ftp - name: Configure Apache - import_tasks: httpd.yml + ansible.builtin.import_tasks:: httpd.yml tags: - httpd - dyndns @@ -61,19 +61,19 @@ - wireguard - webdav - name: Set up SPAMAssassin - import_tasks: spamassassin.yml + ansible.builtin.import_tasks:: spamassassin.yml tags: spamassassin - name: Configure Antivirus - import_tasks: antivirus.yml + ansible.builtin.import_tasks:: antivirus.yml tags: antivirus - name: Configure Redis - import_tasks: redis.yml + ansible.builtin.import_tasks:: redis.yml tags: redis - name: Configure Postfix - import_tasks: postfix.yml + ansible.builtin.import_tasks:: postfix.yml tags: postfix - name: Configure Dovecot - import_tasks: dovecot.yml + ansible.builtin.import_tasks:: dovecot.yml tags: dovecot - name: Sync old IMAP account ansible.builtin.include_tasks: imapsync.yml @@ -85,27 +85,27 @@ no_log: yes tags: imapsync - name: Set up DKIM - import_tasks: dkim.yml + ansible.builtin.import_tasks:: dkim.yml tags: dkim - name: Set up DMARC - import_tasks: dmarc.yml + ansible.builtin.import_tasks:: dmarc.yml tags: dmarc - name: Set up MongoDB - import_tasks: mongodb.yml + ansible.builtin.import_tasks:: mongodb.yml tags: mongodb - name: Set up WebDav - import_tasks: webdav.yml + ansible.builtin.import_tasks:: webdav.yml tags: webdav - name: Set up WireGuard - import_tasks: wireguard.yml + ansible.builtin.import_tasks:: wireguard.yml tags: - wireguard - dyndns - poweradmin - postfixadmin - name: Set up backups - import_tasks: backups.yml + ansible.builtin.import_tasks:: backups.yml tags: backup - name: Configure fail2ban - import_tasks: fail2ban.yml + ansible.builtin.import_tasks:: fail2ban.yml tags: fail2ban diff --git a/tasks/os.yml b/tasks/os.yml index 5b9ea38..8bc740e 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -28,7 +28,7 @@ - name: Install requiremets block: - name: Install packages - import_tasks: packages.yml + ansible.builtin.import_tasks:: packages.yml rescue: - name: Find repo configs find: @@ -50,7 +50,7 @@ validate: "grep '^baseurl=http://vault.centos.org' %s" loop: "{{ repo_files.files }}" - name: Install packages - import_tasks: packages.yml + ansible.builtin.import_tasks:: packages.yml - name: Set up OS mail aliases ansible.builtin.lineinfile: path: /etc/aliases diff --git a/tasks/pdns.yml b/tasks/pdns.yml index 4ab0ee9..c791f6d 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -1,6 +1,6 @@ --- - name: Create PowerDNS DB - import_tasks: create_mariadb_schema.yml + ansible.builtin.import_tasks:: create_mariadb_schema.yml vars: mariadb_database: powerdnsdb mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" @@ -16,7 +16,7 @@ no_log: yes when: 'public_dns == "yes"' # - name: Fill PowerDNS DB with data -# import_tasks: fill_mariadb_data.yml +# ansible.builtin.import_tasks:: fill_mariadb_data.yml # vars: # mariadb_database: # db: powerdnsdb diff --git a/tasks/postfix.yml b/tasks/postfix.yml index 6beef3c..251ab50 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -14,7 +14,7 @@ - name: Open firewall ansible.builtin.include_tasks: firewall.yml vars: - port: "{{ item }}" + port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: - smtp - smtp-submission @@ -32,7 +32,7 @@ - name: Apply mail aliases ansible.builtin.command: newaliases - name: Set up automatic restart of services - import_tasks: autorestart.yml + ansible.builtin.import_tasks:: autorestart.yml vars: service: postfix - name: Deploy Postfix master config diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index e945bea..c0fb50e 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -24,7 +24,7 @@ setype: httpd_sys_rw_content_t recurse: yes - name: Create postfixadmin DB schema - import_tasks: create_mariadb_schema.yml + ansible.builtin.import_tasks:: create_mariadb_schema.yml vars: mariadb_database: postfixadmin mariadb_state: "{{ ('import' if reset == 'yes') | default('present') }}" @@ -39,7 +39,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Fill postfixadmin DB with data - import_tasks: fill_mariadb_data.yml + ansible.builtin.import_tasks:: fill_mariadb_data.yml vars: mariadb_database: db: postfixadmin diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 6141bc1..95b94dc 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -7,7 +7,7 @@ desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "{{ domain_item }}" @@ -28,8 +28,8 @@ - dnsdist when: 'public_dns == "yes"' - name: Wait for DNS server to come up - wait_for: - port: "{{ item }}" + ansible.builtin.wait_for: + port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port loop: - 5300 - 5301 diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 68f1569..3953f4e 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -1,6 +1,6 @@ --- - name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "{{ challenge_item.key|replace('*.', '') }}" diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 5f1f27e..ed39c3c 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -62,7 +62,7 @@ # remaining_days: 60 # register: letsencrypt_challenge # - name: Check Let's Encrypt TXT records -# import_tasks: propagate_ssl_txt_records.yml +# ansible.builtin.import_tasks:: propagate_ssl_txt_records.yml # with_dict: "{{ letsencrypt_challenge.challenge_data }}" # loop_control: # loop_var: challenge_item diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 3fcf37d..4eab83f 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -1,8 +1,8 @@ --- - name: Open firewall - import_tasks: firewall.yml + ansible.builtin.import_tasks:: firewall.yml vars: - port: "{{ wireguard.listen_port }}/udp" + port: "{{ wireguard.listen_port }}/udp" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Load kernel modules community.general.modprobe: name: "{{ item }}" @@ -52,7 +52,7 @@ - "{{ wireguard.config_dir }}" - /var/www/html/.vpn - name: Read WireGuard server config - import_tasks: read_wireguard_config.yml + ansible.builtin.import_tasks:: read_wireguard_config.yml vars: wg_config_file: "{{ wireguard.config_dir }}/{{ wireguard.interface }}.conf" - name: Define read server values @@ -69,7 +69,7 @@ ansible.builtin.set_fact: next_ip_segment: 2 - name: Generate WireGuard server keys - import_tasks: generate_wireguard_keys.yml + ansible.builtin.import_tasks:: generate_wireguard_keys.yml vars: wg_name: "server" wg_privatekey: "{{ wg_server.privatekey | default('') }}" @@ -198,7 +198,7 @@ tags: - dyndns - poweradmin - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -210,7 +210,7 @@ tags: - dyndns - poweradmin - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -250,7 +250,7 @@ tags: - wireguard - poweradmin - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -262,7 +262,7 @@ tags: - wireguard - poweradmin - import_tasks: add_dns_record.yml + ansible.builtin.import_tasks:: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" From 8b084bb39925f32b6eef2b72f831dc49123e63e0 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 22:02:55 +0200 Subject: [PATCH 169/181] fix spacing --- tasks/dkim.yml | 2 +- tasks/os.yml | 2 +- tasks/pdns_recursor.yml | 4 ++-- tasks/postfixadmin.yml | 2 +- tasks/poweradmin.yml | 8 ++++---- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tasks/dkim.yml b/tasks/dkim.yml index aec32e1..0986808 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -2,7 +2,7 @@ # - name: Open firewall # ansible.builtin.import_tasks:: firewall.yml # vars: -# port: 8891/tcp +# port: 8891/tcp # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Configure OpenDKIM ansible.builtin.lineinfile: regexp: '{{ item.key }}' diff --git a/tasks/os.yml b/tasks/os.yml index 8bc740e..ac5f24e 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -64,7 +64,7 @@ - name: Create OS users ansible.builtin.user: name: "{{ item.name }}" - password: "{{ item.password | password_hash('sha512')| default(lookup('password', '/tmp/ansible-mailserver-install.' + item.name + '_password chars=ascii_letters,digits,punctuation')) }}" + password: "{{ item.password | password_hash('sha512') | default(lookup('password', '/tmp/ansible-mailserver-install.' + item.name + '_password chars=ascii_letters,digits,punctuation')) }}" groups: "{{ 'wheel' if item.name == mailserver_admin_user }}" append: yes state: present diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index bad707c..201693c 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -41,8 +41,8 @@ path: /etc/hosts backup: yes loop: - - "{{ wireguard.ipv4_pool|split('/')|first|regex_replace('\\.0$', '.1') }}" - - "{{ wireguard.ipv6_pool|split('/')|first|regex_replace('\\:0$', ':1') }}" + - "{{ wireguard.ipv4_pool | split('/') | first | regex_replace('\\.0$', '.1') }}" + - "{{ wireguard.ipv6_pool | split('/') | first | regex_replace('\\:0$', ':1') }}" when: wireguard is defined notify: Restart pdns-recursor - name: Configure PowerDNS recursor to forward custom domains diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index c0fb50e..4eccbd0 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -7,7 +7,7 @@ register: postfixadmin_download_site - name: Parse version ansible.builtin.set_fact: - postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-','') }}" + postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-', '') }}" - name: Unpack postfixadmin ansible.builtin.unarchive: src: "https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-{{ postfixadmin_version }}.tar.gz" diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 487e01a..fb9ab7b 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -83,8 +83,8 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" no_log: yes when: 'public_dns == "yes"' @@ -105,8 +105,8 @@ - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password|password_hash("blowfish")|replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) + - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" no_log: yes when: 'public_dns == "yes"' From 18df188200f5245c0c69b15a57b76f88d7efb399 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 22:06:05 +0200 Subject: [PATCH 170/181] remove accidental duplicate colons --- tasks/dkim.yml | 2 +- tasks/dns.yml | 14 ++++----- tasks/dovecot.yml | 2 +- tasks/horde.yml | 2 +- tasks/ldap.yml | 2 +- tasks/main.yml | 44 ++++++++++++++-------------- tasks/os.yml | 4 +-- tasks/pdns.yml | 4 +-- tasks/postfix.yml | 2 +- tasks/postfixadmin.yml | 4 +-- tasks/propagate_dkim_txt_records.yml | 2 +- tasks/ssl.yml | 2 +- tasks/wireguard.yml | 14 ++++----- 13 files changed, 49 insertions(+), 49 deletions(-) diff --git a/tasks/dkim.yml b/tasks/dkim.yml index 0986808..46c25d9 100644 --- a/tasks/dkim.yml +++ b/tasks/dkim.yml @@ -1,6 +1,6 @@ --- # - name: Open firewall -# ansible.builtin.import_tasks:: firewall.yml +# ansible.builtin.import_tasks: firewall.yml # vars: # port: 8891/tcp # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Configure OpenDKIM diff --git a/tasks/dns.yml b/tasks/dns.yml index 062a46c..cc874e1 100644 --- a/tasks/dns.yml +++ b/tasks/dns.yml @@ -1,19 +1,19 @@ --- - name: Open firewall - ansible.builtin.import_tasks:: firewall.yml + ansible.builtin.import_tasks: firewall.yml vars: port: dns # noqa var-naming[no-reserved] we refer to a port here, so I call it a port when: 'public_dns == "yes"' - name: Configure local DNS cache - ansible.builtin.import_tasks:: local_dns_cache.yml + ansible.builtin.import_tasks: local_dns_cache.yml - name: Configure PowerDNS - ansible.builtin.import_tasks:: pdns.yml + ansible.builtin.import_tasks: pdns.yml - name: Set up DNS records - ansible.builtin.import_tasks:: dns_records.yml + ansible.builtin.import_tasks: dns_records.yml - name: Configure PowerDNS recursor - ansible.builtin.import_tasks:: pdns_recursor.yml + ansible.builtin.import_tasks: pdns_recursor.yml - name: Configure DNSDist - ansible.builtin.import_tasks:: dnsdist.yml + ansible.builtin.import_tasks: dnsdist.yml - name: Make sure PowerDNS is running ansible.builtin.systemd_service: name: pdns @@ -35,7 +35,7 @@ state: started when: 'public_dns == "yes"' - name: Configure PowerAdmin - ansible.builtin.import_tasks:: poweradmin.yml + ansible.builtin.import_tasks: poweradmin.yml tags: - dyndns - poweradmin diff --git a/tasks/dovecot.yml b/tasks/dovecot.yml index 3b2cc9b..231eac8 100644 --- a/tasks/dovecot.yml +++ b/tasks/dovecot.yml @@ -9,7 +9,7 @@ - pop3 - pop3s - name: Automatically restart services - ansible.builtin.import_tasks:: autorestart.yml + ansible.builtin.import_tasks: autorestart.yml vars: service: dovecot - name: Configure Dovecot protocols diff --git a/tasks/horde.yml b/tasks/horde.yml index 3e85178..75505a1 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -52,7 +52,7 @@ - { app: '', mode: 'ug=rw' } # - { app: 'kronolith', mode: 'u=rw' } - name: Create horde DB schema - ansible.builtin.import_tasks:: create_mariadb_schema.yml + ansible.builtin.import_tasks: create_mariadb_schema.yml vars: mariadb_database: horde mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index ae5e667..c5d03b8 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -1,6 +1,6 @@ --- # - name: Open firewall -# ansible.builtin.import_tasks:: firewall.yml +# ansible.builtin.import_tasks: firewall.yml # vars: # port: "{{ item }}" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port # loop: diff --git a/tasks/main.yml b/tasks/main.yml index 07cf597..aaabe64 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -21,37 +21,37 @@ no_log: yes tags: always - name: Configure OS - ansible.builtin.import_tasks:: os.yml + ansible.builtin.import_tasks: os.yml tags: os - name: Configure MariaDB - ansible.builtin.import_tasks:: mariadb.yml + ansible.builtin.import_tasks: mariadb.yml tags: mariadb - name: Configure DNS - ansible.builtin.import_tasks:: dns.yml + ansible.builtin.import_tasks: dns.yml tags: - dns - poweradmin - dyndns - name: Configure PostfixAdmin - ansible.builtin.import_tasks:: postfixadmin.yml + ansible.builtin.import_tasks: postfixadmin.yml tags: postfixadmin - name: Set up SSL - ansible.builtin.import_tasks:: ssl.yml + ansible.builtin.import_tasks: ssl.yml tags: ssl - name: Configure LDAP - ansible.builtin.import_tasks:: ldap.yml + ansible.builtin.import_tasks: ldap.yml tags: ldap - name: Set up Horde - ansible.builtin.import_tasks:: horde.yml + ansible.builtin.import_tasks: horde.yml tags: horde - name: Set up ElasticSearch - ansible.builtin.import_tasks:: elasticsearch.yml + ansible.builtin.import_tasks: elasticsearch.yml tags: elasticsearch - name: Set up FTP - ansible.builtin.import_tasks:: ftp.yml + ansible.builtin.import_tasks: ftp.yml tags: ftp - name: Configure Apache - ansible.builtin.import_tasks:: httpd.yml + ansible.builtin.import_tasks: httpd.yml tags: - httpd - dyndns @@ -61,19 +61,19 @@ - wireguard - webdav - name: Set up SPAMAssassin - ansible.builtin.import_tasks:: spamassassin.yml + ansible.builtin.import_tasks: spamassassin.yml tags: spamassassin - name: Configure Antivirus - ansible.builtin.import_tasks:: antivirus.yml + ansible.builtin.import_tasks: antivirus.yml tags: antivirus - name: Configure Redis - ansible.builtin.import_tasks:: redis.yml + ansible.builtin.import_tasks: redis.yml tags: redis - name: Configure Postfix - ansible.builtin.import_tasks:: postfix.yml + ansible.builtin.import_tasks: postfix.yml tags: postfix - name: Configure Dovecot - ansible.builtin.import_tasks:: dovecot.yml + ansible.builtin.import_tasks: dovecot.yml tags: dovecot - name: Sync old IMAP account ansible.builtin.include_tasks: imapsync.yml @@ -85,27 +85,27 @@ no_log: yes tags: imapsync - name: Set up DKIM - ansible.builtin.import_tasks:: dkim.yml + ansible.builtin.import_tasks: dkim.yml tags: dkim - name: Set up DMARC - ansible.builtin.import_tasks:: dmarc.yml + ansible.builtin.import_tasks: dmarc.yml tags: dmarc - name: Set up MongoDB - ansible.builtin.import_tasks:: mongodb.yml + ansible.builtin.import_tasks: mongodb.yml tags: mongodb - name: Set up WebDav - ansible.builtin.import_tasks:: webdav.yml + ansible.builtin.import_tasks: webdav.yml tags: webdav - name: Set up WireGuard - ansible.builtin.import_tasks:: wireguard.yml + ansible.builtin.import_tasks: wireguard.yml tags: - wireguard - dyndns - poweradmin - postfixadmin - name: Set up backups - ansible.builtin.import_tasks:: backups.yml + ansible.builtin.import_tasks: backups.yml tags: backup - name: Configure fail2ban - ansible.builtin.import_tasks:: fail2ban.yml + ansible.builtin.import_tasks: fail2ban.yml tags: fail2ban diff --git a/tasks/os.yml b/tasks/os.yml index ac5f24e..7440d7d 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -28,7 +28,7 @@ - name: Install requiremets block: - name: Install packages - ansible.builtin.import_tasks:: packages.yml + ansible.builtin.import_tasks: packages.yml rescue: - name: Find repo configs find: @@ -50,7 +50,7 @@ validate: "grep '^baseurl=http://vault.centos.org' %s" loop: "{{ repo_files.files }}" - name: Install packages - ansible.builtin.import_tasks:: packages.yml + ansible.builtin.import_tasks: packages.yml - name: Set up OS mail aliases ansible.builtin.lineinfile: path: /etc/aliases diff --git a/tasks/pdns.yml b/tasks/pdns.yml index c791f6d..4129bea 100644 --- a/tasks/pdns.yml +++ b/tasks/pdns.yml @@ -1,6 +1,6 @@ --- - name: Create PowerDNS DB - ansible.builtin.import_tasks:: create_mariadb_schema.yml + ansible.builtin.import_tasks: create_mariadb_schema.yml vars: mariadb_database: powerdnsdb mariadb_state: "{{ ('import' if reset == 'yes')|default('present') }}" @@ -16,7 +16,7 @@ no_log: yes when: 'public_dns == "yes"' # - name: Fill PowerDNS DB with data -# ansible.builtin.import_tasks:: fill_mariadb_data.yml +# ansible.builtin.import_tasks: fill_mariadb_data.yml # vars: # mariadb_database: # db: powerdnsdb diff --git a/tasks/postfix.yml b/tasks/postfix.yml index 251ab50..d9845b2 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -32,7 +32,7 @@ - name: Apply mail aliases ansible.builtin.command: newaliases - name: Set up automatic restart of services - ansible.builtin.import_tasks:: autorestart.yml + ansible.builtin.import_tasks: autorestart.yml vars: service: postfix - name: Deploy Postfix master config diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 4eccbd0..de27fd0 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -24,7 +24,7 @@ setype: httpd_sys_rw_content_t recurse: yes - name: Create postfixadmin DB schema - ansible.builtin.import_tasks:: create_mariadb_schema.yml + ansible.builtin.import_tasks: create_mariadb_schema.yml vars: mariadb_database: postfixadmin mariadb_state: "{{ ('import' if reset == 'yes') | default('present') }}" @@ -39,7 +39,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Fill postfixadmin DB with data - ansible.builtin.import_tasks:: fill_mariadb_data.yml + ansible.builtin.import_tasks: fill_mariadb_data.yml vars: mariadb_database: db: postfixadmin diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 95b94dc..8120b1c 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -7,7 +7,7 @@ desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "{{ domain_item }}" diff --git a/tasks/ssl.yml b/tasks/ssl.yml index ed39c3c..c165d67 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -62,7 +62,7 @@ # remaining_days: 60 # register: letsencrypt_challenge # - name: Check Let's Encrypt TXT records -# ansible.builtin.import_tasks:: propagate_ssl_txt_records.yml +# ansible.builtin.import_tasks: propagate_ssl_txt_records.yml # with_dict: "{{ letsencrypt_challenge.challenge_data }}" # loop_control: # loop_var: challenge_item diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 4eab83f..a82adc9 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -1,6 +1,6 @@ --- - name: Open firewall - ansible.builtin.import_tasks:: firewall.yml + ansible.builtin.import_tasks: firewall.yml vars: port: "{{ wireguard.listen_port }}/udp" # noqa var-naming[no-reserved] we refer to a port here, so I call it a port - name: Load kernel modules @@ -52,7 +52,7 @@ - "{{ wireguard.config_dir }}" - /var/www/html/.vpn - name: Read WireGuard server config - ansible.builtin.import_tasks:: read_wireguard_config.yml + ansible.builtin.import_tasks: read_wireguard_config.yml vars: wg_config_file: "{{ wireguard.config_dir }}/{{ wireguard.interface }}.conf" - name: Define read server values @@ -69,7 +69,7 @@ ansible.builtin.set_fact: next_ip_segment: 2 - name: Generate WireGuard server keys - ansible.builtin.import_tasks:: generate_wireguard_keys.yml + ansible.builtin.import_tasks: generate_wireguard_keys.yml vars: wg_name: "server" wg_privatekey: "{{ wg_server.privatekey | default('') }}" @@ -198,7 +198,7 @@ tags: - dyndns - poweradmin - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -210,7 +210,7 @@ tags: - dyndns - poweradmin - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "dyndns.{{ mailserver_domain }}" @@ -250,7 +250,7 @@ tags: - wireguard - poweradmin - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" @@ -262,7 +262,7 @@ tags: - wireguard - poweradmin - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "vpn.{{ mailserver_domain }}" From 786f7bba88b4c81de985345e6c2047ab1b8e0951 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 22:15:01 +0200 Subject: [PATCH 171/181] sort out FQCNs --- tasks/backups.yml | 2 +- tasks/dns_records.yml | 14 +++++++------- tasks/dnsdist.yml | 2 +- tasks/fill_mariadb_data.yml | 2 +- tasks/ftp.yml | 2 +- tasks/mariadb.yml | 2 +- tasks/ssl.yml | 2 +- tasks/wireguard.yml | 4 ++-- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tasks/backups.yml b/tasks/backups.yml index abd721d..8ca7ca6 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -183,7 +183,7 @@ - pdns - wg_vpn - name: Restore non-service tarball backups - when: "{{ vars[item ~ '_backup_path'] is defined }}" + when: vars[item ~ '_backup_path'] is defined }}" ansible.builtin.unarchive: src: "{{ vars[item ~ '_backup_path'] }}" dest: / diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index 5b8969d..d083266 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -12,32 +12,32 @@ become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - when: 'public_dns == "yes"' + when: public_dns == "yes" rescue: - name: Create DNS zones ansible.builtin.command: "pdnsutil --force create-zone {{ item }} ns.{{ mailserver_domain }}" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - when: 'reset and public_dns == "yes"' + when: reset and (public_dns == "yes") - name: Make sure local zones are master zones ansible.builtin.command: "pdnsutil set-kind {{ item }} primary" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" - when: 'public_dns == "yes"' + when: public_dns == "yes" - name: Fill DNS zone ansible.builtin.include_tasks: fill_default_dns_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains }}" - when: '{{ public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) }}' + when: public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) - name: Create default CNAME records ansible.builtin.include_tasks: create_default_cname_records.yml vars: dns_zone: "{{ item }}" loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] }}" - when: '{{ public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) }}' + when: public_dns == "yes" and ((reset == "yes") or (item not in all_dns_zones.stdout_lines)) - name: Set up DNSSEC ansible.builtin.command: "pdnsutil secure-zone {{ item }}" become: yes @@ -47,10 +47,10 @@ register: enable_dnssec ignore_errors: yes - name: Fail if the issue is not about DNSSEC being already enabled - fail: + ansible.builtin.fail: msg: "{{ item.stderr }}" loop: "{{ enable_dnssec.results }}" - when: '{{ (item.rc != 0) and ("already secure, remove keys with pdnsutil remove-zone-key if needed" not in item.stderr) }}' + when: (item.rc != 0) and ("already secure, remove keys with pdnsutil remove-zone-key if needed" not in item.stderr) - name: Count DNS records ansible.builtin.command: 'pdnsutil list-zone {{ item }}' register: zone_records diff --git a/tasks/dnsdist.yml b/tasks/dnsdist.yml index f8c492e..221a60c 100644 --- a/tasks/dnsdist.yml +++ b/tasks/dnsdist.yml @@ -1,6 +1,6 @@ --- - name: Configure DNSDist - template: + ansible.builtin.template: src: dnsdist/dnsdist.conf.j2 dest: /etc/dnsdist/dnsdist.conf backup: yes diff --git a/tasks/fill_mariadb_data.yml b/tasks/fill_mariadb_data.yml index db88122..1462dde 100644 --- a/tasks/fill_mariadb_data.yml +++ b/tasks/fill_mariadb_data.yml @@ -1,6 +1,6 @@ --- - name: "Render {{ mariadb_database.db }} data" # noqa name[template] we need to be informative, even if we deviate from the standards - template: + ansible.builtin.template: src: "mariadb/{{ mariadb_database.db }}.sql.j2" dest: "/tmp/ansible-mailserver-install.{{ mariadb_database.db }}_data.sql" mode: u=rw,og=r diff --git a/tasks/ftp.yml b/tasks/ftp.yml index 76e2342..22ce578 100644 --- a/tasks/ftp.yml +++ b/tasks/ftp.yml @@ -67,7 +67,7 @@ no_log: yes notify: Restart vsftpd - name: Set SELinux booleans - when: "{{ getenforce.stdout != 'Disabled' }}" + when: getenforce.stdout != 'Disabled' seboolean: name: ftpd_full_access state: yes diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index 685d15f..053e35b 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -37,7 +37,7 @@ shell: "mysqld_safe --skip-grant-tables --skip-networking &" - name: "Generate MariaDB root password reset SQL" when: reset == "yes" or forgotten_mariadb_root_password - template: + ansible.builtin.template: src: mariadb/reset_mariadb_root_password.sql.j2 dest: /tmp/ansible-mailserver-install.reset_mariadb_root_password.sql mode: u=rw,og=r diff --git a/tasks/ssl.yml b/tasks/ssl.yml index c165d67..4cf9e6d 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -150,7 +150,7 @@ owner: root group: root # - name: Render certbot renewal config template -# template: +# ansible.builtin.template: # src: ssl/letsencrypt.renewal.conf.j2 # dest: "/etc/letsencrypt/renewal/{{ mailserver_domain }}.conf" # mode: u=rw,og=r diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index a82adc9..8f69f43 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -97,12 +97,12 @@ wg_cidr: "{{ item.cidr }}" loop: "{{ wg_clients }}" - name: Deploy .htaccess for the WireGuard configs - template: + ansible.builtin.template: src: wireguard/htaccess.j2 dest: /etc/wireguard/.htaccess backup: yes - name: Generate server config - template: + ansible.builtin.template: src: wireguard/server.conf.j2 dest: "{{ wireguard.config_dir }}/{{ wireguard.interface }}.conf" mode: u=rw,g=r,o= From fe3846090a5b45fcc83766419abb1585cfa15696 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 22:32:29 +0200 Subject: [PATCH 172/181] sort out other linter complaints --- tasks/backups.yml | 2 +- tasks/dnsdist.yml | 3 +++ tasks/fail2ban.yml | 3 +++ tasks/gather_wireguard_config_sections.yml | 8 ++++---- tasks/horde.yml | 3 ++- tasks/httpd.yml | 7 +++++-- tasks/mariadb.yml | 2 +- tasks/os.yml | 2 +- tasks/wireguard.yml | 4 +++- 9 files changed, 23 insertions(+), 11 deletions(-) diff --git a/tasks/backups.yml b/tasks/backups.yml index 8ca7ca6..b6207b8 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -183,7 +183,7 @@ - pdns - wg_vpn - name: Restore non-service tarball backups - when: vars[item ~ '_backup_path'] is defined }}" + when: vars[item ~ '_backup_path'] is defined ansible.builtin.unarchive: src: "{{ vars[item ~ '_backup_path'] }}" dest: / diff --git a/tasks/dnsdist.yml b/tasks/dnsdist.yml index 221a60c..28ad009 100644 --- a/tasks/dnsdist.yml +++ b/tasks/dnsdist.yml @@ -4,5 +4,8 @@ src: dnsdist/dnsdist.conf.j2 dest: /etc/dnsdist/dnsdist.conf backup: yes + owner: dnsdist + group: dnsdist + mode: u=rw,g=r,o= when: 'public_dns == "yes"' notify: Restart dnsdist diff --git a/tasks/fail2ban.yml b/tasks/fail2ban.yml index 507fdff..c8e489d 100644 --- a/tasks/fail2ban.yml +++ b/tasks/fail2ban.yml @@ -3,6 +3,9 @@ ansible.builtin.copy: src: "fail2ban/{{ item }}" dest: "/etc/fail2ban/filter.d/{{ item }}" + owner: root + group: root + mode: u=rw,go=r loop: - postfixadmin.conf notify: Restart fail2ban diff --git a/tasks/gather_wireguard_config_sections.yml b/tasks/gather_wireguard_config_sections.yml index b72d28a..4e21d2c 100644 --- a/tasks/gather_wireguard_config_sections.yml +++ b/tasks/gather_wireguard_config_sections.yml @@ -1,6 +1,6 @@ --- - name: Set server config - when: '{{ "[Interface]" == wireguard_config_line }}' + when: wireguard_config_line == "[Interface]" ansible.builtin.set_fact: current_wireguard_section: server - name: Set server private key @@ -8,7 +8,7 @@ ansible.builtin.set_fact: wg_server_private_key: "{{ wireguard_config_line | split(' ') | last }}" - name: Set client config - when: '{{ "[Peer]" == wireguard_config_line }}' + when: wireguard_config_line == "[Peer]" ansible.builtin.set_fact: current_wireguard_section: client wg_client_count: "{{ wg_client_count | default(0) | int + 1 }}" @@ -29,10 +29,10 @@ ansible.builtin.set_fact: wg_server: '{{ wg_server | default({}) | combine({"privatekey": wg_server_private_key}) }}' - name: Set wireguard config client section - when: '{{ "[Peer]" == wireguard_config_line }}' + when: wireguard_config_line == "[Peer]" ansible.builtin.set_fact: last_wg_client: '{{ wg_client_count | default(0) }}' - name: Set wireguard config client section when: current_wireguard_section == 'client' and (wg_client_count < last_wg_client or ansible_loop.last) and wg_client_name is defined and wg_client_owner is defined and wg_client_psk is defined ansible.builtin.set_fact: - wg_clients: '{{ wg_clients | default([]) + {"name": wg_client_name, "owner": wg_client_owner, "psk": wg_server_psk} }}' + wg_clients: '{{ wg_clients | default([]) + [{"name": wg_client_name, "owner": wg_client_owner, "psk": wg_server_psk}] }}' diff --git a/tasks/horde.yml b/tasks/horde.yml index 75505a1..ceadee8 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -81,6 +81,7 @@ dest: /tmp remote_src: yes - name: Install themes - shell: 'echo -e "/usr/share/horde\nroot\nroot\n755\n644\nYes\n"|./install.sh' + ansible.builtin.shell: 'set -o pipefail && echo -e "/usr/share/horde\nroot\nroot\n755\n644\nYes\n"|./install.sh' args: chdir: /tmp/combined-1.0.0 + executable: /usr/bin/bash diff --git a/tasks/httpd.yml b/tasks/httpd.yml index c581aa0..b7c9e5c 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -14,7 +14,7 @@ - http - https - name: Set up SELinux rules - when: "{{ getenforce.stdout != 'Disabled' }}" + when: getenforce.stdout != 'Disabled' block: - name: Set SELinux booleans seboolean: @@ -27,11 +27,14 @@ - httpd_read_user_content - httpd_mod_auth_pam - name: Generate SELinux policy - shell: | + ansible.builtin.shell: | + set -o pipefail && sepolicy generate --init /usr/sbin/httpd echo 'dovecot_read_config(httpd_t)' >> httpd.te ./httpd.sh ausearch -m AVC -ts recent | audit2allow -R + args: + executable: /usr/bin/bash - name: Render web config templates tags: - dyndns diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index 053e35b..f9ecbb0 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -34,7 +34,7 @@ state: stopped - name: Start MariaDB in safe mode when: reset == "yes" or forgotten_mariadb_root_password - shell: "mysqld_safe --skip-grant-tables --skip-networking &" + ansible.builtin.shell: "mysqld_safe --skip-grant-tables --skip-networking &" - name: "Generate MariaDB root password reset SQL" when: reset == "yes" or forgotten_mariadb_root_password ansible.builtin.template: diff --git a/tasks/os.yml b/tasks/os.yml index 7440d7d..8ea61aa 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -1,6 +1,6 @@ --- - name: Check SELinux status - shell: getenforce + ansible.builtin.shell: getenforce register: getenforce tags: always - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain }}" # noqa name[template] we need to be informative, even if we deviate from the standards diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 8f69f43..18f8f4a 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -169,7 +169,9 @@ loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Generate QR codes - shell: "cat {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.conf | qrencode -o {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" + ansible.builtin.shell: "set -o pipefail && cat {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.conf | qrencode -o {{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" + args: + executable: /usr/bin/bash loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Allow access to QR codes From 8926492e0ee02b4df1cbf485d420bd709a667e36 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 22:55:10 +0200 Subject: [PATCH 173/181] satisfy linter --- tasks/httpd.yml | 7 ++++++- tasks/imapsync.yml | 6 +++--- tasks/ldap.yml | 3 +++ tasks/main.yml | 2 +- tasks/os.yml | 4 ++-- tasks/postfix.yml | 2 +- tasks/ssl.yml | 4 ++-- tasks/wireguard.yml | 6 +++--- 8 files changed, 21 insertions(+), 13 deletions(-) diff --git a/tasks/httpd.yml b/tasks/httpd.yml index b7c9e5c..ada3ae3 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -136,6 +136,7 @@ path: "~{{ item.name }}/{{ item.name }}/public_html/.vpn" owner: "{{ item.name }}" group: "{{ item.name }}" + mode: ug=rwX,o= state: directory become: true become_user: "{{ item.name }}" @@ -153,17 +154,21 @@ no_log: true - name: Set postfixadmin ACLs tags: postfixadmin - acl: + ansible.posix.acl: path: /var/www/postfixadmin/templates_c entity: apache etype: user permissions: rwX state: present recursive: yes + default: true - name: Create HTTPD SystemD drop-in directory ansible.builtin.file: path: /etc/systemd/system/httpd.service.d state: directory + owner: root + group: root + mode: u=rwX,go=rX - name: Increase startup timeout ansible.builtin.copy: src: systemd/httpd.timeout.conf diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 9bda0b7..8d0c4df 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -13,7 +13,7 @@ - name: Set up password environment variables for cron jobs become: yes become_user: "{{ current_user.name }}" - cron: + ansible.builtin.cron: backup: yes env: yes name: "IMAPSYNC_PASSWORD{{ imapsync_password_index + 1 }}" @@ -26,7 +26,7 @@ - name: Sync old IMAP account become: yes become_user: "{{ current_user.name }}" - cron: + ansible.builtin.cron: name: "Sync old IMAP account {{ current_user.old_imap_mail.user }} at {{ current_user.old_imap_mail.host }} for {{ current_user.name }}" special_time: daily job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" @@ -45,7 +45,7 @@ - name: De-duplicate IMAP mail become: yes become_user: "{{ current_user.name }}" - cron: + ansible.builtin.cron: name: De-duplicate IMAP mail special_time: daily job: "/usr/bin/bash -c 'export IMAP_PASSWORD=\"$(grep ^IMAP_PASSWORD= ~{{ current_user.name }}/.cron_secrets|cut -d= -f2)\"; /usr/local/bin/imapdedup.py -s mail.{{ mailserver_domain }} -u {{ current_user.name }}@{{ mailserver_domain }} -w ${IMAP_PASSWORD} -c -r -m INBOX'" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index c5d03b8..0cf7a4f 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -61,6 +61,9 @@ archive: path: "{{ (ldap_backups.stdout_lines | last).split(' ')[1] }}" dest: "/backup/ldap/LDAP_backup.{{ (ldap_backups.stdout_lines | last).split(' ')[1].split('/') | last }}.tar.bz2" + owner: root + group: root + mode: u=rw format: bz2 force_archive: yes when: reset == "yes" diff --git a/tasks/main.yml b/tasks/main.yml index aaabe64..425bb54 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for ansible-mailserver - name: Gather facts - setup: + ansible.builtin.setup: - name: Generate passwords if they don't exist yet ansible.builtin.set_fact: postfixadmin_db_password: "{{ postfixadmin_db_password | default(lookup('password', '/tmp/ansible-mailserver-install.postfixadmin_db_password chars=ascii_letters,digits')) }}" diff --git a/tasks/os.yml b/tasks/os.yml index 8ea61aa..5ccd6f2 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -24,7 +24,7 @@ reboot_timeout: 600 msg: "Reboot initiated by Ansible to enable IPv6" - name: Gather facts - setup: + ansible.builtin.setup: - name: Install requiremets block: - name: Install packages @@ -88,7 +88,7 @@ state: present tags: wireguard - name: Set up cron mailto - cron: + ansible.builtin.cron: backup: yes env: yes name: MAILTO diff --git a/tasks/postfix.yml b/tasks/postfix.yml index d9845b2..9db3ca4 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -254,7 +254,7 @@ setype: mail_spool_t recurse: yes - name: Generate daily Postfix log report - cron: + ansible.builtin.cron: name: "Generate daily Postfix log report" backup: yes hour: 4 diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 4cf9e6d..f7ebc12 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -158,7 +158,7 @@ # group: root # backup: yes - name: Set environment variables for certificate auto-renewals - cron: + ansible.builtin.cron: name: "{{ item.key }}" env: yes job: "{{ item.value }}" @@ -168,7 +168,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Auto-renew certificates - cron: + ansible.builtin.cron: name: certificate-auto-renewal special_time: monthly # job: certbot renew --quiet && systemctl reload postfix dovecot httpd diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 18f8f4a..3912136 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -137,7 +137,7 @@ when: wg_client != "server" - name: Collect user home directories ansible.builtin.set_fact: - user_home: "{{ user_home | default({}) | combine({item['name']: item['home']} )}}" + user_home: "{{ user_home | default({}) | combine({item['name']: item['home']}) }}" when: item.name is defined loop: "{{ user_info.results }}" - name: Ensure user VPN config directories exist @@ -312,7 +312,7 @@ name: "{{ item }}" ttl: "3600" type: A - content: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$','.1') }}" + content: "{{ wireguard.ipv4_pool.split('/') | first | regex_replace('.0$', '.1') }}" loop: - postfixadmin - poweradmin @@ -328,7 +328,7 @@ name: "{{ item }}" ttl: "3600" type: AAAA - content: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$',':1') }}" + content: "{{ wireguard.ipv6_pool.split('/') | first | regex_replace(':0$', ':1') }}" loop: - postfixadmin - poweradmin From 57f5ffe035f89e17765122bae04153bf7145a384 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 23:03:59 +0200 Subject: [PATCH 174/181] sort out FQCNs --- tasks/httpd.yml | 4 +++- tasks/imapsync.yml | 4 ++-- tasks/main.yml | 1 + tasks/os.yml | 8 ++++---- tasks/packages.yml | 8 ++++---- 5 files changed, 14 insertions(+), 11 deletions(-) diff --git a/tasks/httpd.yml b/tasks/httpd.yml index ada3ae3..e41782c 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -173,7 +173,9 @@ ansible.builtin.copy: src: systemd/httpd.timeout.conf dest: /etc/systemd/system/httpd.service.d/timeout.conf - backup: yes + owner: root + group: root + mode: u=rwX,go=rX backup: yes notify: Restart httpd - name: Create PAM module for HTTPD auth tags: webdav diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index 8d0c4df..dc8a8b6 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -1,7 +1,7 @@ --- - name: Sync old IMAP account to the current mailbox no_log: yes - when: "{{ current_user.old_imap_mail is defined }}" + when: current_user.old_imap_mail is defined tags: imapsync block: - name: Sync old IMAP for the first time (this might tale a while...) @@ -32,7 +32,7 @@ job: "imapsync --host1 {{ current_user.old_imap_mail.host }} --user1 {{ current_user.old_imap_mail.user }} --host2 mail.{{ mailserver_domain }} --user2 {{ current_user.name }}@{{ mailserver_domain }} --emailreport1 --emailreport2 --useheader Message-Id --noexpunge1 --nodelete1" backup: yes user: "{{ current_user.name }}" - - name: "Save {{ current_user.old_imap_mail.user }}'s password in a file" + - name: "Save {{ current_user.old_imap_mail.user }}'s password in a file" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.lineinfile: path: '~{{ current_user.name }}/.cron_secrets' line: 'IMAP_PASSWORD={{ current_user.password }}' diff --git a/tasks/main.yml b/tasks/main.yml index 425bb54..5971bb8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -76,6 +76,7 @@ ansible.builtin.import_tasks: dovecot.yml tags: dovecot - name: Sync old IMAP account + # noqa jinja[invalid] however linter complains, this works ansible.builtin.include_tasks: imapsync.yml loop: "{{ users }}" loop_control: diff --git a/tasks/os.yml b/tasks/os.yml index 5ccd6f2..f36b228 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -20,7 +20,7 @@ register: ipv6_enable - name: Reboot to pick up changes when: ipv6_enable.changed - reboot: + ansible.builtin.reboot: reboot_timeout: 600 msg: "Reboot initiated by Ansible to enable IPv6" - name: Gather facts @@ -31,19 +31,19 @@ ansible.builtin.import_tasks: packages.yml rescue: - name: Find repo configs - find: + ansible.builtin.find: paths: /etc/yum.repos.d patterns: "*.repo" register: repo_files - name: Disable CentOS mirrorlist - replace: + ansible.builtin.replace: path: "{{ item.path }}" regexp: "^mirrorlist=http://mirrorlist.centos.org" replace: "#mirrorlist=http://mirrorlist.centos.org" validate: "grep '#mirrorlist=http://mirrorlist.centos.org' %s" loop: "{{ repo_files.files }}" - name: Move to CentOS Vault - replace: + ansible.builtin.replace: path: "{{ item.path }}" regexp: "#baseurl=http://mirror.centos.org" replace: "baseurl=http://vault.centos.org" diff --git a/tasks/packages.yml b/tasks/packages.yml index 7043e1b..4046384 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -2,7 +2,7 @@ - name: Install EL repositories tags: - always - package: + ansible.builtin.package: name: - yum-utils - epel-release @@ -191,7 +191,7 @@ - name: Install packages tags: - always - package: + ansible.builtin.package: name: - postfix - mailx @@ -362,7 +362,7 @@ # tags: # - wireguard # - dyndns -# package: +# ansible.builtin.package: # name: # - php81-php-fpm # - php81-php-intl @@ -531,7 +531,7 @@ enablerepo: ol8_baseos_latest state: latest - name: Reboot to pick up changes - reboot: + ansible.builtin.reboot: reboot_timeout: 600 msg: "Reboot initiated by Ansible to enable WireGuard" - name: Load the WireGuard kernel module From 5aa9ca50e4e53c386eb87af65a55473b7531747b Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Fri, 27 Oct 2023 23:09:10 +0200 Subject: [PATCH 175/181] fix broken YAML --- tasks/httpd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/httpd.yml b/tasks/httpd.yml index e41782c..5015edd 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -175,7 +175,8 @@ dest: /etc/systemd/system/httpd.service.d/timeout.conf owner: root group: root - mode: u=rwX,go=rX backup: yes + mode: u=rwX,go=rX + backup: yes notify: Restart httpd - name: Create PAM module for HTTPD auth tags: webdav From 50b435dcab4bd4d556616f5eca5f2a279dc573e5 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:24:11 +0200 Subject: [PATCH 176/181] handle most linter errors --- tasks/add_dns_record.yml | 10 +++++++ tasks/antivirus.yml | 4 ++- tasks/backups.yml | 12 +++++++- tasks/create_mariadb_schema.yml | 4 +-- tasks/delete_dns_record.yml | 2 ++ tasks/dns_records.yml | 13 ++++++++ tasks/fill_mariadb_data.yml | 2 +- tasks/firewall.yml | 4 +-- tasks/ftp.yml | 2 +- tasks/generate_wireguard_keys.yml | 3 ++ tasks/horde.yml | 6 +++- tasks/httpd.yml | 6 ++-- tasks/imapsync.yml | 2 ++ tasks/ldap.yml | 17 +++++++++++ tasks/local_dns_cache.yml | 2 +- tasks/mariadb.yml | 7 +++-- tasks/os.yml | 5 +++- tasks/packages.yml | 44 ++++++++++++++++++---------- tasks/pdns_recursor.yml | 1 + tasks/postfix.yml | 10 +++++++ tasks/postfixadmin.yml | 5 ++-- tasks/poweradmin.yml | 4 +-- tasks/propagate_dkim_txt_records.yml | 5 ++-- tasks/propagate_ssl_txt_records.yml | 2 +- tasks/read_wireguard_config.yml | 6 ++-- tasks/spamassassin.yml | 9 ++++++ tasks/ssl.yml | 8 +++-- tasks/webdav.yml | 9 ++++-- tasks/wireguard.yml | 29 ++++++++++++++++-- 29 files changed, 185 insertions(+), 48 deletions(-) diff --git a/tasks/add_dns_record.yml b/tasks/add_dns_record.yml index dedb1e3..a166c9b 100644 --- a/tasks/add_dns_record.yml +++ b/tasks/add_dns_record.yml @@ -7,16 +7,26 @@ block: - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" + register: add_record + changed_when: add_record.rc == 0 rescue: - name: 'Add DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil add-record {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" + register: add_record + changed_when: add_record.rc == 0 - name: Update or add DNS record when: record.append is not defined or not record.append block: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record.content }}'" + register: update_record + changed_when: update_record.rc == 0 rescue: - name: 'Update DNS record {{ record.name }}.{{ record.zone }} {{ record.ttl | default("3600") }} IN {{ record.type }} {{ record.content }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil replace-rrset {{ record.zone }} {{ record.name }} {{ record.type }} {{ record.ttl | default('3600') }} '{{ record_content }}'" + register: update_record + changed_when: update_record.rc == 0 - name: Rectify all zones ansible.builtin.command: pdnsutil rectify-all-zones + register: rectify_zones + changed_when: rectify_zones.rc == 0 diff --git a/tasks/antivirus.yml b/tasks/antivirus.yml index 2311d0f..4cbeae2 100644 --- a/tasks/antivirus.yml +++ b/tasks/antivirus.yml @@ -1,7 +1,7 @@ --- - name: Set SELinux booleans when: getenforce.stdout != 'Disabled' - seboolean: + ansible.posix.seboolean: name: antivirus_can_scan_system state: yes persistent: yes @@ -16,6 +16,8 @@ notify: Restart amavisd - name: Refresh ClamAV database ansible.builtin.command: freshclam + register: start_freshclam + changed_when: start_freshclam.rc == 0 notify: Restart clamav-freshclam - name: Update SPAMAssassin's signatures ansible.builtin.command: sa-update -D diff --git a/tasks/backups.yml b/tasks/backups.yml index b6207b8..6acf91d 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -19,7 +19,7 @@ - /backup/pdns - /var/www/webdav/.backup - name: BindFS mount the backup directory to WebDav - mount: + ansible.posix.mount: path: /var/www/webdav/.backup src: /backup opts: map=root/apache:@root/@apache,perms=u=rwX:g=rwX, @@ -117,6 +117,8 @@ - name: Prepare MariaDB backup when: mariadb_backup_path is defined ansible.builtin.command: "mariabackup --prepare --target-dir={{ mariadb_backup_path }}" + register: prepare_mariabackup + changed_when: prepare_mariabackup.rc == 0 - name: Stop MariaDB when: mariadb_backup_path is defined ansible.builtin.systemd_service: @@ -138,6 +140,8 @@ - name: Restore MariaDB backup when: mariadb_backup_path is defined ansible.builtin.command: "mariabackup --copy-back --target-dir={{ mariadb_backup_path }}" + register: restore_mariabackup + changed_when: restore_mariabackup.rc == 0 - name: Ensure data directory permissions when: mariadb_backup_path is defined ansible.builtin.file: @@ -154,6 +158,8 @@ - name: Stop LDAP server when: ldap_backup_path is defined ansible.builtin.command: "dsctl {{ mailserver_hostname }} stop" + register: stop_ldap_server + changed_when: stop_ldap_server.rc == 0 - name: Prepare LDAP backup when: ldap_backup_path is defined ansible.builtin.unarchive: @@ -165,9 +171,13 @@ - name: Restore LDAP backup when: ldap_backup_path is defined ansible.builtin.command: "dsctl {{ mailserver_hostname }} bak2db /{{ ldap_backup_files.files[0] }}" + register: restore_ldap_server + changed_when: restore_ldap_server.rc == 0 - name: Start LDAP server when: ldap_backup_path is defined ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" + register: start_ldap_server + changed_when: start_ldap_server.rc == 0 - name: Restore service tarball backups ansible.builtin.include_tasks: restore_service_tarball_backup.yml vars: diff --git a/tasks/create_mariadb_schema.yml b/tasks/create_mariadb_schema.yml index eea5ecb..20c1988 100644 --- a/tasks/create_mariadb_schema.yml +++ b/tasks/create_mariadb_schema.yml @@ -6,7 +6,7 @@ dest: "/tmp/ansible-mailserver-install.{{ mariadb_database }}_schema.sql" - name: "Check if {{ mariadb_database }} DB exists" # noqa name[template] we need to be informative, even if we deviate from the standards - mysql_db: + community.mysql.mysql_db: name: "{{ mariadb_database }}" state: present login_user: root @@ -15,7 +15,7 @@ register: mariadb_database_exists - name: "Create {{ mariadb_database }} DB schema" # noqa name[template] we need to be informative, even if we deviate from the standards - mysql_db: + community.mysql.mysql_db: name: "{{ mariadb_database }}" state: import login_user: root diff --git a/tasks/delete_dns_record.yml b/tasks/delete_dns_record.yml index 506e5c5..f15f8ba 100644 --- a/tasks/delete_dns_record.yml +++ b/tasks/delete_dns_record.yml @@ -4,3 +4,5 @@ record_content: '"{{ record.content }}"' - name: 'Delete DNS record {{ record.name }}.{{ record.zone }} {{ record.type }}' # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "pdnsutil delete-rrset {{ record.zone }} {{ record.name }} {{ record.type }}" + register: delete_rrset + changed_when: delete_rrset.rc == 0 diff --git a/tasks/dns_records.yml b/tasks/dns_records.yml index d083266..1937379 100644 --- a/tasks/dns_records.yml +++ b/tasks/dns_records.yml @@ -5,6 +5,7 @@ become_user: pdns when: 'public_dns == "yes"' register: all_dns_zones + changed_when: all_dns_zones.rc == 0 - name: Create zones block: - name: Create DNS zones @@ -13,6 +14,8 @@ become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: public_dns == "yes" + register: create_dns_zones + changed_when: create_dns_zones.rc == 0 rescue: - name: Create DNS zones ansible.builtin.command: "pdnsutil --force create-zone {{ item }} ns.{{ mailserver_domain }}" @@ -20,12 +23,16 @@ become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: reset and (public_dns == "yes") + register: create_dns_zones + changed_when: create_dns_zones.rc == 0 - name: Make sure local zones are master zones ansible.builtin.command: "pdnsutil set-kind {{ item }} primary" become: yes become_user: pdns loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" when: public_dns == "yes" + register: set_primary_zone + changed_when: set_primary_zone.rc == 0 - name: Fill DNS zone ansible.builtin.include_tasks: fill_default_dns_records.yml vars: @@ -46,6 +53,7 @@ when: public_dns == "yes" register: enable_dnssec ignore_errors: yes + changed_when: enable_dnssec.item.rc == 0 - name: Fail if the issue is not about DNSSEC being already enabled ansible.builtin.fail: msg: "{{ item.stderr }}" @@ -55,10 +63,15 @@ ansible.builtin.command: 'pdnsutil list-zone {{ item }}' register: zone_records loop: "{{ [mailserver_domain] + custom_domains + ['vpn.' ~ mailserver_domain] + ['dyndns.' ~ mailserver_domain] }}" + changed_when: zone_records.item.rc == 0 - name: Correct SOA record for all domains ansible.builtin.command: 'pdnsutil replace-rrset {{ zone_record.item }} @ SOA 3600 "ns.{{ mailserver_domain }} hostmaster\\.{{ zone_record.item }} {{ zone_record.stdout_lines | length }} 10800 3600 604800 3600"' loop: "{{ zone_records.results }}" loop_control: loop_var: zone_record + register: zone_record + changed_when: zone_record.zone_record.rc == 0 - name: Rectify all zones ansible.builtin.command: pdnsutil rectify-all-zones + register: rectify_zones + changed_when: rectify_zones.rc == 0 diff --git a/tasks/fill_mariadb_data.yml b/tasks/fill_mariadb_data.yml index 1462dde..0e525c3 100644 --- a/tasks/fill_mariadb_data.yml +++ b/tasks/fill_mariadb_data.yml @@ -8,7 +8,7 @@ group: root backup: yes - name: "Fill {{ mariadb_database.db }} DB" # noqa name[template] we need to be informative, even if we deviate from the standards - mysql_db: + community.mysql.mysql_db: name: "{{ mariadb_database.db }}" state: import login_user: "{{ mariadb_database.user }}" diff --git a/tasks/firewall.yml b/tasks/firewall.yml index fd8ac1a..1581283 100644 --- a/tasks/firewall.yml +++ b/tasks/firewall.yml @@ -8,7 +8,7 @@ - name: "Open Firewall for {{ port }}" # noqa name[template] we need to be informative, even if we deviate from the standards block: - name: "Open firewall for numeric port {{ port }}" - firewalld: + ansible.posix.firewalld: port : "{{ port }}" permanent: yes state: enabled @@ -16,7 +16,7 @@ notify: Restart firewalld rescue: - name: "Open firewall for service {{ port }}" - firewalld: + ansible.posix.firewalld: service: "{{ port }}" permanent: yes state: enabled diff --git a/tasks/ftp.yml b/tasks/ftp.yml index 22ce578..ed5f865 100644 --- a/tasks/ftp.yml +++ b/tasks/ftp.yml @@ -68,7 +68,7 @@ notify: Restart vsftpd - name: Set SELinux booleans when: getenforce.stdout != 'Disabled' - seboolean: + ansible.posix.seboolean: name: ftpd_full_access state: yes persistent: yes diff --git a/tasks/generate_wireguard_keys.yml b/tasks/generate_wireguard_keys.yml index 3bea29d..45c36b0 100644 --- a/tasks/generate_wireguard_keys.yml +++ b/tasks/generate_wireguard_keys.yml @@ -3,6 +3,7 @@ ansible.builtin.command: wg genkey when: wg_privatekey is not defined or wg_privatekey == "" register: wg_privatekey_output + changed_when: wg_privatekey_output.rc == 0 - name: "Fetch private key for {{ wg_name }} from config" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_privatekey_output: @@ -14,6 +15,7 @@ stdin: "{{ wg_privatekey_output.stdout }}" when: wg_publickey is not defined or wg_publickey == "" register: wg_publickey_output + changed_when: wg_publickey_output.rc == 0 - name: "Fetch public key from config for {{ wg_name }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_publickey_output: @@ -23,6 +25,7 @@ ansible.builtin.command: wg genpsk when: wg_psk is not defined or wg_psk == "" register: wg_psk_output + changed_when: wg_psk_output.rc == 0 - name: "Fetch pre-shared key for {{ wg_name }} from config" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: wg_psk_output: diff --git a/tasks/horde.yml b/tasks/horde.yml index ceadee8..76ebe12 100644 --- a/tasks/horde.yml +++ b/tasks/horde.yml @@ -67,8 +67,10 @@ no_log: yes - name: Generate Horde DB schema ansible.builtin.command: horde-db-migrate + register: horde_db_migrate + changed_when: horde_db_migrate.rc == 0 - name: Enable ActiveSync - mysql_query: + community.mysql.mysql_query: login_db: horde login_user: hordeuser login_password: '{{ horde_db_password }}' @@ -85,3 +87,5 @@ args: chdir: /tmp/combined-1.0.0 executable: /usr/bin/bash + register: install_horde_themes + changed_when: install_horde_themes.rc == 0 diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 5015edd..e8e88aa 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -17,7 +17,7 @@ when: getenforce.stdout != 'Disabled' block: - name: Set SELinux booleans - seboolean: + ansible.posix.seboolean: name: "{{ item }}" state: yes persistent: yes @@ -35,6 +35,8 @@ ausearch -m AVC -ts recent | audit2allow -R args: executable: /usr/bin/bash + register: generate_apache_selinux_policy + changed_when: generate_apache_selinux_policy.rc == 0 - name: Render web config templates tags: - dyndns @@ -144,7 +146,7 @@ no_log: true - name: BindFS mount SSL certificates to user public_html tags: ssl - mount: + ansible.posix.mount: path: "~{{ item.name }}/public_html/.certificates" src: /etc/letsencrypt/certificates opts: "map=root/{{ item.name }}:@root/@apache,perms=u=rwX:g=rwX" diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml index dc8a8b6..554b68b 100644 --- a/tasks/imapsync.yml +++ b/tasks/imapsync.yml @@ -10,6 +10,8 @@ IMAPSYNC_PASSWORD1: "{{ current_user.old_imap_mail.password }}" IMAPSYNC_PASSWORD2: "{{ current_user.password }}" MAILTO: "{{ current_user.name }}+cron@{{ mailserver_domain }}" + register: sync_from_old_mail + changed_when: sync_from_old_mail.rc == 0 - name: Set up password environment variables for cron jobs become: yes become_user: "{{ current_user.name }}" diff --git a/tasks/ldap.yml b/tasks/ldap.yml index 0cf7a4f..3db6606 100644 --- a/tasks/ldap.yml +++ b/tasks/ldap.yml @@ -34,17 +34,23 @@ - name: Configure LDAP server ansible.builtin.command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf register: dscreate_status + changed_when: dscreate_status.status.rc == 0 rescue: - name: Start LDAP server ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" + register: start_ldap_server + changed_when: start_ldap_server.rc == 0 when: reset == "yes" - name: Create backup before taking destructive actions ansible.builtin.command: "dsconf {{ mailserver_hostname }} backup create" when: reset == "yes" + register: backup_ldap_server + changed_when: backup_ldap_server.rc == 0 - name: List LDAP server backups ansible.builtin.command: "dsctl {{ mailserver_hostname }} backups" register: ldap_backups when: reset == "yes" + changed_when: ldap_backups.rc == 0 - name: Create backup directory ansible.builtin.file: path: "/backup/{{ item }}" @@ -70,19 +76,30 @@ - name: Uninstall LDAP server ansible.builtin.command: "dsctl {{ mailserver_hostname }} remove --do-it" when: reset == "yes" + register: uninstall_ldap_server + changed_when: uninstall_ldap_server.rc == 0 - name: Configure LDAP server ansible.builtin.command: dscreate from-file /tmp/ansible-mailserver-install.dscreate.conf when: reset == "yes" register: dscreate_status + changed_when: dscreate_status.rc == 0 - name: Start LDAP server ansible.builtin.command: "dsctl {{ mailserver_hostname }} start" + register: start_ldap_server + changed_when: start_ldap_server.rc == 0 - name: Import TLS certificate for LDAP ansible.builtin.command: "dsctl {{ mailserver_hostname }} tls import-server-key-cert /etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem /etc/letsencrypt/certificates/{{ mailserver_domain }}.key" + register: import_ldap_cert + changed_when: import_ldap_cert.rc == 0 - name: Enable LDAP plugins ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin {{ item }} enable" loop: - memberof - automember + register: enable_ldap_plugin + changed_when: enable_ldap_plugin.item.rc == 0 - name: Configure the memberof plugin to search all entries ansible.builtin.command: "dsconf {{ mailserver_hostname }} plugin memberof set --scope dc={{ mailserver_domain.split('.') | join(',dc=') }}" + register: enable_ldap_memberof_plugin + changed_when: enable_ldap_memberof_plugin.rc == 0 when: "dscreate_status is defined and dscreate_status.rc is defined and dscreate_status.rc == 0" diff --git a/tasks/local_dns_cache.yml b/tasks/local_dns_cache.yml index 5a2d390..cd6e3df 100644 --- a/tasks/local_dns_cache.yml +++ b/tasks/local_dns_cache.yml @@ -14,7 +14,7 @@ - Restart NetworkManager rescue: - name: Configure local DNS cache - nmcli: + community.general.nmcli: conn_name: "{{ ansible_default_ipv4.interface }}" ip4: "{{ ansible_default_ipv4.address }}" ip6: "{{ ansible_default_ipv6.address }}" diff --git a/tasks/mariadb.yml b/tasks/mariadb.yml index f9ecbb0..da78783 100644 --- a/tasks/mariadb.yml +++ b/tasks/mariadb.yml @@ -46,7 +46,7 @@ backup: yes - name: Force-reset the MariaDB root password when: reset == "yes" or forgotten_mariadb_root_password - mysql_db: + community.mysql.mysql_db: name: all state: import login_user: root @@ -56,9 +56,12 @@ when: reset == "yes" or forgotten_mariadb_root_password ansible.builtin.command: cat /var/run/mariadb/mariadb.pid register: mariadb_pid + changed_when: mariadb_pid.rc == 0 - name: Stop MariaDB when: reset == "yes" or forgotten_mariadb_root_password ansible.builtin.command: "kill {{ mariadb_pid.stdout }}" + register: kill_mariadb + changed_when: kill_mariadb.rc == 0 - name: Make sure MariaDB is running when: reset == "yes" or forgotten_mariadb_root_password ansible.builtin.systemd_service: @@ -114,7 +117,7 @@ login_password: "{{ mysql_root_password }}" no_log: yes - name: Remove the MySQL test database - mysql_db: + community.mysql.mysql_db: db: test state: absent login_user: root diff --git a/tasks/os.yml b/tasks/os.yml index f36b228..ee4cf35 100644 --- a/tasks/os.yml +++ b/tasks/os.yml @@ -1,10 +1,13 @@ --- - name: Check SELinux status - ansible.builtin.shell: getenforce + ansible.builtin.command: getenforce + changed_when: getenforce.rc == 0 register: getenforce tags: always - name: "Set hostname to {{ mailserver_hostname }}.{{ mailserver_domain }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "hostnamectl set-hostname {{ mailserver_hostname }}.{{ mailserver_domain }}" + register: set_hostname + changed_when: set_hostname.rc == 0 - name: Enable IPv6 when: ansible_default_ipv6.address is not defined block: diff --git a/tasks/packages.yml b/tasks/packages.yml index 4046384..d6a78d5 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -7,7 +7,7 @@ - yum-utils - epel-release - elrepo-release - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) - name: Set up UEK repository tags: wireguard ansible.builtin.blockinfile: @@ -35,19 +35,19 @@ create: yes - name: Set up Remi repository tags: horde - dnf: + ansible.builtin.dnf: name: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" disable_gpg_check: yes # - name: Enable RPM Fusion # tags: horde -# dnf: +# ansible.builtin.dnf: # name: # - "https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm" # - "https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm" # disable_gpg_check: yes # - name: Set up Cheese repository # tags: horde -# dnf: +# ansible.builtin.dnf: # name: "http://www.nosuchhost.net/~cheese/fedora/packages/epel-{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/cheese-release-8-1.el8.noarch.rpm" # disable_gpg_check: yes - name: Set up ElasticSearch repository @@ -171,14 +171,19 @@ create: yes - name: Enable PowerTools ansible.builtin.command: dnf config-manager --set-enable powertools + register: enable_powertools + changed_when: enable_powertools.rc == 0 - name: Enable the go-toolset DNF module ansible.builtin.command: dnf module enable go-toolset -y + register: enable_go_toolset + changed_when: enable_go_toolset.rc == 0 - name: Query DNF repo list tags: - ldap - dns ansible.builtin.command: dnf repolist register: dnf_repolist + changed_when: dnf_repolist.rc == 0 - name: Enable the COPR repositories when: "{{ ('copr:copr.fedorainfracloud.org:' ~ (item | split(' ') | first | replace('@', 'group_') | replace('/', ':'))) not in dnf_repolist.stdout }}" ansible.builtin.command: "dnf copr enable -y {{ item }}" @@ -188,6 +193,8 @@ loop: - "@389ds/389-directory-server" - "eclipseo/golang-ng custom-1-x86_64" + register: enable_copr_repo + changed_when: enable_copr_repo.item.rc == 0 - name: Install packages tags: - always @@ -347,7 +354,7 @@ # - php56-php-pecl-imagick # - php56-php-pecl-memcache # - php-gettext-gettext - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) # - name: Reset the PHP DNF module # ansible.builtin.command: dnf module reset php -y # tags: @@ -372,7 +379,7 @@ # - php81-php-mysqlnd # - php81-php-pecl-mysql-xdevapi # - php81-php-ldap -# state: latest +# state: latest # noqa package-latest I do prefer fresh stuff ;) # register: php81_packages # - name: Restart php81-php-fpm # when: php81_packages.changed @@ -388,12 +395,16 @@ ansible.builtin.command: dnf module reset php -y tags: - always + register: reset_php_module + changed_when: reset_php_module.rc == 0 - name: Enable the php:remi-7.4 DNF module tags: horde ansible.builtin.command: dnf module enable php:remi-7.4 -y + register: enable_php74_module + changed_when: enable_php74_module.rc == 0 - name: Install PHP 7.4 packages tags: horde - dnf: + ansible.builtin.dnf: name: - phpldapadmin - phpunit7 @@ -499,9 +510,10 @@ - php-pear-Text-Figlet enablerepo: remi # enablerepo: cheese - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) register: php74_packages - name: Restart php74-php-fpm + # noqa no-handler we want results now, no time to wait for a handler when: php74_packages.changed tags: horde ansible.builtin.systemd_service: @@ -510,13 +522,13 @@ enabled: yes state: restarted - name: Install EL7 packages - dnf: + ansible.builtin.dnf: name: - wiredtiger - wiredtiger-devel - getmail enablerepo: epel-el7 - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) - name: Enable WireGuard kernel module tags: wireguard block: @@ -525,11 +537,11 @@ name: wireguard rescue: - name: Install UEK packages - dnf: + ansible.builtin.dnf: name: - kmod-wireguard enablerepo: ol8_baseos_latest - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) - name: Reboot to pick up changes ansible.builtin.reboot: reboot_timeout: 600 @@ -539,9 +551,9 @@ name: wireguard - name: Install PEAR packages tags: horde - pear: + community.general.pear: name: pear.horde.org/Horde_ActiveSync - state: latest + state: latest # noqa package-latest I do prefer fresh stuff ;) # - name: Install go packages # ansible.builtin.command: "go install {{ item }}" # loop: @@ -555,7 +567,7 @@ # backup: yes - name: Download as-is executables tags: imapsync - get_url: + ansible.builtin.get_url: url: "{{ item.url }}" dest: "{{ item.dest }}" mode: u=rwx,go=rx @@ -567,3 +579,5 @@ ansible.builtin.command: dnf module reset php -y tags: - always + register: reset_php_module + changed_when: reset_php_module.rc == 0 diff --git a/tasks/pdns_recursor.yml b/tasks/pdns_recursor.yml index 201693c..c9f8c2e 100644 --- a/tasks/pdns_recursor.yml +++ b/tasks/pdns_recursor.yml @@ -5,6 +5,7 @@ dest: /etc/pdns-recursor/pdns-recursor.rpz owner: pdns-recursor group: pdns-recursor + mode: ug=rw,o=r backup: yes when: 'public_dns == "yes"' # - name: Create LUA config diff --git a/tasks/postfix.yml b/tasks/postfix.yml index 9db3ca4..ff47c73 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -31,6 +31,8 @@ shell: /bin/false - name: Apply mail aliases ansible.builtin.command: newaliases + register: apply_new_aliases + changed_when: apply_new_aliases.rc == 0 - name: Set up automatic restart of services ansible.builtin.import_tasks: autorestart.yml vars: @@ -59,6 +61,8 @@ - "smtpd_tls_loglevel = 1" - "smtp_tls_loglevel = 1" notify: Restart postfix + register: configure_postfix + changed_when: configure_postfix.item.rc == 0 - name: Configure main.cf ansible.builtin.lineinfile: regexp: '^{{ item.key }} = ' @@ -201,6 +205,8 @@ notify: Restart postfix - name: Generate HELO access database ansible.builtin.command: postmap /etc/postfix/helo_access + register: generate_helo_access + changed_when: generate_helo_access.rc == 0 when: helo_access is defined - name: Set up RBL whitelist block: @@ -219,6 +225,8 @@ notify: Restart postfix - name: Generate RBL database ansible.builtin.command: postmap /etc/postfix/rbl_override + register: generate_rbl_override + changed_when: generate_rbl_override.rc == 0 when: rbl_override is defined - name: Set Postgrey whitelist ansible.builtin.lineinfile: @@ -244,6 +252,8 @@ notify: Restart postgrey - name: Clean postfix destination ansible.builtin.command: 'postconf -e "mydestination = $myhostname, localhost.$mydomain, localhost"' + register: clean_postfix_destination + changed_when: clean_postfix_destination.rc == 0 - name: Create directory for virtuals ansible.builtin.file: path: /var/vmail/ diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index de27fd0..8cfec7b 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -2,7 +2,7 @@ - name: Get latest postfixadmin version block: - name: Get URL for latest release - uri: + ansible.builtin.uri: url: https://github.com/postfixadmin/postfixadmin/releases/latest register: postfixadmin_download_site - name: Parse version @@ -45,12 +45,13 @@ db: postfixadmin user: postfixadmin password: "{{ postfixadmin_db_password }}" - when: mariadb_schema_created.changed + when: mariadb_schema_created.changed # noqa no-handler we want the database filled now, no time to wait for the handler no_log: yes notify: Warn on passwords - name: Generate PostfixAdmin PHP password ansible.builtin.command: php -r 'echo password_hash("{{ postfixadmin_db_password }}", PASSWORD_DEFAULT);' register: postfixadmin_setup_password + changed_when: postfixadmin_setup_password.rc == 0 no_log: yes - name: Create PostfixAdmin directories ansible.builtin.file: diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index fb9ab7b..4e5ee4b 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -69,7 +69,7 @@ - poweradmin block: - name: Fill PowerDNS DB with PowerAdmin data using Blowfish 2y ident - mysql_query: + community.mysql.mysql_query: login_db: powerdnsdb login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' @@ -115,7 +115,7 @@ tags: - dyndns - poweradmin - stat: + ansible.builtin.stat: path: /var/www/poweradmin/.htaccess register: htaccess_exists when: 'public_dns == "yes"' diff --git a/tasks/propagate_dkim_txt_records.yml b/tasks/propagate_dkim_txt_records.yml index 8120b1c..5001a49 100644 --- a/tasks/propagate_dkim_txt_records.yml +++ b/tasks/propagate_dkim_txt_records.yml @@ -2,10 +2,11 @@ - name: "Read DKIM keys for {{ domain_item }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.command: "cat /etc/opendkim/keys/{{ domain_item }}/{{ dkim_selector }}.txt" register: dkim_keys + changed_when: dkim_keys.rc == 0 - name: "Parse DKIM keys for {{ domain_item }}" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.set_fact: - desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" - current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" + desired_dkim_record: "{{ dkim_keys.stdout.replace(dkim_selector ~ '._domainkey\tIN\tTXT\t( \"', '').replace('\t', '').replace('\n', '').replace('\" \"', '').replace('\" ) ; ----- DKIM key ' ~ dkim_selector ~ ' for ' ~ domain_item, '') }}" # noqa no-tabs we need tabs in this content + current_dkim_record: "{{ lookup('community.general.dig', dkim_selector ~ '._domainkey.' ~ domain_item ~ './TXT').replace('\" \"', '') }}" # noqa no-tabs we need tabs in this content - name: "Set up the {{ dkim_selector }}._domainkey.{{ domain_item }} TXT record" # noqa name[template] we need to be informative, even if we deviate from the standards ansible.builtin.import_tasks: add_dns_record.yml vars: diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 3953f4e..59c7358 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -1,6 +1,6 @@ --- - name: "Set up ACME challenge TXT records for {{ challenge_item.key }}" # noqa name[template] we need to be informative, even if we deviate from the standards - ansible.builtin.import_tasks:: add_dns_record.yml + ansible.builtin.import_tasks: add_dns_record.yml vars: record: zone: "{{ challenge_item.key|replace('*.', '') }}" diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml index 9d401e7..9c13d96 100644 --- a/tasks/read_wireguard_config.yml +++ b/tasks/read_wireguard_config.yml @@ -1,20 +1,18 @@ --- - name: Check if WireGuard config exists - stat: + ansible.builtin.stat: path: "{{ wg_config_file }}" register: wg_config_file_info - name: Read existing WireGuard config into variable when: wg_config_file_info.stat.exists block: - name: Read WireGuard config file - slurp: + ansible.builtin.slurp: src: "{{ wg_config_file }}" register: wg_config_content - name: Gather WiregGuard config lines ansible.builtin.set_fact: wireguard_config_lines: "{{ wg_config_content.content|b64decode|split('\n') }}" - - ansible.builtin.debug: - var: wg_config_lines - name: Gather WireGuard config sections ansible.builtin.include_tasks: gather_wireguard_config_sections.yml vars: diff --git a/tasks/spamassassin.yml b/tasks/spamassassin.yml index 9a45cf9..36a1ce5 100644 --- a/tasks/spamassassin.yml +++ b/tasks/spamassassin.yml @@ -3,12 +3,21 @@ ansible.builtin.file: path: /var/lib/razor/ state: directory + owner: root + group: root + mode: u=rwX,go=rX - name: Create Razor account ansible.builtin.command: razor-admin -create -home=/var/lib/razor + register: create_razor_account + changed_when: create_razor_account.rc == 0 - name: Discover Razor account ansible.builtin.command: razor-admin -discover -home=/var/lib/razor + register: discover_razor_account + changed_when: discover_razor_account.rc == 0 - name: Register Razor account ansible.builtin.command: razor-admin -register -home=/var/lib/razor + register: register_razor_account + changed_when: register_razor_account.rc == 0 - name: Configure SPAMAssassin options ansible.builtin.lineinfile: regexp: 'SPAMDOPTIONS' diff --git a/tasks/ssl.yml b/tasks/ssl.yml index f7ebc12..681680e 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -103,11 +103,13 @@ insertafter: EOF create: true backup: yes + owner: root + group: root + mode: u=rw,go= loop: - { key: "EXEC_PROPAGATION_TIMEOUT", value: 4242 } - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - - name: Generate LetsEncrypt certificates # ansible.builtin.command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" ansible.builtin.command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" @@ -115,6 +117,8 @@ EXEC_PROPAGATION_TIMEOUT: 4242 PDNS_API_URL: http://127.0.0.1:8081/ PDNS_API_KEY: "{{ powerdns_api_key }}" + register: generate_certificates + changed_when: generate_certificates.rc == 0 - name: Create symlink to the full certificate chain ansible.builtin.file: path: "/etc/letsencrypt/live/{{ mailserver_domain }}/cert.pem" @@ -131,7 +135,7 @@ src: "/etc/letsencrypt/certificates/{{ mailserver_domain }}.key" state: link - name: Allow Apache to reach letsencrypt keys - acl: + ansible.posix.acl: path: "{{ item.path }}" entity: "{{ item.entity }}" etype: "{{ item.etype }}" diff --git a/tasks/webdav.yml b/tasks/webdav.yml index 52065dc..fcb546a 100644 --- a/tasks/webdav.yml +++ b/tasks/webdav.yml @@ -14,11 +14,12 @@ owner: apache group: apache state: directory + mode: ug=rwX,o=rX become: true become_user: apache - name: BindFS mount SSL certificates to WebDav tags: ssl - mount: + ansible.posix.mount: path: /var/www/html/webdav/.certificates src: /etc/letsencrypt/certificates opts: map=root/apache:@root/@apache,perms=u=rwX:g=rwX, @@ -26,12 +27,14 @@ fstype: fuse.bindfs - name: Set up SELinux rules for WebDAV tags: wireguard - when: "{{ getenforce.stdout != 'Disabled' }}" + when: getenforce.stdout != 'Disabled' block: - name: Set SELinux context on WebDAV directory - sefcontext: + community.general.sefcontext: target: '/var/www/html/webdav(/.*)?' setype: httpd_sys_rw_content_t state: present - name: Apply SELinux file context on WebDAV directory ansible.builtin.command: restorecon -irv /var/www/html/webdav + register: restore_webdav_selinux_context + changed_when: restore_webdav_selinux_context.rc == 0 diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index 3912136..b334f2d 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -14,6 +14,9 @@ ansible.builtin.lineinfile: path: "/etc/modules-load.d/{{ item }}.conf" line: "{{ item }}" + owner: root + group: root + mode: u=rw,go=r create: yes backup: yes loop: @@ -35,6 +38,9 @@ ansible.builtin.file: path: "{{ item }}" state: directory + owner: root + group: root + mode: u=rwX,go=rX loop: - /etc/wireguard/clients - /etc/wireguard/helper @@ -42,7 +48,7 @@ - /var/www/html/.vpn notify: Restart WireGuard - name: BindFS mount the WireGuard directory - mount: + ansible.posix.mount: path: "{{ item }}" src: /etc/wireguard opts: map=root/apache:@root/@apache,perms=u=rwX:g=rwX, @@ -100,6 +106,9 @@ ansible.builtin.template: src: wireguard/htaccess.j2 dest: /etc/wireguard/.htaccess + owner: root + group: apache + mode: ug=rw,o= backup: yes - name: Generate server config ansible.builtin.template: @@ -114,6 +123,7 @@ name: "{{ wireguard.config_dir }}/clients/{{ item }}" owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" + mode: u=rwX,g=rX,o= loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Generate client configs @@ -122,6 +132,7 @@ dest: "{{ wireguard.config_dir }}/clients/{{ wg_client }}/wg0.conf" owner: "{{ wg_configs[wg_client]['owner'] }}" group: "{{ wg_configs[wg_client]['owner'] }}" + mode: u=rw,g=r,o= backup: yes loop: "{{ wg_configs.keys() }}" loop_control: @@ -146,6 +157,7 @@ owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" state: directory + mode: u=rwX,g=rX,o= become: true become_user: "{{ wg_configs[item]['owner'] }}" loop: "{{ wg_configs.keys() }}" @@ -156,10 +168,11 @@ state: directory owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" + mode: u=rwX,g=rX,o= loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Allow access to VPN configs - mount: + ansible.posix.mount: src: "{{ wireguard.config_dir }}/clients/{{ item }}" path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}" opts: "force-user={{ wg_configs[item]['owner'] }},force-group={{ wg_configs[item]['owner'] }},perms=u=rwX:g=rwX" @@ -174,11 +187,14 @@ executable: /usr/bin/bash loop: "{{ wg_configs.keys() }}" when: item != "server" + register: generate_vpn_qr_codes + changed_when: generate_vpn_qr_codes.item.rc == 0 - name: Allow access to QR codes ansible.builtin.file: path: "{{ user_home[wg_configs[item]['owner']] }}/public_html/.vpn/{{ item }}/wg0.png" owner: "{{ wg_configs[item]['owner'] }}" group: "{{ wg_configs[item]['owner'] }}" + mode: u=rw,g=r,o= loop: "{{ wg_configs.keys() }}" when: item != "server" - name: Add DynDNS NS records @@ -390,6 +406,10 @@ ansible.builtin.copy: src: systemd/wg_vpn.path dest: /etc/systemd/system/wg_vpn.path + mode: u=rw,og=r + backup: yes + owner: root + group: root notify: Restart WireGuard - name: Deploy WireGuard config loader SystemD service tags: wireguard @@ -397,12 +417,17 @@ src: systemd/wg_vpn.service.j2 dest: /etc/systemd/system/wg_vpn.service backup: yes + mode: u=rw,og=r + owner: root + group: root notify: Restart WireGuard - name: Deploy WireGuard routing helper scripts tags: wireguard ansible.builtin.template: src: wireguard/{{ item }}.j2 dest: /etc/wireguard/helper/{{ item }} + owner: root + group: root mode: ug=rwx,o=x backup: yes loop: From cc78983cd71d882ce0f38c26b60dd1df084075c3 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:36:10 +0200 Subject: [PATCH 177/181] handle leftover linter errors --- tasks/packages.yml | 2 +- tasks/postfix.yml | 4 ++-- tasks/postfixadmin.yml | 16 +++++++--------- tasks/poweradmin.yml | 36 ++++++++++++++++++------------------ tasks/ssl.yml | 1 - tests/test.yml | 3 ++- 6 files changed, 30 insertions(+), 32 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index d6a78d5..a7dc417 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -185,7 +185,7 @@ register: dnf_repolist changed_when: dnf_repolist.rc == 0 - name: Enable the COPR repositories - when: "{{ ('copr:copr.fedorainfracloud.org:' ~ (item | split(' ') | first | replace('@', 'group_') | replace('/', ':'))) not in dnf_repolist.stdout }}" + when: "{{ ('copr:copr.fedorainfracloud.org:' ~ (item | split(' ') | first | replace('@', 'group_') | replace('/', ':'))) not in dnf_repolist.stdout }}" # noqa no-jinja-when this logic starts with a varable concatenation, no other way I found to do such ansible.builtin.command: "dnf copr enable -y {{ item }}" tags: - ldap diff --git a/tasks/postfix.yml b/tasks/postfix.yml index ff47c73..86b90dc 100644 --- a/tasks/postfix.yml +++ b/tasks/postfix.yml @@ -189,6 +189,7 @@ reject_unknown_helo_hostname notify: Restart postfix - name: Set up HELO access whitelist + when: helo_access is defined block: - name: Create HELO access whitelist ansible.builtin.lineinfile: @@ -207,8 +208,8 @@ ansible.builtin.command: postmap /etc/postfix/helo_access register: generate_helo_access changed_when: generate_helo_access.rc == 0 - when: helo_access is defined - name: Set up RBL whitelist + when: rbl_override is defined block: - name: Create RBL whitelist ansible.builtin.lineinfile: @@ -227,7 +228,6 @@ ansible.builtin.command: postmap /etc/postfix/rbl_override register: generate_rbl_override changed_when: generate_rbl_override.rc == 0 - when: rbl_override is defined - name: Set Postgrey whitelist ansible.builtin.lineinfile: line: '{{ item }}' diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml index 8cfec7b..09384ac 100644 --- a/tasks/postfixadmin.yml +++ b/tasks/postfixadmin.yml @@ -1,13 +1,11 @@ --- -- name: Get latest postfixadmin version - block: - - name: Get URL for latest release - ansible.builtin.uri: - url: https://github.com/postfixadmin/postfixadmin/releases/latest - register: postfixadmin_download_site - - name: Parse version - ansible.builtin.set_fact: - postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-', '') }}" +- name: Get URL for latest release + ansible.builtin.uri: + url: https://github.com/postfixadmin/postfixadmin/releases/latest + register: postfixadmin_download_site +- name: Parse version + ansible.builtin.set_fact: + postfixadmin_version: "{{ postfixadmin_download_site.url | replace('https://github.com/postfixadmin/postfixadmin/releases/tag/postfixadmin-', '') }}" - name: Unpack postfixadmin ansible.builtin.unarchive: src: "https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-{{ postfixadmin_version }}.tar.gz" diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index 4e5ee4b..f2b561f 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -74,15 +74,15 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" @@ -96,15 +96,15 @@ login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}' login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}' query: - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') - - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) - - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_templ` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (41, 'zone_master_add', 'User is allowed to add new master zones.'), (42, 'zone_slave_add', 'User is allowed to add new slave zones.'), (43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.'), (44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.'), (45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.'), (46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.'), (47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.'), (48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.'), (49, 'search', 'User is allowed to perform searches.'), (50, 'supermaster_view', 'User is allowed to view supermasters.'), (51, 'supermaster_add', 'User is allowed to add new supermasters.'), (52, 'supermaster_edit', 'User is allowed to edit supermasters.'), (53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.'), (54, 'user_view_others', 'User is allowed to see other users and their details.'), (55, 'user_add_new', 'User is allowed to add new users.'), (56, 'user_edit_own', 'User is allowed to edit their own details.'), (57, 'user_edit_others', 'User is allowed to edit other users.'), (58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.'), (59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.'), (60, 'templ_perm_add', 'User is allowed to add new permission templates.'), (61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.'), (62, 'zone_content_edit_own_as_client', 'User is allowed to edit record, but not SOA and NS.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (1, 'Administrator', 'Administrator template with full rights.') + - REPLACE INTO `perm_items` (`id`, `name`, `descr`) VALUES (2, 'Dynamic', 'For DNS updates') + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (1, 1, 53) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (2, 2, 44) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (3, 2, 43) + - REPLACE INTO `perm_templ_items` (`id`, `templ_id`, `perm_id`) VALUES (4, 2, 41) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (1, 'admin', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Administrator', 'hostmaster@{{ mailserver_domain }}', 'Administrator with full rights.', 1, 1, 0) - REPLACE INTO `users` (`id`, `username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES (2, 'dyndns', '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}', 'Dynamic DNS', 'dyndns@{{ mailserver_domain }}', 'User for dynamic DNS updates', 2, 1, 0) - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, id, 2, '', 0 FROM domains WHERE name = 'dyndns.{{ mailserver_domain }}'" diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 681680e..29699b3 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -111,7 +111,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Generate LetsEncrypt certificates - # ansible.builtin.command: "/usr/local/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" ansible.builtin.command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" environment: EXEC_PROPAGATION_TIMEOUT: 4242 diff --git a/tests/test.yml b/tests/test.yml index 75f6348..232fea4 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Deploy mail server + hosts: all remote_user: root gather_facts: true roles: From 062f122d9248c538d29c71f5c7e6df9b9e1129e1 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:40:51 +0200 Subject: [PATCH 178/181] handle last linter errors --- tasks/poweradmin.yml | 2 +- tasks/ssl.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml index f2b561f..b29c74e 100644 --- a/tasks/poweradmin.yml +++ b/tasks/poweradmin.yml @@ -3,6 +3,7 @@ tags: - dyndns - poweradmin + when: 'public_dns == "yes"' block: # - name: Get URL for latest release # uri: @@ -12,7 +13,6 @@ ansible.builtin.set_fact: # poweradmin_version: "{{ poweradmin_download_site.url | replace('https://github.com/poweradmin/poweradmin/releases/tag/v','') }}" poweradmin_version: 3.4.2 # enforcing PowerAdmin with a verion which supports PHP 7 to avoid package clash with other packages - when: 'public_dns == "yes"' - name: Unpack PowerAdmin tags: - dyndns diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 29699b3..b992b91 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,5 +1,6 @@ --- - name: Determine ACME directory + # noqa schema[tasks] no idea what the linter complains about, but this system does work ansible.builtin.set_fact: acme_directory: "https://acme-{{ 'staging-' if production is not defined or not production else '' }}v02.api.letsencrypt.org/directory" - name: Create Certbot config directories From a30a56d813ac88cf65b16cc94e3bbadba9f29c15 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:46:10 +0200 Subject: [PATCH 179/181] handle last linter error --- tasks/ssl.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index b992b91..d05c530 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -112,6 +112,7 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Generate LetsEncrypt certificates + # noqa schema[tasks] no idea what the linter complains about, but this system does work ansible.builtin.command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" environment: EXEC_PROPAGATION_TIMEOUT: 4242 From a1e288c698af39130d390fbdd766c24265ce23da Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:48:27 +0200 Subject: [PATCH 180/181] improve spacing --- defaults/main.yml | 10 +++++----- tasks/propagate_ssl_txt_records.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4eea415..4d09c5c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -43,13 +43,13 @@ spamassassin_rules: value: > /(hi|hello|dear) ( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} - {%- for user in users | default([]) %} + {%- for user in users | default( [] ) %} {%- set mail_users = mail_users.append( user['name'] ) %} {%- endfor %} {{- mail_users | join('|') -}} )@( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains | default([]) %} + {%- for domain in custom_domains | default( [] ) %} {%- set domains = domains.append( domain ) %} {%- endfor %} {{- domains | join('|') -}} @@ -81,13 +81,13 @@ spamassassin_rules: value: > Subject =~ /( {%- set mail_users = ['root','postmaster','abuse','hostmaster','webmaster','dmarc-reports'] %} - {%- for user in users | default([]) %} + {%- for user in users | default( [] ) %} {%- set mail_users = mail_users.append( user['name'] ) %} {%- endfor %} {{- mail_users | join('|') -}} )@( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains | default([]) %} + {%- for domain in custom_domains | default( [] ) %} {%- set domains = domains.append( domain ) %} {%- endfor %} {{- domains | join('|') -}} @@ -100,7 +100,7 @@ spamassassin_rules: value: > To =~ /( {%- set domains = [mailserver_domain] %} - {%- for domain in custom_domains | default([]) %} + {%- for domain in custom_domains | default( [] ) %} {%- set domains = domains.append( domain ) %} {%- endfor %} {{- domains | join('|') -}} diff --git a/tasks/propagate_ssl_txt_records.yml b/tasks/propagate_ssl_txt_records.yml index 59c7358..08e6cee 100644 --- a/tasks/propagate_ssl_txt_records.yml +++ b/tasks/propagate_ssl_txt_records.yml @@ -3,7 +3,7 @@ ansible.builtin.import_tasks: add_dns_record.yml vars: record: - zone: "{{ challenge_item.key|replace('*.', '') }}" + zone: "{{ challenge_item.key | replace('*.', '') }}" name: "{{ challenge_item.value['dns-01'].resource }}" type: TXT content: "{{ challenge_item.value['dns-01'].resource_value }}" From f097a865104feb887309546669d73ebfd7ade287 Mon Sep 17 00:00:00 2001 From: Akos Balla Date: Sat, 28 Oct 2023 00:53:57 +0200 Subject: [PATCH 181/181] add linter ignore file --- .ansible-lint-ignore | 1 + tasks/ssl.yml | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) create mode 100644 .ansible-lint-ignore diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 0000000..b4d990f --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1 @@ +tasks/ssl.yml schema[tasks] # no idea why the linter complains on this one, the whole thing works diff --git a/tasks/ssl.yml b/tasks/ssl.yml index d05c530..29699b3 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,6 +1,5 @@ --- - name: Determine ACME directory - # noqa schema[tasks] no idea what the linter complains about, but this system does work ansible.builtin.set_fact: acme_directory: "https://acme-{{ 'staging-' if production is not defined or not production else '' }}v02.api.letsencrypt.org/directory" - name: Create Certbot config directories @@ -112,7 +111,6 @@ - { key: "PDNS_API_URL", value: http://127.0.0.1:8081/ } - { key: "PDNS_API_KEY", value: "{{ powerdns_api_key }}" } - name: Generate LetsEncrypt certificates - # noqa schema[tasks] no idea what the linter complains about, but this system does work ansible.builtin.command: "/usr/bin/lego -a --dns.disable-cp=1 --dns-timeout 4242 --dns.resolvers {{ ansible_default_ipv4.address }} --email ssl@{{ mailserver_domain }} --dns pdns {% for custom_domain in [mailserver_domain] + custom_domains %}-d {{ custom_domain }} -d *.{{ custom_domain }} {% endfor %}-d '*.dyndns.{{ mailserver_domain }}' -d '*.vpn.{{ mailserver_domain }}' --server {{ acme_directory }} --path /etc/letsencrypt --pem run --must-staple" environment: EXEC_PROPAGATION_TIMEOUT: 4242