WIP

README.md

@@ -37,11 +37,15 @@ Following roles have been defined to make creating a server configuration easy:
 - **node** defines roles for setting up node applications
   - **application** installs the main application
 - **server** defines roles using different kind of server applications, applications will be configured using separated system users
+  - **firefox-sync** sets up a syncserver for Mozilla Firefox
   - **gitea** sets up a git repository using *Gitea* as web overlay
   - **nextcloud** sets up a cloud storage using *NextCloud*
   - **node** sets up a *Node.js* server from a repository with a database expecting it can be configured by command arguments
+  - **php** sets up a PHP webpage from a repository
   - **spotme** sets up a SpotMe server
   - **static** sets up a static virtual server with files from a repository
+  - **tt-rss** sets up a RSS feed using *TinyTinyRSS*
+  - **typo3** defines a CMS using *typo3*
 - **wireguard** defines roles to handle a *WireGuard* configuration across different servers
   - **application** installs and configures the main application
   - **special_client** creates a configuration for a device not configurable by Ansible and stores it locally

roles/autorelease/application/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+

roles/autorelease/repository/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+
+dest: ""

roles/autorelease/repository/tasks/main.yml

@@ -0,0 +1 @@
+---

roles/mail/smtp_application/handlers/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: restart opendkim
+  service:
+    name: opendkim
+    state: restarted
+
+- name: restart opendmarc
+  service:
+    name: opendmarc
+    state: restarted
+
+- name: restart postfix
+  service:
+    name: postfix
+    state: restarted
+
+- name: restart saslauthd
+  service:
+    name: saslauthd
+    state: restarted
+
+- name: restart spamassassin
+  service:
+    name: spamassassin
+    state: restarted
+# TODO Enable

roles/mail/smtp_application/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Install required packages
+  apt:
+    state: present
+    name:
+      - ca-certificates
+      - mailutils
+      - libsasl2-2
+      - libsasl2-modules
+      - opendkim
+      - opendkim-tools
+      - opendmarc
+      - postfix
+      - postfix-policyd-spf-python
+      - sasl2-bin
+      - spamassassin
+      - spamc

roles/misc/ssh_tg_notify/templates/sendNotification.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+local USERID="<Enter_the_user_id_of_the_recipient>"
+local KEY="<The_key_of_your_telegram_bot>"
+local TIMEOUT="10"
+local URL="https://api.telegram.org/bot$KEY/sendMessage"
+local DATE_EXEC="$(date "+%d %b %Y %H:%M")" #Collect date & time.
+if [ -n "$SSH_CLIENT" ] && [ -z "$TMUX" ]; then #Trigger
+  IP=$(echo $SSH_CLIENT | awk '{print $1}') #Get Client IP address.
+  PORT=$(echo $SSH_CLIENT | awk '{print $3}') #Get SSH port
+  HOSTNAME=$(hostname -f) #Get hostname
+  IPADDR=$(hostname -I | awk '{print $1}')
+  TEXT="$DATE_EXEC: ${USER} logged in to $HOSTNAME ($IPADDR) from $IP - $(curl https://ipinfo.io/$IP -s | jq -r '.org + " - " + .city + ", " + .region + ", " + .country') port $PORT"
+  curl -s --max-time $TIMEOUT -d "chat_id=$USERID&disable_web_page_preview=1&text=$TEXT" $URL > /dev/null
+  rm $TMPFILE #clean up after
+fi

roles/nginx/TODO

@@ -0,0 +1,11 @@
+TODOs:
+
+- PHP OPCache Configuration
+File: /etc/php/7.0/fpm/php.ini (check path)
+opcache.enable=1
+opcache.enable_cli=1
+opcache.memory_consumption=128
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.revalidate_freq=1
+opcache.save_comments=1

roles/nginx/php/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+
+# domain: "example.com"
+# system_user: "www-data"
+# src: "/of/php/files"
+# pool_name from nginx/php-pool
+# TODO includes: ...

roles/nginx/php/meta/main.yml

@@ -0,0 +1,12 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - role: nginx/application
+  - role: acme/certificate
+    # domain
+  - role: nginx/php-pool
+    # system_user
+    # src
+    # pool_name

roles/nginx/php/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure forward in nginx
+  template:
+    src: server.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx

roles/nginx/php/templates/server.conf

@@ -0,0 +1,31 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;
+
+  index index.php index.html index.htm index.nginx-debian.html;
+  root {{ src }};
+  fastcgi_hide_header X-Powered-By;
+
+  location ~\.php$ {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    try_files $uri =404;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_param HTTPS on;
+    fastcgi_param modHeadersAvailable true;
+    fastcgi_param front_controller_active true;
+    fastcgi_pass {{ pool_name }};
+    fastcgi_intercept_errors on;
+    fastcgi_request_buffering off;
+  }
+}

roles/server/mail_deprecated/README.md

@@ -0,0 +1,5 @@
+# Mail Module
+
+Configures a fully enabled mail server
+with integration into NextCloud
+following https://123qwe.com/tutorial/

roles/server/mail_deprecated/defaults/aptlist2

@@ -0,0 +1,21 @@
+- php-apcu
+- php-bz2
+- php-curl
+- php-dom
+- php-fileinfo
+- php-gd
+- php-iconv
+- php-imagick
+- php-intl
+- php-json
+- php-mbstring
+- php-mcrypt
+- php-posix
+- php-simplexml
+- php-xmlreader
+- php-xmlwriter
+- php-zip
+- php-curl
+- php-gd
+- php-bz2
+- php-apcu

roles/server/mail_deprecated/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+
+mail_domains:
+  - example.com
+mail_main_domain: "{{ mail_domains[0] }}"
+mail_server_domain: "mail.{{ mail_main_domain }}"
+
+mail_postmaster_address: "postmaster@{{ mail_main_domain }}"
+
+mail_sql_database: "mail_server"
+mail_sql_username: "mail_user"
+mail_sql_password: "TODO"
+mail_nextcloud_sql_username: "mail_nextcloud"
+mail_nextcloud_sql_password: "TODO"
+
+mail_postfix_username: "postfix"
+mail_postfix_configuration_directory: "/etc/postfix"
+mail_postfix_message_size_limit: 52428800 # 50 MB

roles/server/mail_deprecated/files/maildb.sql

@@ -0,0 +1,7 @@
+USE DATABASE mail_server;
+
+-- TODO Database transfer from local phpmyadmin
+-- TODO Workaround for rule
+
+CREATE TABLE domains (
+)

roles/server/mail_deprecated/meta/main.yml

@@ -0,0 +1,7 @@
+---
+
+dependencies:
+  - role: acme/certificate
+    domain: "{{ mail_main_domain }}"
+  - role: mysql/application # TODO Repl
+  - role: nginx/application # TODO Repl

roles/server/mail_deprecated/tasks/dns.yml

@@ -0,0 +1,9 @@
+# TODO Create following DNS entries
+
+# A Record (TODO move)
+# AAAA Record (TODO move)
+
+# For each mail domain by mail_domains
+# {{ mail_domain }} MX 10 {{ mail_server_domain }}
+# {{ mail_domain }} TXT v=spf1 mx -all
+# _dmarc.{{ mail_domain }} TXT v=DMARC1; aspf=s; adkim=s; pct=100; p=reject; rua=mailto:{{ mail_postmaster_address }};

roles/server/mail_deprecated/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Configure DNS entries
+  include_tasks: dns.yml
+
+- name: Register apt key for rspamd
+  apt_key:
+    id: 3FA347D5E599BE4595CA2576FFA232EDBF21E25E
+    url: https://rspamd.com/apt-stable/gpg.key
+
+- name: Register apt repository for rspamd
+  apt_repository:
+    repo: "deb http://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
+    filename: rspamd
+
+- name: Install required packages
+  apt:
+    state: present
+    name:
+      - dovecot-imapd
+      - dovecot-mysql
+      - dovecot-lmtpd
+      - dovecot-sieve
+      - dovecot-managesieved
+      - postfix
+      - postfix-mysql
+      - rspamd
+    update_cache: yes # TODO If added repository

roles/server/mail_deprecated/tasks/postfix.yml

@@ -0,0 +1,17 @@
+---
+
+- template:
+    dest: "{{ mail_postfix_configuration_directory }}/{{ item }}"
+    group: "{{ mail_postfix_username }}"
+    mode: 0640
+    owner: root
+    src: "{{ item }}"
+  loop:
+    - mysql-virtual-alias-maps.cf
+    - mysql-virtual-mailbox-domains.cf
+    - mysql-virtual-mailbox-maps.cf
+
+- template:
+    dest: "{{ mail_postfix_configuration_directory }}/main.cf"
+    src: "main.cf"
+    validate: postfix check

roles/server/mail_deprecated/templates/main.cf

@@ -0,0 +1,55 @@
+myhostname={{ mail_main_domain }}
+
+smptd_tls_cert_file={{ acme_certificates_directory }}/{{ mail_main_domain }}.crt
+smptd_tls_key_file={{ acme_certificates_directory }}/{{ mail_main_domain }}.key
+smtpd_tls_security_level=may
+smtpd_tls_auth_only=yes
+
+smtp_tls_security_level=may
+
+smtpd_sasl_type=dovecot
+smtpd_sasl_path=private/auth
+smtpd_sasl_auth_enable=yes
+
+virtual_mailbox_domains=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-domains.cf
+virtual_mailbox_maps=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-maps.cf
+virtual_alias_maps=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-alias-maps.cf
+
+virtual_transport=lmtp:unix:private/dovecot-lmtp
+
+smtpd_client_restrictions =
+  permit_mynetworks
+  permit_sasl_authenticated
+  reject_unknown_reverse_client_hostname
+
+smtpd_helo_restrictions =
+  permit_mynetworks
+  permit_sasl_authenticated
+  reject_invalid_helo_hostname
+  reject_non_fqdn_helo_hostname
+  reject_unknown_helo_hostname
+smtpd_helo_required=yes
+
+smtpd_sender_login_maps=
+  mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-domains.cf
+  mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-alias-maps.cf
+
+smtpd_sender_restrictions =
+  reject_non_fqdn_sender
+  reject_sender_login_mismatch
+  reject_unknown_sender_domain
+
+smtpd_relay_restrictions =
+  permit_sasl_authenticated
+  reject_unauth_destination
+
+smtpd_recipient_restrictions =
+  reject_non_fqdn_recipient
+  reject_unknown_recipient_domain
+  reject_unauth_pipelining
+
+message_size_limit={{ mail_postfix_message_size_limit }}
+
+smtpd_milters=inet:127.0.0.1:11332
+non_smtpd_milters=inet:127.0.0.1:11332
+milter_mail_macros=i {mail_addr} {client_addr} {client_name} {auth_authen}

roles/server/mail_deprecated/templates/mysql-virtual-alias-maps.cf

@@ -0,0 +1,5 @@
+user = {{ mail_sql_username }}
+password = {{ mail_sql_password }}
+hosts = 127.0.0.1
+dbname = {{ mail_sql_database }}
+query = SELECT destination_local || '@' || destination_domain FROM aliases WHERE source_local='%u' AND source_domain='%d';

roles/server/mail_deprecated/templates/mysql-virtual-mailbox-domains.cf

@@ -0,0 +1,5 @@
+user = {{ mail_sql_username }}
+password = {{ mail_sql_password }}
+hosts = 127.0.0.1
+dbname = {{ mail_sql_database }}
+query = SELECT * FROM domains WHERE domain='%s'

roles/server/mail_deprecated/templates/mysql-virtual-mailbox-maps.cf

@@ -0,0 +1,5 @@
+user = {{ mail_sql_username }}
+password = {{ mail_sql_password }}
+hosts = 127.0.0.1
+dbname = {{ mail_sql_database }}
+query = SELECT fqda FROM users_fqda WHERE fqda='%s';

roles/server/typo3/meta/main.yml

@@ -0,0 +1,3 @@
+---
+
+allow_duplicates: yes

roles/server/typo3/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Install required packages
+  apt:
+    state: present
+    name:
+      - composer

svg/banananetwork.svg

@@ -0,0 +1,44 @@
+<svg version="1.2" viewBox="0 -4 100 100" xmlns="http://www.w3.org/2000/svg">
+    <defs>
+        <linearGradient id="fadeInOutCable" gradientUnits="userSpaceOnUse" x1="0%" x2="1" y1="0" y2="0">
+            <stop offset="0%" stop-color="rgb(220,220,0)" stop-opacity="0" />
+            <stop offset="15%" stop-color="rgb(220,220,0)" stop-opacity="0.2" />
+            <stop offset="30%" stop-color="rgb(220,220,0)" stop-opacity="1" />
+            <stop offset="70%" stop-color="rgb(220,220,0)" stop-opacity="1" />
+            <stop offset="85%" stop-color="rgb(220,220,0)" stop-opacity="0.2" />
+            <stop offset="100%" stop-color="rgb(220,220,0)" stop-opacity="0" />
+        </linearGradient>
+        <linearGradient id="fadeInOutBlack" gradientUnits="userSpaceOnUse" x1="0%" x2="1" y1="0" y2="0">
+            <stop offset="0%" stop-color="rgb(0,0,0)" stop-opacity="0" />
+            <stop offset="15%" stop-color="rgb(0,0,0)" stop-opacity="0.2" />
+            <stop offset="30%" stop-color="rgb(0,0,0)" stop-opacity="1" />
+            <stop offset="70%" stop-color="rgb(0,0,0)" stop-opacity="1" />
+            <stop offset="85%" stop-color="rgb(0,0,0)" stop-opacity="0.2" />
+            <stop offset="100%" stop-color="rgb(0,0,0)" stop-opacity="0" />
+        </linearGradient>
+        <g id="cableElement">
+            <line x1="0" y1="0" x2="1" y2="0" stroke="url(#fadeInOutCable)" stroke-width="5" />
+            <line x1="0" y1="-3" x2="1" y2="-3" stroke="url(#fadeInOutBlack)" stroke-width="1" />
+            <line x1="0" y1="3" x2="1" y2="3" stroke="url(#fadeInOutBlack)" stroke-width="1" />
+        </g>
+        <g id="banana">
+            <path d="M 1 -1.4 c 0 -3, 3 -4, 3 -8 c 0 -6, 0 -20, -16 -36 c -6 -6, -12 0, -6 6 c 8 8, 14 22, 14 30 c 0 4, 3 5, 3 8 c 0 3, 2 3, 2 0"
+                  stroke="rgb(0,0,0)" stroke-width="1" fill="rgb(255,225,53)" />
+        </g>
+        <g id="bananaTree">
+            <use xlink:href="#banana" transform="rotate(45)" />
+            <use xlink:href="#banana" transform="rotate(30)" />
+            <use xlink:href="#banana" transform="rotate(15)" />
+            <use xlink:href="#banana" transform="rotate(0)" />
+            <use xlink:href="#banana" transform="rotate(-15)" />
+            <use xlink:href="#banana" transform="rotate(-30)" />
+            <use xlink:href="#banana" transform="rotate(-45)" />
+        </g>
+    </defs>
+    <use xlink:href="#cableElement" x="0" y="8" transform="scale(100, 1)" />
+    <use xlink:href="#cableElement" transform="translate(50, 12) rotate(90) scale(14, 1)" />
+    <rect x="42" y="0" width="16" height="16" fill="rgb(220,220,220)" stroke="rgb(0,0,0)" stroke-width="2" />
+    <rect x="42" y="22" width="16" height="8" fill="rgb(0,180,0)" stroke="rgb(0,0,0)" stroke-width="2" />
+    <use xlink:href="#bananaTree" transform="translate(50, 26) rotate(200) scale(1.2)" />
+    <use xlink:href="#logo" transform="translate(44, 2) scale(0.12)" />
+</svg>

todo.md

@@ -0,0 +1,14 @@
+- Mail Server?
+- Firefox Syncserver
+- docker Installation?
+- fstab of some pcs
+
+Servers:
+- nvak !!FAST!!
+- hardie.khitomer
+- morska
+  - VNC
+- rurapenthe
+  - simple docker client
+- master.qonos
+- zockerpc.khitomer (simple configuration)