Felix Stupp 5 years ago
parent 6592f40e7b
commit fdf19c4e26
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -37,11 +37,15 @@ Following roles have been defined to make creating a server configuration easy:
- **node** defines roles for setting up node applications - **node** defines roles for setting up node applications
- **application** installs the main application - **application** installs the main application
- **server** defines roles using different kind of server applications, applications will be configured using separated system users - **server** defines roles using different kind of server applications, applications will be configured using separated system users
- **firefox-sync** sets up a syncserver for Mozilla Firefox
- **gitea** sets up a git repository using *Gitea* as web overlay - **gitea** sets up a git repository using *Gitea* as web overlay
- **nextcloud** sets up a cloud storage using *NextCloud* - **nextcloud** sets up a cloud storage using *NextCloud*
- **node** sets up a *Node.js* server from a repository with a database expecting it can be configured by command arguments - **node** sets up a *Node.js* server from a repository with a database expecting it can be configured by command arguments
- **php** sets up a PHP webpage from a repository
- **spotme** sets up a SpotMe server - **spotme** sets up a SpotMe server
- **static** sets up a static virtual server with files from a repository - **static** sets up a static virtual server with files from a repository
- **tt-rss** sets up a RSS feed using *TinyTinyRSS*
- **typo3** defines a CMS using *typo3*
- **wireguard** defines roles to handle a *WireGuard* configuration across different servers - **wireguard** defines roles to handle a *WireGuard* configuration across different servers
- **application** installs and configures the main application - **application** installs and configures the main application
- **special_client** creates a configuration for a device not configurable by Ansible and stores it locally - **special_client** creates a configuration for a device not configurable by Ansible and stores it locally

@ -0,0 +1,27 @@
---
- name: restart opendkim
service:
name: opendkim
state: restarted
- name: restart opendmarc
service:
name: opendmarc
state: restarted
- name: restart postfix
service:
name: postfix
state: restarted
- name: restart saslauthd
service:
name: saslauthd
state: restarted
- name: restart spamassassin
service:
name: spamassassin
state: restarted
# TODO Enable

@ -0,0 +1,18 @@
---
- name: Install required packages
apt:
state: present
name:
- ca-certificates
- mailutils
- libsasl2-2
- libsasl2-modules
- opendkim
- opendkim-tools
- opendmarc
- postfix
- postfix-policyd-spf-python
- sasl2-bin
- spamassassin
- spamc

@ -0,0 +1,16 @@
#!/bin/bash
local USERID="<Enter_the_user_id_of_the_recipient>"
local KEY="<The_key_of_your_telegram_bot>"
local TIMEOUT="10"
local URL="https://api.telegram.org/bot$KEY/sendMessage"
local DATE_EXEC="$(date "+%d %b %Y %H:%M")" #Collect date & time.
if [ -n "$SSH_CLIENT" ] && [ -z "$TMUX" ]; then #Trigger
IP=$(echo $SSH_CLIENT | awk '{print $1}') #Get Client IP address.
PORT=$(echo $SSH_CLIENT | awk '{print $3}') #Get SSH port
HOSTNAME=$(hostname -f) #Get hostname
IPADDR=$(hostname -I | awk '{print $1}')
TEXT="$DATE_EXEC: ${USER} logged in to $HOSTNAME ($IPADDR) from $IP - $(curl https://ipinfo.io/$IP -s | jq -r '.org + " - " + .city + ", " + .region + ", " + .country') port $PORT"
curl -s --max-time $TIMEOUT -d "chat_id=$USERID&disable_web_page_preview=1&text=$TEXT" $URL > /dev/null
rm $TMPFILE #clean up after
fi

@ -0,0 +1,11 @@
TODOs:
- PHP OPCache Configuration
File: /etc/php/7.0/fpm/php.ini (check path)
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1

@ -0,0 +1,7 @@
---
# domain: "example.com"
# system_user: "www-data"
# src: "/of/php/files"
# pool_name from nginx/php-pool
# TODO includes: ...

@ -0,0 +1,12 @@
---
allow_duplicates: yes
dependencies:
- role: nginx/application
- role: acme/certificate
# domain
- role: nginx/php-pool
# system_user
# src
# pool_name

@ -0,0 +1,10 @@
---
- name: Configure forward in nginx
template:
src: server.conf
dest: "{{ nginx_sites_directory }}/{{ domain }}"
owner: root
group: root
mode: "u=rw,g=r,o=r"
notify: reload nginx

@ -0,0 +1,31 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ domain }};
ssl on;
ssl_certificate {{ acme_certificate_location }};
ssl_certificate_key {{ acme_key_location }};
include {{ nginx_snippets_directory }}/https;
include {{ nginx_snippets_directory }}/global;
index index.php index.html index.htm index.nginx-debian.html;
root {{ src }};
fastcgi_hide_header X-Powered-By;
location ~\.php$ {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
try_files $uri =404;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass {{ pool_name }};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
}

@ -0,0 +1,5 @@
# Mail Module
Configures a fully enabled mail server
with integration into NextCloud
following https://123qwe.com/tutorial/

@ -0,0 +1,21 @@
- php-apcu
- php-bz2
- php-curl
- php-dom
- php-fileinfo
- php-gd
- php-iconv
- php-imagick
- php-intl
- php-json
- php-mbstring
- php-mcrypt
- php-posix
- php-simplexml
- php-xmlreader
- php-xmlwriter
- php-zip
- php-curl
- php-gd
- php-bz2
- php-apcu

@ -0,0 +1,18 @@
---
mail_domains:
- example.com
mail_main_domain: "{{ mail_domains[0] }}"
mail_server_domain: "mail.{{ mail_main_domain }}"
mail_postmaster_address: "postmaster@{{ mail_main_domain }}"
mail_sql_database: "mail_server"
mail_sql_username: "mail_user"
mail_sql_password: "TODO"
mail_nextcloud_sql_username: "mail_nextcloud"
mail_nextcloud_sql_password: "TODO"
mail_postfix_username: "postfix"
mail_postfix_configuration_directory: "/etc/postfix"
mail_postfix_message_size_limit: 52428800 # 50 MB

@ -0,0 +1,7 @@
USE DATABASE mail_server;
-- TODO Database transfer from local phpmyadmin
-- TODO Workaround for rule
CREATE TABLE domains (
)

@ -0,0 +1,7 @@
---
dependencies:
- role: acme/certificate
domain: "{{ mail_main_domain }}"
- role: mysql/application # TODO Repl
- role: nginx/application # TODO Repl

@ -0,0 +1,9 @@
# TODO Create following DNS entries
# A Record (TODO move)
# AAAA Record (TODO move)
# For each mail domain by mail_domains
# {{ mail_domain }} MX 10 {{ mail_server_domain }}
# {{ mail_domain }} TXT v=spf1 mx -all
# _dmarc.{{ mail_domain }} TXT v=DMARC1; aspf=s; adkim=s; pct=100; p=reject; rua=mailto:{{ mail_postmaster_address }};

@ -0,0 +1,28 @@
---
- name: Configure DNS entries
include_tasks: dns.yml
- name: Register apt key for rspamd
apt_key:
id: 3FA347D5E599BE4595CA2576FFA232EDBF21E25E
url: https://rspamd.com/apt-stable/gpg.key
- name: Register apt repository for rspamd
apt_repository:
repo: "deb http://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
filename: rspamd
- name: Install required packages
apt:
state: present
name:
- dovecot-imapd
- dovecot-mysql
- dovecot-lmtpd
- dovecot-sieve
- dovecot-managesieved
- postfix
- postfix-mysql
- rspamd
update_cache: yes # TODO If added repository

@ -0,0 +1,17 @@
---
- template:
dest: "{{ mail_postfix_configuration_directory }}/{{ item }}"
group: "{{ mail_postfix_username }}"
mode: 0640
owner: root
src: "{{ item }}"
loop:
- mysql-virtual-alias-maps.cf
- mysql-virtual-mailbox-domains.cf
- mysql-virtual-mailbox-maps.cf
- template:
dest: "{{ mail_postfix_configuration_directory }}/main.cf"
src: "main.cf"
validate: postfix check

@ -0,0 +1,55 @@
myhostname={{ mail_main_domain }}
smptd_tls_cert_file={{ acme_certificates_directory }}/{{ mail_main_domain }}.crt
smptd_tls_key_file={{ acme_certificates_directory }}/{{ mail_main_domain }}.key
smtpd_tls_security_level=may
smtpd_tls_auth_only=yes
smtp_tls_security_level=may
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
virtual_mailbox_domains=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-maps.cf
virtual_alias_maps=mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-alias-maps.cf
virtual_transport=lmtp:unix:private/dovecot-lmtp
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unknown_reverse_client_hostname
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
smtpd_helo_required=yes
smtpd_sender_login_maps=
mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-mailbox-domains.cf
mysql:{{ mail_postfix_configuration_directory }}/mysql-virtual-alias-maps.cf
smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_sender_login_mismatch
reject_unknown_sender_domain
smtpd_relay_restrictions =
permit_sasl_authenticated
reject_unauth_destination
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unauth_pipelining
message_size_limit={{ mail_postfix_message_size_limit }}
smtpd_milters=inet:127.0.0.1:11332
non_smtpd_milters=inet:127.0.0.1:11332
milter_mail_macros=i {mail_addr} {client_addr} {client_name} {auth_authen}

@ -0,0 +1,5 @@
user = {{ mail_sql_username }}
password = {{ mail_sql_password }}
hosts = 127.0.0.1
dbname = {{ mail_sql_database }}
query = SELECT destination_local || '@' || destination_domain FROM aliases WHERE source_local='%u' AND source_domain='%d';

@ -0,0 +1,5 @@
user = {{ mail_sql_username }}
password = {{ mail_sql_password }}
hosts = 127.0.0.1
dbname = {{ mail_sql_database }}
query = SELECT * FROM domains WHERE domain='%s'

@ -0,0 +1,5 @@
user = {{ mail_sql_username }}
password = {{ mail_sql_password }}
hosts = 127.0.0.1
dbname = {{ mail_sql_database }}
query = SELECT fqda FROM users_fqda WHERE fqda='%s';

@ -0,0 +1,3 @@
---
allow_duplicates: yes

@ -0,0 +1,7 @@
---
- name: Install required packages
apt:
state: present
name:
- composer

Binary file not shown.

After

Width:  |  Height:  |  Size: 90 KiB

@ -0,0 +1,44 @@
<svg version="1.2" viewBox="0 -4 100 100" xmlns="http://www.w3.org/2000/svg">
<defs>
<linearGradient id="fadeInOutCable" gradientUnits="userSpaceOnUse" x1="0%" x2="1" y1="0" y2="0">
<stop offset="0%" stop-color="rgb(220,220,0)" stop-opacity="0" />
<stop offset="15%" stop-color="rgb(220,220,0)" stop-opacity="0.2" />
<stop offset="30%" stop-color="rgb(220,220,0)" stop-opacity="1" />
<stop offset="70%" stop-color="rgb(220,220,0)" stop-opacity="1" />
<stop offset="85%" stop-color="rgb(220,220,0)" stop-opacity="0.2" />
<stop offset="100%" stop-color="rgb(220,220,0)" stop-opacity="0" />
</linearGradient>
<linearGradient id="fadeInOutBlack" gradientUnits="userSpaceOnUse" x1="0%" x2="1" y1="0" y2="0">
<stop offset="0%" stop-color="rgb(0,0,0)" stop-opacity="0" />
<stop offset="15%" stop-color="rgb(0,0,0)" stop-opacity="0.2" />
<stop offset="30%" stop-color="rgb(0,0,0)" stop-opacity="1" />
<stop offset="70%" stop-color="rgb(0,0,0)" stop-opacity="1" />
<stop offset="85%" stop-color="rgb(0,0,0)" stop-opacity="0.2" />
<stop offset="100%" stop-color="rgb(0,0,0)" stop-opacity="0" />
</linearGradient>
<g id="cableElement">
<line x1="0" y1="0" x2="1" y2="0" stroke="url(#fadeInOutCable)" stroke-width="5" />
<line x1="0" y1="-3" x2="1" y2="-3" stroke="url(#fadeInOutBlack)" stroke-width="1" />
<line x1="0" y1="3" x2="1" y2="3" stroke="url(#fadeInOutBlack)" stroke-width="1" />
</g>
<g id="banana">
<path d="M 1 -1.4 c 0 -3, 3 -4, 3 -8 c 0 -6, 0 -20, -16 -36 c -6 -6, -12 0, -6 6 c 8 8, 14 22, 14 30 c 0 4, 3 5, 3 8 c 0 3, 2 3, 2 0"
stroke="rgb(0,0,0)" stroke-width="1" fill="rgb(255,225,53)" />
</g>
<g id="bananaTree">
<use xlink:href="#banana" transform="rotate(45)" />
<use xlink:href="#banana" transform="rotate(30)" />
<use xlink:href="#banana" transform="rotate(15)" />
<use xlink:href="#banana" transform="rotate(0)" />
<use xlink:href="#banana" transform="rotate(-15)" />
<use xlink:href="#banana" transform="rotate(-30)" />
<use xlink:href="#banana" transform="rotate(-45)" />
</g>
</defs>
<use xlink:href="#cableElement" x="0" y="8" transform="scale(100, 1)" />
<use xlink:href="#cableElement" transform="translate(50, 12) rotate(90) scale(14, 1)" />
<rect x="42" y="0" width="16" height="16" fill="rgb(220,220,220)" stroke="rgb(0,0,0)" stroke-width="2" />
<rect x="42" y="22" width="16" height="8" fill="rgb(0,180,0)" stroke="rgb(0,0,0)" stroke-width="2" />
<use xlink:href="#bananaTree" transform="translate(50, 26) rotate(200) scale(1.2)" />
<use xlink:href="#logo" transform="translate(44, 2) scale(0.12)" />
</svg>

After

Width:  |  Height:  |  Size: 2.9 KiB

@ -0,0 +1,14 @@
- Mail Server?
- Firefox Syncserver
- docker Installation?
- fstab of some pcs
Servers:
- nvak !!FAST!!
- hardie.khitomer
- morska
- VNC
- rurapenthe
- simple docker client
- master.qonos
- zockerpc.khitomer (simple configuration)
Loading…
Cancel
Save