master
Denis Knauf 2021-05-14 14:20:55 +02:00
commit 2fc94b54bd
7 changed files with 381 additions and 0 deletions

24
.gitignore vendored Normal file
View File

@ -0,0 +1,24 @@
# ---> Ansible
*.retry
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
!*.svg # comment out if you don't need vector files
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
Sessionx.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~

45
README.adoc Normal file
View File

@ -0,0 +1,45 @@
SoGO
====
Requirements
------------
You need to have debian (or compatible, like ubuntu) already installed.
It will install all dependencies on host-machine:
* LDAP - Yes, you need a LDAP-server. It can be installed anywhere, but you need one.
A https-Server is not included, so you need a nginx oder nginx-unit in front of.
Role Variables
--------------
sogo_ldap_base_dn::
Example Playbook
----------------
[source,yaml]
----
---
# vim: set expandtab tabstop=2 shiftwidth=2:
- hosts: sogo
remote_user: root
become: false
tasks:
- import_role:
name: sogo
----
License
-------
AGPLv3
Author Information
------------------
Denis Knauf - https://git.denkn.at/deac/ansible-role-sogo

7
defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
sogo_super_usernames: []
sogo_favicon_uri: /favicon.ico
sogo_page_title: '{{sogo_mail_domain}}'
sogo_submission_server: 'smtp://localhost:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost'
sogo_imap_server: 'imap://localhost:143/'
sogo_sieve_server: 'sieve://localhost:4190/'
sogo_ldap_server: 'ldapi://'

51
meta/main.yml Normal file
View File

@ -0,0 +1,51 @@
galaxy_info:
author: Denis Knauf
description: SoGO Groupware server compilation, installation and configuration
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: AGPL-3.0-or-later
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

158
tasks/main.yml Normal file
View File

@ -0,0 +1,158 @@
---
# vim: set expandtab tabstop=2 shiftwidth=2:
- name: '[sogo] install gnutls, sogo, deps...'
apt:
name:
- gnutls-bin
- postgresql-client
- python-psycopg2
- python-passlib
- python-openssl
- memcached
- gnustep-base-common
- gnustep-base-runtime
- gobjc
- libldap-common
- libxml2-dev
- tzdata
- zlib1g
- build-essential
- cdbs
- curl
- debhelper
- gcc
- git
- gnustep-make
- libgnustep-base-dev
- libcurl4-openssl-dev
- libldap2-dev
- liblasso3-dev
- libmemcached-dev
- libsodium-dev
- libssl-dev
- make
- postgresql-server-dev-all
- python
- libzip-dev
- name: '[sogo] sope-git'
git:
repo: https://github.com/inverse-inc/sope
dest: /root/develop/sope
version: '{{sope_checkout}}'
- name: '[sogo] sogo-git'
git:
repo: https://github.com/inverse-inc/sogo
dest: /root/develop/sogo
version: '{{sogo_checkout}}'
- name: '[sogo] configure sope'
shell: |
./configure --disable-debug --enable-strip --with-gnustep --disable-mysql --enable-openldap --enable-postgresql --enable-xml --with-ssl=gnutls
args:
chdir: /root/develop/sope
- name: '[sogo] make sope'
shell: make
args:
chdir: /root/develop/sope
- name: '[sogo] install sope'
shell: make install
args:
chdir: /root/develop/sope
- name: '[sogo] configure sogo'
shell: |
./configure --disable-debug --enable-strip --enable-saml2 --with-ssl=gnutls
args:
chdir: /root/develop/sogo
- name: '[sogo] make sogo'
shell: make
args:
chdir: /root/develop/sogo
- name: '[sogo] install sogo'
shell: make install
args:
chdir: /root/develop/sogo
- name: '[sogo] ld.so.conf.d/sogo'
copy:
dest: /etc/ld.so.conf.d/sogo.conf
content: /usr/local/lib/sogo
- name: '[sogo] ldconfig'
shell: ldconfig
- name: '[sogo] create db sogo'
become: yes
become_user: postgres
delegate_to: '{{postgresql_server}}'
run_once: yes
postgresql_db:
name: sogo
encoding: UTF-8
template: template0
- name: '[sogo] create db-user sogo'
become: yes
become_user: postgres
delegate_to: '{{postgresql_server}}'
run_once: yes
postgresql_user:
db: sogo
name: sogo
encrypted: yes
password: '{{postgresql_user_password | default("sogo")}}'
- name: '[sogo] group sogo'
group:
name: sogo
- name: '[sogo] user sogo'
user:
name: sogo
group: sogo
- name: '[sogo] directory /etc/sogo'
file:
state: directory
dest: /etc/sogo
owner: sogo
group: sogo
mode: 0700
- name: '[sogo] sogo.conf'
template:
src: sogo.conf.j2
dest: /etc/sogo/sogo.conf
mode: 0400
owner: sogo
group: sogo
- name: '[sogo] /var/spool/sogo'
file:
state: directory
dest: /var/spool/sogo
owner: sogo
group: sogo
mode: 0700
- name: '[sogo] /var/log/sogo'
file:
state: directory
dest: /var/log/sogo
owner: sogo
group: sogo
mode: 0700
- name: '[sogo] sogo.service'
template:
src: sogo.service.j2
dest: /etc/systemd/system/sogo.service
- name: '[sogo] start services'
systemd:
name: '{{item}}'
state: restarted
enabled: yes
daemon_reload: yes
with_items:
- sogo
- memcached

77
templates/sogo.conf.j2 Normal file
View File

@ -0,0 +1,77 @@
{
SOGoProfileURL = "{{postgresql_uri}}/sogo_user_profile";
OCSFolderInfoURL = "{{postgresql_uri}}/sogo_folder_info";
OCSSessionsFolderURL = "{{postgresql_uri}}/sogo_sessions_folder";
OCSEMailAlarmsFolderURL = "{{postgresql_uri}}/sogo_alarms_folder";
SOGoLanguage = German;
SOGoAppointmentSendEMailNotifications = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = "{{sogo_submission_server}}";
SOGoSMTPAuthenticationType = PLAIN;
SOGoTimeZone = UTC;
SOGoSentFolderName = INBOX;
SOGoTrashFolderName = Trash;
SOGoDraftsFolderName = Drafts;
SOGoJunkFolderName = Spam;
SOGoForceExternalLoginWithEmail = NO;
SOGoIMAPServer = "{{sogo_imap_server}}";
SOGoSieveServer = "{{sogo_sieve_server}}";
SOGoIMAPAclConformsToIMAPExt = YES;
SOGoVacationEnabled = NO;
SOGoForwardEnabled = NO;
SOGoSieveScriptsEnabled = YES;
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
SOGoSuperUsernames = ( {{sogo_super_usernames|join(', ')}});
SOGoFirstDayOfWeek = 0;
SOGoMailMessageCheck = manually;
SOGoMailAuxiliaryUserAccountsEnabled = NO;
SOGoMemcachedHost = 127.0.0.1;
SOGoMailDomain = "{{sogo_mail_domain}}";
SOGoXSRFValidationEnabled = YES;
SOGoPasswordChangeEnabled = YES;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = mail;
UIDFieldName = mail;
baseDN = "{{sogo_ldap_base_dn}}";
{% if sogo_ldap_bind_dn %}
bindDN = "{{sogo_ldap_bind_dn}}";
{% endif %}
{% if sogo_ldap_bind_password %}
bindPassword = "{{sogo_ldap_bind_password}}";
{% endif %}
canAuthenticate = YES;
bindFields = (mail);
hostname = "{{sogo_ldap_server}}";
SearchFieldNames = (uid, cn, sn, givenname, mail);
id = auth;
isAddressBook = NO;
},
{
type = ldap;
CNFieldName = cn;
IDFieldName = mail;
UIDFieldName = mail;
baseDN = "{{sogo_ldap_base_dn}}";
{% if sogo_ldap_bind_dn %}
bindDN = "{{sogo_ldap_bind_dn}}";
{% endif %}
{% if sogo_ldap_bind_password %}
bindPassword = "{{sogo_ldap_bind_password}}";
{% endif %}
canAuthenticate = NO;
hostname = "{{sogo_ldap_server}}";
SearchFieldNames = (uid, cn, sn, givenname, mail);
id = public;
isAddressBook = YES;
displayName = "Global";
}
);
SOGoPageTitle = "{{sogo_page_title}}";
SOGoFaviconRelativeURL = "{{sogo_favicon_uri}}";
SOGoExternalAvatarsEnabled = YES;
SOGoGravatarEnabled = NO;
}

19
templates/sogo.service.j2 Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=SOGo is a groupware server
Documentation=https://sogo.nu/files/docs/SOGoInstallationGuide.html
After=network.target
After=postgresql.service
After=mariadb.service
After=mysql.service
[Service]
Environment="PREFORK=3"
EnvironmentFile=-/etc/default/sogo
Type=forking
ExecStart=/usr/local/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
RuntimeDirectory=sogo
PIDFile=/run/sogo/sogo.pid
User=sogo
[Install]
WantedBy=multi-user.target