commit 2fc94b54bdbf3b13f4f7087ec9bb2af9aa2da348 Author: Denis Knauf Date: Fri May 14 14:20:55 2021 +0200 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d2c649f --- /dev/null +++ b/.gitignore @@ -0,0 +1,24 @@ +# ---> Ansible +*.retry + +# ---> Vim +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..06eb136 --- /dev/null +++ b/README.adoc @@ -0,0 +1,45 @@ +SoGO +==== + +Requirements +------------ + +You need to have debian (or compatible, like ubuntu) already installed. + +It will install all dependencies on host-machine: + +* LDAP - Yes, you need a LDAP-server. It can be installed anywhere, but you need one. + +A https-Server is not included, so you need a nginx oder nginx-unit in front of. + +Role Variables +-------------- + +sogo_ldap_base_dn:: + +Example Playbook +---------------- + +[source,yaml] +---- +--- +# vim: set expandtab tabstop=2 shiftwidth=2: + +- hosts: sogo + remote_user: root + become: false + + tasks: + - import_role: + name: sogo +---- + +License +------- + +AGPLv3 + +Author Information +------------------ + +Denis Knauf - https://git.denkn.at/deac/ansible-role-sogo diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..4ae0b2e --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,7 @@ +sogo_super_usernames: [] +sogo_favicon_uri: /favicon.ico +sogo_page_title: '{{sogo_mail_domain}}' +sogo_submission_server: 'smtp://localhost:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost' +sogo_imap_server: 'imap://localhost:143/' +sogo_sieve_server: 'sieve://localhost:4190/' +sogo_ldap_server: 'ldapi://' diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..9c364b3 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,51 @@ +galaxy_info: + author: Denis Knauf + description: SoGO Groupware server compilation, installation and configuration + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: AGPL-3.0-or-later + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..9ee18b8 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,158 @@ +--- +# vim: set expandtab tabstop=2 shiftwidth=2: + +- name: '[sogo] install gnutls, sogo, deps...' + apt: + name: + - gnutls-bin + - postgresql-client + - python-psycopg2 + - python-passlib + - python-openssl + - memcached + + - gnustep-base-common + - gnustep-base-runtime + - gobjc + - libldap-common + - libxml2-dev + - tzdata + - zlib1g + - build-essential + - cdbs + - curl + - debhelper + - gcc + - git + - gnustep-make + - libgnustep-base-dev + - libcurl4-openssl-dev + - libldap2-dev + - liblasso3-dev + - libmemcached-dev + - libsodium-dev + - libssl-dev + - make + - postgresql-server-dev-all + - python + - libzip-dev + +- name: '[sogo] sope-git' + git: + repo: https://github.com/inverse-inc/sope + dest: /root/develop/sope + version: '{{sope_checkout}}' +- name: '[sogo] sogo-git' + git: + repo: https://github.com/inverse-inc/sogo + dest: /root/develop/sogo + version: '{{sogo_checkout}}' + +- name: '[sogo] configure sope' + shell: | + ./configure --disable-debug --enable-strip --with-gnustep --disable-mysql --enable-openldap --enable-postgresql --enable-xml --with-ssl=gnutls + args: + chdir: /root/develop/sope +- name: '[sogo] make sope' + shell: make + args: + chdir: /root/develop/sope +- name: '[sogo] install sope' + shell: make install + args: + chdir: /root/develop/sope + +- name: '[sogo] configure sogo' + shell: | + ./configure --disable-debug --enable-strip --enable-saml2 --with-ssl=gnutls + args: + chdir: /root/develop/sogo +- name: '[sogo] make sogo' + shell: make + args: + chdir: /root/develop/sogo +- name: '[sogo] install sogo' + shell: make install + args: + chdir: /root/develop/sogo +- name: '[sogo] ld.so.conf.d/sogo' + copy: + dest: /etc/ld.so.conf.d/sogo.conf + content: /usr/local/lib/sogo +- name: '[sogo] ldconfig' + shell: ldconfig + +- name: '[sogo] create db sogo' + become: yes + become_user: postgres + delegate_to: '{{postgresql_server}}' + run_once: yes + postgresql_db: + name: sogo + encoding: UTF-8 + template: template0 +- name: '[sogo] create db-user sogo' + become: yes + become_user: postgres + delegate_to: '{{postgresql_server}}' + run_once: yes + postgresql_user: + db: sogo + name: sogo + encrypted: yes + password: '{{postgresql_user_password | default("sogo")}}' + +- name: '[sogo] group sogo' + group: + name: sogo +- name: '[sogo] user sogo' + user: + name: sogo + group: sogo + +- name: '[sogo] directory /etc/sogo' + file: + state: directory + dest: /etc/sogo + owner: sogo + group: sogo + mode: 0700 + +- name: '[sogo] sogo.conf' + template: + src: sogo.conf.j2 + dest: /etc/sogo/sogo.conf + mode: 0400 + owner: sogo + group: sogo + +- name: '[sogo] /var/spool/sogo' + file: + state: directory + dest: /var/spool/sogo + owner: sogo + group: sogo + mode: 0700 + +- name: '[sogo] /var/log/sogo' + file: + state: directory + dest: /var/log/sogo + owner: sogo + group: sogo + mode: 0700 + +- name: '[sogo] sogo.service' + template: + src: sogo.service.j2 + dest: /etc/systemd/system/sogo.service + +- name: '[sogo] start services' + systemd: + name: '{{item}}' + state: restarted + enabled: yes + daemon_reload: yes + with_items: + - sogo + - memcached diff --git a/templates/sogo.conf.j2 b/templates/sogo.conf.j2 new file mode 100644 index 0000000..f85a0b4 --- /dev/null +++ b/templates/sogo.conf.j2 @@ -0,0 +1,77 @@ +{ + SOGoProfileURL = "{{postgresql_uri}}/sogo_user_profile"; + OCSFolderInfoURL = "{{postgresql_uri}}/sogo_folder_info"; + OCSSessionsFolderURL = "{{postgresql_uri}}/sogo_sessions_folder"; + OCSEMailAlarmsFolderURL = "{{postgresql_uri}}/sogo_alarms_folder"; + SOGoLanguage = German; + SOGoAppointmentSendEMailNotifications = YES; + SOGoMailingMechanism = smtp; + SOGoSMTPServer = "{{sogo_submission_server}}"; + SOGoSMTPAuthenticationType = PLAIN; + SOGoTimeZone = UTC; + SOGoSentFolderName = INBOX; + SOGoTrashFolderName = Trash; + SOGoDraftsFolderName = Drafts; + SOGoJunkFolderName = Spam; + SOGoForceExternalLoginWithEmail = NO; + SOGoIMAPServer = "{{sogo_imap_server}}"; + SOGoSieveServer = "{{sogo_sieve_server}}"; + SOGoIMAPAclConformsToIMAPExt = YES; + SOGoVacationEnabled = NO; + SOGoForwardEnabled = NO; + SOGoSieveScriptsEnabled = YES; + SOGoVacationEnabled = YES; + SOGoForwardEnabled = YES; + SOGoSuperUsernames = ( {{sogo_super_usernames|join(', ')}}); + SOGoFirstDayOfWeek = 0; + SOGoMailMessageCheck = manually; + SOGoMailAuxiliaryUserAccountsEnabled = NO; + SOGoMemcachedHost = 127.0.0.1; + SOGoMailDomain = "{{sogo_mail_domain}}"; + SOGoXSRFValidationEnabled = YES; + SOGoPasswordChangeEnabled = YES; + SOGoUserSources = ( + { + type = ldap; + CNFieldName = cn; + IDFieldName = mail; + UIDFieldName = mail; + baseDN = "{{sogo_ldap_base_dn}}"; +{% if sogo_ldap_bind_dn %} + bindDN = "{{sogo_ldap_bind_dn}}"; +{% endif %} +{% if sogo_ldap_bind_password %} + bindPassword = "{{sogo_ldap_bind_password}}"; +{% endif %} + canAuthenticate = YES; + bindFields = (mail); + hostname = "{{sogo_ldap_server}}"; + SearchFieldNames = (uid, cn, sn, givenname, mail); + id = auth; + isAddressBook = NO; + }, + { + type = ldap; + CNFieldName = cn; + IDFieldName = mail; + UIDFieldName = mail; + baseDN = "{{sogo_ldap_base_dn}}"; +{% if sogo_ldap_bind_dn %} + bindDN = "{{sogo_ldap_bind_dn}}"; +{% endif %} +{% if sogo_ldap_bind_password %} + bindPassword = "{{sogo_ldap_bind_password}}"; +{% endif %} + canAuthenticate = NO; + hostname = "{{sogo_ldap_server}}"; + SearchFieldNames = (uid, cn, sn, givenname, mail); + id = public; + isAddressBook = YES; + displayName = "Global"; + } + ); + SOGoPageTitle = "{{sogo_page_title}}"; + SOGoFaviconRelativeURL = "{{sogo_favicon_uri}}"; + SOGoExternalAvatarsEnabled = YES; + SOGoGravatarEnabled = NO; +} diff --git a/templates/sogo.service.j2 b/templates/sogo.service.j2 new file mode 100644 index 0000000..c335e37 --- /dev/null +++ b/templates/sogo.service.j2 @@ -0,0 +1,19 @@ +[Unit] +Description=SOGo is a groupware server +Documentation=https://sogo.nu/files/docs/SOGoInstallationGuide.html +After=network.target +After=postgresql.service +After=mariadb.service +After=mysql.service + +[Service] +Environment="PREFORK=3" +EnvironmentFile=-/etc/default/sogo +Type=forking +ExecStart=/usr/local/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log +RuntimeDirectory=sogo +PIDFile=/run/sogo/sogo.pid +User=sogo + +[Install] +WantedBy=multi-user.target