initial

.gitignore

@@ -0,0 +1,24 @@
+# ---> Ansible
+*.retry
+
+# ---> Vim
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+

README.adoc

@@ -0,0 +1,45 @@
+SoGO
+====
+
+Requirements
+------------
+
+You need to have debian (or compatible, like ubuntu) already installed.
+
+It will install all dependencies on host-machine:
+
+* LDAP - Yes, you need a LDAP-server.  It can be installed anywhere, but you need one.
+
+A https-Server is not included, so you need a nginx oder nginx-unit in front of.
+
+Role Variables
+--------------
+
+sogo_ldap_base_dn::
+
+Example Playbook
+----------------
+
+[source,yaml]
+----
+---
+# vim: set expandtab tabstop=2 shiftwidth=2:
+
+- hosts: sogo
+  remote_user: root
+  become: false
+
+  tasks:
+  - import_role:
+      name: sogo
+----
+
+License
+-------
+
+AGPLv3
+
+Author Information
+------------------
+
+Denis Knauf - https://git.denkn.at/deac/ansible-role-sogo

defaults/main.yml

@@ -0,0 +1,7 @@
+sogo_super_usernames:   []
+sogo_favicon_uri:       /favicon.ico
+sogo_page_title:        '{{sogo_mail_domain}}'
+sogo_submission_server: 'smtp://localhost:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost'
+sogo_imap_server:       'imap://localhost:143/'
+sogo_sieve_server:      'sieve://localhost:4190/'
+sogo_ldap_server:       'ldapi://'

meta/main.yml

@@ -0,0 +1,51 @@
+galaxy_info:
+  author: Denis Knauf
+  description: SoGO Groupware server compilation, installation and configuration
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: AGPL-3.0-or-later
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

tasks/main.yml

@@ -0,0 +1,158 @@
+---
+# vim: set expandtab tabstop=2 shiftwidth=2:
+
+- name: '[sogo] install gnutls, sogo, deps...'
+  apt:
+    name:
+    - gnutls-bin
+    - postgresql-client
+    - python-psycopg2
+    - python-passlib
+    - python-openssl
+    - memcached
+
+    - gnustep-base-common
+    - gnustep-base-runtime
+    - gobjc
+    - libldap-common
+    - libxml2-dev
+    - tzdata
+    - zlib1g
+    - build-essential
+    - cdbs
+    - curl
+    - debhelper
+    - gcc
+    - git
+    - gnustep-make
+    - libgnustep-base-dev
+    - libcurl4-openssl-dev
+    - libldap2-dev
+    - liblasso3-dev
+    - libmemcached-dev
+    - libsodium-dev
+    - libssl-dev
+    - make
+    - postgresql-server-dev-all
+    - python
+    - libzip-dev
+
+- name: '[sogo] sope-git'
+  git:
+    repo: https://github.com/inverse-inc/sope
+    dest: /root/develop/sope
+    version: '{{sope_checkout}}'
+- name: '[sogo] sogo-git'
+  git:
+    repo: https://github.com/inverse-inc/sogo
+    dest: /root/develop/sogo
+    version: '{{sogo_checkout}}'
+
+- name: '[sogo] configure sope'
+  shell: |
+    ./configure --disable-debug --enable-strip --with-gnustep --disable-mysql --enable-openldap --enable-postgresql --enable-xml --with-ssl=gnutls
+  args:
+    chdir: /root/develop/sope
+- name: '[sogo] make sope'
+  shell: make
+  args:
+    chdir: /root/develop/sope
+- name: '[sogo] install sope'
+  shell: make install
+  args:
+    chdir: /root/develop/sope
+
+- name: '[sogo] configure sogo'
+  shell: |
+    ./configure --disable-debug --enable-strip --enable-saml2 --with-ssl=gnutls
+  args:
+    chdir: /root/develop/sogo
+- name: '[sogo] make sogo'
+  shell: make
+  args:
+    chdir: /root/develop/sogo
+- name: '[sogo] install sogo'
+  shell: make install
+  args:
+    chdir: /root/develop/sogo
+- name: '[sogo] ld.so.conf.d/sogo'
+  copy:
+    dest: /etc/ld.so.conf.d/sogo.conf
+    content: /usr/local/lib/sogo
+- name: '[sogo] ldconfig'
+  shell: ldconfig
+
+- name: '[sogo] create db sogo'
+  become: yes
+  become_user: postgres
+  delegate_to: '{{postgresql_server}}'
+  run_once: yes
+  postgresql_db:
+    name: sogo
+    encoding: UTF-8
+    template: template0
+- name: '[sogo] create db-user sogo'
+  become: yes
+  become_user: postgres
+  delegate_to: '{{postgresql_server}}'
+  run_once: yes
+  postgresql_user:
+    db: sogo
+    name: sogo
+    encrypted: yes
+    password: '{{postgresql_user_password | default("sogo")}}'
+
+- name: '[sogo] group sogo'
+  group:
+    name: sogo
+- name: '[sogo] user sogo'
+  user:
+    name: sogo
+    group: sogo
+
+- name: '[sogo] directory /etc/sogo'
+  file:
+    state: directory
+    dest: /etc/sogo
+    owner: sogo
+    group: sogo
+    mode: 0700
+
+- name: '[sogo] sogo.conf'
+  template:
+    src: sogo.conf.j2
+    dest: /etc/sogo/sogo.conf
+    mode: 0400
+    owner: sogo
+    group: sogo
+
+- name: '[sogo] /var/spool/sogo'
+  file:
+    state: directory
+    dest: /var/spool/sogo
+    owner: sogo
+    group: sogo
+    mode: 0700
+
+- name: '[sogo] /var/log/sogo'
+  file:
+    state: directory
+    dest: /var/log/sogo
+    owner: sogo
+    group: sogo
+    mode: 0700
+
+- name: '[sogo] sogo.service'
+  template:
+    src: sogo.service.j2
+    dest: /etc/systemd/system/sogo.service
+
+- name: '[sogo] start services'
+  systemd:
+    name: '{{item}}'
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
+  with_items:
+  - sogo
+  - memcached

templates/sogo.conf.j2

@@ -0,0 +1,77 @@
+{
+  SOGoProfileURL = "{{postgresql_uri}}/sogo_user_profile";
+  OCSFolderInfoURL = "{{postgresql_uri}}/sogo_folder_info";
+  OCSSessionsFolderURL = "{{postgresql_uri}}/sogo_sessions_folder";
+  OCSEMailAlarmsFolderURL = "{{postgresql_uri}}/sogo_alarms_folder";
+  SOGoLanguage = German;
+  SOGoAppointmentSendEMailNotifications = YES;
+  SOGoMailingMechanism = smtp;
+  SOGoSMTPServer = "{{sogo_submission_server}}";
+  SOGoSMTPAuthenticationType = PLAIN;
+  SOGoTimeZone = UTC;
+  SOGoSentFolderName = INBOX;
+  SOGoTrashFolderName = Trash;
+  SOGoDraftsFolderName = Drafts;
+  SOGoJunkFolderName = Spam;
+  SOGoForceExternalLoginWithEmail = NO;
+  SOGoIMAPServer = "{{sogo_imap_server}}";
+  SOGoSieveServer = "{{sogo_sieve_server}}";
+  SOGoIMAPAclConformsToIMAPExt = YES;
+  SOGoVacationEnabled = NO;
+  SOGoForwardEnabled = NO;
+  SOGoSieveScriptsEnabled = YES;
+  SOGoVacationEnabled = YES;
+  SOGoForwardEnabled = YES;
+  SOGoSuperUsernames = ( {{sogo_super_usernames|join(', ')}});
+  SOGoFirstDayOfWeek = 0;
+  SOGoMailMessageCheck = manually;
+  SOGoMailAuxiliaryUserAccountsEnabled = NO;
+  SOGoMemcachedHost = 127.0.0.1;
+  SOGoMailDomain = "{{sogo_mail_domain}}";
+  SOGoXSRFValidationEnabled = YES;
+  SOGoPasswordChangeEnabled = YES;
+  SOGoUserSources = (
+    {
+      type = ldap;
+      CNFieldName = cn;
+      IDFieldName = mail;
+      UIDFieldName = mail;
+      baseDN = "{{sogo_ldap_base_dn}}";
+{% if sogo_ldap_bind_dn %}
+			bindDN = "{{sogo_ldap_bind_dn}}";
+{% endif %}
+{% if sogo_ldap_bind_password %}
+			bindPassword = "{{sogo_ldap_bind_password}}";
+{% endif %}
+      canAuthenticate = YES;
+      bindFields = (mail);
+      hostname = "{{sogo_ldap_server}}";
+      SearchFieldNames = (uid, cn, sn, givenname, mail);
+      id = auth;
+      isAddressBook = NO;
+    },
+    {
+      type = ldap;
+      CNFieldName = cn;
+      IDFieldName = mail;
+      UIDFieldName = mail;
+      baseDN = "{{sogo_ldap_base_dn}}";
+{% if sogo_ldap_bind_dn %}
+			bindDN = "{{sogo_ldap_bind_dn}}";
+{% endif %}
+{% if sogo_ldap_bind_password %}
+			bindPassword = "{{sogo_ldap_bind_password}}";
+{% endif %}
+      canAuthenticate = NO;
+      hostname = "{{sogo_ldap_server}}";
+      SearchFieldNames = (uid, cn, sn, givenname, mail);
+      id = public;
+      isAddressBook = YES;
+      displayName = "Global";
+    }
+  );
+  SOGoPageTitle = "{{sogo_page_title}}";
+  SOGoFaviconRelativeURL = "{{sogo_favicon_uri}}";
+  SOGoExternalAvatarsEnabled = YES;
+  SOGoGravatarEnabled = NO;
+}

templates/sogo.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=SOGo is a groupware server
+Documentation=https://sogo.nu/files/docs/SOGoInstallationGuide.html
+After=network.target
+After=postgresql.service
+After=mariadb.service
+After=mysql.service
+
+[Service]
+Environment="PREFORK=3"
+EnvironmentFile=-/etc/default/sogo
+Type=forking
+ExecStart=/usr/local/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
+RuntimeDirectory=sogo
+PIDFile=/run/sogo/sogo.pid
+User=sogo
+
+[Install]
+WantedBy=multi-user.target