diff options
Diffstat (limited to 'roles/webmail')
5 files changed, 34 insertions, 32 deletions
diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube index 46012f8..602668f 100644 --- a/roles/webmail/files/etc/nginx/sites-available/roundcube +++ b/roles/webmail/files/etc/nginx/sites-available/roundcube @@ -65,7 +65,7 @@ server { # https://www.sjoerdlangkemper.nl/2016/11/07/current-state-of-breach-attack/#same-site-cookies gzip off; include snippets/fastcgi-php-ssl.conf; - fastcgi_pass unix:/var/run/php/php7.3-fpm@roundcube.sock; + fastcgi_pass unix:/var/run/php/php7.4-fpm@roundcube.sock; } location ~ "^/(?:plugins|program/js|program/resources|skins)(?:/[[:alnum:]][[:alnum:]\-\._]*)+\.(?:css|eot|gif|html|ico|jpg|js|pdf|png|svg|tiff?|ttf|webp|woff2?)$" { diff --git a/roles/webmail/files/etc/php/fpm/pool.d/roundcube.conf b/roles/webmail/files/etc/php/fpm/pool.d/roundcube.conf index 1512d66..1a7a1d8 100644 --- a/roles/webmail/files/etc/php/fpm/pool.d/roundcube.conf +++ b/roles/webmail/files/etc/php/fpm/pool.d/roundcube.conf @@ -1,7 +1,7 @@ [roundcube] user = _roundcube group = nogroup -listen = /run/php/php7.3-fpm@roundcube.sock +listen = /run/php/php7.4-fpm@roundcube.sock listen.owner = www-data listen.group = www-data listen.mode = 0600 diff --git a/roles/webmail/handlers/main.yml b/roles/webmail/handlers/main.yml index 5b730d7..8c70168 100644 --- a/roles/webmail/handlers/main.yml +++ b/roles/webmail/handlers/main.yml @@ -2,8 +2,8 @@ - name: Restart stunnel@ldap service: name=stunnel4@ldap state=restarted -- name: Restart php7.3-fpm - service: name=php7.3-fpm state=restarted +- name: Restart php7.4-fpm + service: name=php7.4-fpm state=restarted - name: Restart Nginx service: name=nginx state=restarted diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml index 1e27841..bd174bc 100644 --- a/roles/webmail/tasks/roundcube.yml +++ b/roles/webmail/tasks/roundcube.yml @@ -10,8 +10,8 @@ - php-enchant ## TODO: run php as a dedicated system user -- name: Configure PHP 7.3 Zend opcache - lineinfile: dest=/etc/php/7.3/fpm/php.ini +- name: Configure PHP 7.4 Zend opcache + lineinfile: dest=/etc/php/7.4/fpm/php.ini regexp='^;?{{ item.var }}\\s*=' line="{{ item.var }} = {{ item.value }}" owner=root group=root @@ -20,7 +20,7 @@ - { var: opcache.memory_consumption, value: 128 } - { var: opcache.revalidate_freq, value: 60 } notify: - - Restart php7.3-fpm + - Restart php7.4-fpm - name: Create '_roundcube' user user: name=_roundcube system=yes @@ -31,21 +31,21 @@ password=! state=present -- name: Delete PHP 7.3 FPM's www pool - file: path=/etc/php/7.3/fpm/pool.d/www.conf state=absent +- name: Delete PHP 7.4 FPM's www pool + file: path=/etc/php/7.4/fpm/pool.d/www.conf state=absent notify: - - Restart php7.3-fpm + - Restart php7.4-fpm -- name: Configure PHP 7.3 FPM's roundcube pool +- name: Configure PHP 7.4 FPM's roundcube pool copy: src=etc/php/fpm/pool.d/roundcube.conf - dest=/etc/php/7.3/fpm/pool.d/roundcube.conf + dest=/etc/php/7.4/fpm/pool.d/roundcube.conf owner=root group=root mode=0644 notify: - - Restart php7.3-fpm + - Restart php7.4-fpm -- name: Start php7.3-fpm - service: name=php7.3-fpm state=started +- name: Start php7.4-fpm + service: name=php7.4-fpm state=started # Make it sticky: `dpkg-statoverride --add _roundcube nogroup 0700 /var/lib/roundcube/temp` - name: Create cache directory /var/lib/roundcube/temp @@ -75,7 +75,7 @@ - aspell-sv - name: Install Roundcube - apt: pkg={{ packages }} default_release={{ ansible_lsb.codename }}-backports + apt: pkg={{ packages }} vars: packages: - roundcube-core @@ -110,19 +110,21 @@ # IMAP # WARNING: After hostname change update of mail_host column in users # table is required to match old user data records with the new host. - - { var: default_host, value: "'{{ imapsvr_addr | ipaddr }}'" } - - { var: default_port, value: "143" } - - { var: imap_auth_type, value: "'PLAIN'" } - - { var: imap_cache, value: "null" } - - { var: imap_timeout, value: "180" } - - { var: imap_force_ns, value: "true" } - - { var: messages_cache, value: "false" } + - { var: default_host, value: "'{{ imapsvr_addr | ansible.utils.ipaddr }}'" } + - { var: default_port, value: "143" } + - { var: imap_auth_type, value: "'PLAIN'" } + - { var: imap_cache, value: "null" } + - { var: imap_timeout, value: "180" } + - { var: imap_force_ns, value: "true" } + - { var: messages_cache, value: "false" } # SMTP - - { var: smtp_server, value: "'{{ postfix_instance.MSA.addr | ipaddr }}'" } - - { var: smtp_port, value: "{{ postfix_instance.MSA.port }}" } - - { var: smtp_auth_type, value: "'PLAIN'" } - - { var: smtp_user, value: "'%u'" } - - { var: smtp_pass, value: "'%p'" } + - { var: smtp_server, value: "'{{ postfix_instance.MSA.addr | ansible.utils.ipaddr }}'" } + - { var: smtp_port, value: "{{ postfix_instance.MSA.port }}" } + - { var: smtp_auth_type, value: "'PLAIN'" } + - { var: smtp_user, value: "'%u'" } + - { var: smtp_pass, value: "'%p'" } + # avoid timeout + - { var: max_recipients, value: "15" } # System - { var: force_https, value: "true" } - { var: login_autocomplete, value: "2" } @@ -182,8 +184,8 @@ with_items: - managesieve -- name: Start php7.3-fpm - service: name=php7.3-fpm state=started +- name: Start php7.4-fpm + service: name=php7.4-fpm state=started - name: Copy /etc/cron.d/roundcube-core copy: src=etc/cron.d/roundcube-core diff --git a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 index 66af466..7b424e4 100644 --- a/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 +++ b/roles/webmail/templates/etc/roundcube/plugins/managesieve/config.inc.php.j2 @@ -10,7 +10,7 @@ $config['managesieve_port'] = 4190; // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // For example %n = mail.domain.tld, %d = domain.tld -$config['managesieve_host'] = '{{ imapsvr_addr | ipaddr }}'; +$config['managesieve_host'] = '{{ imapsvr_addr | ansible.utils.ipaddr }}'; // authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL // or none. Optional, defaults to best method supported by server. @@ -60,7 +60,7 @@ $config['managesieve_replace_delimiter'] = ''; // mailbox, mboxmetadata, regex, reject, relational, servermetadata, // spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc. // Note: not all extensions are implemented -$config['managesieve_disabled_extensions'] = array(); +$config['managesieve_disabled_extensions'] = array('reject','ereject'); // Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve $config['managesieve_debug'] = false; |