thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Automate encfs setup and name mount point more appropriately

Luke Cyca 11 years ago
parent
d40d95a210
commit
6168cd68d0
12 changed files with 51 additions and 18 deletions
Unified View Show Diff Stats
  1. 34
    0
      roles/common/tasks/encfs.yml
  2. 1
    3
      roles/common/tasks/main.yml
  3. 1
    1
      roles/common/tasks/tarsnap.yml
  4. 2
    1
      roles/common/vars/main.yml
  5. 1
    1
      roles/mailserver/files/etc_dovecot_conf.d_10-mail.conf
  6. 1
    1
      roles/mailserver/files/etc_dovecot_conf.d_auth-sql.conf.ext
  7. 1
    1
      roles/mailserver/files/etc_dspam_dspam.conf
  8. 1
    1
      roles/mailserver/files/etc_solr_conf_solrconfig.xml
  9. 2
    2
      roles/mailserver/tasks/dovecot.yml
  10. 3
    3
      roles/mailserver/tasks/dspam.yml
  11. 2
    2
      roles/mailserver/tasks/solr.yml
  12. 2
    2
      roles/owncloud/tasks/owncloud.yml

+ 34
- 0
roles/common/tasks/encfs.yml View File

1 
+- name: Install encfs & fuse
2 
+  apt: pkg=$item state=installed
3 
+  with_items:
4 
+    - encfs
5 
+    - libfuse-dev
6 
+    - fuse-utils
7 
+
8 
+- name: Create encrypted directory
9 
+  file: state=directory path=/encrypted
10 
+
11 
+- name: Create decrypted directory
12 
+  file: state=directory path=/decrypted
13 
+
14 
+- name: Add mail user to fuse group
15 
+  user: name=mail append=yes groups=fuse
16 
+
17 
+# Check if the /encrypted directory is empty
18 
+- name: Check for existing encfs
19 
+  shell: ls /encrypted/*
20 
+  ignore_errors: True
21 
+  register: encfs_check
22 
+
23 
+# If it is empty, we need to create the encfs
24 
+- name: Create encfs
25 
+  shell: printf "p\n${encfs_password}" | encfs /encrypted /decrypted --public --stdinpass && touch /decrypted/test
26 
+  when: encfs_check.rc > 0
27 
+
28 
+# If it isn't empty, we simply need to mount it (but only if /decrypted/test doesn't exist)
29 
+- name: Mount encfs
30 
+  shell: printf "${encfs_password}" | encfs /encrypted /decrypted --public --stdinpass creates="/decrypted/test"
31 
+  when: encfs_check.rc == 0
32 
+
33 
+- name: Set decrypted directory permissions
34 
+  file: state=directory path=/decrypted group=mail mode=775

+ 1
- 3
roles/common/tasks/main.yml View File

12 
     - mosh
 12 
     - mosh
13 
     - zsh
 13 
     - zsh
14 
     - git
 14 
     - git
15 
-    - encfs
16 
-    - libfuse-dev
17 
-    - fuse-utils
18 
     - ruby1.9.3
 15 
     - ruby1.9.3
19 
     - screen
 16 
     - screen
20 
     - apache2
 17 
     - apache2
37 
 - name: Disable default Apache site
 34 
 - name: Disable default Apache site
38 
   command: a2dissite default
 35 
   command: a2dissite default
39
36
37 
+- include: encfs.yml tags=encfs
40 
 - include: users.yml tags=users
 38 
 - include: users.yml tags=users
41 
 - include: ssl.yml tags=ssl
 39 
 - include: ssl.yml tags=ssl
42 
 - include: ferm.yml tags=ferm
 40 
 - include: ferm.yml tags=ferm

+ 1
- 1
roles/common/tasks/tarsnap.yml View File

25 
   file: state=directory path=/usr/tarsnap-cache
 25 
   file: state=directory path=/usr/tarsnap-cache
26
26
27 
 - name: Install nightly Tarsnap cronjob
 27 
 - name: Install nightly Tarsnap cronjob
28 
-  cron: name="Tarsnap backup" hour="3" minute="0" job="tarsnap --cachedir /usr/tarsnap-cache --keyfile /root/tarsnap.key -c -f backup-`date +\%Y\%m\%d` /home /root /decrypted-mail /var/www /var/log /var/lib/mysql > /dev/null"
28 
+  cron: name="Tarsnap backup" hour="3" minute="0" job="tarsnap --cachedir /usr/tarsnap-cache --keyfile /root/tarsnap.key -c -f backup-`date +\%Y\%m\%d` /home /root /decrypted /var/www /var/log /var/lib/mysql > /dev/null"

+ 2
- 1
roles/common/vars/main.yml View File

1 
 main_user_name: TODO
 1 
 main_user_name: TODO
2 
 admin_email: TODO@TODO.com
 2 
 admin_email: TODO@TODO.com
3 
-tarsnap_version: 1.0.34
3 
+tarsnap_version: 1.0.35
4 
+encfs_password: TODO

+ 1
- 1
roles/mailserver/files/etc_dovecot_conf.d_10-mail.conf View File

27 
 #
 27 
 #
28 
 # <doc/wiki/MailLocation.txt>
 28 
 # <doc/wiki/MailLocation.txt>
29 
 #
 29 
 #
30 
-mail_location = maildir:/decrypted-mail/%d/%n
30 
+mail_location = maildir:/decrypted/%d/%n
31
31
32 
 # If you need to set multiple mailbox locations or want to change default
 32 
 # If you need to set multiple mailbox locations or want to change default
33 
 # namespace settings, you can do it by defining namespace sections.
 33 
 # namespace settings, you can do it by defining namespace sections.

+ 1
- 1
roles/mailserver/files/etc_dovecot_conf.d_auth-sql.conf.ext View File

18
18
19 
 userdb {
 19 
 userdb {
20 
   driver = static
 20 
   driver = static
21 
-  args = uid=vmail gid=vmail home=/decrypted-mail/%d/%n
21 
+  args = uid=vmail gid=vmail home=/decrypted/%d/%n
22 
 }
 22 
 }
23
23
24 
 # If you don't have any user-specific settings, you can avoid the user_query
 24 
 # If you don't have any user-specific settings, you can avoid the user_query

+ 1
- 1
roles/mailserver/files/etc_dspam_dspam.conf View File

5 
 #
 5 
 #
6 
 # DSPAM Home: Specifies the base directory to be used for DSPAM storage
 6 
 # DSPAM Home: Specifies the base directory to be used for DSPAM storage
7 
 #
 7 
 #
8 
-Home /decrypted-mail/dspam
8 
+Home /decrypted/dspam
9
9
10 
 #
 10 
 #
11 
 # StorageDriver: Specifies the storage driver backend (library) to use.
 11 
 # StorageDriver: Specifies the storage driver backend (library) to use.

+ 1
- 1
roles/mailserver/files/etc_solr_conf_solrconfig.xml View File

114 
        replication is in use, this should match the replication
 114 
        replication is in use, this should match the replication
115 
        configuration.
 115 
        configuration.
116 
     -->
 116 
     -->
117 
-  <dataDir>/decrypted-mail/solr</dataDir>
117 
+  <dataDir>/decrypted/solr</dataDir>
118
118
119
119
120 
   <!-- The DirectoryFactory to use for indexes.
 120 
   <!-- The DirectoryFactory to use for indexes.

+ 2
- 2
roles/mailserver/tasks/dovecot.yml View File

11 
   group: name=vmail state=present gid=5000
 11 
   group: name=vmail state=present gid=5000
12
12
13 
 - name: Create vmail user
 13 
 - name: Create vmail user
14 
-  user: name=vmail group=vmail state=present uid=5000 home=/decrypted-mail
14 
+  user: name=vmail group=vmail state=present uid=5000 home=/decrypted
15
15
16 
 - name: Ensure mail directories are in place
 16 
 - name: Ensure mail directories are in place
17 
-  file: state=directory path=/decrypted-mail/${item.name}/${item.primary_user} owner=vmail group=dovecot
17 
+  file: state=directory path=/decrypted/${item.name}/${item.primary_user} owner=vmail group=dovecot
18 
   with_items:
 18 
   with_items:
19 
     - ${mail_virtual_domains}
 19 
     - ${mail_virtual_domains}
20
20

+ 3
- 3
roles/mailserver/tasks/dspam.yml View File

6 
     - postfix-pcre
 6 
     - postfix-pcre
7 
     - dovecot-sieve
 7 
     - dovecot-sieve
8
8
9 
-- name: Create dspam directory
10 
-  file: state=directory path=/decrypted-mail/dspam group=dspam owner=dspam
9 
+- name: Create dspam directory
10 
+  file: state=directory path=/decrypted/dspam group=dspam owner=dspam
11
11
12 
 - name: Put dspam configuration files in place
 12 
 - name: Put dspam configuration files in place
13 
   copy: src=etc_dspam_default.prefs dest=/etc/dspam/default.prefs owner=dspam group=dspam
 13 
   copy: src=etc_dspam_default.prefs dest=/etc/dspam/default.prefs owner=dspam group=dspam
15 
 - copy: src=etc_postfix_dspam_filter_access dest=/etc/postfix/dspam_filter_access owner=root group=root
 15 
 - copy: src=etc_postfix_dspam_filter_access dest=/etc/postfix/dspam_filter_access owner=root group=root
16 
 - copy: src=etc_dovecot_conf.d_20-imap.conf dest=/etc/dovecot/conf.d/20-imap.conf owner=vmail group=dovecot
 16 
 - copy: src=etc_dovecot_conf.d_20-imap.conf dest=/etc/dovecot/conf.d/20-imap.conf owner=vmail group=dovecot
17 
 - copy: src=etc_dovecot_conf.d_90-plugin.conf dest=/etc/dovecot/conf.d/90-plugin.conf owner=vmail group=dovecot
 17 
 - copy: src=etc_dovecot_conf.d_90-plugin.conf dest=/etc/dovecot/conf.d/90-plugin.conf owner=vmail group=dovecot
18 
-- copy: src=dot_dovecot.sieve dest=/decrypted-mail/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
18 
+- copy: src=dot_dovecot.sieve dest=/decrypted/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
19 
   with_items:
 19 
   with_items:
20 
     - ${mail_virtual_domains}
 20 
     - ${mail_virtual_domains}
21 
   notify:
 21 
   notify:

+ 2
- 2
roles/mailserver/tasks/solr.yml View File

12 
 - copy: src=etc_solr_conf_solrconfig.xml dest=/etc/solr/conf/solrconfig.xml group=root owner=root
 12 
 - copy: src=etc_solr_conf_solrconfig.xml dest=/etc/solr/conf/solrconfig.xml group=root owner=root
13
13
14 
 - name: Create Solr index directory
 14 
 - name: Create Solr index directory
15 
-  file: state=directory path=/decrypted-mail/solr group=tomcat6 owner=tomcat6
16 
-  notify: restart solr
15 
+  file: state=directory path=/decrypted/solr group=tomcat6 owner=tomcat6
16 
+  notify: restart solr

+ 2
- 2
roles/owncloud/tasks/owncloud.yml View File

21 
   apt: pkg=owncloud update_cache=yes
 21 
   apt: pkg=owncloud update_cache=yes
22
22
23 
 - name: Store ownCloud data securely
 23 
 - name: Store ownCloud data securely
24 
-  command: mv /var/www/owncloud/data /decrypted-mail/owncloud-data creates=/decrypted-mail/owncloud-data
25 
-- file: src=/decrypted-mail/owncloud-data dest=/var/www/owncloud/data owner=www-data group=www-data state=link
24 
+  command: mv /var/www/owncloud/data /decrypted/owncloud-data creates=/decrypted/owncloud-data
25 
+- file: src=/decrypted/owncloud-data dest=/var/www/owncloud/data owner=www-data group=www-data state=link
26
26
27 
 - name: Enable Apache module dependencies for ownCloud
 27 
 - name: Enable Apache module dependencies for ownCloud
28 
   command: a2enmod $item
 28 
   command: a2enmod $item

Write Preview
Loading…
Cancel
Save