Browse Source

Merge pull request #29 from lukecyca/encfs

Automate encfs setup and name mount point more appropriately
Alex Payne 11 years ago
parent
commit
ef97850f15

+ 0
- 1
README.textile View File

@@ -60,7 +60,6 @@ h2. Manual Steps
60 60
 
61 61
 This does a lot for you automatically but there's still some stuff you have to do by hand.
62 62
 
63
-# Set up EncFS as per "these instructions":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/.
64 63
 # Create a user account for Ansible to do its thing through. This account should be set up for passwordless sudo.
65 64
 # Put your Tarsnap key in @roles/common/files/root_tarsnap.key@.
66 65
 # Put your SSL certificate's components in the respective files that start with @wildcard_ca@ in @roles/common/files@, and a combined version in @roles/ircbouncer/files/etc_ssl_znc-combined.pem@.

+ 34
- 0
roles/common/tasks/encfs.yml View File

@@ -0,0 +1,34 @@
1
+- name: Install encfs & fuse
2
+  apt: pkg=$item state=installed
3
+  with_items:
4
+    - encfs
5
+    - libfuse-dev
6
+    - fuse-utils
7
+
8
+- name: Create encrypted directory
9
+  file: state=directory path=/encrypted
10
+
11
+- name: Create decrypted directory
12
+  file: state=directory path=/decrypted
13
+
14
+- name: Add mail user to fuse group
15
+  user: name=mail append=yes groups=fuse
16
+
17
+# Check if the /encrypted directory is empty
18
+- name: Check for existing encfs
19
+  shell: ls /encrypted/*
20
+  ignore_errors: True
21
+  register: encfs_check
22
+
23
+# If it is empty, we need to create the encfs
24
+- name: Create encfs
25
+  shell: printf "p\n${encfs_password}" | encfs /encrypted /decrypted --public --stdinpass && touch /decrypted/test
26
+  when: encfs_check.rc > 0
27
+
28
+# If it isn't empty, we simply need to mount it (but only if /decrypted/test doesn't exist)
29
+- name: Mount encfs
30
+  shell: printf "${encfs_password}" | encfs /encrypted /decrypted --public --stdinpass creates="/decrypted/test"
31
+  when: encfs_check.rc == 0
32
+
33
+- name: Set decrypted directory permissions
34
+  file: state=directory path=/decrypted group=mail mode=775

+ 1
- 3
roles/common/tasks/main.yml View File

@@ -12,9 +12,6 @@
12 12
     - mosh
13 13
     - zsh
14 14
     - git
15
-    - encfs
16
-    - libfuse-dev
17
-    - fuse-utils
18 15
     - ruby1.9.3
19 16
     - screen
20 17
     - apache2
@@ -37,6 +34,7 @@
37 34
 - name: Disable default Apache site
38 35
   command: a2dissite default
39 36
 
37
+- include: encfs.yml tags=encfs
40 38
 - include: users.yml tags=users
41 39
 - include: ssl.yml tags=ssl
42 40
 - include: ferm.yml tags=ferm

+ 1
- 1
roles/common/tasks/tarsnap.yml View File

@@ -25,4 +25,4 @@
25 25
   file: state=directory path=/usr/tarsnap-cache
26 26
 
27 27
 - name: Install nightly Tarsnap cronjob
28
-  cron: name="Tarsnap backup" hour="3" minute="0" job="tarsnap --cachedir /usr/tarsnap-cache --keyfile /root/tarsnap.key -c -f backup-`date +\%Y\%m\%d` /home /root /decrypted-mail /var/www /var/log /var/lib/mysql > /dev/null"
28
+  cron: name="Tarsnap backup" hour="3" minute="0" job="tarsnap --cachedir /usr/tarsnap-cache --keyfile /root/tarsnap.key -c -f backup-`date +\%Y\%m\%d` /home /root /decrypted /var/www /var/log /var/lib/mysql > /dev/null"

+ 2
- 1
roles/common/vars/main.yml View File

@@ -1,3 +1,4 @@
1 1
 main_user_name: TODO
2 2
 admin_email: TODO@TODO.com
3
-tarsnap_version: 1.0.34
3
+tarsnap_version: 1.0.35
4
+encfs_password: TODO

+ 1
- 1
roles/mailserver/files/etc_dovecot_conf.d_10-mail.conf View File

@@ -27,7 +27,7 @@
27 27
 #
28 28
 # <doc/wiki/MailLocation.txt>
29 29
 #
30
-mail_location = maildir:/decrypted-mail/%d/%n
30
+mail_location = maildir:/decrypted/%d/%n
31 31
 
32 32
 # If you need to set multiple mailbox locations or want to change default
33 33
 # namespace settings, you can do it by defining namespace sections.

+ 1
- 1
roles/mailserver/files/etc_dovecot_conf.d_auth-sql.conf.ext View File

@@ -18,7 +18,7 @@ passdb {
18 18
 
19 19
 userdb {
20 20
   driver = static
21
-  args = uid=vmail gid=vmail home=/decrypted-mail/%d/%n
21
+  args = uid=vmail gid=vmail home=/decrypted/%d/%n
22 22
 }
23 23
 
24 24
 # If you don't have any user-specific settings, you can avoid the user_query

+ 1
- 1
roles/mailserver/files/etc_dspam_dspam.conf View File

@@ -5,7 +5,7 @@
5 5
 #
6 6
 # DSPAM Home: Specifies the base directory to be used for DSPAM storage
7 7
 #
8
-Home /decrypted-mail/dspam
8
+Home /decrypted/dspam
9 9
 
10 10
 #
11 11
 # StorageDriver: Specifies the storage driver backend (library) to use.

+ 1
- 1
roles/mailserver/files/etc_solr_conf_solrconfig.xml View File

@@ -114,7 +114,7 @@
114 114
        replication is in use, this should match the replication
115 115
        configuration.
116 116
     -->
117
-  <dataDir>/decrypted-mail/solr</dataDir>
117
+  <dataDir>/decrypted/solr</dataDir>
118 118
 
119 119
 
120 120
   <!-- The DirectoryFactory to use for indexes.

+ 2
- 2
roles/mailserver/tasks/dovecot.yml View File

@@ -11,10 +11,10 @@
11 11
   group: name=vmail state=present gid=5000
12 12
 
13 13
 - name: Create vmail user
14
-  user: name=vmail group=vmail state=present uid=5000 home=/decrypted-mail
14
+  user: name=vmail group=vmail state=present uid=5000 home=/decrypted
15 15
 
16 16
 - name: Ensure mail directories are in place
17
-  file: state=directory path=/decrypted-mail/${item.name}/${item.primary_user} owner=vmail group=dovecot
17
+  file: state=directory path=/decrypted/${item.name}/${item.primary_user} owner=vmail group=dovecot
18 18
   with_items:
19 19
     - ${mail_virtual_domains}
20 20
 

+ 3
- 3
roles/mailserver/tasks/dspam.yml View File

@@ -6,8 +6,8 @@
6 6
     - postfix-pcre
7 7
     - dovecot-sieve
8 8
 
9
-- name: Create dspam directory 
10
-  file: state=directory path=/decrypted-mail/dspam group=dspam owner=dspam
9
+- name: Create dspam directory
10
+  file: state=directory path=/decrypted/dspam group=dspam owner=dspam
11 11
 
12 12
 - name: Put dspam configuration files in place
13 13
   copy: src=etc_dspam_default.prefs dest=/etc/dspam/default.prefs owner=dspam group=dspam
@@ -15,7 +15,7 @@
15 15
 - copy: src=etc_postfix_dspam_filter_access dest=/etc/postfix/dspam_filter_access owner=root group=root
16 16
 - copy: src=etc_dovecot_conf.d_20-imap.conf dest=/etc/dovecot/conf.d/20-imap.conf owner=vmail group=dovecot
17 17
 - copy: src=etc_dovecot_conf.d_90-plugin.conf dest=/etc/dovecot/conf.d/90-plugin.conf owner=vmail group=dovecot
18
-- copy: src=dot_dovecot.sieve dest=/decrypted-mail/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
18
+- copy: src=dot_dovecot.sieve dest=/decrypted/${item.name}/${item.primary_user}/.dovecot.sieve owner=vmail group=dovecot
19 19
   with_items:
20 20
     - ${mail_virtual_domains}
21 21
   notify:

+ 2
- 2
roles/mailserver/tasks/solr.yml View File

@@ -12,5 +12,5 @@
12 12
 - copy: src=etc_solr_conf_solrconfig.xml dest=/etc/solr/conf/solrconfig.xml group=root owner=root
13 13
 
14 14
 - name: Create Solr index directory
15
-  file: state=directory path=/decrypted-mail/solr group=tomcat6 owner=tomcat6
16
-  notify: restart solr
15
+  file: state=directory path=/decrypted/solr group=tomcat6 owner=tomcat6
16
+  notify: restart solr

+ 2
- 2
roles/owncloud/tasks/owncloud.yml View File

@@ -21,8 +21,8 @@
21 21
   apt: pkg=owncloud update_cache=yes
22 22
 
23 23
 - name: Store ownCloud data securely
24
-  command: mv /var/www/owncloud/data /decrypted-mail/owncloud-data creates=/decrypted-mail/owncloud-data
25
-- file: src=/decrypted-mail/owncloud-data dest=/var/www/owncloud/data owner=www-data group=www-data state=link
24
+  command: mv /var/www/owncloud/data /decrypted/owncloud-data creates=/decrypted/owncloud-data
25
+- file: src=/decrypted/owncloud-data dest=/var/www/owncloud/data owner=www-data group=www-data state=link
26 26
 
27 27
 - name: Enable Apache module dependencies for ownCloud
28 28
   command: a2enmod $item

Loading…
Cancel
Save