From 12ce4b20c28b29a0276c5d57977de3f857f9d394 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Thu, 8 Jul 2021 10:14:33 +0200 Subject: [PATCH] wip --- bundles/nginx/items.py | 4 +++- bundles/roundcube/items.py | 10 +++++++++- bundles/roundcube/metadata.py | 7 +++++-- data/roundcube/vhost.conf | 33 +++++++++++++++++++++++++++++++++ nodes/htz.mails.py | 2 +- 5 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 data/roundcube/vhost.conf diff --git a/bundles/nginx/items.py b/bundles/nginx/items.py index add852e..509376f 100644 --- a/bundles/nginx/items.py +++ b/bundles/nginx/items.py @@ -15,7 +15,9 @@ directories = { 'svc_systemd:nginx:restart', }, }, - '/var/www': {}, + '/var/www': { + 'owner': 'www-data', + }, } files = { diff --git a/bundles/roundcube/items.py b/bundles/roundcube/items.py index 868bfa1..aabb2e3 100644 --- a/bundles/roundcube/items.py +++ b/bundles/roundcube/items.py @@ -20,11 +20,14 @@ directories = { } git_deploy['/opt/roundcube'] = { - 'repo': "https://github.com/roundcube/roundcubemail.git", + 'repo': "git://github.com/roundcube/roundcubemail.git", 'rev': node.metadata.get('roundcube/version'), 'needs': [ 'directory:/opt/roundcube', ], + 'triggers': [ + 'action:composer_install', + ], } files['/opt/roundcube/config/config.inc.php'] = { @@ -40,3 +43,8 @@ files['/opt/roundcube/config/config.inc.php'] = { 'git_deploy:/opt/roundcube', ], } + +actions['composer_install'] = { + 'command': "cp /opt/roundcube/composer.json-dist /opt/roundcube/composer.json && su www-data -s /bin/bash -c '/usr/bin/composer -d /opt/roundcube install'", + 'triggered': True, +} diff --git a/bundles/roundcube/metadata.py b/bundles/roundcube/metadata.py index b03906c..e6ec684 100644 --- a/bundles/roundcube/metadata.py +++ b/bundles/roundcube/metadata.py @@ -19,6 +19,9 @@ defaults = { 'php-pgsql': {}, 'php-xml': {}, 'php-zip': {}, + 'php-curl': {}, + 'php-gd': {}, + 'composer': {}, }, }, 'roundcube': { @@ -33,7 +36,7 @@ defaults = { 'managesieve', 'password', ], - 'des_key': repo.vault.password_for(f'{node.name} roundcube des_key'), + 'des_key': repo.vault.password_for(f'{node.name} roundcube des_key', length=24), }, 'postgresql': { 'roles': { @@ -57,7 +60,7 @@ def vhost(metadata): 'nginx': { 'vhosts': { metadata.get('mailserver/hostname'): { - 'content': 'nginx/php.conf', + 'content': 'roundcube/vhost.conf', 'context': { 'root': '/opt/roundcube', }, diff --git a/data/roundcube/vhost.conf b/data/roundcube/vhost.conf new file mode 100644 index 0000000..874b2e2 --- /dev/null +++ b/data/roundcube/vhost.conf @@ -0,0 +1,33 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${server_name}; + root ${root}; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php; + } + + location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { + deny all; + } + location ~ ^/(bin|SQL)/ { + deny all; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass php-handler; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { + access_log off; + log_not_found off; + expires 360d; + } +} diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index 01d3642..27dd41e 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -78,7 +78,7 @@ }, 'roundcube': { 'product_name': 'Sublimity Mail', - 'version': '1.4.11', + 'version': '6466d10339d44a077de4fe094c89ed35ae84da96', 'installer': True, }, 'users': {