Compare commits

..

101 Commits

Author SHA1 Message Date
jmrothst 7087dd53d0 Blank role requirements so makefile works
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-06-26 20:38:32 -05:00
jmrothst 27cc36f9c0 Removed known host manipulation
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-06-26 20:38:07 -05:00
jmrothst f68466907f Remove duplicate gitignore, and relicense all as CC BY-NC-ND 4.0
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-24 11:10:10 -05:00
jmrothst b252c2c087 Use package repo from gitea.fdragon.com with $releasever
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-17 22:21:53 -05:00
jmrothst 89b357473a Replace with version from Fedora 44 instead of carry forward old version
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-17 22:21:01 -05:00
jmrothst 2e371b2db9 Attempt to support WebSocket redirects
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-12 16:10:17 -05:00
jmrothst 4de083c8d2 Remove role requirements now that all roles have been merged
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-10 21:50:08 -05:00
jmrothst f3aaebf592 Merge ensure_mariadb
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-10 21:49:31 -05:00
jmrothst 63f1d8d6ee Add 'roles/ensure_mariadb/' from commit '9db90c39bdcb2ac355f24de078f09bf6376b08b6'
git-subtree-dir: roles/ensure_mariadb
git-subtree-mainline: a1a4d87dc1
git-subtree-split: 9db90c39bd
2026-05-10 21:49:13 -05:00
jmrothst a1a4d87dc1 Merge ensure_gitea
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-10 21:48:42 -05:00
jmrothst 0462696924 Add 'roles/ensure_gitea/' from commit 'bd5905bbb394c09e1ff03aa03985eb8974a85b12'
git-subtree-dir: roles/ensure_gitea
git-subtree-mainline: 36de5666db
git-subtree-split: bd5905bbb3
2026-05-10 21:48:13 -05:00
jmrothst 36de5666db Add 'roles/ensure_rsync/' from commit 'acd8e760165672bae24996505de0320d55b55152'
git-subtree-dir: roles/ensure_rsync
git-subtree-mainline: 94152ff0a5
git-subtree-split: acd8e76016
2026-05-10 21:47:30 -05:00
jmrothst 94152ff0a5 Merge ensure_dovecot
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-10 21:46:45 -05:00
jmrothst 838bad1300 Add 'roles/ensure_dovecot/' from commit '2fc15e207fac82a5451fd1adf57914797b6be6ce'
git-subtree-dir: roles/ensure_dovecot
git-subtree-mainline: cf8ae92948
git-subtree-split: 2fc15e207f
2026-05-10 21:46:18 -05:00
jmrothst 9db90c39bd Pass the user list to user creation instead of the db list
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 19:47:58 -04:00
jmrothst bd5905bbb3 Start gitea by default and remove mariadb configurations
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 19:20:08 -04:00
jmrothst e175a5c852 Disable gpg checks until I can find out why gitea isn't signing them
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 19:06:49 -04:00
jmrothst a563b361e1 Fix loop label
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 19:04:34 -04:00
jmrothst 4b375916e2 Add state
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 17:54:40 -04:00
jmrothst 36b5be7369 Fix the ansible fact for architecture
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 17:52:57 -04:00
jmrothst c29646f24a Allow UNIX Socket connections to function
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 17:27:46 -04:00
jmrothst 8152f1d311 Remove templates we don't need
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 16:19:01 -04:00
jmrothst 1c15a25444 Initial Version
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 16:18:30 -04:00
jmrothst 2f6473b772 Use the preferred python mysql client
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 15:09:21 -04:00
jmrothst 293b4727cb Add python mysql drivers to manage with
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 14:06:36 -04:00
jmrothst 305a3e80d2 default(omit)
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 13:51:00 -04:00
jmrothst 5b2ee333be Add db and user management
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 11:34:22 -04:00
jmrothst 71b6eab350 use the correct .pem file extension for certificates
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-09 00:45:03 -04:00
jmrothst 1a75050dad Fix mariadb and phpMyAdmin templates not change what shouldn't be
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-08 23:57:51 -04:00
jmrothst d6d3b5082d More ansible-core 2.20 fixes
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-08 23:57:33 -04:00
jmrothst 2fc15e207f More ansible core 2.20 fixes
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-08 20:02:04 -04:00
jmrothst acd8e76016 Fix fedora package list
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-05 23:24:26 -05:00
jmrothst 57da1d7fc2 Initial Version
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-05 22:57:10 -05:00
jmrothst f73b0d0ce9 Fix ansible core 2.20 and supported OS list
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-05 18:13:17 -05:00
jmrothst 924f228367 Fix ansible core 2.20 and sync the supported OS versions
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2026-05-05 18:10:49 -05:00
jmrothst 9fa1ad54c2 Fedora 43 and 44 2026-04-29 23:50:10 -05:00
jmrothst 476c3cd8e6 Handler improvements
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2025-05-25 20:08:44 -05:00
jmrothst 793bb71a10 Handler improvements
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2025-05-25 20:06:35 -05:00
jmrothst 25224177e4 Fedora 42
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2025-04-27 12:38:38 -05:00
jmrothst 9246884969 Fedora 42
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2025-04-27 12:24:49 -05:00
jmrothst e10559639a Fedora 41
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-12-28 19:40:17 -06:00
jmrothst 4f03179cc9 Fedora 41
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-12-28 19:25:23 -06:00
jmrothst a48f4cdd85 Fedora 41
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-12-27 20:48:23 -06:00
jmrothst 60e0cd205e Fedora 41
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-12-27 20:30:05 -06:00
jmrothst ec4475ef23 Fedora 40 support
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-06-02 12:19:36 -05:00
jmrothst 6f988d5ff6 Fedora 40 support
Signed-off-by: Jason Rothstein <fdragon@fdragon.org>
2024-06-02 12:14:56 -05:00
jmrothst 3db2f145e1 Add Fedora 39 2024-03-16 21:01:52 -05:00
jmrothst c34674b5ca Add Fedora 39 2024-03-16 21:01:06 -05:00
jmrothst aaf12b9219 Add Fedora 38 2023-04-30 17:51:17 -05:00
jmrothst 24294e708b Add Fedora 38 2023-04-30 17:47:39 -05:00
jmrothst 3b09858b0b Add submissions service to Fedora37 now too 2023-02-12 22:19:55 -06:00
jmrothst 6d5ccdd2a9 New default service for submissions? 2023-02-12 22:15:28 -06:00
jmrothst 1b3c90507a Add Fedora 37 2022-12-06 21:57:12 -06:00
jmrothst 064eecaec1 Add Fedora 37 2022-12-06 21:55:08 -06:00
jmrothst 902503f4be Enable Fedora 36 2022-06-05 18:27:57 -05:00
jmrothst 9df440a3c8 Enable Fedora 36 2022-06-05 18:26:56 -05:00
jmrothst 604da46a69 Update tasks 2022-06-05 16:48:01 -05:00
jmrothst 8bbde0bc6c Update tasks 2022-06-05 16:47:43 -05:00
jmrothst 4f701c013c Enable Dovecot to accept mail for delivery through postfix 2022-04-12 22:55:30 -05:00
jmrothst 8f327b04b3 Fully working IMAP with TLS and passwd like auth 2022-04-10 23:21:48 -05:00
jmrothst 9d469289ed Remove sql include for passwd in MySQL 2022-04-10 22:30:00 -05:00
jmrothst bfeff44109 Fix order of defined test to match syntax 2022-04-10 18:18:32 -05:00
jmrothst 4b8be1a112 Template syntax error 2022-04-10 18:07:19 -05:00
jmrothst b9a9e862b6 Add missing endif in template for accounts 2022-04-10 17:52:19 -05:00
jmrothst e6f243b079 Single account file with email address as the username 2022-04-10 17:40:27 -05:00
jmrothst 13ea9c20a6 Add plugins for future usage of MySQL auth 2022-04-10 17:09:49 -05:00
jmrothst 59f69534e2 Fix home directories for file based virtual users 2022-04-10 01:11:45 -05:00
jmrothst c7cb38303f Remove MySQL and use dynamic file based accounts instead. 2022-04-07 22:41:04 -05:00
jmrothst 351cffc637 If anything changes, notify all handlers 2022-01-30 21:39:31 -06:00
jmrothst c926e408dc If things change, always notify all the handlers 2022-01-30 21:36:26 -06:00
jmrothst f4e0e923b2 Adding services to validate are running 2022-01-30 18:58:42 -06:00
jmrothst f4bb7b9d03 Make the certificates directory instead of find it 2022-01-23 18:53:11 -06:00
jmrothst 08005d5724 Make the certificates directory instead of finding it 2022-01-23 18:50:18 -06:00
jmrothst d6be779113 Enable selecting the TLS Certificate 2022-01-23 18:09:53 -06:00
jmrothst d2fa1b290a Allow choice in TLS Certificate from mod_md 2022-01-23 17:07:18 -06:00
jmrothst 3173c6094d Use mod_md certificates 2021-12-05 20:32:36 -06:00
jmrothst 176a30e31e typo in minimum TLS version requirements 2021-12-05 18:55:55 -06:00
jmrothst f4151abc3f Enable mod_md fetched ACME TLS Certificates 2021-12-05 14:47:01 -06:00
jmrothst 9ef51a9b8c Typo in local.conf 2021-12-05 12:20:08 -06:00
jmrothst 9b30664a41 Enable MySQL user accounts 2021-12-05 11:54:39 -06:00
jmrothst f9fe1a6a14 Base configuration 2021-11-14 15:08:15 -06:00
jmrothst 295b7370df Add dovecot service 2021-11-14 14:05:02 -06:00
jmrothst 12f9044e69 Package deploy 2021-11-14 11:46:26 -06:00
jmrothst 7b00fd5fac Default vars 2021-11-14 11:35:50 -06:00
jmrothst 4928db6267 role shell 2021-11-14 11:33:13 -06:00
jmrothst af25b749ec Blank role 2021-11-14 10:19:29 -06:00
AnsibleRoles 7b2045732f Initial commit 2021-11-14 16:02:42 +00:00
jmrothst f2a99b77e4 Add Fedora 35 Support 2021-11-13 20:45:36 -06:00
jmrothst 1daa22d767 Fix the TLS copy error and MariaDB not liking the CA Bundle 2021-10-31 18:37:59 -05:00
jmrothst e7eac95453 Fix path names for templates to match target system 2021-10-31 18:03:51 -05:00
jmrothst a0cf50b7cf Template path corrected for systemd unit files 2021-10-31 17:59:41 -05:00
jmrothst d70b23b0b1 Enable Apache mod_md Lets Encrypt Certificates with MariaDB 2021-10-31 17:55:14 -05:00
jmrothst e15987f2dc Fix jinja2 syntax to expand a variable 2021-10-31 01:45:55 -05:00
jmrothst 752468e5d9 recurse instead of recursive on find... 2021-10-31 01:40:53 -05:00
jmrothst 1047752534 Find certificates and include them by direct name 2021-10-31 01:29:43 -05:00
jmrothst 248787e188 Fix template pathname for phpMyAdmin... 2021-10-31 01:06:48 -05:00
jmrothst 2c34983602 Enable /phpMyAdmin if SSL, Use UTF8 char set, Try to auto use TLS in mariadb 2021-10-31 01:02:06 -05:00
jmrothst 70917f630e Removed apache specific items from mariadb task template... 2021-10-31 00:15:20 -05:00
jmrothst e5a385e5c8 Install phpMyAdmin and MariaDB service 2021-10-31 00:08:05 -05:00
jmrothst d8d40835be Initial Role 2021-10-30 23:58:33 -05:00
AnsibleRoles 371783897f Initial commit 2021-10-31 04:57:37 +00:00
203 changed files with 6891 additions and 6202 deletions
+404
View File
@@ -0,0 +1,404 @@
Attribution-NonCommercial-NoDerivatives 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0
International Public License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution-NonCommercial-NoDerivatives 4.0 International Public
License ("Public License"). To the extent this Public License may be
interpreted as a contract, You are granted the Licensed Rights in
consideration of Your acceptance of these terms and conditions, and the
Licensor grants You such rights in consideration of benefits the
Licensor receives from making the Licensed Material available under
these terms and conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
c. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
d. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
e. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
f. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
g. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
h. NonCommercial means not primarily intended for or directed towards
commercial advantage or monetary compensation. For purposes of
this Public License, the exchange of the Licensed Material for
other material subject to Copyright and Similar Rights by digital
file-sharing or similar means is NonCommercial provided there is
no payment of monetary compensation in connection with the
exchange.
i. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
j. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
k. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part, for NonCommercial purposes only; and
b. produce and reproduce, but not Share, Adapted Material
for NonCommercial purposes only.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties, including when
the Licensed Material is used other than for NonCommercial
purposes.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material, You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
For the avoidance of doubt, You do not have permission under
this Public License to Share Adapted Material.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database for NonCommercial purposes
only and provided You do not Share Adapted Material;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material; and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public
licenses. Notwithstanding, Creative Commons may elect to apply one of
its public licenses to material it publishes and in those instances
will be considered the “Licensor.” The text of the Creative Commons
public licenses is dedicated to the public domain under the CC0 Public
Domain Dedication. Except for the limited purpose of indicating that
material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the
public licenses.
Creative Commons may be contacted at creativecommons.org.
-15
View File
@@ -1,15 +0,0 @@
---
- name: 'all'
hosts: 'all'
gather_facts: false
serial: 1
tasks:
- name: 'Remove known_host file entries'
delegate_to: 'localhost'
ansible.builtin.shell:
ssh-keygen -f ~/.ssh/known_hosts -R {{ inventory_hostname }}
- name: 'Add known_hosts file entries'
delegate_to: 'localhost'
ansible.builtin.shell:
ssh-keyscan {{ inventory_hostname }} >> ~/.ssh/known_hosts
...
-97
View File
@@ -1,97 +0,0 @@
# ---> Ansible
*.retry
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
-97
View File
@@ -1,97 +0,0 @@
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
# ---> Ansible
*.retry
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
@@ -58,6 +58,12 @@ MDomain {{ item.fqdn }}
ProxyPassReverse "/" "{{ item.proxy }}" ProxyPassReverse "/" "{{ item.proxy }}"
ProxyTimeout 300 ProxyTimeout 300
{% endif %} {% endif %}
{% if item.rewrite is defined %}
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) ws://{{ item.proxy }}/$1 [P,L]
{% endif %}
{% if item.redirect is defined %} {% if item.redirect is defined %}
RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }}
{% endif %} {% endif %}
@@ -58,6 +58,12 @@ MDomain {{ item.fqdn }}
ProxyPassReverse "/" "{{ item.proxy }}" ProxyPassReverse "/" "{{ item.proxy }}"
ProxyTimeout 300 ProxyTimeout 300
{% endif %} {% endif %}
{% if item.rewrite is defined %}
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) ws://{{ item.proxy }}/$1 [P,L]
{% endif %}
{% if item.redirect is defined %} {% if item.redirect is defined %}
RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }}
{% endif %} {% endif %}
@@ -58,6 +58,12 @@ MDomain {{ item.fqdn }}
ProxyPassReverse "/" "{{ item.proxy }}" ProxyPassReverse "/" "{{ item.proxy }}"
ProxyTimeout 300 ProxyTimeout 300
{% endif %} {% endif %}
{% if item.rewrite is defined %}
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) ws://{{ item.proxy }}/$1 [P,L]
{% endif %}
{% if item.redirect is defined %} {% if item.redirect is defined %}
RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }} RedirectMatch "^(?!/\.well-known/).*" {{ item.redirect }}
{% endif %} {% endif %}
-414
View File
@@ -1,414 +0,0 @@
# ---> Ansible
*.retry
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> VisualStudio
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
-414
View File
@@ -1,414 +0,0 @@
# ---> Ansible
*.retry
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> VisualStudio
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
-97
View File
@@ -1,97 +0,0 @@
# ---> Ansible
*.retry
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
+29
View File
@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
+43
View File
@@ -0,0 +1,43 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
| Variable | Default | Description |
| - | - | - |
| dovecot&lowbar;vhost | inventory&lowbar;hostname | What mod&lowbar;md certificate should be used for Dovecot |
| dovecot&lowbar;quota | 1G | Default mail quota for users of the system |
| dovecot&lowbar;users | undefined | list of dictionary with the elements of email address and password (converted to CRYPT-SHA512) |
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+4
View File
@@ -0,0 +1,4 @@
---
# defaults file for ensure_dovecot
dovecot_vhost: '{{ inventory_hostname }}'
dovecot_quota: '1G'
+29
View File
@@ -0,0 +1,29 @@
---
# handlers file for ensure_dovecot
- name: 'ensure_dovecot.package_facts'
ansible.builtin.package_facts:
- name: 'ensure_dovecot.service_facts'
ansible.builtin.service_facts:
- name: 'ensure_dovecot.service_reload'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["service_mgr"] == 'systemd'
- ensure_dovecot is defined
ansible.builtin.systemd:
daemon_reload: 'yes'
- name: 'ensure_dovecot.service_restart'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.service_list is defined
- ensure_dovecot.service_list is iterable
- item.state == 'started'
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: 'restarted'
loop: '{{ ensure_dovecot.service_list }}'
loop_control:
label: '{{ item.name }} will be restarted'
...
+53
View File
@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
+152
View File
@@ -0,0 +1,152 @@
---
# tasks file for ensure_dovecot
- name: 'include variables'
when:
- ansible_facts["system"] == 'Linux'
include_vars:
file: '{{ lookup("first_found", findme ) }}'
name: 'ensure_dovecot'
vars:
findme:
files:
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["distribution"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-default.yml'
- 'default.yml'
paths:
- '../vars/'
errors: 'ignore'
- name: 'package discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["packages"] is not defined
ansible.builtin.package_facts:
- name: 'service discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["services"] is not defined
ansible.builtin.service_facts:
- name: 'ensure sysctl'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.sysctl_list is defined
- ensure_dovecot.sysctl_list is iterable
ansible.posix.sysctl:
name: '{{ item.name }}'
reload: '{{ item.reload | default(omit) }}'
state: '{{ item.state }}'
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
value: '{{ item.value | default(omit) }}'
loop: '{{ ensure_dovecot.sysctl_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.value }}'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- 'ensure_dovecot.service_reload'
- 'ensure_dovecot.service_restart'
- name: 'ensure packages'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.package_list is defined
- ensure_dovecot.package_list is iterable
ansible.builtin.package:
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_dovecot.package_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- 'ensure_dovecot.service_reload'
- 'ensure_dovecot.service_restart'
- name: 'ensure seboolean'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.seboolean_list is defined
- ensure_dovecot.seboolean_list is iterable
ansible.posix.seboolean:
name: '{{ item.name }}'
persistent: '{{ item.persistent }}'
state: '{{ item.state }}'
loop: '{{ ensure_dovecot.seboolean_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- 'ensure_dovecot.service_reload'
- 'ensure_dovecot.service_restart'
- name: 'ensure configurations'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.template_list is defined
- ensure_dovecot.template_list is iterable
ansible.builtin.template:
backup: 'no'
dest: '{{ item.dest }}'
group: '{{ item.group | default(omit) }}'
mode: '{{ item.mode | default(omit) }}'
owner: '{{ item.owner | default(omit) }}'
selevel: '{{ iteml.selevel | default(omit) }}'
serole: '{{ item.serole | default(omit) }}'
setype: '{{ item.setype | default(omit) }}'
seuser: '{{ item.seuser | default(omit) }}'
src: '{{ item.src }}'
loop: '{{ ensure_dovecot.template_list }}'
loop_control:
label: '{{ item.dest }} will be ensured'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- 'ensure_dovecot.service_reload'
- 'ensure_dovecot.service_restart'
- name: 'ensure firewall'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts.packages["firewalld"] is defined
- ansible_facts.packages["python3-firewall"] is defined
- ensure_dovecot is defined
- ensure_dovecot.firewall_list is defined
- ensure_dovecot.firewall_list is iterable
ansible.posix.firewalld:
permanent: '{{ item.permanent }}'
service: '{{ item.service }}'
state: '{{ item.state }}'
loop: '{{ ensure_dovecot.firewall_list }}'
loop_control:
label: '{{ item.service }} will be {{ item.state }}'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- 'ensure_dovecot.service_reload'
- 'ensure_dovecot.service_restart'
- name: 'ensure services'
when:
- ansible_facts["system"] == 'Linux'
- ensure_dovecot is defined
- ensure_dovecot.service_list is defined
- ensure_dovecot.service_list is iterable
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_dovecot.service_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_dovecot.package_facts'
- 'ensure_dovecot.service_facts'
- name: 'flush handlers'
meta: 'flush_handlers'
...
@@ -0,0 +1,5 @@
{% if dovecot_users is defined and dovecot_users is iterable %}
{% for user in dovecot_users %}
{{ user.email }}:{{ user.password | password_hash('sha512') }}::::::
{% endfor %}
{% endif %}
@@ -0,0 +1,127 @@
##
## Authentication processes
##
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes
# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth and PAM require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour
# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format = %Lu
# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =
# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous
# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30
# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
#auth_use_winbind = no
# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth
# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs
# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no
# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName.
#auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-static.conf.ext
@@ -0,0 +1,60 @@
##
## Director-specific settings.
##
# Director can be used by Dovecot proxy to keep a temporary user -> mail server
# mapping. As long as user has simultaneous connections, the user is always
# redirected to the same server. Each proxy server is running its own director
# process, and the directors are communicating the state to each others.
# Directors are mainly useful with NFS-like setups.
# List of IPs or hostnames to all director servers, including ourself.
# Ports can be specified as ip:port. The default port is the same as
# what director service's inet_listener is using.
#director_servers =
# List of IPs or hostnames to all backend mail servers. Ranges are allowed
# too, like 10.0.0.10-10.0.0.30.
#director_mail_servers =
# How long to redirect users to a specific server after it no longer has
# any connections.
#director_user_expire = 15 min
# How the username is translated before being hashed. Useful values include
# %Ln if user can log in with or without @domain, %Ld if mailboxes are shared
# within domain.
#director_username_hash = %Lu
# To enable director service, uncomment the modes and assign a port.
service director {
unix_listener login/director {
#mode = 0666
}
fifo_listener login/proxy-notify {
#mode = 0666
}
unix_listener director-userdb {
#mode = 0600
}
inet_listener {
#port =
}
}
# Enable director for the wanted login services by telling them to
# connect to director socket instead of the default login socket:
service imap-login {
#executable = imap-login director
}
service pop3-login {
#executable = pop3-login director
}
service submission-login {
#executable = submission-login director
}
# Enable director for LMTP proxying:
protocol lmtp {
#auth_socket_path = director-userdb
}
@@ -0,0 +1,105 @@
##
## Log destination.
##
# Log file to use for error messages. "syslog" logs to syslog,
# /dev/stderr logs to stderr.
#log_path = syslog
# Log file to use for informational messages. Defaults to log_path.
#info_log_path =
# Log file to use for debug messages. Defaults to info_log_path.
#debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard
# facilities are supported.
#syslog_facility = mail
##
## Logging verbosity and debugging.
##
# Log filter is a space-separated list conditions. If any of the conditions
# match, the log filter matches (i.e. they're ORed together). Parenthesis
# are supported if multiple conditions need to be matched together.
#
# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
#
# For example: event=http_request_* AND category=error AND category=storage
#
# Filter to specify what debug logging to enable. This will eventually replace
# mail_debug and auth_debug settings.
#log_debug =
# Crash after logging a matching event. For example category=error will crash
# any time an error is logged, which can be useful for debugging.
#log_core_filter =
# Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
#auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL
# queries.
#auth_debug = no
# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
#auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot
# isn't finding your mails.
#mail_debug = no
# Show protocol level SSL errors.
#verbose_ssl = no
# mail_log plugin provides more event logging for mail processes.
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
##
## Log formatting.
##
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
# Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log.
#login_log_format = %$: %s
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use.
#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
# Format to use for logging mail deliveries:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m / %{msgid} - Message-ID
# %s / %{subject} - Subject
# %f / %{from} - From address
# %p / %{size} - Physical size
# %w / %{vsize} - Virtual size
# %e / %{from_envelope} - MAIL FROM envelope
# %{to_envelope} - RCPT TO envelope
# %{delivery_time} - How many milliseconds it took to deliver the mail
# %{session_time} - How long LMTP session took, not including delivery_time
# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
#deliver_log_format = msgid=%m: %$
@@ -0,0 +1,416 @@
##
## Mailbox locations and namespaces
##
# Location for users' mailboxes. The default is empty, which means that Dovecot
# tries to find the mailboxes automatically. This won't work if the user
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
# location.
#
# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u)
# isn't enough. You'll also need to tell Dovecot where the other mailboxes are
# kept. This is called the "root mail directory", and it must be the first
# path given in the mail_location setting.
#
# There are a few special variables you can use, eg.:
#
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if there's no domain
# %h - home directory
#
# See doc/wiki/Variables.txt for full list. Some examples:
#
# mail_location = maildir:~/Maildir
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
# <doc/wiki/MailLocation.txt>
#
#mail_location =
# If you need to set multiple mailbox locations or want to change default
# namespace settings, you can do it by defining namespace sections.
#
# You can have private, shared and public namespaces. Private namespaces
# are for user's personal mails. Shared namespaces are for accessing other
# users' mailboxes that have been shared. Public namespaces are for shared
# mailboxes that are managed by sysadmin. If you create any shared or public
# namespaces you'll typically want to enable ACL plugin also, otherwise all
# users can access all the shared mailboxes, assuming they have permissions
# on filesystem level to do so.
namespace inbox {
# Namespace type: private, shared or public
#type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
#separator =
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
#prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
#location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
# If namespace is hidden, it's not advertised to clients via NAMESPACE
# extension. You'll most likely also want to set list=no. This is mostly
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
#hidden = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
#list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
#subscriptions = yes
# See 15-mailboxes.conf for definitions of special mailboxes.
}
# Example shared namespace configuration
#namespace {
#type = shared
#separator = /
# Mailboxes are visible under "shared/user@domain/"
# %%n, %%d and %%u are expanded to the destination user.
#prefix = shared/%%u/
# Mail location for other users' mailboxes. Note that %variables and ~/
# expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
# destination user's data.
#location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
# Use the default namespace for saving subscriptions.
#subscriptions = no
# List the shared/ namespace only if there are visible shared mailboxes.
#list = children
#}
# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?
#mail_shared_explicit_inbox = no
# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =
# Group to enable temporarily for privileged operations. Currently this is
# used only with INBOX when either its initial creation or dotlocking fails.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
# Grant access to these supplementary groups for mail processes. Typically
# these are used to set up access to shared mailboxes. Note that it may be
# dangerous to set these if users can create symlinks (e.g. if "mail" group is
# set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it).
#mail_access_groups =
# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
# or ~user/.
#mail_full_filesystem_access = no
# Dictionary for key=value mailbox attributes. This is used for example by
# URLAUTH and METADATA extensions.
#mail_attribute_dict =
# A comment or note that is associated with the server. This value is
# accessible for authenticated users through the IMAP METADATA server
# entry "/shared/comment".
#mail_server_comment = ""
# Indicates a method for contacting the server administrator. According to
# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that
# is currently not enforced. Use for example mailto:admin@example.com. This
# value is accessible for authenticated users through the IMAP METADATA server
# entry "/shared/admin".
#mail_server_admin =
##
## Mail processes
##
# Don't use mmap() at all. This is required if you store indexes to shared
# filesystems (NFS or clustered filesystem).
#mmap_disable = no
# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL
# since version 3, so this should be safe to use nowadays by default.
#dotlock_use_excl = yes
# When to use fsync() or fdatasync() calls:
# optimized (default): Whenever necessary to avoid losing important data
# always: Useful with e.g. NFS when write()s are delayed
# never: Never use it (best performance, but crashes can lose data)
#mail_fsync = optimized
# Locking method for index files. Alternatives are fcntl, flock and dotlock.
# Dotlocking uses some tricks which may create more disk I/O than other locking
# methods. NFS users: flock doesn't work, remember to change mmap_disable.
#lock_method = fcntl
# Directory where mails can be temporarily stored. Usually it's used only for
# mails larger than >= 128 kB. It's used by various parts of Dovecot, for
# example LDA/LMTP while delivering large mails or zlib plugin for keeping
# uncompressed mails.
#mail_temp_dir = /tmp
# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0
# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.
#first_valid_gid = 1
#last_valid_gid = 0
# Maximum allowed length for mail keyword name. It's only forced when trying
# to create new keywords.
#mail_max_keyword_length = 50
# ':' separated list of directories under which chrooting is allowed for mail
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too).
# This setting doesn't affect login_chroot, mail_chroot or auth chroot
# settings. If this setting is empty, "/./" in home dirs are ignored.
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory
# (eg. /home/./user chroots into /home). Note that usually there is no real
# need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot =
# UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda.
#auth_socket_path = /var/run/dovecot/auth-userdb
# Directory where to look up mail plugins.
#mail_plugin_dir = /usr/lib/dovecot
# Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins =
##
## Mailbox handling optimizations
##
# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are
# also required for IMAP NOTIFY extension to be enabled.
#mailbox_list_index = yes
# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost
# of potentially returning out-of-date results after e.g. server crashes.
# The results will be automatically fixed once the folders are opened.
#mailbox_list_index_very_dirty_syncs = yes
# Should INBOX be kept up-to-date in the mailbox list index? By default it's
# not, because most of the mailbox accesses will open INBOX anyway.
#mailbox_list_index_include_inbox = no
# The minimum number of mails in a mailbox before updates are done to cache
# file. This allows optimizing Dovecot's behavior to do less disk writes at
# the cost of more disk reads.
#mail_cache_min_mail_count = 0
# When IDLE command is running, mailbox is checked once in a while to see if
# there are any new mails or other changes. This setting defines the minimum
# time to wait between those checks. Dovecot can also use inotify and
# kqueue to find out immediately when changes occur.
#mailbox_idle_check_interval = 30 secs
# Save mails with CR+LF instead of plain LF. This makes sending those mails
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
# But it also creates a bit more disk I/O which may just make it slower.
# Also note that if other software reads the mboxes/maildirs, they may handle
# the extra CRs wrong and cause problems.
#mail_save_crlf = no
# Max number of mails to keep open and prefetch to memory. This only works with
# some mailbox formats and/or operating systems.
#mail_prefetch_count = 0
# How often to scan for stale temporary files and delete them (0 = never).
# These should exist only after Dovecot dies in the middle of saving mails.
#mail_temp_scan_interval = 1w
# How many slow mail accesses sorting can perform before it returns failure.
# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long.
# The untagged SORT reply is still returned, but it's likely not correct.
#mail_sort_max_read_count = 0
protocol !indexer-worker {
# If folder vsize calculation requires opening more than this many mails from
# disk (i.e. mail sizes aren't in cache already), return failure and finish
# the calculation via indexer process. Disabled by default. This setting must
# be 0 for indexer-worker processes.
#mail_vsize_bg_after_count = 0
}
##
## Maildir-specific settings
##
# By default LIST command returns all entries in maildir beginning with a dot.
# Enabling this option makes Dovecot return only entries which are directories.
# This is done by stat()ing each entry, so it causes more disk I/O.
# (For systems setting struct dirent->d_type, this check is free and it's
# done always regardless of this setting)
#maildir_stat_dirs = no
# When copying a message, do it with hard links whenever possible. This makes
# the performance much better, and it's unlikely to have any side effects.
#maildir_copy_with_hardlinks = yes
# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
# when its mtime changes unexpectedly or when we can't find the mail otherwise.
#maildir_very_dirty_syncs = no
# If enabled, Dovecot doesn't use the S=<size> in the Maildir filenames for
# getting the mail's physical size, except when recalculating Maildir++ quota.
# This can be useful in systems where a lot of the Maildir filenames have a
# broken size. The performance hit for enabling this is very small.
#maildir_broken_filename_sizes = no
# Always move mails from new/ directory to cur/, even when the \Recent flags
# aren't being reset.
#maildir_empty_new = no
##
## mbox-specific settings
##
# Which locking methods to use for locking mbox. There are four available:
# dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
# solution. If you want to use /var/mail/ like directory, the users
# will need write access to that directory.
# dotlock_try: Same as dotlock, but if it fails because of permissions or
# because there isn't enough disk space, just skip it.
# fcntl : Use this if possible. Works with NFS too if lockd is used.
# flock : May not exist in all systems. Doesn't work with NFS.
# lockf : May not exist in all systems. Doesn't work with NFS.
#
# You can use multiple locking methods; if you do the order they're declared
# in is important to avoid deadlocks if other MTAs/MUAs are using multiple
# locking methods as well. Some operating systems don't allow using some of
# them simultaneously.
#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl
mbox_write_locks = fcntl
# Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins
# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this much time.
#mbox_dotlock_change_timeout = 2 mins
# When mbox changes unexpectedly we have to fully read it to find out what
# changed. If the mbox is large this can take a long time. Since the change
# is usually just a newly appended mail, it'd be faster to simply read the
# new mails. If this setting is enabled, Dovecot does this but still safely
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands.
#mbox_dirty_syncs = yes
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
#mbox_very_dirty_syncs = no
# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
# commands and when closing the mailbox). This is especially useful for POP3
# where clients often delete all mails. The downside is that our changes
# aren't immediately visible to other MUAs.
#mbox_lazy_writes = yes
# If mbox size is smaller than this (e.g. 100k), don't write index files.
# If an index file already exists it's still read, just not updated.
#mbox_min_index_size = 0
# Mail header selection algorithm to use for MD5 POP3 UIDLs when
# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired
# algorithm, but it fails if the first Received: header isn't unique in all
# mails. An alternative algorithm is "all" that selects all headers.
#mbox_md5 = apop3d
##
## mdbox-specific settings
##
# Maximum dbox file size until it's rotated.
#mdbox_rotate_size = 10M
# Maximum dbox file age until it's rotated. Typically in days. Day begins
# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
#mdbox_rotate_interval = 0
# When creating new mdbox files, immediately preallocate their size to
# mdbox_rotate_size. This setting currently works only in Linux with some
# filesystems (ext4, xfs).
#mdbox_preallocate_space = no
##
## Mail attachments
##
# sdbox and mdbox support saving mail attachments to external files, which
# also allows single instance storage for them. Other backends don't support
# this for now.
# Directory root where to store mail attachments. Disabled, if empty.
#mail_attachment_dir =
# Attachments smaller than this aren't saved externally. It's also possible to
# write a plugin to disable saving specific attachments externally.
#mail_attachment_min_size = 128k
# Filesystem backend to use for saving attachments:
# posix : No SiS done by Dovecot (but this might help FS's own deduplication)
# sis posix : SiS with immediate byte-by-byte comparison during saving
# sis-queue posix : SiS with delayed comparison and deduplication
#mail_attachment_fs = sis posix
# Hash format to use in attachment filenames. You can add any text and
# variables: %{md4}, %{md5}, %{sha1}, %{sha256}, %{sha512}, %{size}.
# Variables can be truncated, e.g. %{sha256:80} returns only first 80 bits
#mail_attachment_hash = %{sha1}
# Settings to control adding $HasAttachment or $HasNoAttachment keywords.
# By default, all MIME parts with Content-Disposition=attachment, or inlines
# with filename parameter are consired attachments.
# add-flags - Add the keywords when saving new mails or when fetching can
# do it efficiently.
# content-type=type or !type - Include/exclude content type. Excluding will
# never consider the matched MIME part as attachment. Including will only
# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar).
# exclude-inlined - Exclude any Content-Disposition=inline MIME part.
#mail_attachment_detection_options =
@@ -0,0 +1,133 @@
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service submission-login {
inet_listener submission {
#port = 587
}
inet_listener submissions {
#port = 465
}
}
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service submission {
# Max. number of SMTP Submission processes (connections)
#process_limit = 1024
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
#user = $default_internal_user
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
#user = root
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
@@ -0,0 +1,74 @@
##
## Statistics and metrics
##
# Dovecot supports gathering statistics from events.
# Currently there are no statistics logged by default, and therefore they must
# be explicitly added using the metric configuration blocks.
#
# Unlike old stats, the new statistics do not require any plugins loaded.
#
# See https://doc.dovecot.org/configuration_manual/stats/ for more details.
##
## Example metrics
##
#metric auth_success {
# filter = event=auth_request_finished AND success=yes
#}
#
#metric auth_failures {
# filter = event=auth_request_finished AND NOT success=yes
#}
#
#metric imap_command {
# filter = event=imap_command_finished
# group_by = cmd_name tagged_reply_state
#}
#
#metric smtp_command {
# filter = event=smtp_server_command_finished
# group_by = cmd_name status_code duration:exponential:1:5:10
#}
#
#metric mail_delivery {
# filter = event=mail_delivery_finished
# group_by = duration:exponential:1:5:10
#}
##
## Prometheus
##
# To allow access to statistics with Prometheus, enable http listener
# on stats process. Stats will be available on /metrics path.
#
# See https://doc.dovecot.org/configuration_manual/stats/openmetrics/ for more
# details.
#service stats {
# inet_listener http {
# port = 9900
# }
#}
##
## Event exporting
##
# You can also export individual events.
#
# See https://doc.dovecot.org/configuration_manual/event_export/ for more
# details.
#event_exporter log {
# format = json
# format_args = time-rfc3339
# transport = log
#}
#
#metric imap_commands {
# exporter = log
# filter = event=imap_command_finished
#}
@@ -0,0 +1,85 @@
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend or
# submission service). The directory is usually /etc/pki/dovecot/certs in
# Debian-based systems and the file is /etc/pki/tls/cert.pem in
# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
# large CA bundles, because it leads to excessive memory usage.
#ssl_client_ca_dir =
#ssl_client_ca_file =
# Require valid cert when connecting to a remote server
#ssl_client_require_valid_cert = yes
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# SSL DH parameters
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
# Or migrate from old ssl-parameters.dat file with the command dovecot
# gives on startup when ssl_dh is unset.
#ssl_dh = </etc/dovecot/dh.pem
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
# TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3, depending on the OpenSSL version used.
#
# Dovecot also recognizes values ANY and LATEST. ANY matches with any protocol
# version, and LATEST matches with the latest version supported by library.
#ssl_min_protocol = TLSv1.2
# SSL ciphers to use, the default is:
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
# To disable non-EC DH, use:
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_cipher_list = PROFILE=SYSTEM
# Colon separated list of elliptic curves to use. Empty value (the default)
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
# example of a valid value.
#ssl_curve_list =
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
# SSL extra options. Currently supported options are:
# compression - Enable compression.
# no_ticket - Disable SSL session tickets.
#ssl_options =
@@ -0,0 +1,48 @@
##
## LDA specific settings (also used by LMTP)
##
# Address to use when sending rejection mails.
# Default is postmaster@%d. %d expands to recipient domain.
#postmaster_address =
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
#quota_full_tempfail = no
# Binary to use for sending mails.
#sendmail_path = /usr/sbin/sendmail
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
#submission_host =
# Subject: header to use for rejection mails. You can use the same variables
# as for rejection_reason below.
#rejection_subject = Rejected: %s
# Human readable error message for rejection mails. You can use variables:
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
# Delimiter character between local-part and detail in email address.
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
# Should saving a mail to a nonexistent mailbox automatically create it?
#lda_mailbox_autocreate = no
# Should automatically created mailboxes be also automatically subscribed?
#lda_mailbox_autosubscribe = no
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
}
@@ -0,0 +1,86 @@
##
## Mailbox definitions
##
# Each mailbox is specified in a separate mailbox section. The section name
# specifies the mailbox name. If it has spaces, you can put the name
# "in quotes". These sections can contain the following mailbox settings:
#
# auto:
# Indicates whether the mailbox with this name is automatically created
# implicitly when it is first accessed. The user can also be automatically
# subscribed to the mailbox after creation. The following values are
# defined for this setting:
#
# no - Never created automatically.
# create - Automatically created, but no automatic subscription.
# subscribe - Automatically created and subscribed.
#
# special_use:
# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
# mailbox. There are no validity checks, so you could specify anything
# you want in here, but it's not a good idea to use flags other than the
# standard ones specified in the RFC:
#
# \All - This (virtual) mailbox presents all messages in the
# user's message store.
# \Archive - This mailbox is used to archive messages.
# \Drafts - This mailbox is used to hold draft messages.
# \Flagged - This (virtual) mailbox presents all messages in the
# user's message store marked with the IMAP \Flagged flag.
# \Important - This (virtual) mailbox presents all messages in the
# user's message store deemed important to user.
# \Junk - This mailbox is where messages deemed to be junk mail
# are held.
# \Sent - This mailbox is used to hold copies of messages that
# have been sent.
# \Trash - This mailbox is used to hold messages that have been
# deleted.
#
# comment:
# Defines a default comment or note associated with the mailbox. This
# value is accessible through the IMAP METADATA mailbox entries
# "/shared/comment" and "/private/comment". Users with sufficient
# privileges can override the default value for entries with a custom
# value.
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
# If you have a virtual "All messages" mailbox:
#mailbox virtual/All {
# special_use = \All
# comment = All my messages
#}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
# comment = All my flagged messages
#}
# If you have a virtual "Important" mailbox:
#mailbox virtual/Important {
# special_use = \Important
# comment = All my important messages
#}
}
@@ -0,0 +1,99 @@
##
## IMAP specific settings
##
# If nothing happens for this long while client is IDLEing, move the connection
# to imap-hibernate process and close the old imap process. This saves memory,
# because connections use very little memory in imap-hibernate process. The
# downside is that recreating the imap process back uses some resources.
#imap_hibernate_timeout = 0
# Maximum IMAP command line length. Some clients generate very long command
# lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
#imap_max_line_length = 64k
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{fetch_hdr_count} - Number of mails with mail header data sent to client
# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
# %{fetch_body_count} - Number of mails with mail body data sent to client
# %{fetch_body_bytes} - Number of bytes with mail body data sent to client
# %{deleted} - Number of mails where client added \Deleted flag
# %{expunged} - Number of mails that client expunged, which does not
# include automatically expunged mails
# %{autoexpunged} - Number of mails that were automatically expunged after
# client disconnected
# %{trashed} - Number of mails that client copied/moved to the
# special_use=\Trash mailbox.
# %{appended} - Number of mails saved during the session
#imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
# trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
# hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
# body_bytes=%{fetch_body_bytes}
# Override the IMAP CAPABILITY response. If the value begins with '+',
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
#imap_capability =
# How long to wait between "OK Still here" notifications when client is
# IDLEing.
#imap_idle_notify_interval = 2 mins
# ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email,
# revision.
#imap_id_send =
# ID fields sent by client to log. * means everything.
#imap_id_log =
# Workarounds for various client bugs:
# delay-newmail:
# Send EXISTS/RECENT new mail notifications only when replying to NOOP
# and CHECK commands. Some clients ignore them otherwise, for example OSX
# Mail (<v2.1). Outlook Express breaks more badly though, without this it
# may show user "Message no longer in server" errors. Note that OE6 still
# breaks even with this workaround if synchronization is set to
# "Headers Only".
# tb-extra-mailbox-sep:
# Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
# adds extra '/' suffixes to mailbox names. This option causes Dovecot to
# ignore the extra '/' instead of treating it as invalid mailbox name.
# tb-lsub-flags:
# Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
# This makes Thunderbird realize they aren't selectable and show them
# greyed out, instead of only later giving "not selectable" popup error.
#
# The list is space-separated.
#imap_client_workarounds =
# Host allowed in URLAUTH URLs sent by client. "*" allows all.
#imap_urlauth_host =
# Enable IMAP LITERAL- extension (replaces LITERAL+)
#imap_literal_minus = no
# What happens when FETCH fails due to some internal error:
# disconnect-immediately:
# The FETCH is aborted immediately and the IMAP client is disconnected.
# disconnect-after:
# The FETCH runs for all the requested mails returning as much data as
# possible. The client is finally disconnected without a tagged reply.
# no-after:
# Same as disconnect-after, but tagged NO reply is sent instead of
# disconnecting the client. If the client attempts to FETCH the same failed
# mail more than once, the client is disconnected. This is to avoid clients
# from going into infinite loops trying to FETCH a broken mail.
#imap_fetch_failure = disconnect-immediately
protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
}
@@ -0,0 +1,40 @@
##
## LMTP specific settings
##
# Support proxying to other LMTP/SMTP servers by performing passdb lookups.
#lmtp_proxy = no
# When recipient address includes the detail (e.g. user+detail), try to save
# the mail to the detail mailbox. See also recipient_delimiter and
# lda_mailbox_autocreate settings.
#lmtp_save_to_detail_mailbox = no
# Verify quota before replying to RCPT TO. This adds a small overhead.
#lmtp_rcpt_check_quota = no
# Add "Received:" header to mails delivered.
#lmtp_add_received_header = yes
# Which recipient address to use for Delivered-To: header and Received:
# header. The default is "final", which is the same as the one given to
# RCPT TO command. "original" uses the address given in RCPT TO's ORCPT
# parameter, "none" uses nothing. Note that "none" is currently always used
# when a mail has multiple recipients.
#lmtp_hdr_delivery_address = final
# Workarounds for various client bugs:
# whitespace-before-path:
# Allow one or more spaces or tabs between `MAIL FROM:' and path and between
# `RCPT TO:' and path.
# mailbox-for-path:
# Allow using bare Mailbox syntax (i.e., without <...>) instead of full path
# syntax.
#
# The list is space-separated.
#lmtp_client_workarounds =
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
}
@@ -0,0 +1,84 @@
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
#protocols = $protocols sieve
# Service definitions
#service managesieve-login {
#inet_listener sieve {
# port = 4190
#}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
#}
#service managesieve {
# Max. number of ManageSieve processes (connections)
#process_limit = 1024
#}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
#managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from each IP
# address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
# %{put_count} - Number of scripts saved using PUTSCRIPT command
# %{get_bytes} - Number of bytes read using GETCRIPT command
# %{get_count} - Number of scripts read using GETSCRIPT command
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
#managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved you can
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
}
@@ -0,0 +1,99 @@
##
## POP3 specific settings
##
# Don't try to set mails non-recent or seen with POP3 sessions. This is
# mostly intended to reduce disk I/O. With maildir it doesn't move files
# from new/ to cur/, with mbox it doesn't write Status-header.
#pop3_no_flag_updates = no
# Support LAST command which exists in old POP3 specs, but has been removed
# from new ones. Some clients still wish to use this though. Enabling this
# makes RSET command clear all \Seen flags from messages.
#pop3_enable_last = no
# If mail has X-UIDL header, use it as the mail's UIDL.
#pop3_reuse_xuidl = no
# Allow only one POP3 session to run simultaneously for the same user.
#pop3_lock_session = no
# POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
# Many POP3 servers violate this by returning the sizes with LF linefeeds,
# because it's faster to get. When this setting is enabled, Dovecot still
# tries to do the right thing first, but if that requires opening the
# message, it fallbacks to the easier (but incorrect) size.
#pop3_fast_size_lookups = no
# POP3 UIDL (unique mail identifier) format to use. You can use following
# variables, along with the variable modifiers described in
# doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
#
# %v - Mailbox's IMAP UIDVALIDITY
# %u - Mail's IMAP UID
# %m - MD5 sum of the mailbox headers in hex (mbox only)
# %f - filename (maildir only)
# %g - Mail's GUID
#
# If you want UIDL compatibility with other POP3 servers, use:
# UW's ipop3d : %08Xv%08Xu
# Courier : %f or %v-%u (both might be used simultaneously)
# Cyrus (<= 2.1.3) : %u
# Cyrus (>= 2.1.4) : %v.%u
# Dovecot v0.99.x : %v.%u
# tpop3d : %Mf
#
# Note that Outlook 2003 seems to have problems with %v.%u format which was
# Dovecot's default, so if you're building a new server it would be a good
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
#
#pop3_uidl_format = %08Xu%08Xv
# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
# won't change those UIDLs. Currently this works only with Maildir.
#pop3_save_uidl = no
# What to do about duplicate UIDLs if they exist?
# allow: Show duplicates to clients.
# rename: Append a temporary -2, -3, etc. counter after the UIDL.
#pop3_uidl_duplicates = allow
# This option changes POP3 behavior so that it's not possible to actually
# delete mails via POP3, only hide them from future POP3 sessions. The mails
# will still be counted towards user's quota until actually deleted via IMAP.
# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword).
# Make sure you can legally archive mails before enabling this setting.
#pop3_deleted_flag =
# POP3 logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %t - number of TOP commands
# %p - number of bytes sent to client as a result of TOP command
# %r - number of RETR commands
# %b - number of bytes sent to client as a result of RETR command
# %d - number of deleted messages
# %{deleted_bytes} - number of bytes in deleted messages
# %m - number of messages (before deletion)
# %s - mailbox size in bytes (before deletion)
# %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
# Workarounds for various client bugs:
# outlook-no-nuls:
# Outlook and Outlook Express hang if mails contain NUL characters.
# This setting replaces them with 0x80 character.
# oe-ns-eoh:
# Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing.
# The list is space-separated.
#pop3_client_workarounds =
protocol pop3 {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Maximum number of POP3 connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
}
@@ -0,0 +1,112 @@
##
## Settings specific to SMTP Submission
##
# SMTP Submission logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{command_count} - Number of commands received from client
# %{reply_count} - Number of replies sent to client
# %{session} - Session ID of the login session
# %{transaction_id} - ID of the current transaction, if any
#submission_logout_format = in=%i out=%o
# Host name reported by the SMTP service, for example to the client in the
# initial greeting and to the relay server in the HELO/EHLO command.
# Default is the system's real hostname@domain.
#hostname =
# Maximum size of messages accepted for relay. This announced in the SIZE
# capability. If not configured, this is either determined from the relay
# server or left unlimited if no limit is known (relay will reply with error
# if some unknown limit exists there, which is duly passed to our client).
#submission_max_mail_size =
# Maximum number of recipients accepted per connection (default: unlimited)
#submission_max_recipients =
# Workarounds for various client bugs:
# whitespace-before-path:
# Allow one or more spaces or tabs between `MAIL FROM:' and path and between
# `RCPT TO:' and path.
# mailbox-for-path:
# Allow using bare Mailbox syntax (i.e., without <...>) instead of full path
# syntax.
#
# The list is space-separated.
#submission_client_workarounds =
# Relay server configuration:
#
# The Dovecot SMTP submission service directly proxies the mail transaction
# to the SMTP relay configured here.
# Host name for the relay server (required)
#submission_relay_host =
# Port for the relay server
#submission_relay_port = 25
# Is the relay server trusted? This determines whether we try to send
# (Postfix-specific) XCLIENT data to the relay server
#submission_relay_trusted = no
# Authentication data for the relay server if authentication is required
#submission_relay_user =
#submission_relay_master_user =
#submission_relay_password =
# SSL configuration for connection to relay server
#
# submission_relay_ssl:
# Indicates whether SSL is used for the connection to the relay server. The
# following values are defined for this setting:
#
# no - No SSL is used
# smtps - An SMTPS connection (immediate SSL) is used
# starttls - The STARTTLS command is used to establish SSL layer
#submission_relay_ssl = no
# submission_relay_ssl_verify:
# Configures whether the SSL certificate of the relay server is to be
# verified.
#submission_relay_ssl_verify = yes
# Write protocol logs for relay connection to this directory for debugging
#submission_relay_rawlog_dir =
# BURL is configured implicitly by IMAP URLAUTH
# Part of the SMTP capabilities that the submission service can offer to the
# client (as listed in the EHLO reply) depend on those capabilities also being
# provided by the relay server. These capabilities currently are:
#
# - 8BITMIME
# - BINARYMIME
# - DSN
# - VRFY (always returns 252 without support)
#
# By default, the submission service first connects to the relay server to
# determine the support for such capabilities before sending the initial EHLO
# reply to the client. If the list of capabilities returned by the relay server
# is somehow unreliable or it is undesirable to start the connection to the
# relay server before the first mail transaction is started, the backend
# capabilities can be configured explicitly using the
# submission_backend_capabilities setting. This is a space-separated list of
# SMTP capability names. This setting is only relevant for capabilities that
# depend on support from the relay server: including (or omitting) capabilities
# that are not listed above has no effect. When this setting is explicitly set
# to the empty string, none of the capabilities is enabled. To achieve the
# default behavior, this setting must be left unconfigured.
#submission_backend_capabilities =
protocol submission {
# Space-separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
# Maximum number of SMTP submission connections allowed for a user from
# each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
}
@@ -0,0 +1,19 @@
##
## Mailbox access control lists.
##
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
# You can also optionally give a global ACL directory path where ACLs are
# applied to all users' mailboxes. The global ACL directory contains
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
#acl = vfile:/etc/dovecot/global-acls:cache_secs=300
}
# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
#acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
}
@@ -0,0 +1,11 @@
##
## Plugin settings
##
# All wanted plugins must be listed in mail_plugins setting before any of the
# settings take effect. See <doc/wiki/Plugins.txt> for list of plugins and
# their configuration. Note that %variable expansion is done for all values.
plugin {
#setting_name = value
}
@@ -0,0 +1,83 @@
##
## Quota configuration.
##
# Note that you also have to enable quota plugin in mail_plugins setting.
# <doc/wiki/Quota.txt>
##
## Quota limits
##
# Quota limits are set using "quota_rule" parameters. To get per-user quota
# limits, you can set/override them by returning "quota_rule" extra field
# from userdb. It's also possible to give mailbox-specific limits, for example
# to give additional 100 MB when saving to Trash:
plugin {
#quota_rule = *:storage=1G
#quota_rule2 = Trash:storage=+100M
# LDA/LMTP allows saving the last mail to bring user from under quota to
# over quota, if the quota doesn't grow too high. Default is to allow as
# long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
#quota_grace = 10%%
# Quota plugin can also limit the maximum accepted mail size.
#quota_max_mail_size = 100M
}
##
## Quota warnings
##
# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is executed, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
plugin {
#quota_warning = storage=95%% quota-warning 95 %u
#quota_warning2 = storage=80%% quota-warning 80 %u
}
# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all system users
# can generate quota warnings to anyone.
#service quota-warning {
# executable = script /usr/local/bin/quota-warning.sh
# user = dovecot
# unix_listener quota-warning {
# user = vmail
# }
#}
##
## Quota backends
##
# Multiple backends are supported:
# dirsize: Find and sum all the files found from mail directory.
# Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
# dict: Keep quota stored in dictionary (eg. SQL)
# maildir: Maildir++ quota
# fs: Read-only support for filesystem quota
plugin {
#quota = dirsize:User quota
#quota = maildir:User quota
#quota = dict:User quota::proxy::quota
#quota = fs:User quota
}
# Multiple quota roots are also possible, for example this gives each user
# their own 100MB quota and one shared 1GB quota within the domain:
plugin {
#quota = dict:user::proxy::quota
#quota2 = dict:domain:%d:proxy::quota_domain
#quota_rule = *:storage=102400
#quota2_rule = *:storage=1048576
}
@@ -0,0 +1,44 @@
# Sieve Extprograms plugin configuration
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
# sieve_extensions or sieve_global_extensions settings. Restricting these
# extensions to a global context using sieve_global_extensions is recommended.
plugin {
# The directory where the program sockets are located for the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each unix socket contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_socket_dir = sieve-pipe
#sieve_filter_socket_dir = sieve-filter
#sieve_execute_socket_dir = sieve-execute
# The directory where the scripts are located for direct execution by the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each script contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
}
# An example program service called 'do-something' to pipe messages to
#service do-something {
# Define the executed script as parameter to the sieve service
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
# Use some unprivileged user for executing the program
#user = dovenull
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
# plugin {} section above)
#unix_listener sieve-pipe/do-something {
# LDA/LMTP must have access
# user = vmail
# mode = 0600
#}
#}
@@ -0,0 +1,205 @@
##
## Settings for the Sieve interpreter
##
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.
# The Sieve interpreter can retrieve Sieve scripts from several types of
# locations. The default `file' location type is a local filesystem path
# pointing to a Sieve script file or a directory containing multiple Sieve
# script files. More complex setups can use other location types such as
# `ldap' or `dict' to fetch Sieve scripts from remote databases.
#
# All settings that specify the location of one ore more Sieve scripts accept
# the following syntax:
#
# location = [<type>:]path[;<option>[=<value>][;...]]
#
# If the type prefix is omitted, the script location type is 'file' and the
# location is interpreted as a local filesystem path pointing to a Sieve script
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
# information.
plugin {
# The location of the user's main Sieve script or script storage. The LDA
# Sieve plugin uses this to find the active script for Sieve filtering at
# delivery. The "include" extension uses this location for retrieving
# :personal" scripts. This is also where the ManageSieve service will store
# the user's scripts, if supported.
#
# Currently only the 'file:' location type supports ManageSieve operation.
# Other location types like 'dict:' and 'ldap:' can currently only
# be used as a read-only script source ().
#
# For the 'file:' type: use the ';active=' parameter to specify where the
# active script symlink is located.
# For other types: use the ';name=' parameter to specify the name of the
# default/active script.
sieve = file:~/sieve;active=~/.dovecot.sieve
# The default Sieve script when the user has none. This is the location of a
# global sieve script file, which gets executed ONLY if user's personal Sieve
# script doesn't exist. Be sure to pre-compile this script manually using the
# sievec command line tool if the binary is not stored in a global location.
# --> See sieve_before for executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
# The name by which the default Sieve script (as configured by the
# sieve_default setting) is visible to the user through ManageSieve.
#sieve_default_name =
# Location for ":global" include scripts as used by the "include" extension.
#sieve_global =
# The location of a Sieve script that is run for any message that is about to
# be discarded; i.e., it is not delivered anywhere by the normal Sieve
# execution. This only happens when the "implicit keep" is canceled, by e.g.
# the "discard" action, and no actions that deliver the message are executed.
# This "discard script" can prevent discarding the message, by executing
# alternative actions. If the discard script does nothing, the message is
# still discarded as it would be when no discard script is configured.
#sieve_discard =
# Location Sieve of scripts that need to be executed before the user's
# personal script. If a 'file' location path points to a directory, all the
# Sieve scripts contained therein (with the proper `.sieve' extension) are
# executed. The order of execution within that directory is determined by the
# file names, using a normal 8bit per-character comparison.
#
# Multiple script locations can be specified by appending an increasing number
# to the setting name. The Sieve scripts found from these locations are added
# to the script execution sequence in the specified order. Reading the
# numbered sieve_before settings stops at the first missing setting, so no
# numbers may be skipped.
#sieve_before = /var/lib/dovecot/sieve.d/
#sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
#sieve_before3 = (etc...)
# Identical to sieve_before, only the specified scripts are executed after the
# user's script (only when keep is still in effect!). Multiple script
# locations can be specified by appending an increasing number.
#sieve_after =
#sieve_after2 =
#sieve_after2 = (etc...)
# Which Sieve language extensions are available to users. By default, all
# supported extensions are available, except for deprecated extensions or
# those that are still under development. Some system administrators may want
# to disable certain Sieve extensions or enable those that are not available
# by default. This setting can use '+' and '-' to specify differences relative
# to the default. For example `sieve_extensions = +imapflags' will enable the
# deprecated imapflags extension in addition to all extensions were already
# enabled by default.
#sieve_extensions = +notify +imapflags
# Which Sieve language extensions are ONLY available in global scripts. This
# can be used to restrict the use of certain Sieve extensions to administrator
# control, for instance when these extensions can cause security concerns.
# This setting has higher precedence than the `sieve_extensions' setting
# (above), meaning that the extensions enabled with this setting are never
# available to the user's personal script no matter what is specified for the
# `sieve_extensions' setting. The syntax of this setting is similar to the
# `sieve_extensions' setting, with the difference that extensions are
# enabled or disabled for exclusive use in global scripts. Currently, no
# extensions are marked as such by default.
#sieve_global_extensions =
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
# The sieve_extprograms plugin is included in this release.
#sieve_plugins =
# The maximum size of a Sieve script. The compiler will refuse to compile any
# script larger than this limit. If set to 0, no limit on the script size is
# enforced.
#sieve_max_script_size = 1M
# The maximum number of actions that can be performed during a single script
# execution. If set to 0, no limit on the total number of actions is enforced.
#sieve_max_actions = 32
# The maximum number of redirect actions that can be performed during a single
# script execution. If set to 0, no redirect actions are allowed.
#sieve_max_redirects = 4
# The maximum number of personal Sieve scripts a single user can have. If set
# to 0, no limit on the number of scripts is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_scripts = 0
# The maximum amount of disk storage a single user's scripts may occupy. If
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
# The primary e-mail address for the user. This is used as a default when no
# other appropriate address is available for sending messages. If this setting
# is not configured, either the postmaster or null "<>" address is used as a
# sender, depending on the action involved. This setting is important when
# there is no message envelope to extract addresses from, such as when the
# script is executed in IMAP.
#sieve_user_email =
# The path to the file where the user log is written. If not configured, a
# default location is used. If the main user's personal Sieve (as configured
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
#sieve_user_log =
# Specifies what envelope sender address is used for redirected messages.
# The following values are supported for this setting:
#
# "sender" - The sender address is used (default).
# "recipient" - The final recipient address is used.
# "orig_recipient" - The original recipient is used.
# "user_email" - The user's primary address is used. This is
# configured with the "sieve_user_email" setting. If
# that setting is unconfigured, "user_mail" is equal to
# "recipient".
# "postmaster" - The postmaster_address configured for the LDA.
# "<user@domain>" - Redirected messages are always sent from user@domain.
# The angle brackets are mandatory. The null "<>" address
# is also supported.
#
# This setting is ignored when the envelope sender is "<>". In that case the
# sender of the redirected message is also always "<>".
#sieve_redirect_envelope_from = sender
## TRACE DEBUGGING
# Trace debugging provides detailed insight in the operations performed by
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
# IMAPSIEVE plugin.
#
# WARNING: On a busy server, this functionality can quickly fill up the trace
# directory with a lot of trace files. Enable this only temporarily and as
# selective as possible.
# The directory where trace files are written. Trace debugging is disabled if
# this setting is not configured or if the directory does not exist. If the
# path is relative or it starts with "~/" it is interpreted relative to the
# current user's home directory.
#sieve_trace_dir =
# The verbosity level of the trace messages. Trace debugging is disabled if
# this setting is not configured. Possible values are:
#
# "actions" - Only print executed action commands, like keep,
# fileinto, reject and redirect.
# "commands" - Print any executed command, excluding test commands.
# "tests" - Print all executed commands and performed tests.
# "matching" - Print all executed commands, performed tests and the
# values matched in those tests.
#sieve_trace_level =
# Enables highly verbose debugging messages that are usually only useful for
# developers.
#sieve_trace_debug = no
# Enables showing byte code addresses in the trace output, rather than only
# the source line numbers.
#sieve_trace_addresses = no
}
@@ -0,0 +1,21 @@
# Authentication for checkpassword users. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.CheckPassword.txt>
passdb {
driver = checkpassword
args = /usr/bin/checkpassword
}
# passdb lookup should return also userdb info
userdb {
driver = prefetch
}
# Standard checkpassword doesn't support direct userdb lookups.
# If you need checkpassword userdb, the checkpassword must support
# Dovecot-specific extensions.
#userdb {
# driver = checkpassword
# args = /usr/bin/checkpassword
#}
@@ -0,0 +1,15 @@
# Deny access for users. Included from 10-auth.conf.
# Users can be (temporarily) disabled by adding a passdb with deny=yes.
# If the user is found from that database, authentication will fail.
# The deny passdb should always be specified before others, so it gets
# checked first.
# Example deny passdb using passwd-file. You can use any passdb though.
passdb {
driver = passwd-file
deny = yes
# File contains a list of usernames, one per line
args = /etc/dovecot/deny-users
}
@@ -0,0 +1,16 @@
# Authentication via dict backend. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.Dict.txt>
passdb {
driver = dict
# Path for dict configuration file, see
# example-config/dovecot-dict-auth.conf.ext
args = /etc/dovecot/dovecot-dict-auth.conf.ext
}
userdb {
driver = dict
args = /etc/dovecot/dovecot-dict-auth.conf.ext
}
@@ -0,0 +1,33 @@
# Authentication for LDAP users. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.LDAP.txt>
passdb {
driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
# driver = prefetch
#}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
# Default fields can be used to specify defaults that LDAP may override
#default_fields = home=/home/virtual/%u
}
# If you don't have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# <doc/wiki/UserDatabase.Static.txt>
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
@@ -0,0 +1,16 @@
# Authentication for master users. Included from 10-auth.conf.
# By adding master=yes setting inside a passdb you make the passdb a list
# of "master users", who can log in as anyone else.
# <doc/wiki/Authentication.MasterUsers.txt>
# Example master user passdb using passwd-file. You can use any passdb though.
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users
# Unless you're using PAM, you probably still want the destination user to
# be looked up from passdb that it really exists. pass=yes does that.
pass = yes
}
@@ -0,0 +1,20 @@
# Authentication for passwd-file users. Included from 10-auth.conf.
#
# passwd-like file with specified location.
# <doc/wiki/AuthDatabase.PasswdFile.txt>
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
userdb {
driver = passwd-file
args = username_format=%u /etc/dovecot/users
# Default fields that can be overridden by passwd-file
#default_fields = quota_rule=*:storage=1G
# Override fields from passwd-file
#override_fields = home=/home/virtual/%u
}
@@ -0,0 +1,30 @@
# Authentication for SQL users. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.SQL.txt>
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}
# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
# driver = prefetch
#}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
# If you don't have any user-specific settings, you can avoid the user_query
# by using userdb static instead of userdb sql, for example:
# <doc/wiki/UserDatabase.Static.txt>
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
@@ -0,0 +1,24 @@
# Static passdb. Included from 10-auth.conf.
# This can be used for situations where Dovecot doesn't need to verify the
# username or the password, or if there is a single password for all users:
#
# - proxy frontend, where the backend verifies the password
# - proxy backend, where the frontend already verified the password
# - authentication with SSL certificates
# - simple testing
#passdb {
# driver = static
# args = proxy=y host=%1Mu.example.com nopassword=y
#}
#passdb {
# driver = static
# args = password=test
#}
#userdb {
# driver = static
# args = uid=vmail gid=vmail home=/home/%u
#}
@@ -0,0 +1,74 @@
# Authentication for system users. Included from 10-auth.conf.
#
# <doc/wiki/PasswordDatabase.txt>
# <doc/wiki/UserDatabase.txt>
# PAM authentication. Preferred nowadays by most systems.
# PAM is typically used with either userdb passwd or userdb static.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
passdb {
driver = pam
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name>]
#args = dovecot
}
# System users (NSS, /etc/passwd, or similar).
# In many systems nowadays this uses Name Service Switch, which is
# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
#passdb {
#driver = passwd
# [blocking=no]
#args =
#}
# Shadow passwords for system users (NSS, /etc/shadow or similar).
# Deprecated by PAM nowadays.
# <doc/wiki/PasswordDatabase.Shadow.txt>
#passdb {
#driver = shadow
# [blocking=no]
#args =
#}
# PAM-like authentication for OpenBSD.
# <doc/wiki/PasswordDatabase.BSDAuth.txt>
#passdb {
#driver = bsdauth
# [blocking=no] [cache_key=<key>]
#args =
#}
##
## User databases
##
# System users (NSS, /etc/passwd, or similar). In many systems nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
userdb {
# <doc/wiki/AuthDatabase.Passwd.txt>
driver = passwd
# [blocking=no]
#args =
# Override fields from passwd
#override_fields = home=/home/virtual/%u
}
# Static settings generated from template <doc/wiki/UserDatabase.Static.txt>
#userdb {
#driver = static
# Can return anything a userdb could normally return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#
# LDA and LMTP needs to look up users only from the userdb. This of course
# doesn't work with static userdb because there is no list of users.
# Normally static userdb handles this by doing a passdb lookup. This works
# with most passdbs, with PAM being the most notable exception. If you do
# the user verification another way, you can add allow_all_users=yes to
# the args in which case the passdb lookup is skipped.
#
#args =
#}
@@ -0,0 +1,101 @@
## Dovecot configuration file
# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration
# "doveconf -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting files when posting to the Dovecot mailing list.
# '#' character and everything after it is treated as comments. Extra spaces
# and tabs are ignored. If you want to use either of these explicitly, put the
# value inside quotes, eg.: key = "# char and trailing whitespace "
# Most (but not all) settings can be overridden by different protocols and/or
# source/destination IPs by placing the settings inside sections, for example:
# protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
# Default values are shown for each setting, it's not required to uncomment
# those. These are exceptions to this though: No sections (e.g. namespace {})
# or plugin settings are added by default, they're listed only as examples.
# Paths are also just examples with the real defaults being based on configure
# options. The paths listed here are for configure --prefix=/usr
# --sysconfdir=/etc --localstatedir=/var
# Protocols we want to be serving.
#protocols = imap pop3 lmtp submission
# A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands
# can use -i <instance_name> to select which instance is used (an alternative
# to -c <config_path>). The instance name is also added to Dovecot processes
# in ps output.
#instance_name = dovecot
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space separated list of trusted network ranges. Connections from these
# IPs are allowed to override their IP addresses and ports (for logging and
# for authentication checks). disable_plaintext_auth is also ignored for
# these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination
# IP is e.g. a load balancer's IP.
#auth_proxy_self =
# Show more verbose process titles (in ps). Currently shows user name and
# IP address. Useful for seeing who are actually using the IMAP processes
# (eg. shared mailboxes or if same uid is used for multiple accounts).
#verbose_proctitle = no
# Should all processes be killed when Dovecot master process shuts down.
# Setting this to "no" means that Dovecot can be upgraded without
# forcing existing client connections to close (although that could also be
# a problem if the upgrade is e.g. because of a security fix).
#shutdown_clients = yes
# If non-zero, run mail commands via this many connections to doveadm server,
# instead of running them directly in the same process.
#doveadm_worker_count = 0
# UNIX socket or host:port used for connecting to doveadm server
#doveadm_socket_path = doveadm-server
# Space separated list of environment variables that are preserved on Dovecot
# startup and passed down to all of its child processes. You can also give
# key=value pairs to always set specific settings.
#import_environment = TZ
##
## Dictionary server settings
##
# Dictionary can be used to store key=value lists. This is used by several
# plugins. The dictionary can be accessed either directly or though a
# dictionary server. The following dict block maps dictionary names to URIs
# when the server is used. These can then be referenced using URIs in format
# "proxy::<name>".
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
@@ -0,0 +1,65 @@
ssl_min_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM
ssl_cert = </etc/dovecot/certificates/pubcert.pem
ssl_key = </etc/dovecot/certificates/privkey.pem
mail_location = maildir:/var/spool/mail/%d/%n
mail_privileged_group = mail
first_valid_uid = 0
mail_uid = mail
mail_gid = mail
mail_home = /var/spool/mail/%d/%n
passdb {
driver = passwd-file
args = username_format=%u scheme=SHA512-CRYPT /etc/dovecot/accounts
}
userdb {
driver = static
}
mail_plugins = $mail_plugins quota
protocols = imap lmtp submission
service lmtp {
inet_listener lmtp {
address = 0.0.0.0 ::
port = 24
}
}
lmtp_add_received_header = yes
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
protocol imap {
mail_plugins = $mail_plugins imap_quota
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
# port = 12340
}
}
mailbox_list_index = yes
protocol !indexer-worker {
mail_vsize_bg_after_count = 100
}
plugin {
quota = count:User quota
quota_rule = *:storage={{ dovecot_quota }}
quota_rule2 = Trash:storage=+100M
quota_rule3 = SPAM:ignore
quota_vsizes = yes
}
submission_relay_host = localhost
protocol submission {
mail_plugins = $mail_plugins
mail_max_userip_connections = 10
}
@@ -0,0 +1,12 @@
[Unit]
Description=Copy TLS Certificates for Dovecot
[Service]
Type=oneshot
ExecStartPre=mkdir -p /etc/dovecot/certificates
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ dovecot_vhost }}/*.pem /etc/dovecot/certificates/'
ExecStartPost=chown -R root:root /etc/dovecot/certificates
[Install]
WantedBy=dovecot.service
@@ -0,0 +1,9 @@
[Unit]
Description=Copy TLS Certificates for Dovecot
[Timer]
OnUnitActiveSec=5min
[Install]
WantedBy=dovecot.service
+2
View File
@@ -0,0 +1,2 @@
localhost
+5
View File
@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ensure_dovecot
@@ -0,0 +1,98 @@
---
# vars file for ensure_dovecot
package_list:
- name: 'dovecot'
state: 'present'
- name: 'dovecot-fts-xapian'
state: 'present'
- name: 'dovecot-mysql'
state: 'present'
- name: 'dovecot-pigeonhole'
state: 'present'
firewall_list:
- permanent: 'yes'
service: 'imap'
state: 'enabled'
- permanent: 'yes'
service: 'imaps'
state: 'enabled'
service_list:
- enabled: 'yes'
name: 'dovecot.service'
state: 'started'
- enabled: 'yes'
name: 'dovecot-copytls.service'
state: 'started'
- enabled: 'yes'
name: 'dovecot-copytls.timer'
state: 'started'
template_list:
- dest: '/etc/dovecot/conf.d/10-auth.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-auth.conf'
- dest: '/etc/dovecot/conf.d/10-director.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-director.conf'
- dest: '/etc/dovecot/conf.d/10-logging.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-logging.conf'
- dest: '/etc/dovecot/conf.d/10-mail.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-mail.conf'
- dest: '/etc/dovecot/conf.d/10-master.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-master.conf'
- dest: '/etc/dovecot/conf.d/10-metrics.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-metrics.conf'
- dest: '/etc/dovecot/conf.d/10-ssl.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/10-ssl.conf'
- dest: '/etc/dovecot/conf.d/15-lda.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/15-lda.conf'
- dest: '/etc/dovecot/conf.d/15-mailboxes.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/15-mailboxes.conf'
- dest: '/etc/dovecot/conf.d/20-imap.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/20-imap.conf'
- dest: '/etc/dovecot/conf.d/20-lmtp.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/20-lmtp.conf'
- dest: '/etc/dovecot/conf.d/20-pop3.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/20-pop3.conf'
- dest: '/etc/dovecot/conf.d/20-submission.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/20-submission.conf'
- dest: '/etc/dovecot/conf.d/90-acl.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/90-acl.conf'
- dest: '/etc/dovecot/conf.d/90-plugin.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/90-plugin.conf'
- dest: '/etc/dovecot/conf.d/90-quota.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/90-quota.conf'
- dest: '/etc/dovecot/conf.d/auth-checkpassword.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-checkpassword.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-deny.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-deny.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-dict.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-dict.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-ldap.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-ldap.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-master.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-master.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-passwdfile.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-passwdfile.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-sql.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-sql.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-static.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-static.conf.ext'
- dest: '/etc/dovecot/conf.d/auth-system.conf.ext'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/auth-system.conf.ext'
- dest: '/etc/dovecot/conf.d/20-managesieve.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/20-managesieve.conf'
- dest: '/etc/dovecot/conf.d/90-sieve-extprograms.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/90-sieve-extprograms.conf'
- dest: '/etc/dovecot/conf.d/90-sieve.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/conf.d/90-sieve.conf'
- dest: '/etc/dovecot/dovecot.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/dovecot.conf'
- dest: '/etc/dovecot/local.conf'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/local.conf'
- dest: '/etc/dovecot/accounts'
group: 'dovecot'
mode: '0600'
owner: 'dovecot'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/dovecot/accounts'
- dest: '/usr/lib/systemd/system/dovecot-copytls.service'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/dovecot-copytls.service'
- dest: '/usr/lib/systemd/system/dovecot-copytls.timer'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/dovecot-copytls.timer'
+2
View File
@@ -0,0 +1,2 @@
---
# vars file for ensure_dovecot
+2
View File
@@ -0,0 +1,2 @@
---
# vars file for ensure_dovecot
-94
View File
@@ -1,94 +0,0 @@
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
+40
View File
@@ -0,0 +1,40 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
| variable | default | description |
|-|-|-|
| mariadb&lowbar;vhost | inventory&lowbar;hostname | What mod&lowbar;md certificate should be used for MariaDB |
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+8
View File
@@ -0,0 +1,8 @@
---
# defaults file for ensure_gitea
gitea_database_type: 'mysql'
gitea_database_host: 'localhost:3306'
gitea_database_name: 'gitea'
gitea_database_user: 'gitea'
gitea_database_pass: 'SuperSecretSquirrel'
+28
View File
@@ -0,0 +1,28 @@
---
# handlers file for ensure_gitea
- name: 'ensure_gitea.package_facts'
ansible.builtin.package_facts:
- name: 'ensure_gitea.service_facts'
ansible.builtin.service_facts:
- name: 'ensure_gitea.service_reload'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["service_mgr"] == 'systemd'
- ensure_gitea is defined
ansible.builtin.systemd:
daemon_reload: 'yes'
- name: 'ensure_gitea.service_restart'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.service_list is defined
- ensure_gitea.service_list is iterable
- item.state == 'started'
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: 'restarted'
loop: '{{ ensure_gitea.service_list }}'
loop_control:
label: '{{ item.name }} will be restarted'
...
+53
View File
@@ -0,0 +1,53 @@
galaxy_info:
author: Jason Rothstein
description: Deploy MariaDB
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: LGPL-3.0-or-later
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
+217
View File
@@ -0,0 +1,217 @@
---
# tasks file for ensure_gitea
- name: 'include variables'
when:
- ansible_facts["system"] == 'Linux'
include_vars:
file: '{{ lookup("first_found", findme ) }}'
name: 'ensure_gitea'
vars:
findme:
files:
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["distribution"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-default.yml'
- 'default.yml'
paths:
- '../vars/'
errors: 'ignore'
- name: 'package discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["packages"] is not defined
ansible.builtin.package_facts:
- name: 'service discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["services"] is not defined
ansible.builtin.service_facts:
- name: 'ensure yum repository'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["pkg_mgr"] == 'dnf' or ansible_facts["pkg_mgr"] == 'dnf5' or ansible_facts["pkg_mgr"] == 'yum'
- ensure_gitea is defined
- ensure_gitea.yum_repository_list is defined
- ensure_gitea.yum_repository_list is iterable
ansible.builtin.yum_repository:
attributes: '{{ item.attributes | default(omit) }}'
bandwidth: '{{ item.bandwidth | default(omit) }}'
baseurl: '{{ item.baseurl | default(omit) }}'
countme: '{{ item.countme | default(omit) }}'
deltarpm_percentage: '{{ item.deltarpm_percentage | default(omit) }}'
description: '{{ item.description | default(omit) }}'
enabled: '{{ item.enabled | default(omit) }}'
enablegroups: '{{ item.enablegroups | default(omit) }}'
exclude: '{{ item.exclude | default(omit) }}'
failovermethod: '{{ item.failovermethod | default(omit) }}'
file: '{{ item.file | default(omit) }}'
gpgcheck: '{{ item.gpgcheck | default(omit) }}'
gpgkey: '{{ item.gpgkey | default(omit) }}'
group: '{{ item.group | default(omit) }}'
include: '{{ item.include | default(omit) }}'
includepkgs: '{{ item.includepkgs | default(omit) }}'
ip_resolve: '{{ item.ip_resolve | default(omit) }}'
metadata_expire: '{{ item.metadata_expire | default(omit) }}'
metalink: '{{ item.metalink | default(omit) }}'
mirrorlist: '{{ item.mirrorlist | default(omit) }}'
mode: '{{ item.mode | default(omit) }}'
module_hotfixes: '{{ item.module_hotfixes | default(omit) }}'
name: '{{ item.name }}'
owner: '{{ item.owner | default(omit) }}'
password: '{{ item.password | default(omit) }}'
priority: '{{ item.priority | default(omit) }}'
proxy: '{{ item.proxy | default(omit) }}'
proxy_password: '{{ item.proxy_password | default(omit) }}'
proxy_username: '{{ item.proxy_username | default(omit) }}'
repo_gpgcheck: '{{ item.repo_gpgcheck | default(omit) }}'
reposdir: '{{ item.reposdir | default(omit) }}'
retries: '{{ item.retries | default(omit) }}'
s3_enabled: '{{ item.s3_enabled | default(omit) }}'
selevel: '{{ item.selevel | default(omit) }}'
serole: '{{ item.serole | default(omit) }}'
setype: '{{ item.setype | default(omit) }}'
seuser: '{{ item.seuser | default(omit) }}'
skip_if_unavailable: '{{ item.skip_if_unavailable | default(omit) }}'
sslcacert: '{{ item.sslcacert | default(omit) }}'
sslclientcert: '{{ item.sslclientcert | default(omit) }}'
sslclientkey: '{{ item.sslclientkey | default(omit) }}'
sslverify: '{{ item.sslverify | default(omit) }}'
state: '{{ item.state }}'
throttle: '{{ item.throttle | default(omit) }}'
timeout: '{{ item.timeout | default(omit) }}'
unsafe_writes: '{{ item.unsafe_writes | default(omit) }}'
username: '{{ item.username | default(omit) }}'
loop: '{{ ensure_gitea.yum_repository_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure sysctl'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.sysctl_list is defined
- ensure_gitea.sysctl_list is iterable
ansible.posix.sysctl:
name: '{{ item.name }}'
reload: '{{ item.reload | default(omit) }}'
state: '{{ item.state }}'
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
value: '{{ item.value | default(omit) }}'
loop: '{{ ensure_gitea.sysctl_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.value }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure packages'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.package_list is defined
- ensure_gitea.package_list is iterable
ansible.builtin.package:
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_gitea.package_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure seboolean'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.seboolean_list is defined
- ensure_gitea.seboolean_list is iterable
ansible.posix.seboolean:
name: '{{ item.name }}'
persistent: '{{ item.persistent }}'
state: '{{ item.state }}'
loop: '{{ ensure_gitea.seboolean_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure configurations'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.template_list is defined
- ensure_gitea.template_list is iterable
ansible.builtin.template:
backup: 'no'
dest: '{{ item.dest }}'
group: '{{ item.group | default(omit) }}'
mode: '{{ item.mode | default(omit) }}'
owner: '{{ item.owner | default(omit) }}'
selevel: '{{ iteml.selevel | default(omit) }}'
serole: '{{ item.serole | default(omit) }}'
setype: '{{ item.setype | default(omit) }}'
seuser: '{{ item.seuser | default(omit) }}'
src: '{{ item.src }}'
loop: '{{ ensure_gitea.template_list }}'
loop_control:
label: '{{ item.dest }} will be ensured'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure firewall'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts.packages["firewalld"] is defined
- ansible_facts.packages["python3-firewall"] is defined
- ensure_gitea is defined
- ensure_gitea.firewall_list is defined
- ensure_gitea.firewall_list is iterable
ansible.posix.firewalld:
permanent: '{{ item.permanent }}'
service: '{{ item.service }}'
state: '{{ item.state }}'
loop: '{{ ensure_gitea.firewall_list }}'
loop_control:
label: '{{ item.service }} will be {{ item.state }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'ensure services'
when:
- ansible_facts["system"] == 'Linux'
- ensure_gitea is defined
- ensure_gitea.service_list is defined
- ensure_gitea.service_list is iterable
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_gitea.service_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_gitea.package_facts'
- 'ensure_gitea.service_facts'
- 'ensure_gitea.service_reload'
- 'ensure_gitea.service_restart'
- name: 'flush handlers'
meta: 'flush_handlers'
...
+2
View File
@@ -0,0 +1,2 @@
localhost
+5
View File
@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ensure_gitea
@@ -0,0 +1,19 @@
---
# vars file for ensure_gitea
package_list:
- name: 'gitea'
state: 'present'
service_list:
- name: 'gitea.service'
state: 'started'
enabled: 'yes'
yum_repository_list:
- name: 'gitea-fedorapackages-fedora'
baseurl: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/'
description: 'FedoraPackages - Fire Dragon GIT Repository - fedora - {{ ansible_facts.distribution_major_version }} - {{ ansible_facts.architecture }}'
enabled: true
gpgcheck: false
gpgkey: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/repository.key'
state: 'present'
...
@@ -0,0 +1,19 @@
---
# vars file for ensure_gitea
package_list:
- name: 'gitea'
state: 'present'
service_list:
- name: 'gitea.service'
state: 'started'
enabled: 'yes'
yum_repository_list:
- name: 'gitea-fedorapackages-fedora'
baseurl: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/'
description: 'FedoraPackages - Fire Dragon GIT Repository - fedora - {{ ansible_facts.distribution_major_version }} - {{ ansible_facts.architecture }}'
enabled: true
gpgcheck: false
gpgkey: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/repository.key'
state: 'present'
...
@@ -0,0 +1,19 @@
---
# vars file for ensure_gitea
package_list:
- name: 'gitea'
state: 'present'
service_list:
- name: 'gitea.service'
state: 'started'
enabled: 'yes'
yum_repository_list:
- name: 'gitea-fedorapackages-fedora'
baseurl: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/'
description: 'FedoraPackages - Fire Dragon GIT Repository - fedora - {{ ansible_facts.distribution_major_version }} - {{ ansible_facts.architecture }}'
enabled: true
gpgcheck: false
gpgkey: 'https://gitea.fdragon.com/api/packages/Fedora-fc$releasever/rpm/repository.key'
state: 'present'
...
+2
View File
@@ -0,0 +1,2 @@
---
# vars file for ensure_gitea
+2
View File
@@ -0,0 +1,2 @@
---
# vars file for ensure_gitea
-94
View File
@@ -1,94 +0,0 @@
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> Vim
# Swap
[._]*.s[a-v][a-z]
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
# Temporary
.netrwhist
*~
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
-78
View File
@@ -1,78 +0,0 @@
# ---> Ansible
*.retry
# ---> Windows
# Windows thumbnail cache files
Thumbs.db
ehthumbs.db
ehthumbs_vista.db
# Dump file
*.stackdump
# Folder config file
[Dd]esktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Windows Installer files
*.cab
*.msi
*.msix
*.msm
*.msp
# Windows shortcuts
*.lnk
# ---> Linux
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
# ---> macOS
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
# ---> VisualStudioCode
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
-163
View File
@@ -1,163 +0,0 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http s ://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies of this license
document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates the terms
and conditions of version 3 of the GNU General Public License, supplemented
by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser General
Public License, and the "GNU GPL" refers to version 3 of the GNU General Public
License.
"The Library" refers to a covered work governed by this License, other than
an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided by the
Library, but which is not otherwise based on the Library. Defining a subclass
of a class defined by the Library is deemed a mode of using an interface provided
by the Library.
A "Combined Work" is a work produced by combining or linking an Application
with the Library. The particular version of the Library with which the Combined
Work was made is also called the "Linked Version".
The "Minimal Corresponding Source" for a Combined Work means the Corresponding
Source for the Combined Work, excluding any source code for portions of the
Combined Work that, considered in isolation, are based on the Application,
and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the object
code and/or source code for the Application, including any data and utility
programs needed for reproducing the Combined Work from the Application, but
excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License without
being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a facility
refers to a function or data to be supplied by an Application that uses the
facility (other than as an argument passed when the facility is invoked),
then you may convey a copy of the modified version:
a) under this License, provided that you make a good faith effort to ensure
that, in the event an Application does not supply the function or data, the
facility still operates, and performs whatever part of its purpose remains
meaningful, or
b) under the GNU GPL, with none of the additional permissions of this License
applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from a header
file that is part of the Library. You may convey such object code under terms
of your choice, provided that, if the incorporated material is not limited
to numerical parameters, data structure layouts and accessors, or small macros,
inline functions and templates (ten or fewer lines in length), you do both
of the following:
a) Give prominent notice with each copy of the object code that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that, taken together,
effectively do not restrict modification of the portions of the Library contained
in the Combined Work and reverse engineering for debugging such modifications,
if you also do each of the following:
a) Give prominent notice with each copy of the Combined Work that the Library
is used in it and that the Library and its use are covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during execution, include
the copyright notice for the Library among these notices, as well as a reference
directing the user to the copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this License,
and the Corresponding Application Code in a form suitable for, and under terms
that permit, the user to recombine or relink the Application with a modified
version of the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
1) Use a suitable shared library mechanism for linking with the Library. A
suitable mechanism is one that (a) uses at run time a copy of the Library
already present on the user's computer system, and (b) will operate properly
with a modified version of the Library that is interface-compatible with the
Linked Version.
e) Provide Installation Information, but only if you would otherwise be required
to provide such information under section 6 of the GNU GPL, and only to the
extent that such information is necessary to install and execute a modified
version of the Combined Work produced by recombining or relinking the Application
with a modified version of the Linked Version. (If you use option 4d0, the
Installation Information must accompany the Minimal Corresponding Source and
Corresponding Application Code. If you use option 4d1, you must provide the
Installation Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the Library side
by side in a single library together with other library facilities that are
not Applications and are not covered by this License, and convey such a combined
library under terms of your choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based on the
Library, uncombined with any other library facilities, conveyed under the
terms of this License.
b) Give prominent notice with the combined library that part of it is a work
based on the Library, and explaining where to find the accompanying uncombined
form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions of the
GNU Lesser General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to address
new problems or concerns.
Each version is given a distinguishing version number. If the Library as you
received it specifies that a certain numbered version of the GNU Lesser General
Public License "or any later version" applies to it, you have the option of
following the terms and conditions either of that published version or of
any later version published by the Free Software Foundation. If the Library
as you received it does not specify a version number of the GNU Lesser General
Public License, you may choose any version of the GNU Lesser General Public
License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide whether
future versions of the GNU Lesser General Public License shall apply, that
proxy's public statement of acceptance of any version is permanent authorization
for you to choose that version for the Library.
+29
View File
@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
+40
View File
@@ -0,0 +1,40 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
| variable | default | description |
|-|-|-|
| mariadb&lowbar;vhost | inventory&lowbar;hostname | What mod&lowbar;md certificate should be used for MariaDB |
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+3
View File
@@ -0,0 +1,3 @@
---
# defaults file for ensure_mariadb
mariadb_vhost: '{{ inventory_hostname }}'
+28
View File
@@ -0,0 +1,28 @@
---
# handlers file for ensure_mariadb
- name: 'ensure_mariadb.package_facts'
ansible.builtin.package_facts:
- name: 'ensure_mariadb.service_facts'
ansible.builtin.service_facts:
- name: 'ensure_mariadb.service_reload'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["service_mgr"] == 'systemd'
- ensure_mariadb is defined
ansible.builtin.systemd:
daemon_reload: 'yes'
- name: 'ensure_mariadb.service_restart'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.service_list is defined
- ensure_mariadb.service_list is iterable
- item.state == 'started'
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: 'restarted'
loop: '{{ ensure_mariadb.service_list }}'
loop_control:
label: '{{ item.name }} will be restarted'
...
+53
View File
@@ -0,0 +1,53 @@
galaxy_info:
author: Jason Rothstein
description: Deploy MariaDB
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: LGPL-3.0-or-later
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
+238
View File
@@ -0,0 +1,238 @@
---
# tasks file for ensure_mariadb
- name: 'include variables'
when:
- ansible_facts["system"] == 'Linux'
include_vars:
file: '{{ lookup("first_found", findme ) }}'
name: 'ensure_mariadb'
vars:
findme:
files:
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["distribution"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["distribution"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-{{ ansible_facts["architecture"] }}.yml'
- '{{ ansible_facts["os_family"] }}-{{ ansible_facts["distribution_major_version"] }}-default.yml'
- '{{ ansible_facts["os_family"] }}-default.yml'
- 'default.yml'
paths:
- '../vars/'
errors: 'ignore'
- name: 'package discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["packages"] is not defined
ansible.builtin.package_facts:
- name: 'service discovery'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts["services"] is not defined
ansible.builtin.service_facts:
- name: 'ensure sysctl'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.sysctl_list is defined
- ensure_mariadb.sysctl_list is iterable
ansible.posix.sysctl:
name: '{{ item.name }}'
reload: '{{ item.reload | default(omit) }}'
state: '{{ item.state }}'
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
value: '{{ item.value | default(omit) }}'
loop: '{{ ensure_mariadb.sysctl_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.value }}'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'ensure packages'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.package_list is defined
- ensure_mariadb.package_list is iterable
ansible.builtin.package:
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_mariadb.package_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'ensure seboolean'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.seboolean_list is defined
- ensure_mariadb.seboolean_list is iterable
ansible.posix.seboolean:
name: '{{ item.name }}'
persistent: '{{ item.persistent }}'
state: '{{ item.state }}'
loop: '{{ ensure_mariadb.seboolean_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'ensure configurations'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.template_list is defined
- ensure_mariadb.template_list is iterable
ansible.builtin.template:
backup: 'no'
dest: '{{ item.dest }}'
group: '{{ item.group | default(omit) }}'
mode: '{{ item.mode | default(omit) }}'
owner: '{{ item.owner | default(omit) }}'
selevel: '{{ iteml.selevel | default(omit) }}'
serole: '{{ item.serole | default(omit) }}'
setype: '{{ item.setype | default(omit) }}'
seuser: '{{ item.seuser | default(omit) }}'
src: '{{ item.src }}'
loop: '{{ ensure_mariadb.template_list }}'
loop_control:
label: '{{ item.dest }} will be ensured'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'ensure firewall'
when:
- ansible_facts["system"] == 'Linux'
- ansible_facts.packages["firewalld"] is defined
- ansible_facts.packages["python3-firewall"] is defined
- ensure_mariadb is defined
- ensure_mariadb.firewall_list is defined
- ensure_mariadb.firewall_list is iterable
ansible.posix.firewalld:
permanent: '{{ item.permanent }}'
service: '{{ item.service }}'
state: '{{ item.state }}'
loop: '{{ ensure_mariadb.firewall_list }}'
loop_control:
label: '{{ item.service }} will be {{ item.state }}'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'ensure services'
when:
- ansible_facts["system"] == 'Linux'
- ensure_mariadb is defined
- ensure_mariadb.service_list is defined
- ensure_mariadb.service_list is iterable
ansible.builtin.service:
enabled: '{{ item.enabled }}'
name: '{{ item.name }}'
state: '{{ item.state }}'
loop: '{{ ensure_mariadb.service_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
notify:
- 'ensure_mariadb.package_facts'
- 'ensure_mariadb.service_facts'
- 'ensure_mariadb.service_reload'
- 'ensure_mariadb.service_restart'
- name: 'flush handlers'
meta: 'flush_handlers'
- name: 'ensure mariadb databases'
when:
- mariadb_db_list is defined
- mariadb_db_list is iterable
community.mysql.mysql_db:
ca_cert: '{{ item.ca_cert | default(omit) }}'
chdir: '{{ item.chdir | default(omit) }}'
check_hostname: '{{ item.check_hostname | default(omit) }}'
check_implicit_admin: '{{ item.check_implicit_admin | default(omit) }}'
client_cert: '{{ item.client_cert | default(omit) }}'
client_key: '{{ item.client_key | default(omit) }}'
collation: '{{ item.collation | default(omit) }}'
config_file: '{{ item.config_file | default(omit) }}'
config_overrides_defaults: '{{ item.config_overrides_defaults | default(omit) }}'
connect_timeout: '{{ item.connect_timeout | default(omit) }}'
dump_extra_args: '{{ item.dump_extra_args | default(omit) }}'
encoding: '{{ item.encoding | default(omit) }}'
force: '{{ item.force | default(omit) }}'
hex_blob: '{{ item.hex_blob | default(omit) }}'
ignore_tables: '{{ item.ignore_tables | default(omit) }}'
login_host: '{{ item.login_host | default(omit) }}'
login_password: '{{ item.login_password | default(omit) }}'
login_port: '{{ item.login_port | default(omit) }}'
login_unix_socket: '{{ item.login_unix_socket | default(omit) }}'
login_user: '{{ item.login_user | default(omit) }}'
master_data: '{{ item.master_data | default(omit) }}'
name: '{{ item.name }}'
pipefail: '{{ item.pipefail | default(omit) }}'
quick: '{{ item.quick | default(omit) }}'
restrict_config_file: '{{ item.restrict_config_file | default(omit) }}'
single_transaction: '{{ item.single_transaction | default(omit) }}'
skip_lock_tables: '{{ item.skip_lock_tables | default(omit) }}'
sql_log_bin: '{{ item.sql_log_bin | default(omit) }}'
state: '{{ item.state }}'
target: '{{ item.target | default(omit) }}'
unsafe_login_password: '{{ item.unsafe_login_password | default(omit) }}'
use_shell: '{{ item.use_shell | default(omit) }}'
loop: '{{ mariadb_db_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
- name: 'ensure mariadb users'
when:
- mariadb_user_list is defined
- mariadb_user_list is iterable
community.mysql.mysql_user:
append_privs: '{{ item.append_privs | default(omit) }}'
attributes: '{{ item.attributes | default(omit) }}'
ca_cert: '{{ item.ca_cert | default(omit) }}'
check_hostname: '{{ item.check_hostname | default(omit) }}'
check_implicit_admin: '{{ item.check_implicit_admin | default(omit) }}'
client_cert: '{{ item.client_cert | default(omit) }}'
client_key: '{{ item.client_key | default(omit) }}'
column_case_sensitive: '{{ item.column_case_sensitive | default(omit) }}'
config_file: '{{ item.config_file | default(omit) }}'
connect_timeout: '{{ item.connect_timeout | default(omit) }}'
encrypted: '{{ item.encrypted | default(omit) }}'
force_context: '{{ item.force_context | default(omit) }}'
host: '{{ item.host | default(omit) }}'
host_all: '{{ item.host_all | default(omit) }}'
locked: '{{ item.locked | default(omit) }}'
login_host: '{{ item.login_host | default(omit) }}'
login_password: '{{ item.login_password | default(omit) }}'
login_port: '{{ item.login_port | default(omit) }}'
login_unix_socket: '{{ item.login_unix_socket | default(omit) }}'
login_user: '{{ item.login_user | default(omit) }}'
name: '{{ item.name }}'
password: '{{ item.password | default(omit) }}'
password_expire: '{{ item.password_expire | default(omit) }}'
password_expire_interval: '{{ item.password_expire_interval | default(omit) }}'
plugin: '{{ item.plugin | default(omit) }}'
plugin_auth_string: '{{ item.plugin_auth_string | default(omit) }}'
plugin_hash_string: '{{ item.plugin_hash_string | default(omit) }}'
priv: '{{ item.priv | default(omit) }}'
resource_limits: '{{ item.resource_limits | default(omit) }}'
salt: '{{ item.salt | default(omit) }}'
session_vars: '{{ item.session_vars | default(omit) }}'
sql_log_bin: '{{ item.sql_log_bin | default(omit) }}'
state: '{{ item.state }}'
subtract_privs: '{{ item.subtract_privs | default(omit) }}'
tls_requires: '{{ item.tls_requires | default(omit) }}'
update_password: '{{ item.update_password | default(omit) }}'
loop: '{{ mariadb_user_list }}'
loop_control:
label: '{{ item.name }} will be {{ item.state }}'
...
@@ -0,0 +1,46 @@
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Require ssl
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Require local
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/templates/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Require all denied
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
@@ -0,0 +1,11 @@
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
@@ -0,0 +1,2 @@
[mariadb]
#plugin-load-add=auth_gssapi.so
@@ -0,0 +1,14 @@
#
# These two groups are read by the client library
# Use it for options that affect all clients, but not the server
#
[client]
default-character-set = utf8mb4
# This group is not read by mysql client library,
# If you use the same .cnf file for MySQL and MariaDB,
# use it for MariaDB-only client options
[client-mariadb]
ssl
# ssl-verify-server-cert
@@ -0,0 +1,2 @@
[mariadb]
#plugin-load-add=cracklib_password_check.so
@@ -0,0 +1,20 @@
#
# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d)
# and it will enable data at rest encryption. This is a simple way to
# ensure that everything that can be encrypted will be and your
# data will not leak unencrypted.
#
# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
# newer version and your edits will be lost. Instead, add your edits
# to the .cnf file after the !include directive.
#
# NOTE that you also need to install an encryption plugin for the encryption
# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
#
[mariadb]
aria-encrypt-tables
encrypt-binlog
encrypt-tmp-disk-tables
encrypt-tmp-files
loose-innodb-encrypt-log
loose-innodb-encrypt-tables
@@ -0,0 +1,117 @@
# Copyright (C) 2019-2022 MariaDB Corporation
#
# This is a default configuration for the Hashicorp Vault plugin.
# You can read more about the parameters of this plugin in the
# hashicorp_key_management.txt file.
#
# NOTE THAT YOU MUST MANUALLY UNCOMMENT THE "plugin-load-add"
# LINE AND ALL THE NECESSARY PARAMETERS BELOW, SETTING THEM
# TO APPROPRIATE VALUES!
#
[mariadb]
#
# To use Hashicorp Vault KMS, the plugin must be preloaded and
# activated on the server:
#
#plugin-load-add=hashicorp_key_management.so
# Most of its parameters should not be changed during plugin
# operation and therefore must be preconfigured as part of
# the server configuration:
#
# HTTP[s] URL that is used to connect to the Hashicorp Vault server.
# It must include the name of the scheme ("https://" for a secure
# connection) and, according to the API rules for storages of the
# key-value type in Hashicorp Vault, after the server address, the
# path must begin with the "/v1/" string (as prefix), for example:
# "https://127.0.0.1:8200/v1/my_secrets"
#
#hashicorp-key-management-vault-url="<url>"
#
# Authentication token that passed to the Hashicorp Vault
# in the request header:
#
#hashicorp-key-management-token="<token>"
#
# Optional path to the Certificate Authority (CA) bundle
# (is a file that contains root and intermediate certificates):
#
#hashicorp-key-management-vault-ca="<path>"
#
# Set the duration (in seconds) for the Hashicorp Vault server
# connection timeout. The allowed range is from 1 to 86400 seconds.
# The user can also specify a zero value, which means the default
# timeout value set by the libcurl library (currently 300 seconds):
#
#hashicorp-key-management-timeout=15
#
# Number of server request retries in case of timeout:
#
#hashicorp-key-management-retries=3
#
# Enable key caching (storing key values received from
# the Hashicorp Vault server in the local memory):
#
#hashicorp-key-management-caching-enabled="on"
#
# This parameter instructs the plugin to use the key values
# or version numbers taken from the cache in the event of a
# timeout when accessing the vault server. By default this
# option is disabled.
#
# Please note that key values or version numbers will be read
# from the cache when the timeout expires only after the number
# of attempts to read them from the storage server that specified
# by the hashicorp-key-management-retries parameter has been
# exhausted:
#
#hashicorp-key-management-use-cache-on-timeout="off"
#
# The time (in milliseconds) after which the value of the key
# stored in the cache becomes invalid and an attempt to read this
# data causes a new request send to the vault server. By default,
# cache entries become invalid after 60,000 milliseconds (after
# one minute).
#
# If the value of this parameter is zero, then the keys will always
# be considered invalid, but they still can be used if the vault
# server is unavailable and the corresponding cache operating mode
# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
# is enabled.
#
#hashicorp-key-management-cache-timeout=0
#
# The time (in milliseconds) after which the information about
# latest version number of the key (which stored in the cache)
# becomes invalid and an attempt to read this information causes
# a new request send to the vault server.
#
# If the value of this parameter is zero, then information abount
# latest key version numbers always considered invalid, unless
# there is no communication with the vault server and use of the
# cache is allowed when the server is unavailable.
#
# By default, this parameter is zero, that is, the latest version
# numbers for the keys stored in the cache are considered always
# invalid, except when the vault server is unavailable and use
# of the cache is allowed on server failures.
#
#hashicorp-key-management-cache-version-timeout=0
#
# This parameter enables ("on", this is the default value) or disables
# ("off") checking the kv storage version during plugin initialization.
# The plugin requires storage to be version 2 or older in order for it
# to work properly.
#
#hashicorp-key-management-check-kv-version=on
@@ -0,0 +1,59 @@
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mysqld/mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid
character-set-server = utf8mb4
ssl-cert=/etc/my.cnf.d/certificates/pubcert.pem
ssl-key=/etc/my.cnf.d/certificates/privkey.pem
tls-version=TLSv1.3,TLSv1.2
#
# * Galera-related settings
#
[galera]
# Mandatory settings
#wsrep_on=ON
#wsrep_provider=
#wsrep_cluster_address=
#binlog_format=row
#default_storage_engine=InnoDB
#innodb_autoinc_lock_mode=2
#
# Allow server to accept connections on all interfaces.
#
#bind-address=0.0.0.0
#
# Optional setting
#wsrep_slave_threads=1
#innodb_flush_log_at_trx_commit=0
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.11 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.11]
@@ -0,0 +1,23 @@
#
# These groups are read by MariaDB command-line tools
# Use it for options that affect only one utility
#
[mysql]
[mysql_upgrade]
[mysqladmin]
[mysqlbinlog]
[mysqlcheck]
[mysqldump]
[mysqlimport]
[mysqlshow]
[mysqlslap]
@@ -0,0 +1,3 @@
[server]
plugin_load_add=provider_bzip2
provider_bzip2=force_plus_permanent
@@ -0,0 +1,3 @@
[server]
plugin_load_add=provider_lz4
provider_lz4=force_plus_permanent
@@ -0,0 +1,3 @@
[server]
plugin_load_add=provider_lzma
provider_lzma=force_plus_permanent
@@ -0,0 +1,3 @@
[server]
plugin_load_add=provider_lzo
provider_lzo=force_plus_permanent
@@ -0,0 +1,3 @@
[server]
plugin_load_add=provider_snappy
provider_snappy=force_plus_permanent
@@ -0,0 +1,7 @@
[mariadb]
#
# Uncomment line to enable
#
#plugin-load-add = ha_spider
# Read more at https://mariadb.com/kb/en/spider/
@@ -0,0 +1,160 @@
<?php
/**
* phpMyAdmin sample configuration, you can use it as base for
* manual configuration. For easier setup you can use setup/
*
* All directives are explained in documentation in the doc/ folder
* or at <https://docs.phpmyadmin.net/>.
*/
declare(strict_types=1);
/**
* This is needed for cookie based authentication to encrypt the cookie.
* Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
*/
$cfg['blowfish_secret'] = '26227697261f24526e194bb441ff689e'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/**
* Servers configuration
*/
$i = 0;
/**
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
/**
* phpMyAdmin configuration storage settings.
*/
/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
/* Storage database and tables */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
// $cfg['Servers'][$i]['history'] = 'pma__history';
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
// $cfg['Servers'][$i]['users'] = 'pma__users';
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
/**
* End of servers configuration
*/
/**
* Directories for saving/loading files from server
*/
$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
/**
* Whether to display icons or text or both icons and text in table row
* action segment. Value can be either of 'icons', 'text' or 'both'.
* default = 'both'
*/
//$cfg['RowActionType'] = 'icons';
/**
* Defines whether a user should be displayed a "show all (records)"
* button in browse mode or not.
* default = false
*/
//$cfg['ShowAll'] = true;
/**
* Number of rows displayed when browsing a result set. If the result
* set contains more rows, "Previous" and "Next".
* Possible values: 25, 50, 100, 250, 500
* default = 25
*/
//$cfg['MaxRows'] = 50;
/**
* Disallow editing of binary fields
* valid values are:
* false allow editing
* 'blob' allow editing except for BLOB fields
* 'noblob' disallow editing except for BLOB fields
* 'all' disallow editing
* default = 'blob'
*/
//$cfg['ProtectBinary'] = false;
/**
* Default language to use, if not browser-defined or user-defined
* (you find all languages in the locale folder)
* uncomment the desired line:
* default = 'en'
*/
//$cfg['DefaultLang'] = 'en';
//$cfg['DefaultLang'] = 'de';
/**
* How many columns should be used for table display of a database?
* (a value larger than 1 results in some information being hidden)
* default = 1
*/
//$cfg['PropertiesNumColumns'] = 2;
/**
* Set to true if you want DB-based query history.If false, this utilizes
* JS-routines to display query history (lost by window close)
*
* This requires configuration storage enabled, see above.
* default = false
*/
//$cfg['QueryHistoryDB'] = true;
/**
* When using DB-based query history, how many entries should be kept?
* default = 25
*/
//$cfg['QueryHistoryMax'] = 100;
/**
* Whether or not to query the user before sending the error report to
* the phpMyAdmin team when a JavaScript error occurs
*
* Available options
* ('ask' | 'always' | 'never')
* default = 'ask'
*/
//$cfg['SendErrorReports'] = 'always';
/**
* 'URLQueryEncryption' defines whether phpMyAdmin will encrypt sensitive data from the URL query string.
* 'URLQueryEncryptionSecretKey' is a 32 bytes long secret key used to encrypt/decrypt the URL query string.
*/
//$cfg['URLQueryEncryption'] = true;
//$cfg['URLQueryEncryptionSecretKey'] = '';
/**
* You can find more configuration options in the documentation
* in the doc/ folder or at <https://docs.phpmyadmin.net/>.
*/
@@ -0,0 +1,11 @@
[Unit]
Description=Copy TLS Certificates for Mariadb
[Service]
Type=oneshot
ExecStartPre=mkdir -p /etc/my.cnf.d/certificates
ExecStart=/bin/bash -lc 'cp /etc/httpd/md/domains/{{ mariadb_vhost }}/*.pem /etc/my.cnf.d/certificates/'
ExecStartPost=chown -R mysql:mysql /etc/my.cnf.d/certificates
[Install]
WantedBy=mariadb.service

Some files were not shown because too many files have changed in this diff Show More