From 42cb1c86c9726a2b3320e5a3b4064be461149082 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 4 Feb 2023 18:17:42 +0000
Subject: [PATCH] roundcube: First draft of role

---
 roles/roundcube/defaults/main.yml             |  2 +
 roles/roundcube/handlers/main.yml             |  6 ++
 roles/roundcube/meta/main.yml                 |  3 +
 roles/roundcube/tasks/main.yml                | 72 +++++++++++++++++++
 roles/roundcube/templates/local.php.j2        |  6 ++
 .../templates/roundcube-container.service.j2  | 18 +++++
 .../roundcube-container.sysconfig.j2          | 11 +++
 7 files changed, 118 insertions(+)
 create mode 100644 roles/roundcube/defaults/main.yml
 create mode 100644 roles/roundcube/handlers/main.yml
 create mode 100644 roles/roundcube/meta/main.yml
 create mode 100644 roles/roundcube/tasks/main.yml
 create mode 100644 roles/roundcube/templates/local.php.j2
 create mode 100644 roles/roundcube/templates/roundcube-container.service.j2
 create mode 100644 roles/roundcube/templates/roundcube-container.sysconfig.j2

diff --git a/roles/roundcube/defaults/main.yml b/roles/roundcube/defaults/main.yml
new file mode 100644
index 0000000..92e7f49
--- /dev/null
+++ b/roles/roundcube/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+roundcube_version: latest
diff --git a/roles/roundcube/handlers/main.yml b/roles/roundcube/handlers/main.yml
new file mode 100644
index 0000000..82b1384
--- /dev/null
+++ b/roles/roundcube/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart roundcube
+  ansible.builtin.systemd:
+    name: roundcube-container
+    daemon_reload: true
+    state: restarted
diff --git a/roles/roundcube/meta/main.yml b/roles/roundcube/meta/main.yml
new file mode 100644
index 0000000..700494e
--- /dev/null
+++ b/roles/roundcube/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: podman}
diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml
new file mode 100644
index 0000000..a3f66ec
--- /dev/null
+++ b/roles/roundcube/tasks/main.yml
@@ -0,0 +1,72 @@
+---
+- name: Create group
+  ansible.builtin.group:
+    name: roundcube
+
+- name: Create user
+  ansible.builtin.user:
+    name: roundcube
+    comment: Podman Roundcube
+    group: roundcube
+    shell: /sbin/nologin
+
+- name: Copy host key
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/roundcube.key"
+    src: "{{ tls_private }}/{{ inventory_hostname }}.key"
+    mode: 0640
+    owner: root
+    group: roundcube
+    remote_src: true
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/roundcube
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create local configuration
+  ansible.builtin.template:
+    dest: /etc/roundcube/local.php
+    src: local.php.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create service config
+  ansible.builtin.template:
+    dest: /etc/sysconfig/roundcube-container
+    src: roundcube-container.sysconfig.j2
+    mode: 0600
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart roundcube
+
+- name: Create service file
+  ansible.builtin.template:
+    dest: /etc/systemd/system/roundcube-container.service
+    src: roundcube-container.service.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart roundcube
+
+- name: Enable service
+  ansible.builtin.service:
+    name: roundcube-container
+    state: started
+    enabled: true
+
+- name: Copy nginx config
+  ansible.builtin.copy:
+    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/roundcube-container.conf
+    content: |
+      location /roundcube/ {
+        proxy_pass http://localhost:8004/;
+      }
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart nginx
diff --git a/roles/roundcube/templates/local.php.j2 b/roles/roundcube/templates/local.php.j2
new file mode 100644
index 0000000..2935f09
--- /dev/null
+++ b/roles/roundcube/templates/local.php.j2
@@ -0,0 +1,6 @@
+<?php
+
+$config["domain"] = "{{ mail_domain }}";
+$config["product_name"] = "foo.sh - Webmail";
+
+?>
diff --git a/roles/roundcube/templates/roundcube-container.service.j2 b/roles/roundcube/templates/roundcube-container.service.j2
new file mode 100644
index 0000000..df01e61
--- /dev/null
+++ b/roles/roundcube/templates/roundcube-container.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=Roundcube Container
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=roundcube
+EnvironmentFile=/etc/sysconfig/roundcube-container
+ExecStart=/usr/bin/podman run \
+    --rm -p 127.0.0.1:8004:80 \
+    --name roundcube \
+    --volume=/etc/roundcube:/var/roundcube/config:ro \
+    --env=ROUNDCUBEMAIL_* docker.io/roundcube/roundcubemail:{{ roundcube_version }}-apache
+ExecStop=/usr/bin/podman stop --ignore roundcube
+ExecStopPost=/usr/bin/podman rm -f --ignore roundcube
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/roundcube/templates/roundcube-container.sysconfig.j2 b/roles/roundcube/templates/roundcube-container.sysconfig.j2
new file mode 100644
index 0000000..2f341e5
--- /dev/null
+++ b/roles/roundcube/templates/roundcube-container.sysconfig.j2
@@ -0,0 +1,11 @@
+ROUNDCUBEMAIL_DEFAULT_HOST=ssl://{{ mail_server }}
+ROUNDCUBEMAIL_DEFAULT_PORT=993
+ROUNDCUBEMAIL_SMTP_SERVER=tls://{{ mail_server }}
+ROUNDCUBEMAIL_SMTP_PORT=587
+
+#ROUNDCUBEMAIL_DB_TYPE=mysql
+#ROUNDCUBEMAIL_DB_HOST=sqldb02.home.foo.sh
+#ROUNDCUBEMAIL_DB_PORT=3306
+#ROUNDCUBEMAIL_DB_USER=roundcube
+#ROUNDCUBEMAIL_DB_PASSWORD="{{ roundcube_mysql_pass }}"
+#ROUNDCUBEMAIL_DB_NAME=roundcube