commit 38129c2455892386eb8c9171c90154192d5480ac Author: Antoine Ouvrard Date: Thu Mar 9 16:44:05 2023 +0100 ajoute les archives diff --git a/ansible-continuous-delivery b/ansible-continuous-delivery new file mode 160000 index 0000000..1dc9b7c --- /dev/null +++ b/ansible-continuous-delivery @@ -0,0 +1 @@ +Subproject commit 1dc9b7cabd751d8727130ac12f3c665f0c14cbc5 diff --git a/ansible-supervision b/ansible-supervision new file mode 160000 index 0000000..9131bfd --- /dev/null +++ b/ansible-supervision @@ -0,0 +1 @@ +Subproject commit 9131bfd65b98bae3306a875e10ba05f4dfc6fd7c diff --git a/ansible_tools/README.md b/ansible_tools/README.md new file mode 100644 index 0000000..2802759 --- /dev/null +++ b/ansible_tools/README.md @@ -0,0 +1,2 @@ +# Dépot de script ansible + diff --git a/ansible_tools/group_vars/all/vars b/ansible_tools/group_vars/all/vars new file mode 100644 index 0000000..f1a3ed4 --- /dev/null +++ b/ansible_tools/group_vars/all/vars @@ -0,0 +1 @@ +ansible_python_interpreter: /usr/bin/python3 diff --git a/ansible_tools/host_vars/cd66-zms1/main.yml b/ansible_tools/host_vars/cd66-zms1/main.yml new file mode 100644 index 0000000..8450494 --- /dev/null +++ b/ansible_tools/host_vars/cd66-zms1/main.yml @@ -0,0 +1,2 @@ +--- +zimbraSkinLoginBackgroundImage: "https://www.ledepartement66.fr/wp-content/uploads/2022/09/ValeursEnFete-Oct2022-Couverture-Zimbra-2100x1400px-scaled.jpg" diff --git a/ansible_tools/host_vars/cd66-zms2/main.yml b/ansible_tools/host_vars/cd66-zms2/main.yml new file mode 100644 index 0000000..8450494 --- /dev/null +++ b/ansible_tools/host_vars/cd66-zms2/main.yml @@ -0,0 +1,2 @@ +--- +zimbraSkinLoginBackgroundImage: "https://www.ledepartement66.fr/wp-content/uploads/2022/09/ValeursEnFete-Oct2022-Couverture-Zimbra-2100x1400px-scaled.jpg" diff --git a/ansible_tools/host_vars/cd66-zms3/main.yml b/ansible_tools/host_vars/cd66-zms3/main.yml new file mode 100644 index 0000000..8450494 --- /dev/null +++ b/ansible_tools/host_vars/cd66-zms3/main.yml @@ -0,0 +1,2 @@ +--- +zimbraSkinLoginBackgroundImage: "https://www.ledepartement66.fr/wp-content/uploads/2022/09/ValeursEnFete-Oct2022-Couverture-Zimbra-2100x1400px-scaled.jpg" diff --git a/ansible_tools/host_vars/zimbra-labs-antoine/main.yml b/ansible_tools/host_vars/zimbra-labs-antoine/main.yml new file mode 100644 index 0000000..5aa0b8f --- /dev/null +++ b/ansible_tools/host_vars/zimbra-labs-antoine/main.yml @@ -0,0 +1,6 @@ +--- +zimbraMailDomain: "zimbrantoine.zextras.lan" +zimbraSkinLogoURL: "https://bal.groupechevalier.fr" +zimbraSkinLogoAppBanner: "/logos/Groupe-Chevalier-200x35.png" +zimbraSkinLogoLoginBanner: "/logos/Groupe-Chevalier-320x80.png" +zimbraSkinLoginBackgroundImage: "https://www.ledepartement66.fr/wp-content/uploads/2022/09/ValeursEnFete-Oct2022-Couverture-Zimbra-2100x1400px-scaled.jpg" diff --git a/ansible_tools/host_vars/zimbraluis/main.yml b/ansible_tools/host_vars/zimbraluis/main.yml new file mode 100644 index 0000000..14000c7 --- /dev/null +++ b/ansible_tools/host_vars/zimbraluis/main.yml @@ -0,0 +1,15 @@ +--- +# Config global + +ignoreip: "127.0.0.1/8 192.168.73.60/32" +destmail: "admin@zimbraluis.zextras.lan" +sendername: "Fail2ban" +sendermail: "fail2ban@zimbraluis.zextras.lan" + +bantime_account: "600" +findtime_account: "1200" +maxretry_account: "3" + +bantime_postfix: "600" +findtime_postfix: "1200" +maxretry_postfix: "3" \ No newline at end of file diff --git a/ansible_tools/inventory b/ansible_tools/inventory new file mode 100644 index 0000000..d9882ba --- /dev/null +++ b/ansible_tools/inventory @@ -0,0 +1,8 @@ +zimbra-labs-antoine ansible_user=antoine ansible_host=192.168.73.63 ansible_become=true +[cd66-zms] +cd66-zms1 ansible_become=true +cd66-zms2 ansible_become=true +cd66-zms3 ansible_become=true + +mairie-lateste +zimbraluis ansible_user=zimbraluis ansible_host=zimbraluis.zextras.lan ansible_become=true ansible_sudo_pass=zimbraluis diff --git a/ansible_tools/playbook.yml b/ansible_tools/playbook.yml new file mode 100644 index 0000000..1f952da --- /dev/null +++ b/ansible_tools/playbook.yml @@ -0,0 +1,34 @@ +--- +- name: Zimbra Lab Antoine + hosts: zimbra-labs-antoine + roles: + - role: prerequis + - role: set-global-logo + tags: set-global-logo + - role: set-zextras-custom-login-page + tags: set-zxt-custom-login-page + - role: set-zextras-login-logo + tags: set-zextras-login-logo + - role: set-zextras-global-login-logo + tags: set-zextras-global-login-logo + - role: set-zextras-theme + tags: set-zextras-theme + + +- name: Zimbra CD66 + hosts: cd66-zms + roles: + - role: set-zextras-global-login-logo + tags: cd66-zextras-global-login-logo + +- name: Mairie-Lateste + hosts: mairie-lateste + roles: + - role: set-zextras-theme + tags: set-zextras-theme-lateste + +- name: Lab Fail2ban + hosts: zimbraluis + roles: + - role: set-fail2ban + tags: set-fail2ban diff --git a/ansible_tools/roles/prerequis/handlers/main.yml b/ansible_tools/roles/prerequis/handlers/main.yml new file mode 100644 index 0000000..7cf6198 --- /dev/null +++ b/ansible_tools/roles/prerequis/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Update timezone + ansible.builtin.command: dpkg-reconfigure --frontend noninteractive tzdata diff --git a/ansible_tools/roles/prerequis/tasks/main.yml b/ansible_tools/roles/prerequis/tasks/main.yml new file mode 100644 index 0000000..df01f35 --- /dev/null +++ b/ansible_tools/roles/prerequis/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# Set Timezone +- name: Set timezone variables + ansible.builtin.copy: + content: 'Europe/Paris' + dest: /etc/timezone + owner: root + group: root + mode: 0644 + backup: true + force: false + notify: + - Update timezone + +# Disable ipv6 +- name: Checking GRUB cmdline + ansible.builtin.shell: "grep 'GRUB_CMDLINE_LINUX_DEFAULT=.*ipv6.disable=1.*' /etc/default/grub" + register: grub_cfg_grep + changed_when: false + failed_when: false + +- name: Disable IPV6 on GRUB cmdline + ansible.builtin.replace: + path: '/etc/default/grub' + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="((\w.?)*)"$' + replace: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 ipv6.disable=1"' + when: '"ipv6.disable=1" not in grub_cfg_grep.stdout' + +# Remove snap +- name: Stop service snap, if running + ansible.builtin.systemd: + name: snapd + state: stopped + register: unused_disable # on enregistre le retour de la commande pour déclencher l'arret que si le service existe + failed_when: "unused_disable is failed and ('find' not in unused_disable.msg and 'found' not in unused_disable.msg)" + +- name: Uninstall + ansible.builtin.apt: + pkg: + - snapd + - gnome-software-plugin-snap + state: absent + purge: true + +- name: Delete snap directory + ansible.builtin.file: + path: + - ~/snap/ + - /var/cache/snapd/ + state: absent + +# Install LibreOffice +- name: Apt Install Prerequis + ansible.builtin.apt: + update_cache: true + name: + - libreoffice + - net-tools diff --git a/ansible_tools/roles/set-fail2ban/handlers/main.yml b/ansible_tools/roles/set-fail2ban/handlers/main.yml new file mode 100644 index 0000000..c98b495 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Reload fail2ban + ansible.builtin.systemd: + name: fail2ban + state: reload + enabled: true \ No newline at end of file diff --git a/ansible_tools/roles/set-fail2ban/tasks/main.yml b/ansible_tools/roles/set-fail2ban/tasks/main.yml new file mode 100644 index 0000000..778a8b0 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Installing Fail2ban + ansible.builtin.apt: + update_cache: yes + name: fail2ban + +- name: Copy {{ item.src }} config + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: 0644 + backup: yes + loop: + - { src: 'jail.conf.ubuntu.j2', dest: '/etc/fail2ban/jail.conf' } + - { src: 'zimbra.conf.ubuntu.j2', dest: '/etc/fail2ban/filter.d/zimbra.conf' } + - { src: 'zimbra-postfix.conf.ubuntu.j2', dest: '/etc/fail2ban/filter.d/zimbra-postfix.conf' } + - { src: 'sendmail.conf.ubuntu.j2', dest: '/etc/fail2ban/action.d/sendmail.conf' } + - { src: 'sendmail-common.conf.ubuntu.j2', dest: '/etc/fail2ban/action.d/sendmail-common.conf' } + #notify: Reload fail2ban diff --git a/ansible_tools/roles/set-fail2ban/templates/jail.conf.ubuntu.j2 b/ansible_tools/roles/set-fail2ban/templates/jail.conf.ubuntu.j2 new file mode 100644 index 0000000..5a4abad --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/templates/jail.conf.ubuntu.j2 @@ -0,0 +1,30 @@ +# Fail2Ban configuration file +# + +[DEFAULT] +ignoreip = {{ ignoreip }} +bantime = 86400 +findtime = 1200 +maxretry = 5 + +backend = auto + +[zimbra-account] +enabled = true +filter = zimbra +action = iptables-allports[name=zimbra-account] + sendmail[name=zimbra-account, dest={{ destmail }}] +logpath = /opt/zimbra/log/mailbox.log +bantime = {{ bantime_account }} +findtime = {{ findtime_account }} +maxretry = {{ maxretry_account }} + +[zimbra-postfix] +enabled = true +filter = zimbra-postfix +action = iptables-allports[name=zimbra-postfix] + sendmail[name=zimbra-postfix, dest={{ destmail }}] +logpath = /var/log/zimbra.log +bantime = {{ bantime_postfix }} +findtime = {{ findtime_postfix }} +maxretry = {{ maxretry_postfix }} diff --git a/ansible_tools/roles/set-fail2ban/templates/sendmail-common.conf.ubuntu.j2 b/ansible_tools/roles/set-fail2ban/templates/sendmail-common.conf.ubuntu.j2 new file mode 100644 index 0000000..040b533 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/templates/sendmail-common.conf.ubuntu.j2 @@ -0,0 +1,73 @@ +# Fail2Ban configuration file +# +# Common settings for sendmail actions +# +# Users can override the defaults in sendmail-common.local + +[INCLUDES] + +after = sendmail-common.local + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = printf %%b "Subject: [Fail2Ban] : started on + Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The jail has been started successfully.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = printf %%b "Subject: [Fail2Ban] : stopped on + Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The jail has been stopped.\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] + +# Recipient mail address +# +dest = {{ destmail }} + +# Sender mail address +# +sender = {{ sendermail }} + +# Sender display name +# +sendername = {{ sendername }} diff --git a/ansible_tools/roles/set-fail2ban/templates/sendmail.conf.ubuntu.j2 b/ansible_tools/roles/set-fail2ban/templates/sendmail.conf.ubuntu.j2 new file mode 100644 index 0000000..30d48b4 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/templates/sendmail.conf.ubuntu.j2 @@ -0,0 +1,36 @@ +# Fail2Ban configuration file +# +# Author: Cyril Jaquier +# +# + +[INCLUDES] + +before = sendmail-common.conf + +[Definition] + +# bypass ban/unban for restored tickets +norestored = 1 + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "Subject: [Fail2Ban] : banned from + Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n + Regards,\n + Fail2Ban" | /opt/zimbra/common/sbin/sendmail + +[Init] + +# Default name of the chain +# +name = default diff --git a/ansible_tools/roles/set-fail2ban/templates/zimbra-postfix.conf.ubuntu.j2 b/ansible_tools/roles/set-fail2ban/templates/zimbra-postfix.conf.ubuntu.j2 new file mode 100644 index 0000000..16f0740 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/templates/zimbra-postfix.conf.ubuntu.j2 @@ -0,0 +1,5 @@ +[Definition] + +failregex = (?i): warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w + +ignoreregex = diff --git a/ansible_tools/roles/set-fail2ban/templates/zimbra.conf.ubuntu.j2 b/ansible_tools/roles/set-fail2ban/templates/zimbra.conf.ubuntu.j2 new file mode 100644 index 0000000..8251337 --- /dev/null +++ b/ansible_tools/roles/set-fail2ban/templates/zimbra.conf.ubuntu.j2 @@ -0,0 +1,11 @@ +[Definition] + +failregex = \[ip=;\] account - authentication failed for .* \(no such account\)$ + \[ip=;\] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$ + \;oip=;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$ + \[oip=;.* SoapEngine - handler exception: authentication failed for .*, account not found$ + \WARN .*;ip=;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$ + \;oip=;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* missing userPassword;$ + \;oip=;.* SoapEngine - handler exception: authentication failed for .*, invalid password;$ + \;oip=;.* account - Error occurred during authentication: authentication failed for .* ;$ +ignoreregex = diff --git a/ansible_tools/roles/set-global-logo/handlers/main.yml b/ansible_tools/roles/set-global-logo/handlers/main.yml new file mode 100644 index 0000000..24fcfa0 --- /dev/null +++ b/ansible_tools/roles/set-global-logo/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Restart Mailbox + ansible.builtin.command: sudo -u zimbra /opt/zimbra/bin/zmmailboxdctl restart diff --git a/ansible_tools/roles/set-global-logo/tasks/main.yml b/ansible_tools/roles/set-global-logo/tasks/main.yml new file mode 100644 index 0000000..8bf86bd --- /dev/null +++ b/ansible_tools/roles/set-global-logo/tasks/main.yml @@ -0,0 +1,61 @@ +--- +- name: Vérification de la présence des paramètres d'entrées dans les variables + ansible.builtin.fail: + msg: | + la variable {{ item }} est obligatoire pour + utiliser le role set-logo. + Veuillez la rajouter dans les host_vars + when: + - item is not defined + loop: + - zimbraSkinLogoURL + - zimbraSkinLogoAppBanner + - zimbraSkinLogoLoginBanner + +## zimbraSkinLogoURL +- name: Récup param - zmprov gacf zimbraSkinLogoURL + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gacf zimbraSkinLogoURL | awk '{print $2}' + register: gcf + changed_when: false + args: + executable: /bin/bash + +- name: Set param - zmprov mcf zimbraSkinLogoURL + ansible.builtin.command: "/opt/zimbra/bin/zmprov mcf zimbraSkinLogoURL {{ zimbraSkinLogoURL }}" + when: gcf.stdout != zimbraSkinLogoURL + notify: + - Restart Mailbox + +## zimbraSkinLogoAppBanner +- name: Get param - zmprov gacf zimbraSkinLogoAppBanner + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gacf zimbraSkinLogoAppBanner | awk '{print $2}' + register: gcf + changed_when: false + args: + executable: /bin/bash + +- name: Set param - zmprov mcf zimbraSkinLogoAppBanner + ansible.builtin.command: "/opt/zimbra/bin/zmprov mcf zimbraSkinLogoAppBanner {{ zimbraSkinLogoAppBanner }}" + when: gcf.stdout != zimbraSkinLogoAppBanner + notify: + - Restart Mailbox + +## zimbraSkinLogoLoginBanner +- name: Get param - zmprov gacf zimbraSkinLogoLoginBanner + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gacf zimbraSkinLogoLoginBanner | awk '{print $2}' + register: gcf + changed_when: false + args: + executable: /bin/bash + +- name: Set param - zmprov mcf zimbraSkinLogoLoginBanner + ansible.builtin.command: "/opt/zimbra/bin/zmprov mcf zimbraSkinLogoLoginBanner {{ zimbraSkinLogoLoginBanner }}" + when: gcf.stdout != zimbraSkinLogoLoginBanner + notify: + - Restart Mailbox diff --git a/ansible_tools/roles/set-zextras-custom-login-page/tasks/check_param.yml b/ansible_tools/roles/set-zextras-custom-login-page/tasks/check_param.yml new file mode 100644 index 0000000..b8a0893 --- /dev/null +++ b/ansible_tools/roles/set-zextras-custom-login-page/tasks/check_param.yml @@ -0,0 +1,63 @@ +--- +- name: Check input variable + ansible.builtin.fail: + msg: | + la variable zimbraMailDomain est obligatoire pour + utiliser le role set-logo. + Veuillez la rajouter dans les host_vars + when: + - zimbraMailDomain is not defined + +- name: Check param - zmprov gd zimbraPublicServiceHostname + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gd {{ zimbraMailDomain }} zimbraPublicServiceHostname | sed -n 2p | awk '{print $2}' + register: zps_hostname + changed_when: false + args: + executable: /bin/bash + +- name: Stop run if zimbraPublicServiceHostname param not set + ansible.builtin.fail: + msg: | + Veuillez d'abord renseigner + la configuration zimbraPublicServiceHostname + du domaine {{ zimbraMailDomain }} + when: + - zps_hostname.stdout == "" + +- name: Check param - zmprov gd zimbraPublicServiceProtocol + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gd {{ zimbraMailDomain }} zimbraPublicServiceProtocol | sed -n 2p | awk '{print $2}' + register: zps_protocol + changed_when: false + args: + executable: /bin/bash + +- name: Stop run if zimbraPublicServiceProtocol param not set + ansible.builtin.fail: + msg: | + Veuillez d'abord renseigner + la configuration zimbraPublicServiceProtocol + du domaine {{ zimbraMailDomain }} + when: + - zps_protocol.stdout == "" + +- name: Check param - zmprov gd zimbraPublicServicePort + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zmprov gd {{ zimbraMailDomain }} zimbraPublicServicePort | sed -n 2p | awk '{print $2}' + register: zps_port + changed_when: false + args: + executable: /bin/bash + +- name: Stop run if zimbraPublicServicePort param not set + ansible.builtin.fail: + msg: | + Veuillez d'abord renseigner + la configuration zimbraPublicServicePort + du domaine {{ zimbraMailDomain }} + when: + - zps_port.stdout == "" diff --git a/ansible_tools/roles/set-zextras-custom-login-page/tasks/main.yml b/ansible_tools/roles/set-zextras-custom-login-page/tasks/main.yml new file mode 100644 index 0000000..4a7968c --- /dev/null +++ b/ansible_tools/roles/set-zextras-custom-login-page/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: Check required parameters + include_tasks: check_param.yml + +- name: Set zextras login page + ansible.builtin.command: "/opt/zimbra/bin/zmprov + md {{ zimbraMailDomain }} \ + zimbraAuthMech custom:zx \ + zimbraWebClientLoginURL /zx/login/page/?domain={{ zimbraMailDomain }} \ + zimbraWebClientLogoutURL /zx/auth/logout/" + changed_when: true diff --git a/ansible_tools/roles/set-zextras-global-login-logo/tasks/main.yml b/ansible_tools/roles/set-zextras-global-login-logo/tasks/main.yml new file mode 100644 index 0000000..191f550 --- /dev/null +++ b/ansible_tools/roles/set-zextras-global-login-logo/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Vérification de la présence des paramètres d'entrées dans les variables + ansible.builtin.fail: + msg: | + la variable {{ item }} est obligatoire pour + utiliser le role set-logo. + Veuillez la rajouter dans les host_vars + when: + - item is not defined + loop: + - zimbraSkinLoginBackgroundImage + +- name: Get param - zxsuite auth loginPage getBackgroundImage global + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zxsuite auth loginPage getBackgroundImage global + register: logo_path + changed_when: false + args: + executable: /bin/bash + +- name: Set param - zxsuite auth loginPage setBackgroundImage + ansible.builtin.command: "/opt/zimbra/bin/zxsuite auth loginPage setBackgroundImage global {{ zimbraSkinLoginBackgroundImage }}" + when: logo_path.stdout != zimbraSkinLoginBackgroundImage diff --git a/ansible_tools/roles/set-zextras-login-logo/tasks/main.yml b/ansible_tools/roles/set-zextras-login-logo/tasks/main.yml new file mode 100644 index 0000000..ebf65d5 --- /dev/null +++ b/ansible_tools/roles/set-zextras-login-logo/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Vérification de la présence des paramètres d'entrées dans les variables + ansible.builtin.fail: + msg: | + la variable {{ item }} est obligatoire pour + utiliser le role set-logo. + Veuillez la rajouter dans les host_vars + when: + - item is not defined + loop: + - zimbraMailDomain + - zimbraSkinLogoLoginBanner + +- name: Get param - zxsuite auth loginPage getLogo + ansible.builtin.shell: | + set -e -o pipefail + /opt/zimbra/bin/zxsuite auth loginPage getLogo domain {{ zimbraMailDomain }} + register: logo_path + changed_when: false + args: + executable: /bin/bash + +- name: Set param - zxsuite auth loginPage setLogo + ansible.builtin.command: "/opt/zimbra/bin/zxsuite auth loginPage setLogo domain {{ zimbraMailDomain }} {{ zimbraSkinLogoLoginBanner }}" + when: logo_path.stdout != zimbraSkinLogoLoginBanner diff --git a/ansible_tools/roles/set-zextras-theme/handlers/main.yml b/ansible_tools/roles/set-zextras-theme/handlers/main.yml new file mode 100644 index 0000000..24fcfa0 --- /dev/null +++ b/ansible_tools/roles/set-zextras-theme/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Restart Mailbox + ansible.builtin.command: sudo -u zimbra /opt/zimbra/bin/zmmailboxdctl restart diff --git a/ansible_tools/roles/set-zextras-theme/tasks/main.yml b/ansible_tools/roles/set-zextras-theme/tasks/main.yml new file mode 100644 index 0000000..99c2e21 --- /dev/null +++ b/ansible_tools/roles/set-zextras-theme/tasks/main.yml @@ -0,0 +1,19 @@ +--- +- name: Check if Zextras theme is present + ansible.builtin.stat: + path: /opt/zimbra/jetty/webapps/zimbra/skins/zextras/zextras.css + register: zextras_theme_present + +- name: Download Zextras Theme Installer + ansible.builtin.unarchive: + src: http://download.zextras.com/zextras-theme-installer/latest/zextras-theme-ubuntu.tgz + dest: /tmp/ + remote_src: true + when: not zextras_theme_present.stat.exists + +- name: Install le theme zextras + ansible.builtin.apt: + deb: "/tmp/zextras-theme-installer/packages/zextras-theme_1.0.1_amd64.deb" + when: not zextras_theme_present.stat.exists + notify: + - Restart Mailbox diff --git a/ansible_tools/roles/update-package-system/tasks/main.yml b/ansible_tools/roles/update-package-system/tasks/main.yml new file mode 100644 index 0000000..3cd4341 --- /dev/null +++ b/ansible_tools/roles/update-package-system/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: Update et upgrade package system Ubuntu + ansible.builtin.apt: + update_cache: yes + upgrade: yes \ No newline at end of file diff --git a/generate_zm_preauth_bash_pass b/generate_zm_preauth_bash_pass new file mode 160000 index 0000000..4100e89 --- /dev/null +++ b/generate_zm_preauth_bash_pass @@ -0,0 +1 @@ +Subproject commit 4100e89f69d139727fb9233054a0e7f45fceb3ad