Add Roundcube webmail.

states/certificates/dehydrated/domains.txt

@@ -3,7 +3,7 @@ lunch.org.uk www.lunch.org.uk
 git.lunch.org.uk
 hg.lunch.org.uk
 jenkins.lunch.org.uk
-mail.lunch.org.uk
+mail.lunch.org.uk webmail.lunch.org.uk
 lists.lunch.org.uk lists.cryhavoc.org.uk
 cryhavoc.org.uk www.cryhavoc.org.uk
 dottes.cryhavoc.org.uk

states/webmail/init.sls

@@ -0,0 +1,28 @@
+roundcube_package:
+  pkg.installed:
+    - pkgs:
+      - roundcube-sqlite3
+      - roundcube-plugins
+
+roundcube_config:
+  file.managed:
+    - name: /etc/roundcube/config.inc.php
+    - source: salt://webmail/roundcube_config.inc.php
+
+roundcube_web:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates
+    - names:
+      - /etc/apache2/sites-available/webmail.lunch.org.uk.conf:
+        - source: salt://webmail/webmail.lunch.org.uk.conf
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/webmail.lunch.org.uk.conf
+    - name: webmail.lunch.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/webmail.lunch.org.uk.conf

states/webmail/roundcube_config.inc.php

@@ -0,0 +1,94 @@
+<?php
+
+/*
++-----------------------------------------------------------------------+
+| Local configuration for the Roundcube Webmail installation.           |
+|                                                                       |
+| This is a sample configuration file only containing the minimum       |
+| setup required for a functional installation. Copy more options       |
+| from defaults.inc.php to this file to override the defaults.          |
+|                                                                       |
+| This file is part of the Roundcube Webmail client                     |
+| Copyright (C) 2005-2013, The Roundcube Dev Team                       |
+|                                                                       |
+| Licensed under the GNU General Public License version 3 or            |
+| any later version with exceptions for skins & plugins.                |
+| See the README file for a full license statement.                     |
++-----------------------------------------------------------------------+
+*/
+
+$config = array();
+
+/* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
+include_once("/etc/roundcube/debian-db-roundcube.php");
+
+// The IMAP host chosen to perform the log-in.
+// Leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// Supported replacement variables:
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['default_host'] = 'tls://mail.lunch.org.uk';
+
+// IMAP authentication method (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null).
+// Use 'IMAP' to authenticate with IMAP LOGIN command.
+// By default the most secure method (from supported) will be selected.
+$config['imap_auth_type'] = PLAIN;
+
+// SMTP server host (for sending mails).
+// Enter hostname with prefix tls:// to use STARTTLS, or use
+// prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - hostname ($_SERVER['SERVER_NAME'])
+// %t - hostname without the first part
+// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %t = domain.tld
+$config['smtp_server'] = 'tls://mail.lunch.org.uk';
+
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$config['smtp_port'] = 587;
+
+// SMTP username (if required) if you use %u as the username Roundcube
+// will use the current username for login
+$config['smtp_user'] = '%u';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$config['smtp_pass'] = '%p';
+
+// provide an URL where a user can get support for this Roundcube installation
+// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+$config['support_url'] = 'www.lunch.org.uk';
+
+// Name your service. This is displayed on the login screen and in the window title
+$config['product_name'] = 'Roundcube Webmail';
+
+// this key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
+// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
+$config['des_key'] = 'FldHc6uUuXtXN4th574aoCWl';
+
+// List of active plugins (in plugins/ directory)
+// Debian: install roundcube-plugins first to have any
+$config['plugins'] = array(
+'archive',
+'password',
+'zipdownload',
+);
+
+// skin name: folder from skins/
+$config['skin'] = 'larry';
+//$config['skin'] = 'classic';
+
+// Disable spellchecking
+// Debian: spellshecking needs additional packages to be installed, or calling external APIs
+//         see defaults.inc.php for additional informations
+$config['enable_spellcheck'] = false;

states/webmail/webmail.lunch.org.uk.conf

@@ -0,0 +1,79 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName webmail.lunch.org.uk
+
+        ErrorLog /var/log/apache2/webmail-error.log
+        CustomLog /var/log/apache2/webmail-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        Alias / /var/lib/roundcube/
+        <Directory /var/lib/roundcube/>
+          Options +FollowSymLinks
+          # This is needed to parse /var/lib/roundcube/.htaccess. See its
+          # content before setting AllowOverride to None.
+          AllowOverride All
+          <IfVersion >= 2.3>
+            Require all granted
+          </IfVersion>
+          <IfVersion < 2.3>
+            Order allow,deny
+            Allow from all
+          </IfVersion>
+        </Directory>
+
+        # Protecting basic directories:
+        <Directory /var/lib/roundcube/config>
+                Options -FollowSymLinks
+                AllowOverride None
+        </Directory>
+
+        <Directory /var/lib/roundcube/temp>
+                Options -FollowSymLinks
+                AllowOverride None
+                <IfVersion >= 2.3>
+                  Require all denied
+                </IfVersion>
+                <IfVersion < 2.3>
+                  Order allow,deny
+                  Deny from all
+                </IfVersion>
+        </Directory>
+
+        <Directory /var/lib/roundcube/logs>
+                Options -FollowSymLinks
+                AllowOverride None
+                <IfVersion >= 2.3>
+                  Require all denied
+                </IfVersion>
+                <IfVersion < 2.3>
+                  Order allow,deny
+                  Deny from all
+                </IfVersion>
+        </Directory>
+
+	SSLEngine on
+	SSLCertificateFile /var/lib/dehydrated/certs/mail.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/lib/dehydrated/certs/mail.lunch.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName webmail.lunch.org.uk
+
+        ErrorLog /var/log/apache2/webmail-error.log
+        CustomLog /var/log/apache2/webmail-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+
+                RewriteRule ^/?(.*) https://webmail.lunch.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>